bottlerocket-os · koooosh · Sep 10, 2024 · Aug 13, 2024 · Aug 13, 2024 · Aug 13, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -3,7 +3,9 @@ resolver = "2"
 members = [
   "kits/bottlerocket-core-kit",
   "packages/acpid",
+  "packages/amazon-ecs-cni-plugins",
   "packages/amazon-ssm-agent",
+  "packages/amazon-vpc-cni-plugins",
   "packages/aws-iam-authenticator",
   "packages/aws-signing-helper",
   "packages/bash",

diff --git a/kits/bottlerocket-core-kit/Cargo.toml b/kits/bottlerocket-core-kit/Cargo.toml
@@ -13,7 +13,9 @@ path = "../kit.rs"
 
 [build-dependencies]
 acpid = { path = "../../packages/acpid" }
+amazon-ecs-cni-plugins = { path = "../../packages/amazon-ecs-cni-plugins" }
 amazon-ssm-agent = { path = "../../packages/amazon-ssm-agent" }
+amazon-vpc-cni-plugins = { path = "../../packages/amazon-vpc-cni-plugins" }
 aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" }
 aws-signing-helper = { path = "../../packages/aws-signing-helper" }
 bash = { path = "../../packages/bash" }

diff --git a/...rocket-default-filesystem-locations.patch → ...rocket-default-filesystem-locations.patch b/...rocket-default-filesystem-locations.patch → ...rocket-default-filesystem-locations.patch
diff --git a/packages/amazon-ecs-cni-plugins/Cargo.toml b/packages/amazon-ecs-cni-plugins/Cargo.toml
@@ -0,0 +1,16 @@
+[package]
+name = "amazon-ecs-cni-plugins"
+version = "0.1.0"
+edition = "2021"
+publish = false
+build = "../build.rs"
+
+[lib]
+path = "../packages.rs"
+
+[[package.metadata.build-package.external-files]]
+url = "https://github.com/aws/amazon-ecs-cni-plugins/archive/53a8481891251e66e35847554d52a13fc7c4fd03/amazon-ecs-cni-plugins.tar.gz"
+sha512 = "e819c1aae509d19461999bf717d126b3e918b73dc6049e415c4911be6cb11159404bb45bb6c92cdfa16b5b30bb174731e972e3f2be44fa0b51bbc7a969049ab7"
+
+[build-dependencies]
+glibc = { path = "../glibc" }
diff --git a/packages/amazon-ecs-cni-plugins/amazon-ecs-cni-plugins.spec b/packages/amazon-ecs-cni-plugins/amazon-ecs-cni-plugins.spec
@@ -0,0 +1,138 @@
+%global ecscni_goproject github.com/aws
+%global ecscni_gorepo amazon-ecs-cni-plugins
+%global ecscni_goimport %{ecscni_goproject}/%{ecscni_gorepo}
+%global ecscni_gitrev 53a8481891251e66e35847554d52a13fc7c4fd03
+
+Name: %{_cross_os}amazon-ecs-cni-plugins
+Version: %{ecscni_gitrev}
+Release: 1%{?dist}
+Summary: Networking plugins for ECS task networking
+License: Apache-2.0
+URL: https://%{ecscni_goimport}
+Source0: https://%{ecscni_goimport}/archive/%{ecscni_gitrev}/%{ecscni_gorepo}.tar.gz
+
+# Bottlerocket-specific - filesystem location for ECS CNI plugins
+Patch0001: 0001-bottlerocket-default-filesystem-locations.patch
+
+BuildRequires: %{_cross_os}glibc-devel
+
+Requires: %{name}(binaries)
+Requires: (%{name}(ecs-agent-extras) if %{_cross_os}variant-family(aws-ecs))
+
+%description
+%{summary}.
+
+%package bin
+Summary: ECS networking plugins binaries
+Provides: %{name}(binaries)
+Requires: (%{_cross_os}image-feature(no-fips) and %{name})
+Conflicts: (%{_cross_os}image-feature(fips) or %{name}-fips-bin)
+
+%description bin
+%{summary}.
+
+%package fips-bin
+Summary: ECS networking plugins binaries, FIPS edition
+Provides: %{name}(binaries)
+Requires: (%{_cross_os}image-feature(fips) and %{name})
+Conflicts: (%{_cross_os}image-feature(no-fips) or %{name}-bin)
+
+%description fips-bin
+%{summary}.
+
+%package ecs-agent-extras
+Summary: Extra files necessary for the ECS agent
+Provides: %{name}(ecs-agent-extras)
+Requires: (%{_cross_os}image-feature(no-fips) and %{name}(binaries))
+Conflicts: (%{_cross_os}image-feature(fips) or %{name}-ecs-agent-fips-extras)
+
+%description ecs-agent-extras
+%{summary}.
+
+%package ecs-agent-fips-extras
+Summary: Extra files necessary for the ECS agent, FIPS edition
+Provides: %{name}(ecs-agent-extras)
+Requires: (%{_cross_os}image-feature(fips) and %{name}(binaries))
+Conflicts: (%{_cross_os}image-feature(no-fips) or %{name}-ecs-agent-extras)
+
+%description ecs-agent-fips-extras
+%{summary}.
+
+%prep
+%autosetup -n %{ecscni_gorepo}-%{ecscni_gitrev} -p1
+
+# Symlink amazon-ecs-cni-plugins-%{ecscni_gitrev} to the GOPATH location
+%cross_go_setup %{ecscni_gorepo}-%{ecscni_gitrev} %{ecscni_goproject} %{ecscni_goimport}
+
+%build
+# cross_go_configure cd's to the correct GOPATH location
+%cross_go_configure %{ecscni_goimport}
+LD_ECS_CNI_VERSION="-X github.com/aws/amazon-ecs-cni-plugins/pkg/version.Version=$(cat VERSION)"
+ECS_CNI_HASH="%{ecscni_gitrev}"
+LD_ECS_CNI_SHORT_HASH="-X github.com/aws/amazon-ecs-cni-plugins/pkg/version.GitShortHash=${ECS_CNI_HASH::8}"
+LD_ECS_CNI_PORCELAIN="-X github.com/aws/amazon-ecs-cni-plugins/pkg/version.GitPorcelain=0"
+
+declare -a ECS_CNI_BUILD_ARGS
+ECS_CNI_BUILD_ARGS=(
+  -ldflags "${GOLDFLAGS} ${LD_ECS_CNI_VERSION} ${LD_ECS_CNI_SHORT_HASH} ${LD_ECS_CNI_PORCELAIN}"
+)
+
+go build "${ECS_CNI_BUILD_ARGS[@]}" -o ecs-eni ./plugins/eni
+gofips build "${ECS_CNI_BUILD_ARGS[@]}" -o fips/ecs-eni ./plugins/eni
+
+go build "${ECS_CNI_BUILD_ARGS[@]}" -o ecs-ipam ./plugins/ipam
+gofips build "${ECS_CNI_BUILD_ARGS[@]}" -o fips/ecs-ipam ./plugins/ipam
+
+go build "${ECS_CNI_BUILD_ARGS[@]}" -o ecs-bridge ./plugins/ecs-bridge
+gofips build "${ECS_CNI_BUILD_ARGS[@]}" -o fips/ecs-bridge ./plugins/ecs-bridge
+
+%install
+install -d %{buildroot}%{_cross_libexecdir}
+install -D -p -m 0755 ecs-bridge %{buildroot}%{_cross_libexecdir}/cni/ecs/ecs-bridge
+install -D -p -m 0755 ecs-eni %{buildroot}%{_cross_libexecdir}/cni/ecs/ecs-eni
+install -D -p -m 0755 ecs-ipam %{buildroot}%{_cross_libexecdir}/cni/ecs/ecs-ipam
+
+install -d %{buildroot}%{_cross_fips_libexecdir}
+install -D -p -m 0755 fips/ecs-bridge %{buildroot}%{_cross_fips_libexecdir}/cni/ecs/ecs-bridge
+install -D -p -m 0755 fips/ecs-eni %{buildroot}%{_cross_fips_libexecdir}/cni/ecs/ecs-eni
+install -D -p -m 0755 fips/ecs-ipam %{buildroot}%{_cross_fips_libexecdir}/cni/ecs/ecs-ipam
