diff --git a/src/agent/rustjail/src/mount.rs b/src/agent/rustjail/src/mount.rs index c36f840714..dd980530d0 100644 --- a/src/agent/rustjail/src/mount.rs +++ b/src/agent/rustjail/src/mount.rs @@ -780,7 +780,7 @@ fn mount_from( Path::new(&dest).parent().unwrap() }; - let _ = fs::create_dir_all(&dir).map_err(|e| { + fs::create_dir_all(&dir).map_err(|e| { log_child!( cfd_log, "create dir {}: {}", diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs index 750a838b72..1a1bce4364 100644 --- a/src/agent/src/main.rs +++ b/src/agent/src/main.rs @@ -209,7 +209,7 @@ async fn real_main() -> std::result::Result<(), Box> { if config.log_level == slog::Level::Trace { // Redirect ttrpc log calls to slog iff full debug requested - ttrpc_log_guard = Ok(slog_stdlog::init().map_err(|e| e)?); + ttrpc_log_guard = Ok(slog_stdlog::init()?); } if config.tracing { diff --git a/src/libs/kata-sys-util/src/mount.rs b/src/libs/kata-sys-util/src/mount.rs index 66e47998fb..2bc8c07a5a 100644 --- a/src/libs/kata-sys-util/src/mount.rs +++ b/src/libs/kata-sys-util/src/mount.rs @@ -739,18 +739,15 @@ pub fn umount_all>(mountpoint: P, lazy_umount: bool) -> Result<() } loop { - match umount2(mountpoint.as_ref(), lazy_umount) { - Err(e) => { - // EINVAL is returned if the target is not a mount point, indicating that we are - // done. It can also indicate a few other things (such as invalid flags) which we - // unfortunately end up squelching here too. - if e.kind() == io::ErrorKind::InvalidInput { - break; - } else { - return Err(Error::Umount(mountpoint.as_ref().to_path_buf(), e)); - } + if let Err(e) = umount2(mountpoint.as_ref(), lazy_umount) { + // EINVAL is returned if the target is not a mount point, indicating that we are + // done. It can also indicate a few other things (such as invalid flags) which we + // unfortunately end up squelching here too. + if e.kind() == io::ErrorKind::InvalidInput { + break; + } else { + return Err(Error::Umount(mountpoint.as_ref().to_path_buf(), e)); } - Ok(()) => (), } } diff --git a/src/libs/logging/src/lib.rs b/src/libs/logging/src/lib.rs index 2c90b5bd0f..d72292a2c4 100644 --- a/src/libs/logging/src/lib.rs +++ b/src/libs/logging/src/lib.rs @@ -551,7 +551,7 @@ mod tests { // Used to check file contents before the temp file is unlinked let mut writer_ref = writer .reopen() - .unwrap_or_else(|e| panic!("{:?}: failed to clone tempfile, {}", msg, e)); + .unwrap_or_else(|_| panic!("{:?}: failed to clone tempfile", msg)); let (logger, logger_guard) = create_logger(name, source, d.slog_level, writer); @@ -565,11 +565,11 @@ mod tests { let mut contents = String::new(); writer_ref .read_to_string(&mut contents) - .unwrap_or_else(|e| panic!("{:?}: failed to read tempfile contents, {}", msg, e)); + .unwrap_or_else(|_| panic!("{:?}: failed to read tempfile contents", msg)); // Convert file to JSON let fields: Value = serde_json::from_str(&contents) - .unwrap_or_else(|e| panic!("{:?}: failed to convert logfile to json, {}", msg, e)); + .unwrap_or_else(|_| panic!("{:?}: failed to convert logfile to json", msg)); // Check the expected JSON fields diff --git a/src/runtime-rs/crates/shim/src/logger.rs b/src/runtime-rs/crates/shim/src/logger.rs index fc82df73d4..50ba891fb3 100644 --- a/src/runtime-rs/crates/shim/src/logger.rs +++ b/src/runtime-rs/crates/shim/src/logger.rs @@ -35,7 +35,7 @@ pub(crate) fn set_logger(path: &str, sid: &str, is_debug: bool) -> Result Result<()> { let (logger, _guard) = logging::create_logger(name, crate_name!(), log_level, writer); let timeout_nano: i64 = match args.value_of("timeout") { - Some(t) => utils::human_time_to_ns(t).map_err(|e| e)?, + Some(t) => utils::human_time_to_ns(t)?, None => 0, }; diff --git a/src/tools/agent-ctl/src/utils.rs b/src/tools/agent-ctl/src/utils.rs index bd094df170..b24c277534 100644 --- a/src/tools/agent-ctl/src/utils.rs +++ b/src/tools/agent-ctl/src/utils.rs @@ -684,7 +684,7 @@ fn oci_to_ttrpc(bundle_dir: &str, cid: &str, oci: &ociSpec) -> Result let root = match &oci.root { Some(r) => { - let ttrpc_root = root_oci_to_ttrpc(bundle_dir, r).map_err(|e| e)?; + let ttrpc_root = root_oci_to_ttrpc(bundle_dir, r)?; protobuf::SingularPtrField::some(ttrpc_root) } diff --git a/src/tools/runk/src/commands/delete.rs b/src/tools/runk/src/commands/delete.rs index f84c79d08a..4884c02914 100644 --- a/src/tools/runk/src/commands/delete.rs +++ b/src/tools/runk/src/commands/delete.rs @@ -72,13 +72,10 @@ pub async fn run(opts: Delete, root: &Path, logger: &Logger) -> Result<()> { } _ => { if opts.force { - match kill(Pid::from_raw(status.pid), Some(Signal::SIGKILL)) { - Err(errno) => { - if errno != Errno::ESRCH { - return Err(anyhow!("{}", errno)); - } + if let Err(errno) = kill(Pid::from_raw(status.pid), Some(Signal::SIGKILL)) { + if errno != Errno::ESRCH { + return Err(anyhow!("{}", errno)); } - Ok(()) => {} } destroy_container(&status)?; } else { diff --git a/src/tools/runk/src/commands/list.rs b/src/tools/runk/src/commands/list.rs index dbd4277551..ef39042047 100644 --- a/src/tools/runk/src/commands/list.rs +++ b/src/tools/runk/src/commands/list.rs @@ -9,6 +9,7 @@ use libcontainer::status::{get_current_container_state, Status}; use liboci_cli::List; use oci::ContainerState; use slog::{info, Logger}; +use std::fmt::Write as _; use std::{fs, os::unix::prelude::MetadataExt, path::Path}; use std::{io, io::Write}; use tabwriter::TabWriter; @@ -48,15 +49,16 @@ pub fn run(_: List, root: &Path, logger: &Logger) -> Result<()> { Some(user) => String::from(user.name().to_string_lossy()), None => format!("#{}", metadata.uid()), }; - content.push_str(&format!( - "{}\t{}\t{}\t{}\t{}\t{}\n", + let _ = writeln!( + content, + "{}\t{}\t{}\t{}\t{}\t{}", container_id, pid, get_container_state_name(state), status.bundle.display(), status.created, owner - )); + ); } let mut tab_writer = TabWriter::new(io::stdout()); diff --git a/tools/packaging/static-build/td-shim/Dockerfile b/tools/packaging/static-build/td-shim/Dockerfile new file mode 100644 index 0000000000..ed9270ca4a --- /dev/null +++ b/tools/packaging/static-build/td-shim/Dockerfile @@ -0,0 +1,23 @@ +# Copyright (c) 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +FROM ubuntu:20.04 +ENV DEBIAN_FRONTEND=noninteractive +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +ARG RUST_TOOLCHAIN + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + clang \ + curl \ + gcc \ + git \ + llvm \ + nasm && \ + apt-get clean && rm -rf /var/lib/lists/ && \ + curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} && \ + source "$HOME/.cargo/env" && \ + rustup component add rust-src && \ + cargo install cargo-xbuild diff --git a/tools/packaging/static-build/td-shim/build-td-shim.sh b/tools/packaging/static-build/td-shim/build-td-shim.sh new file mode 100755 index 0000000000..ed933c007e --- /dev/null +++ b/tools/packaging/static-build/td-shim/build-td-shim.