Merge pull request #5587 from fidencio/topic/bump-confidential-containers-dependencies

CC | Bump Confidential Containers dependencies
2025-08-27 03:59:01 +00:00 · 2022-11-07 15:54:23 +01:00 · 2022-11-07 15:54:23 +01:00 · 38b5818813
commit 38b5818813
parent d45f7e54c4 4d0658e3fa
5 changed files with 12 additions and 8 deletions
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
@ -1920,7 +1920,7 @@ dependencies = [
 [[package]]
 name = "image-rs"
 version = "0.1.0"
-source = "git+https://github.com/confidential-containers/image-rs?rev=60bfcfa86011355362992f91bdd92da75e75eec6#60bfcfa86011355362992f91bdd92da75e75eec6"
+source = "git+https://github.com/confidential-containers/image-rs?tag=v0.2.0#3aca6fd576f50b9e960309caddeb9d91573d4e69"
 dependencies = [
 "anyhow",
 "dircpy",
@ -2810,7 +2810,7 @@ dependencies = [
 [[package]]
 name = "ocicrypt-rs"
 version = "0.1.0"
-source = "git+https://github.com/confidential-containers/ocicrypt-rs?rev=2a09bd03abbfae99e065e3ec4bdddd0054a62d2f#2a09bd03abbfae99e065e3ec4bdddd0054a62d2f"
+source = "git+https://github.com/confidential-containers/ocicrypt-rs?tag=v0.2.0#2a09bd03abbfae99e065e3ec4bdddd0054a62d2f"
 dependencies = [
 "aes 0.8.1",
 "aes-gcm 0.9.4",
@ -4280,7 +4280,7 @@ dependencies = [
 [[package]]
 name = "signature"
 version = "0.1.0"
-source = "git+https://github.com/confidential-containers/image-rs?rev=60bfcfa86011355362992f91bdd92da75e75eec6#60bfcfa86011355362992f91bdd92da75e75eec6"
+source = "git+https://github.com/confidential-containers/image-rs?tag=v0.2.0#3aca6fd576f50b9e960309caddeb9d91573d4e69"
 dependencies = [
 "anyhow",
 "async-trait",
--- a/src/agent/Cargo.toml
+++ b/src/agent/Cargo.toml
@ -68,7 +68,7 @@ toml = "0.5.8"
 clap = { version = "3.0.1", features = ["derive"] }

 # Image pull/decrypt
-image-rs = { git = "https://github.com/confidential-containers/image-rs", rev = "60bfcfa86011355362992f91bdd92da75e75eec6" }
+image-rs = { git = "https://github.com/confidential-containers/image-rs", tag = "v0.2.0" }
 # "vendored" feature for openssl is required by musl build
 openssl = { version = "0.10.38", features = ["vendored"] }

--- a/tools/packaging/static-build/td-shim/Dockerfile
+++ b/tools/packaging/static-build/td-shim/Dockerfile
@ -15,7 +15,9 @@ RUN apt-get update && \
        gcc \
        git \
        llvm \
-        nasm && \
+        make \
+        nasm \
+        patch && \
    apt-get clean && rm -rf /var/lib/lists/ && \
    curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} && \
    source "$HOME/.cargo/env" && \
--- a/tools/packaging/static-build/td-shim/build-td-shim.sh
+++ b/tools/packaging/static-build/td-shim/build-td-shim.sh
@ -27,11 +27,13 @@ pushd ${build_root}
 git clone --single-branch "${tdshim_repo}"
 pushd td-shim
 git checkout "${tdshim_version}"
+git submodule update --init
+make preparation
 bash sh_script/build_final.sh boot_kernel

 install_dir="${DESTDIR}/${PREFIX}/share/td-shim"
 mkdir -p ${install_dir}
-install target/x86_64-unknown-uefi/release/final-boot-kernel.bin ${install_dir}/td-shim.bin
+install target/release/final-boot-kernel.bin ${install_dir}/td-shim.bin
 popd #td-shim
 popd #${build_root}

--- a/versions.yaml
+++ b/versions.yaml
@ -186,7 +186,7 @@ externals:
  attestation-agent:
    description: "Provide attested key unwrapping for image decryption"
    url: "https://github.com/confidential-containers/attestation-agent"
-    version: "e930d362c24bad62b5fa7d5079a9dc912dd78fa4"
+    version: "v0.2.0"

  cni-plugins:
    description: "CNI network plugins"
@ -307,7 +307,7 @@ externals:
  td-shim:
    description: "Confidential Containers Shim Firmware"
    url: "https://github.com/confidential-containers/td-shim"
-    version: "cf9592ef70bd6ba4c7ab1330d278a743f5ba3133"
+    version: "v0.2.0"
    toolchain: "nightly-2022-05-15"

  virtiofsd: