[meson] Change -Dglibc and -Dmusl to -Dlibc

From now on you can choose only one libc and if it's glibc, then some of
the libraries get symlinked into $pkglibdir/runtime/glibc directory.
This is no regression from the previous behaviour, where those libraries
were not symlinked into $pkglibdir/runtime/musl in any case.

Signed-off-by: Wojtek Porczyk <[email protected]>

.ci/lib/stage-build-nosgx.jenkinsfile

@@ -1,14 +1,16 @@
 stage('build') {
     env.MESON_OPTIONS = ''
+    if (env.GRAMINE_MUSL == '1') {
+        env.MESON_OPTIONS += ' -Dlibc=musl'
+    } else {
+        env.MESON_OPTIONS += ' -Dlibc=glibc'
+    }
     if (env.UBSAN == '1') {
         env.MESON_OPTIONS += ' -Dubsan=enabled'
     }
     if (env.ASAN == '1') {
         env.MESON_OPTIONS += ' -Dasan=enabled'
     }
-    if (env.CC == 'clang') {
-        env.MESON_OPTIONS += ' -Dmusl=disabled'
-    }
 
     try {
         sh '''
@@ -25,8 +27,11 @@ stage('build') {
             ninja -vC build/ install
         '''
     } finally {
-        archiveArtifacts 'build/meson-logs/**/*'
-        archiveArtifacts 'build/subprojects/glibc-*/glibc-build.log'
+        archiveArtifacts '''
+            build/meson-logs/**/*,
+            build/subprojects/glibc-*/glibc-build.log,
+            build/subprojects/musl-*/musl-build.log,
+        '''
     }
 
     // archive all installed files

.ci/lib/stage-build-sgx-vm.jenkinsfile

@@ -30,15 +30,17 @@ stage('build') {
     '''
 
     env.MESON_OPTIONS = ''
+    if (env.GRAMINE_MUSL == '1') {
+        env.MESON_OPTIONS += ' -Dlibc=musl'
+    } else {
+        env.MESON_OPTIONS += ' -Dlibc=glibc'
+    }
     if (env.UBSAN == '1') {
         env.MESON_OPTIONS += ' -Dubsan=enabled'
     }
     if (env.ASAN == '1') {
         env.MESON_OPTIONS += ' -Dasan=enabled'
     }
-    if (env.CC == 'clang') {
-        env.MESON_OPTIONS += ' -Dmusl=disabled'
-    }
 
     try {
         // copy gramine_test_dev_ioctl.h device header for `device_ioctl` LibOS test

.ci/lib/stage-build-sgx.jenkinsfile

@@ -6,15 +6,17 @@ stage('build') {
     '''
 
     env.MESON_OPTIONS = ''
+    if (env.GRAMINE_MUSL == '1') {
+        env.MESON_OPTIONS += ' -Dlibc=musl'
+    } else {
+        env.MESON_OPTIONS += ' -Dlibc=glibc'
+    }
     if (env.UBSAN == '1') {
         env.MESON_OPTIONS += ' -Dubsan=enabled'
     }
     if (env.ASAN == '1') {
         env.MESON_OPTIONS += ' -Dasan=enabled'
     }
-    if (env.CC == 'clang') {
-        env.MESON_OPTIONS += ' -Dmusl=disabled'
-    }
     if (env.RA_TYPE == 'dcap') {
         env.MESON_OPTIONS += ' -Ddcap=enabled'
     }
@@ -46,8 +48,11 @@ stage('build') {
             gramine-sgx-gen-private-key
         '''
     } finally {
-        archiveArtifacts 'build/meson-logs/**/*'
-        archiveArtifacts 'build/subprojects/glibc-*/glibc-build.log'
+        archiveArtifacts '''
+            build/meson-logs/**/*,
+            build/subprojects/glibc-*/glibc-build.log,
+            build/subprojects/musl-*/musl-build.log,
+        '''
     }
 
