If initrd_builder.sh fails partway through it may not be possible to run
it again without creating a new rootfs.
This happens because initrd_builder.sh checks for the presence of
/sbin/init and refuses to run if it is missing. Later on, the script
moves /sbin/init to /init, where the kernel expects to find it in an
initramfs. After this step initrd_builder.sh will refuse to run again
since /sbin/init is now missing.
Create a symlink from /init to /sbin/init instead of moving the file.
This allows initrd_builder.sh to be run repeatedly on the same rootfs.
Fixes: #130
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The image_builder.sh script must be run as root. The following check is
performed before the script checks for root:
[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \
die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS}
use AGENT_BIN env variable to change the expected agent binary name"
The -x test is "True if the file is executable by you". It may evaluate
to true as root and false as non-root, depending on the file
permissions.
The permissions for kata-agent given in the Developer Guide are 0550
(https://github.com/kata-containers/documentation/blob/master/Developer-Guide.md#add-a-custom-agent-to-the-image---optional).
Therefore image_builder.sh fails with "/usr/bin/${AGENT_BIN} is not
installed" when run as non-root. This is confusing since the agent
binary is really installed!
Move the root check to the beginning of the script. This solves the
confusing error and prevents similar problems where the script doesn't
take into account that the user may be non-root.
Fixes: #127
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
proxy server must be specified in configuration file
of the package manager, /etc/yum.conf for yum or
/etc/dnf/dnf.conf for dnf
fixes#123
Signed-off-by: Julio Montes <julio.montes@intel.com>
The EulerOS repository servers can be a little slower to respond than
others. This can lead to timeout issues so move the EulerOS tests to
the end to give the other tests a chance to run.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The tests perform a lot of configuration and call other commands. Since
the tests are running under BATS, any "stdout pollution" results in the
test failing. This is too rigid for current purposes so convert the
BATS test into a `set -e` test. This will still fail if any command
fails, but does not impose the output pollution restriction. It also
makes debugging easier.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `kata-manger.sh` utility is changing its behaviour so that
`install-packages` *only* installs packages (no container manager).
Update the command to both install Docker and the packages.
Fixes#113.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
For now, mirrorlist doesn't support non-x86_64 arch, so we need
create baseurl for arm64. Furthermore, we also need to offer
arm64-specific gpg keys along with the regular key.
Fixes: #111
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If we set env USE_DOCKER true, we will use container as development
environment. After docker run command, this temporary container
would be no use. we could add -rm flag to automatically delete
intermediate container.
Fixes: #115
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
CentOS and some versions of Ubuntu do not provide
bats in their default repository. This change installs
bats from sources.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
`.ci/setup.sh` is using dnf instead of yum to install
centos dependencies. This fixes it to use yum.
Fixes: #104.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
After building the images, perform a very basic test by configuring
the runtime to use them and creating a container.
Fixes#97.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Remove the rootfs tree before attempting to generate one to avoid
picking up any stale information if the function is run multiple times.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Moved the variable specifying the path to the osbuilder metadata file
to the top of the script and made it readonly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Some of the globals were set as read-only variables whilst others
weren't. However, they can all be read-only.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
As the comment in the code showed, now that
https://github.com/kata-containers/osbuilder/issues/25 is fixed, it is
no longer necessary to specify an image size to the image builder as it
will auto-calculate it.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Don't default to a hard-coded Intel architecture - default to the host
architecture.
This requires the `coreutils` package to be installed both inside each
docker image (for `USE_DOCKER=true`) and in the host environments.
Added missing SPDX headers to `Dockerfile` templates to pacify the CI checks.
Fixes#100.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Building an image requires systemd to be installed in the rootfs as the
init daemon, so assert that systemd is available.
Updated tests so that alpine is only tested as an initrd (it cannot be
an image as it doesn't use systemd).
Added warning note about alpine to the docs.
Fixes#98.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Commit b8f1a68834 ("rootfs: Simplify
code") introduced a variable called destdir but accidentally used
dest_dir with cp(1) instead. This causes kernel modules to be copied to
the wrong location.
Rename the variable to dest_dir to be consistent with module_dir and
rootfs_dir variables used in this function.
Fixes: #94
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The `getopts` call in the rootfs builder was incorrect
meaning the `-a $agent_version` option would never have worked.
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
For now, the flag "-a" or relevant shell variant "${AGENT_VERSION}"
hasn't been used, only defined. Using 'git checkout' command to go
into requested branch.
Fixes: #90
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Added the extra packages the user requested to the summary file as
previously only the default packages were listed.
Fixes#92.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Current rootfs.sh fails when GOPATH is a set of directories.We
simply choose the first one as the working directory, as go get
only works against the first item in the GOPATH.
Fixes: #87
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
