aws · lydiafilipe · Mar 28, 2022 · Mar 24, 2022
diff --git a/Makefile b/Makefile
@@ -48,6 +48,9 @@ static:
 static-init:
 	./scripts/gobuild.sh
 
+static-with-pause:
+	./scripts/build true "" false true
+
 # Cross-platform build target for static checks
 xplatform-build:
 	GOOS=linux GOARCH=arm64 ./scripts/build true "" false
@@ -411,6 +414,22 @@ build-mock-images-init:
 	docker build -t "test.localhost/amazon/wants-update" -f "scripts/dockerfiles/wants-update.dockerfile" .
 	docker build -t "test.localhost/amazon/exit-success" -f "scripts/dockerfiles/exit-success.dockerfile" .
 
+# Dockerfree targets
+# TODO: arm
+dockerfree-pause:
+	GOOS=linux GOARCH=amd64 ./scripts/build-pause
+
+dockerfree-certs:
+	GOOS=linux GOARCH=amd64 ./scripts/get-host-certs
+
+dockerfree-cni-plugins: get-cni-sources
+	GOOS=linux GOARCH=amd64 ./scripts/build-cni-plugins
+
+dockerfree-agent-image: dockerfree-pause dockerfree-certs dockerfree-cni-plugins static-with-pause
+	GOOS=linux GOARCH=amd64 ./scripts/build-agent-image
+
+dockerfree-all: dockerfree-agent-image rpm
+
 clean:
 	# ensure docker is running and we can talk to it, abort if not:
 	docker ps > /dev/null
@@ -449,3 +468,9 @@ clean:
 	-rm -f ./amazon-ecs-init_${VERSION}*
 	-rm -f .srpm-done .rpm-done
 	-rm -rf coverprofile-init.out
+	-rm -f misc/certs/host-certs.crt &> /dev/null
+	-rm -rf misc/pause-container/image/
+	-rm -rf misc/pause-container/rootfs/
+	-rm -rf misc/plugins/
+	-rm -f misc/pause-container/amazon-ecs-pause.tar
+	-rm -rf rootfs/
diff --git a/agent-container/agent-config.json b/agent-container/agent-config.json
@@ -0,0 +1 @@
+{"author":"Amazon Web Services, Inc.","config":{"Cmd":["/agent"],"ArgsEscaped":true},"created":"~~timestamp~~","history":[{"created":"~~timestamp~~","author":"Amazon Web Services, Inc.","created_by":"p=np","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:~~digest~~"]}}
diff --git a/agent-container/agent-image-VERSION b/agent-container/agent-image-VERSION
@@ -0,0 +1 @@
+1.0
diff --git a/agent-container/agent-manifest.json b/agent-container/agent-manifest.json
@@ -0,0 +1 @@
+[{"Config":"config.json","RepoTags":["amazon/amazon-ecs-agent:~~agentversion~~"],"Layers":["rootfs/layer.tar"]}]
diff --git a/agent-container/agent-repositories b/agent-container/agent-repositories
@@ -0,0 +1 @@
+{"amazon/amazon-ecs-agent":{"amazon-ecs":"rootfs"}}
diff --git a/misc/pause-container/pause-config.json b/misc/pause-container/pause-config.json
@@ -0,0 +1 @@
+{"author":"Amazon Web Services, Inc.","config":{"Cmd":["/pause"],"ArgsEscaped":true},"created":"2014-12-12T01:12:53.332832423Z","history":[{"created":"2014-12-12T01:12:53.332832423Z","author":"Amazon Web Services, Inc.","created_by":"p=np","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:~~digest~~"]}}
diff --git a/misc/pause-container/pause-image-VERSION b/misc/pause-container/pause-image-VERSION
@@ -0,0 +1 @@
+1.0
diff --git a/misc/pause-container/pause-manifest.json b/misc/pause-container/pause-manifest.json
@@ -0,0 +1 @@
+[{"Config":"config.json","RepoTags":["amazon/amazon-ecs-pause:0.1.0"],"Layers":["rootfs/layer.tar"]}]
diff --git a/misc/pause-container/pause-repositories b/misc/pause-container/pause-repositories
@@ -0,0 +1 @@
+{"amazon/amazon-ecs-pause":{"amazon-ecs":"rootfs"}}
diff --git a/scripts/build b/scripts/build
@@ -25,6 +25,11 @@ set -ex
 static=${1:-true}
 output_directory=${2:-}
 version_gen=${3:-true}
+with_pause=${4:-false}
+
+PAUSE_CONTAINER_IMAGE="amazon/amazon-ecs-pause"
+PAUSE_CONTAINER_TAG="0.1.0"
+PAUSE_CONTAINER_TARBALL="amazon-ecs-pause.tar"
 
