github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-27 20:18:57 +00:00
Code Issues Projects Releases Wiki Activity

rootfs: Add COCO_GUEST_COMPONENTS_TARBALL env var

Browse Source 
This env ver will serve us to pass the Confidential Containers
guest-components tarball to the rootfs builder, which will then just
unpack the content into the rootfs.

Fixes: #8848 -- part I

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Signed-off-by: Linda Yu <linda.yu@intel.com>
Co-authored-by: stevenhorsman <steven@uk.ibm.com>
Co-authored-by: Jakob Naucke <jakob.naucke@ibm.com>
Co-authored-by: Wang, Arron <arron.wang@intel.com>
Co-authored-by: zhouliang121 <liang.a.zhou@linux.alibaba.com>
Co-authored-by: Alex Carter <alex.carter@ibm.com>
Co-authored-by: Suraj Deshmukh <suraj.deshmukh@microsoft.com>
Co-authored-by: Xynnn007 <xynnn@linux.alibaba.com>
This commit is contained in:
Fabiano Fidêncio 2024-01-26 16:11:58 +01:00
parent 644abde35c
commit fbfc880eb6
No known key found for this signature in database
GPG Key ID: EE926C2BDACC177B
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@ -28,6 +28,7 @@ LIBC=${LIBC:-musl}
SECCOMP=${SECCOMP:-"yes"} SECCOMP=${SECCOMP:-"yes"}
SELINUX=${SELINUX:-"no"} SELINUX=${SELINUX:-"no"}
AGENT_POLICY=${AGENT_POLICY:-no} AGENT_POLICY=${AGENT_POLICY:-no}
COCO_GUEST_COMPONENTS_TARBALL=${COCO_GUEST_COMPONENTS_TARBALL:-""}
lib_file="${script_dir}/../scripts/lib.sh" lib_file="${script_dir}/../scripts/lib.sh"
source "$lib_file" source "$lib_file"
@ -143,6 +144,11 @@ ARCH Target architecture (according to \`uname -m\`).
and glibc agents. and glibc agents.
Default value: $(uname -m) Default value: $(uname -m)
COCO_GUEST_COMPONENTS_TARBALL Path to the kata-coco-guest-components.tar.xz tarball to be unpacked inside the
rootfs.
If set, the tarball will be unpacked onto the rootfs.
Default value: <not set>
DISTRO_REPO Use host repositories to install guest packages. DISTRO_REPO Use host repositories to install guest packages.
Default value: <not set> Default value: <not set>
@ -772,6 +778,10 @@ EOF
[ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" [ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}"
OK "init is installed" OK "init is installed"
if [ -n "${COCO_GUEST_COMPONENTS_TARBALL}" ] ; then
tar xvJpf ${COCO_GUEST_COMPONENTS_TARBALL} -C ${ROOTFS_DIR}
fi
# Create an empty /etc/resolv.conf, to allow agent to bind mount container resolv.conf to Kata VM # Create an empty /etc/resolv.conf, to allow agent to bind mount container resolv.conf to Kata VM
dns_file="${ROOTFS_DIR}/etc/resolv.conf" dns_file="${ROOTFS_DIR}/etc/resolv.conf"
if [ -L "$dns_file" ]; then if [ -L "$dns_file" ]; then

6
tools/packaging/guest-image/build_image.sh
View File

@ -44,7 +44,8 @@ build_initrd() {
USE_DOCKER=1 \ USE_DOCKER=1 \
AGENT_TARBALL="${AGENT_TARBALL}" \ AGENT_TARBALL="${AGENT_TARBALL}" \
AGENT_INIT="yes" \ AGENT_INIT="yes" \
AGENT_POLICY="${AGENT_POLICY:-}" AGENT_POLICY="${AGENT_POLICY:-}" \
COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}"
mv "kata-containers-initrd.img" "${install_dir}/${artifact_name}" mv "kata-containers-initrd.img" "${install_dir}/${artifact_name}"
( (
cd "${install_dir}" cd "${install_dir}"
@ -63,7 +64,8 @@ build_image() {
IMG_OS_VERSION="${os_version}" \ IMG_OS_VERSION="${os_version}" \
ROOTFS_BUILD_DEST="${builddir}/rootfs-image" \ ROOTFS_BUILD_DEST="${builddir}/rootfs-image" \
AGENT_TARBALL="${AGENT_TARBALL}" \ AGENT_TARBALL="${AGENT_TARBALL}" \
AGENT_POLICY="${AGENT_POLICY:-}" AGENT_POLICY="${AGENT_POLICY:-}" \
COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}"
mv -f "kata-containers.img" "${install_dir}/${artifact_name}" mv -f "kata-containers.img" "${install_dir}/${artifact_name}"
if [ -e "root_hash.txt" ]; then if [ -e "root_hash.txt" ]; then
cp root_hash.txt "${install_dir}/" cp root_hash.txt "${install_dir}/"