Kata 1.x has been archived, move Kata 2.x as expected release and bump to 2.1.0

author: zer0def 2021-05-15 06:27:43 +0200
committer: zer0def 2021-05-15 08:03:48 +0200
commit: 8f78807fe6f686ce7d52daf67d6a26b3664e9c01 (patch)
tree: 433eb1ca2cbe85837734feaeeaa62479008fa1ff
parent: 8c50f1ee85601cb265a6e2f834428babcc1ca2a6 (diff)
download: aur-8f78807fe6f686ce7d52daf67d6a26b3664e9c01.tar.gz
14 files changed, 900 insertions, 153 deletions
diff --git a/.SRCINFO b/.SRCINFO
index c105f22d147c..4270a5eb8bba 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,38 +1,57 @@
 pkgbase = kata-containers
-	pkgdesc = Lightweight virtual machines for containers
-	pkgver = 1.12.1
+	pkgdesc = Lightweight virtual machines for containers, version 2
+	pkgver = 2.1.0
 	pkgrel = 1
 	url = https://katacontainers.io/
 	arch = x86_64
 	license = Apache
 	makedepends = go
-	source = ksm-throttler-1.12.1.tar.gz::https://github.com/kata-containers/ksm-throttler/archive/1.12.1.tar.gz
-	source = proxy-1.12.1.tar.gz::https://github.com/kata-containers/proxy/archive/1.12.1.tar.gz
-	source = runtime-1.12.1.tar.gz::https://github.com/kata-containers/runtime/archive/1.12.1.tar.gz
-	source = shim-1.12.1.tar.gz::https://github.com/kata-containers/shim/archive/1.12.1.tar.gz
-	sha512sums = 5653a4110e57f3145041b0aef1b9f4b8be67d8d0c04144dfbb3b613362bdb6ce67199e9f34d1224cbf08255efe6d191a6e03ba40c35d4d0650004e2582774de4
-	sha512sums = 9bd64016374354364d45522239a81b12a7cd3436b0842793e2964bc5b8bc79f6c8be57d71b7384985c416889293688f8c65dffacba23dbf653d9a0ba916263d9
-	sha512sums = c831eaa3d0fcddbb5dca0e18f3dfb4e616d45edb42031532c8ea52243a73e685d8f888671a27665f09d0aed41e27ac2035c78ff491f836a044a036d05f922dd7
-	sha512sums = acc1592a91f56057a5dc3380824811d436cd82a17e41e028289eb8837aa5fbbb8b811cec51844789f7611b7c009b2050f07bd8c69f7ab28842e4f5fe7accc0b3
-	b2sums = c930d082e0a9faa4a90751b3d67e91868bda12dea4ee6f3f565a24c1d074e7b4ed09a93ba14f9696e0891452e2d69a685ec837e7183bc9ff86b479034ed40fc9
-	b2sums = 206bfe0e7d8be050f934ffbd7516543dfc3aca7339e83b318db8acd6323d4c3e68e8bb4f1dfa3530b7b5404960b27867a79396154d0fc61ec3445a5f0e70a78f
-	b2sums = 72d9995a45997c2d407f411f9a177207e23f382b40c08c1930c07029d76bcb3b703d3e80a209e98dc7646d6b1736cab4a1047974a2fb917419a4a6d94e796dd5
-	b2sums = a73a3ce69ff54e7d172ef30e73678d4aaf12ab725798fe6e057f0ca163a95d7ce43c599fec9e7767259b4b793543febd1b7478678400e7f01204a1df89af9556
+	makedepends = bc
+	makedepends = rust
+	makedepends = mkinitcpio
+	makedepends = pacman
+	makedepends = udisks2
+	source = kata-containers-2.1.0.tar.gz::https://github.com/kata-containers/kata-containers/archive/2.1.0.tar.gz
+	source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.25.tar.xz
+	source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.25.tar.sign
+	source = mkinitcpio-agent.conf
+	source = install_kata-agent.tpl
+	source = image_builder.sh
+	source = install_sd-kata-agent.tpl
+	source = kata-agent.service.in
+	source = kata-containers.target
+	source = 0001-config-preemption.diff
+	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
+	sha512sums = ccfc712168738fce1f26b14fbe4a0dcecd9d1f3a0698c06487d98091173951be141c06b4314712ea9b67cda93d2efa8701c3b9afc8770458147defa5adbabf1a
+	sha512sums = 20d81a5930f4877e4a67930c8fc52406767bc1c1ca65a78037e4f42738bae54009a59d1a21e3bfde773f67af608a763e67a8829564b3665cae937dbc19947c13
+	sha512sums = SKIP
+	sha512sums = 182a249aecbab33b8704e9567e96d33b535ee59e6d2f52f0c30fbc3d12813f60192886539cc745933caaf59268925d78db9e0b6b427321e2bac932ebde77d62e
+	sha512sums = 0250e52251986f36cfb9e378d848f755caaf5253daa8ff7d87172f2622754c1eb4180b338a497e3fbeb880e232eef19d5e512f5a8e610e7a6eb468f210849a08
+	sha512sums = 6f476297d9001eef9a0665689f752cf5124907522cfc87240df16488379a5c7c9820a6e33a576dbf7f75c4fdfa7cab7a0e395b05c9339069dedbdaac42fb6c04
+	sha512sums = 60e2dee0afcfc52b6075309b4eeb55c75dc4a8f063274f2cd481a0056fae0e78e414f0422af26acddff93edb43a23cb52c26aefd92677160fd8eb6a685b6a6d6
+	sha512sums = 8f927f482d54a762ae5c952883034355a76c5547993ed4245a434a74014aa96e6c5182e3ece0a431e075c1d2f86e99ed0d0d8d839586821c5a7cdf053ec6963d
+	sha512sums = b599a62d07f4451f52747eaf185142fbe8eeb9aced211369fc83d88c43483ef1008f87615fcfcf30d74a557569b89d5fcb4a61326ffc8cb0559ec51807d808ca
+	sha512sums = 76c27fe0e2b84a9ae0d4b0e2a96ef0c07777811991b4aae21c88494b91fa2837fb67be335cebf4874e5e3235b5ba4641ec4544f9e055765e2dcf399d9d875e8c
+	b2sums = ee14536ba48ece1beba2409082446b18b80450233335bf2b9644604cf3d97404caa9f58a0ca1de69da50cd900e0b7ee5f9b046e206b9235ed77b9deccb2399d6
+	b2sums = 1aa774dcd894f4f5a24cc26375dac4dfe0b8d1c37e58c6878dd81c2f6466a8fbb635b46e881bec75b00c041c6d0c73c545bd10ff25afde6a5bca1e63e165e51c
+	b2sums = SKIP
+	b2sums = 43c81141a65fd14b60ae72c5b98168bec531990903cc7c8b224b416c71d1d05c1cf3f73891954604e0b0c6f48c52a3a41a8e9e78874a79e72b14282373108e8b
