[CI:BUILD] Add VFKit into pkginstaller, remove QEMU

Do not build and install QEMU in the pkginstaller. Instead, build, sign, and install VFKit. Signed-off-by: Ashley Cui <[email protected]>
cfergeau · Feb 13, 2024 · 8794776 · 8794776
1 parent c88c689
commit 8794776
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 42 deletions.
diff --git a/contrib/pkginstaller/Makefile b/contrib/pkginstaller/Makefile
@@ -7,9 +7,9 @@ else
 	GOARCH:=$(ARCH)
 endif
 GVPROXY_VERSION ?= 0.7.3
-QEMU_VERSION ?= 8.2.1-1
+VFKIT_VERSION ?= 0.5.1
 GVPROXY_RELEASE_URL ?= https://github.com/containers/gvisor-tap-vsock/releases/download/v$(GVPROXY_VERSION)/gvproxy-darwin
-QEMU_RELEASE_URL ?= https://github.com/containers/podman-machine-qemu/releases/download/v$(QEMU_VERSION)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz
+VFKIT_RELEASE_URL ?= https://github.com/crc-org/vfkit/releases/download/v$(VFKIT_VERSION)/vfkit-unsigned
 PACKAGE_DIR ?= out/packaging
 TMP_DOWNLOAD ?= tmp-download
 PACKAGE_ROOT ?= root
@@ -24,9 +24,9 @@ $(TMP_DOWNLOAD)/gvproxy:
 	mkdir -p $(TMP_DOWNLOAD)
 	cd $(TMP_DOWNLOAD) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL)
 
-$(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz:
+$(TMP_DOWNLOAD)/vfkit:
 	mkdir -p $(TMP_DOWNLOAD)
-	cd $(TMP_DOWNLOAD) && curl -sLO $(QEMU_RELEASE_URL)
+	cd $(TMP_DOWNLOAD) && curl -sLo vfkit $(VFKIT_RELEASE_URL)
 
 packagedir: podman_version package_root Distribution welcome.html
 	mkdir -p $(PACKAGE_DIR)
@@ -42,10 +42,10 @@ packagedir: podman_version package_root Distribution welcome.html
 	cp ../../LICENSE $(PACKAGE_DIR)/Resources/LICENSE.txt
 	cp hvf.entitlements $(PACKAGE_DIR)/
 
-package_root: clean-pkgroot $(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz $(TMP_DOWNLOAD)/gvproxy
-	mkdir -p $(PACKAGE_ROOT)/podman/bin $(PACKAGE_ROOT)/podman/qemu
-	tar -C $(PACKAGE_ROOT)/podman/qemu -xf $(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz
+package_root: clean-pkgroot $(TMP_DOWNLOAD)/gvproxy $(TMP_DOWNLOAD)/vfkit
+	mkdir -p $(PACKAGE_ROOT)/podman/bin
 	cp $(TMP_DOWNLOAD)/gvproxy $(PACKAGE_ROOT)/podman/bin/
+	cp $(TMP_DOWNLOAD)/vfkit $(PACKAGE_ROOT)/podman/bin/
 	chmod a+x $(PACKAGE_ROOT)/podman/bin/*
 
 %: %.in podman_version

diff --git a/contrib/pkginstaller/README.md b/contrib/pkginstaller/README.md
@@ -11,9 +11,7 @@ $ make ARCH=<amd64 | aarch64> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> N
 ```
 
 The generated pkg will be written to `out/podman-macos-installer-*.pkg`.
-Currently the pkg installs `podman`, `qemu`, `gvproxy` and `podman-mac-helper` to `/opt/podman`
-
-The `qemu` build it uses is from [containers/podman-machine-qemu](https://github.com/containers/podman-machine-qemu)
+Currently the pkg installs `podman`, `vfkit`, `gvproxy` and `podman-mac-helper` to `/opt/podman`
 
 ## Uninstalling
 

diff --git a/contrib/pkginstaller/package.sh b/contrib/pkginstaller/package.sh
@@ -7,10 +7,9 @@ OUTPUT=$1
 CODESIGN_IDENTITY=${CODESIGN_IDENTITY:-mock}
 PRODUCTSIGN_IDENTITY=${PRODUCTSIGN_IDENTITY:-mock}
 NO_CODESIGN=${NO_CODESIGN:-0}
-HELPER_BINARIES_DIR="/opt/podman/qemu/bin"
+HELPER_BINARIES_DIR="/opt/podman/bin"
 
 binDir="${BASEDIR}/root/podman/bin"
-qemuBinDir="${BASEDIR}/root/podman/qemu/bin"
 
 version=$(cat "${BASEDIR}/VERSION")
 arch=$(cat "${BASEDIR}/ARCH")
@@ -36,32 +35,6 @@ function sign() {
   codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force ${opts} "$1"
 }
 
-function signQemu() {
-  if [ "${NO_CODESIGN}" -eq "1" ]; then
-    return
-  fi
-
-  local qemuArch="${arch}"
-  if [ "${qemuArch}" = amd64 ]; then
-      qemuArch=x86_64
-  fi
-
-  # sign the files inside /opt/podman/qemu/lib
-  libs=$(find "${BASEDIR}"/root/podman/qemu/lib -depth -name "*.dylib" -or -type f -perm +111)
-  echo "${libs}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force % || true
-
-  # sign the files inside /opt/podman/qemu/bin except qemu-system-*
-  bins=$(find "${BASEDIR}"/root/podman/qemu/bin -depth -type f -perm +111 ! -name "qemu-system-${qemuArch}")
-  echo "${bins}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force  % || true
-
-  # sign the qemu-system-* binary
-  # need to remove any extended attributes, otherwise codesign complains:
-  # qemu-system-aarch64: resource fork, Finder information, or similar detritus not allowed
-  xattr -cr "${qemuBinDir}/qemu-system-${qemuArch}"
-  codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force \
-    --entitlements "${BASEDIR}/hvf.entitlements" "${qemuBinDir}/qemu-system-${qemuArch}"
-}
-
 goArch="${arch}"
 if [ "${goArch}" = aarch64 ]; then
   goArch=arm64
@@ -70,8 +43,8 @@ fi
 build_podman "../../../../"
 sign "${binDir}/podman"
 sign "${binDir}/gvproxy"
+sign "${binDir}/vfkit"
 sign "${binDir}/podman-mac-helper"
-signQemu
 
 pkgbuild --identifier com.redhat.podman --version "${version}" \
   --scripts "${BASEDIR}/scripts" \

diff --git a/contrib/pkginstaller/scripts/postinstall b/contrib/pkginstaller/scripts/postinstall
@@ -4,8 +4,5 @@ set -e
 
 echo "/opt/podman/bin" > /etc/paths.d/podman-pkg
 
-ln -s /opt/podman/bin/podman-mac-helper /opt/podman/qemu/bin/podman-mac-helper
-ln -s /opt/podman/bin/gvproxy /opt/podman/qemu/bin/gvproxy
-
 # make sure to ignore errors, this is not a hard requirement to use podman
 /opt/podman/bin/podman-mac-helper install || :