Adds RHEL 8, RHEL 9 and SLES 15 support for s390x

Added Dockerfile for rhel-8 and sles-15. Added spec files rpm/SPECS/checkpolicy.spec, rpm/SPECS/policycoreutils.spec for sles-15 support. Modified rpm/SPECS/docker-ce.spec for adding support for sles-15 with btrfs support. Modified rpm/Makefile to add support for sles-15 and rhel-8.

Signed-off-by: Nirman Narang <[email protected]>

updates policycoreutils to 3.4
Refactor SLES_RELEASE
Add RHEL 9 Dockerfile

Signed-off-by: Prabhav Thali <[email protected]>

Author: nirmannarang

rpm/Makefile

@@ -13,7 +13,7 @@ SCAN_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/scan-cl
 BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)
 
 ifdef BUILD_IMAGE
-	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
+	BUILD_IMAGE_FLAG=--build-arg BUILD_IMAGE=$(BUILD_IMAGE)
 endif
 BUILD?=DOCKER_BUILDKIT=1 \
 	docker build \
@@ -58,12 +58,22 @@ RUN?=docker run --rm \
 	$(RUN_FLAGS) \
 	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
 
+RUN_SLES?=docker run --rm \
+	-e PLATFORM \
+	-v $(CURDIR)/rpmbuild/SOURCES:/usr/src/packages/SOURCES:ro \
+	-v $(CURDIR)/rpmbuild/$@/RPMS:/usr/src/packages/RPMS \
+	-v $(CURDIR)/rpmbuild/$@/SRPMS:/usr/src/packages/SRPMS \
+	$(RUN_FLAGS) \
+	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
+
 FEDORA_RELEASES ?= fedora-37 fedora-36 fedora-35
 CENTOS_RELEASES ?= centos-7 centos-8 centos-9
 ifeq ($(ARCH),s390x)
-RHEL_RELEASES ?= rhel-7
+RHEL_RELEASES ?= rhel-7 rhel-8 rhel-9
+SLES_RELEASES ?= sles-15
 else
 RHEL_RELEASES ?=
+SLES_RELEASES ?=
 endif
 
 DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES)
@@ -80,7 +90,7 @@ clean: ## remove build artifacts
 	-docker builder prune -f --filter until=24h
 
 .PHONY: rpm
-rpm: fedora centos ## build all rpm packages
+rpm: fedora centos rhel sles ## build all rpm packages
 
 .PHONY: fedora
 fedora: $(FEDORA_RELEASES) ## build all fedora rpm packages
@@ -91,9 +101,15 @@ centos-8 centos-9: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1'
 .PHONY: centos
 centos: $(CENTOS_RELEASES) ## build all centos rpm packages
 
+.PHONY: rhel-8 rhel-9
+rhel-8 rhel-9: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1'
+
 .PHONY: rhel
 rhel: $(RHEL_RELEASES) ## build all rhel rpm packages
 
+.PHONY: sles
+sles: $(SLES_RELEASES) ## build all sles rpm packages
+
 .PHONY: $(DISTROS)
 $(DISTROS): sources
 	@echo "== Building packages for $@ =="
@@ -102,6 +118,14 @@ $(DISTROS): sources
 	$(RUN)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
 
+.PHONY: $(SLES_RELEASES)
+$(SLES_RELEASES): rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/scan-cli-plugin.tgz
+	@echo "== Building packages for $@ =="
+	mkdir -p "rpmbuild/$@"
+	$(BUILD)
+	$(RUN_SLES)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
+
 .PHONY: sources
 sources: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/scan-cli-plugin.tgz
 

rpm/SPECS/docker-ce.spec

@@ -20,27 +20,41 @@ Packager: Docker <[email protected]>
 Requires: /usr/sbin/groupadd
 Requires: docker-ce-cli
 Requires: docker-ce-rootless-extras
+%if 0%{?suse_version}
+Requires: container-selinux
+Requires: libseccomp2
+Requires: libcgroup-devel
+%else
 Requires: container-selinux >= 2:2.74
 Requires: libseccomp >= 2.3
-Requires: systemd
-Requires: iptables
 %if %{undefined rhel} || 0%{?rhel} < 9
 # Libcgroup is no longer available in RHEL/CentOS >= 9 distros.
 Requires: libcgroup
 %endif
+%endif
+Requires: systemd
+Requires: iptables
 Requires: containerd.io >= 1.6.4
 Requires: tar
 Requires: xz
 
 BuildRequires: bash
+%if 0%{?suse_version}
+BuildRequires: btrfsprogs
+%else
 %{?_with_btrfs:BuildRequires: btrfs-progs-devel}
+%endif
 BuildRequires: ca-certificates
 BuildRequires: cmake
 BuildRequires: device-mapper-devel
 BuildRequires: gcc
 BuildRequires: git
 BuildRequires: glibc-static
+%if 0%{?suse_version}
+BuildRequires: libarchive13
+%else
 BuildRequires: libarchive
+%endif
 BuildRequires: libseccomp-devel
 BuildRequires: libselinux-devel
 BuildRequires: libtool

