mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-09-15 13:58:55 +00:00
70a84eca9e
For Confidential containers stack, the pause image is managed by host side, then it may configure a malicious pause image, we need package a pause image inside the rootfs and don't the pause image from host. But the installation of skopeo is not included in 20.04 release, so we can not directly install skopeo in rootfs and pull pause image. So I plan to let the task as a static build stuff, which would not be influenced by the system version in rootfs. And the pause image will be part of the Kata Containers rootfs that's used by the Confidential Containers usecase. This commit enables the component to be built both locally and in our CI environment with the command: make pause-image-tarball. Fixes: #9032 Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com> Co-authored-by: Fabiano Fidêncio <fabiano.fidencio@intel.com> Co-authored-by: Wang, Arron <arron.wang@intel.com> Co-authored-by: stevenhorsman <steven@uk.ibm.com> Co-authored-by: Jakob Naucke <jakob.naucke@ibm.com>
15 lines
295 B
Docker
15 lines
295 B
Docker
# Copyright (c) 2024 Intel
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
FROM ubuntu:22.04
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
|
RUN apt-get update && \
|
|
apt-get --no-install-recommends -y install \
|
|
ca-certificates \
|
|
curl \
|
|
umoci \
|
|
skopeo
|