talos-extensions/container-runtime/gvisor/pkg.yaml

name: gvisor
variant: scratch
shell: /bin/bash
dependencies:
  - stage: base
steps:
  - sources:
      # gvisor repo 'master' branch is Bazel-bazed, so we need to find matching commit in the "go" branch
      # find the go-branch specific merge commit ("Merge release-... (automated)") which has the release-tagged commit as a parent
      - url: https://github.com/google/gvisor/archive/2f1ef2228e0ca861ced3ecc562f2629d6b2aa45a.tar.gz
        destination: gvisor.tar.gz
        sha256: 63419d6c5744f17f8f8229919ed2399e5e8d567735379b22f34acba2cfc8ab34
        sha512: 567f72bbf701176e394ca5ad6ba1be8432e56d8f48344dc9561dba668536ca3132c7f9b8a19485b9518d35783b32426318def14e7ca9cc7c682ab26f1db9e293
    env:
      GOPATH: /tmp/go
    cachePaths:
      - /.cache/go-build
      - /tmp/go/pkg
  - network: default
    prepare:
      - |
        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml        
      - |
        mkdir -p ${GOPATH}/src/github.com/google/gvisor

        tar -xzf gvisor.tar.gz --strip-components=1 -C ${GOPATH}/src/github.com/google/gvisor        
      - |
        cd ${GOPATH}/src/github.com/google/gvisor
        go mod download        
  - network: none
    build:
      - |
        cd ${GOPATH}/src/github.com/google/gvisor

        mkdir ./bin

        CGO_ENABLED=0 go build -o ./bin/runsc ./runsc

        CGO_ENABLED=0 go build -o ./bin/containerd-shim-runsc-v1 ./shim        
    install:
      - |
        mkdir -p /rootfs/usr/local/bin

        cd ${GOPATH}/src/github.com/google/gvisor

        cp ./bin/runsc /rootfs/usr/local/bin/runsc
        chmod +x /rootfs/usr/local/bin/runsc

        cp ./bin/containerd-shim-runsc-v1 /rootfs/usr/local/bin/containerd-shim-runsc-v1
        chmod +x /rootfs/usr/local/bin/containerd-shim-runsc-v1        

      - |
        mkdir -p /rootfs/etc/cri/conf.d

        cp /pkg/10-gvisor.part /pkg/runsc.toml /pkg/10-gvisor-kvm.part /pkg/runsc-kvm.toml /rootfs/etc/cri/conf.d/        
    test:
      - |
        mkdir -p /extensions-validator-rootfs
        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"        
finalize:
  - from: /rootfs
    to: /rootfs
  - from: /pkg/manifest.yaml
    to: /