github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-10 04:18:26 +00:00
Code Issues Projects Releases Wiki Activity

shim-v2: ensure root hash exist when measured rootfs

Browse Source 
When measured toofs is enabled then the shim-v2 build should find the
guest rootfs hash file, otherwise might (silently) generate configuration
files with empty hash.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This commit is contained in:
Wainer dos Santos Moschetta 2023-07-04 14:58:48 -03:00
parent 1465e58854
commit 72ef82368c
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tools/packaging/static-build/shim-v2/build.sh
View File

@ -27,12 +27,15 @@ EXTRA_OPTS="${EXTRA_OPTS:-""}"
[ "${CROSS_BUILD}" == "true" ] && container_image_bk="${container_image}" && container_image="${container_image}-cross-build"
if [ "${MEASURED_ROOTFS}" == "yes" ]; then
EXTRA_OPTS+=" DEFSERVICEOFFLOAD=true"
if [ -f "${repo_root_dir}/tools/osbuilder/root_hash.txt" ]; then
info "Enable rootfs measurement config"
root_hash=$(sudo sed -e 's/Root hash:\s*//g;t;d' "${repo_root_dir}/tools/osbuilder/root_hash.txt")
root_measure_config="rootfs_verity.scheme=dm-verity rootfs_verity.hash=${root_hash}"
EXTRA_OPTS+=" ROOTMEASURECONFIG=\"${root_measure_config}\""
fi
info "Enable rootfs measurement config"
root_hash_file="${repo_root_dir}/tools/osbuilder/root_hash.txt"
[ -f "$root_hash_file" ] || \
die "Root hash file for measured rootfs not found at ${root_hash_file}"
root_hash=$(sudo sed -e 's/Root hash:\s*//g;t;d' "${root_hash_file}")
root_measure_config="rootfs_verity.scheme=dm-verity rootfs_verity.hash=${root_hash}"
EXTRA_OPTS+=" ROOTMEASURECONFIG=\"${root_measure_config}\""
fi
sudo docker pull ${container_image} || \