From 682d9649d050fe19db74b28f3c29dae9f7ac6ca1 Mon Sep 17 00:00:00 2001 From: Paul Meyer Date: Mon, 23 Dec 2024 11:46:31 +0100 Subject: [PATCH] kata.kata-runtime: 3.10.1 -> 3.11.0 Signed-off-by: Paul Meyer --- packages/by-name/kata/kata-agent/package.nix | 1 + .../by-name/kata/kata-kernel-uvm/package.nix | 3 +- ...e-agent-verify-the-agent-policy-hash.patch | 80 +- .../0004-genpolicy-enable-sysctl-checks.patch | 8 +- ...genpolicy-read-bundle-id-from-rootfs.patch | 8 +- ...check-contrast-specific-layer-src-pr.patch | 4 +- ...y-rules-remove-check-for-OCI-version.patch | 4 +- ...009-genpolicy-allow-image_guest_pull.patch | 12 +- ...icy-bump-oci-distribution-to-v0.12.0.patch | 83 +- ...port-mount-propagation-and-ro-mounts.patch | 4 +- ...l-remove-obsolete-cgroups-dependency.patch | 590 --------- ...me-allow-initrd-AND-image-to-be-set.patch} | 2 +- ...-not-log-policy-annotation-in-debug.patch} | 0 ...move-json-parsing-to-protocols-crate.patch | 1107 ----------------- ...licy-allow-non-watchable-ConfigMaps.patch} | 0 ...ols-only-build-RLimit-impls-on-Linux.patch | 54 - ... 0017-genpolicy-support-guest-hooks.patch} | 6 +- .../by-name/kata/kata-runtime/package.nix | 19 +- 18 files changed, 117 insertions(+), 1868 deletions(-) delete mode 100644 packages/by-name/kata/kata-runtime/0014-kata-sys-util-remove-obsolete-cgroups-dependency.patch rename packages/by-name/kata/kata-runtime/{0017-runtime-allow-initrd-AND-image-to-be-set.patch => 0014-runtime-allow-initrd-AND-image-to-be-set.patch} (96%) rename packages/by-name/kata/kata-runtime/{0018-genpolicy-do-not-log-policy-annotation-in-debug.patch => 0015-genpolicy-do-not-log-policy-annotation-in-debug.patch} (100%) delete mode 100644 packages/by-name/kata/kata-runtime/0015-kata-sys-util-move-json-parsing-to-protocols-crate.patch rename packages/by-name/kata/kata-runtime/{0019-genpolicy-allow-non-watchable-ConfigMaps.patch => 0016-genpolicy-allow-non-watchable-ConfigMaps.patch} (100%) delete mode 100644 packages/by-name/kata/kata-runtime/0016-protocols-only-build-RLimit-impls-on-Linux.patch rename packages/by-name/kata/kata-runtime/{0020-genpolicy-support-guest-hooks.patch => 0017-genpolicy-support-guest-hooks.patch} (93%) diff --git a/packages/by-name/kata/kata-agent/package.nix b/packages/by-name/kata/kata-agent/package.nix index 2b67dfdbd5..4a64250a2b 100644 --- a/packages/by-name/kata/kata-agent/package.nix +++ b/packages/by-name/kata/kata-agent/package.nix @@ -29,6 +29,7 @@ rustPlatform.buildRustPackage rec { "attester-0.1.0" = "sha256-hx5Z5HxsyAPCQLY62koNGFHpG5M5PfG9Kagfsey58oI="; "loopdev-0.5.0" = "sha256-PD+iuZWPAFd3VUCgNB0ZrH/aCM2VMqJEyAv5/j1kqlA="; "sigstore-0.9.0" = "sha256-IeHuB5d5IU9YryeD47Qht0x806kJCoIOHsoEATRV+MY="; + "cdi-0.1.0" = "sha256-DbXa6h678WYdBdQrVpetkfY8QzamW9lZIjd0u1fQgd4="; }; }; diff --git a/packages/by-name/kata/kata-kernel-uvm/package.nix b/packages/by-name/kata/kata-kernel-uvm/package.nix index 801ee26807..0137a4a89c 100644 --- a/packages/by-name/kata/kata-kernel-uvm/package.nix +++ b/packages/by-name/kata/kata-kernel-uvm/package.nix @@ -19,7 +19,8 @@ let src = fetchzip { url = "https://github.com/kata-containers/kata-containers/releases/download/${version}/kata-static-${version}-amd64.tar.xz"; - hash = "sha256-VcbOY86p8VkI6XvdhHfZNnWVHKuMLW7Xj7uzHHDiVsk="; + hash = "sha256-zxCp7iDVq/Oy21S5pv/z6iVCrFF02UHYjd/JAB8iUzQ="; + stripRoot = false; }; postPatch = diff --git a/packages/by-name/kata/kata-runtime/0003-runtime-agent-verify-the-agent-policy-hash.patch b/packages/by-name/kata/kata-runtime/0003-runtime-agent-verify-the-agent-policy-hash.patch index 660c0de95b..663e85dc8c 100644 --- a/packages/by-name/kata/kata-runtime/0003-runtime-agent-verify-the-agent-policy-hash.patch +++ b/packages/by-name/kata/kata-runtime/0003-runtime-agent-verify-the-agent-policy-hash.patch @@ -18,14 +18,14 @@ the Agent has the expected contents. Signed-off-by: Dan Mihai Signed-off-by: Tom Dohrmann --- - src/agent/Cargo.lock | 101 +++++++++ + src/agent/Cargo.lock | 105 +++++++++- src/agent/Cargo.toml | 7 +- src/agent/src/main.rs | 4 + src/agent/src/policy.rs | 46 ++++- src/agent/src/sev.rs | 19 ++ src/agent/src/tdx.rs | 194 ++++++++++++++++++ src/runtime/pkg/govmm/qemu/qemu.go | 17 +- - src/runtime/virtcontainers/hypervisor.go | 10 +- + src/runtime/virtcontainers/hypervisor.go | 12 +- src/runtime/virtcontainers/qemu.go | 2 +- src/runtime/virtcontainers/qemu_amd64.go | 39 +++- src/runtime/virtcontainers/qemu_amd64_test.go | 116 ++++++++++- @@ -37,15 +37,15 @@ Signed-off-by: Tom Dohrmann src/runtime/virtcontainers/qemu_s390x.go | 2 +- src/runtime/virtcontainers/qemu_s390x_test.go | 51 ++++- src/runtime/virtcontainers/sandbox.go | 1 + - 19 files changed, 677 insertions(+), 40 deletions(-) + 19 files changed, 680 insertions(+), 43 deletions(-) create mode 100644 src/agent/src/sev.rs create mode 100644 src/agent/src/tdx.rs diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock -index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05d347262d 100644 +index 67b1830278ca52904a73c6281693049cb5d85283..d53facd717f2428f7790d5b65bdf4bde70ac7d64 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock -@@ -542,6 +542,12 @@ version = "0.6.3" +@@ -605,6 +605,12 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" @@ -58,7 +58,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 [[package]] name = "bitflags" version = "1.3.2" -@@ -967,6 +973,12 @@ dependencies = [ +@@ -1100,11 +1106,17 @@ dependencies = [ "wasm-bindgen", ] @@ -68,10 +68,17 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12170080f3533d6f09a19f81596f836854d0fa4867dc32c8172b8474b4e9de61" + + [[package]] + name = "colorchoice" +-version = "1.0.2" ++version = "1.0.3" + source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0" ++checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" + [[package]] name = "combine" - version = "4.6.7" -@@ -1473,6 +1485,15 @@ dependencies = [ +@@ -1612,6 +1624,15 @@ dependencies = [ "subtle", ] @@ -87,7 +94,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 [[package]] name = "dirs-next" version = "2.0.0" -@@ -1483,6 +1504,18 @@ dependencies = [ +@@ -1622,6 +1643,18 @@ dependencies = [ "dirs-sys-next", ] @@ -106,7 +113,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 [[package]] name = "dirs-sys-next" version = "0.1.2" -@@ -2570,6 +2603,12 @@ dependencies = [ +@@ -2748,6 +2781,12 @@ dependencies = [ "windows-sys 0.48.0", ] @@ -119,7 +126,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 [[package]] name = "iovec" version = "0.1.4" -@@ -2808,6 +2847,8 @@ dependencies = [ +@@ -3047,6 +3086,8 @@ dependencies = [ "serde", "serde_json", "serial_test", @@ -128,7 +135,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 "slog", "slog-scope", "slog-stdlog", -@@ -2825,6 +2866,7 @@ dependencies = [ +@@ -3064,6 +3105,7 @@ dependencies = [ "tracing-subscriber", "ttrpc", "url", @@ -136,7 +143,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 "vsock-exporter", "which", ] -@@ -3759,6 +3801,12 @@ dependencies = [ +@@ -4054,6 +4096,12 @@ dependencies = [ "tokio-stream", ] @@ -149,7 +156,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 [[package]] name = "ordered-stream" version = "0.2.0" -@@ -5201,6 +5249,15 @@ dependencies = [ +@@ -5500,6 +5548,15 @@ dependencies = [ "syn 1.0.109", ] @@ -165,7 +172,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 [[package]] name = "serde-enum-str" version = "0.4.0" -@@ -5220,6 +5277,15 @@ version = "0.2.2" +@@ -5519,6 +5576,15 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "794e44574226fc701e3be5c651feb7939038fc67fb73f6f4dd5c4ba90fd3be70" @@ -181,7 +188,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 [[package]] name = "serde_derive" version = "1.0.204" -@@ -5323,6 +5389,28 @@ dependencies = [ +@@ -5622,6 +5688,28 @@ dependencies = [ "syn 1.0.109", ] @@ -210,7 +217,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 [[package]] name = "sha1" version = "0.10.6" -@@ -6351,6 +6439,9 @@ name = "uuid" +@@ -6656,6 +6744,9 @@ name = "uuid" version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314" @@ -220,7 +227,7 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 [[package]] name = "valuable" -@@ -6370,6 +6461,16 @@ version = "0.9.4" +@@ -6675,6 +6766,16 @@ version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" @@ -238,12 +245,12 @@ index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05 name = "vsock" version = "0.2.6" diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml -index a8ed5d081cf87b19f4ce5c5bdb9cc4efa694a6e3..d5b3db965fe75cbccc182825a4115bdc57a9705b 100644 +index 5dd9c1e2616b8cd47a60a5644ec9d88705fe3fbd..b8b216c6b24829a457ae55209c63d09187c02d24 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml -@@ -85,6 +85,11 @@ regorus = { version = "0.1.4", default-features = false, features = [ - "regex", - ], optional = true } +@@ -88,6 +88,11 @@ regorus = { version = "0.2.6", default-features = false, features = [ + cdi = { git = "https://github.com/cncf-tags/container-device-interface-rs", rev = "fba5677a8e7cc962fc6e495fcec98d7d765e332a" } + json-patch = "2.0.0" +# Policy validation +sha2 = { version = "0.10.6", optional = true } @@ -253,7 +260,7 @@ index a8ed5d081cf87b19f4ce5c5bdb9cc4efa694a6e3..d5b3db965fe75cbccc182825a4115bdc [dev-dependencies] tempfile = "3.1.0" test-utils = { path = "../libs/test-utils" } -@@ -103,7 +108,7 @@ lto = true +@@ -106,7 +111,7 @@ lto = true default-pull = ["guest-pull"] seccomp = ["rustjail/seccomp"] standard-oci-runtime = ["rustjail/standard-oci-runtime"] @@ -263,7 +270,7 @@ index a8ed5d081cf87b19f4ce5c5bdb9cc4efa694a6e3..d5b3db965fe75cbccc182825a4115bdc [[bin]] diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs -index 8a057bb367537cfac988f20fda86b2e23a681682..22d858c10468478dacb7e7e9b9133a756abc1ea8 100644 +index 3e2e22d698f98c9ea3bb9807694e8d93f5cd8d9a..8912b8c76b64619f5251fd2f95c2da2e2f45937e 100644 --- a/src/agent/src/main.rs +++ b/src/agent/src/main.rs @@ -85,6 +85,10 @@ mod tracer; @@ -278,14 +285,14 @@ index 8a057bb367537cfac988f20fda86b2e23a681682..22d858c10468478dacb7e7e9b9133a75 