sources: add shimpei

shimpei is an OCI shim wrapper around `oci-add-hooks`, whose sole porpuse is to call `oci-add-hooks` with additional parameters that can't be provided by containerd. Signed-off-by: Arnaldo Garcia Rincon <[email protected]>
bottlerocket-os · Dec 13, 2021 · b3c4509 · b3c4509
1 parent a9e29b9
commit b3c4509
Show file tree

Hide file tree

Showing 9 changed files with 221 additions and 1 deletion.
diff --git a/packages/os/Cargo.toml b/packages/os/Cargo.toml
@@ -21,6 +21,7 @@ source-groups = [
     "models",
     "imdsclient",
     "retry-read",
+    "shimpei"
 ]
 
 [lib]
@@ -39,3 +40,5 @@ glibc = { path = "../glibc" }
 # kexec-tools and makedumpfile required for prairiedog functionality
 # kexec-tools = { path = "../kexec-tools" }
 # makedumpfile = { path = "../makedumpfile" }
+# oci-add-hooks required for shimpei functionality
+# oci-add-hooks = { path = "../oci-add-hooks" }
diff --git a/packages/os/os.spec b/packages/os/os.spec
@@ -1,6 +1,7 @@
 %global _cross_first_party 1
 %global _is_k8s_variant %(if echo %{_cross_variant} | grep -Fqw "k8s"; then echo 1; else echo 0; fi)
 %global _is_aws_variant %(if echo %{_cross_variant} | grep -Fqw "aws"; then echo 1; else echo 0; fi)
+%global _is_vendor_variant %(if echo %{_cross_variant} | grep -Fqw "nvidia"; then echo 1; else echo 0; fi)
 %undefine _debugsource_packages
 
 Name: %{_cross_os}os
@@ -89,6 +90,10 @@ Requires: %{_cross_os}shibaken
 Requires: %{_cross_os}ecs-settings-applier
 %endif
 
+%if %{_is_vendor_variant}
+Requires: %{_cross_os}shimpei
+%endif
+
 %description
 %{summary}.
 
@@ -242,6 +247,14 @@ Summary: Setting generator for populating admin container user-data from IMDS.
 %{summary}.
 %endif
 
+%if %{_is_vendor_variant}
+%package -n %{_cross_os}shimpei
+Summary: OCI-compatible shim around oci-add-hooks
+Requires: %{_cross_os}oci-add-hooks
+%description -n %{_cross_os}shimpei
+%{summary}.
+%endif
+
 %package -n %{_cross_os}bootstrap-containers
 Summary: Manages bootstrap-containers
 %description -n %{_cross_os}bootstrap-containers
@@ -317,6 +330,9 @@ echo "** Output from non-static builds:"
     -p pluto \
 %endif
     -p static-pods \
+%endif
+%if %{_is_vendor_variant}
+    -p shimpei \
 %endif
     %{nil}
 
@@ -350,6 +366,9 @@ for p in \
 %endif
   static-pods \
 %endif
+%if %{_is_vendor_variant}
+  shimpei \
+%endif
 ; do
   install -p -m 0755 ${HOME}/.cache/%{__cargo_target}/release/${p} %{buildroot}%{_cross_bindir}
 done
@@ -529,6 +548,11 @@ install -p -m 0644 %{S:300} %{buildroot}%{_cross_udevrulesdir}/80-ephemeral-stor
 %{_cross_datadir}/eks/eni-max-pods
 %endif
 
+%if %{_is_vendor_variant}
+%files -n %{_cross_os}shimpei
+%{_cross_bindir}/shimpei
+%endif
+
 %files -n %{_cross_os}static-pods
 %{_cross_bindir}/static-pods
 %endif

diff --git a/sources/Cargo.lock b/sources/Cargo.lock
diff --git a/sources/Cargo.toml b/sources/Cargo.toml
@@ -59,7 +59,9 @@ members = [
 
     "webpki-roots-shim",
 
-    "constants"
+    "constants",
+
+    "shimpei"
 ]
 
 [profile.release]

