osbuilder: Build Skopeo, umoci, attestation-agent

When the environment variable $SKOPEO_UMOCI is set to "yes", Skopeo and umoci are built inside the guest build container and installed to the guest rootfs. The respective build- and runtime dependencies are added. This respects the (existing) $LIBC variable (gnu/musl) and avoids issues with glibc mismatches. This is currently only supported for Ubuntu guests, as the system Golang packages included in the versions of other distros that we use are too old to build these packages, and re-enabling installing Golang from golang.org is cumbersome, given especially that it is unclear how long we will keep using Skopeo and umoci. Additionally, when the environment variable $AA_KBC is set, attestation-agent (with that KBC) is included. This replaces some logic in ccv0.sh that is removed. Fixes: #2907 Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
2025-12-17 14:24:27 +01:00 · 2021-10-26 16:41:53 +02:00
parent 9b34595ad0
commit 13f6418c46
7 changed files with 102 additions and 16 deletions
--- a/tools/osbuilder/scripts/lib.sh
+++ b/tools/osbuilder/scripts/lib.sh
@@ -219,6 +219,25 @@ ${extra}
 	  agent-is-init-daemon: "${AGENT_INIT}"
 EOT

+	if [ "${SKOPEO_UMOCI}" = "yes" ]; then
+		cat >> "${file}" <<-EOF
+	skopeo:
+	  url: "${skopeo_url}"
+	  version: "${skopeo_branch}"
+	umoci:
+	  url: "${umoci_url}"
+	  version: "${umoci_tag}"
+EOF
+	fi
+
+	if [ -n "${AA_KBC}" ]; then
+		cat >> "${file}" <<-EOF
+	attestation-agent:
+	  url: "${attestation_agent_url}"
+	  kbc: "${AA_KBC}"
+EOF
+	fi
+
 	local rootfs_file="${file_dir}/$(basename "${file}")"
 	info "Created summary file '${rootfs_file}' inside rootfs"
 }