From 77bd66523163bdf1427b64f3318d17d8c01f1607 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Golembiovsk=C3=BD?= <tgolembi@redhat.com>
Date: Mon, 27 Mar 2023 11:12:11 +0200
Subject: [PATCH] virt-v2v: Build our own fixed appliance (Fixes #226)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The appliance used Kubevirt is missing some packages we need. For legal
reasons it is not possible to include the missing packages there. We
need to build our own fixed appliance.

We imitate multi-stage Dockerfile build in Bazel. Unfortunately
container_run_and_extract() does not work with Podmana [1] and Bazel's
linux-sandbox. Slightly less secure but working processwrapper sandbox
is used as a workaround.

[1] https://github.com/bazelbuild/rules_docker/issues/2251

Signed-off-by: Tomáš Golembiovský <tgolembi@redhat.com>
---
 .bazelrc                  |  6 ++++++
 virt-v2v/cold/.bazerlc    |  5 +++++
 virt-v2v/cold/BUILD.bazel | 39 ++++++++++++++++++++++++++++-----------
 virt-v2v/cold/WORKSPACE   | 14 +++++++-------
 4 files changed, 46 insertions(+), 18 deletions(-)
 create mode 100644 virt-v2v/cold/.bazerlc

diff --git a/.bazelrc b/.bazelrc
index a34501ca4..8493ad5a6 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -22,3 +22,9 @@ build --action_env=POPULATOR_CONTROLLER_IMAGE=quay.io/kubev2v/populator-controll
 build --action_env=OPENSTACK_POPULATOR_IMAGE=quay.io/kubev2v/openstack-populator:latest
 build --action_env=OVIRT_POPULATOR_IMAGE=quay.io/kubev2v/ovirt-populator:latest
 build --action_env=OPERATOR_IMAGE=quay.io/kubev2v/forklift-operator:latest
+
+# Appliance build
+# container_run_and_extract() does not work inside Podman and Docker
+# sandboxes. Use slightly less secure but working processwrapper sandbox.
+# NOTE: Same configuration is in virt-v2v/cold/.bazelrc.
+build --strategy_regexp="Action appliance/libguestfs-appliance.tar"=processwrapper-sandbox
diff --git a/virt-v2v/cold/.bazerlc b/virt-v2v/cold/.bazerlc
new file mode 100644
index 000000000..c65fbc5cd
--- /dev/null
+++ b/virt-v2v/cold/.bazerlc
@@ -0,0 +1,5 @@
+# Appliance build
+# container_run_and_extract() does not work inside Podman and Docker
+# sandboxes. Use slightly less secure but working processwrapper sandbox.
+# NOTE: Same configuration is in .bazelrc in repository root.
+build --strategy_regexp="Action appliance/libguestfs-appliance.tar"=processwrapper-sandbox
diff --git a/virt-v2v/cold/BUILD.bazel b/virt-v2v/cold/BUILD.bazel
index b336f62ee..718682dad 100644
--- a/virt-v2v/cold/BUILD.bazel
+++ b/virt-v2v/cold/BUILD.bazel
@@ -3,6 +3,10 @@ load(
     "container_image",
     "container_push",
 )
+load(
+    "@io_bazel_rules_docker//docker/util:run.bzl",
+    "container_run_and_extract",
+)
 load("@bazeldnf//:deps.bzl", "rpmtree")
 load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
 
@@ -15,17 +19,30 @@ container_push(
     tag = "$${REGISTRY_TAG:-devel}",
 )
 
-pkg_tar(
-    name = "appliance_layer",
-    srcs = [
-        "@libguestfs-appliance//appliance:README.fixed",
-        "@libguestfs-appliance//appliance:initrd",
-        "@libguestfs-appliance//appliance:kernel",
-        "@libguestfs-appliance//appliance:root",
+# Appliance build
+# NOTE: We deliberately do not use (and cannot use) rpmtree to build a base
+# layer with packages. Supermin queries the RPM database to track package files
+# and dependencies. Tar constructed by rpmtree is just a bunch of files and it
+# does not preserve the RPM database info. Therefore we imitate a Dockerfile
+# build here.
+container_run_and_extract(
+    name = "appliance",
+    commands = [
+        "set -x",
+        "dnf -y update",
+        "dnf -y install libguestfs libguestfs-appliance libguestfs-xfs libguestfs-winsupport qemu-img supermin",
+        "depmod \\$(ls /lib/modules/ |tail -n1)",
+        "export LIBGUESTFS_BACKEND=direct",
+        "export LIBGUESTFS_DEBUG=1 LIBGUESTFS_TRACE=1",
+        "mkdir -p /usr/lib64/guestfs/appliance",
+        "cd /usr/lib64/guestfs/appliance",
+        "libguestfs-make-fixed-appliance .",
+        "qemu-img convert -c -O qcow2 root root.qcow2",
+        "mv -vf root.qcow2 root",
+        "tar -cvf /libguestfs-appliance.tar /usr/lib64/guestfs/appliance",
     ],
-    mode = "0444",
-    package_dir = "/usr/lib64/guestfs/appliance",
-    visibility = ["//visibility:public"],
+    extract_file = "/libguestfs-appliance.tar",
+    image = "@centos9//image",
 )
 
 container_image(
@@ -34,7 +51,7 @@ container_image(
     directory = "/",
     tars = [
         ":virt-v2v",
-        ":appliance_layer",
+        "appliance/libguestfs-appliance.tar",
     ],
 )
 
diff --git a/virt-v2v/cold/WORKSPACE b/virt-v2v/cold/WORKSPACE
index 21bde094e..b66efc5e5 100644
--- a/virt-v2v/cold/WORKSPACE
+++ b/virt-v2v/cold/WORKSPACE
@@ -186,18 +186,18 @@ load("@bazeldnf//:deps.bzl", "bazeldnf_dependencies", "rpm")
 
 bazeldnf_dependencies()
 
-http_archive(
-    name = "libguestfs-appliance",
-    sha256 = "124d6325a799e958843be4818ef2c32661755be1c56e519665779948861b04f6",
-    urls = [
-        "https://storage.googleapis.com/kubevirt-prow/devel/release/kubevirt/libguestfs-appliance/libguestfs-appliance-1.48.4-qcow2-linux-5.14.0-183-centos9.tar.xz",
-    ],
+container_pull(
+    name = "centos9",
+    # 'tag' is also supported, but digest is encouraged for reproducibility.
+    digest = "sha256:66d2ee16970b1c15b26bfad256e5fbf2d57e72510974da0f0ebac4b49a166e94",  # built on 2023-04-25
+    registry = "quay.io",
+    repository = "centos/centos",
 )
 
 container_pull(
     name = "ubi9-minimal",
     # 'tag' is also supported, but digest is encouraged for reproducibility.
-    digest = "sha256:e9ea62ea2017705205ba7bc55d20827e06abe4fe071f0793c6cae46edd5855cf",
+    digest = "sha256:e9ea62ea2017705205ba7bc55d20827e06abe4fe071f0793c6cae46edd5855cf",  # 9.1.0-1760
     registry = "registry.access.redhat.com",
     repository = "ubi9/ubi-minimal",
 )