agent: get rid of pull-type option

The feature `guest-pull` and `default-pull` are both removed, because
both guest pull and host pull are supported in building time without
without involving new dependencies like image-rs before. The guest pull
will depend on the CDH process, not the build time feature.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>

src/agent/Makefile

@@ -41,16 +41,6 @@ ifeq ($(AGENT_POLICY),yes)
     override EXTRA_RUSTFEATURES += agent-policy
 endif
 
-##VAR PULL_TYPE=default|guest-pull define if agent enables the guest pull image feature
-PULL_TYPE ?= default
-ifeq ($(PULL_TYPE),default)
-    override EXTRA_RUSTFEATURES += default-pull
-# Enable guest pull image feature of rust build
-else ifeq ($(PULL_TYPE),guest-pull)
-    override EXTRA_RUSTFEATURES += guest-pull
-endif
-
-
 include ../../utils.mk
 
 ##VAR STANDARD_OCI_RUNTIME=yes|no define if agent enables standard oci runtime feature

src/agent/src/features.rs

@@ -8,8 +8,6 @@ pub fn get_build_features() -> Vec<String> {
     let features: Vec<&str> = vec![
         #[cfg(feature = "agent-policy")]
         "agent-policy",
-        #[cfg(feature = "guest-pull")]
-        "guest-pull",
         #[cfg(feature = "seccomp")]
         "seccomp",
         #[cfg(feature = "standard-oci-runtime")]

src/agent/src/rpc.rs

@@ -57,7 +57,6 @@ use rustjail::process::ProcessOperations;
 
 #[cfg(target_arch = "s390x")]
 use crate::ccw;
-#[cfg(feature = "guest-pull")]
 use crate::confidential_data_hub::image::KATA_IMAGE_WORK_DIR;
 use crate::device::block_device_handler::get_virtio_blk_pci_device_name;
 #[cfg(target_arch = "s390x")]
@@ -108,7 +107,6 @@ use kata_types::k8s;
 
 pub const CONTAINER_BASE: &str = "/run/kata-containers";
 const MODPROBE_PATH: &str = "/sbin/modprobe";
-#[cfg(feature = "guest-pull")]
 const TRUSTED_IMAGE_STORAGE_DEVICE: &str = "/dev/trusted_store";
 /// the iptables seriers binaries could appear either in /sbin
 /// or /usr/sbin, we need to check both of them
@@ -238,7 +236,6 @@ impl AgentService {
         handle_cdi_devices(&sl(), &mut oci, "/var/run/cdi", AGENT_CONFIG.cdi_timeout).await?;
 
         // Handle trusted storage configuration before mounting any storage
-        #[cfg(feature = "guest-pull")]
         cdh_handler_trusted_storage(&mut oci)
             .await
             .map_err(|e| anyhow!("failed to handle trusted storage: {}", e))?;
@@ -316,14 +313,12 @@ impl AgentService {
         let pipe_size = AGENT_CONFIG.container_pipe_size;
 
         let p = if let Some(p) = oci.process() {
-            #[cfg(feature = "guest-pull")]
             {
                 let new_p =
                     confidential_data_hub::image::get_process(p, &oci, req.storages.clone())?;
                 Process::new(&sl(), &new_p, cid.as_str(), true, pipe_size, proc_io)?
             }
 
-            #[cfg(not(feature = "guest-pull"))]
             Process::new(&sl(), p, cid.as_str(), true, pipe_size, proc_io)?
         } else {
             info!(sl(), "no process configurations!");

src/agent/src/storage/mod.rs

@@ -24,7 +24,6 @@ use self::bind_watcher_handler::BindWatcherHandler;
 use self::block_handler::{PmemHandler, ScsiHandler, VirtioBlkMmioHandler, VirtioBlkPciHandler};
 use self::ephemeral_handler::EphemeralHandler;
 use self::fs_handler::{OverlayfsHandler, Virtio9pHandler, VirtioFsHandler};
-#[cfg(feature = "guest-pull")]
 use self::image_pull_handler::ImagePullHandler;
 use self::local_handler::LocalHandler;
 use crate::mount::{baremount, is_mounted, remove_mounts};
@@ -36,7 +35,6 @@ mod bind_watcher_handler;
 mod block_handler;
 mod ephemeral_handler;
 mod fs_handler;
-#[cfg(feature = "guest-pull")]
 mod image_pull_handler;
 mod local_handler;
 
@@ -148,7 +146,6 @@ lazy_static! {
             Arc::new(BindWatcherHandler {}),
             #[cfg(target_arch = "s390x")]
             Arc::new(self::block_handler::VirtioBlkCcwHandler {}),
-            #[cfg(feature = "guest-pull")]
             Arc::new(ImagePullHandler {}),
         ];