From b3b570e4c47fa35b148f36e7bdbd0851e838eb5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano@fidencio.org>
Date: Tue, 25 Feb 2025 21:45:15 +0100
Subject: [PATCH] agent: Fix non-guest-pull build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As the guest-pull is a very Confidental Containers specific feature,
let's make sure we, at least, don't break folks who decide to build Kata
Containers' agent without having this feature enabled (for instance, for
the sake of the agent size).

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
---
 src/agent/src/cdh.rs | 1 +
 src/agent/src/rpc.rs | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/src/agent/src/cdh.rs b/src/agent/src/cdh.rs
index ba2ac66a03..f3be4bc701 100644
--- a/src/agent/src/cdh.rs
+++ b/src/agent/src/cdh.rs
@@ -184,6 +184,7 @@ pub async fn unseal_file(path: &str) -> Result<()> {
     Ok(())
 }
 
+#[cfg(feature = "guest-pull")]
 pub async fn secure_mount(
     volume_type: &str,
     options: &std::collections::HashMap<String, String>,
diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs
index 2ab66e3a62..a909f9b70a 100644
--- a/src/agent/src/rpc.rs
+++ b/src/agent/src/rpc.rs
@@ -60,6 +60,7 @@ use crate::device::block_device_handler::get_virtio_blk_pci_device_name;
 use crate::device::network_device_handler::wait_for_net_interface;
 use crate::device::{add_devices, handle_cdi_devices, update_env_pci};
 use crate::features::get_build_features;
+#[cfg(feature = "guest-pull")]
 use crate::image::KATA_IMAGE_WORK_DIR;
 use crate::linux_abi::*;
 use crate::metrics::get_metrics;
@@ -106,6 +107,7 @@ use kata_types::k8s;
 
 pub const CONTAINER_BASE: &str = "/run/kata-containers";
 const MODPROBE_PATH: &str = "/sbin/modprobe";
+#[cfg(feature = "guest-pull")]
 const TRUSTED_IMAGE_STORAGE_DEVICE: &str = "/dev/trusted_store";
 /// the iptables seriers binaries could appear either in /sbin
 /// or /usr/sbin, we need to check both of them
@@ -2241,11 +2243,13 @@ async fn cdh_handler(oci: &mut Spec) -> Result<()> {
         }
     }
 
+    #[cfg(feature = "guest-pull")]
     let linux = oci
         .linux()
         .as_ref()
         .ok_or_else(|| anyhow!("Spec didn't contain linux field"))?;
 
+    #[cfg(feature = "guest-pull")]
     if let Some(devices) = linux.devices() {
         for specdev in devices.iter() {
             if specdev.path().as_path().to_str() == Some(TRUSTED_IMAGE_STORAGE_DEVICE) {