 # Normalize to working directory being build root (up one level from ./scripts)
 ROOT=$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )
@@ -40,6 +45,10 @@ if [[ "${version_gen}" == "true" ]]; then
   go run gen/version-gen.go
 fi
 
+if [[ "${with_pause}" == "true" ]]; then
+    LDFLAGS="-X github.com/aws/amazon-ecs-agent/agent/config.DefaultPauseContainerTag=$PAUSE_CONTAINER_TAG -X github.com/aws/amazon-ecs-agent/agent/config.DefaultPauseContainerImageName=$PAUSE_CONTAINER_IMAGE"
+fi
+
 if [ "${TARGET_OS}" == "windows" ]; then
     unset static
     build_exe="out/amazon-ecs-agent.exe"

diff --git a/scripts/build-agent-image b/scripts/build-agent-image
@@ -0,0 +1,56 @@
+#!/bin/bash
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may
+# not use this file except in compliance with the License. A copy of the
+# License is located at
+#
+#	http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is distributed
+# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+# express or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+# This script builds a copy of the agent.
+# It exists to wrap go build and properly make a static binary, as well as to
+# correctly setup versioning before creating the binary
+
+set -ex
+
+ROOT=$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )
+cd "${ROOT}"
+AGENT_VERSION=$(cat VERSION)
+
+# add cni-plugins
+mkdir -p rootfs/amazon-ecs-cni-plugins/
+cp ./misc/plugins/aws-appmesh rootfs/amazon-ecs-cni-plugins/aws-appmesh
+cp ./misc/plugins/ecs-bridge rootfs/amazon-ecs-cni-plugins/ecs-bridge
+cp ./misc/plugins/ecs-eni rootfs/amazon-ecs-cni-plugins/ecs-eni
+cp ./misc/plugins/ecs-ipam rootfs/amazon-ecs-cni-plugins/ecs-ipam
+cp ./misc/plugins/vpc-branch-eni rootfs/amazon-ecs-cni-plugins/vpc-branch-eni
+
+# add certs
+mkdir -p rootfs/etc/ssl/certs/
+cp ./misc/certs/host-certs.crt rootfs/etc/ssl/certs/ca-certificates.crt
+
+# add pause container
+mkdir -p rootfs/images/
+cp ./misc/pause-container/amazon-ecs-pause.tar rootfs/images/amazon-ecs-pause.tar
+
+# add agent
+cp ./out/amazon-ecs-agent rootfs/agent
+
+# build container
+mkdir -p image/rootfs
+tar --mtime="@1492525740" --owner=0 --group=0 --numeric-owner -cf image/rootfs/layer.tar -C rootfs .
+DIGEST=$(sha256sum image/rootfs/layer.tar | sed -e 's/ .*//')
+install -m 0644 ./agent-container/agent-image-VERSION image/rootfs/VERSION
+install -m 0644 ./agent-container/agent-config.json image/config.json
+sed -i "s/~~digest~~/${DIGEST}/" image/config.json
+sed -i "s/~~timestamp~~/$(date +"%FT%T.%NZ")/g" image/config.json
+install -m 0644 ./agent-container/agent-manifest.json image/manifest.json
+sed -i "s/~~agentversion~~/${AGENT_VERSION}/" image/manifest.json
+install -m 0644 ./agent-container/agent-repositories image/repositories
+tar --mtime="@1492525740" --owner=0 --group=0 --numeric-owner -cf ./ecs-agent-v${AGENT_VERSION}.tar -C image .
+rm -rf image/
diff --git a/scripts/build-cni-plugins b/scripts/build-cni-plugins
@@ -0,0 +1,31 @@
+#!/bin/bash
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may
+# not use this file except in compliance with the License. A copy of the
+# License is located at
+#
+#	http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is distributed
+# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+# express or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+# this script builds the ecs/vpc cni plugins from the submodules
