Enable StrongSwan

Switch to musl, build static version of StrongSwan charon
k3s-io · Sep 20, 2019 · 093a471 · 093a471
1 parent 815f617
commit 093a471
Show file tree

Hide file tree

Showing 7 changed files with 435 additions and 56 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -21,6 +21,7 @@ RUN curl -fL https://storage.googleapis.com/buildroot-cache/2018.11.1.tar.gz | t
 WORKDIR /usr/src/buildroot
 COPY conntrack-tools/* /usr/src/buildroot/package/conntrack-tools/
 COPY slirp4netns/* /usr/src/buildroot/package/slirp4netns/
+COPY strongswan/* /usr/src/buildroot/package/strongswan/
 COPY busybox.config /usr/src/buildroot/package/busybox/
 COPY package/Config.in /usr/src/buildroot/package/
 
@@ -43,6 +44,17 @@ RUN cd .. && \
     cp buildroot/output/target/sbin/ip bin/ && \
     cp buildroot/output/target/sbin/ebtables bin/ && \
     cp buildroot/output/target/bin/busybox bin/
+
+# strongswan
+RUN cd .. && \
+    cp buildroot/output/target/usr/sbin/swanctl bin/ && \
+    cp buildroot/output/target/usr/libexec/ipsec/charon bin/
+
+# save strongswan etc config
+RUN cd .. && \
+    mkdir etc && \
+    cp -rp buildroot/output/target/var/lib/rancher/k3s/agent/* etc/
+
 RUN cd ../bin && \
     for i in addgroup adduser ar arch arp arping ash awk basename blkid bunzip2 bzcat cat chattr chgrp chmod chown chroot chrt chvt cksum clear cmp cp cpio crond crontab cut date dc dd deallocvt delgroup deluser devmem df diff dirname dmesg dnsd dnsdomainname dos2unix du dumpkmap echo egrep eject env ether-wake expr factor fallocate false fbset fdflush fdformat fdisk fgrep flock fold free freeramdisk fsck fsfreeze fstrim fuser getopt getty grep gunzip gzip halt hdparm head hexdump hexedit hostid hostname hwclock i2cdetect i2cdump i2cget i2cset id ifconfig ifdown ifup inetd init insmod install ipaddr ipcrm ipcs iplink ipneigh iproute iprule iptunnel kill killall killall5 klogd last less link linux32 linux64 linuxrc ln loadfont loadkmap logger login logname losetup ls lsattr lsmod lsof lspci lsscsi lsusb lzcat lzma lzopcat makedevs md5sum mdev mesg microcom mkdir mkdosfs mke2fs mkfifo mknod mkpasswd mkswap mktemp modprobe more mount mountpoint mt mv nameif netstat nice nl nohup nproc nsenter nslookup nuke od openvt partprobe passwd paste patch pidof ping pipe_progress pivot_root poweroff printenv printf ps pwd rdate readlink readprofile realpath reboot renice reset resize resume rm rmdir rmmod route run-init run-parts runlevel sed seq setarch setconsole setfattr setkeycodes setlogcons setpriv setserial setsid sh sha1sum sha256sum sha3sum sha512sum shred sleep sort start-stop-daemon strings stty su sulogin svc svok swapoff swapon switch_root sync sysctl syslogd tail tar tc tee telnet test tftp time top touch tr traceroute true truncate tty ubirename udhcpc uevent umount uname uniq unix2dos unlink unlzma unlzop unxz unzip uptime usleep uudecode uuencode vconfig vi vlock w watch watchdog wc wget which who whoami xargs xxd xz xzcat yes zcat; do ln -s busybox $i; done && \
     for i in iptables iptables-save iptables-restore; do ln -s xtables-multi $i; done && \

