build compatible distros as PIE

open-telemetry · Nov 5, 2024 · 9416237 · 9416237
1 parent 11530fd
commit 9416237
Show file tree

Hide file tree

Showing 8 changed files with 465 additions and 63 deletions.
diff --git a/.github/workflows/base-release.yaml b/.github/workflows/base-release.yaml
@@ -85,7 +85,7 @@ jobs:
           distribution: goreleaser-pro
           version: v2.3.2
           workdir: distributions/${{ inputs.distribution }}
-          args: release --clean --split --timeout 2h --release-header-tmpl=../../.github/release-template.md
+          args: release --verbose --clean --split --timeout 2h --release-header-tmpl=../../.github/release-template.md
         env:
           GOOS: ${{ matrix.GOOS }}
           GOARCH: ${{ matrix.GOARCH }}

diff --git a/Makefile b/Makefile
@@ -6,7 +6,6 @@ OTELCOL_BUILDER_DIR ?= ${HOME}/bin
 OTELCOL_BUILDER ?= ${OTELCOL_BUILDER_DIR}/ocb
 
 DISTRIBUTIONS ?= "otelcol,otelcol-contrib,otelcol-k8s,otelcol-otlp"
-GEN_CONFIG_DISTRIBUTIONS ?= "otelcol,otelcol-contrib"
 
 ci: check build
 check: ensure-goreleaser-up-to-date
@@ -17,7 +16,7 @@ build: go ocb
 generate: generate-sources generate-goreleaser
 
 generate-goreleaser: go
-	@./scripts/generate-goreleaser.sh -d "${GEN_CONFIG_DISTRIBUTIONS}" -g ${GO}
+	@./scripts/generate-goreleaser.sh -d "${DISTRIBUTIONS}" -g ${GO}
 
 generate-sources: go ocb
 	@./scripts/build.sh -d "${DISTRIBUTIONS}" -s true -b ${OTELCOL_BUILDER} -g ${GO}
@@ -40,7 +39,7 @@ ifeq (, $(shell command -v ocb 2>/dev/null))
 	[ "$${machine}" != x86_64 ] || machine=amd64 ;\
 	echo "Installing ocb ($${os}/$${machine}) at $(OTELCOL_BUILDER_DIR)";\
 	mkdir -p $(OTELCOL_BUILDER_DIR) ;\
-	CGO_ENABLED=0 go install -trimpath -ldflags="-s -w" go.opentelemetry.io/collector/cmd/builder@v$(OTELCOL_BUILDER_VERSION) ;\
+	CGO_ENABLED=0 go install -trimpath -ldflags="-s -w" -buildmode=pie go.opentelemetry.io/collector/cmd/builder@v$(OTELCOL_BUILDER_VERSION) ;\
 	mv $$(go env GOPATH)/bin/builder $(OTELCOL_BUILDER) ;\
 	}
 else

diff --git a/cmd/builder/.goreleaser.yml b/cmd/builder/.goreleaser.yml
@@ -8,6 +8,7 @@ version: 2
 builds:
   - flags:
       - -trimpath
+      - -buildmode=pie
     ldflags:
       - -s -w -X go.opentelemetry.io/collector/cmd/builder/internal.version={{ .Version }}
     env:
@@ -136,4 +137,4 @@ sboms:
     artifacts: archive
   - id: package
     artifacts: package
-
+
diff --git a/cmd/goreleaser/internal/configure.go b/cmd/goreleaser/internal/configure.go
@@ -30,11 +30,37 @@ import (
 const ArmArch = "arm"
 
