Strip debug info consistently for any targets involved in system imag…

…e. Rely on bazel to figure out dependencies. Use correct bazel strip flag, the previous one did not work. Bug: 377431387 Change-Id: I1157b36fb54252badb2d18632938f77728d2a813
project-oak · Nov 6, 2024 · 640f71b · 640f71b
1 parent 1519917
commit 640f71b
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 36 deletions.
diff --git a/buildconfigs/oak_containers_agent.sh b/buildconfigs/oak_containers_agent.sh
@@ -7,10 +7,10 @@ export PACKAGE_NAME=oak_containers_agent
 export BUILD_COMMAND=(
   nix
   develop
-  .#systemImageProvenance
+  .#systemImageShell
   --command
   just
-  oak_containers_agent_for_provenance
+  oak_containers_agent
 )
 
 export SUBJECT_PATHS=(

diff --git a/buildconfigs/oak_containers_orchestrator.sh b/buildconfigs/oak_containers_orchestrator.sh
@@ -7,10 +7,10 @@ export PACKAGE_NAME=oak_containers_orchestrator
 export BUILD_COMMAND=(
   nix
   develop
-  .#systemImageProvenance
+  .#systemImageShell
   --command
   just
-  oak_containers_orchestrator_for_provenance
+  oak_containers_orchestrator
 )
 
 export SUBJECT_PATHS=(

diff --git a/buildconfigs/oak_containers_syslogd.sh b/buildconfigs/oak_containers_syslogd.sh
@@ -7,10 +7,10 @@ export PACKAGE_NAME=oak_containers_syslogd
 export BUILD_COMMAND=(
   nix
   develop
-  .#systemImageProvenance
+  .#systemImageShell
   --command
   just
-  oak_containers_syslogd_for_provenance
+  oak_containers_syslogd
 )
 
 export SUBJECT_PATHS=(

diff --git a/buildconfigs/oak_containers_system_image.sh b/buildconfigs/oak_containers_system_image.sh
@@ -7,7 +7,7 @@ export PACKAGE_NAME=oak_containers_system_image
 export BUILD_COMMAND=(
   nix
   develop
-  .#systemImageProvenance
+  .#systemImageShell
   --command
   just
   oak_containers_system_image

diff --git a/flake.nix b/flake.nix
@@ -251,7 +251,8 @@
                 strip-nondeterminism
               ];
             };
-            systemImageProvenance = with pkgs; mkShell {
+            # Shell for Oak Containers system images.
+            systemImageShell = with pkgs; mkShell {
               inputsFrom = [
                 rust
                 bazelShell
@@ -260,7 +261,7 @@
                 elfutils
               ];
             };
-            # Shell for most CI steps (i.e. without contaniners support).
+            # Shell for most CI steps (i.e. without containers support).
             ci = pkgs.mkShell {
              shellHook = ''
                 export LINUX_KERNEL="${linux_kernel}"

diff --git a/justfile b/justfile
@@ -206,24 +206,6 @@ oak_containers_kernel:
 oak_containers_launcher:
     env cargo build --release --package='oak_containers_launcher'
 
-oak_containers_agent: (bazel_build_opt "oak_containers/agent")
-oak_containers_orchestrator: (bazel_build_opt "oak_containers/orchestrator")
-oak_containers_syslogd: (bazel_build_opt "oak_containers/syslogd")
-
-oak_containers_system_image_binaries: oak_containers_agent oak_containers_orchestrator oak_containers_syslogd
-
-oak_containers_system_image: oak_containers_system_image_binaries
-    bazel build {{BAZEL_CONFIG_FLAG}} oak_containers/system_image:oak_containers_system_image
-    cp --force --preserve=timestamps \
-        bazel-bin/oak_containers/system_image/oak_containers_system_image.tar.xz \
-        artifacts/oak_containers_system_image.tar.xz
-
-oak_containers_nvidia_system_image: oak_containers_system_image
-    bazel build {{BAZEL_CONFIG_FLAG}} oak_containers/system_image:oak_containers_nvidia_system_image
-    cp --force --preserve=timestamps \
-        bazel-bin/oak_containers/system_image/oak_containers_nvidia_system_image.tar.xz \
-        artifacts/oak_containers_nvidia_system_image.tar.xz
-
 # Profile the Wasm execution and generate a flamegraph.
 profile_wasm:
     # If it fails with SIGSEGV, try running again.
@@ -284,7 +266,6 @@ kokoro_build_binaries_rust: all_enclave_apps oak_restricted_kernel_bin_virtio_co
     oak_restricted_kernel_wrapper_simple_io_channel stage0_bin stage0_bin_tdx \
     oak_client_android_app
 
-
 kokoro_verify_buildconfigs:
     ./scripts/test_buildconfigs buildconfigs/*.sh
 
@@ -448,9 +429,6 @@ run-java-functions-client addr:
 run-cc-functions-client addr request:
     bazel-out/k8-fastbuild/bin/cc/client/cli {{addr}} {{request}}
 
-bazel_build_opt target:
-    bazel build {{BAZEL_CONFIG_FLAG}} --compilation_mode opt --strip always "{{target}}"
-
 containers_placer_artifacts:
     # We need to copy things out of bazel-bin so that the remaining actions in the kokoro_build_containers script can find them
     # TODO: b/376322165 - Remove the need for this
@@ -478,10 +456,22 @@ containers_placer_artifacts:
     cp --force --preserve=timestamps bazel-bin/oak_containers/orchestrator/bin/oak_containers_orchestrator artifacts
     cp --force --preserve=timestamps bazel-bin/oak_containers/syslogd/oak_containers_syslogd artifacts
 
-# The following _for_provenance targets are used by buildconfigs.
-bazel_build_for_provenance package target: (bazel_build_opt package+":"+target)
+bazel_build_opt target:
+    bazel build {{BAZEL_CONFIG_FLAG}} --compilation_mode opt --linkopt=-Wl,--strip-all "{{target}}"
+
+bazel_build_copy package target: (bazel_build_opt package+":"+target)
     cp --force --preserve=timestamps "./bazel-bin/{{package}}/{{target}}" artifacts
 
-oak_containers_agent_for_provenance: (bazel_build_for_provenance "oak_containers/agent" "bin/oak_containers_agent")
-oak_containers_orchestrator_for_provenance: (bazel_build_for_provenance "oak_containers/orchestrator" "bin/oak_containers_orchestrator")
-oak_containers_syslogd_for_provenance: (bazel_build_for_provenance "oak_containers/syslogd" "oak_containers_syslogd")
+oak_containers_agent: (bazel_build_copy "oak_containers/agent" "bin/oak_containers_agent")
+oak_containers_orchestrator: (bazel_build_copy "oak_containers/orchestrator" "bin/oak_containers_orchestrator")
+oak_containers_syslogd: (bazel_build_copy "oak_containers/syslogd" "oak_containers_syslogd")
+
+oak_containers_system_image: (bazel_build_opt "oak_containers/system_image:oak_containers_system_image")
+    cp --force --preserve=timestamps \
+        bazel-bin/oak_containers/system_image/oak_containers_system_image.tar.xz \
+        artifacts
+
+oak_containers_nvidia_system_image: (bazel_build_opt "oak_containers/system_image:oak_containers_nvidia_system_image")
+    cp --force --preserve=timestamps \
+        bazel-bin/oak_containers/system_image/oak_containers_nvidia_system_image.tar.xz \
+        artifacts