Merge pull request #4640 from fidencio/topic/cc-build-and-ship-tdx-qemu

cc | packaging: Allow building a TDX capable QEMU
2025-08-28 04:21:03 +00:00 · 2022-07-13 15:03:59 +02:00 · 2022-07-13 15:03:59 +02:00 · 1485634e28
commit 1485634e28
parent 6f79928df7 be165c40f9
6 changed files with 35 additions and 6 deletions
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@ -94,6 +94,9 @@ cc-tdx-kernel-tarball:
 cc-qemu-tarball:
 	${MAKE} $@-build

+cc-tdx-qemu-tarball:
+	${MAKE} $@-build
+
 cc-rootfs-image-tarball:
 	${MAKE} $@-build

--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -86,6 +86,7 @@ options:
 	cc-kernel
 	cc-tdx-kernel
 	cc-qemu
+	cc-tdx-qemu
 	cc-rootfs-image
 	cc-shimv2
 	cc-virtiofsd
@ -139,6 +140,23 @@ install_cc_kernel() {
 	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -f -v "${kernel_version}"
 }

+install_cc_tee_qemu() {
+	tee="${1}"
+
+	[ "${tee}" != "tdx" ] && die "Non supported TEE"
+
+	export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)"
+	export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)"
+	export tee="${tee}"
+	"${qemu_cc_builder}"
+	tar xvf "${builddir}/kata-static-${tee}-qemu-cc.tar.gz" -C "${destdir}"
+}
+
+
+install_cc_tdx_qemu() {
+	install_cc_tee_qemu "tdx"
+}
+
 # Install static CC qemu asset
 install_cc_qemu() {
 	info "build static CC qemu"
@ -279,6 +297,8 @@ handle_build() {

 	cc-qemu) install_cc_qemu ;;

+	cc-tdx-qemu) install_cc_tdx_qemu ;;
+
 	cc-rootfs-image) install_cc_image ;;

 	cc-shim-v2) install_cc_shimv2 ;;
--- a/tools/packaging/static-build/qemu/Dockerfile
+++ b/tools/packaging/static-build/qemu/Dockerfile
@ -72,8 +72,10 @@ RUN git clone --depth=1 "${QEMU_REPO}" qemu && \
    git fetch --depth=1 origin "${QEMU_VERSION}" && git checkout FETCH_HEAD && \
    scripts/git-submodule.sh update meson capstone && \
    /root/patch_qemu.sh "${QEMU_VERSION}" "/root/kata_qemu/patches" && \
-    (PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "kata-qemu${BUILD_SUFFIX}" | xargs ./configure \
-	--with-pkgversion="kata-static${BUILD_SUFFIX}") && \
+    [ -n "${BUILD_SUFFIX}" ] && HYPERVISOR_NAME="kata-qemu-${BUILD_SUFFIX}" || HYPERVISOR_NAME="kata-qemu" && \
+    [ -n "${BUILD_SUFFIX}" ] && PKGVERSION="kata-static-${BUILD_SUFFIX}" || PKGVERSION="kata-static" && \
+    (PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "${HYPERVISOR_NAME}" | xargs ./configure \
+	--with-pkgversion="${PKGVERSION}") && \
    make -j"$(nproc)" && \
    make install DESTDIR="${QEMU_DESTDIR}" && \
    /root/static-build/scripts/qemu-build-post.sh
--- a/tools/packaging/static-build/qemu/build-static-qemu-cc.sh
+++ b/tools/packaging/static-build/qemu/build-static-qemu-cc.sh
@ -14,6 +14,7 @@ source "${script_dir}/../../scripts/lib.sh"

 qemu_repo="${qemu_repo:-}"
 qemu_version="${qemu_version:-}"
+tee="${tee:-}"

 export prefix="/opt/confidential-containers/"

@ -28,4 +29,7 @@ fi
 [ -n "$qemu_version" ] || qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.version")
 [ -n "$qemu_version" ] || die "failed to get qemu version"

-"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "" "kata-static-qemu-cc.tar.gz"
+
+tarball_name="kata-static-qemu-cc.tar.gz"
+[ -n "${tee}" ] && tarball_name="kata-static-${tee}-qemu-cc.tar.gz"
+"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "${tee}" "${tarball_name}"
--- a/tools/packaging/static-build/qemu/build-static-qemu-experimental.sh
+++ b/tools/packaging/static-build/qemu/build-static-qemu-experimental.sh
@ -26,4 +26,4 @@ fi
 [ -n "$qemu_version" ] || qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu-experimental.version")
 [ -n "$qemu_version" ] || die "failed to get qemu version"

-"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "-experimental" "kata-static-qemu-experimental.tar.gz"
+"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "experimental" "kata-static-qemu-experimental.tar.gz"
--- a/tools/packaging/static-build/scripts/qemu-build-post.sh
+++ b/tools/packaging/static-build/scripts/qemu-build-post.sh
@ -25,9 +25,9 @@ done

 if [[ -n "${BUILD_SUFFIX}" ]]; then
 	echo "Rename binaries using $BUILD_SUFFIX"
-	find -name 'qemu-system-*' -exec mv {} {}-experimental \;
+	find -name 'qemu-system-*' -exec mv {} {}-$BUILD_SUFFIX \;
 	if [[ ${ARCH} != "x86_64" ]]; then
-		find -name 'virtiofsd' -exec mv {} {}-experimental \;
+		find -name 'virtiofsd' -exec mv {} {}-$BUILD_SUFFIX \;
 	fi
 fi