Trial of hermetic build system on https://github.com/istio/operator

sdake · August 5, 2019, 12:42pm

Hi gang,

In a T&R meeting on 7/30, a hermetic build system was proposed and approved.

The TL;DR is 3 use cases must be supported: 1) local toolchains 2) hermetic pinned toolchains 3) CI using hermetic pinned toolchains.

Trial PRs have been merged into istio/operator and istio/test-infra that implement the use case requirements.

Implementation highlights:

Only make and docker are required as dependencies
All vendor deps are cached on the first make operation
Any dependency updates are cached
CI executes more quickly

If you wish to use your own toolchain, please add this line to your $HOME/.profile file:

export USE_LOCAL_TOOLCHAIN=1

For problems with the operator repository on this trial, please contact sdake in Slack.

Cheers,
Steven Dake and Martin Taillefer

martonsereg · August 5, 2019, 3:02pm

Hi sdake,

I’ve tried to run the make mesh command with the docker build-tool, but had problems doing that on MacOS - mounts from /etc don’t really work with docker for mac:
-v /etc/passwd:/etc/passwd:ro
-v /etc/passwd:/etc/passwd:ro
-v /etc/localtime:/etc/localtime:ro
-v /etc/timezeone:/etc/timezeone:ro \

see for example https://github.com/docker/for-mac/issues/2396.

sdake · August 5, 2019, 3:16pm

Thanks @geeknoid reported this problem this morning. First thing on my plate to fix.

Cheers
-steve

sdake · August 5, 2019, 7:41pm

PRs have merged which make Mac operational. Please report any developer experience problems in any of the typical channels.

Cheers
-steve

martonsereg · August 6, 2019, 9:27am

Hi Steve,

the build is indeed fixed on Mac now, but the result is a linux binary that’s not executable on a mac.
To make it work, the go build inside the container should receive env variables for cross-compile (GOOS and GOARCH).

make mesh should either build the binary for all the platforms (darwin, linux and windows) in the container, or the env vars should be passed in the build container from the host OS.

Marton

sdake · August 7, 2019, 7:35am

The TLDR is PRs are either merged, in flight, or scheduled to resolve the mac build issues. The operator repo build-tools container trial will be opt-in once these in-flight PRs merge.

More detail:
@ericvn has kindly consolidated my work with the common-files repo in https://github.com/istio/common-files/pull/21

@geeknoid has rolled out an update of common-files to the operator repo which enables opt-in behavior. See https://github.com/istio/operator/pull/166

@geeknoid has also repaired the vfsgen problem here: https://github.com/istio/tools/pull/255

@morvencao has resolved an unrelated linting line length change in common here: https://github.com/istio/operator/pull/167

The BUILD_LOCAL_TOOLCHAIN environment variable had a short life and has been deprecated.

The environment variable used once all of this work merges is:
export BUILD_WITH_CONTAINER=1 added to the default environment.

Cheers
-steve

Topic		Replies	Views
Building Istio from code	3	283	September 22, 2021
ISTIO mesh expansion for RHEL/CentOS	6	1271	February 6, 2019
{SOLVED}How to build Istio manually	1	622	September 26, 2019
Custom build of istio/proxy — Build Containers? Contributors	1	1279	March 3, 2020
Https://github.com/istio/operator repo PRs need a rebase	2	382	July 16, 2019

Trial of hermetic build system on https://github.com/istio/operator

Related Topics