+	b2sums = 9abf2208af353019ba177d8a48ba613401742cd21258a79c5d9cb8518a51f4f22a41dc386b71f2d6521d03f6ff65d8710dc59d1ca9c7c1dc5f94061c7374286c
+	b2sums = 1745aa5d5df0af2452381de163e3964511172e045c13736a062bb2c932e3306250d24992b2bdbc534ced188b35d3b1f4958a5680c99356afd3097d11c84aee31
+	b2sums = 1ce51ec8cfac8149e3d421d58ec4cb5df2119f4c4d6371da3406297f87a35b6453a9a91bfce9b3b6ac81945b9c8c8237d5818b7321198635614148a8001e3da7
+	b2sums = 8b5371fe7b1858dc61dcf4153b58f9c7a5ba564299d657c2bc4eac2328801346e9ca3f6f441dcca710e89495e5b7f9d35b002a8e031eb3cbd4a4fa850566309a
+	b2sums = 60bb47bec6e35ccc460ac066d7205d084ab8bdc7d1749918ce0497983a6e7eb770ca9fd996f44b05dbdbfc35390bf2d02b7e8abc619fa6d9df298988d5f19053
+	b2sums = 919319ddcaac3f7c5b1c1998fced9920f3e7e9d4660c83e380495fc3a14d5f4e82736ac9435fdb78512576f1d90f80b1ad017529f2b42e013b844ed3ec4bc99f
 
-pkgname = kata-ksm-throttler
+pkgname = kata-agent
 
 pkgname = kata-runtime
-	install = kata-runtime.install
+	install = kata2-runtime.install
 	depends = qemu-headless
-	depends = kata-proxy=1.12.1
-	depends = kata-shim=1.12.1
 	depends = kata-linux-container
 	depends = kata-containers-image
-	optdepends = kata-ksm-throttler=1.12.1
-	optdepends = firecracker<0.22.0
-	optdepends = cloud-hypervisor<0.9.0
+	optdepends = firecracker<0.24.0
+	optdepends = cloud-hypervisor<16.0
 
-pkgname = kata-proxy
-
-pkgname = kata-shim
+pkgname = kata-linux-container
 
diff --git a/0001-config-preemption.diff b/0001-config-preemption.diff
new file mode 100644
index 000000000000..1d9659a9ff8e
--- /dev/null
+++ b/0001-config-preemption.diff
@@ -0,0 +1,65 @@
+diff -rupN linux-5.4.71-bak/arch/x86/entry/Makefile linux-5.4.71/arch/x86/entry/Makefile
+--- linux-5.4.71-bak/arch/x86/entry/Makefile	2021-03-31 07:37:51.209894751 +0200
++++ linux-5.4.71/arch/x86/entry/Makefile	2021-03-31 07:40:01.031657854 +0200
+@@ -7,11 +7,12 @@ OBJECT_FILES_NON_STANDARD_entry_64_compa
+ 
+ CFLAGS_syscall_64.o		+= $(call cc-option,-Wno-override-init,)
+ CFLAGS_syscall_32.o		+= $(call cc-option,-Wno-override-init,)
+-obj-y				:= entry_$(BITS).o thunk_$(BITS).o syscall_$(BITS).o
++obj-y				:= entry_$(BITS).o syscall_$(BITS).o
+ obj-y				+= common.o
+ 
+ obj-y				+= vdso/
+ obj-y				+= vsyscall/
+ 
+ obj-$(CONFIG_IA32_EMULATION)	+= entry_64_compat.o syscall_32.o
++obj-$(CONFIG_PREEMPTION)		+= thunk_$(BITS).o
+ 
+diff -rupN linux-5.4.71-bak/arch/x86/entry/thunk_32.S linux-5.4.71/arch/x86/entry/thunk_32.S
+--- linux-5.4.71-bak/arch/x86/entry/thunk_32.S	2021-03-31 07:37:51.209894751 +0200
++++ linux-5.4.71/arch/x86/entry/thunk_32.S	2021-03-31 07:41:12.507459778 +0200
+@@ -34,10 +34,8 @@
+ 	THUNK trace_hardirqs_off_thunk,trace_hardirqs_off_caller,1
+ #endif
+ 
+-#ifdef CONFIG_PREEMPTION
+ 	THUNK ___preempt_schedule, preempt_schedule
+ 	THUNK ___preempt_schedule_notrace, preempt_schedule_notrace
+ 	EXPORT_SYMBOL(___preempt_schedule)
+ 	EXPORT_SYMBOL(___preempt_schedule_notrace)
+-#endif
+ 
+diff -rupN linux-5.4.71-bak/arch/x86/entry/thunk_64.S linux-5.4.71/arch/x86/entry/thunk_64.S
+--- linux-5.4.71-bak/arch/x86/entry/thunk_64.S	2021-03-31 07:37:51.209894751 +0200
++++ linux-5.4.71/arch/x86/entry/thunk_64.S	2021-03-31 07:41:09.934157585 +0200
+@@ -46,16 +46,13 @@
+ 	THUNK lockdep_sys_exit_thunk,lockdep_sys_exit
+ #endif
+ 
+-#ifdef CONFIG_PREEMPTION
+ 	THUNK ___preempt_schedule, preempt_schedule
+ 	THUNK ___preempt_schedule_notrace, preempt_schedule_notrace
+ 	EXPORT_SYMBOL(___preempt_schedule)
+ 	EXPORT_SYMBOL(___preempt_schedule_notrace)
+-#endif
+ 
+ #if defined(CONFIG_TRACE_IRQFLAGS) \
+- || defined(CONFIG_DEBUG_LOCK_ALLOC) \
+- || defined(CONFIG_PREEMPTION)
++ || defined(CONFIG_DEBUG_LOCK_ALLOC)
+ .L_restore:
+ 	popq %r11
+ 	popq %r10
+diff -rupN linux-5.4.71-bak/arch/x86/um/Makefile linux-5.4.71/arch/x86/um/Makefile
+--- linux-5.4.71-bak/arch/x86/um/Makefile	2021-03-31 07:37:51.226561216 +0200
++++ linux-5.4.71/arch/x86/um/Makefile	2021-03-31 07:38:34.422705542 +0200
+@@ -26,7 +26,8 @@ else
+ 
+ obj-y += syscalls_64.o vdso/
+ 
+-subarch-y = ../lib/csum-partial_64.o ../lib/memcpy_64.o ../entry/thunk_64.o
++subarch-y = ../lib/csum-partial_64.o ../lib/memcpy_64.o
++subarch-$(CONFIG_PREEMPTION) += ../entry/thunk_64.o
+ 
+ endif
+ 
diff --git a/3082.patch b/3082.patch
deleted file mode 100644
index 57fd9007df11..000000000000
--- a/3082.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From c56af73d3d142125e0712028be0b9e179e0ff957 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Wed, 18 Nov 2020 17:42:04 +0100
-Subject: [PATCH] virtcontainers: Don't set Ctty
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The https://go-review.googlesource.com/c/go/+/231638/ commit on Golang
-introduced a failure on Kata Containers when the runtime is built with
-golang 15.2+.
