Workaround for libc updating during compilation (vs. base image)
Also stop image publish for these images for the time being.
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
Hopefully fixes issues with random failures with e2e-sgx.
Co-authored-by: Mikko Ylinen <mikko.ylinen@intel.com>
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
The Toybox images had two issues:
1. Distroless does not support /bin -> /usr/bin so we needed to
create it manually to get /bin/bash for Toybox. However, with this
Openshift image validation complains that we are touching the "base"
image.
2. We could not use buildkit since it fails with /bin symlink
copied over /bin directory from Distroless.
The simple fix is just to move away from all /bin/sh and /bin/bash
and use "/usr/bin/env bash" to resolve the path instead. This allows
to keep /bin untouched.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The VPU plugin can only be used with devices that are
no longer supported by upper layers, such as OpenVINO.
The deprecation plan for the plugin was announced earlier
this year and post v0.28 marks the date when the plugin is removed
from the repo.
Releases before v0.29 have the plugin available should it
be needed.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
hostNetwork usage for SGX demo pods is not absolutely necessary so it's
better to clean it up and make IAS "security" scanners happier. It was
originally used to be able to use "localhost" PCCS but this change now
adds an example how proper PCCS url can be configured using jq.
Additionally, SGX DCAP Quote Verification is added.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Even if sriov_numvfs is not found, do not finish with an error.
It is necessary because VM still recognizes VF's BDF as xx.xx.0,
and script tries to find sriov_numvfs. So, chnage the script just
print some informational message and end with exit 0.
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
- add /usr/share/qat/calgary32 necessary for running dc test
to Dockerfile
- add e2e test for dc that runs cpa-sample with different
resource and command.
- remove openssl yaml file and use podSpec instead for cy test
- make a common func runCpaSampleCode for both cy and dc test
that have same process with a few differences
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
ninja-build is installed as a dependency to meson so we don't need to
install it separately. In fact pip install fails on setups that enforce
PEP-668 of externally managed environments.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