+
+# Create symlinks to ECS CNI plugin binaries for amazon-ecs-agent
+install -d %{buildroot}{%{_cross_libexecdir},%{_cross_fips_libexecdir}}/amazon-ecs-agent
+for p in \
+  ecs-bridge \
+  ecs-eni \
+  ecs-ipam \
+; do
+  ln -rs %{buildroot}%{_cross_libexecdir}/cni/ecs/${p} %{buildroot}%{_cross_libexecdir}/amazon-ecs-agent/${p}
+  ln -rs %{buildroot}%{_cross_fips_libexecdir}/cni/ecs/${p} %{buildroot}%{_cross_fips_libexecdir}/amazon-ecs-agent/${p}
+done
+
+%cross_scan_attribution go-vendor vendor
+
+%files
+%{_cross_attribution_file}
+%{_cross_attribution_vendor_dir}
+%license LICENSE
+
+%files bin
+%{_cross_libexecdir}/cni/ecs/ecs-bridge
+%{_cross_libexecdir}/cni/ecs/ecs-eni
+%{_cross_libexecdir}/cni/ecs/ecs-ipam
+
+%files fips-bin
+%{_cross_fips_libexecdir}/cni/ecs/ecs-bridge
+%{_cross_fips_libexecdir}/cni/ecs/ecs-eni
+%{_cross_fips_libexecdir}/cni/ecs/ecs-ipam
+
+%files ecs-agent-extras
+%{_cross_libexecdir}/amazon-ecs-agent/ecs-bridge
+%{_cross_libexecdir}/amazon-ecs-agent/ecs-eni
+%{_cross_libexecdir}/amazon-ecs-agent/ecs-ipam
+
+%files ecs-agent-fips-extras
+%{_cross_fips_libexecdir}/amazon-ecs-agent/ecs-bridge
+%{_cross_fips_libexecdir}/amazon-ecs-agent/ecs-eni
+%{_cross_fips_libexecdir}/amazon-ecs-agent/ecs-ipam
+
+%changelog
diff --git a/packages/amazon-vpc-cni-plugins/Cargo.toml b/packages/amazon-vpc-cni-plugins/Cargo.toml
@@ -0,0 +1,16 @@
+[package]
+name = "amazon-vpc-cni-plugins"
+version = "0.1.0"
+edition = "2021"
+publish = false
+build = "../build.rs"
+
+[lib]
+path = "../packages.rs"
+
+[[package.metadata.build-package.external-files]]
+url = "https://github.com/aws/amazon-vpc-cni-plugins/archive/be5214353252f8315a1341f4df9ffbd8cf69000c/amazon-vpc-cni-plugins.tar.gz"
+sha512 = "b1aa61d0000ff732dae67213cea2eac49363c048416716e27f36b2b43f6227db8b15ead27c43c5fd623569a49572cb6b2149c86d69363f75cec4620ddc9ef47b"
+
+[build-dependencies]
+glibc = { path = "../glibc" }
diff --git a/packages/amazon-vpc-cni-plugins/amazon-vpc-cni-plugins.spec b/packages/amazon-vpc-cni-plugins/amazon-vpc-cni-plugins.spec
@@ -0,0 +1,159 @@
+%global vpccni_goproject github.com/aws
+%global vpccni_gorepo amazon-vpc-cni-plugins
+%global vpccni_goimport %{vpccni_goproject}/%{vpccni_gorepo}
+%global vpccni_gitrev be5214353252f8315a1341f4df9ffbd8cf69000c
+%global vpccni_gover 1.3
+
+Name: %{_cross_os}amazon-vpc-cni-plugins
+Version: %{vpccni_gover}
+Release: 1%{?dist}
+Summary: VPC CNI plugins for Amazon ECS and EKS
+License: Apache-2.0
+URL: https://%{vpccni_goimport}
+Source0: https://%{vpccni_goimport}/archive/%{vpccni_gitrev}/%{vpccni_gorepo}.tar.gz
+
+BuildRequires: %{_cross_os}glibc-devel
+
+Requires: %{name}(binaries)
+Requires: (%{name}(ecs-agent-extras) if %{_cross_os}variant-family(aws-ecs))
+
+%description
+%{summary}.
