1#!/usr/bin/env bash 2 3# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. 4# Copyright © 2020 Intel Corporation 5# SPDX-License-Identifier: Apache-2.0 6 7CLI_NAME="Cloud Hypervisor" 8 9CTR_IMAGE_TAG="ghcr.io/cloud-hypervisor/cloud-hypervisor" 10CTR_IMAGE_VERSION="20231220-0" 11: "${CTR_IMAGE:=${CTR_IMAGE_TAG}:${CTR_IMAGE_VERSION}}" 12 13DOCKER_RUNTIME="docker" 14 15# Host paths 16CLH_SCRIPTS_DIR=$(cd "$(dirname "$0")" && pwd) 17CLH_ROOT_DIR=$(cd "${CLH_SCRIPTS_DIR}/.." && pwd) 18CLH_BUILD_DIR="${CLH_ROOT_DIR}/build" 19CLH_CARGO_TARGET="${CLH_BUILD_DIR}/cargo_target" 20CLH_DOCKERFILE="${CLH_SCRIPTS_DIR}/../resources/Dockerfile" 21CLH_CTR_BUILD_DIR="/tmp/cloud-hypervisor/ctr-build" 22CLH_INTEGRATION_WORKLOADS="${HOME}/workloads" 23 24# Container paths 25CTR_CLH_ROOT_DIR="/cloud-hypervisor" 26CTR_CLH_CARGO_BUILT_DIR="${CTR_CLH_ROOT_DIR}/build" 27CTR_CLH_CARGO_TARGET="${CTR_CLH_CARGO_BUILT_DIR}/cargo_target" 28CTR_CLH_INTEGRATION_WORKLOADS="/root/workloads" 29 30# Container networking option 31CTR_CLH_NET="bridge" 32 33# Cargo paths 34# Full path to the cargo registry dir on the host. This appears on the host 35# because we want to persist the cargo registry across container invocations. 36# Otherwise, any rust crates from crates.io would be downloaded again each time 37# we build or test. 38CARGO_REGISTRY_DIR="${CLH_BUILD_DIR}/cargo_registry" 39 40# Full path to the cargo git registry on the host. This serves the same purpose 41# as CARGO_REGISTRY_DIR, for crates downloaded from GitHub repos instead of 42# crates.io. 43CARGO_GIT_REGISTRY_DIR="${CLH_BUILD_DIR}/cargo_git_registry" 44 45# Full path to the cargo target dir on the host. 46CARGO_TARGET_DIR="${CLH_BUILD_DIR}/cargo_target" 47 48# Send a decorated message to stdout, followed by a new line 49# 50say() { 51 [ -t 1 ] && [ -n "$TERM" ] && 52 echo "$(tput setaf 2)[$CLI_NAME]$(tput sgr0) $*" || 53 echo "[$CLI_NAME] $*" 54} 55 56# Send a decorated message to stdout, without a trailing new line 57# 58say_noln() { 59 [ -t 1 ] && [ -n "$TERM" ] && 60 echo -n "$(tput setaf 2)[$CLI_NAME]$(tput sgr0) $*" || 61 echo "[$CLI_NAME] $*" 62} 63 64# Send a text message to stderr 65# 66say_err() { 67 [ -t 2 ] && [ -n "$TERM" ] && 68 echo "$(tput setaf 1)[$CLI_NAME] $*$(tput sgr0)" 1>&2 || 69 echo "[$CLI_NAME] $*" 1>&2 70} 71 72# Send a warning-highlighted text to stdout 73say_warn() { 74 [ -t 1 ] && [ -n "$TERM" ] && 75 echo "$(tput setaf 3)[$CLI_NAME] $*$(tput sgr0)" || 76 echo "[$CLI_NAME] $*" 77} 78 79# Exit with an error message and (optional) code 80# Usage: die [-c <error code>] <error message> 81# 82die() { 83 code=1 84 [[ "$1" = "-c" ]] && { 85 code="$2" 86 shift 2 87 } 88 say_err "$@" 89 exit "$code" 90} 91 92# Exit with an error message if the last exit code is not 0 93# 94ok_or_die() { 95 code=$? 96 [[ $code -eq 0 ]] || die -c $code "$@" 97} 98 99# Make sure the build/ dirs are available. Exit if we can't create them. 100# Upon returning from this call, the caller can be certain the build/ dirs exist. 101# 102ensure_build_dir() { 103 for dir in "$CLH_BUILD_DIR" \ 104 "$CLH_INTEGRATION_WORKLOADS" \ 105 "$CLH_CTR_BUILD_DIR" \ 106 "$CARGO_TARGET_DIR" \ 107 "$CARGO_REGISTRY_DIR" \ 108 "$CARGO_GIT_REGISTRY_DIR"; do 109 mkdir -p "$dir" || die "Error: cannot create dir $dir" 110 [ -x "$dir" ] && [ -w "$dir" ] || 111 { 112 say "Wrong permissions for $dir. Attempting to fix them ..." 