Switching sev build of ovmf to the cc fork until patches are upstreamed.
Adding build for dependencies
Fixes: #5892
Signed-off-by: Alex Carter <Alex.Carter@ibm.com>
As already done for install_cc_kernel(), let's ensure we export
KATA_BUILD_CC=yes as part of the install_cc_tee_kernel.
This is used to generate the hash of the devices in the initramfs.
Fixes: #5845
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's move the info about building initramfs to *after* trying to
install the cached components.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
This PR allow us to use the virtiofsd cache tarball instead of
building it from source.
Fixes#5356
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Exclude the image-rs cosign feature when the build target
is the s390x architecture.
Change Cargo to use workspace resolver 2 so that conditional
include for the image-rs crate is resolved correctly for different
targets.
Update cargo lock.
Fixes: #5582
Signed-off-by: Matthew Arnold <mattarno@uk.ibm.com>
It seems that the Kata Containers jenkins may be very slow to reach from
behind the firewall, causing TDX machine to fail downloading some of the
cached artefacts.
With this in mind, let's switch to using wget for this specific case.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's avoid getting into a dir and risking not being able to leave that
dir in case something fails.
Instead, let's just stay in the current dir and move the final tarball
to the exoected directory in case all the checks go as expected.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
With the cached version we're concatenating the td-shim version with the
toolchain version used to build the project.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's add a documentation about the environment variables that can be
used with the `-k` and `-q` options.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The `qemu_script_dir` is a leftover from before the rework on how we
cache the components.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
As we're already doing for some components, let's also add support for
caching firmwares. TD-Shim and TDVF are the ones supported for now.
Fixes: #5360, #5361
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
We should use {} instead of () when passing the component version to the
install_cached_component() function.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
asserts -> assets
stastic -> static
Those were not caught during the first merge of the series as we didn't
have CI jobs testing for the TEE artefacts.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
We're currently building Cloud Hypervusor with thE TDX feature
regardless of using with TDX or not.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The name of the asset was wrong, "cloud-hypervisor" instead of
"hypervisor.cloud_hypervsior", generating an empty "latest" file.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The final cloud hypervisor tarball name is either
kata-static-cc-cloud-hypervisor.tar.xz or
kata-static-cc-tdx-cloud-hypervisor.tar.xz, meaning it uses
"cloud-hypervisor" instead of "clh" in the name.
Fixes: #5816
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Also added crate `runtime-rs/crates/runtimes` as dependency as it's
immediately depended upon by the `direct-volume` feature, see issue
5341 and PR 5467.
Fixes#5810
Signed-off-by: Tingzhou Yuan <tzyuan15@bu.edu>
Let's check for the cached version of the components as part of the
kata-deploy-binaries.sh as here we already have the needed info for
checking whether a component is cached or not, and to use it without
depending on changes made on each one of the builder scripts.
Fixes: #5816
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Call cargo in root's HOME may lead to permission error, should
call cargo installed in user's HOME/PATH.
Fixes: #5813
Signed-off-by: Bin Liu <bin@hyper.sh>
Now we are supporting two runtime/shim, the go version,
and the rust version, for debug purposes, we can
add an identification in the version info
to tell us which runtime/shim is used.
Fixes: #5806
Signed-off-by: Bin Liu <bin@hyper.sh>
Instead of caching files generated during the component build, let's
cache the final tarball generated for each component.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's do this as the component name will be re-used later on, when we
start checking whether a cached component needs to be rebuilt or not.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
This is used in several parts of the code, and can have a single
declaration as part of the `lib.sh` file, which is already imported by
all the places where it's used.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
We're going to use this function from different places, so we better
move it to lib.sh and avoid rewriting it.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
