[docker-macsec]: MACsec container and wpa_supplicant component (#5700)

The HLD about MACsec feature is at : https://github.com/Azure/SONiC/blob/master/doc/macsec/MACsec_hld.md - How to verify it This PR doesn't set MACsec container automatically start, You should manually start the container by docker run docker-macsec wpa_supplicant binary can be found at MACsec container. This PR depends on the PR, WPA_SUPPLICANT, and The MACsec container will be set as automatically start by later PR. Signed-off-by: zegan <[email protected]>
sonic-net · Jan 10, 2021 · c225752 · c225752
1 parent 1498408
commit c225752
Show file tree

Hide file tree

Showing 12 changed files with 149 additions and 1 deletion.
diff --git a/.gitmodules b/.gitmodules
@@ -85,3 +85,6 @@
 [submodule "src/sonic-mgmt-common"]
 	path = src/sonic-mgmt-common
 	url = https://github.com/Azure/sonic-mgmt-common.git
+[submodule "src/wpasupplicant/sonic-wpa-supplicant"]
+	path = src/wpasupplicant/sonic-wpa-supplicant
+	url = https://github.com/Azure/sonic-wpa-supplicant.git
diff --git a/dockers/docker-macsec/Dockerfile.j2 b/dockers/docker-macsec/Dockerfile.j2
@@ -0,0 +1,30 @@
+{% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
+FROM docker-config-engine-buster
+
+ARG docker_container_name
+RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf
+
+## Make apt-get non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update
+
+{% if docker_macsec_debs.strip() -%}
+# Copy locally-built Debian package dependencies
+{{ copy_files("debs/", docker_macsec_debs.split(' '), "/debs/") }}
+
+# Install locally-built Debian packages and implicitly install their dependencies
+{{ install_debian_packages(docker_macsec_debs.split(' ')) }}
+{%- endif %}
+
+RUN apt-get clean -y      && \
+    apt-get autoclean -y  && \
+    apt-get autoremove -y && \
+    rm -rf /debs
+
+COPY ["start.sh", "/usr/bin/"]
+COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]
+COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
+COPY ["critical_processes", "/etc/supervisor"]
+
+# ENTRYPOINT ["/usr/bin/supervisord"]
diff --git a/dockers/docker-macsec/critical_processes b/dockers/docker-macsec/critical_processes
diff --git a/dockers/docker-macsec/start.sh b/dockers/docker-macsec/start.sh
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+
diff --git a/dockers/docker-macsec/supervisord.conf b/dockers/docker-macsec/supervisord.conf
diff --git a/rules/docker-macsec.dep b/rules/docker-macsec.dep
@@ -0,0 +1,11 @@
+
+DPATH       := $($(DOCKER_MACSEC)_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/docker-macsec.mk rules/docker-macsec.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(DPATH))
+
+$(DOCKER_MACSEC)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(DOCKER_MACSEC)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(DOCKER_MACSEC)_DEP_FILES   := $(DEP_FILES)
+
+$(eval $(call add_dbg_docker,$(DOCKER_MACSEC),$(DOCKER_MACSEC_DBG)))
diff --git a/rules/docker-macsec.mk b/rules/docker-macsec.mk
@@ -0,0 +1,32 @@
+# docker image for macsec agent
+
+DOCKER_MACSEC_STEM = docker-macsec
+DOCKER_MACSEC = $(DOCKER_MACSEC_STEM).gz
+DOCKER_MACSEC_DBG = $(DOCKER_MACSEC_STEM)-$(DBG_IMAGE_MARK).gz
+
+$(DOCKER_MACSEC)_PATH = $(DOCKERS_PATH)/$(DOCKER_MACSEC_STEM)
+
+$(DOCKER_MACSEC)_DEPENDS += $(SWSS) $(WPASUPPLICANT) $(REDIS_TOOLS) $(LIBNL3) $(LIBNL_GENL3) $(LIBNL_ROUTE3)
+$(DOCKER_MACSEC)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_DEPENDS)
+$(DOCKER_MACSEC)_DBG_DEPENDS += $(SWSS_DBG) $(LIBSWSSCOMMON_DBG)
+$(DOCKER_MACSEC)_DBG_DEPENDS += $(WPASUPPLICANT_DBG)
+
+$(DOCKER_MACSEC)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_IMAGE_PACKAGES)
+
+$(DOCKER_MACSEC)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE_BUSTER)
+
+SONIC_DOCKER_IMAGES += $(DOCKER_MACSEC)
+SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_MACSEC)
+SONIC_BUSTER_DOCKERS += $(DOCKER_MACSEC)
