github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-27 19:35:32 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11142 from fidencio/topic/build-scripts-improvements-for-users

Browse Source 
build: User-facing improvements for the build scripts
This commit is contained in:
Fabiano Fidêncio 2025-04-14 19:28:12 +02:00 committed by GitHub
commit bfd4b98355
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 67 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@ -32,6 +32,7 @@ SELINUX=${SELINUX:-"no"}
AGENT_POLICY=${AGENT_POLICY:-no} AGENT_POLICY=${AGENT_POLICY:-no}
AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN:-""} AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN:-""}
AGENT_TARBALL=${AGENT_TARBALL:-""} AGENT_TARBALL=${AGENT_TARBALL:-""}
GUEST_HOOKS_TARBALL="${GUEST_HOOKS_TARBALL:-}"
COCO_GUEST_COMPONENTS_TARBALL=${COCO_GUEST_COMPONENTS_TARBALL:-""} COCO_GUEST_COMPONENTS_TARBALL=${COCO_GUEST_COMPONENTS_TARBALL:-""}
CONFIDENTIAL_GUEST="${CONFIDENTIAL_GUEST:-no}" CONFIDENTIAL_GUEST="${CONFIDENTIAL_GUEST:-no}"
PAUSE_IMAGE_TARBALL=${PAUSE_IMAGE_TARBALL:-""} PAUSE_IMAGE_TARBALL=${PAUSE_IMAGE_TARBALL:-""}
@ -520,6 +521,11 @@ build_rootfs_distro()
engine_run_args+=" -v $(dirname ${PAUSE_IMAGE_TARBALL}):$(dirname ${PAUSE_IMAGE_TARBALL})" engine_run_args+=" -v $(dirname ${PAUSE_IMAGE_TARBALL}):$(dirname ${PAUSE_IMAGE_TARBALL})"
fi fi
if [[ -n "${GUEST_HOOKS_TARBALL}" ]]; then
engine_run_args+=" --env GUEST_HOOKS_TARBALL=${GUEST_HOOKS_TARBALL}"
engine_run_args+=" -v $(dirname ${GUEST_HOOKS_TARBALL}):$(dirname ${GUEST_HOOKS_TARBALL})"
fi
engine_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}" engine_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}"
engine_run_args+=" $(docker_extra_args $distro)" engine_run_args+=" $(docker_extra_args $distro)"
@ -784,6 +790,11 @@ EOF
ln -sf "${policy_file_name}" "${policy_dir}/default-policy.rego" ln -sf "${policy_file_name}" "${policy_dir}/default-policy.rego"
fi fi
if [[ -n "${GUEST_HOOKS_TARBALL}" ]]; then
info "Install the ${GUEST_HOOKS_TARBALL} guest hooks"
tar xvJpf "${GUEST_HOOKS_TARBALL}" -C "${ROOTFS_DIR}"
fi
info "Check init is installed" info "Check init is installed"
[ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" [ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}"
OK "init is installed" OK "init is installed"

7
tools/packaging/guest-image/build_image.sh
View File

@ -21,6 +21,7 @@ readonly osbuilder_dir="$(cd "${repo_root_dir}/tools/osbuilder" && pwd)"
export GOPATH=${GOPATH:-${HOME}/go} export GOPATH=${GOPATH:-${HOME}/go}
export AGENT_TARBALL=${AGENT_TARBALL:-} export AGENT_TARBALL=${AGENT_TARBALL:-}
export GUEST_HOOKS_TARBALL="${GUEST_HOOKS_TARBALL:-}"
ARCH=${ARCH:-$(uname -m)} ARCH=${ARCH:-$(uname -m)}
if [ $(uname -m) == "${ARCH}" ]; then if [ $(uname -m) == "${ARCH}" ]; then
@ -48,7 +49,8 @@ build_initrd() {
AGENT_POLICY="${AGENT_POLICY:-}" \ AGENT_POLICY="${AGENT_POLICY:-}" \
PULL_TYPE="${PULL_TYPE:-default}" \ PULL_TYPE="${PULL_TYPE:-default}" \
COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" \ COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" \
PAUSE_IMAGE_TARBALL="${PAUSE_IMAGE_TARBALL:-}" PAUSE_IMAGE_TARBALL="${PAUSE_IMAGE_TARBALL:-}" \
GUEST_HOOKS_TARBALL="${GUEST_HOOKS_TARBALL}"
if [[ "${image_initrd_suffix}" == "nvidia-gpu"* ]]; then if [[ "${image_initrd_suffix}" == "nvidia-gpu"* ]]; then
nvidia_driver_version=$(cat "${builddir}"/initrd-image/*/nvidia_driver_version) nvidia_driver_version=$(cat "${builddir}"/initrd-image/*/nvidia_driver_version)
@ -77,7 +79,8 @@ build_image() {
AGENT_POLICY="${AGENT_POLICY:-}" \ AGENT_POLICY="${AGENT_POLICY:-}" \
PULL_TYPE="${PULL_TYPE:-default}" \ PULL_TYPE="${PULL_TYPE:-default}" \
COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" \ COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" \
PAUSE_IMAGE_TARBALL="${PAUSE_IMAGE_TARBALL:-}" PAUSE_IMAGE_TARBALL="${PAUSE_IMAGE_TARBALL:-}" \
GUEST_HOOKS_TARBALL="${GUEST_HOOKS_TARBALL}"
if [[ "${image_initrd_suffix}" == "nvidia-gpu"* ]]; then if [[ "${image_initrd_suffix}" == "nvidia-gpu"* ]]; then
nvidia_driver_version=$(cat "${builddir}"/rootfs-image/*/nvidia_driver_version) nvidia_driver_version=$(cat "${builddir}"/rootfs-image/*/nvidia_driver_version)

6
tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
View File

@ -105,6 +105,9 @@ USE_CACHE="${USE_CACHE:-}"
BUSYBOX_CONF_FILE=${BUSYBOX_CONF_FILE:-} BUSYBOX_CONF_FILE=${BUSYBOX_CONF_FILE:-}
NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK:-}" NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK:-}"
KBUILD_SIGN_PIN=${KBUILD_SIGN_PIN:-} KBUILD_SIGN_PIN=${KBUILD_SIGN_PIN:-}
GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME:-}"
EXTRA_PKGS="${EXTRA_PKGS:-}"
AGENT_POLICY="${AGENT_POLICY:-yes}"
docker run \ docker run \
-v $HOME/.docker:/root/.docker \ -v $HOME/.docker:/root/.docker \
@ -137,6 +140,9 @@ docker run \
--env BUSYBOX_CONF_FILE="${BUSYBOX_CONF_FILE}" \ --env BUSYBOX_CONF_FILE="${BUSYBOX_CONF_FILE}" \
--env NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK}" \ --env NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK}" \
--env KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN}" \ --env KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN}" \
--env GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME}" \
--env EXTRA_PKGS="${EXTRA_PKGS}" \
--env AGENT_POLICY="${AGENT_POLICY}" \
--env AA_KBC="${AA_KBC:-}" \ --env AA_KBC="${AA_KBC:-}" \
--env HKD_PATH="$(realpath "${HKD_PATH:-}" 2> /dev/null || true)" \ --env HKD_PATH="$(realpath "${HKD_PATH:-}" 2> /dev/null || true)" \
--env SE_KERNEL_PARAMS="${SE_KERNEL_PARAMS:-}" \ --env SE_KERNEL_PARAMS="${SE_KERNEL_PARAMS:-}" \

