diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index fabbba4ee6..bab6ac03f1 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -32,6 +32,7 @@ SELINUX=${SELINUX:-"no"} AGENT_POLICY=${AGENT_POLICY:-no} AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN:-""} AGENT_TARBALL=${AGENT_TARBALL:-""} +GUEST_HOOKS_TARBALL="${GUEST_HOOKS_TARBALL:-}" COCO_GUEST_COMPONENTS_TARBALL=${COCO_GUEST_COMPONENTS_TARBALL:-""} CONFIDENTIAL_GUEST="${CONFIDENTIAL_GUEST:-no}" PAUSE_IMAGE_TARBALL=${PAUSE_IMAGE_TARBALL:-""} @@ -520,6 +521,11 @@ build_rootfs_distro() engine_run_args+=" -v $(dirname ${PAUSE_IMAGE_TARBALL}):$(dirname ${PAUSE_IMAGE_TARBALL})" fi + if [[ -n "${GUEST_HOOKS_TARBALL}" ]]; then + engine_run_args+=" --env GUEST_HOOKS_TARBALL=${GUEST_HOOKS_TARBALL}" + engine_run_args+=" -v $(dirname ${GUEST_HOOKS_TARBALL}):$(dirname ${GUEST_HOOKS_TARBALL})" + fi + engine_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}" engine_run_args+=" $(docker_extra_args $distro)" @@ -784,6 +790,11 @@ EOF ln -sf "${policy_file_name}" "${policy_dir}/default-policy.rego" fi + if [[ -n "${GUEST_HOOKS_TARBALL}" ]]; then + info "Install the ${GUEST_HOOKS_TARBALL} guest hooks" + tar xvJpf "${GUEST_HOOKS_TARBALL}" -C "${ROOTFS_DIR}" + fi + info "Check init is installed" [ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" OK "init is installed" diff --git a/tools/packaging/guest-image/build_image.sh b/tools/packaging/guest-image/build_image.sh index b53902230c..228b3e1c17 100755 --- a/tools/packaging/guest-image/build_image.sh +++ b/tools/packaging/guest-image/build_image.sh @@ -21,6 +21,7 @@ readonly osbuilder_dir="$(cd "${repo_root_dir}/tools/osbuilder" && pwd)" export GOPATH=${GOPATH:-${HOME}/go} export AGENT_TARBALL=${AGENT_TARBALL:-} +export GUEST_HOOKS_TARBALL="${GUEST_HOOKS_TARBALL:-}" ARCH=${ARCH:-$(uname -m)} if [ $(uname -m) == "${ARCH}" ]; then @@ -48,7 +49,8 @@ build_initrd() { AGENT_POLICY="${AGENT_POLICY:-}" \ PULL_TYPE="${PULL_TYPE:-default}" \ COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" \ - PAUSE_IMAGE_TARBALL="${PAUSE_IMAGE_TARBALL:-}" + PAUSE_IMAGE_TARBALL="${PAUSE_IMAGE_TARBALL:-}" \ + GUEST_HOOKS_TARBALL="${GUEST_HOOKS_TARBALL}" if [[ "${image_initrd_suffix}" == "nvidia-gpu"* ]]; then nvidia_driver_version=$(cat "${builddir}"/initrd-image/*/nvidia_driver_version) @@ -77,7 +79,8 @@ build_image() { AGENT_POLICY="${AGENT_POLICY:-}" \ PULL_TYPE="${PULL_TYPE:-default}" \ COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" \ - PAUSE_IMAGE_TARBALL="${PAUSE_IMAGE_TARBALL:-}" + PAUSE_IMAGE_TARBALL="${PAUSE_IMAGE_TARBALL:-}" \ + GUEST_HOOKS_TARBALL="${GUEST_HOOKS_TARBALL}" if [[ "${image_initrd_suffix}" == "nvidia-gpu"* ]]; then nvidia_driver_version=$(cat "${builddir}"/rootfs-image/*/nvidia_driver_version) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh index f7abd5b057..02d878ede4 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh @@ -105,6 +105,7 @@ USE_CACHE="${USE_CACHE:-}" BUSYBOX_CONF_FILE=${BUSYBOX_CONF_FILE:-} NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK:-}" KBUILD_SIGN_PIN=${KBUILD_SIGN_PIN:-} +GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME:-}" docker run \ -v $HOME/.docker:/root/.docker \ @@ -137,6 +138,7 @@ docker run \ --env BUSYBOX_CONF_FILE="${BUSYBOX_CONF_FILE}" \ --env NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK}" \ --env KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN}" \ + --env GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME}" \ --env AA_KBC="${AA_KBC:-}" \ --env HKD_PATH="$(realpath "${HKD_PATH:-}" 2> /dev/null || true)" \ --env SE_KERNEL_PARAMS="${SE_KERNEL_PARAMS:-}" \ diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 04492266cd..ffe0a9c860 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -49,6 +49,7 @@ ARTEFACT_REGISTRY="${ARTEFACT_REGISTRY:-ghcr.io}" ARTEFACT_REPOSITORY="${ARTEFACT_REPOSITORY:-kata-containers}" ARTEFACT_REGISTRY_USERNAME="${ARTEFACT_REGISTRY_USERNAME:-}" ARTEFACT_REGISTRY_PASSWORD="${ARTEFACT_REGISTRY_PASSWORD:-}" +GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME:-}" TARGET_BRANCH="${TARGET_BRANCH:-main}" PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-}" KERNEL_HEADERS_PKG_TYPE="${KERNEL_HEADERS_PKG_TYPE:-deb}" @@ -311,6 +312,13 @@ get_pause_image_tarball_path() { echo "${pause_image_local_build_dir}/${pause_image_tarball_name}" } +get_guest_hooks_tarball_path() { + guest_hooks_local_build_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build" + guest_hooks_tarball_name="${GUEST_HOOKS_TARBALL_NAME}" + + echo "${guest_hooks_local_build_dir}/${guest_hooks_tarball_name}" +} + get_latest_pause_image_artefact_and_builder_image_version() { local pause_image_repo="$(get_from_kata_deps ".externals.pause.repo")" local pause_image_version=$(get_from_kata_deps ".externals.pause.version") @@ -386,6 +394,10 @@ install_image() { export AGENT_TARBALL=$(get_agent_tarball_path) export AGENT_POLICY=yes + if [[ -n "${GUEST_HOOKS_TARBALL_NAME}" ]]; then + export GUEST_HOOKS_TARBALL="$(get_guest_hooks_tarball_path)" + fi + "${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}" } @@ -468,6 +480,10 @@ install_initrd() { export AGENT_TARBALL=$(get_agent_tarball_path) export AGENT_POLICY=yes + if [[ -n "${GUEST_HOOKS_TARBALL_NAME}" ]]; then + export GUEST_HOOKS_TARBALL="$(get_guest_hooks_tarball_path)" + fi + "${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}" }