github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-22 17:59:31 +00:00
Code Issues Projects Releases Wiki Activity

kata-deploy: tools: tests: Use zstd instead of xz

Browse Source 
Although the compress ratio is not as optimal as using xz, it's way
faster to compress / uncompress, and it's "good enough".

This change is not small, but it's still self-contained, and has to get
in at once, in order to help bisects in the future.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
This commit is contained in:
Fabiano Fidêncio 2025-08-21 00:01:09 +02:00 committed by Fabiano Fidêncio
parent 9cc97ad35c
commit ad240a39e6
28 changed files with 120 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/build-kata-static-tarball-amd64.yaml vendored
View File

@ -144,7 +144,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-amd64-${{ matrix.asset }}${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}.tar.zst
retention-days: 15
if-no-files-found: error
@ -153,7 +153,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-amd64-${{ matrix.asset }}-headers${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}-headers.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}-headers.tar.zst
retention-days: 15
if-no-files-found: error
@ -224,7 +224,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-amd64-${{ matrix.asset }}${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}.tar.zst
retention-days: 15
if-no-files-found: error
@ -316,7 +316,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-amd64-shim-v2${{ inputs.tarball-suffix }}
path: kata-build/kata-static-shim-v2.tar.xz
path: kata-build/kata-static-shim-v2.tar.zst
retention-days: 15
if-no-files-found: error
@ -353,6 +353,6 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
path: kata-static.tar.xz
path: kata-static.tar.zst
retention-days: 15
if-no-files-found: error

10
.github/workflows/build-kata-static-tarball-arm64.yaml vendored
View File

@ -121,7 +121,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-arm64-${{ matrix.asset }}${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}.tar.zst
retention-days: 15
if-no-files-found: error
@ -130,7 +130,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-arm64-${{ matrix.asset }}-headers${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}-headers.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}-headers.tar.zst
retention-days: 15
if-no-files-found: error
@ -195,7 +195,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-arm64-${{ matrix.asset }}${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}.tar.zst
retention-days: 15
if-no-files-found: error
@ -282,7 +282,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-arm64-shim-v2${{ inputs.tarball-suffix }}
path: kata-build/kata-static-shim-v2.tar.xz
path: kata-build/kata-static-shim-v2.tar.zst
retention-days: 15
if-no-files-found: error
@ -319,6 +319,6 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-static-tarball-arm64${{ inputs.tarball-suffix }}
path: kata-static.tar.xz
path: kata-static.tar.zst
retention-days: 15
if-no-files-found: error

8
.github/workflows/build-kata-static-tarball-ppc64le.yaml vendored
View File

@ -83,7 +83,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-ppc64le-${{ matrix.asset }}${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}.tar.zst
retention-days: 1
if-no-files-found: error
@ -148,7 +148,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-ppc64le-${{ matrix.asset }}${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}.tar.zst
retention-days: 1
if-no-files-found: error
@ -221,7 +221,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-ppc64le-shim-v2${{ inputs.tarball-suffix }}
path: kata-build/kata-static-shim-v2.tar.xz
path: kata-build/kata-static-shim-v2.tar.zst
retention-days: 1
if-no-files-found: error
@ -262,6 +262,6 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }}
path: kata-static.tar.xz
path: kata-static.tar.zst
retention-days: 1
if-no-files-found: error

2
.github/workflows/build-kata-static-tarball-riscv64.yaml vendored
View File

@ -81,6 +81,6 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-riscv64-${{ matrix.asset }}${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}.tar.zst
retention-days: 15
if-no-files-found: error

10
.github/workflows/build-kata-static-tarball-s390x.yaml vendored
View File

@ -115,7 +115,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-s390x-${{ matrix.asset }}${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}.tar.zst
retention-days: 15
if-no-files-found: error
@ -182,7 +182,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-s390x-${{ matrix.asset }}${{ inputs.tarball-suffix }}
path: kata-build/kata-static-${{ matrix.asset }}.tar.xz
path: kata-build/kata-static-${{ matrix.asset }}.tar.zst
retention-days: 15
if-no-files-found: error
@ -230,7 +230,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-s390x${{ inputs.tarball-suffix }}
path: kata-build/kata-static-boot-image-se.tar.xz
path: kata-build/kata-static-boot-image-se.tar.zst
retention-days: 1
if-no-files-found: error
@ -307,7 +307,7 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-artifacts-s390x-shim-v2${{ inputs.tarball-suffix }}
path: kata-build/kata-static-shim-v2.tar.xz
path: kata-build/kata-static-shim-v2.tar.zst
retention-days: 15
if-no-files-found: error
@ -348,6 +348,6 @@ jobs:
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kata-static-tarball-s390x${{ inputs.tarball-suffix }}
path: kata-static.tar.xz
path: kata-static.tar.zst
retention-days: 15
if-no-files-found: error

