kata-deploy: tools: tests: Use zstd instead of xz

Although the compress ratio is not as optimal as using xz, it's way
faster to compress / uncompress, and it's "good enough".

This change is not small, but it's still self-contained, and has to get
in at once, in order to help bisects in the future.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>

tools/packaging/kata-deploy/local-build/Makefile

@@ -57,7 +57,7 @@ endef
 
 define DUMMY
 	$(call BUILD,"dummy")
-	mv $(MK_DIR)/build/kata-static-dummy.tar.xz $(MK_DIR)/build/kata-static-$(patsubst %-tarball,%,$1).tar.xz
+	mv $(MK_DIR)/build/kata-static-dummy.tar.zst $(MK_DIR)/build/kata-static-$(patsubst %-tarball,%,$1).tar.zst
 endef
 
 kata-tarball: | all-parallel merge-builds
@@ -201,4 +201,4 @@ merge-builds:
 	$(MK_DIR)/kata-deploy-merge-builds.sh build "$(MK_DIR)/../../../../versions.yaml"
 
 install-tarball:
-	tar -xf ./kata-static.tar.xz -C /
+	tar --zstd -xf ./kata-static.tar.zst -C /

tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile

@@ -57,7 +57,8 @@ RUN apt-get update && \
     git \
     make \
     wget \
-    xz-utils && \
+    xz-utils \
+    zstd && \
     if [ "${ARCH}" != "$(uname -m)" ] && [ "${ARCH}" == "s390x" ]; then \
         apt-get install -y --no-install-recommends \
         gcc-s390x-linux-gnu \

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -215,11 +215,11 @@ install_cached_shim_v2_tarball_get_root_hash() {
 	fi
 
 	local tarball_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build"
-	local image_conf_tarball="kata-static-rootfs-image-confidential.tar.xz"
+	local image_conf_tarball="kata-static-rootfs-image-confidential.tar.zst"
 
 	local root_hash_basedir="./opt/kata/share/kata-containers/"
 
-	tar xvf "${tarball_dir}/${image_conf_tarball}" ${root_hash_basedir}root_hash.txt --transform s,${root_hash_basedir},,
+	tar --zstd -xvf "${tarball_dir}/${image_conf_tarball}" ${root_hash_basedir}root_hash.txt --transform s,${root_hash_basedir},,
 	mv root_hash.txt "${tarball_dir}/root_hash.txt"
 
 	return 0
@@ -290,14 +290,14 @@ install_cached_tarball_component() {
 
 get_agent_tarball_path() {
 	agent_local_build_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build"
-	agent_tarball_name="kata-static-agent.tar.xz"
+	agent_tarball_name="kata-static-agent.tar.zst"
 
 	echo "${agent_local_build_dir}/${agent_tarball_name}"
 }
 
 get_coco_guest_components_tarball_path() {
 	coco_guest_components_local_build_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build"
-	coco_guest_components_tarball_name="kata-static-coco-guest-components.tar.xz"
+	coco_guest_components_tarball_name="kata-static-coco-guest-components.tar.zst"
 
 	echo "${coco_guest_components_local_build_dir}/${coco_guest_components_tarball_name}"
 }
@@ -313,7 +313,7 @@ get_latest_coco_guest_components_artefact_and_builder_image_version() {
 
 get_pause_image_tarball_path() {
 	pause_image_local_build_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build"
-	pause_image_tarball_name="kata-static-pause-image.tar.xz"
+	pause_image_tarball_name="kata-static-pause-image.tar.zst"
 
 	echo "${pause_image_local_build_dir}/${pause_image_tarball_name}"
 }
@@ -635,12 +635,12 @@ install_cached_kernel_tarball_component() {
 		"kernel-nvidia-gpu"*"")
 			local kernel_headers_dir=$(get_kernel_headers_dir "${kernel_name}")
 			mkdir -p ${kernel_headers_dir} || true
-			tar xvf ${workdir}/${kernel_name}/builddir/kata-static-${kernel_name}-headers.tar.xz -C "${kernel_headers_dir}" || return 1
-			;;& # fallthrough in the confidential case we need the modules.tar.xz and for every kernel-nvidia-gpu we need the headers
+			tar --zstd -xvf ${workdir}/${kernel_name}/builddir/kata-static-${kernel_name}-headers.tar.zst -C "${kernel_headers_dir}" || return 1
+			;;& # fallthrough in the confidential case we need the modules.tar.zst and for every kernel-nvidia-gpu we need the headers
 		"kernel"*"-confidential")
 			local modules_dir=$(get_kernel_modules_dir ${kernel_version} ${kernel_kata_config_version} ${build_target})
 			mkdir -p "${modules_dir}" || true
-			tar xvf "${workdir}/kata-static-${kernel_name}-modules.tar.xz" -C "${modules_dir}" || return 1
+			tar --zstd -xvf "${workdir}/kata-static-${kernel_name}-modules.tar.zst" -C "${modules_dir}" || return 1
 			;;
 	esac
 
@@ -664,13 +664,13 @@ install_kernel_helper() {
 	fi
 
 	if [[ "${kernel_name}" == "kernel"*"-confidential" ]]; then
-		local kernel_modules_tarball_name="kata-static-${kernel_name}-modules.tar.xz"
+		local kernel_modules_tarball_name="kata-static-${kernel_name}-modules.tar.zst"
 		local kernel_modules_tarball_path="${workdir}/${kernel_modules_tarball_name}"
 		extra_tarballs="${kernel_modules_tarball_name}:${kernel_modules_tarball_path}"
 	fi
 
 	if [[ "${kernel_name}" == "kernel-nvidia-gpu*" ]]; then
-		local kernel_headers_tarball_name="kata-static-${kernel_name}-headers.tar.xz"
+		local kernel_headers_tarball_name="kata-static-${kernel_name}-headers.tar.zst"
 		local kernel_headers_tarball_path="${workdir}/${kernel_headers_tarball_name}"
 		extra_tarballs+=" ${kernel_headers_tarball_name}:${kernel_headers_tarball_path}"
 	fi
@@ -758,7 +758,7 @@ install_qemu_helper() {
 
 	info "build static ${qemu_name}"
 	"${builder}"
-	tar xvf "${qemu_tarball_name}" -C "${destdir}"
+	tar --zstd -xvf "${qemu_tarball_name}" -C "${destdir}"
 }
 
 # Install static qemu asset
@@ -976,7 +976,7 @@ install_ovmf() {
 		&& return 0
 
 	DESTDIR="${destdir}" PREFIX="${prefix}" ovmf_build="${ovmf_type}" "${ovmf_builder}"
-	tar xvf "${builddir}/${tarball_name}" -C "${destdir}"
+	tar --zstd -xvf "${builddir}/${tarball_name}" -C "${destdir}"
 }
 
 # Install OVMF SEV
@@ -1196,7 +1196,7 @@ handle_build() {
 	local build_target
 	build_target="$1"
 
-	export final_tarball_path="${workdir}/kata-static-${build_target}.tar.xz"
+	export final_tarball_path="${workdir}/kata-static-${build_target}.tar.zst"
 	export final_tarball_name="$(basename ${final_tarball_path})"
 	rm -f ${final_tarball_name}
 
@@ -1308,7 +1308,7 @@ handle_build() {
 	virtiofsd) install_virtiofsd ;;
 
 	dummy)
-		tar cvfJ ${final_tarball_path} --files-from /dev/null
+		tar --zstd -cvf ${final_tarball_path} --files-from /dev/null
 	       	;;
 
 	*)
@@ -1318,54 +1318,54 @@ handle_build() {
 
 	if [ ! -f "${final_tarball_path}" ]; then
 		cd "${destdir}"
-		tar cvfJ "${final_tarball_path}" "."
+		tar --zstd -cvf "${final_tarball_path}" "."
 	fi
-	tar tvf "${final_tarball_path}"
+	tar --zstd -tvf "${final_tarball_path}"
 
 	case ${build_target} in
 		kernel-nvidia-gpu*)
-			local kernel_headers_final_tarball_path="${workdir}/kata-static-${build_target}-headers.tar.xz"
+			local kernel_headers_final_tarball_path="${workdir}/kata-static-${build_target}-headers.tar.zst"
 			if [ ! -f "${kernel_headers_final_tarball_path}" ]; then
 				local kernel_headers_dir
 				kernel_headers_dir=$(get_kernel_headers_dir "${build_target}")
 
 				pushd "${kernel_headers_dir}"
-				find . -type f -name "*.${KERNEL_HEADERS_PKG_TYPE}" -exec tar rvf kernel-headers.tar {} +
+				find . -type f -name "*.${KERNEL_HEADERS_PKG_TYPE}" -exec tar -rvf kernel-headers.tar {} +
 				if [ -n "${KBUILD_SIGN_PIN}" ]; then
 					head -n1 kata-linux-*/certs/signing_key.pem | grep -q "ENCRYPTED PRIVATE KEY" || die "signing_key.pem is not encrypted"
 					mv kata-linux-*/certs/signing_key.pem .
 					mv kata-linux-*/certs/signing_key.x509 .
 					tar -rvf kernel-headers.tar signing_key.pem signing_key.x509 --remove-files
 				fi
-				xz -T0 kernel-headers.tar
-				mv kernel-headers.tar.xz "${kernel_headers_final_tarball_path}"
+				zstd -T0 kernel-headers.tar -o kernel-headers.tar.zst
+				mv kernel-headers.tar.zst "${kernel_headers_final_tarball_path}"
 				popd
 			fi
-			tar tvf "${kernel_headers_final_tarball_path}"
-			;;& # fallthrough in the confidential case we need the modules.tar.xz and for every kernel-nvidia-gpu we need the headers
+			tar --zstd -tvf "${kernel_headers_final_tarball_path}"
+			;;& # fallthrough in the confidential case we need the modules.tar.zst and for every kernel-nvidia-gpu we need the headers
 
