Merge pull request #4791 from openanolis/runtime-rs-merge-main-1

runtime-rs: merge main to runtime-rs
2025-08-19 00:17:54 +00:00 · 2022-08-03 11:00:54 +08:00 · 2022-08-03 11:00:54 +08:00 · b337390c28
commit b337390c28
parent 993ae24080 7247575fa2
13 changed files with 141 additions and 30 deletions
--- a/src/agent/rustjail/src/mount.rs
+++ b/src/agent/rustjail/src/mount.rs
@ -780,7 +780,7 @@ fn mount_from(
            Path::new(&dest).parent().unwrap()
        };

-        let _ = fs::create_dir_all(&dir).map_err(|e| {
+        fs::create_dir_all(&dir).map_err(|e| {
            log_child!(
                cfd_log,
                "create dir {}: {}",
--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@ -209,7 +209,7 @@ async fn real_main() -> std::result::Result<(), Box<dyn std::error::Error>> {

    if config.log_level == slog::Level::Trace {
        // Redirect ttrpc log calls to slog iff full debug requested
-        ttrpc_log_guard = Ok(slog_stdlog::init().map_err(|e| e)?);
+        ttrpc_log_guard = Ok(slog_stdlog::init()?);
    }

    if config.tracing {
--- a/src/libs/kata-sys-util/src/mount.rs
+++ b/src/libs/kata-sys-util/src/mount.rs
@ -739,18 +739,15 @@ pub fn umount_all<P: AsRef<Path>>(mountpoint: P, lazy_umount: bool) -> Result<()
    }

    loop {
-        match umount2(mountpoint.as_ref(), lazy_umount) {
-            Err(e) => {
-                // EINVAL is returned if the target is not a mount point, indicating that we are
-                // done. It can also indicate a few other things (such as invalid flags) which we
-                // unfortunately end up squelching here too.
-                if e.kind() == io::ErrorKind::InvalidInput {
-                    break;
-                } else {
-                    return Err(Error::Umount(mountpoint.as_ref().to_path_buf(), e));
-                }
+        if let Err(e) = umount2(mountpoint.as_ref(), lazy_umount) {
+            // EINVAL is returned if the target is not a mount point, indicating that we are
+            // done. It can also indicate a few other things (such as invalid flags) which we
+            // unfortunately end up squelching here too.
+            if e.kind() == io::ErrorKind::InvalidInput {
+                break;
+            } else {
+                return Err(Error::Umount(mountpoint.as_ref().to_path_buf(), e));
            }
-            Ok(()) => (),
        }
    }

--- a/src/libs/logging/src/lib.rs
+++ b/src/libs/logging/src/lib.rs
@ -551,7 +551,7 @@ mod tests {
            // Used to check file contents before the temp file is unlinked
            let mut writer_ref = writer
                .reopen()
-                .unwrap_or_else(|e| panic!("{:?}: failed to clone tempfile, {}", msg, e));
+                .unwrap_or_else(|_| panic!("{:?}: failed to clone tempfile", msg));

            let (logger, logger_guard) = create_logger(name, source, d.slog_level, writer);

@ -565,11 +565,11 @@ mod tests {
            let mut contents = String::new();
            writer_ref
                .read_to_string(&mut contents)
-                .unwrap_or_else(|e| panic!("{:?}: failed to read tempfile contents, {}", msg, e));
+                .unwrap_or_else(|_| panic!("{:?}: failed to read tempfile contents", msg));

            // Convert file to JSON
            let fields: Value = serde_json::from_str(&contents)
-                .unwrap_or_else(|e| panic!("{:?}: failed to convert logfile to json, {}", msg, e));
+                .unwrap_or_else(|_| panic!("{:?}: failed to convert logfile to json", msg));

            // Check the expected JSON fields

--- a/src/runtime-rs/crates/shim/src/logger.rs
+++ b/src/runtime-rs/crates/shim/src/logger.rs
@ -35,7 +35,7 @@ pub(crate) fn set_logger(path: &str, sid: &str, is_debug: bool) -> Result<slog_a
    } else {
        log::Level::Info
    };
-    let _ = slog_stdlog::init_with_level(level).context(format!("init with level {}", level))?;
+    slog_stdlog::init_with_level(level).context(format!("init with level {}", level))?;

