feat(libexec): support amd64 (#10)

.github/workflows/release.yml

@@ -35,13 +35,14 @@ jobs:
         with:
           fetch-depth: 1
 
-      - name: Set up Goenv
-        run: |
-          brew install goenv
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+           go-version: '1.22.0'
 
-      - name: Exec
+      - name: Build
         run: |
-          ./main.sh
+          ./main.sh arm64 && ./main.sh amd64
         env:
           CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -62,14 +63,14 @@ jobs:
       - name: Gen Release Notes
         run: |
           echo '```' > ./release_notes.md
-          cat ./out/sha256.txt >> ./release_notes.md
+          shasum -a 256 libexec-darwin-*.tar.gz >> ./release_notes.md
           echo '```' >> ./release_notes.md
 
       - name: Release
         uses: softprops/action-gh-release@v2
         with:
           files: |
-            ./out/*
+            ./libexec-darwin-*.tar.gz
           body_path: ./release_notes.md
           draft: false
           prerelease: false

.gitignore

@@ -9,3 +9,4 @@ $RECYCLE.BIN/
 gvisor-tap-vsock
 krunkit
 *.tar.gz
+*_temp

main.sh

@@ -1,60 +1,126 @@
-#/bin/sh
-
-set -ex
-
-export WORK=`pwd`
-
-if [ -z "$CODESIGN_IDENTITY" ]; then
-  export CODESIGN_IDENTITY="-"
-fi
-
-rm -rf ./out
-mkdir -p ./out
-export GOARCH=arm64
-export GOOS=darwin
-
-# Gvp
-echo "Building gvp..."
-rm -rf gvisor-tap-vsock
-git clone https://github.com/containers/gvisor-tap-vsock.git
-cd gvisor-tap-vsock
-git checkout v0.8.1
-eval "$(goenv init -)"
-goenv install 1.22.0 -s
-goenv shell 1.22.0
-make gvproxy
-mv ./bin/gvproxy $WORK/out/gvproxy
-
-# krun
-echo "Dwonloading krun..."
-cd $WORK
-rm -rf ./krunkit
-mkdir -p krunkit
-cd krunkit
-gh release download v0.1.4 -R containers/krunkit --pattern "krunkit-*" --clobber
-tar -zxvf krunkit-*.tgz -C ./
-mv bin/krunkit $WORK/out/krunkit
-mv lib/* $WORK/out/
-
-cd $WORK
-
-# codesign
-echo "Signing gvproxy..."
-codesign --force --sign $CODESIGN_IDENTITY --options=runtime --timestamp $WORK/out/gvproxy
-
-echo "Signing krunkit..."
-codesign --force --sign $CODESIGN_IDENTITY --options=runtime --timestamp --entitlements krunkit.entitlements $WORK/out/krunkit
-
-find $WORK/out -name "*.dylib" -type f -exec sh -c "echo 'Set {} permission to 755'; chmod 755 {}" ';'
-find $WORK/out -name "*.dylib" -type f -exec sh -c "echo 'Signing {}...'; codesign --force --sign $CODESIGN_IDENTITY --options=runtime --timestamp {}" ';'
-
-# pack
-echo "Packing..."
-cd $WORK/out
-tar --no-mac-metadata -czvf ./libexec-$GOOS-$GOARCH.tar.gz .
-
-# generate sha256
-cd $WORK/out
-echo "Generating sha256..."
-shasum -a 256 ./* > sha256.txt
-cat ./sha256.txt
+#! /usr/bin/env bash
+
+set -e
+
+_get_krunkit() {
+	cd "$workspace" 
+	mkdir -p "$workspace/krunkit_temp" 
+	cd "$workspace/krunkit_temp"
+	gh release download v0.1.4 -R containers/krunkit --pattern "krunkit-*" --clobber
+	tar -zxvf krunkit-*.tgz -C ./
+	mv bin/* lib/* "$workspace/out"
+	cd "$workspace"
+}
+
+_build_vfkit() {
+	cd "$workspace"
+	v_tag="v0.6.0"
+	rm -rf ./vfkit_temp
+	git clone https://github.com/crc-org/vfkit vfkit_temp
+	cd ./vfkit_temp
+	git checkout $v_tag
+	make out/vfkit-amd64
+	mv ./out/vfkit-amd64 "$workspace/out/vfkit"
+	cd "$workspace"
+}
+
+_build_gvproxy() {
+	cd "$workspace"
+	rm -rf gvisor-tap-vsock_temp
+	git clone https://github.com/containers/gvisor-tap-vsock.git ./gvisor-tap-vsock_temp
+	cd ./gvisor-tap-vsock_temp
+	git checkout v0.8.1
+	make gvproxy
+	mv ./bin/gvproxy "$workspace/out/gvproxy"
+	cd "$workspace"
+}
+
+_pack_output() {
+	cd "$workspace/out"
+	tar --no-mac-metadata -zcvf "$workspace/libexec-$GOOS-$GOARCH.tar.gz" .
+	cd "$workspace"
+}
+
+_do_codesign() {
+	if [[ -z "$CODESIGN_IDENTITY" ]]; then
+		CODESIGN_IDENTITY="-"
+	fi
+
+	test -f "$workspace/out/gvproxy" && {
+		echo "Signing gvproxy..."
+		codesign --force --sign "$CODESIGN_IDENTITY" --options=runtime --timestamp "$workspace/out/gvproxy"
+	}
+
+	test -f "$workspace/out/vfkit" && {
+		echo "Signing vfkit..."
+		codesign --force --sign "$CODESIGN_IDENTITY" --options=runtime --timestamp --entitlements "$workspace/vf.entitlements" "$workspace/out/vfkit"
+	}
+
+	test -f "$workspace/out/krunkit" && {
+		echo "Signing krunkit..."
+		codesign --force --sign "$CODESIGN_IDENTITY" --options=runtime --timestamp --entitlements "$workspace/krunkit.entitlements" "$workspace/out/krunkit"
+	}
+
+	find "$workspace/out" -name "*.dylib" -type f -exec sh -c "echo 'Set {} permission to 755'; chmod 755 {}" ';'
+	find "$workspace/out" -name "*.dylib" -type f -exec sh -c "echo 'Signing {}...'; codesign --force --sign $CODESIGN_IDENTITY --options=runtime --timestamp {}" ';'
+}
+
+build_darwin_arm64() {
+	export GOOS=darwin
+	export GOARCH=arm64
+
+	echo "Build gvproxy"
+	_build_gvproxy
+
+	echo "Download krunkit"
+	_get_krunkit
+
+	echo "Do codesign"
+	_do_codesign
+
+	echo "Packup output"
+	_pack_output
+}
+
+build_darwin_amd64() {
+	export GOOS=darwin
+	export GOARCH=amd64
+
+	echo "Build gvproxy"
+	_build_gvproxy
+
+	echo "Build vfkit"
+	_build_vfkit
+
+	echo "Do codesign"
+	_do_codesign
+
+	echo "Packup output"
+	_pack_output
+}
+
+main() {
+	target_arch=$1
+	workspace="$(pwd)"
+	if [[ -z $target_arch ]]; then
+		echo "Error: missing target"
+		exit 2
+	fi
+
+	# Clean out dir first
+	rm -rf "$workspace/out"
+	mkdir -p "$workspace/out"
+
+	if [[ $target_arch == arm64 ]]; then
+		echo "Building binaries for darwin arm64"
+		build_darwin_arm64
+	elif [[ $target_arch == amd64 ]]; then
+		echo "Building binaries for darwin amd64"
+		build_darwin_amd64
+	else
+		echo "Not support targer $target_arch"
+		exit 2
+	fi
+}
+
+main "$@"

vf.entitlements

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.network.server</key>
+	<true/>
+	<key>com.apple.security.network.client</key>
+	<true/>
+	<key>com.apple.security.virtualization</key>
+	<true/>
+</dict>
+</plist>