edgelesssys · burgerdev · Nov 5, 2024 · Nov 4, 2024 · Nov 4, 2024 · Nov 4, 2024
diff --git a/.github/workflows/check_patches.yml b/.github/workflows/check_patches.yml
@@ -0,0 +1,40 @@
+name: check patches
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - .github/workflows/check_patches.yml
+      - packages/by-name/kata/kata-runtime/package.nix
+      - packages/by-name/kata/kata-runtime/0*.patch
+
+jobs:
+  check-patches:
+    runs-on: ubuntu-22.04
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          path: contrast
+      - uses: ./contrast/.github/actions/setup_nix
+        with:
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+      - id: kataversion
+        working-directory: contrast
+        run: |
+          echo "v=$(nix eval --raw .#kata.kata-runtime.version)" >> "$GITHUB_OUTPUT"
+      - name: Check out Kata
+        run: |
+          git clone --depth 1 -b "${{ steps.kataversion.outputs.v }}" https://github.com/kata-containers/kata-containers.git kata
+      - name: Apply patches
+        working-directory: kata
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "Actions Bot"
+          git am --no-3way ../contrast/packages/by-name/kata/kata-runtime/0*.patch
+          git format-patch -N --no-signature --zero-commit --full-index -o ../contrast/packages/by-name/kata/kata-runtime/ "${{ steps.kataversion.outputs.v }}"
+      - name: Check for diff
+        working-directory: contrast
+        run: |
+          git diff --exit-code
diff --git a/dev-docs/patches.md b/dev-docs/patches.md
@@ -70,10 +70,14 @@ git checkout $rev
 Apply the existing patch set:
 
 ```sh
-git am --committer-date-is-author-date -3 $pkgDir/*.patch
+git am --no-3way $pkgDir/0*.patch
 ```
 
 This will apply and commit each patch on top of `rev`.
+Some directories contain patches that aren't meant to be applied to the source, those are excluded by the `0` prefix.
+The `--no-3way` flag will abort application of unclean patches.
+If the existing patches can't be applied without a three-way merge, you can pass `-3` instead.
+This situation should then be resolved in a separate commit.
 
 You can then place new commits on top or modify existing commits. Remember to keep the git history clean.
 
@@ -82,9 +86,14 @@ When updating a package, you might need to rebase the current patch set.
 When done, recreate the patch set:
 
 ```sh
-git format-patch -N --no-signature -o $pkgDir $rev
+git format-patch -N --no-signature --zero-commit --full-index -o $pkgDir $rev
 ```
 
+Don't forget to `git add` patches you just added and to `git rm` patches you removed or renamed.
+
+The `static.yml` workflow ensures that patches can be reapplied cleanly.
+If this workflow fails, applying the rendered diff should be sufficient to appease it.
+
 # Patch documentation conventions
 
 Patches need thorough documentation. Each reference of a patch must have a comment:

@@ -1,4 +1,4 @@
-From 099fd9159c03561ed738dacb370d18183f8601aa Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Tom Dohrmann <[email protected]>
 Date: Fri, 5 Jul 2024 08:43:13 +0000
 Subject: [PATCH] govmm: Directly pass the firwmare using -bios with SNP
@@ -9,7 +9,7 @@ Subject: [PATCH] govmm: Directly pass the firwmare using -bios with SNP
  1 file changed, 1 insertion(+), 3 deletions(-)
 
 diff --git a/src/runtime/pkg/govmm/qemu/qemu.go b/src/runtime/pkg/govmm/qemu/qemu.go
-index e1070b731..b3b3fb4bd 100644
+index e1070b731920f00625dc58a9ce3e6b985af3a8ba..b3b3fb4bdbe99e6fc1a89db49be984b92a19551c 100644
 --- a/src/runtime/pkg/govmm/qemu/qemu.go
 +++ b/src/runtime/pkg/govmm/qemu/qemu.go
 @@ -395,9 +395,7 @@ func (object Object) QemuParams(config *Config) []string {

@@ -1,4 +1,4 @@
-From b73c887c4b00d58b1a9bf403c5b2d05b02574731 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Tom Dohrmann <[email protected]>
 Date: Mon, 8 Jul 2024 07:35:54 +0000
 Subject: [PATCH] emulate CPU model that most closely matches the host
@@ -12,7 +12,7 @@ attestation.
  1 file changed, 12 insertions(+), 1 deletion(-)
 
 diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go
-index 1d1be1711..6ebee26ce 100644
+index 1d1be17118f397445941c50a5276fb8aec2411e3..6ebee26ce34b5137f88a78219340b1f0867bc7a8 100644
 --- a/src/runtime/virtcontainers/qemu_amd64.go
 +++ b/src/runtime/virtcontainers/qemu_amd64.go
 @@ -191,7 +191,18 @@ func (q *qemuAmd64) cpuModel() string {

@@ -1,4 +1,4 @@
-From d3bc2eb74a14272afb10d20c63e4d938538acbfe Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Tom Dohrmann <[email protected]>
 Date: Mon, 8 Jul 2024 07:51:20 +0000
 Subject: [PATCH] runtime: agent: verify the agent policy hash
@@ -42,7 +42,7 @@ Signed-off-by: Tom Dohrmann <[email protected]>
  create mode 100644 src/agent/src/tdx.rs
 
 diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock
-index f55144570..8cf40f7ec 100644
+index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05d347262d 100644
 --- a/src/agent/Cargo.lock
 +++ b/src/agent/Cargo.lock
 @@ -542,6 +542,12 @@ version = "0.6.3"
@@ -238,7 +238,7 @@ index f55144570..8cf40f7ec 100644
  name = "vsock"
  version = "0.2.6"
 diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml
-index a8ed5d081..d5b3db965 100644
+index a8ed5d081cf87b19f4ce5c5bdb9cc4efa694a6e3..d5b3db965fe75cbccc182825a4115bdc57a9705b 100644
 --- a/src/agent/Cargo.toml
 +++ b/src/agent/Cargo.toml
 @@ -85,6 +85,11 @@ regorus = { version = "0.1.4", default-features = false, features = [
@@ -263,7 +263,7 @@ index a8ed5d081..d5b3db965 100644
 
  [[bin]]
 diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs
-index 8a057bb36..22d858c10 100644
+index 8a057bb367537cfac988f20fda86b2e23a681682..22d858c10468478dacb7e7e9b9133a756abc1ea8 100644
 --- a/src/agent/src/main.rs
 +++ b/src/agent/src/main.rs
 @@ -85,6 +85,10 @@ mod tracer;
@@ -278,7 +278,7 @@ index 8a057bb36..22d858c10 100644
  cfg_if! {
      if #[cfg(target_arch = "s390x")] {
 diff --git a/src/agent/src/policy.rs b/src/agent/src/policy.rs
-index ccac317d0..2f1da9ecd 100644
+index ccac317d0ff707c1fd1242a144886d5e8c000a90..2f1da9ecd0d0ee1be06218d5bc9e58cd93defa8c 100644
 --- a/src/agent/src/policy.rs
 +++ b/src/agent/src/policy.rs
 @@ -3,11 +3,14 @@
@@ -351,7 +351,7 @@ index ccac317d0..2f1da9ecd 100644
 +}
 diff --git a/src/agent/src/sev.rs b/src/agent/src/sev.rs
 new file mode 100644
-index 000000000..3257eabaf
+index 0000000000000000000000000000000000000000..3257eabafcc971df7219d71186383616ee19a672
 --- /dev/null
 +++ b/src/agent/src/sev.rs
 @@ -0,0 +1,19 @@
@@ -376,7 +376,7 @@ index 000000000..3257eabaf
 +}
 diff --git a/src/agent/src/tdx.rs b/src/agent/src/tdx.rs
 new file mode 100644
-index 000000000..1531e72a8
+index 0000000000000000000000000000000000000000..1531e72a8b8db6e357d02ecdd431a9b88af3b30d
 --- /dev/null
 +++ b/src/agent/src/tdx.rs
 @@ -0,0 +1,194 @@
@@ -575,7 +575,7 @@ index 000000000..1531e72a8
 +    Ok(mrconfigid)
 +}
 diff --git a/src/runtime/pkg/govmm/qemu/qemu.go b/src/runtime/pkg/govmm/qemu/qemu.go
-index b3b3fb4bd..5070ecd1e 100644
+index b3b3fb4bdbe99e6fc1a89db49be984b92a19551c..5070ecd1e78ca04383637e662b3c8e4f8ec0ae5e 100644
 --- a/src/runtime/pkg/govmm/qemu/qemu.go
 +++ b/src/runtime/pkg/govmm/qemu/qemu.go
 @@ -320,6 +320,11 @@ type Object struct {
@@ -631,7 +631,7 @@ index b3b3fb4bd..5070ecd1e 100644
 
