From 9c84998de9d0ea6f80a4fd83f814df3fa89783c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 23 Oct 2024 19:38:40 +0200 Subject: [PATCH] build: cache: Cache root_hash.txt used by the shim-v2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's cache the root_hash.txt from the confidential image so we can use them later on to decide whether there was a rootfs change that would require shim-v2 to be rebuilt. Signed-off-by: Fabiano FidĂȘncio --- .../local-build/kata-deploy-binaries.sh | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 174a2a1f86..f673f5edfe 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -1145,6 +1145,21 @@ handle_build() { fi tar tvf "${modules_final_tarball_path}" ;; + shim-v2) + if [ "${MEASURED_ROOTFS}" = "yes" ]; then + local image_conf_tarball="${workdir}/kata-static-rootfs-image-confidential.tar.xz" + if [ ! -f "${image_conf_tarball}" ]; then + die "Building the shim-v2 with MEASURED_ROOTFS support requires a rootfs confidential image tarball" + fi + + local root_hash_basedir="./opt/kata/share/kata-containers/" + if ! tar xvf ${image_conf_tarball} ${root_hash_basedir}root_hash.txt --transform s,${root_hash_basedir},,; then + die "Building the shim-v2 with MEASURED_ROOTFS support requres a rootfs confidential image tarball built with MEASURED_ROOTFS support" + fi + + mv root_hash.txt shim-v2-root_hash.txt + fi + ;; esac pushd ${workdir} @@ -1210,6 +1225,13 @@ handle_build() { "kata-static-${build_target}-modules.tar.xz" ) ;; + shim-v2) + if [ "${MEASURED_ROOTFS}" = "yes" ]; then + files_to_push+=( + "shim-v2-root_hash.txt" + ) + fi + ;; *) ;; esac