[v0.93] Fix s390x dynamic loader symlink

.gitignore

@@ -1,2 +1 @@
-.qemu.created
 hello-*

.semaphore/semaphore.yml

@@ -23,10 +23,6 @@ blocks:
   - name: "calico/go-build image"
     dependencies: []
     task:
-      agent:
-        machine:
-          type: f1-standard-4
-          os_image: ubuntu2204
       secrets:
         - name: quay-robot-calico-and-semaphoreci
         - name: docker
@@ -66,18 +62,6 @@ blocks:
             - env_var: TARGET_ARCH
               values: ["amd64", "arm64", "ppc64le", "s390x"]
 
-  - name: "calico/qemu-user-static image"
-    dependencies: []
-    task:
-      secrets:
-        - name: docker
-      jobs:
-        - name: Build and push qemu image
-          commands:
-            - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
-            - make image-qemu ARCH=$TARGET_ARCH
-            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make push-qemu ARCH=$TARGET_ARCH CONFIRM=true; fi
-
   - name: Push multi-arch manifests
     skip:
       # Only run on branches, not PRs.

Dockerfile

@@ -2,8 +2,6 @@ ARG TARGETARCH=${TARGETARCH}
 
 FROM calico/bpftool:v7.4.0 AS bpftool
 
-FROM --platform=amd64 calico/qemu-user-static:latest AS qemu
-
 FROM registry.access.redhat.com/ubi8/ubi:latest AS ubi
 
 ARG TARGETARCH
@@ -25,10 +23,6 @@ ARG CALICO_CONTROLLER_TOOLS_VERSION=calico-0.1
 
 ENV PATH=/usr/local/go/bin:$PATH
 
-# Enable non-native runs on amd64 architecture hosts
-# Supported qemu-user-static arch files are copied in Makefile `download-qemu` target
-COPY --from=qemu /usr/bin/qemu-*-static /usr/bin
-
 # Install system dependencies
 RUN dnf upgrade -y && dnf install -y \
     autoconf \

Makefile

@@ -1,3 +1,5 @@
+include Makefile.common
+
 # Shortcut targets
 default: image
 
@@ -57,26 +59,15 @@ BASE ?= calico/base
 BASE_IMAGE ?= $(BASE):latest
 BASE_ARCH_IMAGE ?= $(BASE_IMAGE)-$(ARCH)
 
-QEMU ?= calico/qemu-user-static
-QEMU_IMAGE ?= $(QEMU):latest
-
 ifdef CI
 DOCKER_PROGRESS := --progress=plain
 endif
 
 ###############################################################################
 # Building images
 ###############################################################################
-QEMU_IMAGE_CREATED=.qemu.created
-
-.PHONY: image-qemu
-image-qemu: $(QEMU_IMAGE_CREATED)
-$(QEMU_IMAGE_CREATED):
-	docker buildx build $(DOCKER_PROGRESS) --load --platform=linux/amd64 --pull -t $(QEMU_IMAGE) -f qemu/Dockerfile qemu
-	touch $@
-
 .PHONY: image
-image: register image-qemu
+image: register
 	docker buildx build $(DOCKER_PROGRESS) --load --platform=linux/$(ARCH) -t $(GOBUILD_ARCH_IMAGE) -f Dockerfile .
 ifeq ($(ARCH),amd64)
 	docker tag $(GOBUILD_ARCH_IMAGE) $(GOBUILD_IMAGE)
@@ -88,21 +79,14 @@ sub-image-%:
 	$(MAKE) image ARCH=$*
 
 .PHONY: image-base
-image-base: register image-qemu
+image-base: register
 	docker buildx build $(DOCKER_PROGRESS) --load --platform=linux/$(ARCH) --build-arg LDSONAME=$(LDSONAME) -t $(BASE_ARCH_IMAGE) -f base/Dockerfile base
 
 .PHONY: image-base-all
 image-base-all: $(addprefix sub-image-base-,$(ARCHES))
 sub-image-base-%:
 	$(MAKE) image-base ARCH=$*
 
