github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-02 00:02:01 +00:00
Code Issues Projects Releases Wiki Activity

agent: Bump image-rs to 514c561d93

Browse Source 
As this brings in the commit bumping ttrpc to 0.8.4, which fixes
connection issues with kernel 6.12.9+.

As image-rs has a new builder pattern and several of the values in the
image client config have been renamed, let's change the agent to account
for this.

Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
Tobin Feldman-Fitzthum 2025-01-27 21:22:38 +01:00 committed by stevenhorsman
parent 8614e5efc4
commit a13d5a3f04
4 changed files with 205 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

328
src/agent/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

2
src/agent/Cargo.toml
View File

@ -78,7 +78,7 @@ strum = "0.26.2"
strum_macros = "0.26.2" strum_macros = "0.26.2"
# Image pull/decrypt # Image pull/decrypt
image-rs = { git = "https://github.com/confidential-containers/guest-components", rev = "v0.10.0", default-features = false, optional = true } image-rs = { git = "https://github.com/confidential-containers/guest-components", rev = "514c561d933cb11a0f1628621a0b930157af76cd", default-features = false, optional = true }
# Agent Policy # Agent Policy
regorus = { version = "0.2.6", default-features = false, features = [ regorus = { version = "0.2.6", default-features = false, features = [

29
src/agent/src/image.rs
View File

@ -9,10 +9,11 @@ use safe_path::scoped_join;
use std::collections::HashMap; use std::collections::HashMap;
use std::env; use std::env;
use std::fs; use std::fs;
use std::path::{Path, PathBuf}; use std::path::Path;
use std::sync::Arc; use std::sync::Arc;
use anyhow::{anyhow, bail, Context, Result}; use anyhow::{anyhow, bail, Context, Result};
use image_rs::builder::ClientBuilder;
use image_rs::image::ImageClient; use image_rs::image::ImageClient;
use kata_sys_util::validate::verify_id; use kata_sys_util::validate::verify_id;
use oci_spec::runtime as oci; use oci_spec::runtime as oci;
@ -57,15 +58,16 @@ pub struct ImageService {
} }
impl ImageService { impl ImageService {
pub fn new() -> Self { pub async fn new() -> Result<Self> {
let mut image_client = ImageClient::new(PathBuf::from(KATA_IMAGE_WORK_DIR)); let mut image_client_builder =
ClientBuilder::default().work_dir(KATA_IMAGE_WORK_DIR.into());
#[cfg(feature = "guest-pull")] #[cfg(feature = "guest-pull")]
{ {
if !AGENT_CONFIG.image_registry_auth.is_empty() { if !AGENT_CONFIG.image_registry_auth.is_empty() {
let registry_auth = &AGENT_CONFIG.image_registry_auth; let registry_auth = &AGENT_CONFIG.image_registry_auth;
debug!(sl(), "Set registry auth file {:?}", registry_auth); debug!(sl(), "Set registry auth file {:?}", registry_auth);
image_client.config.file_paths.auth_file = registry_auth.clone(); image_client_builder = image_client_builder
image_client.config.auth = true; .authenticated_registry_credentials_uri(registry_auth.into());
} }
let enable_signature_verification = &AGENT_CONFIG.enable_signature_verification; let enable_signature_verification = &AGENT_CONFIG.enable_signature_verification;
@ -73,15 +75,15 @@ impl ImageService {
sl(), sl(),
"Enable image signature verification: {:?}", enable_signature_verification "Enable image signature verification: {:?}", enable_signature_verification
); );
image_client.config.security_validate = *enable_signature_verification; if !AGENT_CONFIG.image_policy_file.is_empty() && *enable_signature_verification {
if !AGENT_CONFIG.image_policy_file.is_empty() {
let image_policy_file = &AGENT_CONFIG.image_policy_file; let image_policy_file = &AGENT_CONFIG.image_policy_file;
debug!(sl(), "Use imagepolicy file {:?}", image_policy_file); debug!(sl(), "Use image policy file {:?}", image_policy_file);
image_client.config.file_paths.policy_path = image_policy_file.clone(); image_client_builder =
image_client_builder.image_security_policy_uri(image_policy_file.into());
} }
} }
Self { image_client } let image_client = image_client_builder.build().await?;
Ok(Self { image_client })
} }
/// get guest pause image process specification /// get guest pause image process specification
@ -276,9 +278,10 @@ pub async fn set_proxy_env_vars() {
} }
/// Init the image service /// Init the image service
pub async fn init_image_service() { pub async fn init_image_service() -> Result<()> {
let image_service = ImageService::new(); let image_service = ImageService::new().await?;
*IMAGE_SERVICE.lock().await = Some(image_service); *IMAGE_SERVICE.lock().await = Some(image_service);
Ok(())
} }
pub async fn pull_image( pub async fn pull_image(

2
src/agent/src/rpc.rs
View File

@ -1749,7 +1749,7 @@ pub async fn start(
let hservice = health_ttrpc::create_health(Arc::new(health_service)); let hservice = health_ttrpc::create_health(Arc::new(health_service));
#[cfg(feature = "guest-pull")] #[cfg(feature = "guest-pull")]
image::init_image_service().await; image::init_image_service().await?;
let server = TtrpcServer::new() let server = TtrpcServer::new()
.bind(server_address)? .bind(server_address)?