  	return tdxObject.String()
 diff --git a/src/runtime/virtcontainers/hypervisor.go b/src/runtime/virtcontainers/hypervisor.go
-index 5eb922980..0e5205cc9 100644
+index 5eb922980be33de9afc25ffaae65dd222f976c52..0e5205cc99da99e929365cbfe8637465872addb9 100644
 --- a/src/runtime/virtcontainers/hypervisor.go
 +++ b/src/runtime/virtcontainers/hypervisor.go
 @@ -545,7 +545,7 @@ type HypervisorConfig struct {
@@ -666,7 +666,7 @@ index 5eb922980..0e5205cc9 100644
  	tdxProtection
 
 diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go
-index ba86c3d63..2c6311c06 100644
+index ba86c3d63a6c5158b3d0f7e6ae6af865dddb9d8d..2c6311c067935a2c5da0a1018420bab684b670e8 100644
 --- a/src/runtime/virtcontainers/qemu.go
 +++ b/src/runtime/virtcontainers/qemu.go
 @@ -681,7 +681,7 @@ func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervi
@@ -679,7 +679,7 @@ index ba86c3d63..2c6311c06 100644
  		return err
  	}
 diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go
-index 6ebee26ce..0a0451cba 100644
+index 6ebee26ce34b5137f88a78219340b1f0867bc7a8..0a0451cba1565358225875cf6506381f5d221aec 100644
 --- a/src/runtime/virtcontainers/qemu_amd64.go
 +++ b/src/runtime/virtcontainers/qemu_amd64.go
 @@ -9,6 +9,8 @@ package virtcontainers
@@ -754,7 +754,7 @@ index 6ebee26ce..0a0451cba 100644
 +	return base64.StdEncoding.EncodeToString(mrConfigId)
 +}
 diff --git a/src/runtime/virtcontainers/qemu_amd64_test.go b/src/runtime/virtcontainers/qemu_amd64_test.go
-index 1425cb38c..f0a9c691a 100644
+index 1425cb38cfd79ab06b04f1dafbab9b7440901688..f0a9c691a6ffc6356f8f9a335e72b81239a2ef2c 100644
 --- a/src/runtime/virtcontainers/qemu_amd64_test.go
 +++ b/src/runtime/virtcontainers/qemu_amd64_test.go
 @@ -9,6 +9,10 @@ package virtcontainers
@@ -943,7 +943,7 @@ index 1425cb38c..f0a9c691a 100644
 +	assert.Equal(expectedOut, devices)
  }
 diff --git a/src/runtime/virtcontainers/qemu_arch_base.go b/src/runtime/virtcontainers/qemu_arch_base.go
-index fd92be772..662466f58 100644
+index fd92be772446f30058d4424f7a330a0bc23ff433..662466f5846c22b4c7fa6b62b1a272258e2e4143 100644
 --- a/src/runtime/virtcontainers/qemu_arch_base.go
 +++ b/src/runtime/virtcontainers/qemu_arch_base.go
 @@ -162,7 +162,7 @@ type qemuArch interface {
@@ -965,7 +965,7 @@ index fd92be772..662466f58 100644
  	return devices, firmware, nil
  }
 diff --git a/src/runtime/virtcontainers/qemu_arm64.go b/src/runtime/virtcontainers/qemu_arm64.go
-index a9b803f73..112fe358e 100644
+index a9b803f73275c1d5b9212a63fda097ebc33f1c9f..112fe358e4d76700ebe7a1d36e9ae42eb93611b7 100644
 --- a/src/runtime/virtcontainers/qemu_arm64.go
 +++ b/src/runtime/virtcontainers/qemu_arm64.go
 @@ -154,7 +154,7 @@ func (q *qemuArm64) enableProtection() error {
@@ -978,7 +978,7 @@ index a9b803f73..112fe358e 100644
  	if err != nil {
  		hvLogger.WithField("arch", runtime.GOARCH).Error(err)
 diff --git a/src/runtime/virtcontainers/qemu_arm64_test.go b/src/runtime/virtcontainers/qemu_arm64_test.go
