-
Notifications
You must be signed in to change notification settings - Fork 997
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
packaging: Don't always build the kata-agent #8916
Merged
fidencio
merged 9 commits into
kata-containers:main
from
fidencio:topic/packaging-reuse-already-built-agent
Jan 26, 2024
Merged
Changes from all commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
58874f9
packaging: tools: Add the arch to the builder container
fidencio 1039641
packaging: agent: Add the arch to the builder container
fidencio 5b0d068
packaging: agent: Allow building in all arches
fidencio 8307718
rootfs: Add AGENT_TARBALL env var
fidencio f23451d
rootfs: Add xz as a dep
fidencio eb7a33e
rootfs: Always strip the agent binary
fidencio 21fd7e6
packaging: Fail in case oras can't find an artefact
fidencio dd49479
packaging: Don't build the agent if not needed
fidencio 95c569b
packaging: Add safe.directory to the git config
fidencio File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,6 +10,7 @@ RUN tdnf -y install \ | |
build-essential \ | ||
dnf \ | ||
git \ | ||
tar | ||
tar \ | ||
xz | ||
|
||
@INSTALL_RUST@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,6 +13,7 @@ RUN dnf -y update && \ | |
file \ | ||
g++ \ | ||
git \ | ||
protobuf-compiler | ||
protobuf-compiler \ | ||
xz | ||
|
||
@INSTALL_RUST@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/usr/bin/env bash | ||
# | ||
# Copyright (c) 2024 Intel Corporation | ||
# | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
|
||
[ -z "${DEBUG}" ] || set -x | ||
set -o errexit | ||
set -o nounset | ||
set -o pipefail | ||
set -o errtrace | ||
|
||
script_dir=$(dirname "$(readlink -f "$0")") | ||
install_libseccomp_script_src="${script_dir}/../../../../ci/install_libseccomp.sh" | ||
install_libseccomp_script_dest="${script_dir}/../../static-build/agent/install_libseccomp.sh" | ||
|
||
cp "${install_libseccomp_script_src}" "${install_libseccomp_script_dest}" | ||
|
||
# We don't have to import any other file, as we're passing | ||
# the env vars needed for installing libseccomp and gperf. | ||
sed -i -e '/^source.*$/d' ${install_libseccomp_script_dest} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can do this later, but perhaps we should have a way to bypass this new behavior.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer doing this later, but just to confirm.
The idea here is that we can bypass the behaviour and actually not have the component installed, correct?
If so, I think we can enforce this for the attestation-agent / confiential-data-hub / opa, are those are extra components. The kata agent itself must always be there, though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Never mind. Yesterday I thought this rootfs.sh change was a significant change in symbol strip behavior - but I see now that it's consistent with the previous behavior.