 var (
-	ImagePrefixes = []string{"otel", "ghcr.io/open-telemetry/opentelemetry-collector-releases"}
-	Architectures = []string{"386", "amd64", "arm", "arm64", "ppc64le", "s390x"}
-	ArmVersions   = []string{"7"}
+	ImagePrefixes      = []string{"otel", "ghcr.io/open-telemetry/opentelemetry-collector-releases"}
+	Architectures      = []string{"386", "amd64", "arm", "arm64", "ppc64le", "s390x"}
+	ArmVersions        = []string{"7"}
+	DefaultConfigDists = map[string]bool{"otelcol": true, "otelcol-contrib": true}
+	MSIWindowsDists    = map[string]bool{"otelcol": true, "otelcol-contrib": true, "otelcol-otlp": true}
+	K8sDockerSkipArchs = map[string]bool{"arm": true, "386": true}
+	K8sGoos            = []string{"linux"}
+	K8sArchs           = []string{"amd64", "arm64", "ppc64le", "s390x"}
+	AlwaysIgnored      = map[config.IgnoredBuild]bool{
+		{Goos: "darwin", Goarch: "386"}:    true,
+		{Goos: "darwin", Goarch: "arm"}:    true,
+		{Goos: "darwin", Goarch: "s390x"}:  true,
+		{Goos: "windows", Goarch: "arm"}:   true,
+		{Goos: "windows", Goarch: "arm64"}: true,
+		{Goos: "windows", Goarch: "s390x"}: true,
+	}
 )
 
+// Copied from go/src/internal/platform/supported.go, see:
+// https://cs.opensource.google/go/go/+/d7fcb5cf80953f1d63246f1ae9defa60c5ce2d76:src/internal/platform/supported.go;l=222
+func InternalLinkPIESupported(goos, goarch string) bool {
+	switch goos + "/" + goarch {
+	case "android/arm64",
+		"darwin/amd64", "darwin/arm64",
+		"linux/amd64", "linux/arm64", "linux/ppc64le",
+		"windows/386", "windows/amd64", "windows/arm", "windows/arm64":
+		return true
+	}
+	return false
+}
+
 func Generate(dist string) config.Project {
 	return config.Project{
 		ProjectName: "opentelemetry-collector-releases",
@@ -52,61 +78,105 @@ func Generate(dist string) config.Project {
 		DockerSigns:     DockerSigns(),
 		SBOMs:           SBOM(),
 		Version:         2,
-		Monorepo:				 config.Monorepo{
+		Monorepo: config.Monorepo{
 			TagPrefix: "v",
 		},
 	}
 }
 
 func Builds(dist string) []config.Build {
 	return []config.Build{
-		Build(dist),
+		Build(dist, true),
+		Build(dist, false),
+	}
+}
+
+func generateIgnored(goos, archs []string, pie bool) []config.IgnoredBuild {
+	ignored := make([]config.IgnoredBuild, 0)
+	var build config.IgnoredBuild
+	for _, goos := range goos {
+		for _, arch := range archs {
+			build = config.IgnoredBuild{
+				Goos:   goos,
+				Goarch: arch,
+			}
+			if _, ok := AlwaysIgnored[build]; ok || !pie && InternalLinkPIESupported(goos, arch) || pie && !InternalLinkPIESupported(goos, arch) {
+				ignored = append(ignored, build)
+			}
+		}
 	}
+	return ignored
 }
 
