From 7147d1e75552c5e9c9acf190ef5a53635f067642 Mon Sep 17 00:00:00 2001 From: Alex Hunt Date: Thu, 20 Jun 2024 15:31:50 -0700 Subject: [PATCH 1/2] Update h2 to 0.3.26 for RUSTSEC-2024-0332 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8f2ac45..964b510 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -939,9 +939,9 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" [[package]] name = "h2" -version = "0.3.24" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9" +checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" dependencies = [ "bytes", "fnv", From f8b97beebd3c519c4f0776b68f139f3f5c51ac0e Mon Sep 17 00:00:00 2001 From: Alex Hunt Date: Thu, 20 Jun 2024 18:22:24 -0700 Subject: [PATCH 2/2] cross compile --- Cargo.lock | 10 ++++++++++ Dockerfile | 29 +++++++++++++++++++++-------- eip_operator_shared/Cargo.toml | 2 +- 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 964b510..a6850fa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1657,6 +1657,15 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" +[[package]] +name = "openssl-src" +version = "300.3.1+3.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7259953d42a81bf137fbbd73bd30a8e1914d6dce43c2b90ed575783a22608b91" +dependencies = [ + "cc", +] + [[package]] name = "openssl-sys" version = "0.9.97" @@ -1665,6 +1674,7 @@ checksum = "c3eaad34cdd97d81de97964fc7f29e2d104f483840d906ef56daa1912338460b" dependencies = [ "cc", "libc", + "openssl-src", "pkg-config", "vcpkg", ] diff --git a/Dockerfile b/Dockerfile index 3016310..d7d48ba 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,39 @@ -FROM rust:1.74.0-slim-bookworm AS chef +FROM --platform=$BUILDPLATFORM rust:1.74.0-slim-bookworm AS chef RUN cargo install --locked cargo-chef +ARG TARGETARCH +RUN echo -n "$TARGETARCH" | sed 's#amd64#x86_64#;s#arm64#aarch64#' > /cargo_arch +RUN rustup target add x86_64-unknown-linux-gnu +RUN rustup target add aarch64-unknown-linux-gnu WORKDIR /workdir -FROM chef AS planner +FROM --platform=$BUILDPLATFORM chef AS planner COPY . . RUN cargo chef prepare --recipe-path recipe.json -FROM chef AS builder +FROM --platform=$BUILDPLATFORM chef AS builder RUN apt-get update \ - && apt-get -qy install pkg-config libssl-dev cmake g++ \ + && apt-get -qy install pkg-config libssl-dev cmake g++ gcc-x86-64-linux-gnu gcc-aarch64-linux-gnu perl \ && apt-get clean WORKDIR /workdir COPY --from=planner /workdir/recipe.json recipe.json ARG CARGO_RELEASE=--release ARG CARGO_FEATURES=--no-default-features -RUN cargo chef cook $CARGO_RELEASE $CARGO_FEATURES --recipe-path recipe.json +RUN export CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=x86_64-linux-gnu-gcc; \ + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc; \ + cargo chef cook \ + $CARGO_RELEASE \ + $CARGO_FEATURES \ + --recipe-path recipe.json \ + --target "$(cat /cargo_arch)-unknown-linux-gnu" COPY . . -RUN cargo build $CARGO_RELEASE $CARGO_FEATURES +RUN export CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=x86_64-linux-gnu-gcc; \ + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc; \ + cargo build $CARGO_RELEASE $CARGO_FEATURES \ + --target "$(cat /cargo_arch)-unknown-linux-gnu" FROM debian:bookworm-20231030-slim RUN apt-get update && apt-get install -y iptables ca-certificates && rm -rf /var/ib/apt/lists/* RUN update-alternatives --set iptables /usr/sbin/iptables-legacy -COPY --from=builder /workdir/target/*/eip-operator / -COPY --from=builder /workdir/target/*/cilium-eip-no-masquerade-agent / +COPY --from=builder /workdir/target/*/*/eip-operator / +COPY --from=builder /workdir/target/*/*/cilium-eip-no-masquerade-agent / ENTRYPOINT ["./eip-operator"] diff --git a/eip_operator_shared/Cargo.toml b/eip_operator_shared/Cargo.toml index ace288e..595f477 100644 --- a/eip_operator_shared/Cargo.toml +++ b/eip_operator_shared/Cargo.toml @@ -20,7 +20,7 @@ futures = "0.3" hyper = { version = "0.14.27", features = ["http2"] } kube = { workspace = true } kube-runtime = { workspace = true } -native-tls = { version = "0.2.11", features = ["alpn"] } +native-tls = { version = "0.2.11", features = ["alpn", "vendored"] } opentelemetry = { version = "0.21", features = ["trace"] } opentelemetry_sdk = { version = "0.21", features = ["trace", "rt-tokio"] } opentelemetry-otlp = { version = "0.14" }