github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-20 00:48:04 +00:00
Code Issues Projects Releases Wiki Activity

osbuilder: Remove option to build skopeo, umoci

Browse Source 
Now we don't need to have skopeo and umoci in the rootfs
remove the code that optionally builds and installs them

Fixes: #3970
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman 2023-01-16 11:34:20 +00:00
parent ee5fb8c998
commit dd2d6a94f1
4 changed files with 3 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tools/osbuilder/rootfs-builder/README.md
View File

@ -187,9 +187,3 @@ To add additional packages, use one of the following methods:
Once the rootfs directory is created, you can add and remove files as Once the rootfs directory is created, you can add and remove files as
needed. Changes affect the files included in the final guest image. needed. Changes affect the files included in the final guest image.
#### Confidential containers support
When building the rootfs for confidential containers if `SKOPEO=yes` is set then the `skopeo`
package is built and added into the rootfs.
If `UMOCI=yes` is set then the `umoci` package is built and added into the rootfs.

49
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@ -157,23 +157,9 @@ USE_PODMAN If set and USE_DOCKER not set, then build the rootfs inside
a podman container (requires podman). a podman container (requires podman).
Default value: <not set> Default value: <not set>
SKOPEO If set to "yes", build Skopeo for confidential
containers guest image pull. Currently, this is only
supported for Ubuntu guests; see
https://github.com/kata-containers/kata-containers/pull/2908
for discussion.
Default value: <not set>
UMOCI If set to "yes", build and umoci for confidential
containers guest image unpack. Currently, this is only
supported for Ubuntu guests; see
https://github.com/kata-containers/kata-containers/pull/2908
for discussion.
Default value: <not set>
AA_KBC Key broker client module for attestation-agent. This is AA_KBC Key broker client module for attestation-agent. This is
required for confidential containers. Requires UMOCI required for confidential containers.
to be set. See https://github.com/containers/attestation-agent See https://github.com/containers/attestation-agent
for more information on available modules. for more information on available modules.
Default value: <not set> Default value: <not set>
@ -464,8 +450,6 @@ build_rootfs_distro()
--env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \
--env OS_VERSION="${OS_VERSION}" \ --env OS_VERSION="${OS_VERSION}" \
--env INSIDE_CONTAINER=1 \ --env INSIDE_CONTAINER=1 \
--env SKOPEO="${SKOPEO}" \
--env UMOCI="${UMOCI}" \
--env AA_KBC="${AA_KBC}" \ --env AA_KBC="${AA_KBC}" \
--env KATA_BUILD_CC="${KATA_BUILD_CC}" \ --env KATA_BUILD_CC="${KATA_BUILD_CC}" \
--env SECCOMP="${SECCOMP}" \ --env SECCOMP="${SECCOMP}" \
@ -669,17 +653,6 @@ EOF
info "Create /etc/resolv.conf file in rootfs if not exist" info "Create /etc/resolv.conf file in rootfs if not exist"
touch "$dns_file" touch "$dns_file"
if [ "${SKOPEO}" = "yes" ]; then
skopeo_url="$(get_package_version_from_kata_yaml externals.skopeo.url)"
skopeo_branch="$(get_package_version_from_kata_yaml externals.skopeo.branch)"
info "Install skopeo"
git clone "${skopeo_url}" --branch "${skopeo_branch}"
pushd skopeo
make bin/skopeo
install -o root -g root -m 0755 bin/skopeo "${ROOTFS_DIR}/usr/bin/"
popd
fi
if [ -n "${AA_KBC}" ]; then if [ -n "${AA_KBC}" ]; then
if [ "${AA_KBC}" == "offline_sev_kbc" ]; then if [ "${AA_KBC}" == "offline_sev_kbc" ]; then
info "Adding agent config for ${AA_KBC}" info "Adding agent config for ${AA_KBC}"
@ -715,24 +688,6 @@ EOF
popd popd
fi fi
if [ "${UMOCI}" = "yes" ]; then
case "$ARCH" in
aarch64) GOARCH=arm64;;
x86_64) GOARCH=amd64;;
*) GOARCH="$ARCH"
esac
export GOARCH
umoci_url="$(get_package_version_from_kata_yaml externals.umoci.url)"
umoci_tag="$(get_package_version_from_kata_yaml externals.umoci.tag)"
info "Install umoci"
git clone "${umoci_url}" --branch "${umoci_tag}"
pushd umoci
make
install -o root -g root -m 0755 umoci "${ROOTFS_DIR}/usr/local/bin/"
popd
fi
if [ "${KATA_BUILD_CC}" == "yes" ]; then if [ "${KATA_BUILD_CC}" == "yes" ]; then
info "Integrate pause image inside rootfs for CC" info "Integrate pause image inside rootfs for CC"
pause_repo="$(get_package_version_from_kata_yaml externals.pause.repo)" pause_repo="$(get_package_version_from_kata_yaml externals.pause.repo)"

1
tools/osbuilder/rootfs-builder/ubuntu/config.sh
View File

@ -9,7 +9,6 @@ PACKAGES="chrony iptables dbus kmod"
[ "$AGENT_INIT" = no ] && PACKAGES+=" init" [ "$AGENT_INIT" = no ] && PACKAGES+=" init"
[ "$KATA_BUILD_CC" = yes ] && PACKAGES+=" cryptsetup-bin e2fsprogs" [ "$KATA_BUILD_CC" = yes ] && PACKAGES+=" cryptsetup-bin e2fsprogs"
[ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp2" [ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp2"
[ "$SKOPEO" = yes ] && PACKAGES+=" libgpgme11 libdevmapper1.02.1"
REPO_URL=http://ports.ubuntu.com REPO_URL=http://ports.ubuntu.com
case "$ARCH" in case "$ARCH" in

16
tools/osbuilder/scripts/lib.sh
View File

@ -207,22 +207,6 @@ ${extra}
agent-is-init-daemon: "${AGENT_INIT}" agent-is-init-daemon: "${AGENT_INIT}"
EOF EOF
if [ "${SKOPEO}" = "yes" ]; then
cat >> "${file}" <<-EOF
skopeo:
url: "${skopeo_url}"
version: "${skopeo_branch}"
EOF
fi
if [ "${UMOCI}" = "yes" ]; then
cat >> "${file}" <<-EOF
umoci:
url: "${umoci_url}"
version: "${umoci_tag}"
EOF
fi
if [ -n "${AA_KBC}" ]; then if [ -n "${AA_KBC}" ]; then
cat >> "${file}" <<-EOF cat >> "${file}" <<-EOF
attestation-agent: attestation-agent: