Now we don't need to have skopeo and umoci in the rootfs
remove the code that optionally builds and installs them
Fixes: #3970
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
- Remove the container_policy_file config parameter as it was only used
by the skopeo code path
Fixes: #3970
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
The attestation-agent had its v0.3.0 release earlier Today, following
the Confidential Containers v0.3.0 release process.
Let's bump it on our side, as we've already tested the version that
became this release.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
image-rs has released its v0.3.0 release earlier Today, following the
v0.3.0 Confidential Containers release process.
The v0.3.0 is based on exactly the same commit we've been using already,
so no changes are expected for us.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
TD-Shim has released its v0.3.0 release earlier Today, following the
Confidential Containers v0.3.0 release.
Let's update it here. We need to also bump the toolchain to using the
nightly-2022-11-15
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
With `disable_netns=true`, we should never scan the sandbox netns which
is the host netns in such case.
Fixes: #6021
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Cherry-picked: 12fd6ff
As the toolchain is installed in the image itself, we *must* take the
toolchain into consideration when deciding whether to use a cached image
or building a new one.
Fixes: #6033
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Bug fix for #5651. Faulty bash syntax let a initrd build complete, but not copy the kernel module.
This change fixes the if logic to work as an 'or' as intended.
Fixes: #6024
Signed-off-by: Alex Carter <Alex.Carter@ibm.com>
In `src/tools/kata-ctl/src/check.rs`, there is a function
`get_kata_version_by_url` in the tests mod,
indeed we can use the `get_kata_all_releases_by_url` in the main mod
to replace it.
Fixes: #5981
Signed-off-by: Bin Liu <bin@hyper.sh>
This is needed in order to have Moby / Docker working properly with
Cloud Hypervisor, as Moby / Docker relies on hotplugging a network
device to the VM as a preStartHook.
Fixes: #5997
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
THe only bit needed for having the vmAddNetPutRequest() capable of
dealing with hotplugs, instead of only coldplugs, is making sure it
doesn't error out in case a `200` response is returned.
The 200 response means:
"""
The new device was successfully added to the VM instance.
"""
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Fixes: #5995
Placeholder skeleton at this point - implementation will be added after
basic build refactoring lands.
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Signed-off-by: Danny Canter <danny@dcantah.dev>
Fixes: #5990
Some signals may not be defined on non Linux host OSes, like
SIGSTKFLT for example. It's also not defined on certain architectures,
but irrelevant for this.
Signed-off-by: Samuel Ortiz <s.ortiz@apple.com>
Signed-off-by: Danny Canter <danny@dcantah.dev>
Fixes: #5983
sched-core only makes sense on Linux hosts. Let's add stub/error for
other platforms.
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Signed-off-by: Danny Canter <danny@dcantah.dev>
Fixes: #5985
With nydus not being its own pkg, it is challenging to implement cleanly
in a virtcontainers package that isn't necesarily Linux-only. The
existing code utilizes network namespace code in order to ensure nydus
is launched in the host netns. This is very Linux specific - so let's
make sure we only carry this out in a linux specific file.
In the Darwin case, to allow for compilation at least, let's add a stub
for doNetNS. Ideally the nydus and vc code can be refactored /
decoupled.
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Signed-off-by: Danny Canter <danny@dcantah.dev>
When `HOST_ARCH` != `ARCH` unset `CC`
Specifying a foreign CC is incompatible with building libgit2. Thus after the RUSTFLAGS linker
has been set we can safely unset CC to avoid passing this value through the build.
Fixes: #5890
Signed-off-by: James Tumber <james.tumber@ibm.com>
Cherry-picked: 087515a