cfg_if! { if #[cfg(target_arch = "s390x")] { diff --git a/src/agent/src/policy.rs b/src/agent/src/policy.rs -index ccac317d0ff707c1fd1242a144886d5e8c000a90..2f1da9ecd0d0ee1be06218d5bc9e58cd93defa8c 100644 +index 08587a6d03bb53ed82b62c48b658b9dbd8b07c6c..875a48127f5ceabcb6afb9cedaae74e5e0099d24 100644 --- a/src/agent/src/policy.rs +++ b/src/agent/src/policy.rs @@ -3,11 +3,14 @@ // SPDX-License-Identifier: Apache-2.0 // --use anyhow::Result; +-use anyhow::{bail, Result}; +use anyhow::{bail, ensure, Result}; use protobuf::MessageDyn; +use sha2::{Digest, Sha256}; @@ -297,7 +304,7 @@ index ccac317d0ff707c1fd1242a144886d5e8c000a90..2f1da9ecd0d0ee1be06218d5bc9e58cd use crate::{AGENT_CONFIG, AGENT_POLICY}; static POLICY_LOG_FILE: &str = "/tmp/policy.txt"; -@@ -145,6 +148,7 @@ impl AgentPolicy { +@@ -217,6 +220,7 @@ impl AgentPolicy { /// Replace the Policy in regorus. pub async fn set_policy(&mut self, policy: &str) -> Result<()> { @@ -305,7 +312,7 @@ index ccac317d0ff707c1fd1242a144886d5e8c000a90..2f1da9ecd0d0ee1be06218d5bc9e58cd self.engine = Self::new_engine(); self.engine .add_policy("agent_policy".to_string(), policy.to_string())?; -@@ -192,3 +196,43 @@ impl AgentPolicy { +@@ -264,3 +268,43 @@ impl AgentPolicy { Ok(()) } } @@ -631,7 +638,7 @@ index b3b3fb4bdbe99e6fc1a89db49be984b92a19551c..5070ecd1e78ca04383637e662b3c8e4f return tdxObject.String() diff --git a/src/runtime/virtcontainers/hypervisor.go b/src/runtime/virtcontainers/hypervisor.go -index 5eb922980be33de9afc25ffaae65dd222f976c52..0e5205cc99da99e929365cbfe8637465872addb9 100644 +index cad5e85d7440550422154729e443448a9223250d..646720f3261e361ee0893dd511d6c11b2a7706c6 100644 --- a/src/runtime/virtcontainers/hypervisor.go +++ b/src/runtime/virtcontainers/hypervisor.go @@ -545,7 +545,7 @@ type HypervisorConfig struct { @@ -643,10 +650,15 @@ index 5eb922980be33de9afc25ffaae65dd222f976c52..0e5205cc99da99e929365cbfe8637465 DefaultMaxVCPUs uint32 // DefaultMem specifies default memory size in MiB for the VM. -@@ -673,6 +673,10 @@ type HypervisorConfig struct { - - // Initdata defines the initdata passed into guest when CreateVM +@@ -675,10 +675,14 @@ type HypervisorConfig struct { Initdata string + + // GPU specific annotations (currently only applicable for Remote Hypervisor) +- //DefaultGPUs specifies the number of GPUs required for the Kata VM ++ // DefaultGPUs specifies the number of GPUs required for the Kata VM + DefaultGPUs uint32 + // DefaultGPUModel specifies GPU model like tesla, h100, readeon etc. + DefaultGPUModel string + + // Policy text, for sandboxes created using a valid io.katacontainers.config.agent.policy + // annotation @@ -654,7 +666,7 @@ index 5eb922980be33de9afc25ffaae65dd222f976c52..0e5205cc99da99e929365cbfe8637465 } // vcpu mapping from vcpu number to thread number -@@ -1027,8 +1031,8 @@ type guestProtection uint8 +@@ -1033,8 +1037,8 @@ type guestProtection uint8 const ( noneProtection guestProtection = iota @@ -1281,7 +1293,7 @@ index 24a67bdd9e591ead96fbaea473cb662526dedbf3..3f5f84afffeec6fed0ba624408158425 + assert.Equal(expectedOut, devices) } diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go -index ac0d35e9c854d6b5eea52e716137fe62414d51a7..ff7a46b4e05dbef2d8d1981897b04e639fda5527 100644 +index 33244bc5358c7b50fdc9dcced29c13e24d2e0e39..8cfb80dcde865aa679c12f68173ae168d38c4b20 100644 --- a/src/runtime/virtcontainers/sandbox.go +++ b/src/runtime/virtcontainers/sandbox.go @@ -613,6 +613,7 @@ func newSandbox(ctx context.Context, sandboxConfig SandboxConfig, factory Factor diff --git a/packages/by-name/kata/kata-runtime/0004-genpolicy-enable-sysctl-checks.patch b/packages/by-name/kata/kata-runtime/0004-genpolicy-enable-sysctl-checks.patch index ce01e0347a..8d2a1fa5fe 100644 --- a/packages/by-name/kata/kata-runtime/0004-genpolicy-enable-sysctl-checks.patch +++ b/packages/by-name/kata/kata-runtime/0004-genpolicy-enable-sysctl-checks.patch @@ -44,10 +44,10 @@ index fe1625bac119b59ce2094b2220e2a87c486e670a..e50d5e545e3fe42db486771345310d4c }, "volumes": { diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego -index 1d95bfe699bb5082f8bbfb2cc4d89c8bde3a08ec..a89b13ed158ad8524e11ffbdad8ccb1ce7692aed 100644 +index ed6b4893a9c4c8b49dc26cc645d763ee7e36eb4f..1a7f7107030b4af11a43e26b6481d3a0016f7816 100644 --- a/src/tools/genpolicy/rules.rego +++ b/src/tools/genpolicy/rules.rego -@@ -112,7 +112,6 @@ allow_create_container_input { +@@ -120,7 +120,6 @@ allow_create_container_input { is_null(i_linux.Resources.Network) is_null(i_linux.Resources.Pids) is_null(i_linux.Seccomp) @@ -55,7 +55,7 @@ index 1d95bfe699bb5082f8bbfb2cc4d89c8bde3a08ec..a89b13ed158ad8524e11ffbdad8ccb1c i_process := i_oci.Process count(i_process.SelinuxLabel) == 0 -@@ -389,6 +388,7 @@ allow_linux(p_oci, i_oci) { +@@ -438,6 +437,7 @@ allow_linux(p_oci, i_oci) { allow_masked_paths(p_oci, i_oci) allow_readonly_paths(p_oci, i_oci) allow_linux_devices(p_oci.Linux.Devices, i_oci.Linux.Devices) @@ -63,7 +63,7 @@ index 1d95bfe699bb5082f8bbfb2cc4d89c8bde3a08ec..a89b13ed158ad8524e11ffbdad8ccb1c print("allow_linux: true") } -@@ -487,6 +487,23 @@ allow_linux_devices(p_devices, i_devices) { +@@ -536,6 +536,23 @@ allow_linux_devices(p_devices, i_devices) { print("allow_linux_devices: true") } diff --git a/packages/by-name/kata/kata-runtime/0005-genpolicy-read-bundle-id-from-rootfs.patch b/packages/by-name/kata/kata-runtime/0005-genpolicy-read-bundle-id-from-rootfs.patch index fbbcecdca1..3a3bb7d326 100644 --- a/packages/by-name/kata/kata-runtime/0005-genpolicy-read-bundle-id-from-rootfs.patch +++ b/packages/by-name/kata/kata-runtime/0005-genpolicy-read-bundle-id-from-rootfs.patch @@ -14,10 +14,10 @@ NOTE: fixes https://github.com/kata-containers/kata-containers/issues/10065 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego -index a89b13ed158ad8524e11ffbdad8ccb1ce7692aed..d9b68e3ac0758f0d15bc1415300573082d7e1949 100644 +index 1a7f7107030b4af11a43e26b6481d3a0016f7816..b9ea01e439b55c12600765a73321e76b8311d5a4 100644 --- a/src/tools/genpolicy/rules.rego +++ b/src/tools/genpolicy/rules.rego -@@ -509,9 +509,6 @@ allow_linux_sysctl(p_linux, i_linux) { +@@ -558,9 +558,6 @@ allow_linux_sysctl(p_linux, i_linux) { allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) { print("allow_by_bundle_or_sandbox_id: start") @@ -27,7 +27,7 @@ index a89b13ed158ad8524e11ffbdad8ccb1ce7692aed..d9b68e3ac0758f0d15bc141530057308 key := "io.kubernetes.cri.sandbox-id" p_regex := p_oci.Annotations[key] -@@ -520,7 +517,14 @@ allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) { +@@ -569,7 +566,14 @@ allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) { print("allow_by_bundle_or_sandbox_id: sandbox_id =", sandbox_id, "regex =", p_regex) regex.match(p_regex, sandbox_id) @@ -43,7 +43,7 @@ index a89b13ed158ad8524e11ffbdad8ccb1ce7692aed..d9b68e3ac0758f0d15bc141530057308 every i_mount in input.OCI.Mounts { allow_mount(p_oci, i_mount, bundle_id, sandbox_id) -@@ -771,23 +775,6 @@ is_ip_other_byte(component) { +@@ -820,23 +824,6 @@ is_ip_other_byte(component) { number <= 255 } diff --git a/packages/by-name/kata/kata-runtime/0006-genpolicy-regex-check-contrast-specific-layer-src-pr.patch b/packages/by-name/kata/kata-runtime/0006-genpolicy-regex-check-contrast-specific-layer-src-pr.patch index 4012a486cb..d0528b9aef 100644 --- a/packages/by-name/kata/kata-runtime/0006-genpolicy-regex-check-contrast-specific-layer-src-pr.patch +++ b/packages/by-name/kata/kata-runtime/0006-genpolicy-regex-check-contrast-specific-layer-src-pr.patch @@ -9,10 +9,10 @@ Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego -index d9b68e3ac0758f0d15bc1415300573082d7e1949..6ddcd18cd1334dfabeadd1b0e7a54c723c7cae4d 100644 +index b9ea01e439b55c12600765a73321e76b8311d5a4..d86a8718e221e1b428d34db5af97911f9609d392 100644 --- a/src/tools/genpolicy/rules.rego +++ b/src/tools/genpolicy/rules.rego -@@ -905,7 +905,7 @@ allow_storage_options(p_storage, i_storage, layer_ids, root_hashes) { +@@ -954,7 +954,7 @@ allow_storage_options(p_storage, i_storage, layer_ids, root_hashes) { i_count == p_count + 3 print("allow_storage_options 2: i_storage.options[0] =", i_storage.options[0]) diff --git a/packages/by-name/kata/kata-runtime/0007-genpolicy-rules-remove-check-for-OCI-version.patch b/packages/by-name/kata/kata-runtime/0007-genpolicy-rules-remove-check-for-OCI-version.patch index b7052cda3a..477f9e5b8e 100644 --- a/packages/by-name/kata/kata-runtime/0007-genpolicy-rules-remove-check-for-OCI-version.patch +++ b/packages/by-name/kata/kata-runtime/0007-genpolicy-rules-remove-check-for-OCI-version.patch @@ -9,10 +9,10 @@ Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 1 file changed, 3 deletions(-) diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego -index 6ddcd18cd1334dfabeadd1b0e7a54c723c7cae4d..c8de30897a01a0de49b99587c7e12ef534c353bc 100644 +index d86a8718e221e1b428d34db5af97911f9609d392..8562a2946889a9c52f46d86382821638c4ac59de 100644 --- a/src/tools/genpolicy/rules.rego +++ b/src/tools/genpolicy/rules.rego -@@ -71,9 +71,6 @@ CreateContainerRequest { +@@ -79,9 +79,6 @@ CreateContainerRequest:= {"ops": ops, "allowed": true} { p_oci := p_container.OCI diff --git a/packages/by-name/kata/kata-runtime/0009-genpolicy-allow-image_guest_pull.patch b/packages/by-name/kata/kata-runtime/0009-genpolicy-allow-image_guest_pull.patch index c3536db09b..4a56c809d8 100644 --- a/packages/by-name/kata/kata-runtime/0009-genpolicy-allow-image_guest_pull.patch +++ b/packages/by-name/kata/kata-runtime/0009-genpolicy-allow-image_guest_pull.patch @@ -39,10 +39,10 @@ index d2d1511ae75d56c4f39915515343b2cd20d9d65a..ef20413eacc029d4fcb0b1d2f538a133 "source": "local", "fstype": "local", diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego -index c8de30897a01a0de49b99587c7e12ef534c353bc..b9cf357508e632b2d64a5332a3c4e7a6442852de 100644 +index 8562a2946889a9c52f46d86382821638c4ac59de..bdacdcbcd92302efcd5243da904b611b43a1ec93 100644 --- a/src/tools/genpolicy/rules.rego +++ b/src/tools/genpolicy/rules.rego -@@ -77,7 +77,7 @@ CreateContainerRequest { +@@ -85,7 +85,7 @@ CreateContainerRequest:= {"ops": ops, "allowed": true} { allow_anno(p_oci, i_oci) p_storages := p_container.storages @@ -51,7 +51,7 @@ index c8de30897a01a0de49b99587c7e12ef534c353bc..b9cf357508e632b2d64a5332a3c4e7a6 p_devices := p_container.devices allow_devices(p_devices, i_devices) -@@ -157,47 +157,48 @@ allow_anno_key(i_key, p_oci) { +@@ -206,47 +206,48 @@ allow_anno_key(i_key, p_oci) { # Get the value of the "io.kubernetes.cri.sandbox-name" annotation and # correlate it with other annotations and process fields. @@ -108,7 +108,7 @@ index c8de30897a01a0de49b99587c7e12ef534c353bc..b9cf357508e632b2d64a5332a3c4e7a6 allow_process(p_oci, i_oci, s_name) print("allow_by_sandbox_name: true") -@@ -503,11 +504,12 @@ allow_linux_sysctl(p_linux, i_linux) { +@@ -552,11 +553,12 @@ allow_linux_sysctl(p_linux, i_linux) { # Check the consistency of the input "io.katacontainers.pkg.oci.bundle_path" # and io.kubernetes.cri.sandbox-id" values with other fields. @@ -122,7 +122,7 @@ index c8de30897a01a0de49b99587c7e12ef534c353bc..b9cf357508e632b2d64a5332a3c4e7a6 p_regex := p_oci.Annotations[key] sandbox_id := i_oci.Annotations[key] -@@ -527,8 +529,7 @@ allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) { +@@ -576,8 +578,7 @@ allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) { allow_mount(p_oci, i_mount, bundle_id, sandbox_id) } @@ -132,7 +132,7 @@ index c8de30897a01a0de49b99587c7e12ef534c353bc..b9cf357508e632b2d64a5332a3c4e7a6 print("allow_by_bundle_or_sandbox_id: true") } -@@ -826,30 +827,109 @@ mount_source_allows(p_mount, i_mount, bundle_id, sandbox_id) { +@@ -875,30 +876,109 @@ mount_source_allows(p_mount, i_mount, bundle_id, sandbox_id) { ###################################################################### # Create container Storages diff --git a/packages/by-name/kata/kata-runtime/0011-genpolicy-bump-oci-distribution-to-v0.12.0.patch b/packages/by-name/kata/kata-runtime/0011-genpolicy-bump-oci-distribution-to-v0.12.0.patch index 09f1f1fcd1..7296e0b050 100644 --- a/packages/by-name/kata/kata-runtime/0011-genpolicy-bump-oci-distribution-to-v0.12.0.patch +++ b/packages/by-name/kata/kata-runtime/0011-genpolicy-bump-oci-distribution-to-v0.12.0.patch @@ -11,17 +11,17 @@ changes. Signed-off-by: Markus Rudy --- - src/tools/genpolicy/Cargo.lock | 262 ++++++++++++------ + src/tools/genpolicy/Cargo.lock | 261 ++++++++++++------ src/tools/genpolicy/Cargo.toml | 2 +- src/tools/genpolicy/src/registry.rs | 4 +- .../genpolicy/src/registry_containerd.rs | 2 +- - 4 files changed, 183 insertions(+), 87 deletions(-) + 4 files changed, 183 insertions(+), 86 deletions(-) diff --git a/src/tools/genpolicy/Cargo.lock b/src/tools/genpolicy/Cargo.lock -index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4df14900c3 100644 +index 74df8a2bbdf11a08f8f7aeec298758cd4e9d1b1e..fa4ca302e711f09c4d65cd21f41d09c1df768282 100644 --- a/src/tools/genpolicy/Cargo.lock +++ b/src/tools/genpolicy/Cargo.lock -@@ -98,9 +98,9 @@ dependencies = [ +@@ -75,9 +75,9 @@ dependencies = [ "bitflags 1.3.2", "bytes", "futures-util", @@ -34,7 +34,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "itoa", "matchit", "memchr", -@@ -109,7 +109,7 @@ dependencies = [ +@@ -86,7 +86,7 @@ dependencies = [ "pin-project-lite", "rustversion", "serde", @@ -43,7 +43,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "tower", "tower-layer", "tower-service", -@@ -124,8 +124,8 @@ dependencies = [ +@@ -101,8 +101,8 @@ dependencies = [ "async-trait", "bytes", "futures-util", @@ -54,7 +54,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "mime", "rustversion", "tower-layer", -@@ -159,6 +159,12 @@ version = "0.21.7" +@@ -136,6 +136,12 @@ version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" @@ -67,7 +67,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d [[package]] name = "bitflags" version = "1.3.2" -@@ -273,9 +279,9 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" +@@ -171,9 +177,9 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] name = "bytes" @@ -79,7 +79,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d [[package]] name = "cc" -@@ -628,15 +634,6 @@ version = "1.9.0" +@@ -467,15 +473,6 @@ version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" @@ -95,7 +95,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d [[package]] name = "env_logger" version = "0.10.2" -@@ -765,11 +762,10 @@ checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" +@@ -593,11 +590,10 @@ checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" [[package]] name = "form_urlencoded" @@ -109,7 +109,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "percent-encoding", ] -@@ -877,7 +873,7 @@ dependencies = [ +@@ -699,7 +695,7 @@ dependencies = [ "k8s-cri", "libz-ng-sys", "log", @@ -118,7 +118,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "oci-spec", "openssl", "protobuf 3.3.0", -@@ -944,7 +940,7 @@ dependencies = [ +@@ -760,7 +756,7 @@ dependencies = [ "futures-core", "futures-sink", "futures-util", @@ -127,7 +127,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "indexmap 1.9.2", "slab", "tokio", -@@ -1038,6 +1034,17 @@ dependencies = [ +@@ -845,6 +841,17 @@ dependencies = [ "itoa", ] @@ -145,7 +145,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d [[package]] name = "http-auth" version = "0.1.8" -@@ -1054,7 +1061,30 @@ source = "registry+https://github.com/rust-lang/crates.io-index" +@@ -861,7 +868,30 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" dependencies = [ "bytes", @@ -177,7 +177,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "pin-project-lite", ] -@@ -1087,8 +1117,8 @@ dependencies = [ +@@ -894,8 +924,8 @@ dependencies = [ "futures-core", "futures-util", "h2", @@ -188,7 +188,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "httparse", "httpdate", "itoa", -@@ -1100,13 +1130,32 @@ dependencies = [ +@@ -907,13 +937,32 @@ dependencies = [ "want", ] @@ -222,7 +222,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "pin-project-lite", "tokio", "tokio-io-timeout", -@@ -1114,15 +1163,38 @@ dependencies = [ +@@ -921,15 +970,38 @@ dependencies = [ [[package]] name = "hyper-tls" @@ -264,7 +264,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d ] [[package]] -@@ -1156,11 +1228,10 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" +@@ -963,11 +1035,10 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" [[package]] name = "idna" @@ -278,7 +278,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "unicode-bidi", "unicode-normalization", ] -@@ -1248,9 +1319,9 @@ checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" +@@ -1055,9 +1126,9 @@ checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" [[package]] name = "js-sys" @@ -290,7 +290,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d dependencies = [ "wasm-bindgen", ] -@@ -1386,12 +1457,6 @@ version = "0.4.22" +@@ -1141,12 +1212,6 @@ version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" @@ -303,7 +303,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d [[package]] name = "matchit" version = "0.7.3" -@@ -1611,15 +1676,15 @@ dependencies = [ +@@ -1324,15 +1389,15 @@ dependencies = [ ] [[package]] @@ -323,7 +323,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "http-auth", "jwt", "lazy_static", -@@ -1731,9 +1796,9 @@ checksum = "9b7820b9daea5457c9f21c69448905d723fbd21136ccf521748f23fd49e723ee" +@@ -1444,9 +1509,9 @@ checksum = "9b7820b9daea5457c9f21c69448905d723fbd21136ccf521748f23fd49e723ee" [[package]] name = "percent-encoding" @@ -335,7 +335,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d [[package]] name = "petgraph" -@@ -2195,20 +2260,20 @@ dependencies = [ +@@ -1843,20 +1908,20 @@ dependencies = [ [[package]] name = "reqwest" @@ -364,7 +364,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "ipnet", "js-sys", "log", -@@ -2217,9 +2282,11 @@ dependencies = [ +@@ -1865,9 +1930,11 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", @@ -376,7 +376,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "tokio", "tokio-native-tls", "tokio-util", -@@ -2333,6 +2400,22 @@ dependencies = [ +@@ -1927,6 +1994,22 @@ dependencies = [ "windows-sys 0.52.0", ] @@ -399,8 +399,8 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d [[package]] name = "rustversion" version = "1.0.14" -@@ -2556,6 +2639,12 @@ dependencies = [ - "slog", +@@ -2084,6 +2167,12 @@ dependencies = [ + "autocfg", ] +[[package]] @@ -412,7 +412,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d [[package]] name = "socket2" version = "0.4.9" -@@ -2663,6 +2752,12 @@ version = "0.1.2" +@@ -2169,6 +2258,12 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" @@ -423,9 +423,9 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d +checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394" + [[package]] - name = "sysinfo" - version = "0.30.13" -@@ -2831,16 +2926,15 @@ dependencies = [ + name = "tar" + version = "0.4.41" +@@ -2316,9 +2411,9 @@ dependencies = [ [[package]] name = "tokio-util" @@ -437,14 +437,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d dependencies = [ "bytes", "futures-core", - "futures-sink", - "pin-project-lite", - "tokio", -- "tracing", - ] - - [[package]] -@@ -2882,9 +2976,9 @@ dependencies = [ +@@ -2341,9 +2436,9 @@ dependencies = [ "futures-core", "futures-util", "h2", @@ -457,7 +450,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d "hyper-timeout", "percent-encoding", "pin-project", -@@ -3082,9 +3176,9 @@ checksum = "1dd624098567895118886609431a7c3b8f516e41d30e0643f03d94592a147e36" +@@ -2541,9 +2636,9 @@ checksum = "1dd624098567895118886609431a7c3b8f516e41d30e0643f03d94592a147e36" [[package]] name = "url" @@ -469,7 +462,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d dependencies = [ "form_urlencoded", "idna", -@@ -3133,34 +3227,35 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +@@ -2580,34 +2675,35 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" @@ -512,7 +505,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d dependencies = [ "cfg-if", "js-sys", -@@ -3170,9 +3265,9 @@ dependencies = [ +@@ -2617,9 +2713,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" @@ -524,7 +517,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d dependencies = [ "quote", "wasm-bindgen-macro-support", -@@ -3180,28 +3275,28 @@ dependencies = [ +@@ -2627,28 +2723,28 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" @@ -560,7 +553,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d dependencies = [ "futures-util", "js-sys", -@@ -3212,9 +3307,9 @@ dependencies = [ +@@ -2659,9 +2755,9 @@ dependencies = [ [[package]] name = "web-sys" @@ -572,7 +565,7 @@ index 7655b8d6e45fb6544d3c904fe8ad26ff03b04751..9d0573c8ec413e511405c5debd2b8f4d dependencies = [ "js-sys", "wasm-bindgen", -@@ -3522,11 +3617,12 @@ dependencies = [ +@@ -2941,11 +3037,12 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winreg" diff --git a/packages/by-name/kata/kata-runtime/0012-genpolicy-support-mount-propagation-and-ro-mounts.patch b/packages/by-name/kata/kata-runtime/0012-genpolicy-support-mount-propagation-and-ro-mounts.patch index 094e8e4f8b..ed88e3cf62 100644 --- a/packages/by-name/kata/kata-runtime/0012-genpolicy-support-mount-propagation-and-ro-mounts.patch +++ b/packages/by-name/kata/kata-runtime/0012-genpolicy-support-mount-propagation-and-ro-mounts.patch @@ -9,10 +9,10 @@ Subject: [PATCH] genpolicy: support mount propagation and ro-mounts 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego -index b9cf357508e632b2d64a5332a3c4e7a6442852de..6cabea53a52c2e0b9b52a086d166613d3440d5c4 100644 +index bdacdcbcd92302efcd5243da904b611b43a1ec93..dba71d4785fccf4717f66013a56fbbd4bff764b6 100644 --- a/src/tools/genpolicy/rules.rego +++ b/src/tools/genpolicy/rules.rego -@@ -102,7 +102,8 @@ allow_create_container_input { +@@ -110,7 +110,8 @@ allow_create_container_input { count(i_linux.GIDMappings) == 0 count(i_linux.MountLabel) == 0 count(i_linux.Resources.Devices) == 0 diff --git a/packages/by-name/kata/kata-runtime/0014-kata-sys-util-remove-obsolete-cgroups-dependency.patch b/packages/by-name/kata/kata-runtime/0014-kata-sys-util-remove-obsolete-cgroups-dependency.patch deleted file mode 100644 index 0aa1527cb0..0000000000 --- a/packages/by-name/kata/kata-runtime/0014-kata-sys-util-remove-obsolete-cgroups-dependency.patch +++ /dev/null @@ -1,590 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Markus Rudy -Date: Tue, 15 Oct 2024 16:11:21 +0200 -Subject: [PATCH] kata-sys-util: remove obsolete cgroups dependency - -The cgroups.rs source file was removed in -234d7bca04ea4d02b9151f559789d2834ab28d31. With cgroups support handled -in runtime-rs, the cgroups dependency on kata-sys-util can be removed. - -Signed-off-by: Markus Rudy ---- - src/agent/Cargo.lock | 1 - - src/libs/Cargo.lock | 26 ---- - src/libs/kata-sys-util/Cargo.toml | 1 - - src/libs/kata-sys-util/README.md | 3 +- - src/runtime-rs/Cargo.lock | 1 - - src/tools/agent-ctl/Cargo.lock | 1 - - src/tools/genpolicy/Cargo.lock | 26 ---- - src/tools/kata-ctl/Cargo.lock | 193 +++++++++++++++++++++++------- - src/tools/runk/Cargo.lock | 1 - - 9 files changed, 148 insertions(+), 105 deletions(-) - -diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock -index 8cf40f7ec7d12b6e206d49f4b6adff05d347262d..8d9877928d7dca14f5a072357c6e03da3d2eba89 100644 ---- a/src/agent/Cargo.lock -+++ b/src/agent/Cargo.lock -@@ -2877,7 +2877,6 @@ version = "0.1.0" - dependencies = [ - "anyhow", - "byteorder", -- "cgroups-rs", - "chrono", - "common-path", - "fail", -diff --git a/src/libs/Cargo.lock b/src/libs/Cargo.lock -index 8bf4e8e0457f047d8b0c4eda957f8fbf56bf8c96..253ffcf94fdad07de7b4cb99524345c72139f735 100644 ---- a/src/libs/Cargo.lock -+++ b/src/libs/Cargo.lock -@@ -240,19 +240,6 @@ version = "1.0.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - --[[package]] --name = "cgroups-rs" --version = "0.3.2" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "5b098e7c3a70d03c288fa0a96ccf13e770eb3d78c4cc0e1549b3c13215d5f965" --dependencies = [ -- "libc", -- "log", -- "nix 0.25.1", -- "regex", -- "thiserror", --] -- - [[package]] - name = "chrono" - version = "0.4.20" -@@ -814,7 +801,6 @@ version = "0.1.0" - dependencies = [ - "anyhow", - "byteorder", -- "cgroups-rs", - "chrono", - "common-path", - "fail", -@@ -975,18 +961,6 @@ dependencies = [ - "memoffset 0.6.5", - ] - --[[package]] --name = "nix" --version = "0.25.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "f346ff70e7dbfd675fe90590b92d59ef2de15a8779ae305ebcbfd3f0caf59be4" --dependencies = [ -- "autocfg", -- "bitflags", -- "cfg-if", -- "libc", --] -- - [[package]] - name = "nix" - version = "0.26.4" -diff --git a/src/libs/kata-sys-util/Cargo.toml b/src/libs/kata-sys-util/Cargo.toml -index 13d860ee4579415aa37fda9c9a54f0b7823ae8f5..079339c9cfbfbcf7c98688fc60a59767c0c64d99 100644 ---- a/src/libs/kata-sys-util/Cargo.toml -+++ b/src/libs/kata-sys-util/Cargo.toml -@@ -13,7 +13,6 @@ edition = "2018" - [dependencies] - anyhow = "1.0.31" - byteorder = "1.4.3" --cgroups = { package = "cgroups-rs", version = "0.3.2" } - chrono = "0.4.0" - common-path = "=1.0.0" - fail = "0.5.0" -diff --git a/src/libs/kata-sys-util/README.md b/src/libs/kata-sys-util/README.md -index 0c3f887bcbeab53c80dc69af95a1aca57d093016..14bebfef881ff92b6848696aea0fe09b602f425d 100644 ---- a/src/libs/kata-sys-util/README.md -+++ b/src/libs/kata-sys-util/README.md -@@ -1,10 +1,9 @@ --# kata-sys-util -+# `kata-sys-util` - - This crate is a collection of utilities and helpers for - [Kata Containers](https://github.com/kata-containers/kata-containers/) components to access system services. - - It provides safe wrappers over system services, such as: --- cgroups - - file systems - - mount - - NUMA -diff --git a/src/runtime-rs/Cargo.lock b/src/runtime-rs/Cargo.lock -index 45e80c388e05feca6949957d2981069441482a2c..216c3e41e81306885a697ae1463dcb06a00a3e88 100644 ---- a/src/runtime-rs/Cargo.lock -+++ b/src/runtime-rs/Cargo.lock -@@ -1839,7 +1839,6 @@ version = "0.1.0" - dependencies = [ - "anyhow", - "byteorder", -- "cgroups-rs", - "chrono", - "common-path", - "fail", -diff --git a/src/tools/agent-ctl/Cargo.lock b/src/tools/agent-ctl/Cargo.lock -index 7ecbd1ac05e1801b4bf7ccfd9584433ac0fe123e..d931c1b735d56d33f2bed5f9c9447a7fc8b7e4cb 100644 ---- a/src/tools/agent-ctl/Cargo.lock -+++ b/src/tools/agent-ctl/Cargo.lock -@@ -1186,7 +1186,6 @@ version = "0.1.0" - dependencies = [ - "anyhow", - "byteorder", -- "cgroups-rs", - "chrono", - "common-path", - "fail", -diff --git a/src/tools/genpolicy/Cargo.lock b/src/tools/genpolicy/Cargo.lock -index 9d0573c8ec413e511405c5debd2b8f4df14900c3..8d68348c495552ba0960ebf26ee889e0f1e3215d 100644 ---- a/src/tools/genpolicy/Cargo.lock -+++ b/src/tools/genpolicy/Cargo.lock -@@ -301,19 +301,6 @@ version = "0.2.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" - --[[package]] --name = "cgroups-rs" --version = "0.3.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "6db7c2f5545da4c12c5701455d9471da5f07db52e49b9cccb4f5512226dd0836" --dependencies = [ -- "libc", -- "log", -- "nix 0.25.1", -- "regex", -- "thiserror", --] -- - [[package]] - name = "chrono" - version = "0.4.31" -@@ -1359,7 +1346,6 @@ version = "0.1.0" - dependencies = [ - "anyhow", - "byteorder", -- "cgroups-rs", - "chrono", - "common-path", - "fail", -@@ -1549,18 +1535,6 @@ dependencies = [ - "memoffset 0.6.5", - ] - --[[package]] --name = "nix" --version = "0.25.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "f346ff70e7dbfd675fe90590b92d59ef2de15a8779ae305ebcbfd3f0caf59be4" --dependencies = [ -- "autocfg", -- "bitflags 1.3.2", -- "cfg-if", -- "libc", --] -- - [[package]] - name = "nix" - version = "0.26.4" -diff --git a/src/tools/kata-ctl/Cargo.lock b/src/tools/kata-ctl/Cargo.lock -index 2746bf64ea94009962a070e962b8ab2cdce9018b..7499a3516176193536429663a75f3cc2842c766a 100644 ---- a/src/tools/kata-ctl/Cargo.lock -+++ b/src/tools/kata-ctl/Cargo.lock -@@ -27,7 +27,7 @@ dependencies = [ - "log", - "logging", - "nix 0.24.3", -- "oci", -+ "oci-spec", - "protobuf 3.3.0", - "protocols", - "serde", -@@ -329,19 +329,6 @@ version = "0.2.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" - --[[package]] --name = "cgroups-rs" --version = "0.3.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "6db7c2f5545da4c12c5701455d9471da5f07db52e49b9cccb4f5512226dd0836" --dependencies = [ -- "libc", -- "log", -- "nix 0.25.1", -- "regex", -- "thiserror", --] -- - [[package]] - name = "chrono" - version = "0.4.31" -@@ -376,7 +363,7 @@ dependencies = [ - "anstream", - "anstyle", - "clap_lex", -- "strsim", -+ "strsim 0.10.0", - ] - - [[package]] -@@ -523,12 +510,12 @@ dependencies = [ - - [[package]] - name = "darling" --version = "0.20.3" -+version = "0.20.10" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "0209d94da627ab5605dcccf08bb18afa5009cfbef48d8a8b7d7bdbc79be25c5e" -+checksum = "6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989" - dependencies = [ -- "darling_core 0.20.3", -- "darling_macro 0.20.3", -+ "darling_core 0.20.10", -+ "darling_macro 0.20.10", - ] - - [[package]] -@@ -546,15 +533,15 @@ dependencies = [ - - [[package]] - name = "darling_core" --version = "0.20.3" -+version = "0.20.10" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "177e3443818124b357d8e76f53be906d60937f0d3a90773a664fa63fa253e621" -+checksum = "95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5" - dependencies = [ - "fnv", - "ident_case", - "proc-macro2", - "quote", -- "strsim", -+ "strsim 0.11.1", - "syn 2.0.39", - ] - -@@ -571,11 +558,11 @@ dependencies = [ - - [[package]] - name = "darling_macro" --version = "0.20.3" -+version = "0.20.10" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "836a9bbc7ad63342d6d6e7b815ccab164bc77a2d95d84bc3117a8c0d5c98e2d5" -+checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806" - dependencies = [ -- "darling_core 0.20.3", -+ "darling_core 0.20.10", - "quote", - "syn 2.0.39", - ] -@@ -601,6 +588,37 @@ dependencies = [ - "syn 1.0.109", - ] - -+[[package]] -+name = "derive_builder" -+version = "0.20.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "507dfb09ea8b7fa618fcf76e953f4f5e192547945816d5358edffe39f6f94947" -+dependencies = [ -+ "derive_builder_macro", -+] -+ -+[[package]] -+name = "derive_builder_core" -+version = "0.20.