diff --git a/Vagrantfile b/Vagrantfile
@@ -0,0 +1,124 @@
+################################################################################
+#
+# Vagrantfile
+#
+################################################################################
+
+# Buildroot version to use
+# RELEASE='2019.05.1'
+RELEASE='2018.11.1'
+
+### Change here for more memory/cores ###
+VM_MEMORY=4096
+VM_CORES=4
+
+PROJECT_DIR="/vbox"
+ARCH="amd64"
+
+plugin_installed = false
+required_plugins = %w( vagrant-vbguest )
+
+required_plugins.each do |plugin|
+  unless Vagrant.has_plugin?(plugin)
+    system "vagrant plugin install #{plugin}"
+    plugin_installed = true
+  end
+end
+
+if plugin_installed === true
+	exec "vagrant #{ARGV.join' '}"
+end
+
+Vagrant.configure('2') do |config|
+	config.vm.box = 'ubuntu/bionic64'
+
+	config.vm.provider :vmware_fusion do |v, override|
+		v.vmx['memsize'] = VM_MEMORY
+		v.vmx['numvcpus'] = VM_CORES
+	end
+
+	config.vm.synced_folder ".", PROJECT_DIR
+
+	config.vm.provider :virtualbox do |v, override|
+		v.memory = VM_MEMORY
+		v.cpus = VM_CORES
+	end
+
+	config.vm.provision 'shell' do |s|
+		s.inline = 'echo Setting up machine name'
+
+		config.vm.provider :vmware_fusion do |v, override|
+			v.vmx['displayname'] = "Buildroot #{RELEASE}"
+		end
+
+		config.vm.provider :virtualbox do |v, override|
+			v.name = "Buildroot #{RELEASE}"
+		end
+	end
+
+	config.vm.provision 'shell', privileged: true, inline:
+		"
+		sed -i 's|deb http://us.archive.ubuntu.com/ubuntu/|deb mirror://mirrors.ubuntu.com/mirrors.txt|g' /etc/apt/sources.list
+		dpkg --add-architecture i386
+		apt-get -q update
+		apt-get purge -q -y snapd lxcfs lxd ubuntu-core-launcher snap-confine
+		UCF_FORCE_CONFOLD=1 \
+		DEBIAN_FRONTEND=noninteractive \
+		apt-get -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' -qq -y install \
+			build-essential \
+			libncurses5-dev \
+			git \
+			bzr \
+			cvs \
+			mercurial \
+			subversion \
+			libc6:i386 \
+			unzip \
+			bc \
+			ccache \
+			gcc \
+			g++ \
+			rsync \
+			wget \
+			curl \
+			ca-certificates \
+			ncurses-dev \
+			python \
+
+		apt-get -q -y autoremove
+		apt-get -q -y clean
+		update-locale LC_ALL=C
+		"
+
+	config.vm.provision 'shell', privileged: false, inline:
+		"
+		echo 'Downloading and extracting buildroot #{RELEASE}'
+		sudo mkdir -m 777 -p /usr/src/buildroot
+		curl -sL https://buildroot.org/downloads/buildroot-#{RELEASE}.tar.bz2 | tar xvjf - -C /usr/src/buildroot --strip-components=1
+		curl -sL https://storage.googleapis.com/buildroot-cache/#{RELEASE}.tar.gz | tar xvzf - -C /usr/src/buildroot
+		"
+
+	config.vm.provision 'shell', privileged: false, inline:
+		"
+		cd #{PROJECT_DIR}
+		cp package/Config.in /usr/src/buildroot/package/
+	
+		mkdir -p /usr/src/buildroot/package/conntrack-tools/
+		cp conntrack-tools/* /usr/src/buildroot/package/conntrack-tools/
+	
+		mkdir -p /usr/src/buildroot/package/slirp4netns/
+		cp slirp4netns/* /usr/src/buildroot/package/slirp4netns/
+
+		mkdir -p /usr/src/buildroot/package/strongswan/
+		cp strongswan/* /usr/src/buildroot/package/strongswan/
+
+		mkdir -p /usr/src/buildroot/package/busybox/
+		cp busybox.config /usr/src/buildroot/package/busybox/
+
+		cat buildroot/config buildroot/#{ARCH}config >/usr/src/buildroot/.config
+
+		cd /usr/src/buildroot/
+		# make oldconfig
+		"
+
+end
diff --git a/build.sh b/build.sh
@@ -4,5 +4,5 @@ set -x -e
 mkdir -p dist
 for ARCH in amd64 arm arm64; do
     docker build --build-arg ARCH=${ARCH} -t k3s-root .
-    docker run -i --rm -v k3s-root-cache:/usr/src/ccache k3s-root tar cf - -C /usr/src ./bin > dist/k3s-root-${ARCH}.tar
+    docker run -i --rm -v k3s-root-cache:/usr/src/ccache k3s-root tar cf - -C /usr/src ./bin ./etc > dist/k3s-root-${ARCH}.tar
 done