aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2026-02-23 07:24:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

packaging: Allow passing a container builder to the scripts

Browse Source 
This, combined with the effort of caching builder images *and* only
performing the build itself inside the builder images, is the very first
step for reproducible builds for the project.

Reproducible builds are quite important when we talk about Confidential
Containers, as users may want to verify the content used / provided by
the CSPs, and this is the first step towards that direction.

Fixes: #5517

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
This commit is contained in:
Fabiano Fidêncio
2022-10-26 14:09:47 +02:00
parent 2ac01cac0d
commit 64009be3d7
8 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
View File

@@ -57,6 +57,13 @@ docker run \
--env KATA_BUILD_CC="${KATA_BUILD_CC:-}" \
--env INCLUDE_ROOTFS="$(realpath "${INCLUDE_ROOTFS:-}" 2> /dev/null || true)" \
--env PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-"no"}" \
--env INITRAMFS_CONTAINER_BUILDER="${INITRAMFS_CONTAINER_BUILDER:-}" \
--env KERNEL_CONTAINER_BUILDER="${KERNEL_CONTAINER_BUILDER:-}" \
--env OVMF_CONTAINER_BUILDER="${OVMF_CONTAINER_BUILDER:-}" \
--env QEMU_CONTAINER_BUILDER="${QEMU_CONTAINER_BUILDER:-}" \
--env SHIM_V2_CONTAINER_BUILDER="${SHIM_V2_CONTAINER_BUILDER:-}" \
--env TDSHIM_CONTAINER_BUILDER="${TDSHIM_CONTAINER_BUILDER:-}" \
--env VIRTIOFSD_CONTAINER_BUILDER="${VIRTIOFSD_CONTAINER_BUILDER:-}" \
-v "${kata_dir}:${kata_dir}" \
--rm \
-w ${script_dir} \

2
tools/packaging/static-build/initramfs/build.sh
View File

@@ -32,7 +32,7 @@ package_output_dir="${package_output_dir:-}"
[ -n "${lvm2_repo}" ] || die "Failed to get lvm2 repo"
[ -n "${lvm2_version}" ] || die "Failed to get lvm2 version"
container_image="${CC_BUILDER_REGISTRY}:initramfs-cryptsetup-${cryptsetup_version}-lvm2-${lvm2_version}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)"
container_image="${INITRAMFS_CONTAINER_BUILDER:-${CC_BUILDER_REGISTRY}:initramfs-cryptsetup-${cryptsetup_version}-lvm2-${lvm2_version}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}"
sudo docker pull ${container_image} || (sudo docker build \
--build-arg cryptsetup_repo="${cryptsetup_repo}" \

2
tools/packaging/static-build/kernel/build.sh
View File

@@ -16,7 +16,7 @@ source "${script_dir}/../../scripts/lib.sh"
DESTDIR=${DESTDIR:-${PWD}}
PREFIX=${PREFIX:-/opt/kata}
container_image="${CC_BUILDER_REGISTRY}:kernel-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)"
container_image="${KERNEL_CONTAINER_BUILDER:-${CC_BUILDER_REGISTRY}:kernel-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}"
sudo docker pull ${container_image} || \
(sudo docker build -t "${container_image}" "${script_dir}" && \

2
tools/packaging/static-build/ovmf/build.sh
View File

@@ -16,7 +16,7 @@ source "${script_dir}/../../scripts/lib.sh"
DESTDIR=${DESTDIR:-${PWD}}
PREFIX=${PREFIX:-/opt/kata}
container_image="${CC_BUILDER_REGISTRY}:ovmf-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)"
container_image="${OVMF_CONTAINER_BUILDER:-${CC_BUILDER_REGISTRY}:ovmf-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}"
ovmf_build="${ovmf_build:-x86_64}"
kata_version="${kata_version:-}"
ovmf_repo="${ovmf_repo:-}"

2
tools/packaging/static-build/qemu/build-base-qemu.sh
View File

@@ -39,7 +39,7 @@ CACHE_TIMEOUT=$(date +"%Y-%m-%d")
[ -n "${build_suffix}" ] && HYPERVISOR_NAME="kata-qemu-${build_suffix}" || HYPERVISOR_NAME="kata-qemu"
[ -n "${build_suffix}" ] && PKGVERSION="kata-static-${build_suffix}" || PKGVERSION="kata-static"
container_image="${CC_BUILDER_REGISTRY}:qemu-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)"
container_image="${QEMU_CONTAINER_BUILDER:-${CC_BUILDER_REGISTRY}:qemu-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}"
sudo docker pull ${container_image} || \
(sudo "${container_engine}" build \

2
tools/packaging/static-build/shim-v2/build.sh
View File

@@ -19,7 +19,7 @@ RUST_VERSION=${RUST_VERSION:-}
DESTDIR=${DESTDIR:-${PWD}}
PREFIX=${PREFIX:-/opt/kata}
container_image="${CC_BUILDER_REGISTRY}:shim-v2-go-${GO_VERSION}-rust-${RUST_VERSION}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)"
container_image="${SHIM_V2_CONTAINER_BUILDER:-${CC_BUILDER_REGISTRY}:shim-v2-go-${GO_VERSION}-rust-${RUST_VERSION}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}"
EXTRA_OPTS="${EXTRA_OPTS:-""}"
REMOVE_VMM_CONFIGS="${REMOVE_VMM_CONFIGS:-""}"

2
tools/packaging/static-build/td-shim/build.sh
View File

@@ -30,7 +30,7 @@ package_output_dir="${package_output_dir:-}"
[ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit"
[ -n "${tdshim_toolchain}" ] || die "Failed to get TD-shim toolchain to be used to build the project"
container_image="${CC_BUILDER_REGISTRY}:td-shim-${tdshim_toolchain}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)"
container_image="${TDSHIM_CONTAINER_BUILDER:-${CC_BUILDER_REGISTRY}:td-shim-${tdshim_toolchain}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}"
sudo docker pull ${container_image} || \
(sudo docker build \

2
tools/packaging/static-build/virtiofsd/build.sh
View File

@@ -49,7 +49,7 @@ case ${ARCH} in
;;
esac
container_image="${CC_BUILDER_REGISTRY}:virtiofsd-${virtiofsd_toolchain}-${libc}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)"
container_image="${VIRTIOFSD_CONTAINER_BUILDER:-${CC_BUILDER_REGISTRY}:virtiofsd-${virtiofsd_toolchain}-${libc}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}"
sudo docker pull ${container_image} || \
(sudo docker build \