In unit tests that create a SystemContext, point that SystemContext at
the testing signature policy and registries configuration. This should
cause us to pay attention to mirroring settings for images used by this
set of tests.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a --cw option to `buildah build` and `buildah commit`, which takes a
comma-separated list of arguments and produces an image laid out for use
as a confidential workload:
type: sev or snp
attestation_url: location of a key broker server
cpus: expected number of virtual CPUs to run with
memory: expected megabytes of memory to run with
workload_id: a distinguishing identifier for the key broker server
ignore_attestation_errors: ignore errors registering the workload
passphrase: for encrypting the disk image
slop: extra space to allocate for the disk image
At least one of attestation_url and passphrase must be specified in
order for the encrypted disk image to be decryptable at run-time. Other
arguments can be omitted. ignore_attestation_errors is intentionally
undocumented, as it's mainly used to permit some amount of testing on
systems which don't have the required hardware.
Add an `mkcw` top-level command, for converting directly from an image
to a confidential workload.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When creating or loading a builder, ensure that its CommonBuildOpts
struct is not nil, to comply with an assumption that we keep making.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Jan Kaluza
Patrick Stoeckle
flouthoc
Nalin Dahyabhai