113 chmod +x+w "$dir" 114 } || 115 die "Error: wrong permissions for $dir. Should be +x+w" 116 done 117} 118 119# Make sure we're using the latest dev container, by just pulling it. 120ensure_latest_ctr() { 121 if [ "$CTR_IMAGE_VERSION" = "local" ]; then 122 build_container 123 else 124 $DOCKER_RUNTIME pull "$CTR_IMAGE" 125 126 if [ $? -ne 0 ]; then 127 build_container 128 fi 129 130 ok_or_die "Error pulling/building container image. Aborting." 131 fi 132} 133 134# Fix main directory permissions after a container ran as root. 135# Since the container ran as root, any files it creates will be owned by root. 136# This fixes that by recursively changing the ownership of /cloud-hypervisor to the 137# current user. 138# 139fix_dir_perms() { 140 # Yes, running Docker to get elevated privileges, just to chown some files 141 # is a dirty hack. 142 $DOCKER_RUNTIME run \ 143 --workdir "$CTR_CLH_ROOT_DIR" \ 144 --rm \ 145 --volume /dev:/dev \ 146 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 147 "$CTR_IMAGE" \ 148 chown -R "$(id -u):$(id -g)" "$CTR_CLH_ROOT_DIR" 149 150 return "$1" 151} 152# Process exported volumes argument, separate the volumes and make docker compatible 153# Sample input: --volumes /a:/a#/b:/b 154# Sample output: --volume /a:/a --volume /b:/b 155# 156process_volumes_args() { 157 if [ -z "$arg_vols" ]; then 158 return 159 fi 160 exported_volumes="" 161 arr_vols=(${arg_vols//#/ }) 162 for var in "${arr_vols[@]}"; do 163 parts=(${var//:/ }) 164 if [[ ! -e "${parts[0]}" ]]; then 165 echo "The volume ${parts[0]} does not exist." 166 exit 1 167 fi 168 exported_volumes="$exported_volumes --volume $var" 169 done 170} 171 172cmd_help() { 173 echo "" 174 echo "Cloud Hypervisor $(basename "$0")" 175 echo "Usage: $(basename "$0") [flags] <command> [<command args>]" 176 echo "" 177 echo "Available flags": 178 echo "" 179 echo " --local Set the container image version being used to \"local\"." 180 echo "" 181 echo "Available commands:" 182 echo "" 183 echo " build [--debug|--release] [--libc musl|gnu] [-- [<cargo args>]]" 184 echo " Build the Cloud Hypervisor binaries." 185 echo " --debug Build the debug binaries. This is the default." 186 echo " --release Build the release binaries." 187 echo " --libc Select the C library Cloud Hypervisor will be built against. Default is gnu" 188 echo " --volumes Hash separated volumes to be exported. Example --volumes /mnt:/mnt#/myvol:/myvol" 189 echo " --hypervisor Underlying hypervisor. Options kvm, mshv" 190 echo "" 191 echo " tests [<test type (see below)>] [--libc musl|gnu] [-- [<test scripts args>] [-- [<test binary args>]]] " 192 echo " Run the Cloud Hypervisor tests." 193 echo " --unit Run the unit tests." 194 echo " --integration Run the integration tests." 195 echo " --integration-sgx Run the SGX integration tests." 196 echo " --integration-vfio Run the VFIO integration tests." 197 echo " --integration-windows Run the Windows guest integration tests." 198 echo " --integration-live-migration Run the live-migration integration tests." 199 echo " --integration-rate-limiter Run the rate-limiter integration tests." 200 echo " --libc Select the C library Cloud Hypervisor will be built against. Default is gnu" 201 echo " --metrics Generate performance metrics" 202 echo " --volumes Hash separated volumes to be exported. Example --volumes /mnt:/mnt#/myvol:/myvol" 203 echo " --hypervisor Underlying hypervisor. Options kvm, mshv" 204 echo " --all Run all tests." 