Merge pull request #4565 from fidencio/topic/cc-build-the-shim-with-the-needed-configurations

CC | Build the shim-v2 with the needed configurations for Confidential Containers usage

src/runtime/Makefile

@@ -211,6 +211,9 @@ DEFSTATICRESOURCEMGMT ?= false
 
 DEFBINDMOUNTS := []
 
+# Image Service Offload
+DEFSERVICEOFFLOAD ?= false
+
 SED = sed
 
 CLI_DIR = cmd
@@ -479,6 +482,7 @@ USER_VARS += DEFSTATICRESOURCEMGMT_FC
 USER_VARS += DEFBINDMOUNTS
 USER_VARS += DEFVFIOMODE
 USER_VARS += BUILDFLAGS
+USER_VARS += DEFSERVICEOFFLOAD
 
 
 V              = @

src/runtime/config/configuration-clh.toml.in

@@ -405,7 +405,7 @@ experimental=@DEFAULTEXPFEATURES@
 #
 # Offload the CRI image management service to the Kata agent.
 # (default: false)
-#service_offload = true
+service_offload = @DEFSERVICEOFFLOAD@
 
 # Container image decryption keys provisioning.
 # Applies only if service_offload is true.

src/runtime/config/configuration-qemu.toml.in

@@ -609,7 +609,7 @@ experimental=@DEFAULTEXPFEATURES@
 #
 # Offload the CRI image management service to the Kata agent.
 # (default: false)
-#service_offload = true
+service_offload = @DEFSERVICEOFFLOAD@
 
 # Container image decryption keys provisioning.
 # Applies only if service_offload is true.

tools/packaging/kata-deploy/local-build/Makefile

@@ -72,3 +72,6 @@ image: kata-tarball
 
 cc-rootfs-image-tarball:
 	${MAKE} $@-build
+
+cc-shim-v2-tarball:
+	${MAKE} $@-build

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -95,6 +95,14 @@ install_cc_image() {
 	"${rootfs_builder}" --imagetype=image --prefix="${cc_prefix}" --destdir="${destdir}"
 }
 
+#Install all components that are not assets
+install_cc_shimv2() {
+	GO_VERSION="$(yq r ${versions_yaml} languages.golang.meta.newest-version)"
+	export GO_VERSION
+	export REMOVE_VMM_CONFIGS="acrn fc"
+	DESTDIR="${destdir}" PREFIX="${cc_prefix}" EXTRA_OPTS="DEFSERVICEOFFLOAD=true" "${shimv2_builder}"
+}
+
 #Install guest image
 install_image() {
 	info "Create image"
@@ -194,6 +202,8 @@ handle_build() {
 
 	cc-rootfs-image) install_cc_image ;;
 
+	cc-shim-v2) install_cc_shimv2 ;;
+
 	cloud-hypervisor) install_clh ;;
 
 	firecracker) install_firecracker ;;
@@ -242,6 +252,7 @@ main() {
 	local silent
 	build_targets=(
 		cc-rootfs-image
+		cc-shim-v2
 		cloud-hypervisor
 		firecracker
 		kernel

tools/packaging/static-build/shim-v2/build.sh

@@ -19,6 +19,9 @@ DESTDIR=${DESTDIR:-${PWD}}
 PREFIX=${PREFIX:-/opt/kata}
 container_image="shim-v2-builder"
 
+EXTRA_OPTS="${EXTRA_OPTS:-""}"
+REMOVE_VMM_CONFIGS="${REMOVE_VMM_CONFIGS:-""}"
+
 sudo docker build  --build-arg GO_VERSION="${GO_VERSION}" -t "${container_image}" "${script_dir}"
 
 arch=$(uname -m)
@@ -29,16 +32,20 @@ fi
 sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	-w "${repo_root_dir}/src/runtime" \
 	"${container_image}" \
-	bash -c "make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch}"
+	bash -c "make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch} ${EXTRA_OPTS}"
 
 sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	-w "${repo_root_dir}/src/runtime" \
 	"${container_image}" \
-	bash -c "make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" install"
+	bash -c "make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" ${EXTRA_OPTS} install"
 
 sudo sed -i -e '/^initrd =/d' "${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-qemu.toml"
 sudo sed -i -e '/^initrd =/d' "${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-fc.toml"
 
+for vmm in ${REMOVE_VMM_CONFIGS}; do
+	sudo rm "${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-$vmm.toml"
+done
+
 pushd "${DESTDIR}/${PREFIX}/share/defaults/kata-containers"
 	sudo ln -sf "configuration-qemu.toml" configuration.toml
 popd