+# by copying them out of agent into their expected location in the
+# gopath
+
+set -ex
+
+ROOT=$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )
+cd "${ROOT}"
+# copy submodules to expected go build path github.com/aws/amazon-ecs-cni-plugins
+cp -r amazon-ecs-cni-plugins ../amazon-ecs-cni-plugins
+cp -r amazon-vpc-cni-plugins ../amazon-vpc-cni-plugins
+cd ../amazon-ecs-cni-plugins && GO111MODULE=auto make plugins
+mkdir -p ../amazon-ecs-agent/misc/plugins && cp -a ./bin/plugins/. ../amazon-ecs-agent/misc/plugins/
+make clean
+cd ../amazon-vpc-cni-plugins && GO111MODULE=auto make build
+cp -a ./build/linux_amd64/. ../amazon-ecs-agent/misc/plugins/
+make clean
diff --git a/scripts/build-pause b/scripts/build-pause
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may
+# not use this file except in compliance with the License. A copy of the
+# License is located at
+#
+#	http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is distributed
+# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+# express or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+# This script builds the pause container without Docker
+# The pause container configuration is static, except for the DIGEST
+
+set -ex
+
+ROOT=$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )
+cd "${ROOT}/misc/pause-container"
+mkdir -p rootfs/
+gcc -static pause.c -o rootfs/pause
+mkdir -p image/rootfs
+tar --mtime="@1492525740" --owner=0 --group=0 --numeric-owner -cf image/rootfs/layer.tar -C rootfs .
+DIGEST=$(sha256sum image/rootfs/layer.tar | sed -e 's/ .*//')
+install -m 0644 pause-image-VERSION image/rootfs/VERSION
+install -m 0644 pause-config.json image/config.json
+sed -i "s/~~digest~~/${DIGEST}/" image/config.json
+install -m 0644 pause-manifest.json image/manifest.json
+install -m 0644 pause-repositories image/repositories
+tar --mtime="@1492525740" --owner=0 --group=0 --numeric-owner -cf ./amazon-ecs-pause.tar -C image .
diff --git a/scripts/get-host-certs b/scripts/get-host-certs
@@ -0,0 +1,43 @@
+#!/bin/bash
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may
+# not use this file except in compliance with the License. A copy of the
+# License is located at
+#
+#	http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is distributed
+# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+# express or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+#
+# this script searches through known locations for certs (borrowed from 
+# https://go.dev/src/crypto/x509/root_linux.go) and writes them to the
+# current dir 
+
+set -ex
+
+ROOT=$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )
+cd "${ROOT}/misc/certs"
+
+# Possible certificate files
+certFiles=("/etc/ssl/certs/ca-certificates.crt" "/etc/pki/tls/certs/ca-bundle.crt" "/etc/ssl/ca-bundle.pem" "/etc/pki/tls/cacert.pem" "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" "/etc/ssl/cert.pem")
+
+# search and stop once certs are found
+thisCertFile=""
+for file in ${certFiles[@]}; do
+  if test -f $file; then
+    thisCertFile=$file
+    break
+  fi
+done
+
+# if we found a cert file, we'll copy else exit unsuccessfully
+if [ ! -z "$thisCertFile" ]
+then
+  cp $thisCertFile ./host-certs.crt
+else
+  echo "No certs file found on host"
+  exit 1
+fi