CCv0: Merge main into CCv0 branch

Weekly merge of new commits in main into CCv0 Fixes: #3259 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-08-28 12:31:04 +00:00 · 2021-12-13 11:55:56 +00:00 · 2021-12-13 11:55:56 +00:00 · e1ba87408c
commit e1ba87408c
parent a7b6d16c88 978b13c9e8
12 changed files with 74 additions and 50 deletions
--- a/docs/code-pr-advice.md
+++ b/docs/code-pr-advice.md
@ -165,7 +165,7 @@ Ensure any new trace spans added to the code are completed.
 Where possible, code changes should be accompanied by unit tests.
 Consider using the standard
-[table-based approach](https://github.com/kata-containers/tests/blob/main/Unit-Test-Advice.md)
+[table-based approach](Unit-Test-Advice.md)
 as it encourages you to make functions small and simple, and also
 allows you to think about what types of value to test.
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@ -118,18 +118,19 @@ parts:
      export AGENT_INIT=yes
      export USE_DOCKER=1
      export DEBUG=1
-      case "$(uname -m)" in
+      arch="$(uname -m)"
-        aarch64)
+      initrd_distro=$(${yq} r -X ${kata_dir}/versions.yaml assets.initrd.architecture.${arch}.name)
-          sudo -E PATH=$PATH make initrd DISTRO=alpine
+      image_distro=$(${yq} r -X ${kata_dir}/versions.yaml assets.image.architecture.${arch}.name)
-        ;;
+      case "$arch" in
        ppc64le|s390x)
          # Cannot use alpine on ppc64le/s390x because it would require a musl agent
          sudo -E PATH=$PATH make initrd DISTRO=ubuntu
        ;;
        x86_64)
          # In some build systems it's impossible to build a rootfs image, try with the initrd image
-          sudo -E PATH=$PATH make image DISTRO=clearlinux || sudo -E PATH=$PATH make initrd DISTRO=alpine
+          sudo -E PATH=$PATH make image DISTRO=${image_distro} || sudo -E PATH=$PATH make initrd DISTRO=${initrd_distro}
        ;;
        aarch64|ppc64le|s390x)
          sudo -E PATH=$PATH make initrd DISTRO=${initrd_distro}
        ;;
        *) echo "unsupported architecture: $(uname -m)"; exit 1;;
      esac
--- a/src/runtime/virtcontainers/factory/factory.go
+++ b/src/runtime/virtcontainers/factory/factory.go
@ -113,20 +113,23 @@ func resetHypervisorConfig(config *vc.VMConfig) {
 	config.HypervisorConfig.BootFromTemplate = false
 	config.HypervisorConfig.MemoryPath = ""
 	config.HypervisorConfig.DevicesStatePath = ""
 	config.HypervisorConfig.SharedPath = ""
 	config.HypervisorConfig.VMStorePath = ""
 	config.HypervisorConfig.RunStorePath = ""
 }
 // It's important that baseConfig and newConfig are passed by value!
-func checkVMConfig(config1, config2 vc.VMConfig) error {
+func checkVMConfig(baseConfig, newConfig vc.VMConfig) error {
-	if config1.HypervisorType != config2.HypervisorType {
+	if baseConfig.HypervisorType != newConfig.HypervisorType {
-		return fmt.Errorf("hypervisor type does not match: %s vs. %s", config1.HypervisorType, config2.HypervisorType)
+		return fmt.Errorf("hypervisor type does not match: %s vs. %s", baseConfig.HypervisorType, newConfig.HypervisorType)
 	}
 	// check hypervisor config details
-	resetHypervisorConfig(&config1)
+	resetHypervisorConfig(&baseConfig)
-	resetHypervisorConfig(&config2)
+	resetHypervisorConfig(&newConfig)
-	if !utils.DeepCompare(config1, config2) {
+	if !utils.DeepCompare(baseConfig, newConfig) {
-		return fmt.Errorf("hypervisor config does not match, base: %+v. new: %+v", config1, config2)
+		return fmt.Errorf("hypervisor config does not match, base: %+v. new: %+v", baseConfig, newConfig)
 	}
 	return nil
--- a/src/runtime/virtcontainers/factory/template/template.go
+++ b/src/runtime/virtcontainers/factory/template/template.go
@ -163,6 +163,10 @@ func (t *template) createFromTemplateVM(ctx context.Context, c vc.VMConfig) (*vc
 	config.HypervisorConfig.BootFromTemplate = true
 	config.HypervisorConfig.MemoryPath = t.statePath + "/memory"
 	config.HypervisorConfig.DevicesStatePath = t.statePath + "/state"
 	config.HypervisorConfig.SharedPath = c.HypervisorConfig.SharedPath