 // Build configures a goreleaser build.
 // https://goreleaser.com/customization/build/
-func Build(dist string) config.Build {
+func Build(dist string, pie bool) config.Build {
+	var goos []string
+	var archs []string
+	var ignore []config.IgnoredBuild
+	var armVersions []string
+	id := dist
+	ldflags := []string{"-s", "-w"}
+	if pie {
+		ldflags = append(ldflags, "-buildmode=pie")
+		id = id + "-pie"
+	}
+	flags := []string{"-trimpath"}
+	if dist == "otelcol-k8s" {
+		goos = K8sGoos
+		archs = K8sArchs
+		ignore = generateIgnored(K8sGoos, K8sArchs, pie)
+		armVersions = make([]string, 0)
+
+	} else {
+		goos = []string{"darwin", "linux", "windows"}
+		archs = Architectures
+		ignore = generateIgnored(goos, archs, pie)
+		armVersions = ArmVersions
+	}
 	return config.Build{
-		ID:     dist,
+		ID:     id,
 		Dir:    "_build",
 		Binary: dist,
 		BuildDetails: config.BuildDetails{
 			Env:     []string{"CGO_ENABLED=0"},
-			Flags:   []string{"-trimpath"},
-			Ldflags: []string{"-s", "-w"},
-		},
-		Goos:   []string{"darwin", "linux", "windows"},
-		Goarch: Architectures,
-		Goarm:  ArmVersions,
-		Ignore: []config.IgnoredBuild{
-			{Goos: "darwin", Goarch: "386"},
-			{Goos: "darwin", Goarch: "arm"},
-			{Goos: "darwin", Goarch: "s390x"},
-			{Goos: "windows", Goarch: "arm"},
-			{Goos: "windows", Goarch: "arm64"},
-			{Goos: "windows", Goarch: "s390x"},
+			Flags:   flags,
+			Ldflags: ldflags,
 		},
+		Goos:   goos,
+		Goarch: archs,
+		Goarm:  armVersions,
+		Ignore: ignore,
 	}
 }
 
 func Archives(dist string) (r []config.Archive) {
 	return []config.Archive{
-		Archive(dist),
+		Archive(dist, true),
+		Archive(dist, false),
 	}
 }
 
 // Archive configures a goreleaser archive (tarball).
 // https://goreleaser.com/customization/archive/
-func Archive(dist string) config.Archive {
+func Archive(dist string, pie bool) config.Archive {
+	id := dist
+	build := dist
+	if pie {
+		id = id + "-pie"
+		build = build + "-pie"
+	}
 	return config.Archive{
-		ID:           dist,
+		ID:           id,
 		NameTemplate: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}",
-		Builds:       []string{dist},
+		Builds:       []string{build},
 	}
 }
 
 func WinPackages(dist string) []config.MSI {
+	if _, ok := MSIWindowsDists[dist]; !ok {
+		return []config.MSI{}
+	}
 	return []config.MSI{
 		WinPackage(dist),
 	}
@@ -115,29 +185,58 @@ func WinPackages(dist string) []config.MSI {
 // Package configures goreleaser to build a Windows MSI package.
 // https://goreleaser.com/customization/msi/
 func WinPackage(dist string) config.MSI {
+	files := []string{"opentelemetry.ico"}
+	if _, ok := DefaultConfigDists[dist]; ok {
+		files = append(files, "config.yaml")
+	}
 	return config.MSI{
-		ID:   dist,
-		Name: fmt.Sprintf("%s_{{ .Version }}_{{ .Os }}_{{ .MsiArch }}", dist),
-		WXS:  "windows-installer.wxs",
-		Files: []string{
-			"config.yaml",
-			"opentelemetry.ico",
-		},
+		ID:    dist,
+		Name:  fmt.Sprintf("%s_{{ .Version }}_{{ .Os }}_{{ .MsiArch }}", dist),
+		WXS:   "windows-installer.wxs",
+		Files: files,
 	}
 }
 
 func Packages(dist string) (r []config.NFPM) {
+	if dist == "otelcol-k8s" {
+		return []config.NFPM{}
+	}
 	return []config.NFPM{
-		Package(dist),
+		Package(dist, true),
+		Package(dist, false),
 	}
 }
 
 // Package configures goreleaser to build a system package.
 // https://goreleaser.com/customization/nfpm/
-func Package(dist string) config.NFPM {
+func Package(dist string, pie bool) config.NFPM {
+	id := dist
+	build := dist
+	if pie {
+		id = id + "-pie"
+		build = build + "-pie"
+	}
+	nfpmContents := config.NFPMContents{
+		{
+			Source:      fmt.Sprintf("%s.service", dist),
+			Destination: path.Join("/lib", "systemd", "system", fmt.Sprintf("%s.service", dist)),
+		},
+		{
+			Source:      fmt.Sprintf("%s.conf", dist),
+			Destination: path.Join("/etc", dist, fmt.Sprintf("%s.conf", dist)),
+			Type:        "config|noreplace",
+		},
+	}
+	if _, ok := DefaultConfigDists[dist]; ok {
+		nfpmContents = append(nfpmContents, &config.NFPMContent{
+			Source:      "config.yaml",
+			Destination: path.Join("/etc", dist, "config.yaml"),
+			Type:        "config|noreplace",
+		})
+	}
 	return config.NFPM{
-		ID:      dist,
-		Builds:  []string{dist},
+		ID:      id,
+		Builds:  []string{build},
 		Formats: []string{"deb", "rpm"},
 
 		License:     "Apache 2.0",
@@ -158,29 +257,19 @@ func Package(dist string) config.NFPM {
 				PostInstall: "postinstall.sh",
 				PreRemove:   "preremove.sh",
 			},
-			Contents: config.NFPMContents{
-				{
-					Source:      fmt.Sprintf("%s.service", dist),
-					Destination: path.Join("/lib", "systemd", "system", fmt.Sprintf("%s.service", dist)),
-				},
-				{
-					Source:      fmt.Sprintf("%s.conf", dist),
-					Destination: path.Join("/etc", dist, fmt.Sprintf("%s.conf", dist)),
-					Type:        "config|noreplace",
-				},
-				{
-					Source:      "config.yaml",
-					Destination: path.Join("/etc", dist, "config.yaml"),
-					Type:        "config|noreplace",
-				},
-			},
+			Contents: nfpmContents,
 		},
 	}
 }
 
 func DockerImages(dist string) []config.Docker {
 	r := make([]config.Docker, 0)
 	for _, arch := range Architectures {
+		if dist == "otelcol-k8s" {
+			if _, ok := K8sDockerSkipArchs[arch]; ok {
+				continue
+			}
+		}
 		switch arch {
 		case ArmArch:
 			for _, vers := range ArmVersions {
@@ -197,7 +286,7 @@ func DockerImages(dist string) []config.Docker {
 // https://goreleaser.com/customization/docker/
 func DockerImage(dist, arch, armVersion string) config.Docker {
 	dockerArchName := archName(arch, armVersion)
-	var imageTemplates []string
+	imageTemplates := make([]string, 0)
 	for _, prefix := range ImagePrefixes {
 		dockerArchTag := strings.ReplaceAll(dockerArchName, "/", "")
 		imageTemplates = append(
@@ -210,7 +299,10 @@ func DockerImage(dist, arch, armVersion string) config.Docker {
 	label := func(name, template string) string {
 		return fmt.Sprintf("--label=org.opencontainers.image.%s={{%s}}", name, template)
 	}
-
+	files := make([]string, 0)
+	if _, ok := DefaultConfigDists[dist]; ok {
+		files = append(files, "config.yaml")
+	}
 	return config.Docker{
 		ImageTemplates: imageTemplates,
 		Dockerfile:     "Dockerfile",
@@ -226,7 +318,7 @@ func DockerImage(dist, arch, armVersion string) config.Docker {
 			label("source", ".GitURL"),
 			"--label=org.opencontainers.image.licenses=Apache-2.0",
 		},
-		Files:  []string{"config.yaml"},
+		Files:  files,
 		Goos:   "linux",
 		Goarch: arch,
 		Goarm:  armVersion,
@@ -247,6 +339,11 @@ func DockerManifests(dist string) []config.DockerManifest {
 func DockerManifest(prefix, version, dist string) config.DockerManifest {
 	var imageTemplates []string
 	for _, arch := range Architectures {
+		if dist == "otelcol-k8s" {
+			if _, ok := K8sDockerSkipArchs[arch]; ok {
+				continue
+			}
+		}
 		switch arch {
 		case ArmArch:
 			for _, armVers := range ArmVersions {