205 echo "" 206 echo " build-container [--type]" 207 echo " Build the Cloud Hypervisor container." 208 echo "" 209 echo " clean [<cargo args>]]" 210 echo " Remove the Cloud Hypervisor artifacts." 211 echo "" 212 echo " shell" 213 echo " Run the development container into an interactive, privileged BASH shell." 214 echo " --volumes Hash separated volumes to be exported. Example --volumes /mnt:/mnt#/myvol:/myvol" 215 echo "" 216 echo " help" 217 echo " Display this help message." 218 echo "" 219} 220 221cmd_build() { 222 build="debug" 223 libc="gnu" 224 hypervisor="kvm" 225 features_build="" 226 exported_device="/dev/kvm" 227 while [ $# -gt 0 ]; do 228 case "$1" in 229 "-h" | "--help") { 230 cmd_help 231 exit 1 232 } ;; 233 "--debug") { build="debug"; } ;; 234 "--release") { build="release"; } ;; 235 "--runtime") 236 shift 237 DOCKER_RUNTIME="$1" 238 export DOCKER_RUNTIME 239 ;; 240 "--libc") 241 shift 242 [[ "$1" =~ ^(musl|gnu)$ ]] || 243 die "Invalid libc: $1. Valid options are \"musl\" and \"gnu\"." 244 libc="$1" 245 ;; 246 "--volumes") 247 shift 248 arg_vols="$1" 249 ;; 250 "--hypervisor") 251 shift 252 hypervisor="$1" 253 ;; 254 "--features") 255 shift 256 features_build="--features $1" 257 ;; 258 "--") { 259 shift 260 break 261 } ;; 262 *) 263 die "Unknown build argument: $1. Please use --help for help." 264 ;; 265 esac 266 shift 267 done 268 269 ensure_build_dir 270 ensure_latest_ctr 271 272 process_volumes_args 273 if [[ ! ("$hypervisor" = "kvm" || "$hypervisor" = "mshv") ]]; then 274 die "Hypervisor value must be kvm or mshv" 275 fi 276 if [[ "$hypervisor" = "mshv" ]]; then 277 exported_device="/dev/mshv" 278 fi 279 target="$(uname -m)-unknown-linux-${libc}" 280 281 cargo_args=("$@") 282 [ $build = "release" ] && cargo_args+=("--release") 283 cargo_args+=(--target "$target") 284 285 rustflags="$RUSTFLAGS" 286 target_cc="" 287 if [ "$(uname -m)" = "aarch64" ] && [ "$libc" = "musl" ]; then 288 rustflags="$rustflags -C link-args=-Wl,-Bstatic -C link-args=-lc" 289 fi 290 291 $DOCKER_RUNTIME run \ 292 --user "$(id -u):$(id -g)" \ 293 --workdir "$CTR_CLH_ROOT_DIR" \ 294 --rm \ 295 --volume $exported_device \ 296 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 297 --env RUSTFLAGS="$rustflags" \ 298 --env TARGET_CC="$target_cc" \ 299 "$CTR_IMAGE" \ 300 cargo build --all $features_build \ 301 --target-dir "$CTR_CLH_CARGO_TARGET" \ 302 "${cargo_args[@]}" && say "Binaries placed under $CLH_CARGO_TARGET/$target/$build" 303} 304 305cmd_clean() { 306 cargo_args=("$@") 307 308 ensure_build_dir 309 ensure_latest_ctr 310 311 $DOCKER_RUNTIME run \ 312 --user "$(id -u):$(id -g)" \ 313 --workdir "$CTR_CLH_ROOT_DIR" \ 314 --rm \ 315 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 316 "$CTR_IMAGE" \ 317 cargo clean \ 318 --target-dir "$CTR_CLH_CARGO_TARGET" \ 319 "${cargo_args[@]}" 320} 321 322cmd_tests() { 323 unit=false 324 integration=false 325 integration_sgx=false 326 integration_vfio=false 327 integration_windows=false 328 integration_live_migration=false 329 integration_rate_limiter=false 330 metrics=false 331 libc="gnu" 332 arg_vols="" 333 hypervisor="kvm" 334 exported_device="/dev/kvm" 335 while [ $# -gt 0 ]; do 336 