unknown321/build_all_bins_for_armv7l.patch

## readme.md

      
    Raw
  

              readme.md
            
          
    You want to run docker on armv7l. There are no builds. You build it yourself. I build it on debian 10.
Dependencies:

docker to build docker cli
go1.14 (or higher) to build binaries
gcc-arm-linux-gnueabi package
git://git.netfilter.org/iptables - there are two missing modules (addrtype and conntrack), docker cannot start without those
https://github.com/containerd/containerd - container runtime, that's where containers will run
https://github.com/docker/cli - docker cli
https://github.com/moby/moby - docker daemon
https://github.com/opencontainers/runc - tool to run containers, required by dockerd
build_all_bins_for_armv7l.patch (see below) - build all containerd binaries for armv7l instead of containerd only
Synology toolkit: https://github.com/SynologyOpenSource/pkgscripts-ng. You can download just toolkit files from  here (base_env-6.2.txz ds.armada38x-6.2.dev.txz ds.armada38x-6.2.env.txz)

Clone everything, create folder for binaries and libs:
mkdir synology-docker && cd synology-docker
mkdir bin
mkdir lib
git clone <reponame>

Build dockerd:
cd moby
git checkout v20.10.5
make DOCKER_CROSSPLATFORMS=linux/arm/v5 cross
cp -rv bundles/cross/linux/arm/v5/dockerd-dev ../bin/dockerd
cd ..

Build runc without seccomp:
cd runc
git checkout 59ad417c14143ae6b34e9cf88cf3f6e9c6d5f9e8
# there will be an error because you didn't install gcc-arm-linux-gnueabihf package
# we don't need it, so just ignore the error and grab binary
make BUILDTAGS= localcross
cp -v runc-armel ../bin/runc
cd ..

Patch and build containerd:
cd containerd
git checkout a72fe7da21237815731386d6b73a0e93700112f9
patch Makefile build_all_bins_for_armv7l.patch
make binaries
cp -rv bin/* ../bin
cd ..

Build docker cli:
cd cli
git checkout v20.10.5
make -f docker.Makefile cross
cp build/docker-linux-arm ../bin/docker
cd ..

Follow Synology DSM Developer Guide to build iptables package (most likely there will be problems with DSM version detection) or do it without toolkit utility. Let's assume that unpacked toolchain is in ./build_env/ds.armada38x-6.2 directory:
mkdir ./build_env/ds.armada38x-6.2/source/
cp -r iptables ./build_env/ds.armada38x-6.2/source/
sudo chroot ./build_env/ds.armada38x-6.2
  
# you are chrooted
# CHROOT@ds.armada38x[/]#
cd source/iptables
git checkout v1.6.0
./autogen.sh
./configure --disable-devel  --host=arm-unknown-linux-gnueabi
# make will throw an error, but it doesn't matter since we need only iptables extensions
make
exit
  
# not chrooted
cp -v build_env/ds.armada38x-6.2/source/iptables/extensions/libxt_{addrtype,conntrack}.so ../lib

Copy both iptables libs to /usr/lib/iptables/ on synology. You can start iptables service by enabling firewall service in settings or somehow figure out how to start it from console.
Copy binaries to /usr/local/bin
Run everything in different terminal sessions on synology as root:
containerd

echo 1 > /proc/sys/net/ipv4/ip_forward
synofirewall --enable
syno_iptables_common load_nat_mod

source /usr/syno/etc.defaults/iptables_modules_list
iptablestool --insmod docker ${KERNEL_MODULES_CORE} ${KERNEL_MODULES_COMMON} ${KERNEL_MODULES_NAT} ${IPV6_MODULES}
BRIDGE="stp.ko bridge.ko"
AUFS="aufs.ko"
IPTABLES="xt_conntrack.ko xt_addrtype.ko veth.ko"
MODULES="$BRIDGE $AUFS $IPTABLES"
for i in $MODULES; do 
  /sbin/insmod /lib/modules/$i
done

dockerd

Run something:
docker pull --platform linux/arm/7 alpine:3.12
docker run -it --rm -v /dev:/dev --network=host alpine:3.12