 	config.HypervisorConfig.VMStorePath = c.HypervisorConfig.VMStorePath
 	config.HypervisorConfig.RunStorePath = c.HypervisorConfig.RunStorePath
 	return vc.NewVM(ctx, config)
 }
--- a/src/runtime/virtcontainers/kata_agent.go
+++ b/src/runtime/virtcontainers/kata_agent.go
@ -910,7 +910,7 @@ func setupStorages(ctx context.Context, sandbox *Sandbox) []*grpc.Storage {
 }
 func (k *kataAgent) stopSandbox(ctx context.Context, sandbox *Sandbox) error {
-	span, ctx := katatrace.Trace(ctx, k.Logger(), "StopVM", kataAgentTracingTags)
+	span, ctx := katatrace.Trace(ctx, k.Logger(), "stopSandbox", kataAgentTracingTags)
 	defer span.End()
 	req := &grpc.DestroySandboxRequest{}
--- a/src/runtime/virtcontainers/qemu.go
+++ b/src/runtime/virtcontainers/qemu.go
@ -984,9 +984,11 @@ func (q *qemu) StopVM(ctx context.Context, waitOnly bool) error {
 		}
 	}
 	if q.config.SharedFS == config.VirtioFS {
 		if err := q.stopVirtiofsd(ctx); err != nil {
 			return err
 		}
 	}
 	return nil
 }
--- a/tools/osbuilder/image-builder/image_builder.sh
+++ b/tools/osbuilder/image-builder/image_builder.sh
@ -79,14 +79,15 @@ Usage: ${script_name} [options] <rootfs-dir>
 Options:
 	-h Show this help
-	-o path to generate image file ENV: IMAGE
+	-o Path to generate image file. ENV: IMAGE
-	-r Free space of the root partition in MB ENV: ROOT_FREE_SPACE
+	-r Free space of the root partition in MB. ENV: ROOT_FREE_SPACE
 	-f Filesystem type to use, only xfs and ext4 are supported. ENV: FS_TYPE
 Extra environment variables:
 	AGENT_BIN:      Use it to change the expected agent binary name
 	AGENT_INIT:     Use kata agent as init process
 	BLOCK_SIZE:     Use to specify the size of blocks in bytes. DEFAULT: 4096
 	IMAGE_REGISTRY: Hostname for the image registry used to pull down the rootfs build image.
 	FS_TYPE:        Filesystem type to use. Only xfs and ext4 are supported.
 	NSDAX_BIN:      Use to specify path to pre-compiled 'nsdax' tool.
 	USE_DOCKER:     If set will build image in a Docker Container (requries docker)
 	                DEFAULT: not set
@ -137,13 +138,16 @@ build_with_container() {
 	image_dir=$(readlink -f "$(dirname "${image}")")
 	image_name=$(basename "${image}")
-	REGISTRY_ARG=""
+	engine_build_args=""
 	if [ -n "${IMAGE_REGISTRY}" ]; then
-		REGISTRY_ARG="--build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
+		engine_build_args+=" --build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
 	fi
 	if [ -n "${USE_PODMAN}" ]; then
 		engine_build_args+=" --runtime ${DOCKER_RUNTIME}"
 	fi
 	"${container_engine}" build  \
-		   ${REGISTRY_ARG} \
+		   ${engine_build_args} \
 		   --build-arg http_proxy="${http_proxy}" \
 		   --build-arg https_proxy="${https_proxy}" \
 		   -t "${container_image_name}" "${script_dir}"
--- a/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in
+++ b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in
@ -4,7 +4,7 @@
 # SPDX-License-Identifier: Apache-2.0
 ARG IMAGE_REGISTRY=docker.io
-FROM ${IMAGE_REGISTRY}/alpine:3.13.5
+FROM ${IMAGE_REGISTRY}/alpine:3.15
 RUN apk update && apk add \
    apk-tools-static \
--- a/tools/osbuilder/rootfs-builder/alpine/config.sh
+++ b/tools/osbuilder/rootfs-builder/alpine/config.sh
@ -5,13 +5,13 @@
 OS_NAME="Alpine"
-OS_VERSION=${OS_VERSION:-latest-stable}
+OS_VERSION=${OS_VERSION:-3.15}
 BASE_PACKAGES="alpine-base"
 # Alpine mirror to use
 # See a list of mirrors at http://nl.alpinelinux.org/alpine/MIRRORS.txt
-MIRROR=http://dl-5.alpinelinux.org/alpine
+MIRROR=https://dl-5.alpinelinux.org/alpine
 PACKAGES=""
--- a/tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh
+++ b/tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh
@ -9,6 +9,8 @@
 #
 # - Optional environment variables
 #
 # EXTRA_PKGS: Variable to add extra PKGS provided by the user
 #
 # BIN_AGENT: Name of the Kata-Agent binary
 #
 # Any other configuration variable for a specific distro must be added
@ -22,13 +24,20 @@ build_rootfs() {
 	# Mandatory
 	local ROOTFS_DIR=$1
