mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-31 16:36:38 +00:00
Merge pull request #10794 from fidencio/topic/bump-ubuntu-version-for-the-confidential-rootfs-and-initrd
versions: Bump Ubuntu base image & initrd
This commit is contained in:
@@ -84,4 +84,4 @@ RUN ARCH=$(uname -m); \
|
||||
esac; \
|
||||
rustup target add "${rust_arch}-unknown-linux-${libc}"
|
||||
|
||||
RUN pip install --no-cache-dir pyinstaller==6.9.0
|
||||
RUN pip install --no-cache-dir pyinstaller==6.9.0 || pip install --no-cache-dir pyinstaller==6.9.0 --break-system-packages
|
||||
|
@@ -2,10 +2,10 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
source /etc/os-release
|
||||
OS_NAME=ubuntu
|
||||
# This should be Ubuntu's code name, e.g. "focal" (Focal Fossa) for 20.04
|
||||
OS_VERSION=${OS_VERSION:-${UBUNTU_CODENAME}}
|
||||
OS_VERSION=${OS_VERSION:-""}
|
||||
[ -z "$OS_VERSION" ] && echo "OS_VERSION is required, but was not set" && exit 1
|
||||
PACKAGES="chrony iptables dbus"
|
||||
[ "$AGENT_INIT" = no ] && PACKAGES+=" init"
|
||||
[ "$MEASURED_ROOTFS" = yes ] && PACKAGES+=" cryptsetup-bin e2fsprogs"
|
||||
|
@@ -22,7 +22,7 @@ bootstrap=Ubuntu
|
||||
[Ubuntu]
|
||||
source=$REPO_URL
|
||||
keyring=ubuntu-keyring
|
||||
suite=$UBUNTU_CODENAME
|
||||
suite=$OS_VERSION
|
||||
packages=$PACKAGES $EXTRA_PKGS
|
||||
EOF
|
||||
|
||||
@@ -31,12 +31,16 @@ EOF
|
||||
curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key |
|
||||
gpg --dearmour -o $rootfs_dir/etc/apt/trusted.gpg.d/intel-sgx-deb.gpg
|
||||
sed -i -e "s/bootstrap=Ubuntu/bootstrap=Ubuntu intel-sgx/" $multistrap_conf
|
||||
SUITE=$OS_VERSION
|
||||
# Intel does not release sgx stuff for non-LTS, thus if using oracular (24.10),
|
||||
# we need to enforce getting libtdx-attest from noble.
|
||||
[ "$SUITE" = "oracular" ] && SUITE="noble"
|
||||
cat >> $multistrap_conf << EOF
|
||||
|
||||
[intel-sgx]
|
||||
source=https://download.01.org/intel-sgx/sgx_repo/ubuntu
|
||||
suite=$UBUNTU_CODENAME
|
||||
packages=libtdx-attest=1.20\*
|
||||
suite=$SUITE
|
||||
packages=libtdx-attest=1.22\*
|
||||
EOF
|
||||
fi
|
||||
|
||||
@@ -45,7 +49,14 @@ EOF
|
||||
apt update
|
||||
|
||||
if ! multistrap -a "$DEB_ARCH" -d "$rootfs_dir" -f "$multistrap_conf"; then
|
||||
build_dbus $rootfs_dir
|
||||
if [ "$OS_VERSION" = "focal" ]; then
|
||||
echo "WARN: multistrap failed, proceed with hack for Ubuntu 20.04"
|
||||
build_dbus $rootfs_dir
|
||||
else
|
||||
echo "ERROR: multistrap failed, cannot proceed" && exit 1
|
||||
fi
|
||||
else
|
||||
echo "INFO: multistrap succeeded"
|
||||
fi
|
||||
rm -rf "$rootfs_dir/var/run"
|
||||
ln -s /run "$rootfs_dir/var/run"
|
||||
|
@@ -71,7 +71,7 @@ build_image() {
|
||||
DISTRO="${os_name}" \
|
||||
DEBUG="${DEBUG:-}" \
|
||||
USE_DOCKER="1" \
|
||||
IMG_OS_VERSION="${os_version}" \
|
||||
OS_VERSION="${os_version}" \
|
||||
ROOTFS_BUILD_DEST="${builddir}/rootfs-image" \
|
||||
AGENT_TARBALL="${AGENT_TARBALL}" \
|
||||
AGENT_POLICY="${AGENT_POLICY:-}" \
|
||||
|
@@ -332,8 +332,12 @@ install_image() {
|
||||
local variant="${1:-}"
|
||||
|
||||
image_type="image"
|
||||
os_name="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.version")"
|
||||
if [ -n "${variant}" ]; then
|
||||
image_type+="-${variant}"
|
||||
os_name="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.${variant}.version")"
|
||||
fi
|
||||
|
||||
local component="rootfs-${image_type}"
|
||||
@@ -349,7 +353,7 @@ install_image() {
|
||||
"$(get_last_modification "${repo_root_dir}/tools/packaging/static-build/agent")")
|
||||
|
||||
|
||||
latest_artefact="$(get_kata_version)-${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-${image_type}"
|
||||
latest_artefact="$(get_kata_version)-${os_name}-${os_version}-${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-${image_type}"
|
||||
if [ "${variant}" == "confidential" ]; then
|
||||
# For the confidential image we depend on the kernel built in order to ensure that
|
||||
# measured boot is used
|
||||
@@ -371,16 +375,10 @@ install_image() {
|
||||
info "Create image"
|
||||
|
||||
if [ -n "${variant}" ]; then
|
||||
os_name="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.${variant}.version")"
|
||||
|
||||
if [[ "${variant}" == *confidential ]]; then
|
||||
export COCO_GUEST_COMPONENTS_TARBALL="$(get_coco_guest_components_tarball_path)"
|
||||
export PAUSE_IMAGE_TARBALL="$(get_pause_image_tarball_path)"
|
||||
fi
|
||||
else
|
||||
os_name="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.version")"
|
||||
fi
|
||||
|
||||
export AGENT_TARBALL=$(get_agent_tarball_path)
|
||||
@@ -406,8 +404,12 @@ install_initrd() {
|
||||
local variant="${1:-}"