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# +# Copyright (c) 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "${script_dir}/../../scripts/lib.sh" + +tdshim_repo="${tdshim_repo:-}" +DESTDIR=${DESTDIR:-${PWD}} +PREFIX="${PREFIX:-/opt/kata}" + +[ -n "${tdshim_repo}" ] || die "Failed to get TD-shim repo" +[ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit" + +info "Build ${tdshim_repo} version: ${tdshim_version}" + +source ${HOME}/.cargo/env + +build_root=$(mktemp -d) +pushd ${build_root} +git clone --single-branch "${tdshim_repo}" +pushd td-shim +git checkout "${tdshim_version}" +bash sh_script/build_final.sh boot_kernel + +install_dir="${DESTDIR}/${PREFIX}/share/td-shim" +mkdir -p ${install_dir} +install target/x86_64-unknown-uefi/release/final-boot-kernel.bin ${install_dir}/td-shim.bin +popd #td-shim +popd #${build_root} + +pushd ${DESTDIR} +tar -czvf "td-shim.tar.gz" "./$PREFIX" +rm -rf $(dirname ./$PREFIX) +popd #${DESTDIR} diff --git a/tools/packaging/static-build/td-shim/build.sh b/tools/packaging/static-build/td-shim/build.sh new file mode 100755 index 0000000000..580c4a3376 --- /dev/null +++ b/tools/packaging/static-build/td-shim/build.sh @@ -0,0 +1,45 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)" +readonly tdshim_builder="${script_dir}/build-td-shim.sh" + +source "${script_dir}/../../scripts/lib.sh" + +DESTDIR=${DESTDIR:-${PWD}} +PREFIX=${PREFIX:-/opt/kata} +container_image="kata-td-shim-builder" +kata_version="${kata_version:-}" +tdshim_repo="${tdshim_repo:-}" +tdshim_version="${tdshim_version:-}" +tdshim_toolchain="${tdshim_toolchain:-}" +package_output_dir="${package_output_dir:-}" + +[ -n "${tdshim_repo}" ] || tdshim_repo=$(get_from_kata_deps "externals.td-shim.url" "${kata_version}") +[ -n "${tdshim_version}" ] || tdshim_version=$(get_from_kata_deps "externals.td-shim.version" "${kata_version}") +[ -n "${tdshim_toolchain}" ] || tdshim_toolchain=$(get_from_kata_deps "externals.td-shim.toolchain" "${kata_version}") + +[ -n "${tdshim_repo}" ] || die "Failed to get TD-shim repo" +[ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit" +[ -n "${tdshim_toolchain}" ] || die "Failed to get TD-shim toolchain to be used to build the project" + +sudo docker build \ + --build-arg RUST_TOOLCHAIN="${tdshim_toolchain}" \ + -t "${container_image}" "${script_dir}" + +sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ + -w "${PWD}" \ + --env DESTDIR="${DESTDIR}" \ + --env PREFIX="${PREFIX}" \ + --env tdshim_repo="${tdshim_repo}" \ + --env tdshim_version="${tdshim_version}" \ + "${container_image}" \ + bash -c "${tdshim_builder}" diff --git a/versions.yaml b/versions.yaml index 5d61c2f8c9..181d1afe5f 100644 --- a/versions.yaml +++ b/versions.yaml @@ -262,6 +262,12 @@ externals: package: "OvmfPkg/AmdSev/AmdSevX64.dsc" package_output_dir: "AmdSev" + td-shim: + description: "Confidential Containers Shim Firmware" + url: "https://github.com/confidential-containers/td-shim" + version: "5f62a0e367b1845a54e534d103ed4a697a599ac3" + toolchain: "nightly-2022-04-07" + virtiofsd: description: "vhost-user virtio-fs device backend written in Rust" url: "https://gitlab.com/virtio-fs/virtiofsd" @@ -294,12 +300,12 @@ languages: rust: description: "Rust language" notes: "'version' is the default minimum version used by this project." - version: "1.58.1" + version: "1.62.0" meta: description: | 'newest-version' is the latest version known to work when building Kata - newest-version: "1.58.1" + newest-version: "1.62.0" golangci-lint: description: "golangci-lint"