Open huoqifeng opened 2 weeks ago
FYI: I was able to reach the following build step and got the artifacts successfully built:
$ make coco-guest-components-tarball TEE_PLATFORM=se
... build log ...
build attestation-agent for se
cd attestation-agent && make ttrpc=true ARCH=s390x LIBC=gnu ATTESTER=se-attester
make[1]: Entering directory '/home/ubuntu/go/src/github.com/kata-containers/kata-containers/tools/packaging/kata-deploy/local-build/build/coco-guest-components/builddir/guest-components/attestation-agent'
DEBIANOS is: true
make[1]: sudo: Command not found
cd attestation-agent && cargo build --release --no-default-features --features "coco_as,kbs bin,ttrpc se-attester,openssl" --bin ttrpc-aa --target s390x-unknown-linux-gnu
... build log ...
guest components built for se succeeded!
s390x/powerpc64le only supports gnu
install -D -m0755 target/s390x-unknown-linux-gnu/release/confidential-data-hub /home/ubuntu/go/src/github.com/kata-containers/kata-containers/tools/packaging/kata-deploy/local-build/build/coco-guest-components/destdir/usr/local/bin/confidential-data-hub
install -D -m0755 target/s390x-unknown-linux-gnu/release/attestation-agent /home/ubuntu/go/src/github.com/kata-containers/kata-containers/tools/packaging/kata-deploy/local-build/build/coco-guest-components/destdir/usr/local/bin/attestation-agent
install -D -m0755 target/s390x-unknown-linux-gnu/release/api-server-rest /home/ubuntu/go/src/github.com/kata-containers/kata-containers/tools/packaging/kata-deploy/local-build/build/coco-guest-components/destdir/usr/local/bin/api-server-rest
/home/ubuntu/go/src/github.com/kata-containers/kata-containers/tools/packaging/kata-deploy/local-build/build/coco-guest-components/builddir
./
./usr/
./usr/local/
./usr/local/bin/
./usr/local/bin/api-server-rest
./usr/local/bin/confidential-data-hub
./usr/local/bin/attestation-agent
drwxr-xr-x ubuntu/ubuntu 0 2024-06-11 18:34 ./
drwxr-xr-x ubuntu/ubuntu 0 2024-06-11 18:34 ./usr/
drwxr-xr-x ubuntu/ubuntu 0 2024-06-11 18:34 ./usr/local/
drwxr-xr-x ubuntu/ubuntu 0 2024-06-11 18:56 ./usr/local/bin/
-rwxr-xr-x ubuntu/ubuntu 2491296 2024-06-11 18:56 ./usr/local/bin/api-server-rest
-rwxr-xr-x ubuntu/ubuntu 18105344 2024-06-11 18:56 ./usr/local/bin/confidential-data-hub
-rwxr-xr-x ubuntu/ubuntu 12820152 2024-06-11 18:56 ./usr/local/bin/attestation-agent
~/go/src/github.com/kata-containers/kata-containers/tools/packaging/kata-deploy/local-build/build ~/go/src/github.com/kata-containers/kata-containers/tools/packaging/kata-deploy/local-build/build/coco-guest-components/destdir
~/go/src/github.com/kata-containers/kata-containers/tools/packaging/kata-deploy/local-build/build/coco-guest-components/destdir
make[1]: Leaving directory '/home/ubuntu/go/src/github.com/kata-containers/kata-containers'
with the following changes:
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
index 56864457e..39fdbd695 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
@@ -113,6 +113,7 @@ docker run \
--env ARTEFACT_REGISTRY_PASSWORD="${ARTEFACT_REGISTRY_PASSWORD}" \
--env TARGET_BRANCH="${TARGET_BRANCH}" \
--env BUILDER_REGISTRY="${BUILDER_REGISTRY}" \
+ --env TEE_PLATFORM="${TEE_PLATFORM:-}" \
--env PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY}" \
--env AGENT_CONTAINER_BUILDER="${AGENT_CONTAINER_BUILDER}" \
--env COCO_GUEST_COMPONENTS_CONTAINER_BUILDER="${COCO_GUEST_COMPONENTS_CONTAINER_BUILDER}" \
diff --git a/tools/packaging/static-build/coco-guest-components/build.sh b/tools/packaging/static-build/coco-guest-components/build.sh
index c68ccbdfa..ab82679c0 100755
--- a/tools/packaging/static-build/coco-guest-components/build.sh
+++ b/tools/packaging/static-build/coco-guest-components/build.sh
@@ -39,7 +39,7 @@ docker pull ${container_image} || \
push_to_registry "${container_image}")
# Temp settings until we have a matching TEE_PLATFORM
-TEE_PLATFORM=""
+TEE_PLATFORM="${TEE_PLATFORM:-}"
RESOURCE_PROVIDER="kbs,sev"
ATTESTER="none"
# snp-attester and tdx-attester crates require packages only available on x86
@@ -48,7 +48,7 @@ ATTESTER="none"
docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
-w "${PWD}" \
--env DESTDIR="${DESTDIR}" \
- --env TEE_PLATFORM=${TEE_PLATFORM:+"all"} \
+ --env TEE_PLATFORM=${TEE_PLATFORM:-} \
--env RESOURCE_PROVIDER=${RESOURCE_PROVIDER:-} \
--env ATTESTER=${ATTESTER:-} \
--env coco_guest_components_repo="${coco_guest_components_repo}" \
diff --git a/versions.yaml b/versions.yaml
index 4cf2a4d85..a5f6703d1 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -221,7 +221,7 @@ externals:
coco-guest-components:
description: "Provides attested key unwrapping for image decryption"
url: "https://github.com/confidential-containers/guest-components/"
- version: "adca2f94091d73c0b0c96a7789322a801c15811b"
+ version: "c543f208211aedd5fbecc5ddddf4c3200d0bbc00"
toolchain: "1.76.0"
coco-trustee:
@BbolroC yes, the sh file is the minimal change required.
@BbolroC @fidencio @wainersm may you help have a look at it?
@fidencio may you help have a look at it?
cc @stevenhorsman
export TEE_PLATFORM="xx" did not take effect