/ # cat /etc/alpine-release 
3.12.4
/ # uname -a
Linux syn 3.10.105 #25426 SMP Tue May 12 04:42:24 CST 2020 armv7l Linux
/ # exit

root@syn:~# uname -a
Linux syn 3.10.105 #25426 SMP Tue May 12 04:42:24 CST 2020 armv7l GNU/Linux synology_armada38x_ds218j

Issues:

no network unless --network=host
weird issue with /dev/ptmx, has to mount /dev into container
no seccomp

I was unable to compile runc with seccomp support in chroot. Note: Fedora has static libseccomp.
Running docker without seccomp means that container can make whatever syscall it wants. Don't use it in production.

  
## build_all_bins_for_armv7l.patch
diff --git Makefile Makefile
index 399c7db3a..345c9d9fd 100644
--- Makefile
+++ Makefile
@@ -198,25 +198,25 @@ benchmark: ## run benchmarks tests
 FORCE:

 define BUILD_BINARY =
-@echo "$(WHALE) $@"
-@go build ${DEBUG_GO_GCFLAGS} ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@ ${GO_LDFLAGS} ${GO_TAGS}  ./$<
+echo "$(WHALE) $@"
+CC=arm-linux-gnueabi-gcc-8 CGO_ENABLED=1 GOOS=linux GOARCH=arm GOARM=7 go build ${DEBUG_GO_GCFLAGS} ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@ ${GO_LDFLAGS} ${GO_TAGS}  ./$<
 endef

 # Build a binary from a cmd.
 bin/%: cmd/% FORCE
 	$(BUILD_BINARY)

-bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
-	@echo "$(WHALE) bin/containerd-shim"
-	@CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
-
-bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
-	@echo "$(WHALE) bin/containerd-shim-runc-v1"
-	@CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v1 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1
-
-bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
-	@echo "$(WHALE) bin/containerd-shim-runc-v2"
-	@CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v2 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2
+#bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+#	@echo "$(WHALE) bin/containerd-shim"
+#	@CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
+#
+#bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+#	@echo "$(WHALE) bin/containerd-shim-runc-v1"
+#	@CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v1 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1
+#
+#bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+#	@echo "$(WHALE) bin/containerd-shim-runc-v2"
+#	@CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v2 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2

 binaries: $(BINARIES) ## build binaries
 	@echo "$(WHALE) $@"
	diff --git Makefile Makefile
	index 399c7db3a..345c9d9fd 100644
	--- Makefile
	+++ Makefile
	@@ -198,25 +198,25 @@ benchmark: ## run benchmarks tests
	FORCE:

	define BUILD_BINARY =
	-@echo "$(WHALE) $@"
	-@go build ${DEBUG_GO_GCFLAGS} ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@ ${GO_LDFLAGS} ${GO_TAGS} ./$<
	+echo "$(WHALE) $@"
	+CC=arm-linux-gnueabi-gcc-8 CGO_ENABLED=1 GOOS=linux GOARCH=arm GOARM=7 go build ${DEBUG_GO_GCFLAGS} ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@ ${GO_LDFLAGS} ${GO_TAGS} ./$<
	endef

	# Build a binary from a cmd.
	bin/%: cmd/% FORCE
	$(BUILD_BINARY)

	-bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
	- @echo "$(WHALE) bin/containerd-shim"
	- @CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
	-
	-bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
	- @echo "$(WHALE) bin/containerd-shim-runc-v1"
	- @CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v1 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1
	-
	-bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
	- @echo "$(WHALE) bin/containerd-shim-runc-v2"
	- @CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v2 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2
	+#bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
	+# @echo "$(WHALE) bin/containerd-shim"
	+# @CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
	+#
	+#bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
	+# @echo "$(WHALE) bin/containerd-shim-runc-v1"
	+# @CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v1 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1
	+#
	+#bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
	+# @echo "$(WHALE) bin/containerd-shim-runc-v2"
	+# @CGO_ENABLED=${SHIM_CGO_ENABLED} go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v2 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2

	binaries: $(BINARIES) ## build binaries
	@echo "$(WHALE) $@"