+
+SONIC_DOCKER_DBG_IMAGES += $(DOCKER_MACSEC_DBG)
+SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_MACSEC_DBG)
+SONIC_BUSTER_DBG_DOCKERS += $(DOCKER_MACSEC_DBG)
+
+$(DOCKER_MACSEC)_CONTAINER_NAME = macsec
+$(DOCKER_MACSEC)_RUN_OPT += --privileged -t
+$(DOCKER_MACSEC)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
+$(DOCKER_MACSEC)_RUN_OPT += -v /host/warmboot:/var/warmboot
+
+# $(DOCKER_MACSEC)_BASE_IMAGE_FILES += macsecctl:/usr/bin/macsecctl
+$(DOCKER_MACSEC)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
diff --git a/rules/wpasupplicant.dep b/rules/wpasupplicant.dep
@@ -0,0 +1,16 @@
+
+SPATH       := $($(WPASUPPLICANT)_SRC_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/wpasupplicant.mk rules/wpasupplicant.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+# Account files under the src/wpasupplicant/ except submodule directory.
+DEP_FILES   += $(shell git ls-files $(SPATH) | grep -Ev 'sonic-wpa-supplicant')
+
+# Account for source files under the sonic-wpa-supplicant submodule directory as well.
+WPASUPPLICANT_SPATH := $(SPATH)/sonic-wpa-supplicant
+SMDEP_FILES         := $(addprefix $(WPASUPPLICANT_SPATH)/,$(shell cd $(WPASUPPLICANT_SPATH) && git ls-files))
+
+$(WPASUPPLICANT)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(WPASUPPLICANT)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(WPASUPPLICANT)_DEP_FILES   := $(DEP_FILES)
+$(WPASUPPLICANT)_SMDEP_FILES := $(SMDEP_FILES)
+$(WPASUPPLICANT)_SMDEP_PATHS := $(WPASUPPLICANT_SPATH)
diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk
@@ -0,0 +1,19 @@
+# wpa package
+
+WPASUPPLICANT_VERSION = 2.9.0-14
+
+export WPASUPPLICANT_VERSION
+
+WPASUPPLICANT = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
+$(WPASUPPLICANT)_SRC_PATH = $(SRC_PATH)/wpasupplicant
+$(WPASUPPLICANT)_DEPENDS += $(LIBSWSSCOMMON_DEV) $(LIBNL3_DEV) $(LIBNL_GENL3_DEV) $(LIBNL_ROUTE3_DEV)
+$(WPASUPPLICANT)_RDEPENDS += $(LIBSWSSCOMMON) $(LIBNL3) $(LIBNL_GENL3) $(LIBNL_ROUTE3)
+SONIC_MAKE_DEBS += $(WPASUPPLICANT)
+
+WPASUPPLICANT_DBG = wpasupplicant-dbgsym_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
+$(eval $(call add_derived_package,$(WPASUPPLICANT),$(WPASUPPLICANT_DBG)))
+
+# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
+# are archived into debug one image to facilitate debugging.
+#
+DBG_SRC_ARCHIVE += wpasupplicant
diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
@@ -320,7 +320,24 @@ RUN apt-get update && apt-get install -y \
         libxml2-utils \
         xsltproc \
         python-lxml \
-        libexpat1-dev
+        libexpat1-dev \
+# For WPA supplication
+        qtbase5-dev          \
+        aspell-en            \
+        libhiredis-dev       \
+        libnl-3-dev          \
+        swig3.0              \
+        libpython2.7-dev     \
+        libssl-dev           \
+        dbus                 \
+        libdbus-1-dev        \
+        libdbus-glib-1-2     \
+        libdbus-glib-1-dev   \
+        libreadline-dev      \
+        libncurses5-dev      \
+        libpcsclite-dev      \
+        docbook-to-man       \
+        docbook-utils
 
 # Build fix for ARMHF buster libsairedis
 {%- if CONFIGURED_ARCH == "armhf" %}

diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
@@ -0,0 +1,17 @@
+.ONESHELL:
+SHELL = /bin/bash
+.SHELLFLAGS += -e
+
+MAIN_TARGET = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
+DERIVED_TARGETS = wpasupplicant-dbgsym_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+	# Clone wpa repo
+	pushd ./sonic-wpa-supplicant
+	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
+	popd
+
+	# Move the newly-built .deb packages to the destination directory
+	mv $(DERIVED_TARGETS) $* $(DEST)/
+
+$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET)
diff --git a/src/wpasupplicant/sonic-wpa-supplicant b/src/wpasupplicant/sonic-wpa-supplicant