Skip to content

Commit

Permalink
feat: added new vxagent binary revision to support bundle of agent bi…
Browse files Browse the repository at this point in the history
…nary distribution (rpm and deb packages)
  • Loading branch information
asdek committed Jun 1, 2023
1 parent 41b3e04 commit 66a50c4
Show file tree
Hide file tree
Showing 33 changed files with 947 additions and 428 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/agent-build-linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,12 @@ jobs:
# Linux
mkdir -p /usr/lib/vxagent
tar -xzf ../../../assets/deps/libraries_386.tar.gz -C /usr/lib/vxagent/
bash -x ./build-linux-386.sh && mv -v ../../bin/vxagent _tmp/linux/386/
bash -x ./build-linux-386.sh && mv -v ../../bin/vxagent _tmp/linux/386/
BUNDLE=true bash -x ./build-linux-386.sh && mv -v ../../bin/vxbundle _tmp/linux/386/
rm -rf /usr/lib/vxagent/*
tar -xzf ../../../assets/deps/libraries_amd64.tar.gz -C /usr/lib/vxagent/
bash -x ./build-linux-amd64.sh && mv -v ../../bin/vxagent _tmp/linux/amd64/
bash -x ./build-linux-amd64.sh && mv -v ../../bin/vxagent _tmp/linux/amd64/
BUNDLE=true bash -x ./build-linux-amd64.sh && mv -v ../../bin/vxbundle _tmp/linux/amd64/
# Common components
cp -v startup.sh _tmp/
cp -v ../../artifacts/agent/version _tmp/
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ web/typings
web/npm-debug.log
web/yarn-error.log
web/testem.log
web/yarn.lock
.env
__debug_bin*
*.log
Expand Down
19 changes: 15 additions & 4 deletions assets/deps/build_deps.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,17 @@

set -e

if [ "$#" -ne 1 ]; then
docker run -it --rm -v $(pwd):/tmp/deps -w /tmp/deps debian:buster bash -c "/tmp/deps/build_deps.sh libraries_amd64.tar.gz"
docker run -it --rm -v $(pwd):/tmp/deps -w /tmp/deps i386/debian:buster bash -c "/tmp/deps/build_deps.sh libraries_386.tar.gz"
if [ "$#" -ne 2 ]; then
docker run -it --rm -v $(pwd):/tmp/deps -w /tmp/deps vxcontrol/vxbuild-cross bash -c "/tmp/deps/build_deps.sh libraries_amd64.tar.gz x86_64"
docker run -it --rm -v $(pwd):/tmp/deps -w /tmp/deps vxcontrol/vxbuild-cross bash -c "/tmp/deps/build_deps.sh libraries_386.tar.gz '\(i386\|lib32\)'"
echo ">>> dependency libraries was updated successful"
ls -lah libraries_*
md5sum libraries_*
echo
exit 0
fi

GREP_PATTERN=$2
ARCHIVE_NAME=$1
ARCHIVE_PATH="$(pwd)/$1"
LIBRARIES_PATH=/usr/lib/vxagent/
Expand All @@ -30,6 +31,7 @@ LIBRARIES_NAMES=(
'libnss_nisplus.so.2'
'libnss_nis.so.2'
'libnss_sss.so.2'
'libnss_systemd.so.2'
'libpthread.so.0'
'libresolv.so.2'
'librt.so.1'
Expand All @@ -38,6 +40,7 @@ LIBRARIES_NAMES=(
)
LIBRARIES_SYM_LINKS=(
'ld-linux:ld-2.28.so'
'libcrypto.so.1.1:libcrypto.so'
'libc.so.6:libc-2.28.so'
'libc.so.6:libc.so'
'libdl.so.2:libdl-2.28.so'
Expand All @@ -53,21 +56,29 @@ LIBRARIES_SYM_LINKS=(
'libnss_nisplus.so.2:libnss_nisplus.so'
'libnss_nis.so.2:libnss_nis.so'
'libnss_sss.so.2:libnss_sss.so'
'libnss_systemd.so.2:libnss_systemd.so'
'libpthread.so.0:libpthread.so'
'libresolv.so.2:libresolv-2.28.so'
'libresolv.so.2:libresolv.so'
'librt.so.1:librt-2.28.so'
'librt.so.1:librt.so'
'libssl.so.1.1:libssl.so'
'libstdc++.so.6:libstdc++.so'
)
LIBRARIES_APT_PACKAGES=(
'libnss-sss:i386'
'libnss-systemd:i386'
'libssl1.1:i386'
'libnss-sss'
'libnss-systemd'
'libssl1.1'
)
echo ">>> started building"
uname -a
echo ">>> libraries archive name: $ARCHIVE_NAME"

function prepare_env {
dpkg --add-architecture i386
apt update >/dev/null 2>&1
apt install -y --no-install-recommends ${LIBRARIES_APT_PACKAGES[@]} >/dev/null 2>&1
mkdir -p $LIBRARIES_PATH
Expand All @@ -91,7 +102,7 @@ function update_sym_links {
}

