edgelesssys · katexochen · Nov 29, 2024 · Nov 29, 2024 · Nov 29, 2024 · msanft
@@ -34,4 +34,19 @@ final: prev:
         --set SOURCE_DATE_EPOCH 0
     '';
   });
+
+  # There is a regression in 2.1.0, so pin to 2.0.5 for now.
+  # TODO(katexochen): In contact with upstream maintainers to resolve the issue.
+  treefmt2 = prev.treefmt2.overrideAttrs (
+    finalAttrs: _prevAttrs: {
+      version = "2.0.5";
+      src = final.fetchFromGitHub {
+        owner = "numtide";
+        repo = "treefmt";
+        rev = "v${finalAttrs.version}";
+        hash = "sha256-lDQbrq9AWH5Hjgy5AllbLLBUl/JkYGw68M5wob14kus=";
+      };
+      vendorHash = "sha256-OyOgTBwcRNd6kdnn3TFuq7xukeK0A1imK/WMer0tldk=";
+    }
+  );
 }
@@ -30,10 +30,10 @@ while [[ $# -gt 0 ]]; do
 done
 
 base_cmdline='tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k cryptomgr.notests net.ifnames=0 pci=lastbus=0 root=/dev/vda1 rootflags=ro rootfstype=erofs console=hvc0 console=hvc1 debug systemd.show_status=true systemd.log_level=debug panic=1 nr_cpus=1 selinux=0 systemd.unit=kata-containers.target systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket scsi_mod.scan=none agent.log=debug agent.debug_console agent.debug_console_vport=1026'
-kata_cmdline=$(cat /opt/edgeless/${runtime_name}/etc/configuration-qemu-tdx.toml | tomlq -r '.Hypervisor.qemu.kernel_params')
+kata_cmdline=$(tomlq -r '.Hypervisor.qemu.kernel_params' <"/opt/edgeless/${runtime_name}/etc/configuration-qemu-tdx.toml")
 extra_cmdline='console=ttyS0 systemd.unit=default.target'
 
-/opt/edgeless/${runtime_name}/tdx/bin/qemu-system-x86_64 \
+"/opt/edgeless/${runtime_name}/tdx/bin/qemu-system-x86_64" \
   -name sandbox-testing,debug-threads=on \
   -uuid 49ce7d67-eade-4708-a81f-b5b904213207 \
   -machine q35,accel=kvm,kernel_irqchip=split,confidential-guest-support=tdx \
@@ -42,7 +42,7 @@ extra_cmdline='console=ttyS0 systemd.unit=default.target'
   -device pci-bridge,bus=pcie.0,id=pci-bridge-0,chassis_nr=1,shpc=off,addr=2,io-reserve=4k,mem-reserve=1m,pref64-reserve=1m \
   -device virtio-serial-pci,disable-modern=false,id=serial0 \
   -device virtio-blk-pci,disable-modern=false,drive=image-3132ead95475d1bb,config-wce=off,share-rw=on,serial=image-3132ead95475d1bb \
-  -drive id=image-3132ead95475d1bb,file=/opt/edgeless/${runtime_name}/share/kata-containers.img,aio=threads,format=raw,if=none,readonly=on \
+  -drive "id=image-3132ead95475d1bb,file=/opt/edgeless/${runtime_name}/share/kata-containers.img,aio=threads,format=raw,if=none,readonly=on" \
   -device virtio-scsi-pci,id=scsi0,disable-modern=false \
   -object '{"qom-type":"tdx-guest","id":"tdx","mrconfigid":"XGOgbZcHhD3KKCQ1Z4aeLiAYlCQu6/zTrhgQLkAQg/cAAAAAAAAAAAAAAAAAAAAA","quote-generation-socket":{"type":"vsock","cid":"2","port":"4050"}}' \
   -object rng-random,id=rng0,filename=/dev/urandom \
@@ -55,8 +55,8 @@ extra_cmdline='console=ttyS0 systemd.unit=default.target'
   -nographic \
   --no-reboot \
   -object memory-backend-ram,id=dimm1,size=2148M \
-  -kernel /opt/edgeless/${runtime_name}/share/kata-kernel \
-  -initrd /opt/edgeless/${runtime_name}/share/kata-initrd.zst \
+  -kernel "/opt/edgeless/${runtime_name}/share/kata-kernel" \
+  -initrd "/opt/edgeless/${runtime_name}/share/kata-initrd.zst" \
   -append "${base_cmdline} ${kata_cmdline} ${extra_cmdline}" \
   -serial stdio \
   -bios "${bios}" \

@@ -20,6 +20,6 @@ sbx_id=$(echo "$container_info" | jq -r '.Spec.annotations."io.kubernetes.cri.sa
 runtime_class_name=$(echo "$container_info" | jq -r '.Snapshotter' | cut -c7-)
 
 kata_runtime="/opt/edgeless/${runtime_class_name}/bin/kata-runtime"
-config_file=$(ls -1 /opt/edgeless/${runtime_class_name}/etc/configuration-*.toml)
+config_file=$(ls -1 /opt/edgeless/"${runtime_class_name}"/etc/configuration-*.toml)
 
-${kata_runtime} --config "${config_file}" exec ${sbx_id}
+${kata_runtime} --config "${config_file}" exec "${sbx_id}"