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "2d5bcf7b024d6835cfb3d473887cd966994907effbe9227e8c8219824d06c4e8" -+dependencies = [ -+ "darling 0.20.10", -+ "proc-macro2", -+ "quote", -+ "syn 2.0.39", -+] -+ -+[[package]] -+name = "derive_builder_macro" -+version = "0.20.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c" -+dependencies = [ -+ "derive_builder_core", -+ "syn 2.0.39", -+] -+ - [[package]] - name = "dirs-next" - version = "2.0.0" -@@ -832,6 +850,18 @@ dependencies = [ - "wasi", - ] - -+[[package]] -+name = "getset" -+version = "0.1.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "f636605b743120a8d32ed92fc27b6cde1a769f8f936c065151eb66f88ded513c" -+dependencies = [ -+ "proc-macro-error2", -+ "proc-macro2", -+ "quote", -+ "syn 2.0.39", -+] -+ - [[package]] - name = "gimli" - version = "0.28.1" -@@ -893,6 +923,12 @@ version = "0.4.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" - -+[[package]] -+name = "heck" -+version = "0.5.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" -+ - [[package]] - name = "hermit-abi" - version = "0.1.19" -@@ -1167,8 +1203,8 @@ dependencies = [ - "shim-interface", - "slog", - "slog-scope", -- "strum", -- "strum_macros", -+ "strum 0.24.1", -+ "strum_macros 0.24.3", - "sys-info", - "tempfile", - "test-utils", -@@ -1186,7 +1222,6 @@ version = "0.1.0" - dependencies = [ - "anyhow", - "byteorder", -- "cgroups-rs", - "chrono", - "common-path", - "fail", -@@ -1195,9 +1230,10 @@ dependencies = [ - "lazy_static", - "libc", - "nix 0.24.3", -- "oci", -+ "oci-spec", - "once_cell", - "rand", -+ "runtime-spec", - "safe-path", - "serde", - "serde_json", -@@ -1218,7 +1254,7 @@ dependencies = [ - "glob", - "lazy_static", - "num_cpus", -- "oci", -+ "oci-spec", - "regex", - "safe-path", - "serde", -@@ -1478,20 +1514,27 @@ dependencies = [ - ] - - [[package]] --name = "oci" --version = "0.1.0" -+name = "oci-spec" -+version = "0.6.8" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "3f5a3fe998d50101ae009351fec56d88a69f4ed182e11000e711068c2f5abf72" - dependencies = [ -- "libc", -+ "derive_builder", -+ "getset", -+ "once_cell", -+ "regex", - "serde", -- "serde_derive", - "serde_json", -+ "strum 0.26.3", -+ "strum_macros 0.26.4", -+ "thiserror", - ] - - [[package]] - name = "once_cell" --version = "1.18.0" -+version = "1.19.0" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" -+checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" - - [[package]] - name = "openssl" -@@ -1693,11 +1736,33 @@ dependencies = [ - "version_check", - ] - -+[[package]] -+name = "proc-macro-error-attr2" -+version = "2.0.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5" -+dependencies = [ -+ "proc-macro2", -+ "quote", -+] -+ -+[[package]] -+name = "proc-macro-error2" -+version = "2.0.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802" -+dependencies = [ -+ "proc-macro-error-attr2", -+ "proc-macro2", -+ "quote", -+ "syn 2.0.39", -+] -+ - [[package]] - name = "proc-macro2" --version = "1.0.70" -+version = "1.0.87" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" -+checksum = "b3e4daa0dcf6feba26f985457cdf104d4b4256fc5a09547140f3631bb076b19a" - dependencies = [ - "unicode-ident", - ] -@@ -1879,7 +1944,8 @@ name = "protocols" - version = "0.1.0" - dependencies = [ - "async-trait", -- "oci", -+ "kata-sys-util", -+ "oci-spec", - "protobuf 3.3.0", - "ttrpc 0.8.1", - "ttrpc-codegen", -@@ -1917,9 +1983,9 @@ dependencies = [ - - [[package]] - name = "quote" --version = "1.0.33" -+version = "1.0.37" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" -+checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" - dependencies = [ - "proc-macro2", - ] -@@ -2011,9 +2077,9 @@ dependencies = [ - - [[package]] - name = "regex" --version = "1.10.2" -+version = "1.10.6" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" -+checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619" - dependencies = [ - "aho-corasick", - "memchr", -@@ -2023,9 +2089,9 @@ dependencies = [ - - [[package]] - name = "regex-automata" --version = "0.4.3" -+version = "0.4.7" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" -+checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" - dependencies = [ - "aho-corasick", - "memchr", -@@ -2145,6 +2211,16 @@ dependencies = [ - "serde_derive", - ] - -+[[package]] -+name = "runtime-spec" -+version = "0.1.0" -+dependencies = [ -+ "libc", -+ "serde", -+ "serde_derive", -+ "serde_json", -+] -+ - [[package]] - name = "rust_decimal" - version = "1.35.0" -@@ -2399,7 +2475,7 @@ version = "2.3.3" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "881b6f881b17d13214e5d494c939ebab463d01264ce1811e9d4ac3a882e7695f" - dependencies = [ -- "darling 0.20.3", -+ "darling 0.20.10", - "proc-macro2", - "quote", - "syn 2.0.39", -@@ -2569,12 +2645,24 @@ version = "0.10.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" - -+[[package]] -+name = "strsim" -+version = "0.11.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" -+ - [[package]] - name = "strum" - version = "0.24.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "063e6045c0e62079840579a7e47a355ae92f60eb74daaf156fb1e84ba164e63f" - -+[[package]] -+name = "strum" -+version = "0.26.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06" -+ - [[package]] - name = "strum_macros" - version = "0.24.3" -@@ -2588,6 +2676,19 @@ dependencies = [ - "syn 1.0.109", - ] - -+[[package]] -+name = "strum_macros" -+version = "0.26.4" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "4c6bee85a5a24955dc440386795aa378cd9cf82acd5f764469152d2270e581be" -+dependencies = [ -+ "heck 0.5.0", -+ "proc-macro2", -+ "quote", -+ "rustversion", -+ "syn 2.0.39", -+] -+ - [[package]] - name = "subprocess" - version = "0.2.9" -diff --git a/src/tools/runk/Cargo.lock b/src/tools/runk/Cargo.lock -index e1afc6f91c3d62eb639d2b9b8e1e5322dbd27afb..b842273083b04c42b2704b8acd3857683831ced7 100644 ---- a/src/tools/runk/Cargo.lock -+++ b/src/tools/runk/Cargo.lock -@@ -1391,7 +1391,6 @@ version = "0.1.0" - dependencies = [ - "anyhow", - "byteorder", -- "cgroups-rs", - "chrono", - "common-path", - "fail", diff --git a/packages/by-name/kata/kata-runtime/0017-runtime-allow-initrd-AND-image-to-be-set.patch b/packages/by-name/kata/kata-runtime/0014-runtime-allow-initrd-AND-image-to-be-set.patch similarity index 96% rename from packages/by-name/kata/kata-runtime/0017-runtime-allow-initrd-AND-image-to-be-set.patch rename to packages/by-name/kata/kata-runtime/0014-runtime-allow-initrd-AND-image-to-be-set.patch index 2226146eb0..863cfd3c46 100644 --- a/packages/by-name/kata/kata-runtime/0017-runtime-allow-initrd-AND-image-to-be-set.patch +++ b/packages/by-name/kata/kata-runtime/0014-runtime-allow-initrd-AND-image-to-be-set.patch @@ -24,7 +24,7 @@ index 1225271a2a4c5d9340022c22ee6889171bc21b93..a3398bcf6fac68e272a4ca1de962e585 if conf.NumVCPUs == 0 { diff --git a/src/runtime/virtcontainers/hypervisor_config_linux.go b/src/runtime/virtcontainers/hypervisor_config_linux.go -index f41cd22bd4ba96e5305ccb58e74c6d983b077974..8e1ca38eb620d58ffd4c83bbf4c666c1bc21efc3 100644 +index 1bcd47218c3c6e336b443eb3b7337bf35602cae4..e695aa52f23e86687b9481e92d6b0c523fda10ac 100644 --- a/src/runtime/virtcontainers/hypervisor_config_linux.go +++ b/src/runtime/virtcontainers/hypervisor_config_linux.go @@ -28,8 +28,6 @@ func validateHypervisorConfig(conf *HypervisorConfig) error { diff --git a/packages/by-name/kata/kata-runtime/0018-genpolicy-do-not-log-policy-annotation-in-debug.patch b/packages/by-name/kata/kata-runtime/0015-genpolicy-do-not-log-policy-annotation-in-debug.patch similarity index 100% rename from packages/by-name/kata/kata-runtime/0018-genpolicy-do-not-log-policy-annotation-in-debug.patch rename to packages/by-name/kata/kata-runtime/0015-genpolicy-do-not-log-policy-annotation-in-debug.patch diff --git a/packages/by-name/kata/kata-runtime/0015-kata-sys-util-move-json-parsing-to-protocols-crate.patch b/packages/by-name/kata/kata-runtime/0015-kata-sys-util-move-json-parsing-to-protocols-crate.patch deleted file mode 100644 index a1f1a1b2e0..0000000000 --- a/packages/by-name/kata/kata-runtime/0015-kata-sys-util-move-json-parsing-to-protocols-crate.patch +++ /dev/null @@ -1,1107 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Markus Rudy -Date: Tue, 15 Oct 2024 16:11:21 +0200 -Subject: [PATCH] kata-sys-util: move json parsing to protocols crate - -The parse_json_string function is specific to parsing capability strings -out of ttRPC proto definitions and does not benefit from being available -to other crates. Moving it into the protocols crate allows removing -kata-sys-util as a dependency, which in turn enables compiling the -library on darwin. - -Fixes: #10071 - -Signed-off-by: Markus Rudy ---- - src/agent/Cargo.lock | 1 - - src/libs/Cargo.lock | 1 - - src/libs/kata-sys-util/src/spec.rs | 8 - - src/libs/protocols/Cargo.toml | 8 +- - src/libs/protocols/src/trans.rs | 33 +- - src/runtime-rs/Cargo.lock | 3 +- - src/tools/agent-ctl/Cargo.lock | 1 - - src/tools/genpolicy/Cargo.lock | 578 +---------------------------- - src/tools/kata-ctl/Cargo.lock | 3 +- - src/tools/runk/Cargo.lock | 3 +- - 10 files changed, 46 insertions(+), 593 deletions(-) - -diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock -index 8d9877928d7dca14f5a072357c6e03da3d2eba89..eae6db554824b9de0d9694d583d0b05d610c5d9a 100644 ---- a/src/agent/Cargo.lock -+++ b/src/agent/Cargo.lock -@@ -4423,7 +4423,6 @@ name = "protocols" - version = "0.1.0" - dependencies = [ - "async-trait", -- "kata-sys-util", - "oci-spec", - "protobuf 3.5.1", - "serde", -diff --git a/src/libs/Cargo.lock b/src/libs/Cargo.lock -index 253ffcf94fdad07de7b4cb99524345c72139f735..ed7184c48e33a63005b70215676a486a3358c07f 100644 ---- a/src/libs/Cargo.lock -+++ b/src/libs/Cargo.lock -@@ -1290,7 +1290,6 @@ name = "protocols" - version = "0.1.0" - dependencies = [ - "async-trait", -- "kata-sys-util", - "oci-spec", - "protobuf 3.2.0", - "serde", -diff --git a/src/libs/kata-sys-util/src/spec.rs b/src/libs/kata-sys-util/src/spec.rs -index c7a7ba405edb2df3954a74e70c9b0d1096c91a54..762af62b1242587c71eaade02787a5c0ff270c8e 100644 ---- a/src/libs/kata-sys-util/src/spec.rs -+++ b/src/libs/kata-sys-util/src/spec.rs -@@ -97,11 +97,3 @@ pub fn load_oci_spec() -> Result { - - oci::Spec::load(spec_file.to_str().unwrap_or_default()) - } -- --/// handle string parsing for input possibly be JSON string. --pub fn parse_json_string(input: &str) -> &str { -- let json_str: &str = serde_json::from_str(input).unwrap_or(input); -- let stripped_str = json_str.strip_prefix("CAP_").unwrap_or(json_str); -- -- stripped_str --} -diff --git a/src/libs/protocols/Cargo.toml b/src/libs/protocols/Cargo.toml -index 366e1bea23e0861a5047f7166fb82db51adc454a..2b945f42c75eb61d6949043c0143ffd53bd6b23d 100644 ---- a/src/libs/protocols/Cargo.toml -+++ b/src/libs/protocols/Cargo.toml -@@ -7,19 +7,17 @@ license = "Apache-2.0" - - [features] - default = [] --with-serde = [ "serde", "serde_json" ] -+with-serde = [] - async = ["ttrpc/async", "async-trait"] - - [dependencies] - ttrpc = "0.8" - async-trait = { version = "0.1.42", optional = true } - protobuf = { version = "3.2.0" } --serde = { version = "1.0.130", features = ["derive"], optional = true } --serde_json = { version = "1.0.68", optional = true } -+serde = { version = "1.0.130", features = ["derive"] } -+serde_json = "1.0.68" - oci-spec = { version = "0.6.8", features = ["runtime"] } - --kata-sys-util = { path = "../kata-sys-util" } -- - [build-dependencies] - ttrpc-codegen = "0.4.2" - protobuf = { version = "3.2.0" } -diff --git a/src/libs/protocols/src/trans.rs b/src/libs/protocols/src/trans.rs -index 38428a880455cae36bd84a832dd52d84d82f70f5..d7cbba30ac64578c7c06b5f683bea63c87b13a78 100644 ---- a/src/libs/protocols/src/trans.rs -+++ b/src/libs/protocols/src/trans.rs -@@ -10,7 +10,6 @@ use std::convert::TryFrom; - use std::path::PathBuf; - - use crate::oci as grpc; --use kata_sys_util::spec::parse_json_string; - use oci_spec::runtime as oci; - - // translate from interface to ttprc tools -@@ -41,8 +40,9 @@ fn cap_hashset2vec(hash_set: &Option>) -> Vec { - fn cap_vec2hashset(caps: Vec) -> HashSet { - caps.iter() - .map(|cap: &String| { -- let cap_str = parse_json_string(cap); -- cap_str -+ // cap might be JSON-encoded -+ let decoded: &str = serde_json::from_str(cap).unwrap_or(cap); -+ decoded.strip_prefix("CAP_").unwrap_or(decoded) - .parse::() - .unwrap_or_else(|_| panic!("Failed to parse {:?} to Enum Capability", cap)) - }) -@@ -1238,6 +1238,11 @@ impl From for oci::LinuxIntelRdt { - - #[cfg(test)] - mod tests { -+ use std::collections::HashSet; -+ -+ use super::cap_vec2hashset; -+ use super::oci; -+ - fn from_vec>(from: Vec) -> Vec { - let mut to: Vec = vec![]; - for data in from { -@@ -1289,4 +1294,26 @@ mod tests { - assert_eq!(from.len(), to.len()); - assert_eq!(from[0].from, to[0].to); - } -+ -+ #[test] -+ fn test_cap_vec2hashset_good() { -+ let expected: HashSet = -+ vec![oci::Capability::NetAdmin, oci::Capability::Mknod] -+ .into_iter() -+ .collect(); -+ let actual = cap_vec2hashset(vec![ -+ "CAP_NET_ADMIN".to_string(), -+ "\"CAP_MKNOD\"".to_string(), -+ ]); -+ -+ assert_eq!(expected, actual); -+ } -+ -+ #[test] -+ #[should_panic] -+ fn test_cap_vec2hashset_bad() { -+ cap_vec2hashset(vec![ -+ "CAP_DOES_NOT_EXIST".to_string(), -+ ]); -+ } - } -diff --git a/src/runtime-rs/Cargo.lock b/src/runtime-rs/Cargo.lock -index 216c3e41e81306885a697ae1463dcb06a00a3e88..a19e7247641fbecd633f4f1a4b4830fad9bcd66f 100644 ---- a/src/runtime-rs/Cargo.lock -+++ b/src/runtime-rs/Cargo.lock -@@ -2993,9 +2993,10 @@ name = "protocols" - version = "0.1.0" - dependencies = [ - "async-trait", -- "kata-sys-util", - "oci-spec", - "protobuf 3.2.0", -+ "serde", -+ "serde_json", - "ttrpc", - "ttrpc-codegen", - ] -diff --git a/src/tools/agent-ctl/Cargo.lock b/src/tools/agent-ctl/Cargo.lock -index d931c1b735d56d33f2bed5f9c9447a7fc8b7e4cb..8dc37616cd7c0764a9f1e84453f1b10a6e9e9759 100644 ---- a/src/tools/agent-ctl/Cargo.lock -+++ b/src/tools/agent-ctl/Cargo.lock -@@ -1681,7 +1681,6 @@ dependencies = [ - name = "protocols" - version = "0.1.0" - dependencies = [ -- "kata-sys-util", - "oci-spec", - "protobuf 3.2.0", - "serde", -diff --git a/src/tools/genpolicy/Cargo.lock b/src/tools/genpolicy/Cargo.lock -index 8d68348c495552ba0960ebf26ee889e0f1e3215d..470859f514a303b7efee40f0f96cb342ed8da453 100644 ---- a/src/tools/genpolicy/Cargo.lock -+++ b/src/tools/genpolicy/Cargo.lock -@@ -17,17 +17,6 @@ version = "1.0.2" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" - --[[package]] --name = "ahash" --version = "0.7.8" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "891477e0c6a8957309ee5c45a6368af3ae14bb510732d2684ffa19af310920f9" --dependencies = [ -- "getrandom", -- "once_cell", -- "version_check", --] -- - [[package]] - name = "aho-corasick" - version = "1.1.3" -@@ -58,18 +47,6 @@ version = "1.0.69" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800" - --[[package]] --name = "arc-swap" --version = "1.7.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" -- --[[package]] --name = "arrayvec" --version = "0.7.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" -- - [[package]] - name = "async-trait" - version = "0.1.68" -@@ -177,28 +154,6 @@ version = "2.4.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" - --[[package]] --name = "bitmask-enum" --version = "2.2.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "afb15541e888071f64592c0b4364fdff21b7cb0a247f984296699351963a8721" --dependencies = [ -- "quote", -- "syn 2.0.58", --] -- --[[package]] --name = "bitvec" --version = "1.0.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c" --dependencies = [ -- "funty", -- "radium", -- "tap", -- "wyz", --] -- - [[package]] - name = "block-buffer" - version = "0.10.4" -@@ -208,69 +163,12 @@ dependencies = [ - "generic-array", - ] - --[[package]] --name = "borsh" --version = "1.5.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "a6362ed55def622cddc70a4746a68554d7b687713770de539e59a739b249f8ed" --dependencies = [ -- "borsh-derive", -- "cfg_aliases", --] -- --[[package]] --name = "borsh-derive" --version = "1.5.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "c3ef8005764f53cd4dca619f5bf64cafd4664dada50ece25e4d81de54c80cc0b" --dependencies = [ -- "once_cell", -- "proc-macro-crate", -- "proc-macro2", -- "quote", -- "syn 2.0.58", -- "syn_derive", --] -- - [[package]] - name = "bumpalo" - version = "3.12.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" - --[[package]] --name = "byte-unit" --version = "5.1.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "33ac19bdf0b2665407c39d82dbc937e951e7e2001609f0fb32edd0af45a2d63e" --dependencies = [ -- "rust_decimal", -- "serde", -- "utf8-width", --] -- --[[package]] --name = "bytecheck" --version = "0.6.11" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "8b6372023ac861f6e6dc89c8344a8f398fb42aaba2b5dbc649ca0c0e9dbcb627" --dependencies = [ -- "bytecheck_derive", -- "ptr_meta", -- "simdutf8", --] -- --[[package]] --name = "bytecheck_derive" --version = "0.6.12" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "3db406d29fbcd95542e92559bed4d8ad92636d1ca8b3b72ede10b4bcc010e659" --dependencies = [ -- "proc-macro2", -- "quote", -- "syn 1.0.109", --] -- - [[package]] - name = "byteorder" - version = "1.4.3" -@@ -295,12 +193,6 @@ version = "1.0.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - --[[package]] --name = "cfg_aliases" --version = "0.2.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" -- - [[package]] - name = "chrono" - version = "0.4.31" -@@ -362,12 +254,6 @@ dependencies = [ - "cc", - ] - --[[package]] --name = "common-path" --version = "1.0.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "2382f75942f4b3be3690fe4f86365e9c853c1587d6ee58212cebf6e2a9ccd101" -- - [[package]] - name = "containerd-client" - version = "0.4.0" -@@ -482,37 +368,14 @@ dependencies = [ - "typenum", - ] - --[[package]] --name = "darling" --version = "0.14.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "7b750cb3417fd1b327431a470f388520309479ab0bf5e323505daf0290cd3850" --dependencies = [ -- "darling_core 0.14.4", -- "darling_macro 0.14.4", --] -- - [[package]] - name = "darling" - version = "0.20.9" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "83b2eb4d90d12bdda5ed17de686c2acb4c57914f8f921b8da7e112b5a36f3fe1" - dependencies = [ -- "darling_core 0.20.9", -- "darling_macro 0.20.9", --] -- --[[package]] --name = "darling_core" --version = "0.14.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "109c1ca6e6b7f82cc233a97004ea8ed7ca123a9af07a8230878fcfda9b158bf0" --dependencies = [ -- "fnv", -- "ident_case", -- "proc-macro2", -- "quote", -- "syn 1.0.109", -+ "darling_core", -+ "darling_macro", - ] - - [[package]] -@@ -529,24 +392,13 @@ dependencies = [ - "syn 2.0.58", - ] - --[[package]] --name = "darling_macro" --version = "0.14.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "a4aab4dbc9f7611d8b55048a3a16d2d010c2c8334e46304b40ac1cc14bf3b48e" --dependencies = [ -- "darling_core 0.14.4", -- "quote", -- "syn 1.0.109", --] -- - [[package]] - name = "darling_macro" - version = "0.20.9" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "733cabb43482b1a1b53eee8583c2b9e8684d592215ea83efd305dd31bc2f0178" - dependencies = [ -- "darling_core 0.20.9", -+ "darling_core", - "quote", - "syn 2.0.58", - ] -@@ -577,7 +429,7 @@ version = "0.20.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "d48cda787f839151732d396ac69e3473923d54312c070ee21e9effcaa8ca0b1d" - dependencies = [ -- "darling 0.20.9", -+ "darling", - "proc-macro2", - "quote", - "syn 2.0.58", -@@ -671,17 +523,6 @@ dependencies = [ - "libc", - ] - --[[package]] --name = "fail" --version = "0.5.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "fe5e43d0f78a42ad591453aedb1d7ae631ce7ee445c7643691055a9ed8d3b01c" --dependencies = [ -- "log", -- "once_cell", -- "rand", --] -- - [[package]] - name = "fastrand" - version = "1.9.0" -@@ -766,12 +607,6 @@ dependencies = [ - "winapi", - ] - --[[package]] --name = "funty" --version = "2.0.