     // archive all installed files

.ci/lib/stage-test-sgx.jenkinsfile

@@ -3,7 +3,10 @@ stage('test-sgx') {
         .ci/check-rwx.py "$GRAMINE_PKGLIBDIR"/libsysdb.so
         .ci/check-rwx.py "$GRAMINE_PKGLIBDIR"/sgx/loader
         .ci/check-rwx.py "$GRAMINE_PKGLIBDIR"/sgx/libpal.so
-        .ci/check-no-syscall.sh "$GRAMINE_PKGLIBDIR"/runtime/glibc/libc.so.6
+        if test -f "$GRAMINE_PKGLIBDIR"/runtime/glibc/libc.so.6
+        then
+            .ci/check-no-syscall.sh "$GRAMINE_PKGLIBDIR"/runtime/glibc/libc.so.6
+        fi
         if test -f "$GRAMINE_PKGLIBDIR"/runtime/musl/libc.so
         then
             .ci/check-no-syscall.sh "$GRAMINE_PKGLIBDIR"/runtime/musl/libc.so

.ci/lib/stage-test.jenkinsfile

@@ -19,30 +19,15 @@ stage('test') {
         try {
             sh '''
                 cd libos/test/regression
-                RA_TYPE=$RA_TYPE RA_CLIENT_SPID=${ra_client_spid} gramine-test build -v
+                RA_TYPE=$RA_TYPE RA_CLIENT_SPID=${ra_client_spid} \
+                    gramine-test -n tests${GRAMINE_MUSL+_musl}.toml build -v
                 python3 -m pytest -v --junit-xml libos-regression.xml
             '''
         } finally {
             junit 'libos/test/regression/libos-regression.xml'
         }
     }
 
-    if (env.CC != "clang") {
-        timeout(time: 15, unit: 'MINUTES') {
-            try {
-                sh '''
-                    export GRAMINE_MUSL=1
-                    cd libos/test/regression
-                    RA_TYPE=$RA_TYPE RA_CLIENT_SPID=${ra_client_spid} \
-                        gramine-test -n tests_musl.toml build -v
-                    python3 -m pytest -v --junit-xml libos-regression-musl.xml
-                '''
-            } finally {
-                junit 'libos/test/regression/libos-regression-musl.xml'
-            }
-        }
-    }
-
     timeout(time: 15, unit: 'MINUTES') {
         try {
             sh '''
@@ -55,15 +40,17 @@ stage('test') {
         }
     }
 
-    timeout(time: 15, unit: 'MINUTES') {
-        try {
-            sh '''
-                cd libos/test/fs
-                gramine-test build -v
-                python3 -m pytest -v --junit-xml fs.xml
-            '''
-        } finally {
-            junit 'libos/test/fs/*.xml'
+    if (env.GRAMINE_MUSL != '1') {
+        timeout(time: 15, unit: 'MINUTES') {
+            try {
+                sh '''
+                    cd libos/test/fs
+                    gramine-test build -v
+                    python3 -m pytest -v --junit-xml fs.xml
+                '''
+            } finally {
+                junit 'libos/test/fs/*.xml'
+            }
         }
     }
 }

.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile

@@ -0,0 +1,21 @@
+node('sgx_slave_2.6 && aesni') {
+    checkout scm
+
+    env.SGX = '1'
+    env.GRAMINE_MUSL = '1'
+
+    load '.ci/lib/config-docker.jenkinsfile'
+    docker.build(
+        "local:${env.BUILD_TAG}",
+        '-f .ci/ubuntu20.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
+        load '.ci/lib/config.jenkinsfile'
+        load '.ci/lib/config-release.jenkinsfile'
+
+        load '.ci/lib/stage-lint.jenkinsfile'
+        load '.ci/lib/stage-clean-check-prepare.jenkinsfile'
+        load '.ci/lib/stage-build-sgx.jenkinsfile'
+        load '.ci/lib/stage-test.jenkinsfile'
+        load '.ci/lib/stage-clean-check.jenkinsfile'
+    }
+}

Documentation/devel/building.rst

@@ -12,7 +12,8 @@ Gramine consists of several components:
 
 Building Gramine implies building at least the first two components. The
 build of the patched C library is optional but highly recommended for
-performance reasons. Both patched glibc and patched musl are built by default.
+performance reasons. You can choose at most one of the libcs available. By
+default glibc is built.
 