rpm/SPECS/policycoreutils.spec

@@ -0,0 +1,48 @@
+Name:           policycoreutils
+Version:        3.4
+Release:        1%{?dist}
+Group:          System Environment/Base
+Summary:        SELinux policy core utilities
+License:        GPLv2
+%description
+
+%configure
+
+BuildRequires: gzip
+BuildRequires: make
+BuildRequires: gcc7
+BuildRequires: flex
+BuildRequires: libbz2-devel
+BuildRequires: pcre2-devel
+BuildRequires: audit-devel
+BuildRequires: gettext
+BuildRequires: bison
+BuildRequires: wget
+BuildRequires: tar
+
+%install
+wget https://github.com/SELinuxProject/selinux/releases/download/3.4/libsepol-3.4.tar.gz
+update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 7
+tar -xvf libsepol-3.4.tar.gz
+cd libsepol-3.4
+make CC=gcc
+make install
+cd ..
+wget https://github.com/SELinuxProject/selinux/releases/download/3.4/libselinux-3.4.tar.gz
+tar -xvf libselinux-3.4.tar.gz
+cd libselinux-3.4
+make CC=gcc
+make install
+cd ..
+wget https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz
+tar -xvf libsemanage-3.4.tar.gz
+cd libsemanage-3.4
+make CC=gcc
+make install
+cd ..
+wget https://github.com/SELinuxProject/selinux/releases/download/3.4/policycoreutils-3.4.tar.gz
+tar -xvf policycoreutils-3.4.tar.gz
+cd policycoreutils-3.4
+make CC=gcc
+make install
+%files

rpm/SPECS/sles_dependencies.spec

@@ -0,0 +1,33 @@
+Name:       SLES_Dependencies
+Version:    %{_version}
+License:    GPLv2
+Release:    1%{?dist}
+Summary:    SLES Dependencies
+
+%description
+The file lists the dependencies required for building the rpmbuild-sles-15
+
+BuildRequires: rpm-build
+BuildRequires: rpmlint
+BuildRequires: pkg-config
+BuildRequires: libsystemd0
+BuildRequires: systemd-devel
+BuildRequires: selinux-tools
+BuildRequires: wget
+BuildRequires: cmake
+BuildRequires: git
+BuildRequires: glibc-devel-static
+BuildRequires: libseccomp-devel
+BuildRequires: libtool
+BuildRequires: libarchive-devel
+BuildRequires: btrfsprogs
+BuildRequires: libbtrfs-devel
+BuildRequires: lsb-release
+BuildRequires: gzip
+BuildRequires: make
+BuildRequires: gcc7
+BuildRequires: flex
+BuildRequires: libbz2-devel
+BuildRequires: gettext
+BuildRequires: bison
+BuildRequires: tar

rpm/rhel-8/Dockerfile

@@ -0,0 +1,34 @@
+ARG GO_IMAGE
+ARG DISTRO=rhel
+ARG SUITE=8
+ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS exclude_graphdriver_btrfs
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+RUN yum install -y rpm-build rpmlint libarchive yum-utils
+COPY SPECS /root/rpmbuild/SPECS
+
+# TODO change once we support scan-plugin on other architectures
+RUN \
+  if [ "$(uname -m)" = "x86_64" ]; then \
+    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/*.spec; \
+  else \
+    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \
+    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-b*.spec; \
+  fi
+
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/rhel-9/Dockerfile

@@ -0,0 +1,34 @@
+ARG GO_IMAGE
+ARG DISTRO=rhel
+ARG SUITE=9
+ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS exclude_graphdriver_btrfs
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+RUN yum install -y rpm-build rpmlint libarchive yum-utils
+COPY SPECS /root/rpmbuild/SPECS
+
+# TODO change once we support scan-plugin on other architectures
+RUN \
+  if [ "$(uname -m)" = "x86_64" ]; then \
+    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/*.spec; \
+  else \
+    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \
+    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-b*.spec; \
+  fi
+
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/sles-15/Dockerfile

@@ -0,0 +1,41 @@
+ARG GO_IMAGE
+ARG DISTRO=sles
+ARG SUITE=15
+ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+COPY SPECS /usr/src/packages/SPECS
+COPY rpmbuild/SOURCES/ /usr/src/packages/SOURCES/
+RUN zypper -n install $(rpmspec --parse /usr/src/packages/SPECS/sles_dependencies.spec | grep BuildRequires | cut -d' ' -f2 | xargs)
+RUN rpmbuild -bb /usr/src/packages/SPECS/policycoreutils.spec
+RUN rpm -i /usr/src/packages/RPMS/s390x/policycoreutils-3.4-1.s390x.rpm \
+&& sles_version=$(lsb_release -r | rev | cut -c1) \
+&& opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/15.$sles_version/security:SELinux.repo" \
+&& zypper addrepo $opensuse_repo \
+&& zypper --gpg-auto-import-keys refresh && zypper install -y selinux-policy selinux-policy-devel device-mapper-devel \
+&& mkdir -p /root/rpmbuild/ && cp -r /usr/src/packages/* /root/rpmbuild/
+
+# TODO change once we support scan-plugin on other architectures
+RUN \
+  if [ "$(uname -m)" = "x86" ]; then \
+    rpmbuild -y /root/rpmbuild/SPECS/*.spec; \
+  else \
+    rpmbuild -y /root/rpmbuild/SPECS/docker-c*.spec; \
+    rpmbuild -y /root/rpmbuild/SPECS/docker-b*.spec; \
+  fi
+
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/usr/bin/rpmbuild"]