From fbfc880eb6b90d8f07e09d216c976733e0c3d2f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 26 Jan 2024 16:11:58 +0100 Subject: [PATCH] rootfs: Add COCO_GUEST_COMPONENTS_TARBALL env var MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This env ver will serve us to pass the Confidential Containers guest-components tarball to the rootfs builder, which will then just unpack the content into the rootfs. Fixes: #8848 -- part I Signed-off-by: Fabiano FidĂȘncio Signed-off-by: Linda Yu Co-authored-by: stevenhorsman Co-authored-by: Jakob Naucke Co-authored-by: Wang, Arron Co-authored-by: zhouliang121 Co-authored-by: Alex Carter Co-authored-by: Suraj Deshmukh Co-authored-by: Xynnn007 --- tools/osbuilder/rootfs-builder/rootfs.sh | 10 ++++++++++ tools/packaging/guest-image/build_image.sh | 6 ++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index b13acb2751..72cdcdeae6 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -28,6 +28,7 @@ LIBC=${LIBC:-musl} SECCOMP=${SECCOMP:-"yes"} SELINUX=${SELINUX:-"no"} AGENT_POLICY=${AGENT_POLICY:-no} +COCO_GUEST_COMPONENTS_TARBALL=${COCO_GUEST_COMPONENTS_TARBALL:-""} lib_file="${script_dir}/../scripts/lib.sh" source "$lib_file" @@ -143,6 +144,11 @@ ARCH Target architecture (according to \`uname -m\`). and glibc agents. Default value: $(uname -m) +COCO_GUEST_COMPONENTS_TARBALL Path to the kata-coco-guest-components.tar.xz tarball to be unpacked inside the + rootfs. + If set, the tarball will be unpacked onto the rootfs. + Default value: + DISTRO_REPO Use host repositories to install guest packages. Default value: @@ -772,6 +778,10 @@ EOF [ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" OK "init is installed" + if [ -n "${COCO_GUEST_COMPONENTS_TARBALL}" ] ; then + tar xvJpf ${COCO_GUEST_COMPONENTS_TARBALL} -C ${ROOTFS_DIR} + fi + # Create an empty /etc/resolv.conf, to allow agent to bind mount container resolv.conf to Kata VM dns_file="${ROOTFS_DIR}/etc/resolv.conf" if [ -L "$dns_file" ]; then diff --git a/tools/packaging/guest-image/build_image.sh b/tools/packaging/guest-image/build_image.sh index 4367cfaae9..00c52b866c 100755 --- a/tools/packaging/guest-image/build_image.sh +++ b/tools/packaging/guest-image/build_image.sh @@ -44,7 +44,8 @@ build_initrd() { USE_DOCKER=1 \ AGENT_TARBALL="${AGENT_TARBALL}" \ AGENT_INIT="yes" \ - AGENT_POLICY="${AGENT_POLICY:-}" + AGENT_POLICY="${AGENT_POLICY:-}" \ + COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" mv "kata-containers-initrd.img" "${install_dir}/${artifact_name}" ( cd "${install_dir}" @@ -63,7 +64,8 @@ build_image() { IMG_OS_VERSION="${os_version}" \ ROOTFS_BUILD_DEST="${builddir}/rootfs-image" \ AGENT_TARBALL="${AGENT_TARBALL}" \ - AGENT_POLICY="${AGENT_POLICY:-}" + AGENT_POLICY="${AGENT_POLICY:-}" \ + COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" mv -f "kata-containers.img" "${install_dir}/${artifact_name}" if [ -e "root_hash.txt" ]; then cp root_hash.txt "${install_dir}/"