case "$1" in 337 "-h" | "--help") { 338 cmd_help 339 exit 1 340 } ;; 341 "--unit") { unit=true; } ;; 342 "--integration") { integration=true; } ;; 343 "--integration-sgx") { integration_sgx=true; } ;; 344 "--integration-vfio") { integration_vfio=true; } ;; 345 "--integration-windows") { integration_windows=true; } ;; 346 "--integration-live-migration") { integration_live_migration=true; } ;; 347 "--integration-rate-limiter") { integration_rate_limiter=true; } ;; 348 "--metrics") { metrics=true; } ;; 349 "--libc") 350 shift 351 [[ "$1" =~ ^(musl|gnu)$ ]] || 352 die "Invalid libc: $1. Valid options are \"musl\" and \"gnu\"." 353 libc="$1" 354 ;; 355 "--volumes") 356 shift 357 arg_vols="$1" 358 ;; 359 "--hypervisor") 360 shift 361 hypervisor="$1" 362 ;; 363 "--all") { 364 cargo=true 365 unit=true 366 integration=true 367 } ;; 368 "--") { 369 shift 370 break 371 } ;; 372 *) 373 die "Unknown tests argument: $1. Please use --help for help." 374 ;; 375 esac 376 shift 377 done 378 if [[ ! ("$hypervisor" = "kvm" || "$hypervisor" = "mshv") ]]; then 379 die "Hypervisor value must be kvm or mshv" 380 fi 381 382 if [[ "$hypervisor" = "mshv" ]]; then 383 exported_device="/dev/mshv" 384 fi 385 386 if [ ! -e "${exported_device}" ] ; then 387 die "${exported_device} does not exist on the system" 388 fi 389 390 set -- '--hypervisor' "$hypervisor" "$@" 391 392 ensure_build_dir 393 ensure_latest_ctr 394 395 process_volumes_args 396 target="$(uname -m)-unknown-linux-${libc}" 397 398 rustflags="$RUSTFLAGS" 399 target_cc="" 400 if [ "$(uname -m)" = "aarch64" ] && [ "$libc" = "musl" ]; then 401 rustflags="$rustflags -C link-args=-Wl,-Bstatic -C link-args=-lc" 402 fi 403 404 if [[ "$unit" = true ]]; then 405 say "Running unit tests for $target..." 406 $DOCKER_RUNTIME run \ 407 --workdir "$CTR_CLH_ROOT_DIR" \ 408 --rm \ 409 --device $exported_device \ 410 --device /dev/net/tun \ 411 --cap-add net_admin \ 412 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 413 --env BUILD_TARGET="$target" \ 414 --env RUSTFLAGS="$rustflags" \ 415 --env TARGET_CC="$target_cc" \ 416 "$CTR_IMAGE" \ 417 ./scripts/run_unit_tests.sh "$@" || fix_dir_perms $? || exit $? 418 fi 419 420 if [ "$integration" = true ]; then 421 say "Running integration tests for $target..." 422 $DOCKER_RUNTIME run \ 423 --workdir "$CTR_CLH_ROOT_DIR" \ 424 --rm \ 425 --privileged \ 426 --security-opt seccomp=unconfined \ 427 --ipc=host \ 428 --net="$CTR_CLH_NET" \ 429 --mount type=tmpfs,destination=/tmp \ 430 --volume /dev:/dev \ 431 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 432 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 433 --env USER="root" \ 434 --env BUILD_TARGET="$target" \ 435 --env RUSTFLAGS="$rustflags" \ 436 --env TARGET_CC="$target_cc" \ 437 --env AUTH_DOWNLOAD_TOKEN="$AUTH_DOWNLOAD_TOKEN" \ 438 "$CTR_IMAGE" \ 439 dbus-run-session ./scripts/run_integration_tests_"$(uname -m)".sh "$@" || fix_dir_perms $? || exit $? 440 fi 441 442 if [ "$integration_sgx" = true ]; then 443 say "Running SGX integration tests for $target..." 