tests: Use multiple CPUs for image layer storage

Use multiple CPUs for the image layer storage test. The purpose is to
ensure guest-pull using the container image layer storage functionality
with integrity-protected encryption works (writes to
/dev/trusted_store will be multi-threaded).

Signed-off-by: Manuel Huber <manuelh@nvidia.com>

.github/workflows/build-kata-static-tarball-amd64.yaml

@@ -168,8 +168,6 @@ jobs:
           - rootfs-image-nvidia-gpu-confidential
           - rootfs-initrd
           - rootfs-initrd-confidential
-          - rootfs-initrd-nvidia-gpu
-          - rootfs-initrd-nvidia-gpu-confidential
     steps:
       - name: Login to Kata Containers quay.io
         if: ${{ inputs.push-to-registry == 'yes' }}

.github/workflows/build-kata-static-tarball-arm64.yaml

@@ -152,7 +152,6 @@ jobs:
           - rootfs-image
           - rootfs-image-nvidia-gpu
           - rootfs-initrd
-          - rootfs-initrd-nvidia-gpu
     steps:
       - name: Login to Kata Containers quay.io
         if: ${{ inputs.push-to-registry == 'yes' }}

rust-toolchain.toml

@@ -1,3 +1,3 @@
 [toolchain]
 # Keep in sync with versions.yaml
-channel = "1.91"
+channel = "1.92"

src/agent/src/namespace.rs

@@ -110,8 +110,10 @@ impl Namespace {
 
                 unshare(cf)?;
 
-                if ns_type == NamespaceType::Uts && hostname.is_some() {
-                    nix::unistd::sethostname(hostname.unwrap())?;
+                if ns_type == NamespaceType::Uts {
+                    if let Some(host) = hostname {
+                        nix::unistd::sethostname(host)?;
+                    }
                 }
                 // Bind mount the new namespace from the current thread onto the mount point to persist it.
 

src/runtime/Makefile

@@ -65,8 +65,6 @@ INITRDCONFIDENTIALNAME = $(PROJECT_TAG)-initrd-confidential.img
 
 IMAGENAME_NV = $(PROJECT_TAG)-nvidia-gpu.img
 IMAGENAME_CONFIDENTIAL_NV = $(PROJECT_TAG)-nvidia-gpu-confidential.img
-INITRDNAME_NV = $(PROJECT_TAG)-initrd-nvidia-gpu.img
-INITRDNAME_CONFIDENTIAL_NV = $(PROJECT_TAG)-initrd-nvidia-gpu-confidential.img
 
 TARGET = $(BIN_PREFIX)-runtime
 RUNTIME_OUTPUT = $(CURDIR)/$(TARGET)
@@ -136,8 +134,6 @@ INITRDCONFIDENTIALPATH := $(PKGDATADIR)/$(INITRDCONFIDENTIALNAME)
 
 IMAGEPATH_NV := $(PKGDATADIR)/$(IMAGENAME_NV)
 IMAGEPATH_CONFIDENTIAL_NV := $(PKGDATADIR)/$(IMAGENAME_CONFIDENTIAL_NV)
-INITRDPATH_NV := $(PKGDATADIR)/$(INITRDNAME_NV)
-INITRDPATH_CONFIDENTIAL_NV := $(PKGDATADIR)/$(INITRDNAME_CONFIDENTIAL_NV)
 
 ROOTFSTYPE_EXT4 := \"ext4\"
 ROOTFSTYPE_XFS := \"xfs\"
@@ -656,10 +652,6 @@ USER_VARS += IMAGENAME_NV
 USER_VARS += IMAGENAME_CONFIDENTIAL_NV
 USER_VARS += IMAGEPATH_NV
 USER_VARS += IMAGEPATH_CONFIDENTIAL_NV
-USER_VARS += INITRDNAME_NV
-USER_VARS += INITRDNAME_CONFIDENTIAL_NV
-USER_VARS += INITRDPATH_NV
-USER_VARS += INITRDPATH_CONFIDENTIAL_NV
 USER_VARS += KERNELNAME_NV
 USER_VARS += KERNELPATH_NV
 USER_VARS += KERNELNAME_CONFIDENTIAL_NV

src/tools/genpolicy/genpolicy-settings.json

@@ -173,7 +173,7 @@
                 "encryption_key=ephemeral"
             ],
             "source": "",
-            "mount_point": "^$(spath)/$(b64_device_id)$",
+            "mount_point": "$(spath)/$(b64_device_id)",
             "fstype": "ext4",
             "options": [],
             "shared": true

src/tools/genpolicy/rules.rego

@@ -1306,6 +1306,7 @@ allow_storage_source(p_storage, i_storage, bundle_id) if {
 allow_storage_options(p_storage, i_storage) if {
     print("allow_storage_options 1: start")
 