-
-Fixes: #2982
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
----
- virtcontainers/shim.go | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/virtcontainers/shim.go b/virtcontainers/shim.go
-index 8ec7458b6..d0c891dd5 100644
---- a/virtcontainers/shim.go
-+++ b/virtcontainers/shim.go
-@@ -208,9 +208,6 @@ func startShim(args []string, params ShimParams) (int, error) {
- 		cmd.Stderr = f
- 		// Create Session
- 		cmd.SysProcAttr.Setsid = true
--		// Set Controlling terminal to Ctty
--		cmd.SysProcAttr.Setctty = true
--		cmd.SysProcAttr.Ctty = int(f.Fd())
- 	}
- 	defer func() {
- 		if f != nil {
diff --git a/PKGBUILD b/PKGBUILD
index e5ff1c905fed..b4134eba81ae 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,89 +3,209 @@
 # Contributor: Stefan Zwanenburg <stefan cat zwanenburg dog info>
 pkgbase=kata-containers
 pkgname=(
-  kata-ksm-throttler
+  kata-agent
   kata-runtime
-  kata-proxy
-  kata-shim
+  kata-linux-container
+  #kata-containers-image
 )
-pkgver=1.12.1
+pkgver=2.1.0
 _pkgver=${pkgver/\~/-}
 pkgrel=1
-pkgdesc="Lightweight virtual machines for containers"
+pkgdesc="Lightweight virtual machines for containers, version 2"
 arch=('x86_64')
 url="https://katacontainers.io/"
 license=('Apache')
 makedepends=(
-  'go'
-  #'yq2-bin'
+  'go' 'bc' 'rust'
+  #'yq2-bin'  # quietly pulled by Kata's codebase to read versions.yaml from source repo
+  'mkinitcpio'  # initrd build
+  'pacman' 'udisks2' # rootless image build
 )
+
 _gh_org="github.com/kata-containers"
+_kata_kernel_ver="${KATA_KERNEL_VER:-5.10.25}"
+
 source=(
-  "ksm-throttler-${_pkgver}.tar.gz::https://${_gh_org}/ksm-throttler/archive/${_pkgver}.tar.gz"
-  "proxy-${_pkgver}.tar.gz::https://${_gh_org}/proxy/archive/${_pkgver}.tar.gz"
-  "runtime-${_pkgver}.tar.gz::https://${_gh_org}/runtime/archive/${_pkgver}.tar.gz"
-  "shim-${_pkgver}.tar.gz::https://${_gh_org}/shim/archive/${_pkgver}.tar.gz"
-  #"3082.patch"  # https://github.com/kata-containers/runtime/pull/3082 fixing https://github.com/kata-containers/runtime/issues/2982
+  "${pkgbase}-${_pkgver}.tar.gz::https://${_gh_org}/kata-containers/archive/${_pkgver}.tar.gz"
+  "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_kata_kernel_ver}.tar.xz"
+  "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_kata_kernel_ver}.tar.sign"
+
+  # mknitcpio-busybox
+  "mkinitcpio-agent.conf"
+  "install_kata-agent.tpl"
+  "image_builder.sh"  # image build
+
+  # mknitpcio-systemd
+  "install_sd-kata-agent.tpl"
+  "kata-agent.service.in"
+  "kata-containers.target"
+
+  # https://lkml.org/lkml/2021/1/23/75
+  "0001-config-preemption.diff"
 )
 sha512sums=(
-  5653a4110e57f3145041b0aef1b9f4b8be67d8d0c04144dfbb3b613362bdb6ce67199e9f34d1224cbf08255efe6d191a6e03ba40c35d4d0650004e2582774de4
-  9bd64016374354364d45522239a81b12a7cd3436b0842793e2964bc5b8bc79f6c8be57d71b7384985c416889293688f8c65dffacba23dbf653d9a0ba916263d9
-  c831eaa3d0fcddbb5dca0e18f3dfb4e616d45edb42031532c8ea52243a73e685d8f888671a27665f09d0aed41e27ac2035c78ff491f836a044a036d05f922dd7
-  acc1592a91f56057a5dc3380824811d436cd82a17e41e028289eb8837aa5fbbb8b811cec51844789f7611b7c009b2050f07bd8c69f7ab28842e4f5fe7accc0b3
-  #87568f7db71a816f4953245af4b302da2f0a19543a706bce9d84e9c7e9de8f6ef54f410e426f05c4faf46bcfb330f802fa8261848beda3aaa965bfc11408a5ca
+  "ccfc712168738fce1f26b14fbe4a0dcecd9d1f3a0698c06487d98091173951be141c06b4314712ea9b67cda93d2efa8701c3b9afc8770458147defa5adbabf1a"
+  "${KATA_KERNEL_SUM_SHA512:-20d81a5930f4877e4a67930c8fc52406767bc1c1ca65a78037e4f42738bae54009a59d1a21e3bfde773f67af608a763e67a8829564b3665cae937dbc19947c13}"
+  "SKIP"
+
+  "182a249aecbab33b8704e9567e96d33b535ee59e6d2f52f0c30fbc3d12813f60192886539cc745933caaf59268925d78db9e0b6b427321e2bac932ebde77d62e"
+  "0250e52251986f36cfb9e378d848f755caaf5253daa8ff7d87172f2622754c1eb4180b338a497e3fbeb880e232eef19d5e512f5a8e610e7a6eb468f210849a08"
+  "6f476297d9001eef9a0665689f752cf5124907522cfc87240df16488379a5c7c9820a6e33a576dbf7f75c4fdfa7cab7a0e395b05c9339069dedbdaac42fb6c04"
+
+  "60e2dee0afcfc52b6075309b4eeb55c75dc4a8f063274f2cd481a0056fae0e78e414f0422af26acddff93edb43a23cb52c26aefd92677160fd8eb6a685b6a6d6"
+  "8f927f482d54a762ae5c952883034355a76c5547993ed4245a434a74014aa96e6c5182e3ece0a431e075c1d2f86e99ed0d0d8d839586821c5a7cdf053ec6963d"
+  "b599a62d07f4451f52747eaf185142fbe8eeb9aced211369fc83d88c43483ef1008f87615fcfcf30d74a557569b89d5fcb4a61326ffc8cb0559ec51807d808ca"
+
+  "76c27fe0e2b84a9ae0d4b0e2a96ef0c07777811991b4aae21c88494b91fa2837fb67be335cebf4874e5e3235b5ba4641ec4544f9e055765e2dcf399d9d875e8c"
 )
 b2sums=(
-  c930d082e0a9faa4a90751b3d67e91868bda12dea4ee6f3f565a24c1d074e7b4ed09a93ba14f9696e0891452e2d69a685ec837e7183bc9ff86b479034ed40fc9
-  206bfe0e7d8be050f934ffbd7516543dfc3aca7339e83b318db8acd6323d4c3e68e8bb4f1dfa3530b7b5404960b27867a79396154d0fc61ec3445a5f0e70a78f
-  72d9995a45997c2d407f411f9a177207e23f382b40c08c1930c07029d76bcb3b703d3e80a209e98dc7646d6b1736cab4a1047974a2fb917419a4a6d94e796dd5
-  a73a3ce69ff54e7d172ef30e73678d4aaf12ab725798fe6e057f0ca163a95d7ce43c599fec9e7767259b4b793543febd1b7478678400e7f01204a1df89af9556
-  #d4f55b660a26ff6dc9e9a7f4eab80f3a45a228b9780054ae0a8d1080ca8db29333818e9e83235c4e6a128117473fe8fcb8f9e5831042aaf71d4defca09808ef2