    Ok(async_guard)
 }
--- a/src/tools/agent-ctl/src/main.rs
+++ b/src/tools/agent-ctl/src/main.rs
@ -163,7 +163,7 @@ fn connect(name: &str, global_args: clap::ArgMatches) -> Result<()> {
    let (logger, _guard) = logging::create_logger(name, crate_name!(), log_level, writer);

    let timeout_nano: i64 = match args.value_of("timeout") {
-        Some(t) => utils::human_time_to_ns(t).map_err(|e| e)?,
+        Some(t) => utils::human_time_to_ns(t)?,
        None => 0,
    };

--- a/src/tools/agent-ctl/src/utils.rs
+++ b/src/tools/agent-ctl/src/utils.rs
@ -684,7 +684,7 @@ fn oci_to_ttrpc(bundle_dir: &str, cid: &str, oci: &ociSpec) -> Result<ttrpcSpec>

    let root = match &oci.root {
        Some(r) => {
-            let ttrpc_root = root_oci_to_ttrpc(bundle_dir, r).map_err(|e| e)?;
+            let ttrpc_root = root_oci_to_ttrpc(bundle_dir, r)?;

            protobuf::SingularPtrField::some(ttrpc_root)
        }
--- a/src/tools/runk/src/commands/delete.rs
+++ b/src/tools/runk/src/commands/delete.rs
@ -72,13 +72,10 @@ pub async fn run(opts: Delete, root: &Path, logger: &Logger) -> Result<()> {
        }
        _ => {
            if opts.force {
-                match kill(Pid::from_raw(status.pid), Some(Signal::SIGKILL)) {
-                    Err(errno) => {
-                        if errno != Errno::ESRCH {
-                            return Err(anyhow!("{}", errno));
-                        }
+                if let Err(errno) = kill(Pid::from_raw(status.pid), Some(Signal::SIGKILL)) {
+                    if errno != Errno::ESRCH {
+                        return Err(anyhow!("{}", errno));
                    }
-                    Ok(()) => {}
                }
                destroy_container(&status)?;
            } else {
--- a/src/tools/runk/src/commands/list.rs
+++ b/src/tools/runk/src/commands/list.rs
@ -9,6 +9,7 @@ use libcontainer::status::{get_current_container_state, Status};
 use liboci_cli::List;
 use oci::ContainerState;
 use slog::{info, Logger};
+use std::fmt::Write as _;
 use std::{fs, os::unix::prelude::MetadataExt, path::Path};
 use std::{io, io::Write};
 use tabwriter::TabWriter;
@ -48,15 +49,16 @@ pub fn run(_: List, root: &Path, logger: &Logger) -> Result<()> {
            Some(user) => String::from(user.name().to_string_lossy()),
            None => format!("#{}", metadata.uid()),
        };
-        content.push_str(&format!(
-            "{}\t{}\t{}\t{}\t{}\t{}\n",
+        let _ = writeln!(
+            content,
+            "{}\t{}\t{}\t{}\t{}\t{}",
            container_id,
            pid,
            get_container_state_name(state),
            status.bundle.display(),
            status.created,
            owner
-        ));
+        );
    }

