build: Allow users to specificy EXTRA_PKGS

Right now we've had some logic to add EXTRA_PKGS, but those were restrict to the nvidia builds, and would require changing the file manually. Let's make sure a user can add this just by specifying an env var. Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
2025-04-27 11:31:05 +00:00 · 2025-04-12 13:13:53 +02:00 · 2025-04-12 13:13:53 +02:00 · 5d0688079a
commit 5d0688079a
parent 40a15ac760
2 changed files with 15 additions and 4 deletions
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
@ -106,6 +106,7 @@ BUSYBOX_CONF_FILE=${BUSYBOX_CONF_FILE:-}
 NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK:-}"
 KBUILD_SIGN_PIN=${KBUILD_SIGN_PIN:-}
 GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME:-}"
+EXTRA_PKGS="${EXTRA_PKGS:-}"

 docker run \
 	-v $HOME/.docker:/root/.docker \
@ -139,6 +140,7 @@ docker run \
 	--env NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK}" \
 	--env KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN}" \
 	--env GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME}" \
+	--env EXTRA_PKGS="${EXTRA_PKGS}" \
 	--env AA_KBC="${AA_KBC:-}" \
 	--env HKD_PATH="$(realpath "${HKD_PATH:-}" 2> /dev/null || true)" \
 	--env SE_KERNEL_PARAMS="${SE_KERNEL_PARAMS:-}" \
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -50,6 +50,7 @@ ARTEFACT_REPOSITORY="${ARTEFACT_REPOSITORY:-kata-containers}"
 ARTEFACT_REGISTRY_USERNAME="${ARTEFACT_REGISTRY_USERNAME:-}"
 ARTEFACT_REGISTRY_PASSWORD="${ARTEFACT_REGISTRY_PASSWORD:-}"
 GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME:-}"
+EXTRA_PKGS="${EXTRA_PKGS:-}"
 TARGET_BRANCH="${TARGET_BRANCH:-main}"
 PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-}"
 KERNEL_HEADERS_PKG_TYPE="${KERNEL_HEADERS_PKG_TYPE:-deb}"
@ -398,6 +399,10 @@ install_image() {
 		export GUEST_HOOKS_TARBALL="$(get_guest_hooks_tarball_path)"
 	fi

+	if [[ -n "${EXTRA_PKGS}" ]]; then
+		export EXTRA_PKGS
+	fi
+
 	"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
 }

@ -484,6 +489,10 @@ install_initrd() {
 		export GUEST_HOOKS_TARBALL="$(get_guest_hooks_tarball_path)"
 	fi

+	if [[ -n "${EXTRA_PKGS}" ]]; then
+		export EXTRA_PKGS
+	fi
+
 	"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
 }

@ -516,7 +525,7 @@ install_initrd_confidential() {
 # Install NVIDIA GPU image
 install_image_nvidia_gpu() {
 	export AGENT_POLICY="yes"
-	export EXTRA_PKGS="apt"
+	EXTRA_PKGS="apt ${EXTRA_PKGS}"
 	NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute,dcgm"}
 	install_image "nvidia-gpu"
 }
@ -524,7 +533,7 @@ install_image_nvidia_gpu() {
 # Install NVIDIA GPU initrd
 install_initrd_nvidia_gpu() {
 	export AGENT_POLICY="yes"
-	export EXTRA_PKGS="apt"
+	EXTRA_PKGS="apt ${EXTRA_PKGS}"
 	NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute,dcgm"}
 	install_initrd "nvidia-gpu"
 }
@ -532,7 +541,7 @@ install_initrd_nvidia_gpu() {
 # Instal NVIDIA GPU confidential image
 install_image_nvidia_gpu_confidential() {
 	export AGENT_POLICY="yes"
-	export EXTRA_PKGS="apt"
+	EXTRA_PKGS="apt ${EXTRA_PKGS}"
 	# TODO: export MEASURED_ROOTFS=yes
 	NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute"}
 	install_image "nvidia-gpu-confidential"
@ -541,7 +550,7 @@ install_image_nvidia_gpu_confidential() {
 # Install NVIDIA GPU confidential initrd
 install_initrd_nvidia_gpu_confidential() {
 	export AGENT_POLICY="yes"
-	export EXTRA_PKGS="apt"
+	EXTRA_PKGS="apt ${EXTRA_PKGS}"
 	# TODO: export MEASURED_ROOTFS=yes
 	NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute"}
 	install_initrd "nvidia-gpu-confidential"