+  "ee14536ba48ece1beba2409082446b18b80450233335bf2b9644604cf3d97404caa9f58a0ca1de69da50cd900e0b7ee5f9b046e206b9235ed77b9deccb2399d6"
+  "${KATA_KERNEL_SUM_B2:-1aa774dcd894f4f5a24cc26375dac4dfe0b8d1c37e58c6878dd81c2f6466a8fbb635b46e881bec75b00c041c6d0c73c545bd10ff25afde6a5bca1e63e165e51c}"
+  "SKIP"
+
+  "43c81141a65fd14b60ae72c5b98168bec531990903cc7c8b224b416c71d1d05c1cf3f73891954604e0b0c6f48c52a3a41a8e9e78874a79e72b14282373108e8b"
+  "9abf2208af353019ba177d8a48ba613401742cd21258a79c5d9cb8518a51f4f22a41dc386b71f2d6521d03f6ff65d8710dc59d1ca9c7c1dc5f94061c7374286c"
+  "1745aa5d5df0af2452381de163e3964511172e045c13736a062bb2c932e3306250d24992b2bdbc534ced188b35d3b1f4958a5680c99356afd3097d11c84aee31"
+
+  "1ce51ec8cfac8149e3d421d58ec4cb5df2119f4c4d6371da3406297f87a35b6453a9a91bfce9b3b6ac81945b9c8c8237d5818b7321198635614148a8001e3da7"
+  "8b5371fe7b1858dc61dcf4153b58f9c7a5ba564299d657c2bc4eac2328801346e9ca3f6f441dcca710e89495e5b7f9d35b002a8e031eb3cbd4a4fa850566309a"
+  "60bb47bec6e35ccc460ac066d7205d084ab8bdc7d1749918ce0497983a6e7eb770ca9fd996f44b05dbdbfc35390bf2d02b7e8abc619fa6d9df298988d5f19053"
+
+  "919319ddcaac3f7c5b1c1998fced9920f3e7e9d4660c83e380495fc3a14d5f4e82736ac9435fdb78512576f1d90f80b1ad017529f2b42e013b844ed3ec4bc99f"
 )
+validpgpkeys=(
+  647F28654894E3BD457199BE38DBBDC86092693E  # kernel
+)
+
+case "${CARCH}" in
+  x86_64)     _KARCH=x86_64;;
+  aarch64)    _KARCH=arm64;;
+  s390|s390x) _KARCH=s390;;
+  ppc64le)    _KARCH=powerpc;;
+esac
+
+_kernel_prepare(){
+  # kata2-linux-container prep (ref: https://github.com/kata-containers/packaging/tree/master/kernel )
+  cd "${srcdir}/linux-${_kata_kernel_ver}"
+  #for p in $(find "${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/kernel/patches" -type f -name "*.patch"); do
+  #  patch -p1 <"${p}"
+  #done
+
+  # 5.4.71
+  #patch -p1 <"${srcdir}/0001-config-preemption.diff"
+
+  # kernel config prep from upstream ("${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/obs-packaging/linux-container/kata-linux-container.spec-template")
+  make -s mrproper
+  rm -f .config
+
+  local -r _KCONFIG="$(find "${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/kernel/configs" -type f -name "${_KARCH}_kata_kvm_${_kata_kernel_ver%.*}.x")"
+  if [ -z "${_KCONFIG}" ]; then
+    KCONFIG_CONFIG=.config ARCH=${_KARCH} scripts/kconfig/merge_config.sh -r -n "${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/kernel/configs/fragments/common/"*.conf "${srcdir}/${pkgbase}-${_pkgver}/tools/packaging/kernel/configs/fragments/${_KARCH}/"*.conf
+  else
+    install -Dm 0644 "${_KCONFIG}" .config
+  fi
+  make -s ARCH="${_KARCH}" oldconfig
+}
 
 prepare(){
+  _kernel_prepare
+
   #install -dm0755 "${srcdir}/bin"
   #ln -sf "$(command -v yq)" "${srcdir}/bin/yq"
 
-  install -dm0755 "${srcdir}/src/${_gh_org}"
-  for i in ksm-throttler proxy runtime shim; do
-    rm -rf "${srcdir}/src/${_gh_org}/${i}"
-    mv "${srcdir}/${i}-${_pkgver}" "${srcdir}/src/${_gh_org}/${i}"
-  done
-  cd "${srcdir}/src/${_gh_org}/runtime"
-  #patch -p1 <"${srcdir}/3082.patch"
+  # agent-based initrd
+  BINSRC="${srcdir}/${pkgbase}-${_pkgver}/src/agent/target/${_KARCH}-unknown-linux-gnu/release/kata-agent" envsubst <"${srcdir}/install_kata-agent.tpl" >"${srcdir}/install_kata-agent"
+  install -Dm0644 "${srcdir}/install_kata-agent" "${srcdir}/initcpio-agent/install/kata-agent"
+
+  # systemd units
+  install -Dm0644 "${srcdir}/kata-agent.service.in" "${srcdir}/${pkgbase}-${_pkgver}/src/agent/kata-agent.service.in"
+  install -Dm0644 "${srcdir}/kata-containers.target" "${srcdir}/${pkgbase}-${_pkgver}/src/agent/kata-containers.target"
+
+  # systemd-based initrd
+  SRCDIR="${srcdir}/${pkgbase}-${_pkgver}/src/agent" KARCH="${_KARCH}" envsubst <"${srcdir}/install_sd-kata-agent.tpl" >"${srcdir}/install_sd-kata-agent"
+  install -Dm0644 "${srcdir}/install_sd-kata-agent" "${srcdir}/initcpio-systemd/install/sd-kata-agent"
+
+  # remove subrepos without the `install` makefile target
+  sed -i \
+    -e '/COMPONENTS += trace-forwarder/d' \
+    -e '/TOOLS += agent-ctl/d' \
+    "${srcdir}/${pkgbase}-${_pkgver}/Makefile"
+  install -m0755 "${srcdir}/image_builder.sh" "${srcdir}/${pkgbase}-${_pkgver}/tools/osbuilder/image-builder/image_builder.sh"
+}
+
+_kata_image_build() {
+  install -dm0755 "${srcdir}/pkgcache" "${srcdir}/alpmdb" "${srcdir}/rootfs"
+  fakeroot -- pacman -r "${srcdir}/rootfs" -b "${srcdir}/alpmdb" --cachedir "${srcdir}/pkgcache" --noconfirm -Sy systemd chrony iptables kmod libseccomp
+  pushd "${srcdir}/rootfs/sbin"
+  ln -sf ../lib/systemd/systemd init
+  popd
+
+  install -Dm0755 "${srcdir}/${pkgbase}-${_pkgver}/src/agent/target/${_KARCH}-unknown-linux-gnu/release/kata-agent" "${srcdir}/rootfs/usr/bin/kata-agent"
+  install -Dm0644 "${srcdir}/${pkgbase}-${_pkgver}/src/agent/kata-containers.target" "${srcdir}/rootfs/usr/lib/systemd/system/kata-containers.target"
+  sed -e 's#@BINDIR@#/usr/bin#' -e 's#@AGENT_NAME@#kata-agent#' "${srcdir}/${pkgbase}-${_pkgver}/src/agent/kata-agent.service.in" >"${srcdir}/rootfs/usr/lib/systemd/system/kata-agent.service"
+
+  # rootfs image (builds filesystem with uid:gid of building system user! beware!)
