image-rs: improve AA build and output

Improving output when building and starting AA. Placing gRPC and ttRPC binaries in different directories, so both can be cached and it is clear what feature the binary supports. Signed-off-by: Paul Meyer <[email protected]>
confidential-containers · Jul 13, 2023 · 5f1b738 · 5f1b738
1 parent 6fda28c
commit 5f1b738
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 16 deletions.
diff --git a/.github/workflows/image_rs_build.yml b/.github/workflows/image_rs_build.yml
@@ -76,11 +76,6 @@ jobs:
         run: |
           sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=encryption-openssl,keywrap-grpc,snapshot-overlayfs,signature-cosign-native,signature-simple,getresource,oci-distribution/native-tls,keywrap-jwe
 
-      - name: Prepare for ttrpc test
-        run: |
-          sudo mkdir -p /opt/confidential-containers/attestation-agent/
-          if test -f "scripts/attestation-agent"; then rm scripts/attestation-agent; fi
-
       - name: Run cargo test - kata-cc (rust-tls version) with keywrap-ttrpc (default) + keywrap-jwe
         run: |
           sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=kata-cc-rustls-tls,keywrap-jwe

diff --git a/attestation-agent/Makefile b/attestation-agent/Makefile
@@ -127,7 +127,7 @@ build:
 TARGET := $(TARGET_DIR)/$(BIN_NAME)
 
 install: 
-	install -D -m0755 $(TARGET) $(DESTDIR)
+	install -D -m0755 $(TARGET) $(DESTDIR)/$(BIN_NAME)
 
 uninstall:
 	rm -f $(DESTDIR)/$(BIN_NAME)

diff --git a/image-rs/scripts/build_attestation_agent.sh b/image-rs/scripts/build_attestation_agent.sh
@@ -9,18 +9,26 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-parameters="KBC=offline_fs_kbc"
+parameters=("KBC=offline_fs_kbc")
 
 [ -n "${BASH_VERSION:-}" ] && set -o errtrace
 [ -n "${DEBUG:-}" ] && set -o xtrace
-[ -n "${TTRPC:-}" ] && parameters+=" ttrpc=true"
+if [[ -n "${TTRPC:-}" ]]; then
+    parameters+=("ttrpc=true")
+    dest_dir_suffix="ttrpc"
+else
+    dest_dir_suffix="grpc"
+fi
+
 source $HOME/.cargo/env
 
 SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
 AA_DIR=$SCRIPT_DIR/../../attestation-agent
 
 pushd $AA_DIR
 
-make $parameters
-make DESTDIR="$SCRIPT_DIR" install
+make "${parameters[@]}"
+make DESTDIR="${SCRIPT_DIR}/${dest_dir_suffix}" install
+
+file "${SCRIPT_DIR}/${dest_dir_suffix}/attestation-agent"
 popd
diff --git a/image-rs/tests/common/mod.rs b/image-rs/tests/common/mod.rs
@@ -59,47 +59,59 @@ pub async fn clean() {
 
 pub async fn start_attestation_agent() -> Result<Child> {
     let script_dir = format!("{}/{}", std::env!("CARGO_MANIFEST_DIR"), "scripts");
-    let aa_path = format!("{}/{}", script_dir, "attestation-agent");
+    cfg_if::cfg_if! {
+        if #[cfg(feature = "keywrap-ttrpc")] {
+            let aa_path = format!("{}/ttrpc/{}", script_dir, "attestation-agent");
+        } else {
+            let aa_path = format!("{}/grpc/{}", script_dir, "attestation-agent");
+        }
+    };
+    println!("aa_path: {}", aa_path);
+    println!("script_dir: {}", script_dir);
 
     if !Path::new(&aa_path).exists() {
         let script_path = format!("{}/{}", script_dir, "build_attestation_agent.sh");
         cfg_if::cfg_if! {
             if #[cfg(feature = "keywrap-ttrpc")] {
-                Command::new(script_path)
+                let output = Command::new(script_path)
                     .env("TTRPC", "1")
                     .output()
                     .await
                     .expect("Failed to build attestation-agent");
+                println!("build ttrpc attestation-agent: {:?}", output);
             } else {
                 let output = Command::new(script_path)
                     .output()
                     .await
                     .expect("Failed to build attestation-agent");
+                println!("build grpc attestation-agent: {:?}", output);
             }
         }
     }
 
     cfg_if::cfg_if! {
         if #[cfg(feature = "keywrap-ttrpc")] {
-            let mut aa = tokio::process::Command::new(aa_path)
+            let mut aa = Command::new(aa_path)
                 .kill_on_drop(true)
                 .args(&[
                     "--keyprovider_sock",
                     "unix:///run/confidential-containers/attestation-agent/keyprovider.sock",
                     "--getresource_sock",
                     "unix:///run/confidential-containers/attestation-agent/getresource.sock"
                     ])
-                .spawn()?;
+                .spawn()
+                .expect("Failed to start ttrpc attestation-agent");
         } else {
-            let mut aa = tokio::process::Command::new(aa_path)
+            let mut aa = Command::new(aa_path)
                 .kill_on_drop(true)
                 .args(&[
                     "--keyprovider_sock",
                     "127.0.0.1:50000",
                     "--getresource_sock",
                     "127.0.0.1:50001"
                     ])
-                .spawn()?;
+                .spawn()
+                .expect("Failed to start grpc attestation-agent");
         }
     };