buildah

Commit Graph

Author	SHA1	Message	Date
flouthoc	aadfc5cf30	unit_test: use Parallel test where possible Add `t.Parallel()` to unit tests whereever its possible without race. Signed-off-by: flouthoc <flouthoc.git@gmail.com>	2025-02-04 11:07:15 -08:00
Nalin Dahyabhai	e89fac6c9b	Add `buildah mkcw`, add `--cw` to `buildah commit` and `buildah build` Add a --cw option to `buildah build` and `buildah commit`, which takes a comma-separated list of arguments and produces an image laid out for use as a confidential workload: type: sev or snp attestation_url: location of a key broker server cpus: expected number of virtual CPUs to run with memory: expected megabytes of memory to run with workload_id: a distinguishing identifier for the key broker server ignore_attestation_errors: ignore errors registering the workload passphrase: for encrypting the disk image slop: extra space to allocate for the disk image At least one of attestation_url and passphrase must be specified in order for the encrypted disk image to be decryptable at run-time. Other arguments can be omitted. ignore_attestation_errors is intentionally undocumented, as it's mainly used to permit some amount of testing on systems which don't have the required hardware. Add an `mkcw` top-level command, for converting directly from an image to a confidential workload. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>	2023-09-07 14:05:10 -04:00

Author

SHA1

Message

Date

flouthoc

aadfc5cf30

unit_test: use Parallel test where possible

Add `t.Parallel()` to unit tests whereever its possible without race.

Signed-off-by: flouthoc <flouthoc.git@gmail.com>

2025-02-04 11:07:15 -08:00

Nalin Dahyabhai

e89fac6c9b

Add `buildah mkcw`, add `--cw` to `buildah commit` and `buildah build`

Add a --cw option to `buildah build` and `buildah commit`, which takes a
comma-separated list of arguments and produces an image laid out for use
as a confidential workload:
  type: sev or snp
  attestation_url: location of a key broker server
  cpus: expected number of virtual CPUs to run with
  memory: expected megabytes of memory to run with
  workload_id: a distinguishing identifier for the key broker server
  ignore_attestation_errors: ignore errors registering the workload
  passphrase: for encrypting the disk image
  slop: extra space to allocate for the disk image

At least one of attestation_url and passphrase must be specified in
order for the encrypted disk image to be decryptable at run-time.  Other
arguments can be omitted.  ignore_attestation_errors is intentionally
undocumented, as it's mainly used to permit some amount of testing on
systems which don't have the required hardware.

Add an `mkcw` top-level command, for converting directly from an image
to a confidential workload.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

2023-09-07 14:05:10 -04:00

2 Commits