+    p_storage.driver != "blk"
     p_storage.driver != "overlayfs"
     p_storage.options == i_storage.options
 
@@ -1389,7 +1390,7 @@ allow_mount_point_by_device_id(p_storage, i_storage) if {
     mount3 := replace(mount2, "$(b64_device_id)", base64url.encode(i_storage.source))
     print("allow_mount_point_by_device_id: mount3 =", mount3)
 
-    regex.match(mount3, i_storage.mount_point)
+    mount3 == i_storage.mount_point
 
     print("allow_mount_point_by_device_id: true")
 }

src/tools/genpolicy/src/mount_and_storage.rs

@@ -168,10 +168,10 @@ fn get_empty_dir_mount_and_storage(
             source: settings_empty_dir.source.clone(),
             fstype: settings_empty_dir.fstype.clone(),
             options,
-            mount_point: if settings_empty_dir.mount_point.ends_with('$') {
-                settings_empty_dir.mount_point.clone()
-            } else {
+            mount_point: if settings_empty_dir.mount_point.ends_with('/') {
                 format!("{}{}$", &settings_empty_dir.mount_point, &yaml_mount.name)
+            } else {
+                settings_empty_dir.mount_point.clone()
             },
             fs_group: protobuf::MessageField::none(),
             shared: settings_empty_dir.shared,

src/tools/kata-ctl/Cargo.lock

@@ -1232,9 +1232,9 @@ dependencies = [
 
 [[package]]
 name = "futures-channel"
-version = "0.3.29"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff4dd66668b557604244583e3e1e1eada8c5c2e96a6d0d6653ede395b78bbacb"
+checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
 dependencies = [
  "futures-core",
  "futures-sink",
@@ -1242,9 +1242,9 @@ dependencies = [
 
 [[package]]
 name = "futures-core"
-version = "0.3.31"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
+checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d"
 
 [[package]]
 name = "futures-executor"
@@ -1259,9 +1259,9 @@ dependencies = [
 
 [[package]]
 name = "futures-io"
-version = "0.3.29"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa"
+checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718"
 
 [[package]]
 name = "futures-lite"
@@ -1278,9 +1278,9 @@ dependencies = [
 
 [[package]]
 name = "futures-macro"
-version = "0.3.29"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "53b153fd91e4b0147f4aced87be237c98248656bb01050b96bf3ee89220a8ddb"
+checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1289,21 +1289,27 @@ dependencies = [
 
 [[package]]
 name = "futures-sink"
-version = "0.3.29"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e36d3378ee38c2a36ad710c5d30c2911d752cb941c00c72dbabfb786a7970817"
+checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893"
 
 [[package]]
 name = "futures-task"
-version = "0.3.29"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "efd193069b0ddadc69c46389b740bbccdd97203899b48d09c5f7969591d6bae2"
+checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
+
+[[package]]
+name = "futures-timer"
+version = "3.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24"
 
 [[package]]
 name = "futures-util"
-version = "0.3.29"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a19526d624e703a3179b3d322efec918b6246ea0fa51d41124525f00f1cc8104"
+checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6"
 dependencies = [
  "futures-channel",
  "futures-core",
@@ -1313,7 +1319,6 @@ dependencies = [
  "futures-task",
  "memchr",
  "pin-project-lite",
- "pin-utils",
  "slab",
 ]
 
@@ -1885,6 +1890,7 @@ dependencies = [
  "quick-xml",
  "reqwest",
  "ron",
+ "rstest",
  "semver",
  "serde",
  "serde_json",
@@ -3144,6 +3150,12 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
 
+[[package]]
+name = "relative-path"
+version = "1.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba39f3699c378cd8970968dcbff9c43159ea4cfbd88d43c00b22f2ef10a435d2"
+
 [[package]]
 name = "rend"
 version = "0.4.2"
@@ -3292,6 +3304,35 @@ dependencies = [
  "serde_derive",
 ]
 
