kata: 3.6.0 -> 3.7.0

Signed-off-by: Paul Meyer <[email protected]>
edgelesssys · Jul 22, 2024 · 55ae7ed · 55ae7ed
1 parent 8ee1b41
commit 55ae7ed
Show file tree

Hide file tree

Showing 6 changed files with 138 additions and 146 deletions.
diff --git a/packages/by-name/kata/kata-agent/package.nix b/packages/by-name/kata/kata-agent/package.nix
@@ -26,9 +26,9 @@ rustPlatform.buildRustPackage rec {
   cargoLock = {
     lockFile = "${src}/src/agent/Cargo.lock";
     outputHashes = {
-      "image-rs-0.1.0" = "sha256-L+tGVqCv3i4c72GY0KhCYq5brgGjAUGKED+9+qjr714=";
+      "attester-0.1.0" = "sha256-sRkBoBtE1irZxo5y3Ined6wMUmwxXq9c+Trt99q7kRk=";
       "loopdev-0.5.0" = "sha256-PD+iuZWPAFd3VUCgNB0ZrH/aCM2VMqJEyAv5/j1kqlA=";
-      "sigstore-0.8.0" = "sha256-lmcokyIx4R84miC8Rf3NjV3QS6XffbhzQeZGCM0u7lc=";
+      "sigstore-0.9.0" = "sha256-IeHuB5d5IU9YryeD47Qht0x806kJCoIOHsoEATRV+MY=";
     };
   };
 

diff --git a/packages/by-name/kata/kata-kernel-uvm/package.nix b/packages/by-name/kata/kata-kernel-uvm/package.nix
@@ -11,16 +11,17 @@
 let
   configfile = stdenvNoCC.mkDerivation rec {
     pname = "kata-kernel-config-confidential";
-    version = "3.6.0";
+    version = "3.7.0";
 
     src = fetchzip {
       url = "https://github.com/kata-containers/kata-containers/releases/download/${version}/kata-static-${version}-amd64.tar.xz";
-      hash = "sha256-ynMzMoJ90BzKuE6ih6DmbM2zWTDxsMwkAKsI8pbO3sg=";
+      hash = "sha256-SY75Ond2WLkY17Zal22GXgNKB3L1LGIyLKv8H/M0Wbw=";
     };
 
     # We don't use an initrd.
     postPatch = ''
-      substituteInPlace kata/share/kata-containers/config-6.7-132-confidential \
+      config=$(find . -regex '.*/config-[0-9.-]+-confidential')
+      substituteInPlace $config \
         --replace-fail 'CONFIG_INITRAMFS_SOURCE="initramfs.cpio.gz"' 'CONFIG_INITRAMFS_SOURCE=""'
     '';
 
@@ -29,7 +30,7 @@ let
     installPhase = ''
       runHook preInstall
 
-      cp kata/share/kata-containers/config-6.7-132-confidential $out
+      cp $config $out
 
       runHook postInstall
     '';

diff --git a/...by-name/kata/kata-runtime/0001-govmm-Directly-pass-the-firwmare-using-bios-with-SNP.patch b/...by-name/kata/kata-runtime/0001-govmm-Directly-pass-the-firwmare-using-bios-with-SNP.patch
@@ -1,4 +1,4 @@
-From 4f9225a214b76cf16b85c2c4af01b9140426135a Mon Sep 17 00:00:00 2001
+From 5af1244f3ed285fcbbb98f68d7584ca9292e9688 Mon Sep 17 00:00:00 2001
 From: Tom Dohrmann <[email protected]>
 Date: Fri, 5 Jul 2024 08:43:13 +0000
 Subject: [PATCH 1/3] govmm: Directly pass the firwmare using -bios with SNP
@@ -9,13 +9,13 @@ Subject: [PATCH 1/3] govmm: Directly pass the firwmare using -bios with SNP
  1 file changed, 1 insertion(+), 3 deletions(-)
 
 diff --git a/src/runtime/pkg/govmm/qemu/qemu.go b/src/runtime/pkg/govmm/qemu/qemu.go
-index e752f8181..dadbe8b35 100644
+index 6d71e28f9..4cc2239ec 100644
 --- a/src/runtime/pkg/govmm/qemu/qemu.go
 +++ b/src/runtime/pkg/govmm/qemu/qemu.go
-@@ -388,9 +388,7 @@ func (object Object) QemuParams(config *Config) []string {
- 		objectParams = append(objectParams, fmt.Sprintf("cbitpos=%d", object.CBitPos))
- 		objectParams = append(objectParams, fmt.Sprintf("reduced-phys-bits=%d", object.ReducedPhysBits))
- 		objectParams = append(objectParams, "kernel-hashes=on")
+@@ -395,9 +395,7 @@ func (object Object) QemuParams(config *Config) []string {
+ 		if object.SnpCertsPath != "" {
+ 			objectParams = append(objectParams, fmt.Sprintf("certs-path=%s", object.SnpCertsPath))
+ 		}
 -
 -		driveParams = append(driveParams, "if=pflash,format=raw,readonly=on")
 -		driveParams = append(driveParams, fmt.Sprintf("file=%s", object.File))
@@ -24,5 +24,5 @@ index e752f8181..dadbe8b35 100644
  		objectParams = append(objectParams, string(object.Type))
  		objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID))
 -- 
-2.45.2
+2.45.1
 
diff --git a/...by-name/kata/kata-runtime/0002-emulate-CPU-model-that-most-closely-matches-the-host.patch b/...by-name/kata/kata-runtime/0002-emulate-CPU-model-that-most-closely-matches-the-host.patch
@@ -1,4 +1,4 @@
-From ffbe9644ce1b2013a3678bf05e19ea21a2f60385 Mon Sep 17 00:00:00 2001
+From 9be4faa0887716435e290beccef7f7bca0cb3960 Mon Sep 17 00:00:00 2001
 From: Tom Dohrmann <[email protected]>
 Date: Mon, 8 Jul 2024 07:35:54 +0000
 Subject: [PATCH 2/3] emulate CPU model that most closely matches the host
@@ -12,10 +12,10 @@ attestation.
  1 file changed, 12 insertions(+), 1 deletion(-)
 
 diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go
-index ade7356eb..ca8f9998c 100644
+index 1d1be1711..6ebee26ce 100644
 --- a/src/runtime/virtcontainers/qemu_amd64.go
 +++ b/src/runtime/virtcontainers/qemu_amd64.go
-@@ -188,7 +188,18 @@ func (q *qemuAmd64) cpuModel() string {
+@@ -191,7 +191,18 @@ func (q *qemuAmd64) cpuModel() string {
  	protection, err := availableGuestProtection()
  	if err == nil {
  		if protection == snpProtection && q.snpGuest {
@@ -36,5 +36,5 @@ index ade7356eb..ca8f9998c 100644
  	}
 
 -- 
-2.45.2
+2.45.1