Add arguments and files as needed, if only of them
changes the build will start from the change and
not from scratch.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Add docker ARG to provide a date to invalid cache, if the date changes
the image will be rebuild. This is required to keep build dependencies
with security fixes, but still take advantage of build qemu faster using
docker cache.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Today we apply patches per base branch. Having
two qemu versions in a similar base version can make
can have problems if one of the trees already has a patch.
If a patch is needed only for one specific tag/commit
add only the patch to that version.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
newQemuHypervisorConfig() sets it to an empty slice. We have to set the
same in the test config otherwise it is nil and reflect DeepEqual would
fail.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/vcmock
virtcontainers/pkg/vcmock/container.go:19:10: cannot use c.MockSandbox
(type *Sandbox) as type virtcontainers.VCSandbox in return argument:
*Sandbox does not implement virtcontainers.VCSandbox (missing
GetHypervisorPid method)
github.com/kata-containers/kata-containers/src/runtime/pkg/katautils
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When kata used multiple repositories, versions file was
downloaded. This is not needed anymore as the file is part
of the same repository.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Make use of the `const` values for error messages that were previously
only used for the unit tests. This guarantees consistency.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Fail if not patches directory is found. Help to prevent
build a new qemu version with missing patches.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Only use 'version' key to build qemu..
The version could be used as any valid target:
branch, tag or commit.
Using different keys to build is confusing.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Some patches has conflicts with old experimental kernel. Move patches to its own specific version.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
This fixes the guide to work with the Kata 2.0 repos and provide more
details on how to verify with ctr and kubernetes.
Fixes: #1362
Signed-off-by: Adams, Eric <eric.adams@intel.com>
Validate the container ID as we cannot / should not rely on the
container manager / runtime to do this.
Fixes: #1520.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Validate the container ID as we cannot rely on the container manager
doing this.
Fixes: #1520.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
To make debugging and testing easier, allow the ttRPC server address to
be specified via `/proc/cmdline` as `agent.server_addr=`.
Fixes: #1516.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Modify calls in unit tests to use context since many functions were
updated to accept local context to fix trace span ordering.
Fixes#1355
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Add rootCtx to service struct in shimv2 to use as parent of spans
created in shimv2 for a more organized trace ouput.
Fixes#1355
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
A significant number of trace calls did not use a parent context that
would create proper span ordering in trace output. Add local context to
functions for use in trace calls to facilitate proper span ordering.
Additionally, change whether trace function returns context in some
functions in virtcontainers and use existing context rather than
background context in bindMount() so that span exists as a child of a
parent span.
Fixes#1355
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Some variable are initialized in the Makefile, but never used.
Removing them to clean up the Makefile.
Fixes: #1003
Signed-off-by: Julien Ropé <jrope@redhat.com>
Look at the provided cgroup path to determine whether systemd is being
used to manage the cgroups. With this, systemd cgroups are being detected
and created appropriately for the sandbox.
Fixes: #599
Signed-off-by: Eric Ernsteernst <eric@amperecomputing.com>
(forward port of https://github.com/kata-containers/runtime/pull/2817)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Since we are now detecting, no longer to keep this state.
Signed-off-by: Eric Ernsteernst <eric@amperecomputing.com>
(forward port of https://github.com/kata-containers/runtime/pull/2817)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Commit 81607e34 updated src/agent/rustjail/Cargo.toml, to remove an
unneeded dependency. That causes cargo to update src/agent/Cargo.lock
on each build. However, the change to Cargo.lock wasn't checked in
meaning anyone working on the agent code will get bogus diffs with every
build. Check in the missing file to fix this.
fixes#1505
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Currently the the configure-hypervisor.sh doesn't set any optimization flag when
compiling QEMU >= 5.2.0 since the configure script will implicitly set -O2 on Ubuntu. But
on other environments, for example CentOS 7, it won't be set any optimization and this
results on the compiler warn:
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
To avoid this inconsistent behavior across different build environments, let's explicitly
set the -O2 flag.
Reported-by: Eric Ernst <eric.g.ernst@gmail.com>
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This contain to fixes for the virtiofsd on snap:
* removed the "-/usr/libexec" so that virtiofsd is copied to prime
* The configuration.toml expects virtiofsd in /usr/libexec/kata-qemu so it should be passed "kata-qemu"
to configure_hypervisor.sh script and it wil configure to install the executable onto the right directory.
Fixes#1238
Depends-on: github.com/kata-containers/kata-containers#1349
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Extra groups were not being handled when exec'ing. Ensure
that these are handled.
Before this, running a pod with:
```
...snippet...
securityContext:
fsGroup: 266
runAsGroup: 51020
runAsUser: 264
```
And then exec'ing would not supply the fsGroup:
```
$ kubectl exec -it kata-bb -- sh -c id
uid=264 gid=51020
```
Fixes: #1500
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Since the crate dirs::home_dir function depends on the
libc's api: getpwuid_r, but this api function wouldn't
be static linked on glibc, thus we'd better to figure
out an alternative way to get the home dir from /etc/passwd.
For much more info about this glibc's issue, please see:
https://sourceware.org/bugzilla/show_bug.cgi?id=19341.
This commit read and parse the "/etc/passwd" directly and
fetch the corresponding uid's home dir.
Fixes: #675
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