-index 07e67ac8c..8b6bd03eb 100644
+index 07e67ac8c1479c67f4b4ffa850dddb8d1e0680e4..8b6bd03eb9d10f0c37dbdbb3fb5fa48585659e96 100644
 --- a/src/runtime/virtcontainers/qemu_arm64_test.go
 +++ b/src/runtime/virtcontainers/qemu_arm64_test.go
 @@ -182,42 +182,77 @@ func TestQemuArm64AppendProtectionDevice(t *testing.T) {
@@ -1066,7 +1066,7 @@ index 07e67ac8c..8b6bd03eb 100644
  	assert.Empty(bios)
  	assert.NoError(err)
 diff --git a/src/runtime/virtcontainers/qemu_ppc64le.go b/src/runtime/virtcontainers/qemu_ppc64le.go
-index d2e0228c8..ed7a14c4d 100644
+index d2e0228c8be8eae3ae24f3aa81b6423735f51320..ed7a14c4dc4262a0f1d77f6efa11310479fa1ecb 100644
 --- a/src/runtime/virtcontainers/qemu_ppc64le.go
 +++ b/src/runtime/virtcontainers/qemu_ppc64le.go
 @@ -157,7 +157,7 @@ func (q *qemuPPC64le) enableProtection() error {
@@ -1079,7 +1079,7 @@ index d2e0228c8..ed7a14c4d 100644
  	case pefProtection:
  		return append(devices,
 diff --git a/src/runtime/virtcontainers/qemu_ppc64le_test.go b/src/runtime/virtcontainers/qemu_ppc64le_test.go
-index 85e1dfe80..0c2f4b923 100644
+index 85e1dfe8050e3c64545e2031420058aad004f2ab..0c2f4b923d5550b67ad8c767124d8414b47d4c0b 100644
 --- a/src/runtime/virtcontainers/qemu_ppc64le_test.go
 +++ b/src/runtime/virtcontainers/qemu_ppc64le_test.go
 @@ -60,39 +60,63 @@ func TestQemuPPC64leAppendProtectionDevice(t *testing.T) {
@@ -1174,7 +1174,7 @@ index 85e1dfe80..0c2f4b923 100644
 +	assert.Equal(expectedOut, devices)
  }
 diff --git a/src/runtime/virtcontainers/qemu_s390x.go b/src/runtime/virtcontainers/qemu_s390x.go
-index 29eaafe5b..787a0e589 100644
+index 29eaafe5b3fe0ecf9f10bc49ede3465d2cf8ec3e..787a0e589a71dabb5acaedd66e36bb5f7d9662d0 100644
 --- a/src/runtime/virtcontainers/qemu_s390x.go
 +++ b/src/runtime/virtcontainers/qemu_s390x.go
 @@ -337,7 +337,7 @@ func (q *qemuS390x) enableProtection() error {
@@ -1187,7 +1187,7 @@ index 29eaafe5b..787a0e589 100644
  	case seProtection:
  		return append(devices,
 diff --git a/src/runtime/virtcontainers/qemu_s390x_test.go b/src/runtime/virtcontainers/qemu_s390x_test.go
-index 24a67bdd9..3f5f84aff 100644
+index 24a67bdd9e591ead96fbaea473cb662526dedbf3..3f5f84afffeec6fed0ba624408158425090fe88a 100644
 --- a/src/runtime/virtcontainers/qemu_s390x_test.go
 +++ b/src/runtime/virtcontainers/qemu_s390x_test.go
 @@ -111,40 +111,64 @@ func TestQemuS390xAppendProtectionDevice(t *testing.T) {
@@ -1281,7 +1281,7 @@ index 24a67bdd9..3f5f84aff 100644
 +	assert.Equal(expectedOut, devices)
  }
 diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go
-index ac0d35e9c..ff7a46b4e 100644
+index ac0d35e9c854d6b5eea52e716137fe62414d51a7..ff7a46b4e05dbef2d8d1981897b04e639fda5527 100644
 --- a/src/runtime/virtcontainers/sandbox.go
 +++ b/src/runtime/virtcontainers/sandbox.go
 @@ -613,6 +613,7 @@ func newSandbox(ctx context.Context, sandboxConfig SandboxConfig, factory Factor