diff --git a/sources/shimpei/Cargo.toml b/sources/shimpei/Cargo.toml
@@ -0,0 +1,18 @@
+[package]
+name = "shimpei"
+version = "0.1.0"
+authors = ["Arnaldo Garcia Rincon <[email protected]>"]
+license = "Apache-2.0 OR MIT"
+edition = "2018"
+publish = false
+# Don't rebuild crate just because of changes to README.
+exclude = ["README.md"]
+
+[dependencies]
+log = "0.4"
+simplelog = "0.10"
+snafu = "0.6"
+nix = "0.23"
+
+[build-dependencies]
+cargo-readme = "3.1"
diff --git a/sources/shimpei/README.md b/sources/shimpei/README.md
@@ -0,0 +1,11 @@
+# shimpei
+
+Current version: 0.1.0
+
+  shimpei is an OCI compatible shim wrapper around `oci-add-hooks`. Its sole purpose is
+  to call `oci-add-hooks` with the additional `--hook-config-path` and `--runtime-path`
+  parameters that can't be provided by containerd.
+
+## Colophon
+
+This text was generated from `README.tpl` using [cargo-readme](https://crates.io/crates/cargo-readme), and includes the rustdoc from `src/main.rs`.
diff --git a/sources/shimpei/README.tpl b/sources/shimpei/README.tpl
@@ -0,0 +1,9 @@
+# {{crate}}
+
+Current version: {{version}}
+
+{{readme}}
+
+## Colophon
+
+This text was generated from `README.tpl` using [cargo-readme](https://crates.io/crates/cargo-readme), and includes the rustdoc from `src/main.rs`.
diff --git a/sources/shimpei/build.rs b/sources/shimpei/build.rs
@@ -0,0 +1,32 @@
+// Automatically generate README.md from rustdoc.
+
+use std::env;
+use std::fs::File;
+use std::io::Write;
+use std::path::PathBuf;
+
+fn main() {
+    // Check for environment variable "SKIP_README". If it is set,
+    // skip README generation
+    if env::var_os("SKIP_README").is_some() {
+        return;
+    }
+
+    let mut source = File::open("src/main.rs").unwrap();
+    let mut template = File::open("README.tpl").unwrap();
+
+    let content = cargo_readme::generate_readme(
+        &PathBuf::from("."), // root
+        &mut source,         // source
+        Some(&mut template), // template
+        // The "add x" arguments don't apply when using a template.
+        true,  // add title
+        false, // add badges
+        false, // add license
+        true,  // indent headings
+    )
+    .unwrap();
+
+    let mut readme = File::create("README.md").unwrap();
+    readme.write_all(content.as_bytes()).unwrap();
+}
diff --git a/sources/shimpei/src/main.rs b/sources/shimpei/src/main.rs
@@ -0,0 +1,110 @@
+/*!
+  shimpei is an OCI compatible shim wrapper around `oci-add-hooks`. Its sole purpose is
+  to call `oci-add-hooks` with the additional `--hook-config-path` and `--runtime-path`
+  parameters that can't be provided by containerd.
+*/
+
+#![deny(rust_2018_idioms)]
+
+#[macro_use]
+extern crate log;
+
+use nix;
+use simplelog::{Config as LogConfig, LevelFilter, SimpleLogger};
+use snafu::{OptionExt, ResultExt};
+use std::env;
+use std::ffi::CString;
+use std::path::Path;
+use std::process;
+
+/// Path to runc binary
+const RUNC_BIN_PATH: &str = "/usr/bin/runc";
+
+/// Path to hooks definitions
+const HOOK_CONFIG_BASE_PATH: &str = "/usr/share/oci-add-hooks";
+
+/// Path to oci-add-hooks
+const OCI_ADD_HOOKS: &str = "/usr/bin/oci-add-hooks";
+
+fn run() -> Result<()> {
+    setup_logger()?;
+    let mut args = env::args();
+    let prefix = args.next().context(error::MissingArg { what: "name" })?;
+    let hook_path = Path::new(HOOK_CONFIG_BASE_PATH).join(format!("{}-hook.json", prefix));
+
+    let mut oci_add_hooks_args: Vec<CString> = vec![
+        CString::new("oci-add-hooks").expect("Coulnd't create CString from 'oci-add-hooks'"),
+        CString::new("--hook-config-path")
+            .expect("Couldn't create CString from '--hook-config-path'"),
+        CString::new(hook_path.display().to_string()).context(error::InvalidString {
+            input: hook_path.display().to_string(),
+        })?,
+        CString::new("--runtime-path").expect("Couldn't create CString from '--runtime-path'"),
+        CString::new(RUNC_BIN_PATH).context(error::InvalidString {
+            input: RUNC_BIN_PATH.to_string(),
+        })?,
+    ];
+    for arg in args {
+        oci_add_hooks_args
+            .push(CString::new(arg.as_bytes()).context(error::InvalidString { input: arg })?);
+    }
+
+    // Use the `execv` syscall instead of `std::process::Command`, since
+    // it will call `posix_spawn` under the hood, which forks instead of
+    // replacing the current process
+
+    nix::unistd::execv(
+        &CString::new(OCI_ADD_HOOKS).context(error::InvalidString {
+            input: OCI_ADD_HOOKS.to_string(),
+        })?,
+        &oci_add_hooks_args,
+    )
+    .context(error::Execv {
+        program: OCI_ADD_HOOKS.to_string(),
+    })?;
+
+    Ok(())
+}
+
+fn setup_logger() -> Result<()> {
+    SimpleLogger::init(LevelFilter::Info, LogConfig::default()).context(error::Logger)
+}
+
+fn main() {
+    if let Err(e) = run() {
+        error!("{}", e);
+        process::exit(1);
+    }
+}
+
+/// ＜コ：ミ くコ:彡 ＜コ：ミ くコ:彡 ＜コ：ミ くコ:彡 ＜コ：ミ くコ:彡 ＜コ：ミ くコ:彡 ＜コ：ミ くコ:彡
+mod error {
+    use snafu::Snafu;
+
+    #[derive(Debug, Snafu)]
+    #[snafu(visibility = "pub(super)")]
+    pub(super) enum Error {
+        #[snafu(display("Failed to setup logger: {}", source))]
+        Logger { source: log::SetLoggerError },
+
+        #[snafu(display("Invalid log level '{}'", log_level))]
+        LogLevel {
+            log_level: String,
+            source: log::ParseLevelError,
+        },
+
+        #[snafu(display("Couldn't create CString from '{}': {}", input, source))]
+        InvalidString {
+            input: String,
+            source: std::ffi::NulError,
+        },
+
+        #[snafu(display("Failed to exec '{}' : {}", program, source))]
+        Execv { program: String, source: nix::Error },
+
+        #[snafu(display("Missing argument '{}'", what))]
+        MissingArg { what: String },
+    }
+}
+
+type Result<T> = std::result::Result<T, error::Error>;