From 1230bc77f27bf5b60d0cdea47afe838c12c1fc73 Mon Sep 17 00:00:00 2001
From: Silenio Quarti <silenio_quarti@ca.ibm.com>
Date: Tue, 26 Nov 2024 09:57:04 -0500
Subject: [PATCH] agent: fix startup when guest_components_procs is set to none

This PR ensures that OCICRYPT_CONFIG_PATH file is initialized only
when CDH socket exists. This prevents startup error if attestation
binaries are not installed in PodVM.

Fixes: https://github.com/kata-containers/kata-containers/issues/10568

Signed-off-by: Silenio Quarti <silenio_quarti@ca.ibm.com>
---
 src/agent/src/main.rs | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs
index 3e2e22d69..17d1d34a1 100644
--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@@ -519,14 +519,13 @@ async fn launch_guest_component_procs(logger: &Logger, config: &AgentConfig) ->
 async fn init_attestation_components(logger: &Logger, config: &AgentConfig) -> Result<()> {
     launch_guest_component_procs(logger, config).await?;
 
-    fs::write(OCICRYPT_CONFIG_PATH, OCICRYPT_CONFIG.as_bytes())?;
-    env::set_var("OCICRYPT_KEYPROVIDER_CONFIG", OCICRYPT_CONFIG_PATH);
-
-    // If a CDH socket exists, initialize the CDH client
+    // If a CDH socket exists, initialize the CDH client and enable ocicrypt
     match tokio::fs::metadata(CDH_SOCKET).await {
         Ok(md) => {
             if md.file_type().is_socket() {
                 cdh::init_cdh_client(CDH_SOCKET_URI).await?;
+                fs::write(OCICRYPT_CONFIG_PATH, OCICRYPT_CONFIG.as_bytes())?;
+                env::set_var("OCICRYPT_KEYPROVIDER_CONFIG", OCICRYPT_CONFIG_PATH);
             } else {
                 debug!(logger, "File {} is not a socket", CDH_SOCKET);
             }