fix s390x go-build for felix build

Signed-off-by: huoqifeng <huoqif@cn.ibm.com>

Dockerfile.s390x

@@ -1,36 +1,54 @@
+FROM calico/bpftool:v5.3-s390x as bpftool
 FROM alpine:3.11 as qemu
 
-ARG QEMU_VERSION=4.2.0-6
-ARG QEMU_ARCHS="s390x"
-
 RUN apk --update add curl
 
-# Enable non-native runs on amd64 architecture hosts
-RUN for i in ${QEMU_ARCHS}; do curl -L https://github.com/multiarch/qemu-user-static/releases/download/v${QEMU_VERSION}/qemu-${i}-static.tar.gz | tar zxvf - -C /usr/bin; done
-RUN chmod +x /usr/bin/qemu-*
-
-FROM s390x/golang:1.17.7-alpine3.14
+FROM s390x/golang:1.17-buster
 MAINTAINER LoZ Open Source Ecosystem (https://www.ibm.com/developerworks/community/groups/community/lozopensource)
 
 ARG MANIFEST_TOOL_VERSION=v1.0.2
+ARG GO111MODULE=auto
+
+# Install gcc for cgo.
+# Install clang, libbpf and newer kernel headers for building BPF binaries.
+RUN echo 'APT::Default-Release "buster";' > /etc/apt/apt.conf.d/99defaultrelease && \
+    echo 'deb     http://ftp.am.debian.org/debian/    buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list && \
+    apt-get -y update &&  \
+    apt-get -y upgrade && \
+    apt-get install --no-install-recommends -y -t buster-backports \
+        libbpf-dev linux-headers-5.10.0-0.bpo.9-s390x && \
+    apt-get install --no-install-recommends -y \
+        curl bash git openssh-client mercurial make wget util-linux file grep sed jq zip \
+        llvm-11 clang-11 binutils file iproute2 autoconf automake build-essential \
+        ca-certificates gcc mingw-w64 libc-dev bsdmainutils strace libpcap-dev && \
+    rm -rf /var/lib/apt/lists/*
+
+# su-exec is used by the entrypoint script to execute the user's command with the right UID/GID.
+# (sudo doesn't work easily in a container.)  The version was current master at the time of writing.
+ARG SU_EXEC_VER=212b75144bbc06722fbd7661f651390dc47a43d1
+RUN  set -ex; \
+     curl -o /sbin/su-exec.c https://raw.githubusercontent.com/ncopa/su-exec/${SU_EXEC_VER}/su-exec.c; \
+     gcc -Wall /sbin/su-exec.c -o/sbin/su-exec; \
+     chown root:root /sbin/su-exec; \
+     chmod 0755 /sbin/su-exec; \
+     rm /sbin/su-exec.c
+
+# Install fossa for foss license checks
+ARG FOSSA_VER=1.0.1
+RUN git clone -b v1.0.1 https://github.com/fossas/fossa-cli.git $GOPATH/src/github.com/fossas/fossa-cli; \
+    cd $GOPATH/src/github.com/fossas/fossa-cli; \
+    make; \
+    cp $GOPATH/bin/fossa /usr/local/bin; \
+    chmod +x /usr/local/bin/fossa
+
+ARG MOCKERY_VER=2.3.0
+RUN git clone -b v2.3.0 https://github.com/vektra/mockery.git $GOPATH/src/github.com/vektra/mockery.git; \
+    cd $GOPATH/src/github.com/vektra/mockery.git; \
+    go get github.com/vektra/mockery/v2/.../; \
+    cp $GOPATH/bin/mockery /usr/local/bin/mockery; \
+    chmod +x /usr/local/bin/mockery
+
 
-# Enable non-native builds of this image on an amd64 hosts.
-# This must be the first RUN command in this file!
-COPY --from=qemu /usr/bin/qemu-*-static /usr/bin/
-
-# Install su-exec for use in the entrypoint.sh (so processes run as the right user)
-# Install bash for the entry script (and because it's generally useful)
-# Install curl
-# Install git for fetching Go dependencies
-# Install ssh for fetching Go dependencies
-# Install mercurial for fetching go dependencies
-# Install wget since it's useful for fetching
-# Install make for building things
-# Install util-linux for column command (used for output formatting).
-# Install grep, sed, zip, and jq for use in some Makefiles
-# Install shadow for useradd (it allows to use big UID)
-RUN apk update && apk add --no-cache su-exec curl bash git openssh mercurial make wget util-linux tini file grep sed jq zip shadow libpcap-dev
-RUN apk upgrade --no-cache
 
 # Disable ssh host key checking
 RUN echo 'Host *' >> /etc/ssh/ssh_config \
@@ -71,12 +89,30 @@ RUN wget https://dl.k8s.io/v1.23.2/bin/linux/s390x/kube-apiserver -O /usr/local/
 	wget https://dl.k8s.io/release/v1.23.2/bin/linux/s390x/kubectl -O /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && \
 	wget https://dl.k8s.io/v1.23.2/bin/linux/s390x/kube-controller-manager -O /usr/local/bin/kube-controller-manager && chmod +x /usr/local/bin/kube-controller-manager
 
+# Used for generating CRD files.
+# Download a version of controller-gen that has been hacked to support additional types (e.g., float).
+# We can remove this once we update the Calico v3 APIs to use only types which are supported by the upstream controller-gen
+# tooling. Example: float, all the types in the numorstring package, etc.
+RUN wget -O ${GOPATH}/bin/controller-gen https://github.com/projectcalico/controller-tools/releases/download/calico-0.1/controller-gen && chmod +x ${GOPATH}/bin/controller-gen
+
+
 # Ensure that everything under the GOPATH is writable by everyone
 RUN chmod -R 777 $GOPATH
 
 RUN curl -sSL https://github.com/estesp/manifest-tool/releases/download/${MANIFEST_TOOL_VERSION}/manifest-tool-linux-s390x > manifest-tool && \
     chmod +x manifest-tool && \
     mv manifest-tool /usr/bin/
 
+# crane is needed for our release targets to copy images from the dev registries to the release registries.
+RUN wget https://github.com/google/go-containerregistry/releases/download/v0.7.0/go-containerregistry_Linux_s390x.tar.gz && \
+    tar -xvf go-containerregistry_Linux_s390x.tar.gz && \
+    chmod +x crane && \
+    mv crane /usr/bin
+
+# Add bpftool for Felix UT/FV.
+COPY --from=bpftool /bpftool /usr/bin
+
+RUN cp -rf /usr/lib/llvm-11/lib/clang/11.0.1 /usr/lib/llvm-11/lib/clang/11.1.0
+
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
-ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

Makefile

@@ -74,7 +74,11 @@ image: calico/go-build
 calico/go-build: register
 	# Make sure we re-pull the base image to pick up security fixes.
 	# Limit the build to use only one CPU, This helps to work around qemu bugs such as https://bugs.launchpad.net/qemu/+bug/1098729
+ifeq ($(BUILDARCH),s390x)
+	docker build $(DOCKER_BUILD_ARGS) -t $(ARCHIMAGE) -f $(DOCKERFILE) .
+else
 	docker build $(DOCKER_BUILD_ARGS) --pull -t $(ARCHIMAGE) -f $(DOCKERFILE) .
+endif
 
 image-all: $(addprefix sub-image-,$(ARCHES))
 sub-image-%: