diff --git a/1001-upcall-omit-upcall-patch-first.patch b/1001-upcall-omit-upcall-patch-first.patch new file mode 100644 index 0000000000000000000000000000000000000000..976a35ba7063bfeb11051c8f40e244115192a496 --- /dev/null +++ b/1001-upcall-omit-upcall-patch-first.patch @@ -0,0 +1,37 @@ +From 29b4e3f34bda8c42cd9937b0d5de0ead457259ce Mon Sep 17 00:00:00 2001 +From: Chao Wu +Date: Tue, 18 Oct 2022 18:06:51 +0800 +Subject: [PATCH 1/2] upcall: omit upcall patch first + +3.0.0 has not supported upcall in Dragonball yet. So we delete dbs-upcall from the Cargo.toml. + +Signed-off-by: Chao Wu +--- + src/dragonball/Cargo.toml | 1 - + src/runtime-rs/Cargo.toml | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/src/dragonball/Cargo.toml b/src/dragonball/Cargo.toml +index df8286bfe..772aa539e 100644 +--- a/src/dragonball/Cargo.toml ++++ b/src/dragonball/Cargo.toml +@@ -58,7 +58,6 @@ virtio-fs = ["dbs-virtio-devices/virtio-fs", "virtio-queue", "atomic-guest-memor + dbs-device = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } + dbs-interrupt = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } + dbs-legacy-devices = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } +-dbs-upcall = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } + dbs-utils = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } + dbs-virtio-devices = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } + dbs-boot = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } +diff --git a/src/runtime-rs/Cargo.toml b/src/runtime-rs/Cargo.toml +index 470b29a64..c0dc0dfc3 100644 +--- a/src/runtime-rs/Cargo.toml ++++ b/src/runtime-rs/Cargo.toml +@@ -11,4 +11,3 @@ dbs-legacy-devices = { git = "https://github.com/openanolis/dragonball-sandbox.g + dbs-virtio-devices = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } + dbs-boot = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } + dbs-arch = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } +-dbs-upcall = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } +-- +2.31.1 + diff --git a/1002-toml-add-LifseaOS-introduction-in-Kata-config-toml.patch b/1002-toml-add-LifseaOS-introduction-in-Kata-config-toml.patch new file mode 100644 index 0000000000000000000000000000000000000000..8f8e57b9ff5befba4815c32f25819403e0ea8065 --- /dev/null +++ b/1002-toml-add-LifseaOS-introduction-in-Kata-config-toml.patch @@ -0,0 +1,46 @@ +From f80bf1718fdb9b514defcfd8b5fb22993c1153d8 Mon Sep 17 00:00:00 2001 +From: Chao Wu +Date: Tue, 18 Oct 2022 18:12:34 +0800 +Subject: [PATCH 2/2] toml: add LifseaOS introduction in Kata config toml + +Signed-off-by: Chao Wu +--- + src/runtime-rs/config/configuration-dragonball.toml.in | 5 +++++ + src/runtime/config/configuration-qemu.toml.in | 5 +++++ + 2 files changed, 10 insertions(+) + +diff --git a/src/runtime-rs/config/configuration-dragonball.toml.in b/src/runtime-rs/config/configuration-dragonball.toml.in +index cb8d7aeee..8cb07dc1b 100644 +--- a/src/runtime-rs/config/configuration-dragonball.toml.in ++++ b/src/runtime-rs/config/configuration-dragonball.toml.in +@@ -15,6 +15,11 @@ + path = "@DBPATH@" + ctlpath = "@DBCTLPATH@" + kernel = "@KERNELPATH_DB@" ++# We use LifseaOS as default rootfs and LifseaOS is introduced by OpenAnolis with lots of optimizations on container workload. ++# We recommand you to try Lifsea0S but if you want to switch to other rootfs, please remember to delete ++# init=/ostree/boot.1/Lifsea0S/latest/0/usr/lib/ostree/ostree-prepare-root ostree=/ostree/boot.1/Lifsea0S/latest/0 varetc-ro ++# from the kernel_params configuration part down below. ++# Also, you could tell us why you switch in OpenAnolis Community and we'll promise to follow up with the issues. + image = "@IMAGEPATH@" + + # List of valid annotation names for the hypervisor +diff --git a/src/runtime/config/configuration-qemu.toml.in b/src/runtime/config/configuration-qemu.toml.in +index d0a711dcf..bfd178361 100644 +--- a/src/runtime/config/configuration-qemu.toml.in ++++ b/src/runtime/config/configuration-qemu.toml.in +@@ -15,6 +15,11 @@ + path = "@QEMUPATH@" + kernel = "@KERNELPATH@" ++# We use LifseaOS as default rootfs and LifseaOS is introduced by OpenAnolis with lots of optimizations on container workload. ++# We recommand you to try Lifsea0S but if you want to switch to other rootfs, please remember to delete ++# init=/ostree/boot.1/Lifsea0S/latest/0/usr/lib/ostree/ostree-prepare-root ostree=/ostree/boot.1/Lifsea0S/latest/0 varetc-ro ++# from the kernel_params configuration part down below. ++# Also, you could tell us why you switch in OpenAnolis Community and we'll promise to follow up with the issues. + image = "@IMAGEPATH@" + machine_type = "@MACHINETYPE@" + + # Enable confidential guest support. +-- +2.31.1 + diff --git a/kata-containers-3.0.0-vendor.tar.gz b/kata-containers-3.0.0-vendor.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..95b1a6808275192483a38284b5d7139b9ee1a990 Binary files /dev/null and b/kata-containers-3.0.0-vendor.tar.gz differ diff --git a/kata-containers-3.0.0.tar.gz b/kata-containers-3.0.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..e8fbd4ce6d547934c47463571b4cff4b67bcdf79 Binary files /dev/null and b/kata-containers-3.0.0.tar.gz differ diff --git a/kata-containers.img b/kata-containers.img new file mode 100644 index 0000000000000000000000000000000000000000..f12916853c67d489249529c9e57498d8dc7ae354 Binary files /dev/null and b/kata-containers.img differ diff --git a/kata-containers.spec b/kata-containers.spec new file mode 100644 index 0000000000000000000000000000000000000000..e11af58389b532a6531f5807a11916131269083f --- /dev/null +++ b/kata-containers.spec @@ -0,0 +1,285 @@ +%define anolis_release 2 + +%global have_go_rpm_macros 0 + +%global with_debug 0 + +# Shamelessly copied from CRI-O spec file. +%if 0%{?with_debug} +%global _find_debuginfo_dwz_opts %{nil} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +# https://github.com/rust-lang/rust/issues/47714 +%undefine _strict_symbol_defs_build + +# We want verbose builds +%global _configure_disable_silent_rules 1 + +# Use bundled deps as we don't ship the exact right versions for all the +# required rust libraries +%global bundled_rust_deps 1 + +# Release candidate version tracking +# global rcver rc0 +%if 0%{?rcver:1} +%global rcrel .