 	# Add extra packages to the rootfs when specified
 	local EXTRA_PKGS=${EXTRA_PKGS:-}
 	# Populate ROOTFS_DIR
 	check_root
 	mkdir -p "${ROOTFS_DIR}"
-	rm -rf ${ROOTFS_DIR}/var/tmp
+	/sbin/apk.static \
-	cp -a -r -f /bin /etc /lib /sbin /usr /var ${ROOTFS_DIR}
+	    -X ${MIRROR}/v${OS_VERSION}/main \
-	mkdir -p ${ROOTFS_DIR}{/root,/proc,/dev,/home,/media,/mnt,/opt,/run,/srv,/sys,/tmp}
+	    -U \
 	    --allow-untrusted \
 	    --root ${ROOTFS_DIR} \
 	    --initdb add ${BASE_PACKAGES} ${EXTRA_PKGS} ${PACKAGES}
-	echo "${MIRROR}/${OS_VERSION}/main" >  ${ROOTFS_DIR}/etc/apk/repositories
+	mkdir -p ${ROOTFS_DIR}{/root,/etc/apk,/proc}
 	echo "${MIRROR}/v${OS_VERSION}/main" >  ${ROOTFS_DIR}/etc/apk/repositories
 }
--- a/tools/osbuilder/rootfs-builder/rootfs.sh
+++ b/tools/osbuilder/rootfs-builder/rootfs.sh
@ -373,23 +373,24 @@ build_rootfs_distro()
 		info "build directly"
 		build_rootfs ${ROOTFS_DIR}
 	else
 		engine_build_args=""
 		if [ -n "${USE_DOCKER}" ]; then
 			container_engine="docker"
 		elif [ -n "${USE_PODMAN}" ]; then
 			container_engine="podman"
 			engine_build_args+=" --runtime ${DOCKER_RUNTIME}"
 		fi
 		image_name="${distro}-rootfs-osbuilder"
 		REGISTRY_ARG=""
 		if [ -n "${IMAGE_REGISTRY}" ]; then
-			REGISTRY_ARG="--build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
+			engine_build_args+=" --build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
 		fi
 		# setup to install rust here
 		generate_dockerfile "${distro_config_dir}"
 		"$container_engine" build  \
-			${REGISTRY_ARG} \
+			${engine_build_args} \
 			--build-arg http_proxy="${http_proxy}" \
 			--build-arg https_proxy="${https_proxy}" \
 			-t "${image_name}" "${distro_config_dir}"
@ -397,21 +398,21 @@ build_rootfs_distro()
 		# fake mapping if KERNEL_MODULES_DIR is unset
 		kernel_mod_dir=${KERNEL_MODULES_DIR:-${ROOTFS_DIR}}
-		docker_run_args=""
+		engine_run_args=""
-		docker_run_args+=" --rm"
+		engine_run_args+=" --rm"
 		# apt sync scans all possible fds in order to close them, incredibly slow on VMs
-		docker_run_args+=" --ulimit nofile=262144:262144"
+		engine_run_args+=" --ulimit nofile=262144:262144"
-		docker_run_args+=" --runtime ${DOCKER_RUNTIME}"
+		engine_run_args+=" --runtime ${DOCKER_RUNTIME}"
 		if [ -z "${AGENT_SOURCE_BIN}" ] ; then
-			docker_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}"
+			engine_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}"
 		else
-			docker_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}"
+			engine_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}"
-			docker_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}"
+			engine_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}"
-			docker_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}"
+			engine_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}"
 		fi
-		docker_run_args+=" $(docker_extra_args $distro)"
+		engine_run_args+=" $(docker_extra_args $distro)"
 		# Relabel volumes so SELinux allows access (see docker-run(1))
 		if command -v selinuxenabled > /dev/null && selinuxenabled ; then
@ -456,7 +457,7 @@ build_rootfs_distro()
 			-v "${ROOTFS_DIR}":"/rootfs" \
 			-v "${script_dir}/../scripts":"/scripts" \
 			-v "${kernel_mod_dir}":"${kernel_mod_dir}" \
-			$docker_run_args \
+			$engine_run_args \
 			${image_name} \
 			bash /kata-containers/tools/osbuilder/rootfs-builder/rootfs.sh "${distro}"
--- a/versions.yaml
+++ b/versions.yaml
@ -141,11 +141,11 @@ assets:
        name: &default-initrd-name "ubuntu"
        version: &default-initrd-version "20.04"
      ppc64le:
-        name: *default-initrd-name
+        name: &glibc-initrd-name "ubuntu"
-        version: *default-initrd-version
+        version: &glibc-initrd-version "20.04"
      s390x:
-        name: *default-initrd-name
+        name: *glibc-initrd-name
-        version: *default-initrd-version
+        version: *glibc-initrd-version
      x86_64:
        name: *default-initrd-name
        version: *default-initrd-version