444 $DOCKER_RUNTIME run \ 445 --workdir "$CTR_CLH_ROOT_DIR" \ 446 --rm \ 447 --privileged \ 448 --security-opt seccomp=unconfined \ 449 --ipc=host \ 450 --net="$CTR_CLH_NET" \ 451 --mount type=tmpfs,destination=/tmp \ 452 --volume /dev:/dev \ 453 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 454 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 455 --env USER="root" \ 456 --env BUILD_TARGET="$target" \ 457 --env RUSTFLAGS="$rustflags" \ 458 --env TARGET_CC="$target_cc" \ 459 --env AUTH_DOWNLOAD_TOKEN="$AUTH_DOWNLOAD_TOKEN" \ 460 "$CTR_IMAGE" \ 461 ./scripts/run_integration_tests_sgx.sh "$@" || fix_dir_perms $? || exit $? 462 fi 463 464 if [ "$integration_vfio" = true ]; then 465 say "Running VFIO integration tests for $target..." 466 $DOCKER_RUNTIME run \ 467 --workdir "$CTR_CLH_ROOT_DIR" \ 468 --rm \ 469 --privileged \ 470 --security-opt seccomp=unconfined \ 471 --ipc=host \ 472 --net="$CTR_CLH_NET" \ 473 --mount type=tmpfs,destination=/tmp \ 474 --volume /dev:/dev \ 475 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 476 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 477 --env USER="root" \ 478 --env BUILD_TARGET="$target" \ 479 --env RUSTFLAGS="$rustflags" \ 480 --env TARGET_CC="$target_cc" \ 481 --env AUTH_DOWNLOAD_TOKEN="$AUTH_DOWNLOAD_TOKEN" \ 482 "$CTR_IMAGE" \ 483 ./scripts/run_integration_tests_vfio.sh "$@" || fix_dir_perms $? || exit $? 484 fi 485 486 if [ "$integration_windows" = true ]; then 487 say "Running Windows integration tests for $target..." 488 $DOCKER_RUNTIME run \ 489 --workdir "$CTR_CLH_ROOT_DIR" \ 490 --rm \ 491 --privileged \ 492 --security-opt seccomp=unconfined \ 493 --ipc=host \ 494 --net="$CTR_CLH_NET" \ 495 --mount type=tmpfs,destination=/tmp \ 496 --volume /dev:/dev \ 497 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 498 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 499 --env USER="root" \ 500 --env BUILD_TARGET="$target" \ 501 --env RUSTFLAGS="$rustflags" \ 502 --env TARGET_CC="$target_cc" \ 503 --env AUTH_DOWNLOAD_TOKEN="$AUTH_DOWNLOAD_TOKEN" \ 504 "$CTR_IMAGE" \ 505 ./scripts/run_integration_tests_windows_"$(uname -m)".sh "$@" || fix_dir_perms $? || exit $? 506 fi 507 508 if [ "$integration_live_migration" = true ]; then 509 say "Running 'live migration' integration tests for $target..." 510 $DOCKER_RUNTIME run \ 511 --workdir "$CTR_CLH_ROOT_DIR" \ 512 --rm \ 513 --privileged \ 514 --security-opt seccomp=unconfined \ 515 --ipc=host \ 516 --net="$CTR_CLH_NET" \ 517 --mount type=tmpfs,destination=/tmp \ 518 --volume /dev:/dev \ 519 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 520 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 521 --env USER="root" \ 522 --env BUILD_TARGET="$target" \ 523 --env RUSTFLAGS="$rustflags" \ 524 --env TARGET_CC="$target_cc" \ 525 --env AUTH_DOWNLOAD_TOKEN="$AUTH_DOWNLOAD_TOKEN" \ 526 "$CTR_IMAGE" \ 527 ./scripts/run_integration_tests_live_migration.sh "$@" || fix_dir_perms $? || exit $? 528 fi 529 530 if [ "$integration_rate_limiter" = true ]; then 531 say "Running 'rate limiter' integration tests for $target..." 532 $DOCKER_RUNTIME run \ 533 --workdir "$CTR_CLH_ROOT_DIR" \ 534 --rm \ 535 --privileged \ 536 --security-opt seccomp=unconfined \ 537 --ipc=host \ 538 --net="$CTR_CLH_NET" \ 539 --mount type=tmpfs,destination=/tmp \ 540 --volume /dev:/dev \ 541 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 542 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 543 --env USER="root" \ 544 --env BUILD_TARGET="$target" \ 545 --env RUSTFLAGS="$rustflags" \ 546 --env TARGET_CC="$target_cc" \ 547 --env AUTH_DOWNLOAD_TOKEN="$AUTH_DOWNLOAD_TOKEN" \ 548 "$CTR_IMAGE" \ 549 ./scripts/run_integration_tests_rate_limiter.sh "$@" || fix_dir_perms $? || exit $? 