%{rcver} +%global rcstr -%{rcver} +%endif + +# htps://github.com/kata-containers/kata-containers +Version: 3.0.0 +%global tag %{version}%{?rcstr} + +%global domain github.com +%global org kata-containers +%global repo kata-containers +%global download %{domain}/%{org}/%{repo} +%global importname %{download} + + +%global common_description %{expand: +Kata Containers version 3.x repository. Kata Containers is an open source +project and community working to build a standard implementation of lightweight +Virtual Machines (VMs) that feel and perform like containers, but provide the +workload isolation and security advantages of VMs. https://katacontainers.io/.} + +%global golicenses LICENSE \\\ + src/agent/LICENSE + +%global godocs README.md \\\ + CODE_OF_CONDUCT.md \\\ + CONTRIBUTING.md\\\ + src/agent/README.md + +Name: %{repo} +Release: %{anolis_release}%{?rcrel}%{?dist} +Summary: Kata Containers version 3.x repository +License: ASL 2.0 +Url: https://%{download} +Source0: https://%{download}/archive/%{version}%{?rcstr}/%{repo}-%{version}%{?rcstr}.tar.gz +Source1: https://%{download}/releases/download/%{version}/%{repo}-%{version}%{?rcstr}-vendor.tar.gz +Source2: kata-containers.img +Source3: vmlinux.container + +Patch1001: 1001-upcall-omit-upcall-patch-first.patch +Patch1002: 1002-toml-add-LifseaOS-introduction-in-Kata-config-toml.patch + +%if 0%{?have_go_rpm_macros} +BuildRequires: go-rpm-macros +%else +BuildRequires: compiler(go-compiler) +BuildRequires: golang +%endif + +BuildRequires: git-core +BuildRequires: libselinux-devel +BuildRequires: libseccomp-devel +BuildRequires: make +BuildRequires: systemd +BuildRequires: gcc +BuildRequires: protobuf-compiler + +%{?systemd_requires} +# %%check requirements +BuildRequires: dracut +BuildRequires: kernel + +%if 0%{?bundled_rust_deps} +BuildRequires: cargo +BuildRequires: rust +%else +# Generated using rust2rpm +# [dependencies] +BuildRequires: rust-packaging +BuildRequires: (crate(anyhow/default) >= 1.0.32 with crate(anyhow/default) < 2.0.0) +BuildRequires: (crate(lazy_static/default) >= 1.3.0 with crate(lazy_static/default) < 2.0.0) +BuildRequires: (crate(libc/default) >= 0.2.58 with crate(libc/default) < 0.3.0) +BuildRequires: (crate(log/default) >= 0.4.11 with crate(log/default) < 0.5.0) +BuildRequires: (crate(nix/default) >= 0.17.0 with crate(nix/default) < 0.18.0) +BuildRequires: (crate(prctl/default) >= 1.0.0 with crate(prctl/default) < 2.0.0) +BuildRequires: (crate(procfs/default) >= 0.7.9 with crate(procfs/default) < 0.8.0) +BuildRequires: (crate(prometheus/default) >= 0.9.0 with crate(prometheus/default) < 0.10.0) +BuildRequires: (crate(prometheus/process) >= 0.9.0 with crate(prometheus/process) < 0.10.0) +BuildRequires: (crate(regex/default) >= 1.0.0 with crate(regex/default) < 2.0.0) +BuildRequires: (crate(scan_fmt/default) >= 0.2.3 with crate(scan_fmt/default) < 0.3.0) +BuildRequires: (crate(scopeguard/default) >= 1.0.0 with crate(scopeguard/default) < 2.0.0) +BuildRequires: (crate(serde_json/default) >= 1.0.39 with crate(serde_json/default) < 2.0.0) +BuildRequires: (crate(signal-hook/default) >= 0.1.9 with crate(signal-hook/default) < 0.2.0) +BuildRequires: (crate(slog-scope/default) >= 4.1.2 with crate(slog-scope/default) < 5.0.0) +BuildRequires: (crate(slog-stdlog/default) >= 4.0.0 with crate(slog-stdlog/default) < 5.0.0) +BuildRequires: (crate(slog/default) >= 2.5.2 with crate(slog/default) < 3.0.0) +BuildRequires: (crate(slog/dynamic-keys) >= 2.5.2 with crate(slog/dynamic-keys) < 3.0.0) +BuildRequires: (crate(slog/max_level_trace) >= 2.5.2 with crate(slog/max_level_trace) < 3.0.0) +BuildRequires: (crate(slog/release_max_level_info) >= 2.5.2 with crate(slog/release_max_level_info) < 3.0.0) +BuildRequires: (crate(tempfile/default) >= 3.1.0 with crate(tempfile/default) < 4.0.0) +BuildRequires: crate(cgroups/default) >= 0.0.0 +BuildRequires: crate(logging/default) >= 0.0.0 +BuildRequires: crate(netlink/default) >= 0.0.0 +BuildRequires: crate(netlink/with-agent-handler) >= 0.0.0 +BuildRequires: crate(netlink/with-log) >= 0.0.0 +BuildRequires: crate(oci/default) >= 0.0.0 +BuildRequires: crate(protobuf/default) = 2.14.0 +BuildRequires: crate(protocols/default) >= 0.0.0 +BuildRequires: crate(rustjail/default) >= 0.0.0 +BuildRequires: crate(ttrpc/default) >= 0.0.0 +%endif + +Requires: dracut +Requires: kernel +Requires: qemu-kvm-core >= 4.2.0 + +Conflicts: kata-agent +Conflicts: kata-ksm-throttler +Conflicts: kata-osbuilder +Conflicts: kata-proxy +Conflicts: kata-runtime +Conflicts: kata-shim + +# Currently we only support x86_64, we will add aarch64 support in the future. +ExclusiveArch: x86_64 + +%description +%{common_description} + +%gopkg + + +# Common variables to pass to 'make' +# The machine type uses a modern default +# The kernel parameters workaround an issue with cgroupsv2 after kernel 5.3 +# To-do: add BUILDFLAGS=gobuildflags when the macro becomes available +%global qemu qemu-kvm +%global qemupath %{_libexecdir}/%{qemu} + +# The machine type to be used is architecture specific: +# aarch64: virt +# x86_64: q35 +%ifarch aarch64 +%global machinetype "virt" +%endif +%ifarch x86_64 +%global machinetype "q35" +%endif + +%global katadatadir %{_datadir}/kata-containers +%global katadefaults %{_datadir}/defaults/kata-containers +%global katacache %{_localstatedir}/cache +%global katalibexecdir %{_libexecdir}/kata-containers +%global katalocalstatecachedir %{katacache}/kata-containers + +%global kataagentdir %{katalibexecdir}/agent +%global kataosbuilderdir %{katalibexecdir}/osbuilder + +%global runtime_rs_make_vars KERNELTYPE="compressed" \\\ + DEFSHAREDFS="virtio-fs" \\\ + DEFVIRTIOFSDAEMON=%{_libexecdir}/"virtiofsd" \\\ + DEFVIRTIOFSCACHESIZE=0 \\\ + DEFSANDBOXCGROUPONLY=true \\\ + SKIP_GO_VERSION_CHECK=y \\\ + MACHINETYPE=%{machinetype} \\\ + SCRIPTS_DIR=%{_bindir} \\\ + DESTDIR=%{buildroot} \\\ + DEFAULTSDIR=%{katadefaults} \\\ + CONFDIR=%{katadefaults} \\\ + FEATURE_SELINUX="yes" \\\ + DEFENABLEANNOTATIONS=['\\\".