Kata: Release v3.2.0.azl0 for both vanilla and CC based on aligned so…

…urces (#6942)
microsoft · Feb 15, 2024 · 8acb776 · 8acb776
1 parent 25857d9
commit 8acb776
Show file tree

Hide file tree

Showing 14 changed files with 66 additions and 687 deletions.
diff --git a/SPECS/kata-containers-cc/kata-containers-cc.signatures.json b/SPECS/kata-containers-cc/kata-containers-cc.signatures.json
@@ -1,7 +1,7 @@
 {
   "Signatures": {
     "mariner-coco-build-uvm.sh": "4f2be6965d8c4d7919fd201a68160fc8ab02a1be50a336abbfea13f16a6ffb89",
-    "kata-containers-cc-0.6.3-cargo.tar.gz": "7ff6c5f7f7aa31a99ea5d837876291d886b16c32f21b6d65d044fd398abff1e6",
-    "kata-containers-cc-0.6.3.tar.gz": "1f366ce70bf83a239a7ec99334506adb28c3199157b4370840c3685378a34268"
+    "kata-containers-cc-3.2.0.azl0-cargo.tar.gz": "7ff6c5f7f7aa31a99ea5d837876291d886b16c32f21b6d65d044fd398abff1e6",
+    "kata-containers-cc-3.2.0.azl0.tar.gz": "78f3749c848c77f0d54aa16a4f29209a07f3d4af30664c0d9212300ac364aaec"
   }
 }
diff --git a/SPECS/kata-containers-cc/kata-containers-cc.spec b/SPECS/kata-containers-cc/kata-containers-cc.spec
@@ -1,6 +1,6 @@
 %global runtime_make_vars       DEFMEMSZ=256 \\\
-                                DEFSHAREDFS_CLH_SNP_VIRTIOFS=none \\\
                                 DEFSTATICSANDBOXWORKLOADMEM=1792 \\\
+                                DEFSNPGUEST=true \\\
                                 SKIP_GO_VERSION_CHECK=1
 
 %global agent_make_vars         LIBC=gnu \\\
@@ -9,16 +9,15 @@
 %global debug_package %{nil}
 
 Name:         kata-containers-cc
-Version:      0.6.3
-Release:      4%{?dist}
+Version:      3.2.0.azl0
+Release:      1%{?dist}
 Summary:      Kata Confidential Containers package developed for Confidential Containers on AKS
 License:      ASL 2.0
 Vendor:       Microsoft Corporation
 URL:          https://github.com/microsoft/kata-containers
-Source0:      https://github.com/microsoft/kata-containers/archive/refs/tags/cc-%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source1:      https://github.com/microsoft/kata-containers/archive/refs/tags/%{name}-%{version}.tar.gz
-Source2:      %{name}-%{version}-cargo.tar.gz
-Source3:      mariner-coco-build-uvm.sh
+Source0:      https://github.com/microsoft/kata-containers/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1:      %{name}-%{version}-cargo.tar.gz
+Source2:      mariner-coco-build-uvm.sh
 
 ExclusiveArch: x86_64
 
@@ -70,7 +69,7 @@ This package contains the the tooling and files required to build the UVM
 %prep
 %autosetup -p1 -n %{name}-%{version}
 pushd %{_builddir}/%{name}-%{version}
-tar -xf %{SOURCE2}
+tar -xf %{SOURCE1}
 popd
 
 %build
@@ -138,7 +137,7 @@ pushd %{_builddir}/%{name}-%{version}
 rm tools/osbuilder/.gitignore
 rm tools/osbuilder/rootfs-builder/.gitignore
 
-install -D -m 0755 %{SOURCE3}           %{buildroot}%{osbuilder}/mariner-coco-build-uvm.sh
+install -D -m 0755 %{SOURCE2}           %{buildroot}%{osbuilder}/mariner-coco-build-uvm.sh
 install -D -m 0644 VERSION              %{buildroot}%{osbuilder}/VERSION
 install -D -m 0644 ci/install_yq.sh     %{buildroot}%{osbuilder}/ci/install_yq.sh
 install -D -m 0644 versions.yaml        %{buildroot}%{osbuilder}/versions.yaml
@@ -185,14 +184,27 @@ install -D -m 0755 kata-monitor %{buildroot}%{coco_bin}/kata-monitor
 install -D -m 0755 kata-runtime %{buildroot}%{coco_bin}/kata-runtime
 install -D -m 0755 data/kata-collect-data.sh %{buildroot}%{coco_bin}/kata-collect-data.sh
 