550 fi 551 552 if [ "$metrics" = true ]; then 553 say "Generating performance metrics for $target..." 554 $DOCKER_RUNTIME run \ 555 --workdir "$CTR_CLH_ROOT_DIR" \ 556 --rm \ 557 --privileged \ 558 --security-opt seccomp=unconfined \ 559 --ipc=host \ 560 --net="$CTR_CLH_NET" \ 561 --mount type=tmpfs,destination=/tmp \ 562 --volume /dev:/dev \ 563 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 564 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 565 --env USER="root" \ 566 --env BUILD_TARGET="$target" \ 567 --env RUSTFLAGS="$rustflags" \ 568 --env TARGET_CC="$target_cc" \ 569 --env RUST_BACKTRACE="${RUST_BACKTRACE}" \ 570 --env AUTH_DOWNLOAD_TOKEN="$AUTH_DOWNLOAD_TOKEN" \ 571 "$CTR_IMAGE" \ 572 ./scripts/run_metrics.sh "$@" || fix_dir_perms $? || exit $? 573 fi 574 575 fix_dir_perms $? 576} 577 578build_container() { 579 ensure_build_dir 580 581 BUILD_DIR=/tmp/cloud-hypervisor/container/ 582 583 mkdir -p $BUILD_DIR 584 cp "$CLH_DOCKERFILE" $BUILD_DIR 585 586 [ "$(uname -m)" = "aarch64" ] && TARGETARCH="arm64" 587 [ "$(uname -m)" = "x86_64" ] && TARGETARCH="amd64" 588 589 $DOCKER_RUNTIME build \ 590 --target dev \ 591 -t $CTR_IMAGE \ 592 -f $BUILD_DIR/Dockerfile \ 593 --build-arg TARGETARCH=$TARGETARCH \ 594 $BUILD_DIR 595} 596 597cmd_build-container() { 598 while [ $# -gt 0 ]; do 599 case "$1" in 600 "-h" | "--help") { 601 cmd_help 602 exit 1 603 } ;; 604 "--") { 605 shift 606 break 607 } ;; 608 *) 609 die "Unknown build-container argument: $1. Please use --help for help." 610 ;; 611 esac 612 shift 613 done 614 615 build_container 616} 617 618cmd_shell() { 619 while [ $# -gt 0 ]; do 620 case "$1" in 621 "-h" | "--help") { 622 cmd_help 623 exit 1 624 } ;; 625 "--volumes") 626 shift 627 arg_vols="$1" 628 ;; 629 "--") { 630 shift 631 break 632 } ;; 633 *) ;; 634 635 esac 636 shift 637 done 638 ensure_build_dir 639 ensure_latest_ctr 640 process_volumes_args 641 say_warn "Starting a privileged shell prompt as root ..." 642 say_warn "WARNING: Your $CLH_ROOT_DIR folder will be bind-mounted in the container under $CTR_CLH_ROOT_DIR" 643 $DOCKER_RUNTIME run \ 644 -ti \ 645 --workdir "$CTR_CLH_ROOT_DIR" \ 646 --rm \ 647 --privileged \ 648 --security-opt seccomp=unconfined \ 649 --ipc=host \ 650 --net="$CTR_CLH_NET" \ 651 --tmpfs /tmp:exec \ 652 --volume /dev:/dev \ 653 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" $exported_volumes \ 654 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 655 --env USER="root" \ 656 --entrypoint bash \ 657 "$CTR_IMAGE" 658 659 fix_dir_perms $? 660} 661 662if [ $# = 0 ]; then 663 cmd_help 664 say_err "Please specify command to run!" 665 exit 1 666fi 667 668# Parse main command line args. 669# 670while [ $# -gt 0 ]; do 671 case "$1" in 672 -h | --help) { 673 cmd_help 674 exit 1 675 } ;; 676 --local) { 677 CTR_IMAGE_VERSION="local" 678 CTR_IMAGE="${CTR_IMAGE_TAG}:${CTR_IMAGE_VERSION}" 679 } ;; 680 -*) 681 die "Unknown arg: $1. Please use \`$0 help\` for help." 682 ;; 683 *) 684 break 685 ;; 686 esac 687 shift 688done 689 690# $1 is now a command name. Check if it is a valid command and, if so, 691# run it. 692# 693declare -f "cmd_$1" >/dev/null 694ok_or_die "Unknown command: $1. Please use \`$0 help\` for help." 695 696cmd=cmd_$1 697shift 698 699$cmd "$@" 700