function copy_library {
local lib_path=$(ldconfig -p | grep $1 | head -n 1 | awk -F' => ' '{ print $2 }')
local lib_path=$(ldconfig -p | grep $1 | grep $GREP_PATTERN | head -n 1 | awk -F' => ' '{ print $2 }')
echo " library: '$1' => '$lib_path'"
cp $lib_path $LIBRARIES_PATH
local lib_name=$(basename ${lib_path})
Expand Down
Binary file modified assets/deps/libraries_386.tar.gz
Binary file not shown.
Binary file modified assets/deps/libraries_amd64.tar.gz
Binary file not shown.
12 changes: 8 additions & 4 deletions build/package/agent/build-install-linux.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ mv DEBIAN/control TMP_control
mv DEBIAN/changelog TMP_changelog
mkdir -p vxagent/opt/vxcontrol/vxagent/{bin,logs,data} && \
mkdir vxagent/DEBIAN && \
cp _tmp/linux/386/vxagent vxagent/opt/vxcontrol/vxagent/bin && \
cp _tmp/linux/386/vxbundle vxagent/opt/vxcontrol/vxagent/bin/vxagent && \
mkdir -p vxagent/etc/systemd/system/ && \
cp vxagent.service vxagent/etc/systemd/system/vxagent.service

Expand All @@ -35,14 +35,15 @@ md5deep -r vxagent/opt/vxcontrol/vxagent > vxagent/DEBIAN/md5sums
chmod -R 755 vxagent/DEBIAN

fakeroot dpkg-deb -Zxz --build vxagent vxagent-${VERSION}_${arch}.deb || exit 1
cp vxagent-${VERSION}_${arch}.deb _tmp/linux/386/vxagent.deb

echo "Done create deb $arch"

rm -rf vxagent

mkdir -p vxagent/opt/vxcontrol/vxagent/{bin,logs,data} && \
mkdir vxagent/DEBIAN && \
cp _tmp/linux/amd64/vxagent vxagent/opt/vxcontrol/vxagent/bin && \
cp _tmp/linux/amd64/vxbundle vxagent/opt/vxcontrol/vxagent/bin/vxagent && \
mkdir -p vxagent/etc/systemd/system/ && \
cp vxagent.service vxagent/etc/systemd/system/vxagent.service

Expand All @@ -65,6 +66,7 @@ md5deep -r vxagent/opt/vxcontrol/vxagent > vxagent/DEBIAN/md5sums
chmod -R 755 vxagent/DEBIAN

fakeroot dpkg-deb -Zxz --build vxagent vxagent-${VERSION}_${arch}.deb || exit 1
cp vxagent-${VERSION}_${arch}.deb _tmp/linux/amd64/vxagent.deb

echo "Done create deb $arch"

Expand All @@ -76,19 +78,21 @@ mkdir -p ~/rpmbuild/SOURCES/vxagent/{bin,unit}
arch="386"
eval "echo \"$(cat RPM/rpm.spec)\"" > rpm_$arch.spec
cp _tmp/deps/libraries_386.tar.gz ~/rpmbuild/SOURCES/libraries.tar.gz
cp _tmp/linux/386/vxagent ~/rpmbuild/SOURCES/vxagent/bin/
cp _tmp/linux/386/vxbundle ~/rpmbuild/SOURCES/vxagent/bin/vxagent
cp vxagent.service ~/rpmbuild/SOURCES/vxagent/unit/

rpmbuild -bb ./rpm_$arch.spec --target i386
cp ~/rpmbuild/RPMS/i386/* install_linux/vxagent-${VERSION}_i386.rpm
cp install_linux/vxagent-${VERSION}_i386.rpm _tmp/linux/386/vxagent.rpm

arch="amd64"
rm -rf ~/rpmbuild/SOURCES/* || true
mkdir -p ~/rpmbuild/SOURCES/vxagent/{bin,unit}
cp _tmp/deps/libraries_amd64.tar.gz ~/rpmbuild/SOURCES/libraries.tar.gz
cp _tmp/linux/amd64/vxagent ~/rpmbuild/SOURCES/vxagent/bin/
cp _tmp/linux/amd64/vxbundle ~/rpmbuild/SOURCES/vxagent/bin/vxagent
cp vxagent.service ~/rpmbuild/SOURCES/vxagent/unit/

