diff options
author | zer0def | 2021-05-15 06:27:43 +0200 |
---|---|---|
committer | zer0def | 2021-05-15 08:03:48 +0200 |
commit | 8f78807fe6f686ce7d52daf67d6a26b3664e9c01 (patch) | |
tree | 433eb1ca2cbe85837734feaeeaa62479008fa1ff | |
parent | 8c50f1ee85601cb265a6e2f834428babcc1ca2a6 (diff) | |
download | aur-8f78807fe6f686ce7d52daf67d6a26b3664e9c01.tar.gz |
Kata 1.x has been archived, move Kata 2.x as expected release and bump to 2.1.0
-rw-r--r-- | .SRCINFO | 67 | ||||
-rw-r--r-- | 0001-config-preemption.diff | 65 | ||||
-rw-r--r-- | 3082.patch | 33 | ||||
-rw-r--r-- | PKGBUILD | 224 | ||||
-rw-r--r-- | btrfs.kconfig | 10 | ||||
-rwxr-xr-x | image_builder.sh | 521 | ||||
-rw-r--r-- | install_kata-agent.tpl | 5 | ||||
-rw-r--r-- | install_sd-kata-agent.tpl | 7 | ||||
-rw-r--r-- | kata-agent.service.in | 24 | ||||
-rw-r--r-- | kata-containers.target | 16 | ||||
-rw-r--r-- | kata-runtime.install | 44 | ||||
-rw-r--r-- | kata2-guest.install | 20 | ||||
-rw-r--r-- | kata2-runtime.install | 11 | ||||
-rw-r--r-- | mkinitcpio-agent.conf | 6 |
14 files changed, 900 insertions, 153 deletions
@@ -1,38 +1,57 @@ pkgbase = kata-containers - pkgdesc = Lightweight virtual machines for containers - pkgver = 1.12.1 + pkgdesc = Lightweight virtual machines for containers, version 2 + pkgver = 2.1.0 pkgrel = 1 url = https://katacontainers.io/ arch = x86_64 license = Apache makedepends = go - source = ksm-throttler-1.12.1.tar.gz::https://github.com/kata-containers/ksm-throttler/archive/1.12.1.tar.gz - source = proxy-1.12.1.tar.gz::https://github.com/kata-containers/proxy/archive/1.12.1.tar.gz - source = runtime-1.12.1.tar.gz::https://github.com/kata-containers/runtime/archive/1.12.1.tar.gz - source = shim-1.12.1.tar.gz::https://github.com/kata-containers/shim/archive/1.12.1.tar.gz - sha512sums = 5653a4110e57f3145041b0aef1b9f4b8be67d8d0c04144dfbb3b613362bdb6ce67199e9f34d1224cbf08255efe6d191a6e03ba40c35d4d0650004e2582774de4 - sha512sums = 9bd64016374354364d45522239a81b12a7cd3436b0842793e2964bc5b8bc79f6c8be57d71b7384985c416889293688f8c65dffacba23dbf653d9a0ba916263d9 - sha512sums = c831eaa3d0fcddbb5dca0e18f3dfb4e616d45edb42031532c8ea52243a73e685d8f888671a27665f09d0aed41e27ac2035c78ff491f836a044a036d05f922dd7 - sha512sums = acc1592a91f56057a5dc3380824811d436cd82a17e41e028289eb8837aa5fbbb8b811cec51844789f7611b7c009b2050f07bd8c69f7ab28842e4f5fe7accc0b3 - b2sums = c930d082e0a9faa4a90751b3d67e91868bda12dea4ee6f3f565a24c1d074e7b4ed09a93ba14f9696e0891452e2d69a685ec837e7183bc9ff86b479034ed40fc9 - b2sums = 206bfe0e7d8be050f934ffbd7516543dfc3aca7339e83b318db8acd6323d4c3e68e8bb4f1dfa3530b7b5404960b27867a79396154d0fc61ec3445a5f0e70a78f - b2sums = 72d9995a45997c2d407f411f9a177207e23f382b40c08c1930c07029d76bcb3b703d3e80a209e98dc7646d6b1736cab4a1047974a2fb917419a4a6d94e796dd5 - b2sums = a73a3ce69ff54e7d172ef30e73678d4aaf12ab725798fe6e057f0ca163a95d7ce43c599fec9e7767259b4b793543febd1b7478678400e7f01204a1df89af9556 + makedepends = bc + makedepends = rust + makedepends = mkinitcpio + makedepends = pacman + makedepends = udisks2 + source = kata-containers-2.1.0.tar.gz::https://github.com/kata-containers/kata-containers/archive/2.1.0.tar.gz + source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.25.tar.xz + source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.25.tar.sign + source = mkinitcpio-agent.conf + source = install_kata-agent.tpl + source = image_builder.sh + source = install_sd-kata-agent.tpl + source = kata-agent.service.in + source = kata-containers.target + source = 0001-config-preemption.diff + validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E + sha512sums = ccfc712168738fce1f26b14fbe4a0dcecd9d1f3a0698c06487d98091173951be141c06b4314712ea9b67cda93d2efa8701c3b9afc8770458147defa5adbabf1a + sha512sums = 20d81a5930f4877e4a67930c8fc52406767bc1c1ca65a78037e4f42738bae54009a59d1a21e3bfde773f67af608a763e67a8829564b3665cae937dbc19947c13 + sha512sums = SKIP + sha512sums = 182a249aecbab33b8704e9567e96d33b535ee59e6d2f52f0c30fbc3d12813f60192886539cc745933caaf59268925d78db9e0b6b427321e2bac932ebde77d62e + sha512sums = 0250e52251986f36cfb9e378d848f755caaf5253daa8ff7d87172f2622754c1eb4180b338a497e3fbeb880e232eef19d5e512f5a8e610e7a6eb468f210849a08 + sha512sums = 6f476297d9001eef9a0665689f752cf5124907522cfc87240df16488379a5c7c9820a6e33a576dbf7f75c4fdfa7cab7a0e395b05c9339069dedbdaac42fb6c04 + sha512sums = 60e2dee0afcfc52b6075309b4eeb55c75dc4a8f063274f2cd481a0056fae0e78e414f0422af26acddff93edb43a23cb52c26aefd92677160fd8eb6a685b6a6d6 + sha512sums = 8f927f482d54a762ae5c952883034355a76c5547993ed4245a434a74014aa96e6c5182e3ece0a431e075c1d2f86e99ed0d0d8d839586821c5a7cdf053ec6963d + sha512sums = b599a62d07f4451f52747eaf185142fbe8eeb9aced211369fc83d88c43483ef1008f87615fcfcf30d74a557569b89d5fcb4a61326ffc8cb0559ec51807d808ca + sha512sums = 76c27fe0e2b84a9ae0d4b0e2a96ef0c07777811991b4aae21c88494b91fa2837fb67be335cebf4874e5e3235b5ba4641ec4544f9e055765e2dcf399d9d875e8c + b2sums = ee14536ba48ece1beba2409082446b18b80450233335bf2b9644604cf3d97404caa9f58a0ca1de69da50cd900e0b7ee5f9b046e206b9235ed77b9deccb2399d6 + b2sums = 1aa774dcd894f4f5a24cc26375dac4dfe0b8d1c37e58c6878dd81c2f6466a8fbb635b46e881bec75b00c041c6d0c73c545bd10ff25afde6a5bca1e63e165e51c + b2sums = SKIP + b2sums = 43c81141a65fd14b60ae72c5b98168bec531990903cc7c8b224b416c71d1d05c1cf3f73891954604e0b0c6f48c52a3a41a8e9e78874a79e72b14282373108e8b + b2sums = 9abf2208af353019ba177d8a48ba613401742cd21258a79c5d9cb8518a51f4f22a41dc386b71f2d6521d03f6ff65d8710dc59d1ca9c7c1dc5f94061c7374286c + b2sums = 1745aa5d5df0af2452381de163e3964511172e045c13736a062bb2c932e3306250d24992b2bdbc534ced188b35d3b1f4958a5680c99356afd3097d11c84aee31 + b2sums = 1ce51ec8cfac8149e3d421d58ec4cb5df2119f4c4d6371da3406297f87a35b6453a9a91bfce9b3b6ac81945b9c8c8237d5818b7321198635614148a8001e3da7 + b2sums = 8b5371fe7b1858dc61dcf4153b58f9c7a5ba564299d657c2bc4eac2328801346e9ca3f6f441dcca710e89495e5b7f9d35b002a8e031eb3cbd4a4fa850566309a + b2sums = 60bb47bec6e35ccc460ac066d7205d084ab8bdc7d1749918ce0497983a6e7eb770ca9fd996f44b05dbdbfc35390bf2d02b7e8abc619fa6d9df298988d5f19053 + b2sums = 919319ddcaac3f7c5b1c1998fced9920f3e7e9d4660c83e380495fc3a14d5f4e82736ac9435fdb78512576f1d90f80b1ad017529f2b42e013b844ed3ec4bc99f -pkgname = kata-ksm-throttler +pkgname = kata-agent pkgname = kata-runtime - install = kata-runtime.install + install = kata2-runtime.install depends = qemu-headless - depends = kata-proxy=1.12.1 - depends = kata-shim=1.12.1 depends = kata-linux-container depends = kata-containers-image - optdepends = kata-ksm-throttler=1.12.1 - optdepends = firecracker<0.22.0 - optdepends = cloud-hypervisor<0.9.0 + optdepends = firecracker<0.24.0 + optdepends = cloud-hypervisor<16.0 -pkgname = kata-proxy - -pkgname = kata-shim +pkgname = kata-linux-container diff --git a/0001-config-preemption.diff b/0001-config-preemption.diff new file mode 100644 index 000000000000..1d9659a9ff8e --- /dev/null +++ b/0001-config-preemption.diff @@ -0,0 +1,65 @@ +diff -rupN linux-5.4.71-bak/arch/x86/entry/Makefile linux-5.4.71/arch/x86/entry/Makefile +--- linux-5.4.71-bak/arch/x86/entry/Makefile 2021-03-31 07:37:51.209894751 +0200 ++++ linux-5.4.71/arch/x86/entry/Makefile 2021-03-31 07:40:01.031657854 +0200 +@@ -7,11 +7,12 @@ OBJECT_FILES_NON_STANDARD_entry_64_compa + + CFLAGS_syscall_64.o += $(call cc-option,-Wno-override-init,) + CFLAGS_syscall_32.o += $(call cc-option,-Wno-override-init,) +-obj-y := entry_$(BITS).o thunk_$(BITS).o syscall_$(BITS).o ++obj-y := entry_$(BITS).o syscall_$(BITS).o + obj-y += common.o + + obj-y += vdso/ + obj-y += vsyscall/ + + obj-$(CONFIG_IA32_EMULATION) += entry_64_compat.o syscall_32.o ++obj-$(CONFIG_PREEMPTION) += thunk_$(BITS).o + +diff -rupN linux-5.4.71-bak/arch/x86/entry/thunk_32.S linux-5.4.71/arch/x86/entry/thunk_32.S +--- linux-5.4.71-bak/arch/x86/entry/thunk_32.S 2021-03-31 07:37:51.209894751 +0200 ++++ linux-5.4.71/arch/x86/entry/thunk_32.S 2021-03-31 07:41:12.507459778 +0200 +@@ -34,10 +34,8 @@ + THUNK trace_hardirqs_off_thunk,trace_hardirqs_off_caller,1 + #endif + +-#ifdef CONFIG_PREEMPTION + THUNK ___preempt_schedule, preempt_schedule + THUNK ___preempt_schedule_notrace, preempt_schedule_notrace + EXPORT_SYMBOL(___preempt_schedule) + EXPORT_SYMBOL(___preempt_schedule_notrace) +-#endif + +diff -rupN linux-5.4.71-bak/arch/x86/entry/thunk_64.S linux-5.4.71/arch/x86/entry/thunk_64.S +--- linux-5.4.71-bak/arch/x86/entry/thunk_64.S 2021-03-31 07:37:51.209894751 +0200 ++++ linux-5.4.71/arch/x86/entry/thunk_64.S 2021-03-31 07:41:09.934157585 +0200 +@@ -46,16 +46,13 @@ + THUNK lockdep_sys_exit_thunk,lockdep_sys_exit + #endif + +-#ifdef CONFIG_PREEMPTION + THUNK ___preempt_schedule, preempt_schedule + THUNK ___preempt_schedule_notrace, preempt_schedule_notrace + EXPORT_SYMBOL(___preempt_schedule) + EXPORT_SYMBOL(___preempt_schedule_notrace) +-#endif + + #if defined(CONFIG_TRACE_IRQFLAGS) \ +- || defined(CONFIG_DEBUG_LOCK_ALLOC) \ +- || defined(CONFIG_PREEMPTION) ++ || defined(CONFIG_DEBUG_LOCK_ALLOC) + .L_restore: + popq %r11 + popq %r10 +diff -rupN linux-5.4.71-bak/arch/x86/um/Makefile linux-5.4.71/arch/x86/um/Makefile +--- linux-5.4.71-bak/arch/x86/um/Makefile 2021-03-31 07:37:51.226561216 +0200 ++++ linux-5.4.71/arch/x86/um/Makefile 2021-03-31 07:38:34.422705542 +0200 +@@ -26,7 +26,8 @@ else + + obj-y += syscalls_64.o vdso/ + +-subarch-y = ../lib/csum-partial_64.o ../lib/memcpy_64.o ../entry/thunk_64.o ++subarch-y = ../lib/csum-partial_64.o ../lib/memcpy_64.o ++subarch-$(CONFIG_PREEMPTION) += ../entry/thunk_64.o + + endif + diff --git a/3082.patch b/3082.patch deleted file mode 100644 index 57fd9007df11..000000000000 --- a/3082.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c56af73d3d142125e0712028be0b9e179e0ff957 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com> -Date: Wed, 18 Nov 2020 17:42:04 +0100 -Subject: [PATCH] virtcontainers: Don't set Ctty -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The https://go-review.googlesource.com/c/go/+/231638/ commit on Golang -introduced a failure on Kata Containers when the runtime is built with -golang 15.2+. - -Fixes: #2982 - -Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com> ---- - virtcontainers/shim.go | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/virtcontainers/shim.go b/virtcontainers/shim.go -index 8ec7458b6..d0c891dd5 100644 ---- a/virtcontainers/shim.go -+++ b/virtcontainers/shim.go -@@ -208,9 +208,6 @@ func startShim(args []string, params ShimParams) (int, error) { - cmd.Stderr = f - // Create Session - cmd.SysProcAttr.Setsid = true -- // Set Controlling terminal to Ctty -- cmd.SysProcAttr.Setctty = true -- cmd.SysProcAttr.Ctty = int(f.Fd()) - } - defer func() { - if f != nil { @@ -3,89 +3,209 @@ # Contributor: Stefan Zwanenburg <stefan cat zwanenburg dog info> pkgbase=kata-containers pkgname=( - kata-ksm-throttler + kata-agent kata-runtime - kata-proxy - kata-shim + kata-linux-container + #kata-containers-image ) -pkgver=1.12.1 +pkgver=2.1.0 _pkgver=${pkgver/\~/-} pkgrel=1 -pkgdesc="Lightweight virtual machines for