2
.github/workflows/publish-kata-deploy-payload.yaml vendored
View File

@ -85,6 +85,6 @@ jobs:
TAG: ${{ inputs.tag }}
run: |
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"$(pwd)/kata-static.tar.xz" \
"$(pwd)/kata-static.tar.zst" \
"${REGISTRY}/${REPO}" \
"${TAG}"

4
.github/workflows/release-amd64.yaml vendored
View File

@ -74,9 +74,9 @@ jobs:
fi
for tag in "${tags[@]}"; do
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"$(pwd)"/kata-static.tar.xz "ghcr.io/kata-containers/kata-deploy" \
"$(pwd)"/kata-static.tar.zst "ghcr.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \
"$(pwd)"/kata-static.tar.zst "quay.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
done

4
.github/workflows/release-arm64.yaml vendored
View File

@ -71,9 +71,9 @@ jobs:
fi
for tag in "${tags[@]}"; do
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"$(pwd)"/kata-static.tar.xz "ghcr.io/kata-containers/kata-deploy" \
"$(pwd)"/kata-static.tar.zst "ghcr.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \
"$(pwd)"/kata-static.tar.zst "quay.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
done

4
.github/workflows/release-ppc64le.yaml vendored
View File

@ -71,9 +71,9 @@ jobs:
fi
for tag in "${tags[@]}"; do
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"$(pwd)"/kata-static.tar.xz "ghcr.io/kata-containers/kata-deploy" \
"$(pwd)"/kata-static.tar.zst "ghcr.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \
"$(pwd)"/kata-static.tar.zst "quay.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
done

4
.github/workflows/release-s390x.yaml vendored
View File

@ -75,9 +75,9 @@ jobs:
fi
for tag in "${tags[@]}"; do
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"$(pwd)"/kata-static.tar.xz "ghcr.io/kata-containers/kata-deploy" \
"$(pwd)"/kata-static.tar.zst "ghcr.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \
"$(pwd)"/kata-static.tar.zst "quay.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
done

2
.github/workflows/release.yaml vendored
View File

@ -127,7 +127,7 @@ jobs:
- name: Set KATA_STATIC_TARBALL env var
run: |
tarball=$(pwd)/kata-static.tar.xz
tarball=$(pwd)/kata-static.tar.zst
echo "KATA_STATIC_TARBALL=${tarball}" >> "$GITHUB_ENV"
- name: Download amd64 artifacts

12
ci/README.md
View File

@ -306,7 +306,7 @@ tarball to the newly created VM that will be used for debugging purposes.
> [!NOTE]
> Those artifacts are only available (for 15 days) when all jobs are finished.
Once you have the `kata-static.tar.xz` in your VM, you can login to the VM with
Once you have the `kata-static.tar.zst` in your VM, you can login to the VM with
`kcli ssh debug-nerdctl-pr8070`, go ahead and then clone your development branch
```bash
@ -323,15 +323,15 @@ $ git config --global user.name "Your Name"
$ git rebase upstream/main
```
Now copy the `kata-static.tar.xz` into your `kata-containers/kata-artifacts` directory
Now copy the `kata-static.tar.zst` into your `kata-containers/kata-artifacts` directory
```bash
$ mkdir kata-artifacts
$ cp ../kata-static.tar.xz kata-artifacts/
$ cp ../kata-static.tar.zst kata-artifacts/
```
> [!NOTE]
> If you downloaded the .zip from GitHub you need to uncompress first to see `kata-static.tar.xz`
> If you downloaded the .zip from GitHub you need to uncompress first to see `kata-static.tar.zst`
And finally run the tests following what's in the yaml file for the test you're
debugging.
@ -363,11 +363,11 @@ and have fun debugging and hacking!
Steps for debugging the Kubernetes tests are very similar to the ones for
debugging non-Kubernetes tests, with the caveat that what you'll need, this
time, is not the `kata-static.tar.xz` tarball, but rather a payload to be used
time, is not the `kata-static.tar.zst` tarball, but rather a payload to be used
with kata-deploy.
In order to generate your own kata-deploy image you can generate your own
`kata-static.tar.xz` and then take advantage of the following script. Be aware
`kata-static.tar.zst` and then take advantage of the following script. Be aware
that the image generated and uploaded must be accessible by the VM where you'll
be performing your tests.