 		kernel*-confidential)
-			local modules_final_tarball_path="${workdir}/kata-static-${build_target}-modules.tar.xz"
+			local modules_final_tarball_path="${workdir}/kata-static-${build_target}-modules.tar.zst"
 			if [ ! -f "${modules_final_tarball_path}" ]; then
 				local modules_dir=$(get_kernel_modules_dir ${kernel_version} ${kernel_kata_config_version} ${build_target})
 
 				pushd "${modules_dir}"
 				rm -f build
-				tar cvfJ "${modules_final_tarball_path}" "."
+				tar --zstd -cvf "${modules_final_tarball_path}" "."
 				popd
 			fi
-			tar tvf "${modules_final_tarball_path}"
+			tar --zstd -tvf "${modules_final_tarball_path}"
 			;;
 		shim-v2)
 			if [ "${MEASURED_ROOTFS}" = "yes" ]; then
-				local image_conf_tarball="${workdir}/kata-static-rootfs-image-confidential.tar.xz"
+				local image_conf_tarball="${workdir}/kata-static-rootfs-image-confidential.tar.zst"
 				if [ ! -f "${image_conf_tarball}" ]; then
 					die "Building the shim-v2 with MEASURED_ROOTFS support requires a rootfs confidential image tarball"
 				fi
 
 				local root_hash_basedir="./opt/kata/share/kata-containers/"
-				if ! tar xvf ${image_conf_tarball} ${root_hash_basedir}root_hash.txt --transform s,${root_hash_basedir},,; then
-					die "Building the shim-v2 with MEASURED_ROOTFS support requres a rootfs confidential image tarball built with MEASURED_ROOTFS support"
+				if ! tar --zstd -xvf ${image_conf_tarball} --transform s,${root_hash_basedir},, ${root_hash_basedir}root_hash.txt; then
+					die "Building the shim-v2 with MEASURED_ROOTFS support requires a rootfs confidential image tarball built with MEASURED_ROOTFS support"
 				fi
 
 				mv root_hash.txt ${workdir}/shim-v2-root_hash.txt
@@ -1422,18 +1422,18 @@ handle_build() {
 		case ${build_target} in
 			kernel-nvidia-gpu)
 				files_to_push+=(
-					"kata-static-${build_target}-headers.tar.xz"
+					"kata-static-${build_target}-headers.tar.zst"
 				)
 				;;
 			kernel-nvidia-gpu-confidential)
 				files_to_push+=(
-					"kata-static-${build_target}-modules.tar.xz"
-					"kata-static-${build_target}-headers.tar.xz"
+					"kata-static-${build_target}-modules.tar.zst"
+					"kata-static-${build_target}-headers.tar.zst"
 				)
 				;;
 			kernel*-confidential)
 				files_to_push+=(
-					"kata-static-${build_target}-modules.tar.xz"
+					"kata-static-${build_target}-modules.tar.zst"
 				)
 				;;
 			shim-v2)

tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh

@@ -12,7 +12,7 @@ set -o pipefail
 set -o errtrace
 
 KATA_DEPLOY_DIR="`dirname ${0}`/../../kata-deploy"
-KATA_DEPLOY_ARTIFACT="${1:-"kata-static.tar.xz"}"
+KATA_DEPLOY_ARTIFACT="${1:-"kata-static.tar.zst"}"
 REGISTRY="${2:-"quay.io/kata-containers/kata-deploy"}"
 TAG="${3:-}"
 

tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh

@@ -16,7 +16,7 @@ repo_root_dir="$(cd "${this_script_dir}/../../../../" && pwd)"
 kata_build_dir=${1:-build}
 kata_versions_yaml_file=${2:-""}
 
-tar_path="${PWD}/kata-static.tar.xz"
+tar_path="${PWD}/kata-static.tar.zst"
 kata_versions_yaml_file_path="${PWD}/${kata_versions_yaml_file}"
 
 pushd "${kata_build_dir}"
@@ -24,10 +24,10 @@ tarball_content_dir="${PWD}/kata-tarball-content"
 rm -rf "${tarball_content_dir}"
 mkdir "${tarball_content_dir}"
 
-for c in kata-static-*.tar.xz
+for c in kata-static-*.tar.zst
 do
 	echo "untarring tarball \"${c}\" into ${tarball_content_dir}"
-	tar -xvf "${c}" -C "${tarball_content_dir}"
+	tar --zstd -xvf "${c}" -C "${tarball_content_dir}"
 done
 
 pushd "${tarball_content_dir}"
@@ -46,5 +46,5 @@ pushd "${tarball_content_dir}"
 popd
 
 echo "create ${tar_path}"
-(cd "${tarball_content_dir}"; tar cvfJ "${tar_path}" --owner=0 --group=0 .)
+(cd "${tarball_content_dir}"; tar --zstd -cvf "${tar_path}" --owner=0 --group=0 .)
 popd