diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index d82f2e7d6d..508f08ae1b 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -16,6 +16,7 @@ AGENT_VERSION=${AGENT_VERSION:-} RUST_VERSION="null" AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} +KATA_BUILD_CC=${KATA_BUILD_CC:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} OSBUILDER_VERSION="unknown" DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc} @@ -437,6 +438,7 @@ build_rootfs_distro() --env ROOTFS_DIR="/rootfs" \ --env AGENT_BIN="${AGENT_BIN}" \ --env AGENT_INIT="${AGENT_INIT}" \ + --env KATA_BUILD_CC="${KATA_BUILD_CC}" \ --env ARCH="${ARCH}" \ --env CI="${CI}" \ --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ @@ -692,6 +694,17 @@ EOF popd fi + if [ "${KATA_BUILD_CC}" == "yes" ]; then + info "Integrate pause image inside rootfs for CC" + pause_repo="$(get_package_version_from_kata_yaml externals.pause.repo)" + pause_version="$(get_package_version_from_kata_yaml externals.pause.version)" + [ -n "pause_repo" ] || die "failed to get pause image repo" + [ -n "pause_version" ] || die "failed to get pause image version" + + skopeo copy "${pause_repo}":"${pause_version}" oci:pause:"${pause_version}" + umoci unpack --image pause:"${pause_version}" "${ROOTFS_DIR}/pause_bundle" + fi + info "Creating summary file" create_summary_file "${ROOTFS_DIR}" } diff --git a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in index 25d1907a6f..75420eef23 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in @@ -3,6 +3,17 @@ # SPDX-License-Identifier: Apache-2.0 ARG IMAGE_REGISTRY=docker.io + +# Install skopeo which is not included in 20.04 release +# This can be removed when we upgrade the base to 22.04 release +FROM ${IMAGE_REGISTRY}/golang:1.18 AS skopeo +@SET_PROXY@ +WORKDIR /skopeo +ARG SKOPEO_VERSION="1.9.1" +RUN curl -fsSL "https://github.com/containers/skopeo/archive/v${SKOPEO_VERSION}.tar.gz" \ + | tar -xzf - --strip-components=1 +RUN CGO_ENABLED=0 DISABLE_DOCS=1 make BUILDTAGS=containers_image_openpgp GO_DYN_FLAGS= + FROM ${IMAGE_REGISTRY}/ubuntu:@OS_VERSION@ @SET_PROXY@ @@ -27,10 +38,14 @@ RUN apt-get update && \ multistrap \ musl-tools \ pkg-config \ - protobuf-compiler + protobuf-compiler \ + umoci # aarch64 requires this name -- link for all RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc" +COPY --from=skopeo /skopeo/bin/skopeo /usr/local/bin/ +COPY --from=skopeo /skopeo/default-policy.json /etc/containers/policy.json + @INSTALL_RUST@ @INSTALL_AA_KBC@ diff --git a/versions.yaml b/versions.yaml index 71691f41f0..11641bca76 100644 --- a/versions.yaml +++ b/versions.yaml @@ -231,6 +231,11 @@ externals: url: "https://github.com/seccomp/libseccomp" version: "2.5.1" + pause: + description: "Kubernetes pause container image" + repo: "docker://k8s.gcr.io/pause" + version: "3.6" + runc: description: "OCI CLI reference runtime implementation" url: "https://github.com/opencontainers/runc"