    let mut tab_writer = TabWriter::new(io::stdout());
--- a/tools/packaging/static-build/td-shim/Dockerfile
+++ b/tools/packaging/static-build/td-shim/Dockerfile
@ -0,0 +1,23 @@
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM ubuntu:20.04
+ENV DEBIAN_FRONTEND=noninteractive
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+ARG RUST_TOOLCHAIN
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        ca-certificates \
+        clang \
+        curl \
+        gcc \
+        git \
+        llvm \
+        nasm && \
+    apt-get clean && rm -rf /var/lib/lists/ && \
+    curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} && \
+    source "$HOME/.cargo/env" && \
+    rustup component add rust-src && \
+    cargo install cargo-xbuild
--- a/tools/packaging/static-build/td-shim/build-td-shim.sh
+++ b/tools/packaging/static-build/td-shim/build-td-shim.sh
@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "${script_dir}/../../scripts/lib.sh"
+
+tdshim_repo="${tdshim_repo:-}"
+DESTDIR=${DESTDIR:-${PWD}}
+PREFIX="${PREFIX:-/opt/kata}"
+
+[ -n "${tdshim_repo}" ] || die "Failed to get TD-shim repo"
+[ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit"
+
+info "Build ${tdshim_repo} version: ${tdshim_version}"
+
+source ${HOME}/.cargo/env
+
+build_root=$(mktemp -d)
+pushd ${build_root}
+git clone --single-branch "${tdshim_repo}"
+pushd td-shim
+git checkout "${tdshim_version}"
+bash sh_script/build_final.sh boot_kernel
+
+install_dir="${DESTDIR}/${PREFIX}/share/td-shim"
+mkdir -p ${install_dir}
+install target/x86_64-unknown-uefi/release/final-boot-kernel.bin ${install_dir}/td-shim.bin
+popd #td-shim
+popd #${build_root}
+
+pushd ${DESTDIR}
+tar -czvf "td-shim.tar.gz" "./$PREFIX"
+rm -rf $(dirname ./$PREFIX)
+popd #${DESTDIR}
--- a/tools/packaging/static-build/td-shim/build.sh
+++ b/tools/packaging/static-build/td-shim/build.sh
@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)"
+readonly tdshim_builder="${script_dir}/build-td-shim.sh"
+
+source "${script_dir}/../../scripts/lib.sh"
+
+DESTDIR=${DESTDIR:-${PWD}}
+PREFIX=${PREFIX:-/opt/kata}
+container_image="kata-td-shim-builder"
+kata_version="${kata_version:-}"
+tdshim_repo="${tdshim_repo:-}"
+tdshim_version="${tdshim_version:-}"
+tdshim_toolchain="${tdshim_toolchain:-}"
+package_output_dir="${package_output_dir:-}"
+
+[ -n "${tdshim_repo}" ] || tdshim_repo=$(get_from_kata_deps "externals.td-shim.url" "${kata_version}")
+[ -n "${tdshim_version}" ] || tdshim_version=$(get_from_kata_deps "externals.td-shim.version" "${kata_version}")
+[ -n "${tdshim_toolchain}" ] || tdshim_toolchain=$(get_from_kata_deps "externals.td-shim.toolchain" "${kata_version}")
+
+[ -n "${tdshim_repo}" ] || die "Failed to get TD-shim repo"
+[ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit"
+[ -n "${tdshim_toolchain}" ] || die "Failed to get TD-shim toolchain to be used to build the project"
+
+sudo docker build \
+	--build-arg RUST_TOOLCHAIN="${tdshim_toolchain}" \
+	-t "${container_image}" "${script_dir}"
+
+sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+	-w "${PWD}" \
+	--env DESTDIR="${DESTDIR}" \
+	--env PREFIX="${PREFIX}" \
+	--env tdshim_repo="${tdshim_repo}" \
+	--env tdshim_version="${tdshim_version}" \
+	"${container_image}" \
+	bash -c "${tdshim_builder}"
--- a/versions.yaml
+++ b/versions.yaml
@ -262,6 +262,12 @@ externals:
      package: "OvmfPkg/AmdSev/AmdSevX64.dsc"
      package_output_dir: "AmdSev"

+  td-shim:
+    description: "Confidential Containers Shim Firmware"
+    url: "https://github.com/confidential-containers/td-shim"
+    version: "5f62a0e367b1845a54e534d103ed4a697a599ac3"
+    toolchain: "nightly-2022-04-07"
+
  virtiofsd:
    description: "vhost-user virtio-fs device backend written in Rust"
    url: "https://gitlab.com/virtio-fs/virtiofsd"
@ -294,12 +300,12 @@ languages:
  rust:
    description: "Rust language"
    notes: "'version' is the default minimum version used by this project."
-    version: "1.58.1"
+    version: "1.62.0"
    meta:
      description: |
        'newest-version' is the latest version known to work when
        building Kata
-      newest-version: "1.58.1"
+      newest-version: "1.62.0"

  golangci-lint:
    description: "golangci-lint"