Open fidencio opened 1 month ago
Distros will perform offline builds of the guest-components, in order to package them inside Kata Containers rootfs image / initrd, and it's impossible to do so without having access to the vendored code.
Kata Containers does this by taking advantage of this custom script that's used as part of our release workflow: https://github.com/kata-containers/kata-containers/blob/main/tools/packaging/release/generate_vendor.sh
I think this makes great sense if we finally want to achieve hermetic builds for rootfs of CoCo/kata defined in SLSA.
Distros will perform offline builds of the guest-components, in order to package them inside Kata Containers rootfs image / initrd, and it's impossible to do so without having access to the vendored code.
Kata Containers does this by taking advantage of this custom script that's used as part of our release workflow: https://github.com/kata-containers/kata-containers/blob/main/tools/packaging/release/generate_vendor.sh