Skip to content
/ rbi Public

The scripts to support reproducible build for kata containers

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

inclavare-containers/rbi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits

bios-256k

bios-256k

 
 

in-toto

in-toto

 
 

kata-agent

kata-agent

 
 

kernel

kernel

 
 

misc

misc

 
 

reproducible-build-anolis

reproducible-build-anolis

 
 

rootfs-img

rootfs-img

 
 

.gitignore

.gitignore

 
 

rbi.sh

rbi.sh

 
 

readme.md

readme.md

 
 

readme_cn.md

readme_cn.md

 
 

Repository files navigation

Reproducible Build Infrastructure

For convenience, some scripts are collected for automatically building.

Files

  • rbi.sh main script. Use ./rbi.sh help to see details.
  • kata-agent/ scripts related to RB of kata-agent.
  • rootfs-img scripts and patches related to RB of rootfs raw disk image
  • kernel scripts related to RB of kernel
  • in-toto files about in-toto support software supply chain

Instructions

RB for kata-agent

Firstly, build RBCI(Reproducible Build Container Image) for kata-agent

./rbi.sh agent-image

Check the reproducibility of source code in /path/to/kata-containers.

./rbi.sh agent-local /path/to/kata-containers

Or, check the reproducibility of source code from github.com.

./rbi.sh agent-git

Above 2 operations can both produce a report and an artifest in report/.

Delete RBCI for kata-agent

./rbi.sh agent-image

Clean all tempfiles

./rbi.sh clean

RB for kata-containers.img

Firstly, need to generate a root file system locally, then the rootfs will be used to build a raw disk image.

./rbi.sh rootfs

And the rootfs will be in result/rootfs/rootfs. Then, need a raw disk image using the rootfs just generated. The img file will be result/kata-containers.img

./rbi.sh rootfs-image-build

Up to now, a rootfs's raw disk image is generated. Then, we need to check whether the content is the same as expected. Build a docker image which we use as a base environment to check the contents of a specific image file. The image name is rootfs-rdi-check.

./rbi.sh rootfs-checker

Finally, check the content of the disk image generated in 2. Compare them with the expected files using their hash values, and output a report in report/rootfs/check-report

./rbi.sh rootfs-check

(Optional) Also, the image rootfs-rdi-check can be removed

./rbi.sh rootfs-rmi

RB for kernel

./rbi.sh kernel-rbi

builds RBCI of kernel, namedkernel-rbci

./rbi.sh kernel-build

rb kernel and generate report in result/kernel. Here, result/kernel/vmlinux is the kernel and result/kernel/kernel_report is the check report.

If correctly, you can get report as

$cat report/kernel_report 
===KERNEL RB REPORT===
[Time] 2021-07-23 17:58:59
[SUCCESSFUL] Same hash

RB for bios-256k.bin

Firstly, build the RBCI of bios-256k.bin, named bios-256k-rbci.

./rbi.sh bios-rbi

Then, build bios-256k.bin, the artifest will be result/bios/bios-256k.bin and the report result/bios/report

./rbi.sh bios-build

About

The scripts to support reproducible build for kata containers

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 17

+ 3 contributors

Languages