38
docs/how-to/how-to-run-kata-containers-with-SE-VMs.md
View File

@ -89,16 +89,16 @@ However, if any of these components are absent, they must be built from the
$ # Assume that the project is cloned at $GOPATH/src/github.com/kata-containers
$ cd $GOPATH/src/github.com/kata-containers/kata-containers
$ make rootfs-initrd-confidential-tarball
$ tar -tf build/kata-static-kernel-confidential.tar.xz | grep vmlinuz
$ tar --zstd -tf build/kata-static-kernel-confidential.tar.zst | grep vmlinuz
./opt/kata/share/kata-containers/vmlinuz-confidential.container
./opt/kata/share/kata-containers/vmlinuz-6.7-136-confidential
$ kernel_version=6.7-136
$ tar -tf build/kata-static-rootfs-initrd-confidential.tar.xz | grep initrd
$ tar --zstd -tf build/kata-static-rootfs-initrd-confidential.tar.zst | grep initrd
./opt/kata/share/kata-containers/kata-containers-initrd-confidential.img
./opt/kata/share/kata-containers/kata-ubuntu-20.04-confidential.initrd
$ mkdir artifacts
$ tar -xvf build/kata-static-kernel-confidential.tar.xz -C artifacts ./opt/kata/share/kata-containers/vmlinuz-${kernel_version}-confidential
$ tar -xvf build/kata-static-rootfs-initrd-confidential.tar.xz -C artifacts ./opt/kata/share/kata-containers/kata-ubuntu-20.04-confidential.initrd
$ tar --zstd -xvf build/kata-static-kernel-confidential.tar.zst -C artifacts ./opt/kata/share/kata-containers/vmlinuz-${kernel_version}-confidential
$ tar --zstd -xvf build/kata-static-rootfs-initrd-confidential.tar.zst -C artifacts ./opt/kata/share/kata-containers/kata-ubuntu-20.04-confidential.initrd
$ ls artifacts/opt/kata/share/kata-containers/
kata-ubuntu-20.04-confidential.initrd vmlinuz-${kernel_version}-confidential
```
@ -190,8 +190,8 @@ can be easily accomplished by issuing the following make target:
$ cd $GOPATH/src/github.com/kata-containers/kata-containers
$ mkdir hkd_dir && cp $host_key_document hkd_dir
$ HKD_PATH=hkd_dir SE_KERNEL_PARAMS="agent.log=debug" make boot-image-se-tarball
$ ls build/kata-static-boot-image-se.tar.xz
build/kata-static-boot-image-se.tar.xz
$ ls build/kata-static-boot-image-se.tar.zst
build/kata-static-boot-image-se.tar.zst
```
`SE_KERNEL_PARAMS` could be used to add any extra kernel parameters. If no additional kernel configuration is required, this can be omitted.
@ -344,18 +344,18 @@ $ make virtiofsd-tarball
$ make shim-v2-tarball
$ mkdir kata-artifacts
$ build_dir=$(readlink -f build)
$ cp -r $build_dir/*.tar.xz kata-artifacts
$ cp -r $build_dir/*.tar.zst kata-artifacts
$ ls -1 kata-artifacts
kata-static-agent.tar.xz
kata-static-boot-image-se.tar.xz
kata-static-coco-guest-components.tar.xz
kata-static-kernel-confidential-modules.tar.xz
kata-static-kernel-confidential.tar.xz
kata-static-pause-image.tar.xz
kata-static-qemu.tar.xz
kata-static-rootfs-initrd-confidential.tar.xz
kata-static-shim-v2.tar.xz
kata-static-virtiofsd.tar.xz
kata-static-agent.tar.zst
kata-static-boot-image-se.tar.zst
kata-static-coco-guest-components.tar.zst
kata-static-kernel-confidential-modules.tar.zst
kata-static-kernel-confidential.tar.zst
kata-static-pause-image.tar.zst
kata-static-qemu.tar.zst
kata-static-rootfs-initrd-confidential.tar.zst
kata-static-shim-v2.tar.zst
kata-static-virtiofsd.tar.zst
$ ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts
```
@ -369,7 +369,7 @@ command before running `kata-deploy-merge-builds.sh`:
$ make rootfs-image-tarball
```
At this point, you should have an archive file named `kata-static.tar.xz` at the project root,
At this point, you should have an archive file named `kata-static.tar.zst` at the project root,
which will be used to build a payload image. If you are using a local container registry at
