From 335ddd58766f26970dacd7887df7573a1f430ffb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 29 Jun 2022 19:05:11 +0200 Subject: [PATCH 1/2] packaging: Do not unset env vars needed for CC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SKOPEO, UMOCI, and AA_KBC have been unset so far as we have not been generating rootfs images that would be used for CC as part of our workflow. Now, as we're targetting the first release of the operator with the CCv0 branch, let's stop unsetting those and start taking advantage of our tools to help us building a CC capable image. Signed-off-by: Fabiano FidĂȘncio --- tools/packaging/guest-image/build_image.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tools/packaging/guest-image/build_image.sh b/tools/packaging/guest-image/build_image.sh index 551be25eb6..c3133c3667 100755 --- a/tools/packaging/guest-image/build_image.sh +++ b/tools/packaging/guest-image/build_image.sh @@ -48,10 +48,6 @@ build_image() { info "Build image" info "image os: $img_distro" info "image os version: $img_os_version" - # CCv0 on image is currently unsupported, do not pass - unset SKOPEO - unset UMOCI - unset AA_KBC sudo -E PATH="${PATH}" make image \ DISTRO="${img_distro}" \ DEBUG="${DEBUG:-}" \ From a438d6114b8f7fa31443b2c92a3ae0dcec6fd64b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 29 Jun 2022 19:11:29 +0200 Subject: [PATCH 2/2] packaging: Allow building a CC capable image MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's add a new build target for our local-build scripts, cc-rootfs-image-tarball, and use it to build an image that has skopeo and umoci embedded in, and that using the offline_fs_kbc as the attenstation agent KBC. Fixes: #4557 Signed-off-by: Fabiano FidĂȘncio --- tools/packaging/kata-deploy/local-build/Makefile | 3 +++ .../local-build/kata-deploy-binaries.sh | 15 +++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile index 0827a2b51c..66cb99c534 100644 --- a/tools/packaging/kata-deploy/local-build/Makefile +++ b/tools/packaging/kata-deploy/local-build/Makefile @@ -69,3 +69,6 @@ install-tarball: image: kata-tarball $(MK_DIR)kata-deploy-build-and-upload-image.sh $(CURDIR)/kata-static.tar.xz + +cc-rootfs-image-tarball: + ${MAKE} $@-build diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 2809d6e7d9..ae5d40d856 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -30,6 +30,8 @@ readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build-static-virtiofsd readonly rootfs_builder="${repo_root_dir}/tools/packaging/guest-image/build_image.sh" +readonly cc_prefix="/opt/confidential-containers" + ARCH=$(uname -m) workdir="${WORKDIR:-$PWD}" @@ -83,6 +85,16 @@ EOF exit "${return_code}" } +#Install cc capable guest image +install_cc_image() { + info "Create CC image" + export SKOPEO=yes + export UMOCI=yes + export AA_KBC="offline_fs_kbc" + + "${rootfs_builder}" --imagetype=image --prefix="${cc_prefix}" --destdir="${destdir}" +} + #Install guest image install_image() { info "Create image" @@ -180,6 +192,8 @@ handle_build() { install_virtiofsd ;; + cc-rootfs-image) install_cc_image ;; + cloud-hypervisor) install_clh ;; firecracker) install_firecracker ;; @@ -227,6 +241,7 @@ main() { local build_targets local silent build_targets=( + cc-rootfs-image cloud-hypervisor firecracker kernel