+  cd "${srcdir}/${pkgbase}-${_pkgver}/tools/osbuilder/image-builder"
+  ./image_builder.sh -f ext4 "${srcdir}/rootfs"
 }
 
 build(){
-  for i in ksm-throttler proxy runtime shim; do
-    cd "${srcdir}/src/${_gh_org}/${i}"
-    GOPATH="${srcdir}" make DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib"
-  done
+  cd "${srcdir}/${pkgbase}-${_pkgver}"
+  GOPATH="${srcdir}" make BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" LIBC=gnu
+
+  # kernel build
+  cd "${srcdir}/linux-${_kata_kernel_ver}"
+  make -s ARCH="${_KARCH}"
+
+  mkinitcpio -c "${srcdir}/mkinitcpio-agent.conf" -g "${srcdir}/initrd-arch-agent.img" -D "${srcdir}/initcpio-agent"
+  #mkinitcpio -c "${srcdir}/mkinitcpio-systemd.conf" -g "${srcdir}/initrd-arch-systemd.img" -D "${srcdir}/initcpio-systemd"
+  #_kata_image_build
+}
+
+package_kata-agent(){
+  cd "${srcdir}/${pkgbase}-${_pkgver}/src/agent"
+  GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" LIBC=gnu
+
+  # install hooks
+  install -dm0755 "${pkgdir}/usr/lib/initcpio/install"
+  BINSRC="/usr/bin/kata-agent" envsubst <"${srcdir}/install_kata-agent.tpl" >"${pkgdir}/usr/lib/initcpio/install/kata-agent"
+  #SRCDIR="${srcdir}/${pkgbase}-${_pkgver}/src/agent" KARCH="${_KARCH}" envsubst <"${srcdir}/install_sd-kata-agent.tpl" >"${srcdir}/install_sd-kata-agent"
 }
 
-package_kata-ksm-throttler(){
-  cd "${srcdir}/src/${_gh_org}/ksm-throttler"
-  GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib"
-  install -d -m 0755 "${pkgdir}/var/lib/vc/{firecracker,sbs,uuid}"
+package_kata-containers-image(){
+  install=kata2-guest.install
+  local -r _img_filename="kata-containers-${_pkgver%%~*}-arch-systemd-image.img" _initrd_filename="kata-containers-${_pkgver%%~*}-arch-agent-initrd.img"
+  install -Dm 0644 "${srcdir}/${pkgbase}-${_pkgver}/tools/osbuilder/image-builder/kata-containers.img" "${pkgdir}/usr/share/kata-containers/${_img_filename}"
+  #install -Dm 0644 "${srcdir}/initrd-arch-agent.img" "${pkgdir}/usr/share/kata-containers/${_initrd_filename}"
+  pushd "${pkgdir}/usr/share/kata-containers"
+  ln -sf "${_img_filename}" "kata-containers-arch.img"
+  #ln -sf "${_initrd_filename}" "kata-containers-arch-initrd.img"
+  popd
 }
 
-package_kata-proxy(){
-  cd "${srcdir}/src/${_gh_org}/proxy"
-  GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib"
+package_kata-linux-container(){
+  install -Dm 0644 "${srcdir}/linux-${_kata_kernel_ver}/arch/${_KARCH}/boot/bzImage" "${pkgdir}/usr/share/kata-containers/vmlinux-${_kata_kernel_ver}.container"
+  #install -Dm 0644 "${srcdir}/linux-${_kata_kernel_ver}/vmlinux" "${pkgdir}/usr/share/kata-containers/vmlinux-${_kata_kernel_ver}.container"
+  pushd "${pkgdir}/usr/share/kata-containers"
+  ln -sf "vmlinux-${_kata_kernel_ver}.container" vmlinux.container
+  if [ "${_KARCH}" = "powerpc" ]; then
+    ln -sf "vmlinux-${_kata_kernel_ver}.container" "vmlinuz-${_kata_kernel_ver}.container"
+    ln -sf "vmlinuz-${_kata_kernel_ver}.container" vmlinuz.container
+  else
+    # param out bzImage for other archs?
+    install -Dm 0644 "${srcdir}/linux-${_kata_kernel_ver}/arch/${_KARCH}/boot/bzImage" "${pkgdir}/usr/share/kata-containers/vmlinuz-${_kata_kernel_ver}.container"
+    ln -sf "vmlinuz-${_kata_kernel_ver}.container" vmlinuz.container
+  fi
+  popd
 }
 
 package_kata-runtime(){
-  depends=('qemu-headless' "kata-proxy=${pkgver}" "kata-shim=${pkgver}" "kata-linux-container" "kata-containers-image")
+  depends=('qemu-headless' "kata-linux-container" "kata-containers-image")
   optdepends=(
-    "kata-ksm-throttler=${pkgver}"
-    'firecracker<0.22.0'
-    'cloud-hypervisor<0.9.0'
+    'firecracker<0.24.0'
+    'cloud-hypervisor<16.0'
   )
-  install=kata-runtime.install
-  cd "${srcdir}/src/${_gh_org}/runtime"
-  GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib"
-}
-
-package_kata-shim(){
-  cd "${srcdir}/src/${_gh_org}/shim"
-  GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib"
+  install=kata2-runtime.install
+  cd "${srcdir}/${pkgbase}-${_pkgver}/src/runtime"
+  GOPATH="${srcdir}" make install DESTDIR="${pkgdir}" BINDIR="/usr/bin" PKGLIBEXECDIR="/usr/lib/kata-containers" LIBEXECDIR="/usr/lib" LIBC=gnu
 }
diff --git a/btrfs.kconfig b/btrfs.kconfig
new file mode 100644
index 000000000000..90e77d2db188
--- /dev/null
+++ b/btrfs.kconfig
@@ -0,0 +1,10 @@
+CONFIG_BTRFS_FS=y
+CONFIG_BTRFS_FS_POSIX_ACL=y
+CONFIG_BTRFS_FS_CHECK_INTEGRITY=n
+CONFIG_BTRFS_FS_RUN_SANITY_TESTS=n
+CONFIG_BTRFS_DEBUG=n
+CONFIG_BTRFS_ASSERT=n
+CONFIG_BTRFS_FS_REF_VERIFY=n
+CONFIG_RAID6_PQ=y
+CONFIG_RAID6_PQ_BENCHMARK=y
+CONFIG_ZSTD_COMPRESS=y
diff --git a/image_builder.sh b/image_builder.sh
new file mode 100755
index 000000000000..51d5dc420b8d
--- /dev/null
+++ b/image_builder.sh
@@ -0,0 +1,521 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2017-2019 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -e
+
+[ -n "${DEBUG}" ] && set -x
+
+DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc}
+
+readonly script_name="${0##*/}"
+readonly script_dir=$(dirname "$(readlink -f "$0")")
+readonly lib_file="${script_dir}/../scripts/lib.sh"
+
+readonly ext4_format="ext4"
+readonly xfs_format="xfs"
+
+# ext4: percentage of the filesystem which may only be allocated by privileged processes.
+readonly reserved_blocks_percentage=3
+
+# Where the rootfs starts in MB
+readonly rootfs_start=1
+
+# Where the rootfs ends in MB
+readonly rootfs_end=-1
+
+# DAX header size
+# * NVDIMM driver reads the device namespace information from nvdimm namespace (4K offset).
+#   The MBR #1 + DAX metadata are saved in the first 2MB of the image.
+readonly dax_header_sz=2
+
+# DAX aligment
+# * DAX huge pages [2]: 2MB alignment
+# [2] - https://nvdimm.wiki.kernel.org/2mib_fs_dax
+readonly dax_alignment=2
+
+# The list of systemd units and files that are not needed in Kata Containers
+readonly -a systemd_units=(
+	"systemd-coredump@"
+	"systemd-journald"
+	"systemd-journald-dev-log"
+	"systemd-journal-flush"
+	"systemd-random-seed"
+	"systemd-timesyncd"
+	"systemd-tmpfiles-setup"
+	"systemd-udevd"
+	"systemd-udevd-control"
+	"systemd-udevd-kernel"
+	"systemd-udev-trigger"
+	"systemd-update-utmp"
+)
+
+readonly -a systemd_files=(
+	"systemd-bless-boot-generator"
+	"systemd-fstab-generator"
+	"systemd-getty-generator"
+	"systemd-gpt-auto-generator"
+	"systemd-tmpfiles-cleanup.timer"
+)
+
+# Set a default value
+AGENT_INIT=${AGENT_INIT:-no}
+
+# Align image to (size in MB) according to different architecture.
+case "$(uname -m)" in
+	aarch64) readonly mem_boundary_mb=16 ;;
+	*) readonly mem_boundary_mb=128 ;;
+esac
+
+# shellcheck source=../scripts/lib.sh
+source "${lib_file}"
+
+usage() {
+	cat <<EOT
+Usage: ${script_name} [options] <rootfs-dir>
+	This script will create a Kata Containers image file of
+	an adequate size based on the <rootfs-dir> directory.