|
||||
|
||||
initrd_type="initrd"
|
||||
os_name="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.version")"
|
||||
if [ -n "${variant}" ]; then
|
||||
initrd_type+="-${variant}"
|
||||
os_name="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.${variant}.version")"
|
||||
fi
|
||||
|
||||
local component="rootfs-${initrd_type}"
|
||||
@@ -422,7 +424,7 @@ install_initrd() {
|
||||
"$(get_last_modification "${repo_root_dir}/src/agent")" \
|
||||
"$(get_last_modification "${repo_root_dir}/tools/packaging/static-build/agent")")
|
||||
|
||||
latest_artefact="${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-${initrd_type}"
|
||||
latest_artefact="$(get_kata_version)-${os_name}-${os_version}-${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-${initrd_type}"
|
||||
if [ "${variant}" == "confidential" ]; then
|
||||
# For the confidential initrd we depend on the kernel built in order to ensure that
|
||||
# measured boot is used
|
||||
@@ -446,17 +448,12 @@ install_initrd() {
|
||||
info "Create initrd"
|
||||
|
||||
if [ -n "${variant}" ]; then
|
||||
os_name="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.${variant}.version")"
|
||||
|
||||
if [[ "${variant}" == *confidential ]]; then
|
||||
export COCO_GUEST_COMPONENTS_TARBALL="$(get_coco_guest_components_tarball_path)"
|
||||
export PAUSE_IMAGE_TARBALL="$(get_pause_image_tarball_path)"
|
||||
fi
|
||||
else
|
||||
# No variant is passed, it means vanilla kata containers
|
||||
os_name="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.version")"
|
||||
if [ "${os_name}" = "alpine" ]; then
|
||||
export AGENT_INIT=yes
|
||||
fi
|
||||
|
@@ -116,41 +116,38 @@ assets:
|
||||
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
|
||||
architecture:
|
||||
aarch64:
|
||||
name: &default-image-name "ubuntu"
|
||||
version: &default-image-version "latest"
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
nvidia-gpu:
|
||||
name: *default-image-name
|
||||
version: "jammy"
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
nvidia-gpu-confidential:
|
||||
name: *default-image-name
|
||||
version: "jammy"
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
ppc64le:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
s390x:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
confidential:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
x86_64:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 lTS
|
||||
confidential:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
name: "ubuntu"
|
||||
version: "oracular" # 24.10
|
||||
mariner:
|
||||
name: "cbl-mariner"
|
||||
version: "3.0"
|
||||
nvidia-gpu:
|
||||
name: *default-image-name
|
||||
version: "jammy"
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
nvidia-gpu-confidential:
|
||||
name: *default-image-name
|
||||
version: "jammy"
|
||||
|
||||
meta:
|
||||
image-type: *default-image-name
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
|
||||
initrd:
|
||||
description: |
|
||||
@@ -159,37 +156,37 @@ assets:
|
||||
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
|
||||
architecture:
|
||||
aarch64:
|
||||
name: &default-initrd-name "alpine"
|
||||
version: &default-initrd-version "3.18"
|
||||
name: "alpine"
|
||||
version: "3.18"
|
||||
nvidia-gpu:
|
||||
name: "ubuntu"
|
||||
version: "jammy"
|
||||
version: "jammy" # 22.04 LTS
|
||||
nvidia-gpu-confidential:
|
||||
name: "ubuntu"
|
||||
version: "jammy"
|
||||
# Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
|
||||
# there is no such Rust target
|
||||
ppc64le:
|
||||
name: &glibc-initrd-name "ubuntu"
|
||||
version: &glibc-initrd-version "20.04"
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
s390x:
|
||||
name: *glibc-initrd-name
|
||||
version: *glibc-initrd-version
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
confidential:
|
||||
name: *glibc-initrd-name
|
||||
version: *glibc-initrd-version
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
x86_64:
|
||||
name: *default-initrd-name
|
||||
version: *default-initrd-version
|
||||
name: "alpine"
|
||||
version: "3.18"
|
||||
confidential:
|
||||
name: *glibc-initrd-name
|
||||
version: *glibc-initrd-version
|
||||
name: "ubuntu"
|
||||
version: "focal" # 20.04 LTS
|
||||
nvidia-gpu:
|
||||
name: *glibc-initrd-name
|
||||
version: "jammy"
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
nvidia-gpu-confidential:
|
||||
name: *glibc-initrd-name
|
||||
version: "jammy"
|
||||
name: "ubuntu"
|
||||
version: "jammy" # 22.04 LTS
|
||||
|
||||
kernel:
|
||||
description: "Linux kernel optimised for virtual machines"
|
||||
|
Reference in New Issue
Block a user