containers" +pkgdesc="Lightweight virtual machines for containers, version 2" arch=('x86_64') url="https://katacontainers.io/" license=('Apache') makedepends=( - 'go' - #'yq2-bin' + 'go' 'bc' 'rust' + #'yq2-bin' # quietly pulled by Kata's codebase to read versions.yaml from source repo + 'mkinitcpio' # initrd build + 'pacman' 'udisks2' # rootless image build ) + _gh_org="github.com/kata-containers" +_kata_kernel_ver="${KATA_KERNEL_VER:-5.10.25}" + source=( - "ksm-throttler-${_pkgver}.tar.gz::https://${_gh_org}/ksm-throttler/archive/${_pkgver}.tar.gz" - "proxy-${_pkgver}.tar.gz::https://${_gh_org}/proxy/archive/${_pkgver}.tar.gz" - "runtime-${_pkgver}.tar.gz::https://${_gh_org}/runtime/archive/${_pkgver}.tar.gz" - "shim-${_pkgver}.tar.gz::https://${_gh_org}/shim/archive/${_pkgver}.tar.gz" - #"3082.patch" # https://github.com/kata-containers/runtime/pull/3082 fixing https://github.com/kata-containers/runtime/issues/2982 + "${pkgbase}-${_pkgver}.tar.gz::https://${_gh_org}/kata-containers/archive/${_pkgver}.tar.gz" + "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_kata_kernel_ver}.tar.xz" + "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_kata_kernel_ver}.tar.sign" + + # mknitcpio-busybox + "mkinitcpio-agent.conf" + "install_kata-agent.tpl" + "image_builder.sh" # image build + + # mknitpcio-systemd + "install_sd-kata-agent.tpl" + "kata-agent.service.in" + "kata-containers.target" + + # https://lkml.org/lkml/2021/1/23/75 + "0001-config-preemption.diff" ) sha512sums=( - 5653a4110e57f3145041b0aef1b9f4b8be67d8d0c04144dfbb3b613362bdb6ce67199e9f34d1224cbf08255efe6d191a6e03ba40c35d4d0650004e2582774de4 - 9bd64016374354364d45522239a81b12a7cd3436b0842793e2964bc5b8bc79f6c8be57d71b7384985c416889293688f8c65dffacba23dbf653d9a0ba916263d9 - c831eaa3d0fcddbb5dca0e18f3dfb4e616d45edb42031532c8ea52243a73e685d8f888671a27665f09d0aed41e27ac2035c78ff491f836a044a036d05f922dd7 - acc1592a91f56057a5dc3380824811d436cd82a17e41e028289eb8837aa5fbbb8b811cec51844789f7611b7c009b2050f07bd8c69f7ab28842e4f5fe7accc0b3 - #87568f7db71a816f4953245af4b302da2f0a19543a706bce9d84e9c7e9de8f6ef54f410e426f05c4faf46bcfb330f802fa8261848beda3aaa965bfc11408a5ca + "ccfc712168738fce1f26b14fbe4a0dcecd9d1f3a0698c06487d98091173951be141c06b4314712ea9b67cda93d2efa8701c3b9afc8770458147defa5adbabf1a" + "${KATA_KERNEL_SUM_SHA512:-20d81a5930f4877e4a67930c8fc52406767bc1c1ca65a78037e4f42738bae54009a59d1a21e3bfde773f67af608a763e67a8829564b3665cae937dbc19947c13}" + "SKIP" + + "182a249aecbab33b8704e9567e96d33b535ee59e6d2f52f0c30fbc3d12813f60192886539cc745933caaf59268925d78db9e0b6b427321e2bac932ebde77d62e" + "0250e52251986f36cfb9e378d848f755caaf5253daa8ff7d87172f2622754c1eb4180b338a497e3fbeb880e232eef19d5e512f5a8e610e7a6eb468f210849a08" + "6f476297d9001eef9a0665689f752cf5124907522cfc87240df16488379a5c7c9820a6e33a576dbf7f75c4fdfa7cab7a0e395b05c9339069dedbdaac42fb6c04" + + "60e2dee0afcfc52b6075309b4eeb55c75dc4a8f063274f2cd481a0056fae0e78e414f0422af26acddff93edb43a23cb52c26aefd92677160fd8eb6a685b6a6d6" + "8f927f482d54a762ae5c952883034355a76c5547993ed4245a434a74014aa96e6c5182e3ece0a431e075c1d2f86e99ed0d0d8d839586821c5a7cdf053ec6963d" + "b599a62d07f4451f52747eaf185142fbe8eeb9aced211369fc83d88c43483ef1008f87615fcfcf30d74a557569b89d5fcb4a61326ffc8cb0559ec51807d808ca" + + "76c27fe0e2b84a9ae0d4b0e2a96ef0c07777811991b4aae21c88494b91fa2837fb67be335cebf4874e5e3235b5ba4641ec4544f9e055765e2dcf399d9d875e8c" ) b2sums=( - c930d082e0a9faa4a90751b3d67e91868bda12dea4ee6f3f565a24c1d074e7b4ed09a93ba14f9696e0891452e2d69a685ec837e7183bc9ff86b479034ed40fc9 - 206bfe0e7d8be050f934ffbd7516543dfc3aca7339e83b318db8acd6323d4c3e68e8bb4f1dfa3530b7b5404960b27867a79396154d0fc61ec3445a5f0e70a78f - 72d9995a45997c2d407f411f9a177207e23f382b40c08c1930c07029d76bcb3b703d3e80a209e98dc7646d6b1736cab4a1047974a2fb917419a4a6d94e796dd5 - a73a3ce69ff54e7d172ef30e73678d4aaf12ab725798fe6e057f0ca163a95d7ce43c599fec9e7767259b4b793543febd1b7478678400e7f01204a1df89af9556 - #d4f55b660a26ff6dc9e9a7f4eab80f3a45a228b9780054ae0a8d1080ca8db29333818e9e83235c4e6a128117473fe8fcb8f9e5831042aaf71d4defca09808ef2 + "ee14536ba48ece1beba2409082446b18b80450233335bf2b9644604cf3d97404caa9f58a0ca1de69da50cd900e0b7ee5f9b046e206b9235ed77b9deccb2399d6" + "${KATA_KERNEL_SUM_B2:-1aa774dcd894f4f5a24cc26375dac4dfe0b8d1c37e58c6878dd81c2f6466a8fbb635b46e881bec75b00c041c6d0c73c545bd10ff25afde6a5bca1e63e165e51c}" + "SKIP" + + "43c81141a65fd14b60ae72c5b98168bec531990903cc7c8b224b416c71d1d05c1cf3f73891954604e0b0c6f48c52a3a41a8e9e78874a79e72b14282373108e8b" + "9abf2208af353019ba177d8a48ba613401742cd21258a79c5d9cb8518a51f4f22a41dc386b71f2d6521d03f6ff65d8710dc59d1ca9c7c1dc5f94061c7374286c" + "1745aa5d5df0af2452381de163e3964511172e045c13736a062bb2c932e3306250d24992b2bdbc534ced188b35d3b1f4958a5680c99356afd3097d11c84aee31" + + "1ce51ec8cfac8149e3d421d58ec4cb5df2119f4c4d6371da3406297f87a35b6453a9a91bfce9b3b6ac81945b9c8c8237d5818b7321198635614148a8001e3da7" + "8b5371fe7b1858dc61dcf4153b58f9c7a5ba564299d657c2bc4eac2328801346e9ca3f6f441dcca710e89495e5b7f9d35b002a8e031eb3cbd4a4fa850566309a" + "60bb47bec6e35ccc460ac066d7205d084ab8bdc7d1749918ce0497983a6e7eb770ca9fd996f44b05dbdbfc35390bf2d02b7e8abc619fa6d9df298988d5f19053" + + "919319ddcaac3f7c5b1c1998fced9920f3e7e9d4660c83e380495fc3a14d5f4e82736ac9435fdb78512576f1d90f80b1ad017529f2b42e013b844ed3ec4bc99f" ) +validpgpkeys=( + 647F28654894E3BD457199BE38DBBDC86092693E # kernel +) + +case "${CARCH}" in + x86_64) _KARCH=x86_64;; + aarch64) _KARCH=arm64;; + s390|s390x) _KARCH=s390;; + ppc64le) _KARCH=powerpc;; +esac + +_kernel_prepare(){ + # kata2-linux-container prep (ref: https://github.com/kata-containers/packaging/tree/master/kernel ) + cd "${srcdir}/linux-${_kata_kernel_ver}" + #for p in $(find "${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/kernel/patches" -type f -name "*.patch"); do + # patch -p1 <"${p}" + #done + + # 5.4.71 + #patch -p1 <"${srcdir}/0001-config-preemption.diff" + + # kernel config prep from upstream ("${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/obs-packaging/linux-container/kata-linux-container.spec-template") + make -s mrproper + rm -f .config + + local -r _KCONFIG="$(find "${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/kernel/configs" -type f -name "${_KARCH}_kata_kvm_${_kata_kernel_ver%.