`localhost:5000`, proceed with the following:
@ -381,7 +381,7 @@ Build and push a payload image with the name `localhost:5000/build-kata-deploy`
`latest` using the following:
```
$ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh kata-static.tar.xz localhost:5000/build-kata-deploy latest
$ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh kata-static.tar.zst localhost:5000/build-kata-deploy latest
... logs ...
Pushing the image localhost:5000/build-kata-deploy:latest to the registry
The push refers to repository [localhost:5000/build-kata-deploy]

4
tests/common.bash
View File

@ -430,13 +430,13 @@ EOF
function install_kata_core() {
declare -r katadir="$1"
declare -r destdir="/"
declare -r kata_tarball="kata-static.tar.xz"
declare -r kata_tarball="kata-static.tar.zst"
# Removing previous kata installation
sudo rm -rf "${katadir}"
pushd "${kata_tarball_dir}"
sudo tar -xvf "${kata_tarball}" -C "${destdir}"
sudo tar --zstd -xvf "${kata_tarball}" -C "${destdir}"
popd
}

3
tools/osbuilder/rootfs-builder/alpine/Dockerfile.in
View File

@ -26,6 +26,7 @@ RUN apk update && apk add --no-cache \
musl-dev \
protoc \
tar \
xz
xz \
zstd
# aarch64 requires this name -- link for all
RUN ln -s /usr/bin/gcc "/usr/bin/$(uname -m)-linux-musl-gcc"

3
tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in
View File

@ -11,6 +11,7 @@ RUN tdnf -y install \
dnf \
git \
tar \
xz
xz \
zstd
@INSTALL_RUST@

3
tools/osbuilder/rootfs-builder/debian/Dockerfile.in
View File

@ -33,7 +33,8 @@ RUN apt-get update && apt-get --no-install-recommends install -y \
tar \
vim \
wget \
xz-utils
xz-utils \
zstd
# aarch64 requires this name -- link for all
RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc"

4
tools/osbuilder/rootfs-builder/nvidia/nvidia_rootfs.sh
View File

@ -123,7 +123,7 @@ setup_nvidia_gpu_rootfs_stage_one() {
# We need the kernel packages for building the drivers cleanly will be
# deinstalled and removed from the roofs once the build finishes.
tar -xvf "${BUILD_DIR}"/kata-static-kernel-nvidia-gpu"${appendix}"-headers.tar.xz -C .
tar --zstd -xvf "${BUILD_DIR}"/kata-static-kernel-nvidia-gpu"${appendix}"-headers.tar.zst -C .
# If we find a local downloaded run file build the kernel modules
# with it, otherwise use the distribution packages. Run files may have
@ -237,7 +237,7 @@ chisseled_gpudirect() {
chisseled_init() {
echo "nvidia: chisseling init"
tar xvf "${BUILD_DIR}"/kata-static-busybox.tar.xz -C .
tar --zstd -xvf "${BUILD_DIR}"/kata-static-busybox.tar.zst -C .
mkdir -p dev etc proc run/cdi sys tmp usr var lib/modules lib/firmware \
usr/share/nvidia lib/"${machine_arch}"-linux-gnu lib64 \

14
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@ -190,7 +190,7 @@ AGENT_SOURCE_BIN Path to the directory of agent binary.
AGENT_SOURCE_BIN and AGENT_TARBALL should never be used toghether.
Default value: <not set>
AGENT_TARBALL Path to the kata-agent.tar.xz tarball to be unpacked inside the
AGENT_TARBALL Path to the kata-agent.tar.zst tarball to be unpacked inside the
rootfs.
If set, this will take the priority and will be used instead of
building the agent.
@ -205,7 +205,7 @@ ARCH Target architecture (according to \`uname -m\`).
and glibc agents.
Default value: $(uname -m)
COCO_GUEST_COMPONENTS_TARBALL Path to the kata-coco-guest-components.tar.xz tarball to be unpacked inside the
COCO_GUEST_COMPONENTS_TARBALL Path to the kata-coco-guest-components.tar.zst tarball to be unpacked inside the
rootfs.
If set, the tarball will be unpacked onto the rootfs.
Default value: <not set>
@ -234,7 +234,7 @@ KERNEL_MODULES_DIR Path to a directory containing kernel modules to include in