+[[package]]
+name = "rstest"
+version = "0.26.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f5a3193c063baaa2a95a33f03035c8a72b83d97a54916055ba22d35ed3839d49"
+dependencies = [
+ "futures-timer",
+ "futures-util",
+ "rstest_macros",
+]
+
+[[package]]
+name = "rstest_macros"
+version = "0.26.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c845311f0ff7951c5506121a9ad75aec44d083c31583b2ea5a30bcb0b0abba0"
+dependencies = [
+ "cfg-if 1.0.0",
+ "glob",
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "relative-path",
+ "rustc_version",
+ "syn 2.0.87",
+ "unicode-ident",
+]
+
 [[package]]
 name = "rtnetlink"
 version = "0.19.0"
@@ -3351,6 +3392,15 @@ version = "0.1.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace"
 
+[[package]]
+name = "rustc_version"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92"
+dependencies = [
+ "semver",
+]
+
 [[package]]
 name = "rustix"
 version = "0.38.25"
@@ -4414,9 +4464,9 @@ dependencies = [
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.12"
+version = "1.0.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
+checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75"
 
 [[package]]
 name = "unicode-segmentation"

src/tools/kata-ctl/Cargo.toml

@@ -57,6 +57,7 @@ quick-xml = { version = "0.28", features = ["serialize"] }
 csv = "1.2"
 serde_with = "2.3"
 chrono = { version = "0.4", features = ["serde"] }
+rstest = "0.26.1"
 
 [target.'cfg(target_arch = "s390x")'.dependencies]
 reqwest = { version = "0.11", default-features = false, features = [

src/tools/kata-ctl/src/args.rs

@@ -78,10 +78,9 @@ pub enum Commands {
 }
 
 #[derive(Debug, Args, Error)]
-#[error("Argument is not valid")]
+#[error("Argument is not valid: {command:?}")]
 pub struct CheckArgument {
     #[clap(subcommand)]
-    #[allow(unused_assignments)]
     pub command: CheckSubCommand,
 }
 

src/tools/kata-ctl/src/ops/volume_ops.rs

@@ -157,10 +157,12 @@ pub fn get_sandbox_id_for_volume(volume_path: &str) -> Result<String> {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use anyhow::anyhow;
     use kata_types::mount::DirectVolumeMountInfo;
+    use rstest::{fixture, rstest};
     use serial_test::serial;
-    use std::{collections::HashMap, fs, path::PathBuf};
-    use tempfile::tempdir;
+    use std::{collections::HashMap, fs};
+    use tempfile::{tempdir, TempDir};
     use test_utils::skip_if_not_root;
 
     #[test]
@@ -195,61 +197,38 @@ mod tests {
         fs::remove_dir_all(&joined_volume_path).expect("failed to cleanup test")
     }
 
-    #[test]
-    fn test_path_join() {
-        #[derive(Debug)]
-        struct TestData<'a> {
-            rootfs: &'a str,
-            volume_path: &'a str,
-            result: Result<PathBuf>,
-        }
-        // the safe_path::scoped_join requires the prefix path to exist on testing machine
-        let root_fs = tempdir().expect("failed to create tmpdir").into_path();
-        let root_fs_str = root_fs.to_str().unwrap();
+    #[fixture]
+    fn root_fs() -> TempDir {
+        tempdir().expect("failed to create tmpdir")
+    }
 
-        let relative_secret_path = "../../etc/passwd";
-        let b64_relative_secret_path =
-            base64::encode_config(relative_secret_path, base64::URL_SAFE);
+    #[rstest]
+    #[case::relative_secret_path("../../etc/passwd", "Li4vLi4vZXRjL3Bhc3N3ZA==")] // "Li4vLi4vZXRjL3Bhc3N3ZA==" is b64 encoded url of "../../etc/passwd"
+    #[case::byte_array_path("abcdddd", "YWJjZGRkZA==")] // "YWJjZGRkZA==" is the b64 url encoded string of "abcdddd"
+    fn test_path_join(
+        root_fs: TempDir,
+        #[case] volume_path: &str,
+        #[case] expected_encoded_path: &str,
+    ) {
+        let root_str = root_fs.path().to_str().unwrap();
 