*}.x")" + if [ -z "${_KCONFIG}" ]; then + KCONFIG_CONFIG=.config ARCH=${_KARCH} scripts/kconfig/merge_config.sh -r -n "${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/kernel/configs/fragments/common/"*.conf "${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/kernel/configs/fragments/${_KARCH}/"*.conf + else + install -Dm 0644 "${_KCONFIG}" .config + fi + make -s ARCH="${_KARCH}" oldconfig +} prepare(){ + _kernel_prepare + #install -dm0755 "${srcdir}/bin" #ln -sf "$(command -v yq)" "${srcdir}/bin/yq" - install -dm0755 "${srcdir}/src/${_gh_org}" - for i in ksm-throttler proxy runtime shim; do - rm -rf "${srcdir}/src/${_gh_org}/${i}" - mv "${srcdir}/${i}-${_pkgver}" "${srcdir}/src/${_gh_org}/${i}" - done - cd "${srcdir}/src/${_gh_org}/runtime" - #patch -p1 <"${srcdir}/3082.patch" + # agent-based initrd + BINSRC="${srcdir}/${pkgbase}-${_pkgver}/src/agent/target/${_KARCH}-unknown-linux-gnu/release/kata-agent" envsubst <"${srcdir}/install_kata-agent.tpl" >"${srcdir}/install_kata-agent" + install -Dm0644 "${srcdir}/install_kata-agent" "${srcdir}/initcpio-agent/install/kata-agent" + + # systemd units + install -Dm0644 "${srcdir}/kata-agent.service.in" "${srcdir}/${pkgbase}-${_pkgver}/src/agent/kata-agent.service.in" + install -Dm0644 "${srcdir}/kata-containers.target" "${srcdir}/${pkgbase}-${_pkgver}/src/agent/kata-containers.target" + + # systemd-based initrd + SRCDIR="${srcdir}/${pkgbase}-${_pkgver}/src/agent" KARCH="${_KARCH}" envsubst <"${srcdir}/install_sd-kata-agent.tpl" >"${srcdir}/install_sd-kata-agent" + install -Dm0644 "${srcdir}/install_sd-kata-agent" "${srcdir}/initcpio-systemd/install/sd-kata-agent" + + # remove subrepos without the `install` makefile target + sed -i \ + -e '/COMPONENTS += trace-forwarder/d' \ + -e '/TOOLS += agent-ctl/d' \ + "${srcdir}/${pkgbase}-${_pkgver}/Makefile" + install -m0755 "${srcdir}/image_builder.sh" "${srcdir}/${pkgbase}-${_pkgver}/tools/osbuilder/image-builder/image_builder.sh" +} + +_kata_image_build() { + install -dm0755 "${srcdir}/pkgcache" "${srcdir}/alpmdb" "${srcdir}/rootfs" + fakeroot -- pacman -r "${srcdir}/rootfs" -b "${srcdir}/alpmdb" --cachedir "${srcdir}/pkgcache" --noconfirm -Sy systemd chrony iptables kmod libseccomp + pushd "${srcdir}/rootfs/sbin" + ln -sf ../lib/systemd/systemd init + popd + + install -Dm0755 "${srcdir}/${pkgbase}-${_pkgver}/src/agent/target/${_KARCH}-unknown-linux-gnu/release/kata-agent" "${srcdir}/rootfs/usr/bin/kata-agent" + install -Dm0644 "${srcdir}/${pkgbase}-${_pkgver}/src/agent/kata-containers.target" "${srcdir}/rootfs/usr/lib/systemd/system/kata-containers.target" + sed -e 's#@BINDIR@#/usr/bin#' -e 's#@AGENT_NAME@#kata-agent#' "${srcdir}/${pkgbase}-${_pkgver}/src/agent/kata-agent.service.in" >"${srcdir}/rootfs/usr/lib/systemd/system/kata-agent.service" + + # rootfs image (builds filesystem with uid:gid of building system user! beware!) + cd "${srcdir}/${pkgbase}-${_pkgver}/tools/osbuilder/image-builder" + ./image_builder.sh -f ext4 "${srcdir}/rootfs" } build(){ - for i in ksm-throttler proxy runtime shim; do - cd "${srcdir}/src/${_gh_org}/${i}" - GOPATH="${srcdir}" make DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" - done + cd "${srcdir}/${pkgbase}-${_pkgver}" + GOPATH="${srcdir}" make BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" LIBC=gnu + + # kernel build + cd "${srcdir}/linux-${_kata_kernel_ver}" + make -s ARCH="${_KARCH}" + + mkinitcpio -c "${srcdir}/mkinitcpio-agent.conf" -g "${srcdir}/initrd-arch-agent.img" -D "${srcdir}/initcpio-agent" + #mkinitcpio -c "${srcdir}/mkinitcpio-systemd.conf" -g "${srcdir}/initrd-arch-systemd.img" -D "${srcdir}/initcpio-systemd" + #_kata_image_build +} + +package_kata-agent(){ + cd "${srcdir}/${pkgbase}-${_pkgver}/src/agent" + GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" LIBC=gnu + + # install hooks + install -dm0755 "${pkgdir}/usr/lib/initcpio/install" + BINSRC="/usr/bin/kata-agent" envsubst <"${srcdir}/install_kata-agent.tpl" >"${pkgdir}/usr/lib/initcpio/install/kata-agent" + #SRCDIR="${srcdir}/${pkgbase}-${_pkgver}/src/agent" KARCH="${_KARCH}" envsubst <"${srcdir}/install_sd-kata-agent.tpl" >"${srcdir}/install_sd-kata-agent" } -package_kata-ksm-throttler(){ - cd "${srcdir}/src/${_gh_org}/ksm-throttler" - GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" - install -d -m 0755 "${pkgdir}/var/lib/vc/{firecracker,sbs,uuid}" +package_kata-containers-image(){ + install=kata2-guest.install + local -r _img_filename="kata-containers-${_pkgver%%~*}-arch-systemd-image.img" _initrd_filename="kata-containers-${_pkgver%%~*}-arch-agent-initrd.img" + install -Dm 0644 "${srcdir}/${pkgbase}-${_pkgver}/tools/osbuilder/image-builder/kata-containers.img" "${pkgdir}/usr/share/kata-containers/${_img_filename}" + #install -Dm 0644 "${srcdir}/initrd-arch-agent.img" "${pkgdir}/usr/share/kata-containers/${_initrd_filename}" + pushd "${pkgdir}/usr/share/kata-containers" + ln -sf "${_img_filename}" "kata-containers-arch.img" + #ln -sf "${_initrd_filename}" "kata-containers-arch-initrd.img" + popd } -package_kata-proxy(){ - cd "${srcdir}/src/${_gh_org}/proxy" - GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" +package_kata-linux-container(){ + install -Dm 0644 "${srcdir}/linux-${_kata_kernel_ver}/arch/${_KARCH}/boot/bzImage" "${pkgdir}/usr/share/kata-containers/vmlinux-${_kata_kernel_ver}.container" + #install -Dm 0644 "${srcdir}/linux-${_kata_kernel_ver}/vmlinux" "${pkgdir}/usr/share/kata-containers/vmlinux-${_kata_kernel_ver}.container" + pushd "${pkgdir}/usr/share/kata-containers" + ln -sf "vmlinux-${_kata_kernel_ver}.container" vmlinux.container + if [ "${_KARCH}" = "powerpc" ]; then + ln -sf "vmlinux-${_kata_kernel_ver}.container" "vmlinuz-${_kata_kernel_ver}.container" + ln -sf "vmlinuz-${_kata_kernel_ver}.container" vmlinuz.container + else + # param out bzImage for other archs? + install -Dm 0644 "${srcdir}/linux-${_kata_kernel_ver}/arch/${_KARCH}/boot/bzImage" "${pkgdir}/usr/share/kata-containers/vmlinuz-${_kata_kernel_ver}.container" + ln -sf "vmlinuz-${_kata_kernel_ver}.container" vmlinuz.container + fi + popd } package_kata-runtime(){ - depends=('qemu-headless' "kata-proxy=${pkgver}" "kata-shim=${pkgver}" "kata-linux-container" "kata-containers-image") + depends=('qemu-headless' "kata-linux-container" "kata-containers-image") optdepends=( - "kata-ksm-throttler=${pkgver}" - 'firecracker<0.22.0' - 'cloud-hypervisor<0.9.0' + 'firecracker<0.24.0' + 'cloud-hypervisor<16.0' ) - install=kata-runtime.install - cd "${srcdir}/src/${_gh_org}/runtime" - GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" -} - -package_kata-shim(){ - cd "${srcdir}/src/${_gh_org}/shim" - GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" + install=kata2-runtime.install + cd "${srcdir}/${pkgbase}-${_pkgver}/src/runtime" + GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" LIBC=gnu } diff --git a/btrfs.kconfig b/btrfs.kconfig new file mode 100644 index 000000000000..90e77d2db188 --- /dev/null +++ b/btrfs.kconfig @@ -0,0 +1,10 @@ +CONFIG_BTRFS_FS=y +CONFIG_BTRFS_FS_POSIX_ACL=y +CONFIG_BTRFS_FS_CHECK_INTEGRITY=n +CONFIG_BTRFS_FS_RUN_SANITY_TESTS=n +CONFIG_BTRFS_DEBUG=n +CONFIG_BTRFS_ASSERT=n +CONFIG_BTRFS_FS_REF_VERIFY=n +CONFIG_RAID6_PQ=y +CONFIG_RAID6_PQ_BENCHMARK=y +CONFIG_ZSTD_COMPRESS=y diff --git a/image_builder.sh b/image_builder.sh new file mode 100755 index 000000000000..51d5dc420b8d --- /dev/null +++ b/image_builder.sh @@ -0,0 +1,521 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2017-2019 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +set -e + +[ -n "${DEBUG}" ] && set -x + +DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc} + +readonly script_name="${0##*/}" +readonly script_dir=$(dirname "$(readlink -f "$0")") +readonly lib_file="${script_dir}/../scripts/lib.sh" + +readonly ext4_format="ext4" +readonly xfs_format="xfs" + +# ext4: percentage of the filesystem which may only be allocated by privileged processes. +readonly reserved_blocks_percentage=3 + +# Where the rootfs starts in MB +readonly rootfs_start=1 + +# Where the rootfs ends in MB +readonly rootfs_end=-1 + +# DAX header size +# * NVDIMM driver reads the device namespace information from nvdimm namespace (4K offset). +# The MBR #1 + DAX metadata are saved in the first 2MB of the image. +readonly dax_header_sz=2 + +# DAX aligment +# * DAX huge pages [2]: 2MB alignment +# [2] - https://nvdimm.wiki.kernel.org/2mib_fs_dax +readonly dax_alignment=2 + +# The list of systemd units and files that are not needed in Kata Containers +readonly -a systemd_units=( + "systemd-coredump@" + "systemd-journald" + "systemd-journald-dev-log" + "systemd-journal-flush" + "systemd-random-seed" + "systemd-timesyncd" + "systemd-tmpfiles-setup" + "systemd-udevd" + "systemd-udevd-control" + "systemd-udevd-kernel" + "systemd-udev-trigger" + "systemd-update-utmp" +) + +readonly -a systemd_files=( + "systemd-bless-boot-generator" + "systemd-fstab-generator" + "systemd-getty-generator" + "systemd-gpt-auto-generator" + "systemd-tmpfiles-cleanup.timer" +) + +# Set a default value +AGENT_INIT=${AGENT_INIT:-no} + +# Align image to (size in MB) according to different architecture. +case "$(uname -m)" in + aarch64) readonly mem_boundary_mb=16 ;; + *) readonly mem_boundary_mb=128 ;; +esac + +# shellcheck source=../scripts/lib.sh +source "${lib_file}" + +usage() { + cat <<EOT +Usage: ${script_name} [options] <rootfs-dir> + This script will create a Kata Containers image file of + an adequate size based on the <rootfs-dir> directory. + +Options: + -h Show this help + -o path to generate image file ENV: IMAGE + -r Free space of the root partition in MB ENV: ROOT_FREE_SPACE + +Extra environment variables: + AGENT_BIN: Use it to change the expected agent binary name + AGENT_INIT: Use kata agent as init process + NSDAX_BIN: Use to specify path to pre-compiled 'nsdax' tool. + FS_TYPE: Filesystem type to use. Only xfs and ext4 are supported. + USE_DOCKER: If set will build image in a Docker Container (requries docker) + DEFAULT: not set + USE_PODMAN: If set and USE_DOCKER not set, will build image in a Podman Container (requries podman) + DEFAULT: not set + + +Following diagram shows how the resulting image will look like + + .-----------.----------.---------------.