LIBC libc the agent is built against (gnu or musl).
Default value: ${LIBC} (varies with architecture)
PAUSE_IMAGE_TARBALL Path to the kata-static-pause-image.tar.xz tarball to be unpacked inside the
PAUSE_IMAGE_TARBALL Path to the kata-static-pause-image.tar.zst tarball to be unpacked inside the
rootfs.
If set, the tarball will be unpacked onto the rootfs.
Default value: <not set>
@ -756,7 +756,7 @@ EOF
cp ${AGENT_SOURCE_BIN} ${AGENT_DEST}
OK "cp ${AGENT_SOURCE_BIN} ${AGENT_DEST}"
else
tar xvJpf ${AGENT_TARBALL} -C ${ROOTFS_DIR}
tar --zstd -xvf ${AGENT_TARBALL} -C ${ROOTFS_DIR}
fi
${stripping_tool} ${ROOTFS_DIR}/usr/bin/kata-agent
@ -803,7 +803,7 @@ EOF
if [[ -n "${GUEST_HOOKS_TARBALL}" ]]; then
info "Install the ${GUEST_HOOKS_TARBALL} guest hooks"
tar xvJpf "${GUEST_HOOKS_TARBALL}" -C "${ROOTFS_DIR}"
tar --zstd -xvf "${GUEST_HOOKS_TARBALL}" -C "${ROOTFS_DIR}"
fi
info "Check init is installed"
@ -812,12 +812,12 @@ EOF
if [ -n "${PAUSE_IMAGE_TARBALL}" ] ; then
info "Installing the pause image tarball"
tar xvJpf ${PAUSE_IMAGE_TARBALL} -C ${ROOTFS_DIR}
tar --zstd -xvf ${PAUSE_IMAGE_TARBALL} -C ${ROOTFS_DIR}
fi
if [ -n "${COCO_GUEST_COMPONENTS_TARBALL}" ] ; then
info "Installing the Confidential Containers guest components tarball"
tar xvJpf ${COCO_GUEST_COMPONENTS_TARBALL} -C ${ROOTFS_DIR}
tar --zstd -xvf ${COCO_GUEST_COMPONENTS_TARBALL} -C ${ROOTFS_DIR}
fi
# Create an empty /etc/resolv.conf, to allow agent to bind mount container resolv.conf to Kata VM

2
tools/packaging/guest-image/build_se_image.sh
View File

@ -48,7 +48,7 @@ build_image() {
mkdir -p "${image_source_dir}"
pushd "${tarball_dir}"
for tarball_id in kernel-confidential rootfs-initrd-confidential; do
tar xvf kata-static-${tarball_id}.tar.xz -C "${image_source_dir}"
tar --zstd -xvf kata-static-${tarball_id}.tar.zst -C "${image_source_dir}"
done
popd

8
tools/packaging/kata-deploy/Dockerfile
View File

@ -5,7 +5,7 @@
ARG BASE_IMAGE_NAME=alpine
ARG BASE_IMAGE_TAG=3.22
FROM $BASE_IMAGE_NAME:$BASE_IMAGE_TAG
ARG KATA_ARTIFACTS=./kata-static.tar.xz
ARG KATA_ARTIFACTS=./kata-static.tar.zst
ARG DESTINATION=/opt/kata-artifacts
COPY ${KATA_ARTIFACTS} ${WORKDIR}
@ -19,7 +19,7 @@ COPY ${KATA_ARTIFACTS} ${WORKDIR}
# word splitting, which can also be ignored for now.
# hadolint ignore=DL3018,SC2086
RUN \
apk --no-cache add bash curl && \
apk --no-cache add bash curl tar zstd && \
ARCH=$(uname -m) && \
if [ "${ARCH}" = "x86_64" ]; then ARCH=amd64; fi && \
if [ "${ARCH}" = "aarch64" ]; then ARCH=arm64; fi && \
@ -30,9 +30,9 @@ RUN \
curl -fL --progress-bar -o /usr/bin/jq https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-${DEBIAN_ARCH} && \
chmod +x /usr/bin/jq && \
mkdir -p ${DESTINATION} && \
tar xvf ${WORKDIR}/${KATA_ARTIFACTS} -C ${DESTINATION} && \
tar --zstd -xvf ${WORKDIR}/${KATA_ARTIFACTS} -C ${DESTINATION} && \
rm -f ${WORKDIR}/${KATA_ARTIFACTS} && \
apk del curl && \
apk del curl tar zstd && \
apk --no-cache add py3-pip && \
pip install --no-cache-dir yq==3.2.3 --break-system-packages

4
tools/packaging/kata-deploy/local-build/Makefile
View File

@ -57,7 +57,7 @@ endef
define DUMMY
$(call BUILD,"dummy")
mv $(MK_DIR)/build/kata-static-dummy.tar.xz $(MK_DIR)/build/kata-static-$(patsubst %-tarball,%,$1).tar.xz
mv $(MK_DIR)/build/kata-static-dummy.tar.zst $(MK_DIR)/build/kata-static-$(patsubst %-tarball,%,$1).tar.zst
endef
kata-tarball: | all-parallel merge-builds
@ -201,4 +201,4 @@ merge-builds:
$(MK_DIR)/kata-deploy-merge-builds.sh build "$(MK_DIR)/../../../../versions.yaml"
install-tarball:
tar -xf ./kata-static.tar.xz -C /
tar --zstd -xf ./kata-static.tar.zst -C /

3
tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
View File