-        // byte array of "abcdddd"
-        let b64_abs_path = vec![97, 98, 99, 100, 100, 100, 100];
-        // b64urlencoded string of "abcdddd"
-        let b64urlencodes_relative_path = "YWJjZGRkZA==";
+        let result = join_path(root_str, volume_path).expect("Should return Ok for valid paths");
 
-        let tests = &[
-            TestData {
-                rootfs: root_fs_str,
-                volume_path: "",
-                result: Err(anyhow!(std::io::ErrorKind::NotFound)),
-            },
-            TestData {
-                rootfs: root_fs_str,
-                volume_path: relative_secret_path,
-                result: Ok(root_fs.join(b64_relative_secret_path)),
-            },
-            TestData {
-                rootfs: root_fs_str,
-                volume_path: unsafe { std::str::from_utf8_unchecked(&b64_abs_path) },
-                result: Ok(root_fs.join(b64urlencodes_relative_path)),
-            },
-        ];
+        let expected = root_fs.path().join(expected_encoded_path);
+        assert_eq!(result, expected);
+    }
 
-        for (i, d) in tests.iter().enumerate() {
-            let msg = format!("test[{i}]: {d:?}");
-            let result = join_path(d.rootfs, d.volume_path);
-            let msg = format!("{msg}, result: {result:?}");
-            if result.is_ok() {
-                assert!(
-                    result.as_ref().unwrap() == d.result.as_ref().unwrap(),
-                    "{}",
-                    msg
-                );
-                continue;
-            }
-            let expected_error = format!("{}", d.result.as_ref().unwrap_err());
-            let actual_error = format!("{}", result.unwrap_err());
-            assert!(actual_error == expected_error, "{}", msg);
-        }
+    #[rstest]
+    fn test_path_join_empty_path_error(root_fs: TempDir) {
+        let root_str = root_fs.path().to_str().unwrap();
+
+        let result = join_path(root_str, "");
+
+        let err = result.expect_err("Should fail for empty volume_path");
+        assert_eq!(
+            err.to_string(),
+            anyhow!(std::io::ErrorKind::NotFound).to_string()
+        );
     }
 
     #[test]

tests/integration/kubernetes/runtimeclass_workloads/pod-guest-pull-in-trusted-storage.yaml.in

@@ -28,6 +28,9 @@ spec:
       command: ["/bin/sh", "-c"]
       args:
         - sleep 6000
+      resources:
+        limits:
+          cpu: "4"
       volumeDevices:
         - devicePath: /dev/trusted_store
           name: trusted-storage

tests/static-checks.sh

@@ -103,6 +103,7 @@ long_options=(
 	[no-arch]="Run/list all tests except architecture-specific ones"
 	[only-arch]="Only run/list architecture-specific tests"
 	[repo:]="Specify GitHub URL of repo to use (github.com/user/repo)"
+	[repo-path:]="Specify path to repository to check (default: \$GOPATH/src/\$repo)"
 	[scripts]="Check script files"
 	[vendor]="Check vendor files"
 	[versions]="Check versions files"
@@ -596,19 +597,6 @@ check_url()
 		local curl_ua_args
 		[ -n "$user_agent" ] && curl_ua_args="-A '$user_agent'"
 
-		{ run_url_check_cmd "$url" "$curl_out" "$curl_ua_args"; ret=$?; } || true
-
-		# A transitory error, or the URL is incorrect,
-		# but capture either way.
-		if [ "$ret" -ne 0 ]; then
-			errors+=("Failed to check URL '$url' (user agent: '$user_agent', return code $ret)")
-
-			# Try again with another UA since it appears that some return codes
-			# indicate the server was unhappy with the details
-			# presented by the client.
-			continue
-		fi
-
 		local http_statuses
 
 		http_statuses=$(grep -E "^HTTP" "$curl_out" |\
@@ -798,111 +786,13 @@ static_check_docs()
 	# Convert the list of files into an grep(1) alternation pattern.
 	exclude_pattern=$(echo "${exclude_doc_regexs[@]}"|sed 's, ,|,g')
 