 Gramine currently only works on the x86_64 architecture. Gramine is currently
 tested on Ubuntu 18.04/20.04, along with Linux kernel version 5.x. We recommend
@@ -176,8 +177,9 @@ it's usually not needed.
    programs can not be found, you might need to edit your configuration files so
    that ``/usr/local/bin`` is in your path (in ``PATH`` environment variable).
 
-Set ``-Dglibc=`` or ``-Dmusl=`` options to ``disabled`` if you wish not to build
-the support for any (they are both built by default).
+Set ``-Dlibc`` option to ``musl`` if you wish to build musl instead of glibc
+(which is built by default), or to ``none`` if you do not want to build any
+libc.
 
 Additional build options
 ^^^^^^^^^^^^^^^^^^^^^^^^
@@ -302,16 +304,16 @@ also git submodules. For this you need to create a |~| dummy builddir using
 
     meson setup build-dist/ \
         -Ddirect=disabled -Dsgx=disabled -Dskeleton=enabled \
-        -Dglibc=enabled -Dmusl=enabled -Dlibgomp-enabled
+        -Dlibc=glibc -Dlibgomp-enabled
     meson dist -C build-dist/ --no-tests --include-subprojects --formats=gztar
 
-The options specified with ``-D`` (especially ``-Dglibc``, ``-Dmusl`` and
-``-Dlibgomp``) are important, because without them some subprojects will not be
-included in the tarball (if in doubt, you can consult
-:file:`scripts/makedist.sh` script). The command :command:`meson dist` still
-needs network access, because it downloads subprojects and checks out git
-submodules. The tarballs are located in :file:`build-dist/meson-dist`. You can
-adjust ``--formats`` option to your needs.
+The options specified with ``-D`` (especially ``-Dlibc`` and ``-Dlibgomp``) are
+important, because they determine which subprojects will be included in the
+tarball. They need to match what you intend to build. The command
+:command:`meson dist` still needs network access, because it downloads
+subprojects and checks out git submodules. The tarballs are located in
+:file:`build-dist/meson-dist`. You can adjust ``--formats`` option to your
+needs.
 
 You can now sever your network connection::
 

debian/gramine.install

@@ -52,5 +52,3 @@ usr/lib/${DEB_HOST_MULTIARCH}/gramine/runtime/glibc/libra_tls_attest.so*
 usr/lib/${DEB_HOST_MULTIARCH}/gramine/runtime/glibc/libra_tls_verify.a
 usr/lib/${DEB_HOST_MULTIARCH}/gramine/runtime/glibc/libsecret_prov_attest.so*
 usr/lib/${DEB_HOST_MULTIARCH}/gramine/runtime/glibc/libsecret_prov_verify.a
-
-usr/lib/${DEB_HOST_MULTIARCH}/gramine/runtime/musl/

gramine.spec

@@ -96,7 +96,6 @@ install -t %{buildroot}/%{_licensedir}/%{name} LICENSE*.txt
 
 %dir %{_libdir}/%{name}/runtime
 %{_libdir}/%{name}/runtime/glibc
-%{_libdir}/%{name}/runtime/musl
 
 %{_libdir}/pkgconfig/mbedtls_%{name}.pc
 %{_libdir}/pkgconfig/ra_tls_%{name}.pc

libos/test/regression/meson.build

@@ -197,7 +197,7 @@ endif
 install_dir = pkglibdir / 'tests' / 'libos' / 'regression'
 
 configurations = []
-if enable_glibc
+if get_option('libc') == 'glibc'
     common_lib = static_library('test_libos',
         'dump.c',
         'rw_file.c',
@@ -208,10 +208,10 @@ if enable_glibc
         'tests': tests,
     }
 endif
-if enable_musl
+if get_option('libc') == 'musl'
     if meson.get_compiler('c').get_id() != 'gcc'
-        error('Compiling tests is currently unsupported with Musl and compilers other than GCC. ' +
-              'You need to either disable Musl (-Dmusl=disabled) or use GCC (CC=gcc).')
+        error('Compiling tests is currently unsupported with musl and compilers other than GCC. ' +
+              'You need to either disable musl (i.e. -Dlibc=glibc) or use GCC (CC=gcc).')
     endif
 
     musl_specs_path_cmd = run_command('sh', '-c',
@@ -307,7 +307,7 @@ foreach conf: configurations
     endforeach
 endforeach
 
-if enable_musl
+if get_option('libc') == 'musl'
     meson.add_install_script(
         find_program('install_musl_tests.sh'),
         prefix / install_dir / 'musl',

meson.build

@@ -40,10 +40,8 @@ vtune = get_option('vtune') == 'enabled'
 enable_libgomp = get_option('libgomp') == 'enabled'
 enable_tests = get_option('tests') == 'enabled'
 
-enable_glibc = get_option('glibc') == 'enabled'
-enable_musl = get_option('musl') == 'enabled'
-
 cc = meson.get_compiler('c')
+host_has_glibc = cc.get_define('__GLIBC__', prefix: '#include <features.h>') != ''
 objcopy = find_program('objcopy')
 
 pythonmod = import('python')
@@ -285,10 +283,9 @@ subdir('libos')
 subdir('python')
 subdir('tools')
 
-if enable_glibc
+if get_option('libc') == 'glibc'
     subproject('glibc-2.37-1')
-endif
-if enable_musl
+elif get_option('libc') == 'musl'
     subproject('musl-1.2.4')
 endif
 

meson_options.txt

@@ -6,10 +6,8 @@ option('sgx', type: 'combo', choices: ['disabled', 'enabled'],
 option('skeleton', type: 'combo', choices: ['disabled', 'enabled'],
     description: 'Build skeleton PAL')
 
-option('glibc', type: 'combo', choices: ['disabled', 'enabled'],
-    value: 'enabled', description: 'Build patched glibc')
-option('musl', type: 'combo', choices: ['disabled', 'enabled'],
-    value: 'enabled', description: 'Build patched musl')
+option('libc', type: 'combo', choices: ['none', 'glibc', 'musl'],
+    value: 'glibc', description: 'Choose (patched) libc that is to be built into runtime directory')
 
 option('tests', type: 'combo', choices: ['disabled', 'enabled'],
     description: 'Build test binaries')

scripts/makedist.sh

@@ -6,7 +6,7 @@ BUILDDIR=build-dist
 
 rm -rf "$BUILDDIR"
 # it doesn't matter what options we have here, this is only for meson dist
-meson setup "$BUILDDIR" -Dskeleton=enabled -Dglibc=enabled -Dmusl=enabled -Dlibgomp=enabled >&2
+meson setup "$BUILDDIR" -Dskeleton=enabled -Dlibgomp=enabled >&2
 meson dist -C "$BUILDDIR" --no-test --include-subprojects --formats=gztar >&2
 
 tarball=$(meson introspect --projectinfo "$BUILDDIR" | jq -r '.descriptive_name + "-" + .version').tar.gz

subprojects/packagefiles/mbedtls/meson.build

@@ -1,5 +1,8 @@
 project('mbedtls', 'c')
 
+cc = meson.get_compiler('c')
+host_has_glibc = cc.get_define('__GLIBC__', prefix: '#include <features.h>') != ''
+
 pkgconfig = import('pkgconfig')
 
 mbedtls_libs_output = [
@@ -55,12 +58,14 @@ pkgconfig.generate(
     ],
 )
 
-foreach output : mbedtls_libs_output
-    meson.add_install_script('/bin/sh', '-c',
-        ('ln -sf ../../../@0@ ' +
-        '"$MESON_INSTALL_DESTDIR_PREFIX"/@1@/gramine/runtime/glibc/').format(
-            output, get_option('libdir')))
-endforeach
+if get_option('libc') == 'glibc' and host_has_glibc
+    foreach output : mbedtls_libs_output
+        meson.add_install_script('/bin/sh', '-c',
+            ('ln -sf ../../../@0@ ' +
+            '"$MESON_INSTALL_DESTDIR_PREFIX"/@1@/gramine/runtime/@2@/').format(
+                output, get_option('libdir'), get_option('libc')))
+    endforeach
+endif
 
 # We rely on the fact that for `mbedtls_gramine` package, we don't need any changes in the default
 # mbedTLS headers

subprojects/packagefiles/mbedtls/meson_options.txt

@@ -0,0 +1 @@
+option('libc', type: 'combo', choices: ['none', 'glibc', 'musl'], value: 'glibc', yield: true)