aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2025-12-18 14:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

CCv0|osbuilder: add EAA KBC into ubuntu rootfs

Browse Source 
Integrate EAA KBC into ubuntu rootfs image.
Fix build failure if build with AA_KBC=eaa_kbc option.

Fixes: #3167
Signed-off-by: zhouliang121 <liang.a.zhou@linux.alibaba.com>
This commit is contained in:
zhouliang121
2021-11-25 17:57:25 +08:00
parent 7c41af4082
commit 365acda643
5 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@@ -681,7 +681,12 @@ EOT
pushd attestation-agent pushd attestation-agent
source "${HOME}/.cargo/env" source "${HOME}/.cargo/env"
target="${ARCH}-unknown-linux-${LIBC}" target="${ARCH}-unknown-linux-${LIBC}"
cargo build --release --target "${target}" --no-default-features --features "${AA_KBC}" if [ "${AA_KBC}" == "eaa_kbc" ] && [ "${ARCH}" == "x86_64" ]; then
AA_RUSTFLAG="-C link-args=-Wl,-rpath,/usr/local/lib/rats-tls"
# Currently eaa_kbc module only support this specific platform
target="x86_64-unknown-linux-gnu"
fi
RUSTFLAGS=${AA_RUSTFLAG} cargo build --release --target "${target}" --no-default-features --features "${AA_KBC}"
install -o root -g root -m 0755 "target/${target}/release/attestation-agent" "${ROOTFS_DIR}/usr/local/bin/" install -o root -g root -m 0755 "target/${target}/release/attestation-agent" "${ROOTFS_DIR}/usr/local/bin/"
popd popd
fi fi

1
tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in
View File

@@ -48,3 +48,4 @@ RUN apt-get update && apt-get --no-install-recommends install -y \
# This will install the proper packages to build Kata components # This will install the proper packages to build Kata components
@INSTALL_RUST@ @INSTALL_RUST@
@INSTALL_AA_KBC@

9
tools/osbuilder/rootfs-builder/ubuntu/config.sh
View File

@@ -33,3 +33,12 @@ ARCH_EXCLUDE_LIST=()
[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2" || true [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2" || true
[ -n "$SKOPEO_UMOCI" ] && PACKAGES+=" ca-certificates libgpgme11" || true [ -n "$SKOPEO_UMOCI" ] && PACKAGES+=" ca-certificates libgpgme11" || true
if [ "${AA_KBC}" == "eaa_kbc" ] && [ "${ARCH}" == "x86_64" ]; then
AA_KBC_EXTRAS="
RUN echo 'deb [arch=amd64] http://mirrors.openanolis.cn/inclavare-containers/ubuntu20.04 bionic main' \| tee /etc/apt/sources.list.d/inclavare-containers.list; \
wget -qO - http://mirrors.openanolis.cn/inclavare-containers/ubuntu20.04/DEB-GPG-KEY.key \| apt-key add -; \
apt-get update; \
apt-get install -y rats-tls
"
fi

9
tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh
View File

@@ -75,4 +75,13 @@ build_rootfs() {
# Reduce image size and memory footprint # Reduce image size and memory footprint
# removing not needed files and directories. # removing not needed files and directories.
chroot $ROOTFS_DIR rm -rf /usr/share/{bash-completion,bug,doc,info,lintian,locale,man,menu,misc,pixmaps,terminfo,zoneinfo,zsh} chroot $ROOTFS_DIR rm -rf /usr/share/{bash-completion,bug,doc,info,lintian,locale,man,menu,misc,pixmaps,terminfo,zoneinfo,zsh}
if [ "${AA_KBC}" == "eaa_kbc" ] && [ "${ARCH}" == "x86_64" ]; then
wget -qO - http://mirrors.openanolis.cn/inclavare-containers/ubuntu20.04/DEB-GPG-KEY.key | chroot $ROOTFS_DIR apt-key add -
cat << EOF | chroot $ROOTFS_DIR
echo 'deb [arch=amd64] http://mirrors.openanolis.cn/inclavare-containers/ubuntu20.04 bionic main' | tee /etc/apt/sources.list.d/inclavare-containers.list
apt-get update
apt-get install -y rats-tls
EOF
fi
} }

1
tools/osbuilder/scripts/lib.sh
View File

@@ -349,6 +349,7 @@ RUN ln -sf /usr/bin/g++ /bin/musl-g++
-e "s|@INSTALL_MUSL@|${install_musl//$'\n'/\\n}|g" \ -e "s|@INSTALL_MUSL@|${install_musl//$'\n'/\\n}|g" \
-e "s|@INSTALL_RUST@|${install_rust//$'\n'/\\n}|g" \ -e "s|@INSTALL_RUST@|${install_rust//$'\n'/\\n}|g" \
-e "s|@SET_PROXY@|${set_proxy:-}|g" \ -e "s|@SET_PROXY@|${set_proxy:-}|g" \
-e "s|@INSTALL_AA_KBC@|${AA_KBC_EXTRAS//$'\n'/\\n}|g" \
"${dockerfile_template}" > Dockerfile "${dockerfile_template}" > Dockerfile
fi fi
popd popd