Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podvm: Remove skopeo and umoci from the peer pod VM image #164

Closed
Tracked by #57
stevenhorsman opened this issue Aug 11, 2022 · 6 comments · Fixed by #476
Closed
Tracked by #57

podvm: Remove skopeo and umoci from the peer pod VM image #164

stevenhorsman opened this issue Aug 11, 2022 · 6 comments · Fixed by #476
Assignees
@stevenhorsman

Comments

@stevenhorsman
Copy link
Member

stevenhorsman commented Aug 11, 2022
edited
Loading

Once the skopeo to image-rs gaps have been resolved (such as signature verification in kata-containers/kata-containers#4888 and authenticated registry support in kata-containers/kata-containers#4601) we should try removing all references to the umoci/skopeo binaries from the peer pod vm images (including the USE_SKOPEO , rather than just default to them not being used as per #256) and check that they still work as expected and there aren't any other skopeo specific features we were relying on in any cloud-providers.

The reason being that once we remove the kata-agent references to Skopeo and Umoci then we won't be able to use any skopeo/umoci functions, so want to understand this before we remove an upstream feature we require.
@stevenhorsman stevenhorsman mentioned this issue Aug 12, 2022
Open
11 tasks
@ariel-adam
Copy link
Member

@stevenhorsman is this issue still relevant or can be closed?
If it's still relevant to what release do you think we should map it to (mid-November, end-December, mid-February etc...)?

@stevenhorsman stevenhorsman changed the title Remove skopeo and umoci from the peer pod VM image when ready ibmcloud: Remove skopeo and umoci from the peer pod VM image when ready Oct 11, 2022
@stevenhorsman
Copy link
Member Author

Yes, this is relevant and we will hopefully have it for the mid-November release. Yohei is already looking into it IIRC

@ariel-adam
Copy link
Member

I've mapped it to the CoCo release project, priority medium and drop V0.2.0 as the release

@yoheiueda
Copy link
Member

yoheiueda commented Oct 12, 2022
edited
Loading

I raised a duplicated issue #256, and PR #263 has already closed the issue.

@stevenhorsman stevenhorsman changed the title ibmcloud: Remove skopeo and umoci from the peer pod VM image when ready podvm: Remove skopeo and umoci from the peer pod VM image Nov 14, 2022
@bpradipt
Copy link
Member

@stevenhorsman any additional work pending w.r.to this issue ?

@stevenhorsman
Copy link
Member Author

@bpradipt - yes. As per the description in this - it is about removing all references to building skopeo and umoci in our peer pod VM image builds, rather than just changing the default as #263 did. I want this as a gate for removing the ability to use skopeo in the kata-agent as only by removing the ability to use skopeo (which we know people are still using for authenticated registry support) will we drive out the remaining cases that need skopeo. Does that make sense?

@stevenhorsman stevenhorsman mentioned this issue Dec 16, 2022
Open
@stevenhorsman stevenhorsman self-assigned this Jan 3, 2023
stevenhorsman added a commit to stevenhorsman/cloud-api-adaptor that referenced this issue Jan 3, 2023
@stevenhorsman
image: Remove skopeo & umoci
828a404 
- Update Makefiles to remove the skopeo and umoci targets that install
them into the peer pod image.
- Note: The skopeo and umoci source targets are still needed to copy
and unpack the pause image for now.

Fixes: confidential-containers#164
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
@stevenhorsman stevenhorsman mentioned this issue Jan 3, 2023
Merged
bpradipt pushed a commit that referenced this issue Jan 4, 2023
@stevenhorsman @bpradipt
image: Remove skopeo & umoci
d3f29c8 
- Update Makefiles to remove the skopeo and umoci targets that install
them into the peer pod image.
- Note: The skopeo and umoci source targets are still needed to copy
and unpack the pause image for now.

Fixes: #164
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
bpradipt pushed a commit to bpradipt/cloud-api-adaptor that referenced this issue Aug 12, 2023
@stevenhorsman @bpradipt
image: Remove skopeo & umoci
d7ade1a 
- Update Makefiles to remove the skopeo and umoci targets that install
them into the peer pod image.
- Note: The skopeo and umoci source targets are still needed to copy
and unpack the pause image for now.

Fixes: confidential-containers#164
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
wainersm pushed a commit to wainersm/cc-cloud-api-adaptor that referenced this issue Sep 5, 2023
@stevenhorsman @bpradipt
image: Remove skopeo & umoci
aec2ac1 
- Update Makefiles to remove the skopeo and umoci targets that install
them into the peer pod image.
- Note: The skopeo and umoci source targets are still needed to copy
and unpack the pause image for now.

Fixes: confidential-containers#164
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stevenhorsman stevenhorsman

Labels
None yet
Projects
CoCo Releases
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

image: Remove skopeo & umoci stevenhorsman/cloud-api-adaptor
4 participants
@bpradipt @yoheiueda @stevenhorsman @ariel-adam