From 33ac5468fef8e1ab9067be057db5f4a678a84a34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 1 Feb 2024 12:19:34 +0100 Subject: [PATCH 1/6] packaging: Add function to get the kernel modules directory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Right now this is just being added but not used yet. The idea is to use this to both cache and later on untar the kernel modules needed for some of the kernel targets we have (specifically looking at the confidential one). Signed-off-by: Fabiano Fidêncio --- .../local-build/kata-deploy-binaries.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 61edbb3ce..39b35060c 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -126,6 +126,24 @@ EOF exit "${return_code}" } +get_kernel_modules_dir() { + local kernel_version="${1:-}" + local kernel_kata_config_version="${2:-}" + local kernel_name"=${3:-}" + [ -z "${kernel_version}" ] && die "kernel version is a required argument" + [ -z "${kernel_kata_config_version}" ] && die "kernel kata config version is a required argument" + [ -z "${kernel_name}" ] && die "kernel name is a required argument" + + local version=${kernel_version#v} + local numeric_final_version=${version} + + # Every first release of a kernel is x.y, while the resulting folder would be x.y.0 + local dots=$(echo ${version} | grep -o '\.' | wc -l) + [ "${dots}" == "1" ] && numeric_final_version="${version}.0" + + echo "${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/${kernel_name}/builddir/kata-linux-${version}-${kernel_kata_config_version}/lib/modules/${numeric_final_version}" +} + cleanup_and_fail() { rm -f "${component_tarball_name}" return 1 From a58caca7232dde2a30be415818356fb3321df413 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 1 Feb 2024 12:21:32 +0100 Subject: [PATCH 2/6] packaging: Take extra tarballs in install_cached_tarball_component() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows us to add a map, in the format of: `"tarball1_name:tarball1_path tarball2_name:tarball2_path ..."` With this we have a base to start doing a better job when caching extra artefacts, like kernel modules. Signed-off-by: Fabiano Fidêncio --- .../local-build/kata-deploy-binaries.sh | 33 +++++++++++++++++-- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 39b35060c..cd3a61b58 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -145,8 +145,21 @@ get_kernel_modules_dir() { } cleanup_and_fail() { - rm -f "${component_tarball_name}" - return 1 + local component_tarball_name="${1:-}" + local extra_tarballs="${2:-}" + + rm -f "${component_tarball_name}" + + if [ -n "${extra_tarballs}" ]; then + local mapping + IFS=' ' read -a mapping <<< "${extra_tarballs}" + for m in ${mapping[@]}; do + local extra_tarball_name=${m%:*} + rm -f "${extra_tarball_name}" + done + fi + + return 1 } install_cached_tarball_component() { @@ -159,6 +172,9 @@ install_cached_tarball_component() { local current_image_version="${3}" local component_tarball_name="${4}" local component_tarball_path="${5}" + # extra_tarballs must be in the following format: + # "tarball1_name:tarball1_path tarball2_name:tarball2_path ... tarballN_name:tarballN_path" + local extra_tarballs="${6:-}" sudo oras pull ${ARTEFACT_REGISTRY}/kata-containers/cached-artefacts/${build_target}:latest-${TARGET_BRANCH}-$(uname -m) || return 1 @@ -170,10 +186,21 @@ install_cached_tarball_component() { [ "${cached_image_version}" != "${current_image_version}" ] && return 1 [ "${cached_version}" != "${current_version}" ] && return 1 - sha256sum -c "${component}-sha256sum" || return $(cleanup_and_fail) + sha256sum -c "${component}-sha256sum" || return $(cleanup_and_fail "${component_tarball_path}" "${extra_tarballs}") info "Using cached tarball of ${component}" mv "${component_tarball_name}" "${component_tarball_path}" + + [ -z "${extra_tarballs}" ] && return 0 + + local mapping + IFS=' ' read -a mapping <<< "${extra_tarballs}" + for m in ${mapping[@]}; do + local extra_tarball_name=${m%:*} + local extra_tarball_path=${m#&:} + + mv ${extra_tarball_name} ${extra_tarball_path} + done } get_agent_tarball_path() { From f481f586591d58b6266461b5910c5abd52c8e580 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 1 Feb 2024 12:43:35 +0100 Subject: [PATCH 3/6] packaging: Create the tarball for the kernel modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's start doing this for the confidential kernels (and also for SEV, till it gets removed). Signed-off-by: Fabiano Fidêncio --- .../local-build/kata-deploy-binaries.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index cd3a61b58..3025034b3 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -966,6 +966,21 @@ handle_build() { fi tar tvf "${final_tarball_path}" + case ${build_target} in + kernel*-confidential|kernel-sev) + local modules_final_tarball_path="${workdir}/kata-static-${build_target}-modules.tar.xz" + if [ ! -f "${modules_final_tarball_path}" ]; then + local modules_dir=$(get_kernel_modules_dir ${kernel_version} ${kernel_kata_config_version}) + + pushd "${modules_dir}" + sudo rm -f build + sudo tar cvfJ "${modules_final_tarball_path}" "." + popd + fi + tar tvf "${modules_final_tarball_path}" + ;; + esac + pushd ${workdir} echo "${latest_artefact}" > ${build_target}-version echo "${latest_builder_image}" > ${build_target}-builder-image-version From e5bca90274f39608ecaf369df9ea2438461af22d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 1 Feb 2024 12:44:47 +0100 Subject: [PATCH 4/6] packaging: Cache the kernel modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will save us a lot of time, as right now the CI is rebuilding the kernel for absolutely no reason. Signed-off-by: Fabiano Fidêncio --- .../local-build/kata-deploy-binaries.sh | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 3025034b3..779ad7337 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -996,7 +996,25 @@ handle_build() { echo "${ARTEFACT_REGISTRY_PASSWORD}" | sudo oras login "${ARTEFACT_REGISTRY}" -u "${ARTEFACT_REGISTRY_USERNAME}" --password-stdin - sudo oras push ${ARTEFACT_REGISTRY}/kata-containers/cached-artefacts/${build_target}:latest-${TARGET_BRANCH}-$(uname -m) ${final_tarball_name} ${build_target}-version ${build_target}-builder-image-version ${build_target}-sha256sum + case ${build_target} in + kernel*-confidential|kernel-sev) + sudo oras push \ + ${ARTEFACT_REGISTRY}/kata-containers/cached-artefacts/${build_target}:latest-${TARGET_BRANCH}-$(uname -m) \ + ${final_tarball_name} \ + "kata-static-${build_target}-modules.tar.xz" \ + ${build_target}-version \ + ${build_target}-builder-image-version \ + {build_target}-sha256sum + ;; + *) + sudo oras push \ + ${ARTEFACT_REGISTRY}/kata-containers/cached-artefacts/${build_target}:latest-${TARGET_BRANCH}-$(uname -m) \ + ${final_tarball_name} \ + ${build_target}-version \ + ${build_target}-builder-image-version \ + {build_target}-sha256sum + ;; + esac sudo oras logout "${ARTEFACT_REGISTRY}" fi From d2ea11dbff6213dd3e92c6cfd9f843562fabdafa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 1 Feb 2024 12:46:30 +0100 Subject: [PATCH 5/6] packaging: Use the cached kernel modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Till now we didn't have a logic to consume the kernel modules cached tarball. Let's make sure those are consumed as it'll save us a reasonable amount of build time. Signed-off-by: Fabiano Fidêncio --- .../local-build/kata-deploy-binaries.sh | 37 ++++++++----------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 779ad7337..a0a72a069 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -333,7 +333,7 @@ install_se_image() { #Install kernel component helper install_cached_kernel_tarball_component() { local kernel_name=${1} - local module_dir=${2:-""} + local extra_tarballs="${2:-}" latest_artefact="${kernel_version}-${kernel_kata_config_version}-$(get_last_modification $(dirname $kernel_builder))" latest_builder_image="$(get_kernel_image_name)" @@ -344,25 +344,16 @@ install_cached_kernel_tarball_component() { "${latest_builder_image}" \ "${final_tarball_name}" \ "${final_tarball_path}" \ + "${extra_tarballs} " \ || return 1 - if [[ "${kernel_name}" != "kernel-sev" ]] && [[ "${kernel_name}" != "kernel-confidential" ]]; then + if [[ "${kernel_name}" != "kernel-sev" ]] && [[ "${kernel_name}" != "kernel"*"-confidential" ]]; then return 0 fi - # SEV specific code path - install_cached_tarball_component \ - "${kernel_name}" \ - "${latest_artefact}" \ - "${latest_builder_image}" \ - "kata-static-${kernel_name}-modules.tar.xz" \ - "${workdir}/kata-static-${kernel_name}-modules.tar.xz" \ - || return 1 - - if [[ -n "${module_dir}" ]]; then - mkdir -p "${module_dir}" - tar xvf "${workdir}/kata-static-${kernel_name}-modules.tar.xz" -C "${module_dir}" && return 0 - fi + local modules_dir=$(get_kernel_modules_dir ${kernel_version} ${kernel_kata_config_version}) + mkdir -p "${modules_dir}" || true + tar xvf "${workdir}/kata-static-${kernel_name}-modules.tar.xz" -C "${modules_dir}" && return 0 return 1 } @@ -372,22 +363,26 @@ install_kernel_helper() { local kernel_version_yaml_path="${1}" local kernel_name="${2}" local extra_cmd="${3:-}" + local extra_tarballs="" export kernel_version="$(get_from_kata_deps ${kernel_version_yaml_path})" export kernel_kata_config_version="$(cat ${repo_root_dir}/tools/packaging/kernel/kata_config_version)" - local module_dir="" if [[ "${kernel_name}" == "kernel-sev" ]]; then kernel_version="$(get_from_kata_deps assets.kernel.sev.version)" - default_patches_dir="${repo_root_dir}/tools/packaging/kernel/patches" - module_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/kernel-sev/builddir/kata-linux-${kernel_version#v}-${kernel_kata_config_version}/lib/modules/${kernel_version#v}" elif [[ "${kernel_name}" == "kernel"*"-confidential" ]]; then kernel_version="$(get_from_kata_deps assets.kernel.confidential.version)" - default_patches_dir="${repo_root_dir}/tools/packaging/kernel/patches" - module_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/kernel-confidential/builddir/kata-linux-${kernel_version#v}-${kernel_kata_config_version}/lib/modules/${kernel_version#v}" fi - install_cached_kernel_tarball_component ${kernel_name} ${module_dir} && return 0 + if [[ "${kernel_name}" == "kernel-sev" ]] || [[ "${kernel_name}" == "kernel"*"-confidential" ]]; then + local kernel_modules_tarball_name="kata-static-${kernel_name}-modules.tar.xz" + local kernel_modules_tarball_path="${workdir}/${kernel_modules_tarball_name}" + extra_tarballs="${kernel_modules_tarball_name}:${kernel_modules_tarball_path}" + fi + + default_patches_dir="${repo_root_dir}/tools/packaging/kernel/patches" + + install_cached_kernel_tarball_component ${kernel_name} ${extra_tarballs} && return 0 info "build ${kernel_name}" info "Kernel version ${kernel_version}" From 5d2906c36ac2fc29d6cce8987145176904f46592 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 1 Feb 2024 12:47:58 +0100 Subject: [PATCH 6/6] packaging: Bump the kata config kernel version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Just to make sure we won't use cached components. Fixes: #6415 Signed-off-by: Fabiano Fidêncio --- tools/packaging/kernel/kata_config_version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version index 9f54fe313..190a18037 100644 --- a/tools/packaging/kernel/kata_config_version +++ b/tools/packaging/kernel/kata_config_version @@ -1 +1 @@ -122 +123