diff --git a/overlays/nixpkgs.nix b/overlays/nixpkgs.nix index 5561b6b42..137deb1be 100644 --- a/overlays/nixpkgs.nix +++ b/overlays/nixpkgs.nix @@ -34,4 +34,19 @@ final: prev: --set SOURCE_DATE_EPOCH 0 ''; }); + + # There is a regression in 2.1.0, so pin to 2.0.5 for now. + # TODO(katexochen): In contact with upstream maintainers to resolve the issue. + treefmt2 = prev.treefmt2.overrideAttrs ( + finalAttrs: _prevAttrs: { + version = "2.0.5"; + src = final.fetchFromGitHub { + owner = "numtide"; + repo = "treefmt"; + rev = "v${finalAttrs.version}"; + hash = "sha256-lDQbrq9AWH5Hjgy5AllbLLBUl/JkYGw68M5wob14kus="; + }; + vendorHash = "sha256-OyOgTBwcRNd6kdnn3TFuq7xukeK0A1imK/WMer0tldk="; + } + ); } diff --git a/packages/debug-qemu-tdx.sh b/packages/debug-qemu-tdx.sh index f752a0058..eb87a7046 100644 --- a/packages/debug-qemu-tdx.sh +++ b/packages/debug-qemu-tdx.sh @@ -30,10 +30,10 @@ while [[ $# -gt 0 ]]; do done base_cmdline='tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k cryptomgr.notests net.ifnames=0 pci=lastbus=0 root=/dev/vda1 rootflags=ro rootfstype=erofs console=hvc0 console=hvc1 debug systemd.show_status=true systemd.log_level=debug panic=1 nr_cpus=1 selinux=0 systemd.unit=kata-containers.target systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket scsi_mod.scan=none agent.log=debug agent.debug_console agent.debug_console_vport=1026' -kata_cmdline=$(cat /opt/edgeless/${runtime_name}/etc/configuration-qemu-tdx.toml | tomlq -r '.Hypervisor.qemu.kernel_params') +kata_cmdline=$(tomlq -r '.Hypervisor.qemu.kernel_params' <"/opt/edgeless/${runtime_name}/etc/configuration-qemu-tdx.toml") extra_cmdline='console=ttyS0 systemd.unit=default.target' -/opt/edgeless/${runtime_name}/tdx/bin/qemu-system-x86_64 \ +"/opt/edgeless/${runtime_name}/tdx/bin/qemu-system-x86_64" \ -name sandbox-testing,debug-threads=on \ -uuid 49ce7d67-eade-4708-a81f-b5b904213207 \ -machine q35,accel=kvm,kernel_irqchip=split,confidential-guest-support=tdx \ @@ -42,7 +42,7 @@ extra_cmdline='console=ttyS0 systemd.unit=default.target' -device pci-bridge,bus=pcie.0,id=pci-bridge-0,chassis_nr=1,shpc=off,addr=2,io-reserve=4k,mem-reserve=1m,pref64-reserve=1m \ -device virtio-serial-pci,disable-modern=false,id=serial0 \ -device virtio-blk-pci,disable-modern=false,drive=image-3132ead95475d1bb,config-wce=off,share-rw=on,serial=image-3132ead95475d1bb \ - -drive id=image-3132ead95475d1bb,file=/opt/edgeless/${runtime_name}/share/kata-containers.img,aio=threads,format=raw,if=none,readonly=on \ + -drive "id=image-3132ead95475d1bb,file=/opt/edgeless/${runtime_name}/share/kata-containers.img,aio=threads,format=raw,if=none,readonly=on" \ -device virtio-scsi-pci,id=scsi0,disable-modern=false \ -object '{"qom-type":"tdx-guest","id":"tdx","mrconfigid":"XGOgbZcHhD3KKCQ1Z4aeLiAYlCQu6/zTrhgQLkAQg/cAAAAAAAAAAAAAAAAAAAAA","quote-generation-socket":{"type":"vsock","cid":"2","port":"4050"}}' \ -object rng-random,id=rng0,filename=/dev/urandom \ @@ -55,8 +55,8 @@ extra_cmdline='console=ttyS0 systemd.unit=default.target' -nographic \ --no-reboot \ -object memory-backend-ram,id=dimm1,size=2148M \ - -kernel /opt/edgeless/${runtime_name}/share/kata-kernel \ - -initrd /opt/edgeless/${runtime_name}/share/kata-initrd.zst \ + -kernel "/opt/edgeless/${runtime_name}/share/kata-kernel" \ + -initrd "/opt/edgeless/${runtime_name}/share/kata-initrd.zst" \ -append "${base_cmdline} ${kata_cmdline} ${extra_cmdline}" \ -serial stdio \ -bios "${bios}" \ diff --git a/packages/kata-debug-shell.sh b/packages/kata-debug-shell.sh index 73ef2d72e..73b07ac67 100644 --- a/packages/kata-debug-shell.sh +++ b/packages/kata-debug-shell.sh @@ -20,6 +20,6 @@ sbx_id=$(echo "$container_info" | jq -r '.Spec.annotations."io.kubernetes.cri.sa runtime_class_name=$(echo "$container_info" | jq -r '.Snapshotter' | cut -c7-) kata_runtime="/opt/edgeless/${runtime_class_name}/bin/kata-runtime" -config_file=$(ls -1 /opt/edgeless/${runtime_class_name}/etc/configuration-*.toml) +config_file=$(ls -1 /opt/edgeless/"${runtime_class_name}"/etc/configuration-*.toml) -${kata_runtime} --config "${config_file}" exec ${sbx_id} +${kata_runtime} --config "${config_file}" exec "${sbx_id}"