@ -57,7 +57,8 @@ RUN apt-get update && \
git \
make \
wget \
xz-utils && \
xz-utils \
zstd && \
if [ "${ARCH}" != "$(uname -m)" ] && [ "${ARCH}" == "s390x" ]; then \
apt-get install -y --no-install-recommends \
gcc-s390x-linux-gnu \

64
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@ -215,11 +215,11 @@ install_cached_shim_v2_tarball_get_root_hash() {
fi
local tarball_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build"
local image_conf_tarball="kata-static-rootfs-image-confidential.tar.xz"
local image_conf_tarball="kata-static-rootfs-image-confidential.tar.zst"
local root_hash_basedir="./opt/kata/share/kata-containers/"
tar xvf "${tarball_dir}/${image_conf_tarball}" ${root_hash_basedir}root_hash.txt --transform s,${root_hash_basedir},,
tar --zstd -xvf "${tarball_dir}/${image_conf_tarball}" ${root_hash_basedir}root_hash.txt --transform s,${root_hash_basedir},,
mv root_hash.txt "${tarball_dir}/root_hash.txt"
return 0
@ -290,14 +290,14 @@ install_cached_tarball_component() {
get_agent_tarball_path() {
agent_local_build_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build"
agent_tarball_name="kata-static-agent.tar.xz"
agent_tarball_name="kata-static-agent.tar.zst"
echo "${agent_local_build_dir}/${agent_tarball_name}"
}
get_coco_guest_components_tarball_path() {
coco_guest_components_local_build_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build"
coco_guest_components_tarball_name="kata-static-coco-guest-components.tar.xz"
coco_guest_components_tarball_name="kata-static-coco-guest-components.tar.zst"
echo "${coco_guest_components_local_build_dir}/${coco_guest_components_tarball_name}"
}
@ -313,7 +313,7 @@ get_latest_coco_guest_components_artefact_and_builder_image_version() {
get_pause_image_tarball_path() {
pause_image_local_build_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build"
pause_image_tarball_name="kata-static-pause-image.tar.xz"
pause_image_tarball_name="kata-static-pause-image.tar.zst"
echo "${pause_image_local_build_dir}/${pause_image_tarball_name}"
}
@ -635,12 +635,12 @@ install_cached_kernel_tarball_component() {
"kernel-nvidia-gpu"*"")
local kernel_headers_dir=$(get_kernel_headers_dir "${kernel_name}")
mkdir -p ${kernel_headers_dir} || true
tar xvf ${workdir}/${kernel_name}/builddir/kata-static-${kernel_name}-headers.tar.xz -C "${kernel_headers_dir}" || return 1
;;& # fallthrough in the confidential case we need the modules.tar.xz and for every kernel-nvidia-gpu we need the headers
tar --zstd -xvf ${workdir}/${kernel_name}/builddir/kata-static-${kernel_name}-headers.tar.zst -C "${kernel_headers_dir}" || return 1
;;& # fallthrough in the confidential case we need the modules.tar.zst and for every kernel-nvidia-gpu we need the headers
"kernel"*"-confidential")
local modules_dir=$(get_kernel_modules_dir ${kernel_version} ${kernel_kata_config_version} ${build_target})
mkdir -p "${modules_dir}" || true
tar xvf "${workdir}/kata-static-${kernel_name}-modules.tar.xz" -C "${modules_dir}" || return 1
tar --zstd -xvf "${workdir}/kata-static-${kernel_name}-modules.tar.zst" -C "${modules_dir}" || return 1
;;
esac
@ -664,13 +664,13 @@ install_kernel_helper() {
fi
if [[ "${kernel_name}" == "kernel"*"-confidential" ]]; then
local kernel_modules_tarball_name="kata-static-${kernel_name}-modules.tar.xz"
local kernel_modules_tarball_name="kata-static-${kernel_name}-modules.tar.zst"
local kernel_modules_tarball_path="${workdir}/${kernel_modules_tarball_name}"
extra_tarballs="${kernel_modules_tarball_name}:${kernel_modules_tarball_path}"
fi
if [[ "${kernel_name}" == "kernel-nvidia-gpu*" ]]; then
local kernel_headers_tarball_name="kata-static-${kernel_name}-headers.tar.xz"