-# Note: we deploy two configurations - the additional one is for policy/snapshotter testing w/o SEV SNP or IGVM
-install -D -m 0644 config/configuration-clh.toml %{buildroot}/%{defaults_kata}/configuration-clh.toml
+# We deploy 3 configurations:
+# configuration-clh-snp: production Kata-CC - IGVM & image, confidential_guest=true, sev_snp_guest=true
+# configuration-clh-snp-debug: debug Kata-CC - kernel & image, confidential_guest=true, sev_snp_guest=false
+# configuration-clh (symlinked to by configuration.toml): vanilla Kata - kernel & initrd, confidential_guest=false, sev_snp_guest=false
 install -D -m 0644 config/configuration-clh-snp.toml %{buildroot}/%{defaults_kata}/configuration-clh-snp.toml
+install -D -m 0644 config/configuration-clh.toml %{buildroot}/%{defaults_kata}/configuration-clh-snp-debug.toml
+install -D -m 0644 config/configuration-clh.toml %{buildroot}/%{defaults_kata}/configuration-clh.toml
 
-# adapt upstream config files
-# change paths with locations specific to our distribution
-sed -i 's|/usr|/opt/confidential-containers|g' %{buildroot}/%{defaults_kata}/configuration-clh.toml
-sed -i 's|/usr|/opt/confidential-containers|g' %{buildroot}/%{defaults_kata}/configuration-clh-snp.toml
+# Adapt configuration files:
+# - Change paths with locations specific to our distribution.
+sed --follow-symlinks -i 's|/usr|/opt/confidential-containers|g' %{buildroot}/%{defaults_kata}/configuration-clh*.toml
+# - Set up configuration-clh-snp-debug. Note that kernel and image are already
+#   set through configuration-clh.toml.in.
+sed -i 's|-igvm.img|-igvm-debug.img|g' %{buildroot}/%{defaults_kata}/configuration-clh-snp-debug.toml
+sed -i '/^#confidential_guest =/s|^#||g' %{buildroot}/%{defaults_kata}/configuration-clh-snp-debug.toml
+sed -i '/^#enable_debug =/s|^#||g' %{buildroot}/%{defaults_kata}/configuration-clh-snp-debug.toml
+sed -i '/^#debug_console_enabled =/s|^#||g' %{buildroot}/%{defaults_kata}/configuration-clh-snp-debug.toml
+sed -i 's|shared_fs = "virtio-fs"|shared_fs = "none"|g' %{buildroot}/%{defaults_kata}/configuration-clh-snp-debug.toml
+# - Set up configuration-clh.
+sed -i '/^#initrd =/s|^#||g' %{buildroot}/%{defaults_kata}/configuration-clh.toml
+sed -i '/^image =/s|^|#|g' %{buildroot}/%{defaults_kata}/configuration-clh.toml
 popd
 
 # tardev-snapshotter
@@ -275,8 +287,11 @@ install -D -m 0755 %{_builddir}/%{name}-%{version}/tools/osbuilder/image-builder
 %exclude %{osbuilder}/tools/osbuilder/rootfs-builder/ubuntu
 
 %changelog
-* Fri Feb 02 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 0.6.3-4
-- Bump release to rebuild with go 1.21.6
+*   Mon Feb 12 2024 Aurelien Bombo <abombo@microsoft.com> - 3.2.0.azl0-1
+-   Use Microsoft sources based on upstream Kata version 3.2.0.
+
+*   Fri Feb 02 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 0.6.3-4
+-   Bump release to rebuild with go 1.21.6
 
 *   Tue Jan 30 2024 Archana Choudhary <archana1@microsoft.com> - 0.6.3-3
 -   Remove kernel-uvm-cvm(-devel) dependency

diff --git a/SPECS/kata-containers/0001-Append-systemd-kernel-cmdline-params-for-initrd.patch b/SPECS/kata-containers/0001-Append-systemd-kernel-cmdline-params-for-initrd.patch
diff --git a/SPECS/kata-containers/0001-Merged-PR-9607-Allow-10-seconds-for-VM-creation-star.patch b/SPECS/kata-containers/0001-Merged-PR-9607-Allow-10-seconds-for-VM-creation-star.patch
diff --git a/SPECS/kata-containers/0001-osbuilder-Add-support-for-CBL-Mariner.patch b/SPECS/kata-containers/0001-osbuilder-Add-support-for-CBL-Mariner.patch
diff --git a/SPECS/kata-containers/0002-Merged-PR-9671-Wait-for-a-possibly-slow-Guest.patch b/SPECS/kata-containers/0002-Merged-PR-9671-Wait-for-a-possibly-slow-Guest.patch
diff --git a/SPECS/kata-containers/0003-Merged-PR-9805-Add-support-for-MSHV.patch b/SPECS/kata-containers/0003-Merged-PR-9805-Add-support-for-MSHV.patch
diff --git a/SPECS/kata-containers/0004-Merged-PR-9806-Fix-enable_debug-for-hypervisor.clh.patch b/SPECS/kata-containers/0004-Merged-PR-9806-Fix-enable_debug-for-hypervisor.clh.patch
diff --git a/SPECS/kata-containers/0005-Merged-PR-9956-shim-avoid-memory-hotplug-timeout.patch b/SPECS/kata-containers/0005-Merged-PR-9956-shim-avoid-memory-hotplug-timeout.patch