48
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@ -49,6 +49,9 @@ ARTEFACT_REGISTRY="${ARTEFACT_REGISTRY:-ghcr.io}"
ARTEFACT_REPOSITORY="${ARTEFACT_REPOSITORY:-kata-containers}" ARTEFACT_REPOSITORY="${ARTEFACT_REPOSITORY:-kata-containers}"
ARTEFACT_REGISTRY_USERNAME="${ARTEFACT_REGISTRY_USERNAME:-}" ARTEFACT_REGISTRY_USERNAME="${ARTEFACT_REGISTRY_USERNAME:-}"
ARTEFACT_REGISTRY_PASSWORD="${ARTEFACT_REGISTRY_PASSWORD:-}" ARTEFACT_REGISTRY_PASSWORD="${ARTEFACT_REGISTRY_PASSWORD:-}"
GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME:-}"
EXTRA_PKGS="${EXTRA_PKGS:-}"
AGENT_POLICY="${AGENT_POLICY:-yes}"
TARGET_BRANCH="${TARGET_BRANCH:-main}" TARGET_BRANCH="${TARGET_BRANCH:-main}"
PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-}" PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-}"
KERNEL_HEADERS_PKG_TYPE="${KERNEL_HEADERS_PKG_TYPE:-deb}" KERNEL_HEADERS_PKG_TYPE="${KERNEL_HEADERS_PKG_TYPE:-deb}"
@ -311,6 +314,13 @@ get_pause_image_tarball_path() {
echo "${pause_image_local_build_dir}/${pause_image_tarball_name}" echo "${pause_image_local_build_dir}/${pause_image_tarball_name}"
} }
get_guest_hooks_tarball_path() {
guest_hooks_local_build_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build"
guest_hooks_tarball_name="${GUEST_HOOKS_TARBALL_NAME}"
echo "${guest_hooks_local_build_dir}/${guest_hooks_tarball_name}"
}
get_latest_pause_image_artefact_and_builder_image_version() { get_latest_pause_image_artefact_and_builder_image_version() {
local pause_image_repo="$(get_from_kata_deps ".externals.pause.repo")" local pause_image_repo="$(get_from_kata_deps ".externals.pause.repo")"
local pause_image_version=$(get_from_kata_deps ".externals.pause.version") local pause_image_version=$(get_from_kata_deps ".externals.pause.version")
@ -384,7 +394,15 @@ install_image() {
fi fi
export AGENT_TARBALL=$(get_agent_tarball_path) export AGENT_TARBALL=$(get_agent_tarball_path)
export AGENT_POLICY=yes export AGENT_POLICY
if [[ -n "${GUEST_HOOKS_TARBALL_NAME}" ]]; then
export GUEST_HOOKS_TARBALL="$(get_guest_hooks_tarball_path)"
fi
if [[ -n "${EXTRA_PKGS}" ]]; then
export EXTRA_PKGS
fi
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}" "${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
} }
@ -466,7 +484,15 @@ install_initrd() {
fi fi
export AGENT_TARBALL=$(get_agent_tarball_path) export AGENT_TARBALL=$(get_agent_tarball_path)
export AGENT_POLICY=yes export AGENT_POLICY
if [[ -n "${GUEST_HOOKS_TARBALL_NAME}" ]]; then
export GUEST_HOOKS_TARBALL="$(get_guest_hooks_tarball_path)"
fi
if [[ -n "${EXTRA_PKGS}" ]]; then
export EXTRA_PKGS
fi
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}" "${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
} }
@ -499,24 +525,24 @@ install_initrd_confidential() {
# #
# Install NVIDIA GPU image # Install NVIDIA GPU image
install_image_nvidia_gpu() { install_image_nvidia_gpu() {
export AGENT_POLICY="yes" export AGENT_POLICY
export EXTRA_PKGS="apt" EXTRA_PKGS="apt ${EXTRA_PKGS}"
NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute,dcgm"} NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute,dcgm"}
install_image "nvidia-gpu" install_image "nvidia-gpu"
} }
# Install NVIDIA GPU initrd # Install NVIDIA GPU initrd
install_initrd_nvidia_gpu() { install_initrd_nvidia_gpu() {
export AGENT_POLICY="yes" export AGENT_POLICY
export EXTRA_PKGS="apt" EXTRA_PKGS="apt ${EXTRA_PKGS}"
NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute,dcgm"} NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute,dcgm"}
install_initrd "nvidia-gpu" install_initrd "nvidia-gpu"
} }
# Instal NVIDIA GPU confidential image # Instal NVIDIA GPU confidential image
install_image_nvidia_gpu_confidential() { install_image_nvidia_gpu_confidential() {
export AGENT_POLICY="yes" export AGENT_POLICY
export EXTRA_PKGS="apt" EXTRA_PKGS="apt ${EXTRA_PKGS}"
# TODO: export MEASURED_ROOTFS=yes # TODO: export MEASURED_ROOTFS=yes
NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute"} NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute"}
install_image "nvidia-gpu-confidential" install_image "nvidia-gpu-confidential"
@ -524,8 +550,8 @@ install_image_nvidia_gpu_confidential() {
# Install NVIDIA GPU confidential initrd # Install NVIDIA GPU confidential initrd
install_initrd_nvidia_gpu_confidential() { install_initrd_nvidia_gpu_confidential() {
export AGENT_POLICY="yes" export AGENT_POLICY
export EXTRA_PKGS="apt" EXTRA_PKGS="apt ${EXTRA_PKGS}"
# TODO: export MEASURED_ROOTFS=yes # TODO: export MEASURED_ROOTFS=yes
NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute"} NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"latest,compute"}
install_initrd "nvidia-gpu-confidential" install_initrd "nvidia-gpu-confidential"
@ -937,7 +963,7 @@ install_agent() {
export GPERF_URL="$(get_from_kata_deps ".externals.gperf.url")" export GPERF_URL="$(get_from_kata_deps ".externals.gperf.url")"
info "build static agent" info "build static agent"
DESTDIR="${destdir}" AGENT_POLICY="yes" PULL_TYPE=${PULL_TYPE} "${agent_builder}" DESTDIR="${destdir}" AGENT_POLICY="${AGENT_POLICY}" PULL_TYPE=${PULL_TYPE} "${agent_builder}"
} }
install_coco_guest_components() { install_coco_guest_components() {

11
versions.yaml
View File

@ -364,9 +364,14 @@ externals:
virtiofsd: virtiofsd:
description: "vhost-user virtio-fs device backend written in Rust" description: "vhost-user virtio-fs device backend written in Rust"
url: "https://gitlab.com/virtio-fs/virtiofsd" url: "https://gitlab.com/virtio-fs/virtiofsd"
# v1.13.0 + seccomp patch allowing the tkill syscall version: "v1.13.1"
version: "cecc61bca981ab42aae6ec490dfd59965e79025e" toolchain: "1.80.0"
toolchain: "1.83.0" meta:
# From https://gitlab.com/virtio-fs/virtiofsd/-/releases/v1.13.1,
# this is the link labelled virtiofsd-v1.13.1.zip
#
# yamllint disable-line rule:line-length
binary: "https://gitlab.com/-/project/21523468/uploads/05d4925181301a59b8c322cd9f9d44a7/virtiofsd-v1.13.1.zip"
xurls: xurls:
description: | description: |