We use 'as' and 'FROM' keywords which do not match with each other.
Use 'AS' instead of 'as'.
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
The check_config function previously only considered the
ServicesEnabled variable. Improve the logic of the function so
that other variables can also be set through the qat.conf file.
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
Github actions runner-images install buildah from the distro. 22.04
has an ancient version and is known not to work.
Bump to the latest 24.04 runners and at the same time, drop the
BUILDAH_RUNTIME override.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
stable kernel update added a patch that requires processes to
carry SYS_RAWIO in order to submit IAA/DSA commands.
This isn't enabled for containers by default so explicitly
request adding it for test deployments.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
the sed patching using opague line numbers is fragile. better to use
explicit names for what tests we want to disable.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Github crypto-perf/opae-nlb-demo image builds using buildah started
failing without a reason. While we could continue to debug the root
cause, let's admit the version is so old and a reasonable configuration
exists that makes the error go away: using BUILDAH_RUNTIME=runc just
like we use for the plugin images seems sufficient.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Workaround for libc updating during compilation (vs. base image)
Also stop image publish for these images for the time being.
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
Hopefully fixes issues with random failures with e2e-sgx.
Co-authored-by: Mikko Ylinen <mikko.ylinen@intel.com>
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
The Toybox images had two issues:
1. Distroless does not support /bin -> /usr/bin so we needed to
create it manually to get /bin/bash for Toybox. However, with this
Openshift image validation complains that we are touching the "base"
image.
2. We could not use buildkit since it fails with /bin symlink
copied over /bin directory from Distroless.
The simple fix is just to move away from all /bin/sh and /bin/bash
and use "/usr/bin/env bash" to resolve the path instead. This allows
to keep /bin untouched.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The VPU plugin can only be used with devices that are
no longer supported by upper layers, such as OpenVINO.
The deprecation plan for the plugin was announced earlier
this year and post v0.28 marks the date when the plugin is removed
from the repo.
Releases before v0.29 have the plugin available should it
be needed.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
hostNetwork usage for SGX demo pods is not absolutely necessary so it's
better to clean it up and make IAS "security" scanners happier. It was
originally used to be able to use "localhost" PCCS but this change now
adds an example how proper PCCS url can be configured using jq.
Additionally, SGX DCAP Quote Verification is added.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