local kernel_headers_tarball_name="kata-static-${kernel_name}-headers.tar.zst"
local kernel_headers_tarball_path="${workdir}/${kernel_headers_tarball_name}"
extra_tarballs+=" ${kernel_headers_tarball_name}:${kernel_headers_tarball_path}"
fi
@ -758,7 +758,7 @@ install_qemu_helper() {
info "build static ${qemu_name}"
"${builder}"
tar xvf "${qemu_tarball_name}" -C "${destdir}"
tar --zstd -xvf "${qemu_tarball_name}" -C "${destdir}"
}
# Install static qemu asset
@ -976,7 +976,7 @@ install_ovmf() {
&& return 0
DESTDIR="${destdir}" PREFIX="${prefix}" ovmf_build="${ovmf_type}" "${ovmf_builder}"
tar xvf "${builddir}/${tarball_name}" -C "${destdir}"
tar --zstd -xvf "${builddir}/${tarball_name}" -C "${destdir}"
}
# Install OVMF SEV
@ -1196,7 +1196,7 @@ handle_build() {
local build_target
build_target="$1"
export final_tarball_path="${workdir}/kata-static-${build_target}.tar.xz"
export final_tarball_path="${workdir}/kata-static-${build_target}.tar.zst"
export final_tarball_name="$(basename ${final_tarball_path})"
rm -f ${final_tarball_name}
@ -1308,7 +1308,7 @@ handle_build() {
virtiofsd) install_virtiofsd ;;
dummy)
tar cvfJ ${final_tarball_path} --files-from /dev/null
tar --zstd -cvf ${final_tarball_path} --files-from /dev/null
;;
*)
@ -1318,54 +1318,54 @@ handle_build() {
if [ ! -f "${final_tarball_path}" ]; then
cd "${destdir}"
tar cvfJ "${final_tarball_path}" "."
tar --zstd -cvf "${final_tarball_path}" "."
fi
tar tvf "${final_tarball_path}"
tar --zstd -tvf "${final_tarball_path}"
case ${build_target} in
kernel-nvidia-gpu*)
local kernel_headers_final_tarball_path="${workdir}/kata-static-${build_target}-headers.tar.xz"
local kernel_headers_final_tarball_path="${workdir}/kata-static-${build_target}-headers.tar.zst"
if [ ! -f "${kernel_headers_final_tarball_path}" ]; then
local kernel_headers_dir
kernel_headers_dir=$(get_kernel_headers_dir "${build_target}")
pushd "${kernel_headers_dir}"
find . -type f -name "*.${KERNEL_HEADERS_PKG_TYPE}" -exec tar rvf kernel-headers.tar {} +
find . -type f -name "*.${KERNEL_HEADERS_PKG_TYPE}" -exec tar -rvf kernel-headers.tar {} +
if [ -n "${KBUILD_SIGN_PIN}" ]; then
head -n1 kata-linux-*/certs/signing_key.pem | grep -q "ENCRYPTED PRIVATE KEY" || die "signing_key.pem is not encrypted"
mv kata-linux-*/certs/signing_key.pem .
mv kata-linux-*/certs/signing_key.x509 .
tar -rvf kernel-headers.tar signing_key.pem signing_key.x509 --remove-files
fi
xz -T0 kernel-headers.tar
mv kernel-headers.tar.xz "${kernel_headers_final_tarball_path}"
zstd -T0 kernel-headers.tar -o kernel-headers.tar.zst
mv kernel-headers.tar.zst "${kernel_headers_final_tarball_path}"
popd
fi
tar tvf "${kernel_headers_final_tarball_path}"
;;& # fallthrough in the confidential case we need the modules.tar.xz and for every kernel-nvidia-gpu we need the headers
tar --zstd -tvf "${kernel_headers_final_tarball_path}"
;;& # fallthrough in the confidential case we need the modules.tar.zst and for every kernel-nvidia-gpu we need the headers
kernel*-confidential)
local modules_final_tarball_path="${workdir}/kata-static-${build_target}-modules.tar.xz"
local modules_final_tarball_path="${workdir}/kata-static-${build_target}-modules.tar.zst"
if [ ! -f "${modules_final_tarball_path}" ]; then
local modules_dir=$(get_kernel_modules_dir ${kernel_version} ${kernel_kata_config_version} ${build_target})
pushd "${modules_dir}"
rm -f build
tar cvfJ "${modules_final_tarball_path}" "."
tar --zstd -cvf "${modules_final_tarball_path}" "."
popd
fi
tar tvf "${modules_final_tarball_path}"
tar --zstd -tvf "${modules_final_tarball_path}"
;;
shim-v2)
if [ "${MEASURED_ROOTFS}" = "yes" ]; then