+
+Options:
+	-h Show this help
+	-o path to generate image file ENV: IMAGE
+	-r Free space of the root partition in MB ENV: ROOT_FREE_SPACE
+
+Extra environment variables:
+	AGENT_BIN:  Use it to change the expected agent binary name
+	AGENT_INIT: Use kata agent as init process
+	NSDAX_BIN:  Use to specify path to pre-compiled 'nsdax' tool.
+	FS_TYPE:    Filesystem type to use. Only xfs and ext4 are supported.
+	USE_DOCKER: If set will build image in a Docker Container (requries docker)
+		    DEFAULT: not set
+	USE_PODMAN: If set and USE_DOCKER not set, will build image in a Podman Container (requries podman)
+	            DEFAULT: not set
+
+
+Following diagram shows how the resulting image will look like
+
+	.-----------.----------.---------------.-----------.
+	| 0 - 512 B | 4 - 8 Kb |  2M - 2M+512B |    3M     |
+	|-----------+----------+---------------+-----------+
+	|   MBR #1  |   DAX    |    MBR #2     |  Rootfs   |
+	'-----------'----------'---------------'-----------+
+	      |          |      ^      |        ^
+	      |          '-data-'      '--------'
+	      |                                 |
+	      '--------rootfs-partition---------'
+
+
+MBR: Master boot record.
+DAX: Metadata required by the NVDIMM driver to enable DAX in the guest [1][2] (struct nd_pfn_sb).
+Rootfs: partition that contains the root filesystem (/usr, /bin, ect).
+
+Kernels and hypervisors that support DAX/NVDIMM read the MBR #2, otherwise MBR #1 is read.
+
+[1] - https://github.com/kata-containers/osbuilder/blob/master/image-builder/nsdax.gpl.c
+[2] - https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn.h
+
+EOT
+}
+
+
+# build the image using container engine
+build_with_container() {
+	local rootfs="$1"
+	local image="$2"
+	local fs_type="$3"
+	local block_size="$4"
+	local root_free_space="$5"
+	local agent_bin="$6"
+	local agent_init="$7"
+	local container_engine="$8"
+	local nsdax_bin="$9"
+	local container_image_name="image-builder-osbuilder"
+	local shared_files=""
+
+	image_dir=$(readlink -f "$(dirname "${image}")")
+	image_name=$(basename "${image}")
+
+	"${container_engine}" build  \
+		   --build-arg http_proxy="${http_proxy}" \
+		   --build-arg https_proxy="${https_proxy}" \
+		   -t "${container_image_name}" "${script_dir}"
+
+	readonly mke2fs_conf="/etc/mke2fs.conf"
+	if [ -f "${mke2fs_conf}" ]; then
+		shared_files+="-v ${mke2fs_conf}:${mke2fs_conf}:ro "
+	fi
+
+	#Make sure we use a compatible runtime to build rootfs
+	# In case Clear Containers Runtime is installed we dont want to hit issue:
+	#https://github.com/clearcontainers/runtime/issues/828
+	"${container_engine}" run  \
+		   --rm \
+		   --runtime "${DOCKER_RUNTIME}"  \
+		   --privileged \
+		   --env AGENT_BIN="${agent_bin}" \
+		   --env AGENT_INIT="${agent_init}" \
+		   --env FS_TYPE="${fs_type}" \
+		   --env BLOCK_SIZE="${block_size}" \
+		   --env ROOT_FREE_SPACE="${root_free_space}" \
+		   --env NSDAX_BIN="${nsdax_bin}" \
+		   --env DEBUG="${DEBUG}" \
+		   -v /dev:/dev \
+		   -v "${script_dir}":"/osbuilder" \
+		   -v "${script_dir}/../scripts":"/scripts" \
+		   -v "${rootfs}":"/rootfs" \
+		   -v "${image_dir}":"/image" \
+		   ${shared_files} \
+		   ${container_image_name} \
+		   bash "/osbuilder/${script_name}" -o "/image/${image_name}" /rootfs
+}
+
+check_rootfs() {
+	local rootfs="${1}"
+
+	[ -d "${rootfs}" ] || die "${rootfs} is not a directory"
+
+	# The kata rootfs image expect init and kata-agent to be installed
+	init_path="/sbin/init"
+	init="${rootfs}${init_path}"
+	if [ ! -x "${init}" ] && [ ! -L "${init}" ]; then
+		error "${init_path} is not installed in ${rootfs}"
+		return 1
+	fi
+	OK "init is installed"
+
+
+	candidate_systemd_paths="/usr/lib/systemd/systemd /lib/systemd/systemd"
+
+	# check agent or systemd
+	case "${AGENT_INIT}" in
+		"no")
+			for systemd_path in $candidate_systemd_paths; do
+				systemd="${rootfs}${systemd_path}"
+				if [ -x "${systemd}" ] || [ -L "${systemd}" ]; then
+					found="yes"
+					break
+				fi
+			done
+			if [ ! $found ]; then
+				error "None of ${candidate_systemd_paths} is installed in ${rootfs}"
+				return 1
+			fi
+			OK "init is systemd"
+			;;
+
+		"yes")
+			agent_path="/sbin/init"
+			agent="${rootfs}${agent_path}"
+			if  [ ! -x "${agent}" ]; then
+				error "${agent_path} is not installed in ${rootfs}. Use AGENT_BIN env variable to change the expected agent binary name"
+				return 1
+			fi
+			# checksum must be different to system
+			for systemd_path in $candidate_systemd_paths; do
+				systemd="${rootfs}${systemd_path}"
+				if [ -f "${systemd}" ] && cmp -s "${systemd}" "${agent}"; then
+					error "The agent is not the init process. ${agent_path} is systemd"
+					return 1
+				fi
+			done
+
+			OK "Agent installed"
+			;;
+
+		*)
+			error "Invalid value for AGENT_INIT: '${AGENT_INIT}'. Use to 'yes' or 'no'"
+			return 1
+			;;
+	esac
+
+	return 0
+}
+
+calculate_required_disk_size() {
+	local rootfs="$1"
+	local fs_type="$2"
+	local block_size="$3"
+
+	readonly rootfs_size_mb=$(du -B 1MB -s "${rootfs}" | awk '{print $1}')
+	readonly image="$(mktemp)"
+	readonly max_tries=20
+	readonly increment=10
+
+	for i in $(seq 1 $max_tries); do
+		local img_size="$((rootfs_size_mb + (i * increment)))"
+		create_disk "${image}" "${img_size}" "${fs_type}" "${rootfs_start}" > /dev/null 2>&1
+		if ! device="$(setup_loop_device "${image}")"; then
+			continue
+		fi
+
+		if ! format_loop "${device}" "${block_size}" "${fs_type}" > /dev/null 2>&1 ; then
+			die "Could not format loop device: ${device}"
+		fi
+		local mount_dir
+		while [ -z "${mount_dir}" ]; do mount_dir="$(udisksctl mount -b ${device}p1)" || sleep 3; done
+		mount_dir="${mount_dir##* }"
+		avail="$(df -BM --output=avail "${mount_dir}" | tail -n1 | sed 's/[M ]//g')"
+		udisksctl unmount -b "${device}p1" &>/dev/null
+		udisksctl loop-delete -b "${device}" &>/dev/null
+		unset mount_dir
+
+		if [ "${avail}" -gt "${rootfs_size_mb}" ]; then
+			#rmdir "${mount_dir}"
+			rm -f "${image}"
+			echo "${img_size}"
+			return
+		fi
+	done
+
+
+	#rmdir "${mount_dir}"
+	rm -f "${image}"
+	error "Could not calculate the required disk size"
+}
+
+# Calculate image size based on the rootfs and free space
+calculate_img_size() {
+	local rootfs="$1"
+	local root_free_space_mb="$2"
+	local fs_type="$3"
+	local block_size="$4"
+
+	# rootfs start + DAX header size + rootfs end
+	local reserved_size_mb=$((rootfs_start + dax_header_sz + rootfs_end))
+
+	disk_size="$(calculate_required_disk_size "${rootfs}" "${fs_type}" "${block_size}")"
+
+	img_size="$((disk_size + reserved_size_mb))"
+	if [ -n "${root_free_space_mb}" ]; then
+		img_size="$((img_size + root_free_space_mb))"
+	fi
+
+	remaining="$((img_size % mem_boundary_mb))"
+	if [ "${remaining}" != "0" ]; then
+		img_size=$((img_size + mem_boundary_mb - remaining))
+	fi
+
+	echo "${img_size}"
+}
+
+setup_loop_device() {
+	local image="$1"
+
+	# Get the loop device bound to the image file (requires /dev mounted in the
+	# image build system and root privileges)
+	local device="$(udisksctl loop-setup -f ${image})"
+	device="${device##* }"
+	device="${device%.*}"
+	echo "${device}"
+	return 0
+}
+
+format_loop() {
+	local device="$1"
+	local block_size="$2"
+	local fs_type="$3"
+
+	case "${fs_type}" in
+		"${ext4_format}")
+			mkfs.ext4 -q -F -E root_owner -b "${block_size}" "${device}p1"
+			info "Set filesystem reserved blocks percentage to ${reserved_blocks_percentage}%"
+			tune2fs -m "${reserved_blocks_percentage}" "${device}p1"
+			;;
+
+		"${xfs_format}")
+			# DAX and reflink cannot be used together!