@@ -1,4 +1,4 @@
-From cc68c48a9af8cbdd6ffd8a74d7960adc22150f08 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Markus Rudy <[email protected]>
 Date: Wed, 24 Jul 2024 09:48:48 +0200
 Subject: [PATCH] genpolicy: enable sysctl checks
@@ -16,7 +16,7 @@ environment-dependent sysctls in the settings file.
  5 files changed, 62 insertions(+), 1 deletion(-)
 
 diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
-index fe1625bac..e50d5e545 100644
+index fe1625bac119b59ce2094b2220e2a87c486e670a..e50d5e545e3fe42db486771345310d4c2157be2f 100644
 --- a/src/tools/genpolicy/genpolicy-settings.json
 +++ b/src/tools/genpolicy/genpolicy-settings.json
 @@ -39,6 +39,10 @@
@@ -44,7 +44,7 @@ index fe1625bac..e50d5e545 100644
      },
      "volumes": {
 diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
-index 1d95bfe69..a89b13ed1 100644
+index 1d95bfe699bb5082f8bbfb2cc4d89c8bde3a08ec..a89b13ed158ad8524e11ffbdad8ccb1ce7692aed 100644
 --- a/src/tools/genpolicy/rules.rego
 +++ b/src/tools/genpolicy/rules.rego
 @@ -112,7 +112,6 @@ allow_create_container_input {
@@ -88,7 +88,7 @@ index 1d95bfe69..a89b13ed1 100644
  # and io.kubernetes.cri.sandbox-id" values with other fields.
  allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) {
 diff --git a/src/tools/genpolicy/src/containerd.rs b/src/tools/genpolicy/src/containerd.rs
-index 075fced5b..2922ea0ab 100644
+index 075fced5bfec11b27e529f0b1d2dba5e6271ba82..2922ea0ab54671269c8eedab3890ba35529db05a 100644
 --- a/src/tools/genpolicy/src/containerd.rs
 +++ b/src/tools/genpolicy/src/containerd.rs
 @@ -3,6 +3,8 @@
@@ -117,7 +117,7 @@ index 075fced5b..2922ea0ab 100644
      }
  }
 diff --git a/src/tools/genpolicy/src/pod.rs b/src/tools/genpolicy/src/pod.rs
-index 19f882239..5030144c6 100644
+index 19f8822395ca225961bcf77bc3e5ae25e3c31119..5030144c6364cd929c53d18a24459748c1ce20aa 100644
 --- a/src/tools/genpolicy/src/pod.rs
 +++ b/src/tools/genpolicy/src/pod.rs
 @@ -21,6 +21,7 @@ use log::{debug, warn};
@@ -176,7 +176,7 @@ index 19f882239..5030144c6 100644
          ..Default::default()
      };
 diff --git a/src/tools/genpolicy/src/policy.rs b/src/tools/genpolicy/src/policy.rs
-index 973643e1f..adbdf97f3 100644
+index 973643e1f270b589e30e0b2e9235dbfa70df0f20..adbdf97f33c449e905cbf9044a118da4598c69cd 100644
 --- a/src/tools/genpolicy/src/policy.rs
 +++ b/src/tools/genpolicy/src/policy.rs
 @@ -27,6 +27,7 @@ use serde_yaml::Value;

