From c22575218a07dd379654ee9fd54c6f41a2fff731 Mon Sep 17 00:00:00 2001 From: Ze Gan Date: Mon, 11 Jan 2021 02:39:59 +0800 Subject: [PATCH] [docker-macsec]: MACsec container and wpa_supplicant component (#5700) The HLD about MACsec feature is at : https://github.com/Azure/SONiC/blob/master/doc/macsec/MACsec_hld.md - How to verify it This PR doesn't set MACsec container automatically start, You should manually start the container by docker run docker-macsec wpa_supplicant binary can be found at MACsec container. This PR depends on the PR, WPA_SUPPLICANT, and The MACsec container will be set as automatically start by later PR. Signed-off-by: zegan --- .gitmodules | 3 +++ dockers/docker-macsec/Dockerfile.j2 | 30 ++++++++++++++++++++++ dockers/docker-macsec/critical_processes | 0 dockers/docker-macsec/start.sh | 2 ++ dockers/docker-macsec/supervisord.conf | 0 rules/docker-macsec.dep | 11 ++++++++ rules/docker-macsec.mk | 32 ++++++++++++++++++++++++ rules/wpasupplicant.dep | 16 ++++++++++++ rules/wpasupplicant.mk | 19 ++++++++++++++ sonic-slave-buster/Dockerfile.j2 | 19 +++++++++++++- src/wpasupplicant/Makefile | 17 +++++++++++++ src/wpasupplicant/sonic-wpa-supplicant | 1 + 12 files changed, 149 insertions(+), 1 deletion(-) create mode 100644 dockers/docker-macsec/Dockerfile.j2 create mode 100644 dockers/docker-macsec/critical_processes create mode 100644 dockers/docker-macsec/start.sh create mode 100644 dockers/docker-macsec/supervisord.conf create mode 100644 rules/docker-macsec.dep create mode 100644 rules/docker-macsec.mk create mode 100644 rules/wpasupplicant.dep create mode 100644 rules/wpasupplicant.mk create mode 100644 src/wpasupplicant/Makefile create mode 160000 src/wpasupplicant/sonic-wpa-supplicant diff --git a/.gitmodules b/.gitmodules index 38b22c4fd6..9f2ae12ebb 100644 --- a/.gitmodules +++ b/.gitmodules @@ -85,3 +85,6 @@ [submodule "src/sonic-mgmt-common"] path = src/sonic-mgmt-common url = https://github.com/Azure/sonic-mgmt-common.git +[submodule "src/wpasupplicant/sonic-wpa-supplicant"] + path = src/wpasupplicant/sonic-wpa-supplicant + url = https://github.com/Azure/sonic-wpa-supplicant.git diff --git a/dockers/docker-macsec/Dockerfile.j2 b/dockers/docker-macsec/Dockerfile.j2 new file mode 100644 index 0000000000..bf8db48079 --- /dev/null +++ b/dockers/docker-macsec/Dockerfile.j2 @@ -0,0 +1,30 @@ +{% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %} +FROM docker-config-engine-buster + +ARG docker_container_name +RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf + +## Make apt-get non-interactive +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update + +{% if docker_macsec_debs.strip() -%} +# Copy locally-built Debian package dependencies +{{ copy_files("debs/", docker_macsec_debs.split(' '), "/debs/") }} + +# Install locally-built Debian packages and implicitly install their dependencies +{{ install_debian_packages(docker_macsec_debs.split(' ')) }} +{%- endif %} + +RUN apt-get clean -y && \ + apt-get autoclean -y && \ + apt-get autoremove -y && \ + rm -rf /debs + +COPY ["start.sh", "/usr/bin/"] +COPY ["supervisord.conf", "/etc/supervisor/conf.d/"] +COPY ["files/supervisor-proc-exit-listener", "/usr/bin"] +COPY ["critical_processes", "/etc/supervisor"] + +# ENTRYPOINT ["/usr/bin/supervisord"] diff --git a/dockers/docker-macsec/critical_processes b/dockers/docker-macsec/critical_processes new file mode 100644 index 0000000000..e69de29bb2 diff --git a/dockers/docker-macsec/start.sh b/dockers/docker-macsec/start.sh new file mode 100644 index 0000000000..20d602bdd3 --- /dev/null +++ b/dockers/docker-macsec/start.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash + diff --git a/dockers/docker-macsec/supervisord.conf b/dockers/docker-macsec/supervisord.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/rules/docker-macsec.dep b/rules/docker-macsec.dep new file mode 100644 index 0000000000..3ceab4fff3 --- /dev/null +++ b/rules/docker-macsec.dep @@ -0,0 +1,11 @@ + +DPATH := $($(DOCKER_MACSEC)_PATH) +DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/docker-macsec.mk rules/docker-macsec.dep +DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST) +DEP_FILES += $(shell git ls-files $(DPATH)) + +$(DOCKER_MACSEC)_CACHE_MODE := GIT_CONTENT_SHA +$(DOCKER_MACSEC)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST) +$(DOCKER_MACSEC)_DEP_FILES := $(DEP_FILES) + +$(eval $(call add_dbg_docker,$(DOCKER_MACSEC),$(DOCKER_MACSEC_DBG))) diff --git a/rules/docker-macsec.mk b/rules/docker-macsec.mk new file mode 100644 index 0000000000..f9f8c9b412 --- /dev/null +++ b/rules/docker-macsec.mk @@ -0,0 +1,32 @@ +# docker image for macsec agent + +DOCKER_MACSEC_STEM = docker-macsec +DOCKER_MACSEC = $(DOCKER_MACSEC_STEM).gz +DOCKER_MACSEC_DBG = $(DOCKER_MACSEC_STEM)-$(DBG_IMAGE_MARK).gz + +$(DOCKER_MACSEC)_PATH = $(DOCKERS_PATH)/$(DOCKER_MACSEC_STEM) + +$(DOCKER_MACSEC)_DEPENDS += $(SWSS) $(WPASUPPLICANT) $(REDIS_TOOLS) $(LIBNL3) $(LIBNL_GENL3) $(LIBNL_ROUTE3) +$(DOCKER_MACSEC)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_DEPENDS) +$(DOCKER_MACSEC)_DBG_DEPENDS += $(SWSS_DBG) $(LIBSWSSCOMMON_DBG) +$(DOCKER_MACSEC)_DBG_DEPENDS += $(WPASUPPLICANT_DBG) + +$(DOCKER_MACSEC)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_IMAGE_PACKAGES) + +$(DOCKER_MACSEC)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE_BUSTER) + +SONIC_DOCKER_IMAGES += $(DOCKER_MACSEC) +SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_MACSEC) +SONIC_BUSTER_DOCKERS += $(DOCKER_MACSEC) + +SONIC_DOCKER_DBG_IMAGES += $(DOCKER_MACSEC_DBG) +SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_MACSEC_DBG) +SONIC_BUSTER_DBG_DOCKERS += $(DOCKER_MACSEC_DBG) + +$(DOCKER_MACSEC)_CONTAINER_NAME = macsec +$(DOCKER_MACSEC)_RUN_OPT += --privileged -t +$(DOCKER_MACSEC)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro +$(DOCKER_MACSEC)_RUN_OPT += -v /host/warmboot:/var/warmboot + +# $(DOCKER_MACSEC)_BASE_IMAGE_FILES += macsecctl:/usr/bin/macsecctl +$(DOCKER_MACSEC)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT) diff --git a/rules/wpasupplicant.dep b/rules/wpasupplicant.dep new file mode 100644 index 0000000000..cdab026f0c --- /dev/null +++ b/rules/wpasupplicant.dep @@ -0,0 +1,16 @@ + +SPATH := $($(WPASUPPLICANT)_SRC_PATH) +DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/wpasupplicant.mk rules/wpasupplicant.dep +DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST) +# Account files under the src/wpasupplicant/ except submodule directory. +DEP_FILES += $(shell git ls-files $(SPATH) | grep -Ev 'sonic-wpa-supplicant') + +# Account for source files under the sonic-wpa-supplicant submodule directory as well. +WPASUPPLICANT_SPATH := $(SPATH)/sonic-wpa-supplicant +SMDEP_FILES := $(addprefix $(WPASUPPLICANT_SPATH)/,$(shell cd $(WPASUPPLICANT_SPATH) && git ls-files)) + +$(WPASUPPLICANT)_CACHE_MODE := GIT_CONTENT_SHA +$(WPASUPPLICANT)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST) +$(WPASUPPLICANT)_DEP_FILES := $(DEP_FILES) +$(WPASUPPLICANT)_SMDEP_FILES := $(SMDEP_FILES) +$(WPASUPPLICANT)_SMDEP_PATHS := $(WPASUPPLICANT_SPATH) diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk new file mode 100644 index 0000000000..2e6d2ea6b2 --- /dev/null +++ b/rules/wpasupplicant.mk @@ -0,0 +1,19 @@ +# wpa package + +WPASUPPLICANT_VERSION = 2.9.0-14 + +export WPASUPPLICANT_VERSION + +WPASUPPLICANT = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb +$(WPASUPPLICANT)_SRC_PATH = $(SRC_PATH)/wpasupplicant +$(WPASUPPLICANT)_DEPENDS += $(LIBSWSSCOMMON_DEV) $(LIBNL3_DEV) $(LIBNL_GENL3_DEV) $(LIBNL_ROUTE3_DEV) +$(WPASUPPLICANT)_RDEPENDS += $(LIBSWSSCOMMON) $(LIBNL3) $(LIBNL_GENL3) $(LIBNL_ROUTE3) +SONIC_MAKE_DEBS += $(WPASUPPLICANT) + +WPASUPPLICANT_DBG = wpasupplicant-dbgsym_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb +$(eval $(call add_derived_package,$(WPASUPPLICANT),$(WPASUPPLICANT_DBG))) + +# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list} +# are archived into debug one image to facilitate debugging. +# +DBG_SRC_ARCHIVE += wpasupplicant diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2 index 412830f387..32ffaa0e16 100644 --- a/sonic-slave-buster/Dockerfile.j2 +++ b/sonic-slave-buster/Dockerfile.j2 @@ -320,7 +320,24 @@ RUN apt-get update && apt-get install -y \ libxml2-utils \ xsltproc \ python-lxml \ - libexpat1-dev + libexpat1-dev \ +# For WPA supplication + qtbase5-dev \ + aspell-en \ + libhiredis-dev \ + libnl-3-dev \ + swig3.0 \ + libpython2.7-dev \ + libssl-dev \ + dbus \ + libdbus-1-dev \ + libdbus-glib-1-2 \ + libdbus-glib-1-dev \ + libreadline-dev \ + libncurses5-dev \ + libpcsclite-dev \ + docbook-to-man \ + docbook-utils # Build fix for ARMHF buster libsairedis {%- if CONFIGURED_ARCH == "armhf" %} diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile new file mode 100644 index 0000000000..13dbc58fbe --- /dev/null +++ b/src/wpasupplicant/Makefile @@ -0,0 +1,17 @@ +.ONESHELL: +SHELL = /bin/bash +.SHELLFLAGS += -e + +MAIN_TARGET = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb +DERIVED_TARGETS = wpasupplicant-dbgsym_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb + +$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : + # Clone wpa repo + pushd ./sonic-wpa-supplicant + dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) + popd + + # Move the newly-built .deb packages to the destination directory + mv $(DERIVED_TARGETS) $* $(DEST)/ + +$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET) diff --git a/src/wpasupplicant/sonic-wpa-supplicant b/src/wpasupplicant/sonic-wpa-supplicant new file mode 160000 index 0000000000..288cca1bf0 --- /dev/null +++ b/src/wpasupplicant/sonic-wpa-supplicant @@ -0,0 +1 @@ +Subproject commit 288cca1bf02679313aec1bc7ba168ced9026a003