+			# Explicitly disable reflink, if it fails then reflink
+			# is not supported and '-m reflink=0' is not needed.
+			if mkfs.xfs -m reflink=0 -q -f -b size="${block_size}" "${device}p1" 2>&1 | grep -q "unknown option"; then
+				mkfs.xfs -q -f -b size="${block_size}" "${device}p1"
+			fi
+			;;
+
+		*)
+			error "Unsupported fs type: ${fs_type}"
+			return 1
+			;;
+	esac
+}
+
+create_disk() {
+	local image="$1"
+	local img_size="$2"
+	local fs_type="$3"
+	local part_start="$4"
+
+	info "Creating raw disk with size ${img_size}M"
+	qemu-img create -q -f raw "${image}" "${img_size}M"
+	OK "Image file created"
+
+	# Kata runtime expect an image with just one partition
+	# The partition is the rootfs content
+	info "Creating partitions"
+	parted -s -a optimal "${image}" -- \
+		   mklabel msdos \
+		   mkpart primary "${fs_type}" "${part_start}"M "${rootfs_end}"M
+
+	OK "Partitions created"
+}
+
+create_rootfs_image() {
+	local rootfs="$1"
+	local image="$2"
+	local img_size="$3"
+	local fs_type="$4"
+	local block_size="$5"
+
+	create_disk "${image}" "${img_size}" "${fs_type}" "${rootfs_start}"
+
+	if ! device="$(setup_loop_device "${image}")"; then
+		die "Could not setup loop device"
+	fi
+
+	if ! format_loop "${device}" "${block_size}" "${fs_type}"; then
+		die "Could not format loop device: ${device}"
+	fi
+
+	info "Mounting root partition"
+	local mount_dir
+	while [ -z "${mount_dir}" ]; do mount_dir="$(udisksctl mount -b ${device}p1)" || sleep 3; done
+	mount_dir="${mount_dir##* }"
+	OK "root partition mounted"
+
+	info "Copying content from rootfs to root partition"
+	cp -a "${rootfs}"/* "${mount_dir}"
+	sync
+	OK "rootfs copied"
+
+	info "Removing unneeded systemd services and sockets"
+	for u in "${systemd_units[@]}"; do
+		find "${mount_dir}" \
+			-path "${mount_dir}/lost+found" -prune -o -type f \( \
+			-name "${u}.service" -o \
+			-name "${u}.socket" \) \
+			-exec rm -f {} \;
+	done
+
+	info "Removing unneeded systemd files"
+	for u in "${systemd_files[@]}"; do
+		find "${mount_dir}" \
+			-path "${mount_dir}/lost+found" -prune -o \
+			-type f -name "${u}" -exec rm -f {} \;
+	done
+
+	info "Creating empty machine-id to allow systemd to bind-mount it"
+	touch "${mount_dir}/etc/machine-id"
+
+	info "Unmounting root partition"
+	udisksctl unmount -b "${device}p1"
+	OK "Root partition unmounted"
+
+	if [ "${fs_type}" = "${ext4_format}" ]; then
+		fsck.ext4 -D -y "${device}p1"
+	fi
+
+	udisksctl loop-delete -b "${device}"
+	#rmdir "${mount_dir}"
+}
+
+set_dax_header() {
+	local image="$1"
+	local img_size="$2"
+	local fs_type="$3"
+	local nsdax_bin="$4"
+
+	# rootfs start + DAX header size
+	local rootfs_offset=$((rootfs_start + dax_header_sz))
+	local header_image="${image}.header"
+	local dax_image="${image}.dax"
+	rm -f "${dax_image}" "${header_image}"
+
+	create_disk "${header_image}" "${img_size}" "${fs_type}" "${rootfs_offset}"
+
+	dax_header_bytes=$((dax_header_sz * 1024 * 1024))
+	dax_alignment_bytes=$((dax_alignment * 1024 * 1024))
+	info "Set DAX metadata"
+	# Set metadata header
+	# Issue: https://github.com/kata-containers/osbuilder/issues/240
+	if [ -z "${nsdax_bin}" ] ; then
+		nsdax_bin="${script_dir}/nsdax"
+		gcc -O2 "${script_dir}/nsdax.gpl.c" -o "${nsdax_bin}"
+		trap "rm ${nsdax_bin}" EXIT
+	fi
+	"${nsdax_bin}" "${header_image}" "${dax_header_bytes}" "${dax_alignment_bytes}"
+	sync
+
+	touch "${dax_image}"
+	# Copy MBR #1 + DAX metadata
+	dd if="${header_image}" of="${dax_image}" bs="${dax_header_sz}M" count=1
+	# Copy MBR #2 + Rootfs
+	dd if="${image}" of="${dax_image}" oflag=append conv=notrunc
+	# final image
+	mv "${dax_image}" "${image}"
+	sync
+
+	rm -f "${dax_image}" "${header_image}"
+}
+
+main() {
+	# variables that can be overwritten by environment variables
+	local agent_bin="${AGENT_BIN:-kata-agent}"
+	local agent_init="${AGENT_INIT:-no}"
+	local fs_type="${FS_TYPE:-${ext4_format}}"
+	local image="${IMAGE:-kata-containers.img}"
+	local block_size="${BLOCK_SIZE:-4096}"
+	local root_free_space="${ROOT_FREE_SPACE:-}"
+	local nsdax_bin="${NSDAX_BIN:-}"
+
+	while getopts "ho:r:f:" opt
+	do
+		case "$opt" in
+			h)	usage; return 0;;
+			o)	image="${OPTARG}" ;;
+			r)	root_free_space="${OPTARG}" ;;
+			f)	fs_type="${OPTARG}" ;;
+			*) break ;;
+		esac
+	done
+
+	shift $(( OPTIND - 1 ))
+	rootfs="$(readlink -f "$1")"
+	if [ -z "${rootfs}" ]; then
+		usage
+		exit 0
+	fi
+
+	local container_engine
+	if [ -n "${USE_DOCKER}" ]; then
+		container_engine="docker"
+	elif [ -n "${USE_PODMAN}" ]; then
+		container_engine="podman"
+	fi
+
+	if [ -n "$container_engine" ]; then
+		build_with_container "${rootfs}" \
+			"${image}" "${fs_type}" "${block_size}" \
+			"${root_free_space}" "${agent_bin}" \
+			"${agent_init}" "${container_engine}" \
+			"${nsdax_bin}"
+		exit $?