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" -- - [[package]] - name = "futures-channel" - version = "0.3.28" -@@ -910,12 +745,6 @@ version = "0.28.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0" - --[[package]] --name = "glob" --version = "0.3.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" -- - [[package]] - name = "h2" - version = "0.3.16" -@@ -940,9 +769,6 @@ name = "hashbrown" - version = "0.12.3" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" --dependencies = [ -- "ahash", --] - - [[package]] - name = "hashbrown" -@@ -986,12 +812,6 @@ version = "0.3.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286" - --[[package]] --name = "hex" --version = "0.4.3" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" -- - [[package]] - name = "hmac" - version = "0.12.1" -@@ -1195,7 +1015,7 @@ dependencies = [ - "iana-time-zone-haiku", - "js-sys", - "wasm-bindgen", -- "windows-core 0.50.0", -+ "windows-core", - ] - - [[package]] -@@ -1340,57 +1160,6 @@ dependencies = [ - "tonic-build 0.8.4", - ] - --[[package]] --name = "kata-sys-util" --version = "0.1.0" --dependencies = [ -- "anyhow", -- "byteorder", -- "chrono", -- "common-path", -- "fail", -- "hex", -- "kata-types", -- "lazy_static", -- "libc", -- "nix 0.24.3", -- "oci-spec", -- "once_cell", -- "rand", -- "runtime-spec", -- "safe-path", -- "serde", -- "serde_json", -- "slog", -- "slog-scope", -- "subprocess", -- "thiserror", --] -- --[[package]] --name = "kata-types" --version = "0.1.0" --dependencies = [ -- "anyhow", -- "base64 0.13.1", -- "bitmask-enum", -- "byte-unit", -- "glob", -- "lazy_static", -- "num_cpus", -- "oci-spec", -- "regex", -- "safe-path", -- "serde", -- "serde-enum-str", -- "serde_json", -- "slog", -- "slog-scope", -- "sysinfo", -- "thiserror", -- "toml", --] -- - [[package]] - name = "lazy_static" - version = "1.4.0" -@@ -1455,15 +1224,6 @@ version = "2.7.4" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" - --[[package]] --name = "memoffset" --version = "0.6.5" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" --dependencies = [ -- "autocfg", --] -- - [[package]] - name = "memoffset" - version = "0.7.1" -@@ -1523,18 +1283,6 @@ dependencies = [ - "tempfile", - ] - --[[package]] --name = "nix" --version = "0.24.3" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "fa52e972a9a719cecb6864fb88568781eb706bac2cd1d4f04a648542dbf78069" --dependencies = [ -- "bitflags 1.3.2", -- "cfg-if", -- "libc", -- "memoffset 0.6.5", --] -- - [[package]] - name = "nix" - version = "0.26.4" -@@ -1544,19 +1292,10 @@ dependencies = [ - "bitflags 1.3.2", - "cfg-if", - "libc", -- "memoffset 0.7.1", -+ "memoffset", - "pin-utils", - ] - --[[package]] --name = "ntapi" --version = "0.4.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "e8a3895c6391c39d7fe7ebc444a87eb2991b2a0bc718fdabd071eec617fc68e4" --dependencies = [ -- "winapi", --] -- - [[package]] - name = "num" - version = "0.4.3" -@@ -1848,15 +1587,6 @@ dependencies = [ - "syn 1.0.109", - ] - --[[package]] --name = "proc-macro-crate" --version = "3.1.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "6d37c51ca738a55da99dc0c4a34860fd675453b8b36209178c2249bb13651284" --dependencies = [ -- "toml_edit", --] -- - [[package]] - name = "proc-macro-error" - version = "1.0.4" -@@ -2065,7 +1795,6 @@ dependencies = [ - name = "protocols" - version = "0.1.0" - dependencies = [ -- "kata-sys-util", - "oci-spec", - "protobuf 3.3.0", - "serde", -@@ -2074,26 +1803,6 @@ dependencies = [ - "ttrpc-codegen", - ] - --[[package]] --name = "ptr_meta" --version = "0.1.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "0738ccf7ea06b608c10564b31debd4f5bc5e197fc8bfe088f68ae5ce81e7a4f1" --dependencies = [ -- "ptr_meta_derive", --] -- --[[package]] --name = "ptr_meta_derive" --version = "0.1.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "16b845dbfca988fa33db069c0e230574d15a3088f147a87b64c7589eb662c9ac" --dependencies = [ -- "proc-macro2", -- "quote", -- "syn 1.0.109", --] -- - [[package]] - name = "quote" - version = "1.0.36" -@@ -2103,12 +1812,6 @@ dependencies = [ - "proc-macro2", - ] - --[[package]] --name = "radium" --version = "0.7.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09" -- - [[package]] - name = "rand" - version = "0.8.5" -@@ -2139,26 +1842,6 @@ dependencies = [ - "getrandom", - ] - --[[package]] --name = "rayon" --version = "1.10.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" --dependencies = [ -- "either", -- "rayon-core", --] -- --[[package]] --name = "rayon-core" --version = "1.12.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" --dependencies = [ -- "crossbeam-deque", -- "crossbeam-utils", --] -- - [[package]] - name = "redox_syscall" - version = "0.2.16" -@@ -2223,15 +1906,6 @@ dependencies = [ - "serde_json", - ] - --[[package]] --name = "rend" --version = "0.4.2" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "71fe3824f5629716b1589be05dacd749f6aa084c87e00e016714a8cdfccc997c" --dependencies = [ -- "bytecheck", --] -- - [[package]] - name = "reqwest" - version = "0.12.5" -@@ -2273,60 +1947,6 @@ dependencies = [ - "winreg", - ] - --[[package]] --name = "rkyv" --version = "0.7.42" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "0200c8230b013893c0b2d6213d6ec64ed2b9be2e0e016682b7224ff82cff5c58" --dependencies = [ -- "bitvec", -- "bytecheck", -- "hashbrown 0.12.3", -- "ptr_meta", -- "rend", -- "rkyv_derive", -- "seahash", -- "tinyvec", -- "uuid", --] -- --[[package]] --name = "rkyv_derive" --version = "0.7.44" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "a7dddfff8de25e6f62b9d64e6e432bf1c6736c57d20323e15ee10435fbda7c65" --dependencies = [ -- "proc-macro2", -- "quote", -- "syn 1.0.109", --] -- --[[package]] --name = "runtime-spec" --version = "0.1.0" --dependencies = [ -- "libc", -- "serde", -- "serde_derive", -- "serde_json", --] -- --[[package]] --name = "rust_decimal" --version = "1.35.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "1790d1c4c0ca81211399e0e0af16333276f375209e71a37b67698a373db5b47a" --dependencies = [ -- "arrayvec", -- "borsh", -- "bytes", -- "num-traits", -- "rand", -- "rkyv", -- "serde", -- "serde_json", --] -- - [[package]] - name = "rustc-demangle" - version = "0.1.23" -@@ -2402,13 +2022,6 @@ version = "1.0.13" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041" - --[[package]] --name = "safe-path" --version = "0.1.0" --dependencies = [ -- "libc", --] -- - [[package]] - name = "schannel" - version = "0.1.21" -@@ -2438,12 +2051,6 @@ dependencies = [ - "syn 2.0.58", - ] - --[[package]] --name = "seahash" --version = "4.1.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b" -- - [[package]] - name = "security-framework" - version = "2.8.2" -@@ -2476,36 +2083,6 @@ dependencies = [ - "serde_derive", - ] - --[[package]] --name = "serde-attributes" --version = "0.2.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "6eb8ec7724e4e524b2492b510e66957fe1a2c76c26a6975ec80823f2439da685" --dependencies = [ -- "darling_core 0.14.4", -- "serde-rename-rule", -- "syn 1.0.109", --] -- --[[package]] --name = "serde-enum-str" --version = "0.4.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "26416dc95fcd46b0e4b12a3758043a229a6914050aaec2e8191949753ed4e9aa" --dependencies = [ -- "darling 0.14.4", -- "proc-macro2", -- "quote", -- "serde-attributes", -- "syn 1.0.109", --] -- --[[package]] --name = "serde-rename-rule" --version = "0.2.2" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "794e44574226fc701e3be5c651feb7939038fc67fb73f6f4dd5c4ba90fd3be70" -- - [[package]] - name = "serde-transcode" - version = "1.1.1" -@@ -2581,12 +2158,6 @@ dependencies = [ - "digest", - ] - --[[package]] --name = "simdutf8" --version = "0.1.4" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "f27f6278552951f1f2b8cf9da965d10969b2efdea95a6ec47987ab46edfe263a" -- - [[package]] - name = "slab" - version = "0.4.8" -@@ -2596,23 +2167,6 @@ dependencies = [ - "autocfg", - ] - --[[package]] --name = "slog" --version = "2.7.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "8347046d4ebd943127157b94d63abb990fcf729dc4e9978927fdf4ac3c998d06" -- --[[package]] --name = "slog-scope" --version = "4.4.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "2f95a4b4c3274cd2869549da82b57ccc930859bdbf5bcea0424bc5f140b3c786" --dependencies = [ -- "arc-swap", -- "lazy_static", -- "slog", --] -- - [[package]] - name = "smallvec" - version = "1.13.2" -@@ -2670,16 +2224,6 @@ dependencies = [ - "syn 2.0.58", - ] - --[[package]] --name = "subprocess" --version = "0.2.9" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "0c2e86926081dda636c546d8c5e641661049d7562a68f5488be4a1f7f66f6086" --dependencies = [ -- "libc", -- "winapi", --] -- - [[package]] - name = "subtle" - version = "2.4.1" -@@ -2708,18 +2252,6 @@ dependencies = [ - "unicode-ident", - ] - --[[package]] --name = "syn_derive" --version = "0.1.8" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "1329189c02ff984e9736652b1631330da25eaa6bc639089ed4915d25446cbe7b" --dependencies = [ -- "proc-macro-error", -- "proc-macro2", -- "quote", -- "syn 2.0.58", --] -- - [[package]] - name = "sync_wrapper" - version = "0.1.2" -@@ -2732,27 +2264,6 @@ version = "1.0.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394" - --[[package]] --name = "sysinfo" --version = "0.30.13" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "0a5b4ddaee55fb2bea2bf0e5000747e5f5c0de765e5a5ff87f4cd106439f4bb3" --dependencies = [ -- "cfg-if", -- "core-foundation-sys", -- "libc", -- "ntapi", -- "once_cell", -- "rayon", -- "windows", --] -- --[[package]] --name = "tap" --version = "1.0.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" -- - [[package]] - name = "tar" - version = "0.4.41" -@@ -2911,32 +2422,6 @@ dependencies = [ - "tokio", - ] - --[[package]] --name = "toml" --version = "0.5.11" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234" --dependencies = [ -- "serde", --] -- --[[package]] --name = "toml_datetime" --version = "0.6.6" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "4badfd56924ae69bcc9039335b2e017639ce3f9b001c393c1b2d1ef846ce2cbf" -- --[[package]] --name = "toml_edit" --version = "0.21.