+
+%package bin
+Summary: VPC networking plugins binaries
+Provides: %{name}(binaries)
+Requires: (%{_cross_os}image-feature(no-fips) and %{name})
+Conflicts: (%{_cross_os}image-feature(fips) or %{name}-fips-bin)
+
+%description bin
+%{summary}.
+
+%package fips-bin
+Summary: VPC networking plugins binaries, FIPS edition
+Provides: %{name}(binaries)
+Requires: (%{_cross_os}image-feature(fips) and %{name})
+Conflicts: (%{_cross_os}image-feature(no-fips) or %{name}-bin)
+
+%description fips-bin
+%{summary}.
+
+%package ecs-agent-extras
+Summary: Extra files necessary for the ECS agent
+Provides: %{name}(ecs-agent-extras)
+Requires: (%{_cross_os}image-feature(no-fips) and %{name}(binaries))
+Conflicts: (%{_cross_os}image-feature(fips) or %{name}-ecs-agent-fips-extras)
+
+%description ecs-agent-extras
+%{summary}.
+
+%package ecs-agent-fips-extras
+Summary: Extra files necessary for the ECS agent, FIPS edition
+Provides: %{name}(ecs-agent-extras)
+Requires: (%{_cross_os}image-feature(fips) and %{name}(binaries))
+Conflicts: (%{_cross_os}image-feature(no-fips) or %{name}-ecs-agent-extras)
+
+%description ecs-agent-fips-extras
+%{summary}.
+
+%prep
+%autosetup -n %{vpccni_gorepo}-%{vpccni_gitrev}
+
+# Symlink amazon-vpc-cni-plugins-%{vpccni_gitrev} to the GOPATH location
+%cross_go_setup %{vpccni_gorepo}-%{vpccni_gitrev} %{vpccni_goproject} %{vpccni_goimport}
+
+%build
+# cross_go_configure cd's to the correct GOPATH location
+%cross_go_configure %{vpccni_goimport}
+LD_VPC_CNI_VERSION="-X github.com/aws/amazon-vpc-cni-plugins/version.Version=%{vpccni_gover}"
+VPC_CNI_HASH="%{vpccni_gitrev}"
+LD_VPC_CNI_SHORT_HASH="-X github.com/aws/amazon-vpc-cni-plugins/version.GitShortHash=${VPC_CNI_HASH::8}"
+
+declare -a VPC_CNI_BUILD_ARGS
+VPC_CNI_BUILD_ARGS=(
+  -ldflags "${GOLDFLAGS} ${LD_VPC_CNI_VERSION} ${LD_VPC_CNI_SHORT_HASH} ${LD_VPC_CNI_PORCELAIN}"
+)
+
+for p in \
+  aws-appmesh \
+  ecs-serviceconnect \
+  vpc-branch-eni \
+  vpc-bridge \
+  vpc-eni \
+  vpc-tunnel \
+; do
+  go build "${VPC_CNI_BUILD_ARGS[@]}" -mod=vendor -o ${p} ./plugins/${p}
+  gofips build "${VPC_CNI_BUILD_ARGS[@]}" -mod=vendor -o fips/${p} ./plugins/${p}
+done
+
+%install
+install -d %{buildroot}%{_cross_libexecdir}
+install -D -p -m 0755 aws-appmesh %{buildroot}%{_cross_libexecdir}/cni/vpc/aws-appmesh
+install -D -p -m 0755 ecs-serviceconnect %{buildroot}%{_cross_libexecdir}/cni/vpc/ecs-serviceconnect
+install -D -p -m 0755 vpc-branch-eni %{buildroot}%{_cross_libexecdir}/cni/vpc/vpc-branch-eni
+install -D -p -m 0755 vpc-bridge %{buildroot}%{_cross_libexecdir}/cni/vpc/vpc-bridge
+install -D -p -m 0755 vpc-eni %{buildroot}%{_cross_libexecdir}/cni/vpc/vpc-eni
+install -D -p -m 0755 vpc-tunnel %{buildroot}%{_cross_libexecdir}/cni/vpc/vpc-tunnel
+
+install -d %{buildroot}%{_cross_fips_libexecdir}
+install -D -p -m 0755 fips/aws-appmesh %{buildroot}%{_cross_fips_libexecdir}/cni/vpc/aws-appmesh
+install -D -p -m 0755 fips/ecs-serviceconnect %{buildroot}%{_cross_fips_libexecdir}/cni/vpc/ecs-serviceconnect
+install -D -p -m 0755 fips/vpc-branch-eni %{buildroot}%{_cross_fips_libexecdir}/cni/vpc/vpc-branch-eni
+install -D -p -m 0755 fips/vpc-bridge %{buildroot}%{_cross_fips_libexecdir}/cni/vpc/vpc-bridge
+install -D -p -m 0755 fips/vpc-eni %{buildroot}%{_cross_fips_libexecdir}/cni/vpc/vpc-eni
+install -D -p -m 0755 fips/vpc-tunnel %{buildroot}%{_cross_fips_libexecdir}/cni/vpc/vpc-tunnel
+
+# Create symlinks to VPC CNI plugin binaries for amazon-ecs-agent
+install -d %{buildroot}{%{_cross_libexecdir},%{_cross_fips_libexecdir}}/amazon-ecs-agent
+for p in \
+  aws-appmesh \
+  ecs-serviceconnect \
+  vpc-branch-eni \
+  vpc-bridge \
+  vpc-eni \
+  vpc-tunnel \
+; do
+  ln -rs %{buildroot}%{_cross_libexecdir}/cni/vpc/${p} %{buildroot}%{_cross_libexecdir}/amazon-ecs-agent/${p}
+  ln -rs %{buildroot}%{_cross_fips_libexecdir}/cni/vpc/${p} %{buildroot}%{_cross_fips_libexecdir}/amazon-ecs-agent/${p}
+done
+
+%cross_scan_attribution go-vendor vendor
+
+%files
+%{_cross_attribution_file}
+%{_cross_attribution_vendor_dir}
+%license LICENSE
+
+%files bin
+%{_cross_libexecdir}/cni/vpc/aws-appmesh
+%{_cross_libexecdir}/cni/vpc/ecs-serviceconnect
+%{_cross_libexecdir}/cni/vpc/vpc-branch-eni
+%{_cross_libexecdir}/cni/vpc/vpc-bridge
+%{_cross_libexecdir}/cni/vpc/vpc-eni
+%{_cross_libexecdir}/cni/vpc/vpc-tunnel
+
+%files fips-bin
+%{_cross_fips_libexecdir}/cni/vpc/aws-appmesh
+%{_cross_fips_libexecdir}/cni/vpc/ecs-serviceconnect
+%{_cross_fips_libexecdir}/cni/vpc/vpc-branch-eni
+%{_cross_fips_libexecdir}/cni/vpc/vpc-bridge
+%{_cross_fips_libexecdir}/cni/vpc/vpc-eni
+%{_cross_fips_libexecdir}/cni/vpc/vpc-tunnel
+
+%files ecs-agent-extras
+%{_cross_libexecdir}/amazon-ecs-agent/aws-appmesh
+%{_cross_libexecdir}/amazon-ecs-agent/ecs-serviceconnect
+%{_cross_libexecdir}/amazon-ecs-agent/vpc-branch-eni
+%{_cross_libexecdir}/amazon-ecs-agent/vpc-bridge
+%{_cross_libexecdir}/amazon-ecs-agent/vpc-eni
+%{_cross_libexecdir}/amazon-ecs-agent/vpc-tunnel
+
+%files ecs-agent-fips-extras
+%{_cross_fips_libexecdir}/amazon-ecs-agent/aws-appmesh
+%{_cross_fips_libexecdir}/amazon-ecs-agent/ecs-serviceconnect
+%{_cross_fips_libexecdir}/amazon-ecs-agent/vpc-branch-eni
+%{_cross_fips_libexecdir}/amazon-ecs-agent/vpc-bridge
+%{_cross_fips_libexecdir}/amazon-ecs-agent/vpc-eni
+%{_cross_fips_libexecdir}/amazon-ecs-agent/vpc-tunnel
+
+%changelog