+	fi
+
+	if ! check_rootfs "${rootfs}" ; then
+		die "Invalid rootfs"
+	fi
+
+	img_size=$(calculate_img_size "${rootfs}" "${root_free_space}" "${fs_type}" "${block_size}")
+
+	# the first 2M are for the first MBR + NVDIMM metadata and were already
+	# consider in calculate_img_size
+	rootfs_img_size=$((img_size - dax_header_sz))
+	create_rootfs_image "${rootfs}" "${image}" "${rootfs_img_size}" \
+						"${fs_type}" "${block_size}"
+
+	# insert at the beginning of the image the MBR + DAX header
+	set_dax_header "${image}" "${img_size}" "${fs_type}" "${nsdax_bin}"
+}
+
+main "$@"
diff --git a/install_kata-agent.tpl b/install_kata-agent.tpl
new file mode 100644
index 000000000000..6873c78824a4
--- /dev/null
+++ b/install_kata-agent.tpl
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+build(){
+  add_binary "${BINSRC}" "/init"
+}
diff --git a/install_sd-kata-agent.tpl b/install_sd-kata-agent.tpl
new file mode 100644
index 000000000000..57a7a932f898
--- /dev/null
+++ b/install_sd-kata-agent.tpl
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+build(){
+  add_systemd_unit "${SRCDIR}/kata-containers.target"
+  add_systemd_unit "${SRCDIR}/kata-agent.service"
+  add_binary "${SRCDIR}/target/${KARCH}-unknown-linux-gnu/release/kata-agent"
+}
diff --git a/kata-agent.service.in b/kata-agent.service.in
new file mode 100644
index 000000000000..0340bdbbbd54
--- /dev/null
+++ b/kata-agent.service.in
@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2018-2019 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+[Unit]
+Description=Kata Containers Agent
+Documentation=https://github.com/kata-containers/kata-containers
+Wants=kata-containers.target
+#ConditionPathExists=/etc/initrd-release
+#DefaultDependencies=no
+
+[Service]
+# Send agent output to tty to allow capture debug logs
+# from a VM vsock port
+StandardOutput=tty
+Type=simple
+ExecStart=@BINDIR@/@AGENT_NAME@
+LimitNOFILE=infinity
+# ExecStop is required for static agent tracing; in all other scenarios
+# the runtime handles shutting down the VM.
+ExecStop=/bin/sync ; /usr/bin/systemctl --force poweroff
+FailureAction=poweroff
diff --git a/kata-containers.target b/kata-containers.target
new file mode 100644
index 000000000000..03f370075ee5
--- /dev/null
+++ b/kata-containers.target
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2018-2019 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+[Unit]
+Description=Kata Containers Agent Target
+Requires=basic.target
+Requires=tmp.mount
+Wants=chronyd.service
+Requires=kata-agent.service
+Conflicts=rescue.service rescue.target
+After=basic.target rescue.service rescue.target
+AllowIsolate=yes
+#ConditionPathExists=/etc/initrd-release
diff --git a/kata-runtime.install b/kata-runtime.install
deleted file mode 100644
index bf29b5a97eae..000000000000
--- a/kata-runtime.install
+++ /dev/null
@@ -1,44 +0,0 @@
-post_install() {
-  cat <<EOF
-
-To use kata-runtime with docker,
-- add the following config to /etc/docker/daemon.json
-"""
-{
-    "runtimes": {
-      "kata": {
-        "path": "/usr/bin/kata-runtime"
-      }
-    }
-}
-"""
-  and restart the docker daemon
-
-- run containers with the "--runtime=kata" options to use kata-runtime
-"""
-$ docker run --runtime=kata --rm busybox date
-"""
-
-- to set Kata as the default runtime, add '"default-runtime": "kata"' to /etc/docker/daemon.json and restart the docker daemon
-"""
-{
-    "default-runtime": "kata",
-    "runtimes": {
-      "kata": {
-        "path": "/usr/bin/kata-runtime"
-      },
-    }
-}
-
-"""
-
-- to run Kata with Firecracker, due to Firecracker's limitations, you have to set your Docker storage driver (ref: https://docs.docker.com/storage/storagedriver/select-storage-driver/ ) to 'devicemapper' in /etc/docker/daemon.json
-"""
-{
-    "storage-driver": "devicemapper"
-}
-"""
-
-EOF
-
-}
diff --git a/kata2-guest.install b/kata2-guest.install
new file mode 100644
index 000000000000..f2ab78bbbeab
--- /dev/null
+++ b/kata2-guest.install
@@ -0,0 +1,20 @@
+post_install() {
+  cat <<EOF
+
+Due to backflips made to be able to build the Kata guest image (not initrd!)
+without root account access, rootfs has uid:gid of the builer's user account.
+
+This might have subtle security implications and if that's not acceptable,
+the user could do one of the following:
+
+- alter the build process to use upstream's \`image_builder.sh\` to build
+  the image from rootfs created via \`pacman\`, with root priviledges
+- use the \`-bin\`-suffixed package, containing upstream-built images
+
+By installing this package as-is, the user acknowledges this warning.
+
+Due to issues with properly building an Arch-based initrd, VM templating support
+is broken at the moment.
+
+EOF
+}
diff --git a/kata2-runtime.install b/kata2-runtime.install
new file mode 100644
index 000000000000..ef84496a0d1f
--- /dev/null
+++ b/kata2-runtime.install
@@ -0,0 +1,11 @@
+post_install() {
+  cat <<EOF
+
+Due to Docker hard-codied usage of OCI runtime shim v1, the closest replacement
+is to call containerd CLI, for example as follows:
+
+  ctr image pull docker.io/library/alpine:edge
+  ctr run --rm -t --runtime io.containerd.kata.v2 docker.io/library/alpine:edge example-container-name date
+
+EOF
+}
diff --git a/mkinitcpio-agent.conf b/mkinitcpio-agent.conf
new file mode 100644
index 000000000000..1a36f26aab64
--- /dev/null
+++ b/mkinitcpio-agent.conf
@@ -0,0 +1,6 @@
+MODULES=()
+BINARIES=()
+FILES=()
+HOOKS=(kata-agent)
+#COMPRESSION="gzip"
+#COMPRESSION_OPTIONS=()
author	zer0def	2021-05-15 06:27:43 +0200
committer	zer0def	2021-05-15 08:03:48 +0200
commit	8f78807fe6f686ce7d52daf67d6a26b3664e9c01 (patch)
tree	433eb1ca2cbe85837734feaeeaa62479008fa1ff
parent	8c50f1ee85601cb265a6e2f834428babcc1ca2a6 (diff)
download	aur-8f78807fe6f686ce7d52daf67d6a26b3664e9c01.tar.gz