-	# Every document in the repo (except a small handful of exceptions)
-	# should be referenced by another document.
-	for doc in $md_docs_to_check
-	do
-		# Check the ignore list for markdown files that do not need to
-		# be referenced by others.
-		echo "$doc"|grep -q -E "(${exclude_pattern})" && continue
-
-		grep -q "$doc" "$md_links" || die "Document $doc is not referenced"
-	done
-
 	info "Checking document code blocks"
 
 	local doc_to_script_cmd="${cidir}/kata-doc-to-script.sh"
 
-	for doc in $docs
-	do
-		bash "${doc_to_script_cmd}" -csv "$doc"
-
-		# Look for URLs in the document
-		urls=$("${doc_to_script_cmd}" -i "$doc" - | "$cmd")
-
-		# Gather URLs
-		for url in $urls
-		do
-			printf "%s\t%s\n" "${url}" "${doc}" >> "$url_map"
-		done
-	done
-
-	# Get unique list of URLs
-	urls=$(awk '{print $1}' "$url_map" | sort -u)
-
-	info "Checking all document URLs"
-	local invalid_urls_dir=$(mktemp -d)
-	files_to_remove+=("${invalid_urls_dir}")
-
-	for url in $urls
-	do
-		if [ "$specific_branch" != "true" ]
-		then
-			# If the URL is new on this PR, it cannot be checked.
-			echo "$new_urls" | grep -q -E "\<${url}\>" && \
-				info "ignoring new (but correct) URL: $url" && continue
-		fi
-
-		# Ignore local URLs. The only time these are used is in
-		# examples (meaning these URLs won't exist).
-		echo "$url" | grep -q "^file://" && continue
-		echo "$url" | grep -q "^http://localhost" && continue
-
-		# Ignore the install guide URLs that contain a shell variable
-		echo "$url" | grep -q "\\$" && continue
-
-		# This prefix requires the client to be logged in to github, so ignore
-		echo "$url" | grep -q 'https://github.com/pulls' && continue
-
-		# Sigh.
-		echo "$url"|grep -q 'https://example.com' && continue
-
-		# Google APIs typically require an auth token.
-		echo "$url"|grep -q 'https://www.googleapis.com' && continue
-
-		# Git repo URL check
-		if echo "$url"|grep -q '^https.*git'
-		then
-			timeout "${KATA_NET_TIMEOUT}" git ls-remote "$url" > /dev/null 2>&1 && continue
-		fi
-
-		# Check the URL, saving it if invalid
-		#
-		# Each URL is checked in a separate process as each unique URL
-		# requires us to hit the network.
-		check_url "$url" "$invalid_urls_dir" &
-	done
-
 	# Synchronisation point
 	wait
 
-	# Combine all the separate invalid URL files into one
-	local invalid_files=$(ls "$invalid_urls_dir")
-
-	if [ -n "$invalid_files" ]; then
-		pushd "$invalid_urls_dir" &>/dev/null
-		cat $(echo "$invalid_files"|tr '\n' ' ') > "$invalid_urls"
-		popd &>/dev/null
-	fi
-
-	if [ -s "$invalid_urls" ]
-	then
-		local files
-
-		cat "$invalid_urls" | while read url
-		do
-			files=$(grep "^${url}" "$url_map" | awk '{print $2}' | sort -u)
-			echo >&2 -e "ERROR: Invalid URL '$url' found in the following files:\n"
-
-			for file in $files
-			do
-				echo >&2 "$file"
-			done
-		done
-
-		exit 1
-	fi
-
 	# Now, spell check the docs
 	cmd="${test_dir}/cmd/check-spelling/kata-spell-check.sh"
 
@@ -1516,6 +1406,8 @@ main()
 
 	local func=
 
+	repo_path=""
+
 	while [ $# -gt 1 ]
 	do
 		case "$1" in
@@ -1536,6 +1428,7 @@ main()
 			--only-arch) handle_funcs="arch-specific" ;;
 			--rego) func=static_check_rego ;;
 			--repo) repo="$2"; shift ;;
+			--repo-path) repo_path="$2"; shift ;;
 			--scripts) func=static_check_shell ;;
 			--vendor) func=static_check_vendor;;
 			--versions) func=static_check_versions ;;
@@ -1568,7 +1461,10 @@ main()
 	test_path="${test_path:-"${repo}/tests"}"
 	test_dir="${GOPATH}/src/${test_path}"
 
-	repo_path=$GOPATH/src/$repo
+	if [ -z "$repo_path" ]
+	then
+		repo_path=$GOPATH/src/$repo
+	fi
 
 	announce
 

tools/packaging/kata-deploy/local-build/Makefile

@@ -191,15 +191,9 @@ rootfs-initrd-tarball: agent-tarball
 rootfs-image-nvidia-gpu-tarball: agent-tarball busybox-tarball kernel-nvidia-gpu-tarball
 	${MAKE} $@-build
 
-rootfs-initrd-nvidia-gpu-tarball: agent-tarball busybox-tarball kernel-nvidia-gpu-tarball
-	${MAKE} $@-build
-
 rootfs-image-nvidia-gpu-confidential-tarball: agent-tarball busybox-tarball pause-image-tarball coco-guest-components-tarball kernel-nvidia-gpu-tarball
 	${MAKE} $@-build
 
-rootfs-initrd-nvidia-gpu-confidential-tarball: agent-tarball busybox-tarball pause-image-tarball coco-guest-components-tarball kernel-nvidia-gpu-tarball
-	${MAKE} $@-build
-
 rootfs-cca-confidential-image-tarball: agent-tarball pause-image-tarball coco-guest-components-tarball kernel-cca-confidential-tarball
 	${MAKE} $@-build
 

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -607,16 +607,6 @@ install_image_nvidia_gpu() {
 	install_image "nvidia-gpu"
 }
 
-# Install NVIDIA GPU initrd
-install_initrd_nvidia_gpu() {
-	export AGENT_POLICY
-	export MEASURED_ROOTFS="no"
-	local version=$(get_from_kata_deps .externals.nvidia.driver.version)
-	EXTRA_PKGS="apt curl ${EXTRA_PKGS}"
-	NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"driver=${version},compute,dcgm,nvswitch"}
-	install_initrd "nvidia-gpu"
-}
-
 # Instal NVIDIA GPU confidential image
 install_image_nvidia_gpu_confidential() {
 	export CONFIDENTIAL_GUEST="yes"
@@ -628,18 +618,6 @@ install_image_nvidia_gpu_confidential() {
 	install_image "nvidia-gpu-confidential"
 }
 
-# Install NVIDIA GPU confidential initrd
-install_initrd_nvidia_gpu_confidential() {
-	export CONFIDENTIAL_GUEST="yes"
-	export AGENT_POLICY
-	export MEASURED_ROOTFS="no"
-	local version=$(get_from_kata_deps .externals.nvidia.driver.version)
-	EXTRA_PKGS="apt curl ${EXTRA_PKGS}"
-	NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-"driver=${version},compute,dcgm,nvswitch"}
-	install_initrd "nvidia-gpu-confidential"
-}
-
-
 install_se_image() {
 	info "Create IBM SE image configured with AA_KBC=${AA_KBC}"
 	"${se_image_builder}" --destdir="${destdir}"
@@ -1383,12 +1361,8 @@ handle_build() {
 
 	rootfs-image-nvidia-gpu) install_image_nvidia_gpu ;;
 
-	rootfs-initrd-nvidia-gpu) install_initrd_nvidia_gpu ;;
-
 	rootfs-image-nvidia-gpu-confidential) install_image_nvidia_gpu_confidential ;;
 
-	rootfs-initrd-nvidia-gpu-confidential) install_initrd_nvidia_gpu_confidential ;;
-
 	rootfs-cca-confidential-image) install_image_confidential ;;
 
 	rootfs-cca-confidential-initrd) install_initrd_confidential ;;

tools/testing/gatekeeper/required-tests.yaml

@@ -19,6 +19,8 @@ paths:
   - "^ci/openshift-ci/": []
   - "^\\.github/workflows/static-checks": ["static"]
   - "^\\.github/workflows/": []
+  - "^docs/": ["static"]
+  - "^mkdocs\\.yaml$": ["static"]
   - "\\.md$": ["static"]
   # TODO: Expand filters
   # Sources

versions.yaml

@@ -479,12 +479,12 @@ languages:
     description: "Rust language"
     notes: "'version' is the default minimum version used by this project."
     # Keep in sync with rust-toolchain.toml
-    version: "1.91"
+    version: "1.92"
     meta:
       description: |
         'newest-version' is the latest version known to work when
         building Kata
-      newest-version: "1.91"
+      newest-version: "1.92"
 
   golangci-lint:
     description: "golangci-lint"