From 80c68b80a81a04c632190ef5d87e620feccb9897 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Mon, 11 Jul 2022 10:52:36 +0200
Subject: [PATCH 1/2] kernel: Deduplicate code used for building TEE kernels
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There's no need to have the entire function for building SEV / TDX
duplicated.

Let's remove those functions and create a `get_tee_kernel()` which takes
the TEE as the argument.

Fixes: #4627

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tools/packaging/kernel/build-kernel.sh | 36 ++++++--------------------
 1 file changed, 8 insertions(+), 28 deletions(-)

diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index 9b9a008d8f..d3a3be9ea8 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -116,34 +116,19 @@ arch_to_kernel() {
 	esac
 }
 
-get_tdx_kernel() {
+get_tee_kernel() {
 	local version="${1}"
-	local kernel_path=${2}
+	local kernel_path="${2}"
+	local tee="${3}"
 
 	mkdir -p ${kernel_path}
 
-	kernel_url=$(get_from_kata_deps "assets.kernel.tdx.url")
+	kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url")
 	kernel_tarball="${version}.tar.gz"
 
 	if [ ! -f "${kernel_tarball}" ]; then
 	   curl --fail -OL "${kernel_url}/${kernel_tarball}"
 	fi
-
-	tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path}
-}
-
-get_sev_kernel() {
-	local version="${1}"
-	local kernel_path=${2}
-
-	mkdir -p ${kernel_path}
-
-	kernel_url=$(get_from_kata_deps "assets.kernel.sev.url")
-	kernel_tarball="${version}.tar.gz"
-
-	if [ ! -f "${kernel_tarball}" ]; then
-	   curl --fail -OL "${kernel_url}${kernel_tarball}"
-	fi
 	
 	mkdir -p ${kernel_path}
 	tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path}
@@ -156,11 +141,8 @@ get_kernel() {
 	[ -n "${kernel_path}" ] || die "kernel_path not provided"
 	[ ! -d "${kernel_path}" ] || die "kernel_path already exist"
 
-	if [ "${conf_guest}" == "tdx" ]; then
-		get_tdx_kernel ${version} ${kernel_path}
-		return
-	elif [ "${conf_guest}" == "sev" ]; then
-		get_sev_kernel ${version} ${kernel_path}
+	if [ "${conf_guest}" != "" ]; then
+		get_tee_kernel ${version} ${kernel_path} ${conf_guest}
 		return
 	fi
 
@@ -563,11 +545,9 @@ main() {
 				kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag")
 			;;
 			esac
-		elif [[ "${conf_guest}" == "tdx" ]]; then
-			 kernel_version=$(get_from_kata_deps "assets.kernel.tdx.tag")
-		elif [[ "${conf_guest}" == "sev" ]]; then
+		elif [[ "${conf_guest}" != "" ]]; then
 			#If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues
-			 kernel_version=$(get_from_kata_deps "assets.kernel.sev.tag")
+			kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag")
 		else
 			kernel_version=$(get_from_kata_deps "assets.kernel.version")
 		fi

From 1a25afcdf5d9f84ec2081d4a64a1862d9a6eb13f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Mon, 11 Jul 2022 14:20:08 +0200
Subject: [PATCH 2/2] kernel: Allow passing the URL to download the tarball
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Passing the URL to be used to download the kernel tarball is useful in
various scenarios, mainly when doing a downstream build, thus let's add
this new option.

This new option also works around a known issue of the Dockerfile used
to build the kernel not having `yq` installed.

Fixes: #4629

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tools/packaging/kernel/build-kernel.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index d3a3be9ea8..837dfd67a6 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -59,6 +59,8 @@ skip_config_checks="false"
 DESTDIR="${DESTDIR:-/}"
 #PREFIX=
 PREFIX="${PREFIX:-/usr}"
+#Kernel URL
+kernel_url=""
 
 packaging_scripts_dir="${script_dir}/../scripts"
 source "${packaging_scripts_dir}/lib.sh"
@@ -97,6 +99,7 @@ Options:
 	-p <path>   	: Path to a directory with patches to apply to kernel.
 	-s          	: Skip .config checks
 	-t <hypervisor>	: Hypervisor_target.
+	-u <url>	: Kernel URL to be used to download the kernel tarball.
 	-v <version>	: Kernel version to use if kernel path not provided.
 	-x <type>	: Confidential guest protection type, such as sev and tdx
 EOF
@@ -123,7 +126,7 @@ get_tee_kernel() {
 
 	mkdir -p ${kernel_path}
 
-	kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url")
+	[ -z "${kernel_url}" ] && kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url")
 	kernel_tarball="${version}.tar.gz"
 
 	if [ ! -f "${kernel_tarball}" ]; then
@@ -468,7 +471,7 @@ install_kata() {
 }
 
 main() {
-	while getopts "a:b:c:deEfg:hk:p:t:v:x:" opt; do	
+	while getopts "a:b:c:deEfg:hk:p:t:u:v:x:" opt; do	
 		case "$opt" in
 			a)
 				arch_target="${OPTARG}"
@@ -511,6 +514,9 @@ main() {
 			t)
 				hypervisor_target="${OPTARG}"
 				;;
+			u)	
+				kernel_url="${OPTARG}"
+				;;
 			v)
 				kernel_version="${OPTARG}"
 				;;