-# Enable binfmt adding support for miscellaneous binary formats.
-.PHONY: register
-register:
-ifeq ($(BUILDARCH),amd64)
-	docker run --rm --privileged multiarch/qemu-user-static:register --reset
-endif
-
 .PHONY: push
 push: image
 	docker push $(GOBUILD_ARCH_IMAGE)
@@ -116,15 +100,10 @@ endif
 push-base: image-base
 	docker push $(BASE_ARCH_IMAGE)
 
-.PHONY: push-qemu
-push-qemu: image-qemu
-	docker push $(QEMU_IMAGE)
-
 push-all: $(addprefix sub-push-,$(ARCHES))
 sub-push-%:
 	$(MAKE) push ARCH=$*
 	$(MAKE) push-base ARCH=$*
-	$(MAKE) push-qemu
 
 .PHONY: push-manifest
 push-manifest:
@@ -136,10 +115,8 @@ push-manifest:
 
 .PHONY: clean
 clean:
-	rm -f $(QEMU_IMAGE_CREATED)
 	-docker image rm -f $$(docker images $(GOBUILD) -a -q)
 	-docker image rm -f $$(docker images $(BASE) -a -q)
-	-docker image rm -f $$(docker images $(QEMU) -a -q)
 
 ###############################################################################
 # UTs

Makefile.common

@@ -75,7 +75,7 @@ endif
 # This is only needed when running non-native binaries.
 register:
 ifneq ($(BUILDARCH),$(ARCH))
-	docker run --rm --privileged multiarch/qemu-user-static:register || true
+	docker run --privileged --rm tonistiigi/binfmt --install all || true
 endif
 
 # If this is a release, also tag and push additional images.

README.md

@@ -54,7 +54,7 @@ For example, if you registered the `s390x` emulator at `/usr/bin/qemu-s390x-stat
 To register emulators, we run:
 
 ```bash
-docker run -it --rm --privileged multiarch/qemu-user-static:register
+docker run --privileged --rm tonistiigi/binfmt --install all
 ```
 
 or simply
@@ -94,7 +94,7 @@ To _run_ a binary from a different architecture, you need to use `binfmt` and `q
 Register `qemu-*-static` for all supported processors except the current one using the following command:
 
 ```bash
-docker run --rm --privileged multiarch/qemu-user-static:register
+docker run --privileged --rm tonistiigi/binfmt --install all
 ```
 
 If a cross built binary is executed in the go-build container qemu-static will automatically be used.

base/Dockerfile

@@ -1,10 +1,7 @@
-FROM --platform=linux/amd64 calico/qemu-user-static:latest as qemu
-
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest as ubi
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest AS ubi
 
 ARG LDSONAME
-
-COPY --from=qemu /usr/bin/qemu-*-static /usr/bin/
+ARG TARGETARCH
 
 RUN microdnf upgrade -y
 
@@ -13,12 +10,16 @@ RUN microdnf upgrade -y
 RUN mkdir -p /rootfs/lib64 /rootfs/etc
 
 # Copy dynamic loader and symbolic links.
-# Note: The dynamic loader name and links might be different in a future release.
+# For s390x architecture, modify the /lib/${LDSONAME} symlink to ../lib64/${LDSONAME}
+# instead of /usr/lib64 as the /usr/lib64 directory is not included in our base.
 RUN cp /lib64/ld-2.28.so /rootfs/lib64/ld-2.28.so
 RUN set -eux; \
     cp -a /lib64/${LDSONAME} /rootfs/lib64/${LDSONAME}; \
     if [ -f /lib/${LDSONAME} ]; then \
         mkdir -p /rootfs/lib && cp -a /lib/${LDSONAME} /rootfs/lib/${LDSONAME}; \
+        if [ "${TARGETARCH}" = "s390x" ]; then \
+            ln -sf ../lib64/${LDSONAME} /rootfs/lib/${LDSONAME}; \
+        fi \
     fi
 
 # Required external C dependencies for CGO builds.
@@ -42,6 +43,10 @@ FROM scratch as source
 
 COPY --from=ubi /rootfs /
 
+# Verify if glibc can be properly loaded.
+# This check ensures that the dynamic loader and symbolic links are copied correctly.
+RUN ["/lib64/libc.so.6"]
+
 # tmp.tar has a /tmp with the correct permissions 01777.
 ADD tmp.tar /