eval "echo \"$(cat RPM/rpm.spec)\"" > rpm_$arch.spec
rpmbuild -bb ./rpm_$arch.spec --target amd64
cp ~/rpmbuild/RPMS/amd64/* install_linux/vxagent-${VERSION}_amd64.rpm
cp install_linux/vxagent-${VERSION}_amd64.rpm _tmp/linux/amd64/vxagent.rpm
5 changes: 3 additions & 2 deletions build/package/agent/build-linux-386.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
LD_BUNDLE="-Wl,-rpath -Wl,/usr/lib/vxagent -Wl,--dynamic-linker=/usr/lib/vxagent/ld-2.28.so -lresolv -lnsl -lnss_files -lnss_dns -lcrypto -lssl"
GOOS=linux GOARCH=386 P=linux32 LF="-Wl,--wrap=fcntl64 -Wl,--wrap=fcntl -Wl,--whole-archive" LD="-Wl,--no-whole-archive -lcompat -pthread -lluajit -lm -ldl -lstdc++ $LD_BUNDLE" T="vxagent" "${DIR}"/build.sh
[ "x$BUNDLE" = "xtrue" ] && LD_BUNDLE="-Wl,-rpath -Wl,/usr/lib/vxagent -Wl,--dynamic-linker=/usr/lib/vxagent/ld-2.28.so -lssp_nonshared -lc_nonshared -L/usr/lib/vxagent -lrt -lresolv -lnsl -lnss_files -lnss_dns -lnss_systemd -lcrypto -lssl"
[ "x$BUNDLE" = "xtrue" ] && T="vxbundle" || T="vxagent"
GOOS=linux GOARCH=386 P=linux32 LF="-Wl,--wrap=fcntl64 -Wl,--wrap=fcntl -Wl,--whole-archive" LD="-Wl,--no-whole-archive -lcompat -pthread -lluajit -lm -ldl -lstdc++ $LD_BUNDLE" T=$T "${DIR}"/build.sh
5 changes: 3 additions & 2 deletions build/package/agent/build-linux-amd64.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
LD_BUNDLE="-Wl,-rpath -Wl,/usr/lib/vxagent -Wl,--dynamic-linker=/usr/lib/vxagent/ld-2.28.so -lresolv -lnsl -lnss_files -lnss_dns -lcrypto -lssl"
GOOS=linux GOARCH=amd64 P=linux64 LF="-Wl,--wrap=fcntl64 -Wl,--wrap=fcntl -Wl,--whole-archive" LD="-Wl,--no-whole-archive -lcompat -pthread -lluajit -lm -ldl -lstdc++ $LD_BUNDLE" T="vxagent" "${DIR}"/build.sh
[ "x$BUNDLE" = "xtrue" ] && LD_BUNDLE="-Wl,-rpath -Wl,/usr/lib/vxagent -Wl,--dynamic-linker=/usr/lib/vxagent/ld-2.28.so -lssp_nonshared -lc_nonshared -L/usr/lib/vxagent -lrt -lresolv -lnsl -lnss_files -lnss_dns -lnss_systemd -lcrypto -lssl"
[ "x$BUNDLE" = "xtrue" ] && T="vxbundle" || T="vxagent"
GOOS=linux GOARCH=amd64 P=linux64 LF="-Wl,--wrap=fcntl64 -Wl,--wrap=fcntl -Wl,--whole-archive" LD="-Wl,--no-whole-archive -lcompat -pthread -lluajit -lm -ldl -lstdc++ $LD_BUNDLE" T=$T "${DIR}"/build.sh
4 changes: 3 additions & 1 deletion build/package/agent/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ echo $VERSION_STRING > "$BUILD_ARTIFACTS_DIR/version"
PROTOCOL_VERSION="${API_VERSION:-v1}"
[ "$DEBUG" = "true" ] && DEBUG_FLAGS=(-gcflags=all="-N -l")
OUT_BIN="${OUT_BIN:-"$ROOT_DIR/build/bin/$T"}"
AGENT_REVISION=$(echo $T | awk -F. '{ print $1 }')

IAC_CERT=$(cat $ROOT_DIR/security/certs/agent/iac.cert | eval "$BASE64" )
IAC_KEY=$(cat $ROOT_DIR/security/certs/agent/iac.key | eval "$BASE64" )
Expand Down Expand Up @@ -54,9 +55,10 @@ XOREncryptCerts(){
XOREncryptCerts

CGO_ENABLED=1 go build "${DEBUG_FLAGS[@]}" -ldflags "\
-X soldr/pkg/app/agent/config.PackageVer=$PACKAGE_VER.$BUILD_VERSION \
-X soldr/pkg/app/agent/mmodule.protocolVersion=$PROTOCOL_VERSION \
-X soldr/pkg/app/agent/config.PackageVer=$PACKAGE_VER.$BUILD_VERSION \
-X soldr/pkg/app/agent/config.PackageRev=$PACKAGE_REV \
-X soldr/pkg/system.revision=$AGENT_REVISION \
-X soldr/pkg/hardening/luavm/certs/provider.iac=$IAC_CERT \
-X soldr/pkg/hardening/luavm/certs/provider.iacKey=$IAC_KEY \
-X soldr/pkg/hardening/luavm/certs/provider.vxca=$VXCA_CERT \
Expand Down
Loading

0 comments on commit 66a50c4

Please sign in to comment.