-----------. + | 0 - 512 B | 4 - 8 Kb | 2M - 2M+512B | 3M | + |-----------+----------+---------------+-----------+ + | MBR #1 | DAX | MBR #2 | Rootfs | + '-----------'----------'---------------'-----------+ + | | ^ | ^ + | '-data-' '--------' + | | + '--------rootfs-partition---------' + + +MBR: Master boot record. +DAX: Metadata required by the NVDIMM driver to enable DAX in the guest [1][2] (struct nd_pfn_sb). +Rootfs: partition that contains the root filesystem (/usr, /bin, ect). + +Kernels and hypervisors that support DAX/NVDIMM read the MBR #2, otherwise MBR #1 is read. + +[1] - https://github.com/kata-containers/osbuilder/blob/master/image-builder/nsdax.gpl.c +[2] - https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn.h + +EOT +} + + +# build the image using container engine +build_with_container() { + local rootfs="$1" + local image="$2" + local fs_type="$3" + local block_size="$4" + local root_free_space="$5" + local agent_bin="$6" + local agent_init="$7" + local container_engine="$8" + local nsdax_bin="$9" + local container_image_name="image-builder-osbuilder" + local shared_files="" + + image_dir=$(readlink -f "$(dirname "${image}")") + image_name=$(basename "${image}") + + "${container_engine}" build \ + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + -t "${container_image_name}" "${script_dir}" + + readonly mke2fs_conf="/etc/mke2fs.conf" + if [ -f "${mke2fs_conf}" ]; then + shared_files+="-v ${mke2fs_conf}:${mke2fs_conf}:ro " + fi + + #Make sure we use a compatible runtime to build rootfs + # In case Clear Containers Runtime is installed we dont want to hit issue: + #https://github.com/clearcontainers/runtime/issues/828 + "${container_engine}" run \ + --rm \ + --runtime "${DOCKER_RUNTIME}" \ + --privileged \ + --env AGENT_BIN="${agent_bin}" \ + --env AGENT_INIT="${agent_init}" \ + --env FS_TYPE="${fs_type}" \ + --env BLOCK_SIZE="${block_size}" \ + --env ROOT_FREE_SPACE="${root_free_space}" \ + --env NSDAX_BIN="${nsdax_bin}" \ + --env DEBUG="${DEBUG}" \ + -v /dev:/dev \ + -v "${script_dir}":"/osbuilder" \ + -v "${script_dir}/../scripts":"/scripts" \ + -v "${rootfs}":"/rootfs" \ + -v "${image_dir}":"/image" \ + ${shared_files} \ + ${container_image_name} \ + bash "/osbuilder/${script_name}" -o "/image/${image_name}" /rootfs +} + +check_rootfs() { + local rootfs="${1}" + + [ -d "${rootfs}" ] || die "${rootfs} is not a directory" + + # The kata rootfs image expect init and kata-agent to be installed + init_path="/sbin/init" + init="${rootfs}${init_path}" + if [ ! -x "${init}" ] && [ ! -L "${init}" ]; then + error "${init_path} is not installed in ${rootfs}" + return 1 + fi + OK "init is installed" + + + candidate_systemd_paths="/usr/lib/systemd/systemd /lib/systemd/systemd" + + # check agent or systemd + case "${AGENT_INIT}" in + "no") + for systemd_path in $candidate_systemd_paths; do + systemd="${rootfs}${systemd_path}" + if [ -x "${systemd}" ] || [ -L "${systemd}" ]; then + found="yes" + break + fi + done + if [ ! $found ]; then + error "None of ${candidate_systemd_paths} is installed in ${rootfs}" + return 1 + fi + OK "init is systemd" + ;; + + "yes") + agent_path="/sbin/init" + agent="${rootfs}${agent_path}" + if [ ! -x "${agent}" ]; then + error "${agent_path} is not installed in ${rootfs}. Use AGENT_BIN env variable to change the expected agent binary name" + return 1 + fi + # checksum must be different to system + for systemd_path in $candidate_systemd_paths; do + systemd="${rootfs}${systemd_path}" + if [ -f "${systemd}" ] && cmp -s "${systemd}" "${agent}"; then + error "The agent is not the init process. ${agent_path} is systemd" + return 1 + fi + done + + OK "Agent installed" + ;; + + *) + error "Invalid value for AGENT_INIT: '${AGENT_INIT}'. Use to 'yes' or 'no'" + return 1 + ;; + esac + + return 0 +} + +calculate_required_disk_size() { + local rootfs="$1" + local fs_type="$2" + local block_size="$3" + + readonly rootfs_size_mb=$(du -B 1MB -s "${rootfs}" | awk '{print $1}') + readonly image="$(mktemp)" + readonly max_tries=20 + readonly increment=10 + + for i in $(seq 1 $max_tries); do + local img_size="$((rootfs_size_mb + (i * increment)))" + create_disk "${image}" "${img_size}" "${fs_type}" "${rootfs_start}" > /dev/null 2>&1 + if ! device="$(setup_loop_device "${image}")"; then + continue + fi + + if ! format_loop "${device}" "${block_size}" "${fs_type}" > /dev/null 2>&1 ; then + die "Could not format loop device: ${device}" + fi + local mount_dir + while [ -z "${mount_dir}" ]; do mount_dir="$(udisksctl mount -b ${device}p1)" || sleep 3; done + mount_dir="${mount_dir##* }" + avail="$(df -BM --output=avail "${mount_dir}" | tail -n1 | sed 's/[M ]//g')" + udisksctl unmount -b "${device}p1" &>/dev/null + udisksctl loop-delete -b "${device}" &>/dev/null + unset mount_dir + + if [ "${avail}" -gt "${rootfs_size_mb}" ]; then + #rmdir "${mount_dir}" + rm -f "${image}" + echo "${img_size}" + return + fi + done + + + #rmdir "${mount_dir}" + rm -f "${image}" + error "Could not calculate the required disk size" +} + +# Calculate image size based on the rootfs and free space +calculate_img_size() { + local rootfs="$1" + local root_free_space_mb="$2" + local fs_type="$3" + local block_size="$4" + + # rootfs start + DAX header size + rootfs end + local reserved_size_mb=$((rootfs_start + dax_header_sz + rootfs_end)) + + disk_size="$(calculate_required_disk_size "${rootfs}" "${fs_type}" "${block_size}")" + + img_size="$((disk_size + reserved_size_mb))" + if [ -n "${root_free_space_mb}" ]; then + img_size="$((img_size + root_free_space_mb))" + fi + + remaining="$((img_size % mem_boundary_mb))" + if [ "${remaining}" != "0" ]; then + img_size=$((img_size + mem_boundary_mb - remaining)) + fi + + echo "${img_size}" +} + +setup_loop_device() { + local image="$1" + + # Get the loop device bound to the image file (requires /dev mounted in the + # image build system and root privileges) + local device="$(udisksctl loop-setup -f ${image})" + device="${device##* }" + device="${device%.