Merge pull request #10803 from ryansavino/update-confidential-initrd-22.04

versions: update confidential initrd to 22.04

tests/integration/kubernetes/k8s-guest-pull-image.bats

@@ -90,6 +90,7 @@ setup() {
 
 @test "Test we can pull an image inside the guest using trusted storage" {
 	[ "$(uname -m)" == "s390x" ] && skip "See: https://github.com/kata-containers/kata-containers/issues/10838"
+    [ "${KATA_HYPERVISOR}" == "qemu-snp" ] && skip "See: https://github.com/kata-containers/kata-containers/issues/10838"
     # The image pulled in the guest will be downloaded and unpacked in the `/run/kata-containers/image` directory.
     # The tests will use `cryptsetup` to encrypt a block device and mount it at `/run/kata-containers/image`.
 
@@ -138,6 +139,7 @@ setup() {
 
 @test "Test we cannot pull a large image that pull time exceeds createcontainer timeout inside the guest" {
 	[ "$(uname -m)" == "s390x" ] && skip "See: https://github.com/kata-containers/kata-containers/issues/10838"
+    [ "${KATA_HYPERVISOR}" == "qemu-snp" ] && skip "See: https://github.com/kata-containers/kata-containers/issues/10838"
 
     storage_config=$(mktemp "${BATS_FILE_TMPDIR}/$(basename "${storage_config_template}").XXX")
     local_device=$(create_loop_device)
@@ -181,6 +183,7 @@ setup() {
 
 @test "Test we can pull a large image inside the guest with large createcontainer timeout" {
 	[ "$(uname -m)" == "s390x" ] && skip "See: https://github.com/kata-containers/kata-containers/issues/10838"
+    [ "${KATA_HYPERVISOR}" == "qemu-snp" ] && skip "See: https://github.com/kata-containers/kata-containers/issues/10838"
 
     if [ "${KATA_HYPERVISOR}" = "qemu-coco-dev" ] && [ "${KBS_INGRESS}" = "aks" ]; then
         skip "skip this specific one due to issue https://github.com/kata-containers/kata-containers/issues/10299"

tools/osbuilder/initrd-builder/initrd_builder.sh

@@ -74,7 +74,16 @@ OK "Agent is installed"
 
 # initramfs expects /init, create symlink only if ${ROOTFS}/init does not exist
 # Init may be provided by other packages, e.g. systemd or GPU initrd/rootfs
-[ -x "${ROOTFS}/init" ] || [ -L "${ROOTFS}/init" ] || sudo ln -sf /sbin/init "${ROOTFS}/init"
+if [ ! -x "${ROOTFS}/init" ] && [ ! -L "${ROOTFS}/init" ]; then
+  # ATTN: In some instances, /init is not following two or more levels of symlinks
+  # i.e. (/init to /sbin/init to /lib/systemd/systemd)
+  # Setting /init directly to /lib/systemd/systemd when AGENT_INIT is disabled
+  if [ "${AGENT_INIT}" = "yes" ]; then
+    sudo ln -sf /sbin/init "${ROOTFS}/init"
+  else
+    sudo ln -sf /lib/systemd/systemd "${ROOTFS}/init"
+  fi
+fi
 
 info "Creating ${IMAGE_DIR}/${IMAGE_NAME} based on rootfs at ${ROOTFS}"
 ( cd "${ROOTFS}" && sudo find . | sudo cpio -H newc -o | gzip -9 ) > "${IMAGE_DIR}"/"${IMAGE_NAME}"

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -472,11 +472,7 @@ install_initrd() {
 
 #Install guest initrd for confidential guests
 install_initrd_confidential() {
-	if [ "${ARCH}" == "s390x" ]; then
-		export MEASURED_ROOTFS=no
-	else
-		export MEASURED_ROOTFS=yes
-	fi
+	export MEASURED_ROOTFS=no
 	export PULL_TYPE=default
 	install_initrd "confidential"
 }

versions.yaml

@@ -168,7 +168,7 @@ assets:
           version: "jammy"  # 22.04 LTS
         nvidia-gpu-confidential:
           name: "ubuntu"
-          version: "jammy"
+          version: "jammy"  # 22.04 LTS
       # Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
       # there is no such Rust target
       ppc64le:
@@ -185,7 +185,7 @@ assets:
         version: "3.18"
         confidential:
           name: "ubuntu"
-          version: "focal"  # 20.04 LTS
+          version: "jammy"  # 22.04 LTS
         nvidia-gpu:
           name: "ubuntu"
           version: "jammy"  # 22.04 LTS