local image_conf_tarball="${workdir}/kata-static-rootfs-image-confidential.tar.xz"
local image_conf_tarball="${workdir}/kata-static-rootfs-image-confidential.tar.zst"
if [ ! -f "${image_conf_tarball}" ]; then
die "Building the shim-v2 with MEASURED_ROOTFS support requires a rootfs confidential image tarball"
fi
local root_hash_basedir="./opt/kata/share/kata-containers/"
if ! tar xvf ${image_conf_tarball} ${root_hash_basedir}root_hash.txt --transform s,${root_hash_basedir},,; then
die "Building the shim-v2 with MEASURED_ROOTFS support requres a rootfs confidential image tarball built with MEASURED_ROOTFS support"
if ! tar --zstd -xvf ${image_conf_tarball} --transform s,${root_hash_basedir},, ${root_hash_basedir}root_hash.txt; then
die "Building the shim-v2 with MEASURED_ROOTFS support requires a rootfs confidential image tarball built with MEASURED_ROOTFS support"
fi
mv root_hash.txt ${workdir}/shim-v2-root_hash.txt
@ -1422,18 +1422,18 @@ handle_build() {
case ${build_target} in
kernel-nvidia-gpu)
files_to_push+=(
"kata-static-${build_target}-headers.tar.xz"
"kata-static-${build_target}-headers.tar.zst"
)
;;
kernel-nvidia-gpu-confidential)
files_to_push+=(
"kata-static-${build_target}-modules.tar.xz"
"kata-static-${build_target}-headers.tar.xz"
"kata-static-${build_target}-modules.tar.zst"
"kata-static-${build_target}-headers.tar.zst"
)
;;
kernel*-confidential)
files_to_push+=(
"kata-static-${build_target}-modules.tar.xz"
"kata-static-${build_target}-modules.tar.zst"
)
;;
shim-v2)

2
tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh
View File

@ -12,7 +12,7 @@ set -o pipefail
set -o errtrace
KATA_DEPLOY_DIR="`dirname ${0}`/../../kata-deploy"
KATA_DEPLOY_ARTIFACT="${1:-"kata-static.tar.xz"}"
KATA_DEPLOY_ARTIFACT="${1:-"kata-static.tar.zst"}"
REGISTRY="${2:-"quay.io/kata-containers/kata-deploy"}"
TAG="${3:-}"

8
tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh
View File

@ -16,7 +16,7 @@ repo_root_dir="$(cd "${this_script_dir}/../../../../" && pwd)"
kata_build_dir=${1:-build}
kata_versions_yaml_file=${2:-""}
tar_path="${PWD}/kata-static.tar.xz"
tar_path="${PWD}/kata-static.tar.zst"
kata_versions_yaml_file_path="${PWD}/${kata_versions_yaml_file}"
pushd "${kata_build_dir}"
@ -24,10 +24,10 @@ tarball_content_dir="${PWD}/kata-tarball-content"
rm -rf "${tarball_content_dir}"
mkdir "${tarball_content_dir}"
for c in kata-static-*.tar.xz
for c in kata-static-*.tar.zst
do
echo "untarring tarball \"${c}\" into ${tarball_content_dir}"
tar -xvf "${c}" -C "${tarball_content_dir}"
tar --zstd -xvf "${c}" -C "${tarball_content_dir}"
done
pushd "${tarball_content_dir}"
@ -46,5 +46,5 @@ pushd "${tarball_content_dir}"
popd
echo "create ${tar_path}"
(cd "${tarball_content_dir}"; tar cvfJ "${tar_path}" --owner=0 --group=0 .)
(cd "${tarball_content_dir}"; tar --zstd -cvf "${tar_path}" --owner=0 --group=0 .)
popd

2
tools/packaging/release/release.sh
View File

@ -164,7 +164,7 @@ function _upload_kata_static_tarball()
RELEASE_VERSION="$(_release_version)"
new_tarball_name="kata-static-${RELEASE_VERSION}-${ARCHITECTURE}.tar.xz"
new_tarball_name="kata-static-${RELEASE_VERSION}-${ARCHITECTURE}.tar.zst"
mv ${KATA_STATIC_TARBALL} "${new_tarball_name}"
echo "uploading asset '${new_tarball_name}' (${ARCHITECTURE}) for tag: ${RELEASE_VERSION}"
gh release upload "${RELEASE_VERSION}" "${new_tarball_name}"

2
utils/kata-manager.sh
View File

@ -219,7 +219,7 @@ github_get_release_file_url()
case "$url" in
*kata*)
regex="kata-static-${version}-${arch_regex}.tar.xz" ;;
regex="kata-static-${version}-${arch_regex}.tar.zst" ;;
*nerdctl*)
# Keep this *always* before the containerd check, as it comes from
# the very same containerd organisation on GitHub.