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "6a8534fd7f78b5405e860340ad6575217ce99f38d4d5c8f2442cb5ecb50090e1" --dependencies = [ -- "indexmap 2.2.3", -- "toml_datetime", -- "winnow", --] -- - [[package]] - name = "tonic" - version = "0.9.2" -@@ -3072,7 +2557,7 @@ dependencies = [ - "crossbeam", - "libc", - "log", -- "nix 0.26.4", -+ "nix", - "protobuf 3.3.0", - "protobuf-codegen 3.3.0", - "thiserror", -@@ -3159,18 +2644,6 @@ dependencies = [ - "percent-encoding", - ] - --[[package]] --name = "utf8-width" --version = "0.1.7" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "86bd8d4e895da8537e5315b8254664e6b769c4ff3db18321b297a1e7004392e3" -- --[[package]] --name = "uuid" --version = "1.10.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314" -- - [[package]] - name = "vcpkg" - version = "0.2.15" -@@ -3332,16 +2805,6 @@ version = "0.4.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - --[[package]] --name = "windows" --version = "0.52.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be" --dependencies = [ -- "windows-core 0.52.0", -- "windows-targets 0.52.6", --] -- - [[package]] - name = "windows-core" - version = "0.50.0" -@@ -3351,15 +2814,6 @@ dependencies = [ - "windows-targets 0.48.0", - ] - --[[package]] --name = "windows-core" --version = "0.52.0" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" --dependencies = [ -- "windows-targets 0.52.6", --] -- - [[package]] - name = "windows-sys" - version = "0.42.0" -@@ -3580,15 +3034,6 @@ version = "0.52.6" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" - --[[package]] --name = "winnow" --version = "0.5.40" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876" --dependencies = [ -- "memchr", --] -- - [[package]] - name = "winreg" - version = "0.52.0" -@@ -3599,15 +3044,6 @@ dependencies = [ - "windows-sys 0.48.0", - ] - --[[package]] --name = "wyz" --version = "0.5.1" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed" --dependencies = [ -- "tap", --] -- - [[package]] - name = "xattr" - version = "1.3.1" -diff --git a/src/tools/kata-ctl/Cargo.lock b/src/tools/kata-ctl/Cargo.lock -index 7499a3516176193536429663a75f3cc2842c766a..bd2de00388756dc4ee8193f998ab195f215971e0 100644 ---- a/src/tools/kata-ctl/Cargo.lock -+++ b/src/tools/kata-ctl/Cargo.lock -@@ -1944,9 +1944,10 @@ name = "protocols" - version = "0.1.0" - dependencies = [ - "async-trait", -- "kata-sys-util", - "oci-spec", - "protobuf 3.3.0", -+ "serde", -+ "serde_json", - "ttrpc 0.8.1", - "ttrpc-codegen", - ] -diff --git a/src/tools/runk/Cargo.lock b/src/tools/runk/Cargo.lock -index b842273083b04c42b2704b8acd3857683831ced7..6f41aef6ecab798781e5a0ce1c68c548db2d22d4 100644 ---- a/src/tools/runk/Cargo.lock -+++ b/src/tools/runk/Cargo.lock -@@ -2067,9 +2067,10 @@ dependencies = [ - name = "protocols" - version = "0.1.0" - dependencies = [ -- "kata-sys-util", - "oci-spec", - "protobuf 3.5.0", -+ "serde", -+ "serde_json", - "ttrpc", - "ttrpc-codegen", - ] diff --git a/packages/by-name/kata/kata-runtime/0019-genpolicy-allow-non-watchable-ConfigMaps.patch b/packages/by-name/kata/kata-runtime/0016-genpolicy-allow-non-watchable-ConfigMaps.patch similarity index 100% rename from packages/by-name/kata/kata-runtime/0019-genpolicy-allow-non-watchable-ConfigMaps.patch rename to packages/by-name/kata/kata-runtime/0016-genpolicy-allow-non-watchable-ConfigMaps.patch diff --git a/packages/by-name/kata/kata-runtime/0016-protocols-only-build-RLimit-impls-on-Linux.patch b/packages/by-name/kata/kata-runtime/0016-protocols-only-build-RLimit-impls-on-Linux.patch deleted file mode 100644 index 2b843547bb..0000000000 --- a/packages/by-name/kata/kata-runtime/0016-protocols-only-build-RLimit-impls-on-Linux.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Markus Rudy -Date: Tue, 15 Oct 2024 16:11:21 +0200 -Subject: [PATCH] protocols: only build RLimit impls on Linux - -The current version of the oci-spec crate compiles RLimit structs only -for Linux and Solaris. Until this is fixed upstream, add compilation -conditions to the type converters for the affected structs. - -Fixes: #10071 - -Signed-off-by: Markus Rudy ---- - src/libs/protocols/src/trans.rs | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/libs/protocols/src/trans.rs b/src/libs/protocols/src/trans.rs -index d7cbba30ac64578c7c06b5f683bea63c87b13a78..e559572448ccebd458e20ffe99f84a2e8ae7c7c3 100644 ---- a/src/libs/protocols/src/trans.rs -+++ b/src/libs/protocols/src/trans.rs -@@ -97,6 +97,8 @@ impl From for grpc::LinuxCapabilities { - } - } - -+// TODO(burgerdev): remove condition here and below after upgrading to oci_spec > 0.7. -+#[cfg(target_os = "linux")] - impl From for grpc::POSIXRlimit { - fn from(from: oci::PosixRlimit) -> Self { - grpc::POSIXRlimit { -@@ -118,6 +120,7 @@ impl From for grpc::Process { - Env: option_vec_to_vec(from.env()), - Cwd: from.cwd().display().to_string(), - Capabilities: from_option(from.capabilities().clone()), -+ #[cfg(target_os = "linux")] - Rlimits: from_option_vec(from.rlimits().clone()), - NoNewPrivileges: from.no_new_privileges().unwrap_or_default(), - ApparmorProfile: from -@@ -993,6 +996,7 @@ impl From for oci::Linux { - } - } - -+#[cfg(target_os = "linux")] - impl From for oci::PosixRlimit { - fn from(proto: grpc::POSIXRlimit) -> Self { - oci::PosixRlimitBuilder::default() -@@ -1078,6 +1082,8 @@ impl From for oci::Process { - } else { - process.set_capabilities(None); - } -+ -+ #[cfg(target_os = "linux")] - if !from.Rlimits().is_empty() { - process.set_rlimits(Some( - from.Rlimits().iter().cloned().map(|r| r.into()).collect(), diff --git a/packages/by-name/kata/kata-runtime/0020-genpolicy-support-guest-hooks.patch b/packages/by-name/kata/kata-runtime/0017-genpolicy-support-guest-hooks.patch similarity index 93% rename from packages/by-name/kata/kata-runtime/0020-genpolicy-support-guest-hooks.patch rename to packages/by-name/kata/kata-runtime/0017-genpolicy-support-guest-hooks.patch index 8c46ebf621..73c6fe62f1 100644 --- a/packages/by-name/kata/kata-runtime/0020-genpolicy-support-guest-hooks.patch +++ b/packages/by-name/kata/kata-runtime/0017-genpolicy-support-guest-hooks.patch @@ -31,10 +31,10 @@ index a218a4d9c4717e4dd2abdc3fd4b0d1a6d8171661..a9ca4960e9e6879109a4f0b50b9aebe3 "common": { "cpath": "/run/kata-containers", diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego -index 6cabea53a52c2e0b9b52a086d166613d3440d5c4..810fb327b06d654b48ce8e76eb7d325cd39de52a 100644 +index dba71d4785fccf4717f66013a56fbbd4bff764b6..73adb09377a57e25ae9171a43b314ac3fc26298b 100644 --- a/src/tools/genpolicy/rules.rego +++ b/src/tools/genpolicy/rules.rego -@@ -1217,7 +1217,7 @@ CopyFileRequest { +@@ -1266,7 +1266,7 @@ CopyFileRequest { CreateSandboxRequest { print("CreateSandboxRequest: input.guest_hook_path =", input.guest_hook_path) @@ -43,7 +43,7 @@ index 6cabea53a52c2e0b9b52a086d166613d3440d5c4..810fb327b06d654b48ce8e76eb7d325c print("CreateSandboxRequest: input.kernel_modules =", input.kernel_modules) count(input.kernel_modules) == 0 -@@ -1228,6 +1228,21 @@ CreateSandboxRequest { +@@ -1277,6 +1277,21 @@ CreateSandboxRequest { allow_sandbox_storages(input.storages) } diff --git a/packages/by-name/kata/kata-runtime/package.nix b/packages/by-name/kata/kata-runtime/package.nix index 4777d47082..b3816c094a 100644 --- a/packages/by-name/kata/kata-runtime/package.nix +++ b/packages/by-name/kata/kata-runtime/package.nix @@ -11,14 +11,14 @@ buildGoModule rec { pname = "kata-runtime"; - version = "3.10.1"; + version = "3.11.0"; src = applyPatches { src = fetchFromGitHub { owner = "kata-containers"; repo = "kata-containers"; rev = version; - hash = "sha256-lk9BZeNc8StLxu0frRfh7h5Xk3w75SUeZP1ddES7a20="; + hash = "sha256-fIjHtTBWeU6Kp83YGuaL3h0wq4lqUyNKrkFIsCzII6c="; }; patches = [ @@ -90,36 +90,29 @@ buildGoModule rec { # our Nix packaging. ./0013-tools-don-t-clean-build-root-when-generating-rootfs.patch - # Fixes https://github.com/kata-containers/kata-containers/issues/10424 - # Those patches only got merged after v3.10.1 was released - # Drop when upgrading to v3.11+ - ./0014-kata-sys-util-remove-obsolete-cgroups-dependency.patch - ./0015-kata-sys-util-move-json-parsing-to-protocols-crate.patch - ./0016-protocols-only-build-RLimit-impls-on-Linux.patch - # Disable a check in Kata that prevents to set both image and initrd. # For us, there's no practical reason not to do so. # No upstream patch available, changes first need to be discussed with Kata maintainers. # See https://katacontainers.slack.com/archives/C879ACQ00/p1731928491942299 - ./0017-runtime-allow-initrd-AND-image-to-be-set.patch + ./0014-runtime-allow-initrd-AND-image-to-be-set.patch # Simple genpolicy logging redaction of the policy annotation # This avoids printing the entire annotation on log level debug, which resulted in errors of the logtranslator.go # TODO(jmxnzo): remove when upstream patch is merged: https://github.com/kata-containers/kata-containers/pull/10647 - ./0018-genpolicy-do-not-log-policy-annotation-in-debug.patch + ./0015-genpolicy-do-not-log-policy-annotation-in-debug.patch # Fixes a bug with ConfigMaps exceeding 8 entries, see description. # The situation upstream is complicated, because the paths relevant for genpolicy differ # between different CI systems and TEE configurations. This makes it hard to reproduce in a # vanilla Kata setting. # Relevant discussion: https://github.com/kata-containers/kata-containers/pull/10614. - ./0019-genpolicy-allow-non-watchable-ConfigMaps.patch + ./0016-genpolicy-allow-non-watchable-ConfigMaps.patch # Guest hooks are required for GPU support, but unsupported in # upstream Kata / genpolicy as of now. This patch adds a new # `allowed_guest_hooks` setting , which controls what paths may be set for hooks. # Upstream issue: https://github.com/kata-containers/kata-containers/issues/10633 - ./0020-genpolicy-support-guest-hooks.patch + ./0017-genpolicy-support-guest-hooks.patch ]; };