*\\\"'] \\\ + LIBC=gnu + +%global runtime_make_vars QEMUPATH=%{qemupath} \\\ + KERNELTYPE="compressed" \\\ + DEFSHAREDFS="virtio-fs" \\\ + DEFVIRTIOFSDAEMON=%{_libexecdir}/"virtiofsd" \\\ + DEFVIRTIOFSCACHESIZE=0 \\\ + DEFSANDBOXCGROUPONLY=true \\\ + SKIP_GO_VERSION_CHECK=y \\\ + MACHINETYPE=%{machinetype} \\\ + SCRIPTS_DIR=%{_bindir} \\\ + DESTDIR=%{buildroot} \\\ + PREFIX=/usr/runtime-go \\\ + IMAGEPATH=%{katadatadir}/kata-containers.img \\\ + KERNELPATH=%{katadatadir}/vmlinux.container \\\ + DEFAULTSDIR=%{katadefaults} \\\ + CONFDIR=%{katadefaults} \\\ + FEATURE_SELINUX="yes" \\\ + DEFENABLEANNOTATIONS=['\\\".*\\\"'] + +%prep +%autosetup -p1 -n %{repo}-%{version}%{?rcstr} + +cd %{_builddir}/%{repo}-%{version}%{?rcstr} +tar -xf %{SOURCE1} + +# Not using gobuild here in order to stick to how upstream builds +# (This builds multiple binaries) +%build +export PATH=$PATH:"$(pwd)/go/bin" +export GOPATH="$(pwd)/go" + +mkdir -p go/src/%{domain}/%{org} +ln -s $(pwd)/../%{repo}-%{version}%{?rcstr} go/src/%{importname} +cd go/src/%{importname} + +pushd src/runtime +%make_build %{runtime_make_vars} +popd + +pushd src/runtime-rs +%make_build %{runtime_rs_make_vars} +popd + +# Not using gopkginstall here in order to stick to how upstream builds +%install +export GOPATH=$(pwd)/go +export PATH=$PATH:$GOPATH/bin + +cd go/src/%{importname} + +install -m 0644 -D -t %{buildroot}%{katalibexecdir} VERSION + +pushd src/runtime +%make_install %{runtime_make_vars} +popd + +pushd src/runtime-rs +%make_install %{runtime_rs_make_vars} +popd + +# Add kernel_params for LifseaOS +sed -i '/kernel_params/s/\"$/ init=\/ostree\/boot.1\/LifseaOS\/latest\/0\/usr\/lib\/ostree\/ostree-prepare-root ostree=\/ostree\/boot.1\/LifseaOS\/latest\/0 varetc-ro\"/g' %{buildroot}%{katadefaults}/configuration-dragonball.toml +sed -i '/kernel_params/s/\"$/ init=\/ostree\/boot.1\/LifseaOS\/latest\/0\/usr\/lib\/ostree\/ostree-prepare-root ostree=\/ostree\/boot.1\/LifseaOS\/latest\/0 varetc-ro\"/g' %{buildroot}%{katadefaults}/configuration-qemu.toml + +install -m 0755 -D -t %{buildroot}%{katadatadir} %{SOURCE2} +install -m 0755 -D -t %{buildroot}%{katadatadir} %{SOURCE3} + +%files +# runtime +/usr/local/bin/containerd-shim-kata-v2 +/usr/runtime-go/bin/containerd-shim-kata-v2 +%dir %{katalibexecdir} +%{katalibexecdir}/VERSION +%dir %{katadatadir} +%dir %{katadefaults} +%{katadefaults}/configuration.toml +%{katadefaults}/configuration-dragonball.toml +%license LICENSE +%doc README.md CONTRIBUTING.md +%{katadatadir}/kata-containers.img +%{katadatadir}/vmlinux.container +/usr/runtime-go/bin/kata-monitor +/usr/runtime-go/bin/kata-runtime +/usr/runtime-go/share/bash-completion/completions/kata-runtime +%{katadefaults}/configuration-acrn.toml +%{katadefaults}/configuration-clh.toml +%{katadefaults}/configuration-fc.toml +%{katadefaults}/configuration-qemu.toml +%{_bindir}/kata-collect-data.sh + +%changelog +* Wed Oct 12 2022 Chao Wu - 3.0.0-2 +- support the release version of Kata Containers 3.0.0 containing both rust runtime and go runtime. + +* Wed Aug 17 2022 Chao Wu - 3.0.0-1 +- support Kata Containers 3.0.0 which is introduced by Open Anolis. diff --git a/vmlinux.container b/vmlinux.container new file mode 100755 index 0000000000000000000000000000000000000000..5888b9c08d86a4ab022f461b266d32ce1daf430c Binary files /dev/null and b/vmlinux.container differ