From 365acda6437304b2fa72943a5062b168eb6b3a11 Mon Sep 17 00:00:00 2001
From: zhouliang121 <liang.a.zhou@linux.alibaba.com>
Date: Thu, 25 Nov 2021 17:57:25 +0800
Subject: [PATCH] CCv0|osbuilder: add EAA KBC into ubuntu rootfs

Integrate EAA KBC into ubuntu rootfs image.
Fix build failure if build with AA_KBC=eaa_kbc option.

Fixes: #3167
Signed-off-by: zhouliang121 <liang.a.zhou@linux.alibaba.com>
---
 tools/osbuilder/rootfs-builder/rootfs.sh            | 7 ++++++-
 tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in | 1 +
 tools/osbuilder/rootfs-builder/ubuntu/config.sh     | 9 +++++++++
 tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh | 9 +++++++++
 tools/osbuilder/scripts/lib.sh                      | 1 +
 5 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh
index 957a87b42..3f2ba4d88 100755
--- a/tools/osbuilder/rootfs-builder/rootfs.sh
+++ b/tools/osbuilder/rootfs-builder/rootfs.sh
@@ -681,7 +681,12 @@ EOT
 		pushd attestation-agent
 		source "${HOME}/.cargo/env"
 		target="${ARCH}-unknown-linux-${LIBC}"
-		cargo build --release --target "${target}" --no-default-features --features "${AA_KBC}"
+		if [ "${AA_KBC}" == "eaa_kbc" ] && [ "${ARCH}" == "x86_64" ]; then
+			AA_RUSTFLAG="-C link-args=-Wl,-rpath,/usr/local/lib/rats-tls"
+			# Currently eaa_kbc module only support this specific platform
+			target="x86_64-unknown-linux-gnu"
+		fi
+		RUSTFLAGS=${AA_RUSTFLAG} cargo build --release --target "${target}" --no-default-features --features "${AA_KBC}"
 		install -o root -g root -m 0755 "target/${target}/release/attestation-agent" "${ROOTFS_DIR}/usr/local/bin/"
 		popd
 	fi
diff --git a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in
index 50f164043..f5acbac4e 100644
--- a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in
+++ b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in
@@ -48,3 +48,4 @@ RUN apt-get update && apt-get --no-install-recommends install -y \
 
 # This will install the proper packages to build Kata components
 @INSTALL_RUST@
+@INSTALL_AA_KBC@
diff --git a/tools/osbuilder/rootfs-builder/ubuntu/config.sh b/tools/osbuilder/rootfs-builder/ubuntu/config.sh
index d98cf9462..5d3160bcf 100644
--- a/tools/osbuilder/rootfs-builder/ubuntu/config.sh
+++ b/tools/osbuilder/rootfs-builder/ubuntu/config.sh
@@ -33,3 +33,12 @@ ARCH_EXCLUDE_LIST=()
 
 [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2" || true
 [ -n "$SKOPEO_UMOCI" ] && PACKAGES+=" ca-certificates libgpgme11" || true
+
+if [ "${AA_KBC}" == "eaa_kbc" ] && [ "${ARCH}" == "x86_64" ]; then
+    AA_KBC_EXTRAS="
+RUN echo 'deb [arch=amd64] http://mirrors.openanolis.cn/inclavare-containers/ubuntu20.04 bionic main' \| tee /etc/apt/sources.list.d/inclavare-containers.list; \
+    wget -qO - http://mirrors.openanolis.cn/inclavare-containers/ubuntu20.04/DEB-GPG-KEY.key  \| apt-key add -; \
+    apt-get update; \
+    apt-get install -y rats-tls
+"
+fi
diff --git a/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh
index e94df355d..4e048ca6a 100644
--- a/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh
+++ b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh
@@ -75,4 +75,13 @@ build_rootfs() {
     # Reduce image size and memory footprint
     # removing not needed files and directories.
     chroot $ROOTFS_DIR rm -rf /usr/share/{bash-completion,bug,doc,info,lintian,locale,man,menu,misc,pixmaps,terminfo,zoneinfo,zsh}
+
+ 	if [ "${AA_KBC}" == "eaa_kbc" ] && [ "${ARCH}" == "x86_64" ]; then
+		wget -qO - http://mirrors.openanolis.cn/inclavare-containers/ubuntu20.04/DEB-GPG-KEY.key  | chroot $ROOTFS_DIR apt-key add -
+		cat << EOF | chroot $ROOTFS_DIR
+echo 'deb [arch=amd64] http://mirrors.openanolis.cn/inclavare-containers/ubuntu20.04 bionic main' | tee /etc/apt/sources.list.d/inclavare-containers.list
+apt-get update
+apt-get install -y rats-tls
+EOF
+	fi
 }
diff --git a/tools/osbuilder/scripts/lib.sh b/tools/osbuilder/scripts/lib.sh
index 7deefe741..70fcfac9b 100644
--- a/tools/osbuilder/scripts/lib.sh
+++ b/tools/osbuilder/scripts/lib.sh
@@ -349,6 +349,7 @@ RUN ln -sf /usr/bin/g++ /bin/musl-g++
 			-e "s|@INSTALL_MUSL@|${install_musl//$'\n'/\\n}|g" \
 			-e "s|@INSTALL_RUST@|${install_rust//$'\n'/\\n}|g" \
 			-e "s|@SET_PROXY@|${set_proxy:-}|g" \
+			-e "s|@INSTALL_AA_KBC@|${AA_KBC_EXTRAS//$'\n'/\\n}|g" \
 			"${dockerfile_template}" > Dockerfile
 	fi
 	popd