2022-05-30 11:38:06 +02:00
## Setup
2023-10-04 10:51:17 +02:00
Ensure you have Nix installed. This is a requirement for the following steps.
2023-09-18 12:18:52 +02:00
Consult the [developer docs ](/dev-docs/workflows/build-develop-deploy.md ) for more info.
2023-10-04 10:51:17 +02:00
At the very least, `nix` should be in your PATH.
2022-05-30 11:38:06 +02:00
2024-08-12 13:34:03 +02:00
Building the image also requires `newuidmap` and `newgidmap` to be present in the PATH. On Debian and Ubuntu, these can be sourced through
the `uidmap` package.
2022-10-19 13:10:15 +02:00
## Build
2022-05-30 11:38:06 +02:00
2023-09-18 12:18:52 +02:00
You can build any image using Bazel.
Start by querying the available images:
2022-08-02 17:14:13 +02:00
2022-10-19 13:10:15 +02:00
```sh
2023-09-18 12:18:52 +02:00
bazel query //image/system/...
2022-08-02 17:14:13 +02:00
```
2023-09-18 12:18:52 +02:00
You can either build a group of images (all images for a cloud provider, a stream, ...) or a single image by selecting a target.
2022-05-30 11:38:06 +02:00
2022-10-19 13:10:15 +02:00
```sh
2024-05-16 09:10:09 +02:00
bazel build //image/system:azure_azure-sev-snp_stable
2022-10-19 13:10:15 +02:00
```
2022-05-30 11:38:06 +02:00
2023-09-18 12:18:52 +02:00
The location of the destination folder can be queried like this:
2022-05-30 11:38:06 +02:00
2022-10-19 13:10:15 +02:00
```sh
2024-05-16 09:10:09 +02:00
bazel cquery --output=files //image/system:azure_azure-sev-snp_stable
2022-10-19 13:10:15 +02:00
```
2022-05-30 11:38:06 +02:00
2024-05-16 09:10:09 +02:00
## Build and Upload
2022-10-19 13:10:15 +02:00
2024-05-16 09:10:09 +02:00
Similarly, you can also build and upload images to the respective CSP within a single step with the `upload_*` targets.
2022-10-19 13:10:15 +02:00
```sh
2024-05-16 09:10:09 +02:00
bazel run //image/system:upload_aws_aws-sev-snp_console -- --ref deps-image-fedora-40 --upload-measurements
2022-10-19 13:10:15 +02:00
```
2022-05-30 11:38:06 +02:00
2024-05-16 09:10:09 +02:00
The `--ref` should be the branch you're building images on. It should **not contain slashes** . Slashes should be replaced with dashes to
not break the filesystem structure of the image storages.
2022-11-16 15:45:10 +01:00
2024-05-16 09:10:09 +02:00
Optionally, the `--upload-measurements` option can be used to specify that measurements for the image should be uploaded, and `--fake-sign` specifies
that a debugging signing key should be used to sign the measurements, which is done for debug images.
2023-08-16 10:42:48 +02:00
## Kernel
The Kernel is built from the srpm published under [edgelesssys/constellation-kernel ](https://github.com/edgelesssys/constellation-kernel ).
We track the latest longterm release, use sources directly from [kernel.org ](https://www.kernel.org/ ) and build the Kernel using the steps specified in the
srpm spec file.
After building a Kernel rpm, we upload it to our CDN and use it in our image builds.
2024-05-16 09:10:09 +02:00
## Upgrading to a new Fedora release
- Search for the old Fedora releasever in the `image/` directory and replace every occurence (outside of lockfiles) with the new releasever
- Search for Fedora container images in Dockerfiles and upgrade the releasever
- Regenerate the package lockfile: `bazel run //image/mirror:update_packages`
- Build test images locally:
- `bazel query //image/system:all` (pick an image name from the output)
- `bazel build //image/system:IMAGE_NAME_HERE` (replace with an actual image name)
- Let CI build new images and run e2e tests
- Upgrade kernel spec under [edgelesssys/constellation-kernel ](https://github.com/edgelesssys/constellation-kernel ) to use new releasever