*}" + echo "${device}" + return 0 +} + +format_loop() { + local device="$1" + local block_size="$2" + local fs_type="$3" + + case "${fs_type}" in + "${ext4_format}") + mkfs.ext4 -q -F -E root_owner -b "${block_size}" "${device}p1" + info "Set filesystem reserved blocks percentage to ${reserved_blocks_percentage}%" + tune2fs -m "${reserved_blocks_percentage}" "${device}p1" + ;; + + "${xfs_format}") + # DAX and reflink cannot be used together! + # Explicitly disable reflink, if it fails then reflink + # is not supported and '-m reflink=0' is not needed. + if mkfs.xfs -m reflink=0 -q -f -b size="${block_size}" "${device}p1" 2>&1 | grep -q "unknown option"; then + mkfs.xfs -q -f -b size="${block_size}" "${device}p1" + fi + ;; + + *) + error "Unsupported fs type: ${fs_type}" + return 1 + ;; + esac +} + +create_disk() { + local image="$1" + local img_size="$2" + local fs_type="$3" + local part_start="$4" + + info "Creating raw disk with size ${img_size}M" + qemu-img create -q -f raw "${image}" "${img_size}M" + OK "Image file created" + + # Kata runtime expect an image with just one partition + # The partition is the rootfs content + info "Creating partitions" + parted -s -a optimal "${image}" -- \ + mklabel msdos \ + mkpart primary "${fs_type}" "${part_start}"M "${rootfs_end}"M + + OK "Partitions created" +} + +create_rootfs_image() { + local rootfs="$1" + local image="$2" + local img_size="$3" + local fs_type="$4" + local block_size="$5" + + create_disk "${image}" "${img_size}" "${fs_type}" "${rootfs_start}" + + if ! device="$(setup_loop_device "${image}")"; then + die "Could not setup loop device" + fi + + if ! format_loop "${device}" "${block_size}" "${fs_type}"; then + die "Could not format loop device: ${device}" + fi + + info "Mounting root partition" + local mount_dir + while [ -z "${mount_dir}" ]; do mount_dir="$(udisksctl mount -b ${device}p1)" || sleep 3; done + mount_dir="${mount_dir##* }" + OK "root partition mounted" + + info "Copying content from rootfs to root partition" + cp -a "${rootfs}"/* "${mount_dir}" + sync + OK "rootfs copied" + + info "Removing unneeded systemd services and sockets" + for u in "${systemd_units[@]}"; do + find "${mount_dir}" \ + -path "${mount_dir}/lost+found" -prune -o -type f \( \ + -name "${u}.service" -o \ + -name "${u}.socket" \) \ + -exec rm -f {} \; + done + + info "Removing unneeded systemd files" + for u in "${systemd_files[@]}"; do + find "${mount_dir}" \ + -path "${mount_dir}/lost+found" -prune -o \ + -type f -name "${u}" -exec rm -f {} \; + done + + info "Creating empty machine-id to allow systemd to bind-mount it" + touch "${mount_dir}/etc/machine-id" + + info "Unmounting root partition" + udisksctl unmount -b "${device}p1" + OK "Root partition unmounted" + + if [ "${fs_type}" = "${ext4_format}" ]; then + fsck.ext4 -D -y "${device}p1" + fi + + udisksctl loop-delete -b "${device}" + #rmdir "${mount_dir}" +} + +set_dax_header() { + local image="$1" + local img_size="$2" + local fs_type="$3" + local nsdax_bin="$4" + + # rootfs start + DAX header size + local rootfs_offset=$((rootfs_start + dax_header_sz)) + local header_image="${image}.header" + local dax_image="${image}.dax" + rm -f "${dax_image}" "${header_image}" + + create_disk "${header_image}" "${img_size}" "${fs_type}" "${rootfs_offset}" + + dax_header_bytes=$((dax_header_sz * 1024 * 1024)) + dax_alignment_bytes=$((dax_alignment * 1024 * 1024)) + info "Set DAX metadata" + # Set metadata header + # Issue: https://github.com/kata-containers/osbuilder/issues/240 + if [ -z "${nsdax_bin}" ] ; then + nsdax_bin="${script_dir}/nsdax" + gcc -O2 "${script_dir}/nsdax.gpl.c" -o "${nsdax_bin}" + trap "rm ${nsdax_bin}" EXIT + fi + "${nsdax_bin}" "${header_image}" "${dax_header_bytes}" "${dax_alignment_bytes}" + sync + + touch "${dax_image}" + # Copy MBR #1 + DAX metadata + dd if="${header_image}" of="${dax_image}" bs="${dax_header_sz}M" count=1 + # Copy MBR #2 + Rootfs + dd if="${image}" of="${dax_image}" oflag=append conv=notrunc + # final image + mv "${dax_image}" "${image}" + sync + + rm -f "${dax_image}" "${header_image}" +} + +main() { + # variables that can be overwritten by environment variables + local agent_bin="${AGENT_BIN:-kata-agent}" + local agent_init="${AGENT_INIT:-no}" + local fs_type="${FS_TYPE:-${ext4_format}}" + local image="${IMAGE:-kata-containers.img}" + local block_size="${BLOCK_SIZE:-4096}" + local root_free_space="${ROOT_FREE_SPACE:-}" + local nsdax_bin="${NSDAX_BIN:-}" + + while getopts "ho:r:f:" opt + do + case "$opt" in + h) usage; return 0;; + o) image="${OPTARG}" ;; + r) root_free_space="${OPTARG}" ;; + f) fs_type="${OPTARG}" ;; + *) break ;; + esac + done + + shift $(( OPTIND - 1 )) + rootfs="$(readlink -f "$1")" + if [ -z "${rootfs}" ]; then + usage + exit 0 + fi + + local container_engine + if [ -n "${USE_DOCKER}" ]; then + container_engine="docker" + elif [ -n "${USE_PODMAN}" ]; then + container_engine="podman" + fi + + if [ -n "$container_engine" ]; then + build_with_container "${rootfs}" \ + "${image}" "${fs_type}" "${block_size}" \ + "${root_free_space}" "${agent_bin}" \ + "${agent_init}" "${container_engine}" \ + "${nsdax_bin}" + exit $? + fi + + if ! check_rootfs "${rootfs}" ; then + die "Invalid rootfs" + fi + + img_size=$(calculate_img_size "${rootfs}" "${root_free_space}" "${fs_type}" "${block_size}") + + # the first 2M are for the first MBR + NVDIMM metadata and were already + # consider in calculate_img_size + rootfs_img_size=$((img_size - dax_header_sz)) + create_rootfs_image "${rootfs}" "${image}" "${rootfs_img_size}" \ + "${fs_type}" "${block_size}" + + # insert at the beginning of the image the MBR + DAX header + set_dax_header "${image}" "${img_size}" "${fs_type}" "${nsdax_bin}" +} + +main "$@" diff --git a/install_kata-agent.tpl b/install_kata-agent.tpl new file mode 100644 index 000000000000..6873c78824a4 --- /dev/null +++ b/install_kata-agent.tpl @@ -0,0 +1,5 @@ +#!/bin/bash + +build(){ + add_binary "${BINSRC}" "/init" +} diff --git a/install_sd-kata-agent.tpl b/install_sd-kata-agent.tpl new file mode 100644 index 000000000000..57a7a932f898 --- /dev/null +++ b/install_sd-kata-agent.tpl @@ -0,0 +1,7 @@ +#!/bin/bash + +build(){ + add_systemd_unit "${SRCDIR}/kata-containers.target" + add_systemd_unit "${SRCDIR}/kata-agent.service" + add_binary "${SRCDIR}/target/${KARCH}-unknown-linux-gnu/release/kata-agent" +} diff --git a/kata-agent.service.in b/kata-agent.service.in new file mode 100644 index 000000000000..0340bdbbbd54 --- /dev/null +++ b/kata-agent.service.in @@ -0,0 +1,24 @@ +# +# Copyright (c) 2018-2019 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +[Unit] +Description=Kata Containers Agent +Documentation=https://github.com/kata-containers/kata-containers +Wants=kata-containers.target +#ConditionPathExists=/etc/initrd-release +#DefaultDependencies=no + +[Service] +# Send agent output to tty to allow capture debug logs +# from a VM vsock port +StandardOutput=tty +Type=simple +ExecStart=@BINDIR@/@AGENT_NAME@ +LimitNOFILE=infinity +# ExecStop is required for static agent tracing; in all other scenarios +# the runtime handles shutting down the VM. +ExecStop=/bin/sync ; /usr/bin/systemctl --force poweroff +FailureAction=poweroff diff --git a/kata-containers.target b/kata-containers.target new file mode 100644 index 000000000000..03f370075ee5 --- /dev/null +++ b/kata-containers.target @@ -0,0 +1,16 @@ +# +# Copyright (c) 2018-2019 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +[Unit] +Description=Kata Containers Agent Target +Requires=basic.target +Requires=tmp.mount +Wants=chronyd.service +Requires=kata-agent.service +Conflicts=rescue.service rescue.target +After=basic.target rescue.service rescue.target +AllowIsolate=yes +#ConditionPathExists=/etc/initrd-release diff --git a/kata-runtime.install b/kata-runtime.install deleted file mode 100644 index bf29b5a97eae..000000000000 --- a/kata-runtime.install +++ /dev/null @@ -1,44 +0,0 @@ -post_install() { - cat <<EOF - -To use kata-runtime with docker, -- add the following config to /etc/docker/daemon.json -""" -{ - "runtimes": { - "kata": { - "path": "/usr/bin/kata-runtime" - } - } -} -""" - and restart the docker daemon - -- run containers with the "--runtime=kata" options to use kata-runtime -""" -$ docker run --runtime=kata --rm busybox date -""" - -- to set Kata as the default runtime, add '"default-runtime": "kata"' to /etc/docker/daemon.json and restart the docker daemon -""" -{ - "default-runtime": "kata", - "runtimes": { - "kata": { - "path": "/usr/bin/kata-runtime" - }, - } -} - -""" - -- to run Kata with Firecracker, due to Firecracker's limitations, you have to set your Docker storage driver (ref: https://docs.docker.com/storage/storagedriver/select-storage-driver/ ) to 'devicemapper' in /etc/docker/daemon.json -""" -{ - "storage-driver": "devicemapper" -} -""" - -EOF - -} diff --git a/kata2-guest.install b/kata2-guest.install new file mode 100644 index 000000000000..f2ab78bbbeab --- /dev/null +++ b/kata2-guest.install @@ -0,0 +1,20 @@ +post_install() { + cat <<EOF + +Due to backflips made to be able to build the Kata guest image (not initrd!) +without root account access, rootfs has uid:gid of the builer's user account. + +This might have subtle security implications and if that's not acceptable, +the user could do one of the following: + +- alter the build process to use upstream's \`image_builder.sh\` to build + the image from rootfs created via \`pacman\`, with root priviledges +- use the \`-bin\`-suffixed package, containing upstream-built images + +By installing this package as-is, the user acknowledges this warning. + +Due to issues with properly building an Arch-based initrd, VM templating support +is broken at the moment. + +EOF +} diff --git a/kata2-runtime.install b/kata2-runtime.install new file mode 100644 index 000000000000..ef84496a0d1f --- /dev/null +++ b/kata2-runtime.install @@ -0,0 +1,11 @@ +post_install() { + cat <<EOF + +Due to Docker hard-codied usage of OCI runtime shim v1, the closest replacement +is to call containerd CLI, for example as follows: + + ctr image pull docker.io/library/alpine:edge + ctr run --rm -t --runtime io.containerd.kata.v2 docker.io/library/alpine:edge example-container-name date + +EOF +} diff --git a/mkinitcpio-agent.conf b/mkinitcpio-agent.conf new file mode 100644 index 000000000000..1a36f26aab64 --- /dev/null +++ b/mkinitcpio-agent.conf @@ -0,0 +1,6 @@ +MODULES=() +BINARIES=() +FILES=() +HOOKS=(kata-agent) +#COMPRESSION="gzip" +#COMPRESSION_OPTIONS=() |