@@ -1,4 +1,4 @@
-From eed3e15bfd5468480e07b08dbf5266a75a61e076 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Markus Rudy <[email protected]>
 Date: Wed, 24 Jul 2024 09:51:57 +0200
 Subject: [PATCH] genpolicy: read bundle-id from rootfs
@@ -14,7 +14,7 @@ NOTE: fixes https://github.com/kata-containers/kata-containers/issues/10065
  1 file changed, 8 insertions(+), 21 deletions(-)
 
 diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
-index a89b13ed1..d9b68e3ac 100644
+index a89b13ed158ad8524e11ffbdad8ccb1ce7692aed..d9b68e3ac0758f0d15bc1415300573082d7e1949 100644
 --- a/src/tools/genpolicy/rules.rego
 +++ b/src/tools/genpolicy/rules.rego
 @@ -509,9 +509,6 @@ allow_linux_sysctl(p_linux, i_linux) {

@@ -1,4 +1,4 @@
-From 551b4a87596fe66741433424872deefbc251ee59 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Paul Meyer <[email protected]>
 Date: Thu, 11 Jul 2024 12:05:00 +0200
 Subject: [PATCH] genpolicy: regex check contrast specific layer-src-prefix
@@ -9,7 +9,7 @@ Signed-off-by: Paul Meyer <[email protected]>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
-index d9b68e3ac..6ddcd18cd 100644
+index d9b68e3ac0758f0d15bc1415300573082d7e1949..6ddcd18cd1334dfabeadd1b0e7a54c723c7cae4d 100644
 --- a/src/tools/genpolicy/rules.rego
 +++ b/src/tools/genpolicy/rules.rego
 @@ -905,7 +905,7 @@ allow_storage_options(p_storage, i_storage, layer_ids, root_hashes) {

@@ -1,4 +1,4 @@
-From 264156d366f357b71fb697f7f65f9ff84e90c2f8 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Markus Rudy <[email protected]>
 Date: Wed, 24 Jul 2024 11:16:37 +0200
 Subject: [PATCH] genpolicy-settings: bump OCI version
@@ -9,7 +9,7 @@ Kata hard-codes OCI version 1.1.0, but latest K3S has 1.2.0.
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
-index e50d5e545..fcafa46cc 100644
+index e50d5e545e3fe42db486771345310d4c2157be2f..fcafa46cc3b62b74aa5ba08fdbd76fa3370ae77e 100644
 --- a/src/tools/genpolicy/genpolicy-settings.json
 +++ b/src/tools/genpolicy/genpolicy-settings.json
 @@ -312,7 +312,7 @@

@@ -1,4 +1,4 @@
-From cfa3376d255617815b8ef10bdc6026bf38a99889 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Markus Rudy <[email protected]>
 Date: Mon, 12 Aug 2024 14:18:43 +0200
 Subject: [PATCH] genpolicy-settings: change cpath for Nydus guest pull
@@ -10,7 +10,7 @@ https://github.com/kata-containers/kata-containers/blob/775f6bd/tests/integratio
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
-index fcafa46cc..4e9f6481d 100644
+index fcafa46cc3b62b74aa5ba08fdbd76fa3370ae77e..4e9f6481d649fc45716f182c394f38059792eb91 100644
 --- a/src/tools/genpolicy/genpolicy-settings.json
 +++ b/src/tools/genpolicy/genpolicy-settings.json
 @@ -243,7 +243,7 @@