Enable Partial Reader

.cargo/config.toml

@@ -6,3 +6,6 @@ BMP_PublicPackages = { index = "sparse+https://pkgs.dev.azure.com/mariner-org/EC
 
 [source.crates-io]
 replace-with = "BMP_PublicPackages"
+
+[target.aarch64-unknown-linux-gnu]
+linker = "aarch64-linux-gnu-gcc"

Makefile

@@ -72,13 +72,15 @@ version-vars:
 
 .PHONY: build
 build: .cargo/config version-vars
-	@OPENSSL_STATIC=1 \
-		OPENSSL_LIB_DIR=$(shell dirname `whereis libssl.a | cut -d" " -f2`) \
-		OPENSSL_INCLUDE_DIR=/usr/include/openssl \
-		TRIDENT_VERSION="$(TRIDENT_CARGO_VERSION)-dev.$(GIT_COMMIT)" \
-		cargo build --release --features dangerous-options
+	@TRIDENT_VERSION="$(TRIDENT_CARGO_VERSION)-dev.$(GIT_COMMIT)" \
+	cargo build --release --features dangerous-options
 	@mkdir -p bin
 
+.PHONY: build-aarch64
+build-aarch64: .cargo/config version-vars
+	@TRIDENT_VERSION="$(TRIDENT_CARGO_VERSION)-dev.$(GIT_COMMIT)" \
+	cargo build --release --target aarch64-unknown-linux-gnu
+
 .PHONY: format
 format:
 	cargo fmt
@@ -147,10 +149,23 @@ artifacts/osmodifier: packaging/docker/Dockerfile-osmodifier.azl3
 	    docker cp -q $$id:/work/azure-linux-image-tools/toolkit/out/tools/osmodifier $@ || \
 	    docker rm -v $$id
 
+artifacts/osmodifier-aarch64: packaging/docker/Dockerfile-osmodifier.azl3
+	@docker build --platform linux/arm64 -t trident/osmodifier-build:latest \
+		-f packaging/docker/Dockerfile-osmodifier.azl3 \
+		.
+	@mkdir -p "$(ARTIFACTS_DIR)"
+	@id=$$(docker create trident/osmodifier-build:latest) && \
+	    docker cp -q $$id:/work/azure-linux-image-tools/toolkit/out/tools/osmodifier $@ || \
+	    docker rm -v $$id
+
 bin/trident: build
 	@mkdir -p bin
 	@cp -u target/release/trident bin/
 
+bin/trident-aarch64: build-aarch64
+	@mkdir -p bin
+	@cp -u target/aarch64-unknown-linux-gnu/release/trident bin/trident-aarch64
+
 # This will do a proper build on azl3, exactly as the pipelines would, with the custom registry and all.
 bin/trident-rpms-azl3.tar.gz: packaging/docker/Dockerfile.full packaging/systemd/*.service packaging/rpm/trident.spec artifacts/osmodifier packaging/selinux-policy-trident/* version-vars
 	$(eval CARGO_REGISTRIES_BMP_PUBLICPACKAGES_TOKEN := $(shell az account get-access-token --query "join(' ', ['Bearer', accessToken])" --output tsv))
@@ -171,6 +186,26 @@ bin/trident-rpms-azl3.tar.gz: packaging/docker/Dockerfile.full packaging/systemd
 	@rm -rf bin/RPMS/
 	@tar xf $@ -C bin/
 
+# This will do a proper build on azl3, exactly as the pipelines would, with the custom registry and all.
+bin/trident-rpms-azl3-aarch64.tar.gz: packaging/docker/Dockerfile-aarch64.full packaging/systemd/*.service packaging/rpm/trident.spec artifacts/osmodifier-aarch64 packaging/selinux-policy-trident/* version-vars
+	$(eval CARGO_REGISTRIES_BMP_PUBLICPACKAGES_TOKEN := $(shell az account get-access-token --query "join(' ', ['Bearer', accessToken])" --output tsv))
+
+	@export CARGO_REGISTRIES_BMP_PUBLICPACKAGES_TOKEN="$(CARGO_REGISTRIES_BMP_PUBLICPACKAGES_TOKEN)" &&\
+		docker build -t trident/trident-build:latest \
+			--secret id=registry_token,env=CARGO_REGISTRIES_BMP_PUBLICPACKAGES_TOKEN \
+			--build-arg CARGO_REGISTRIES_FROM_ENV="true" \
+			--build-arg TRIDENT_VERSION="$(LOCAL_BUILD_TRIDENT_VERSION)" \
+			--build-arg RPM_VER="$(TRIDENT_CARGO_VERSION)" \
+			--build-arg RPM_REL="dev.$(GIT_COMMIT)" \
+			-f packaging/docker/Dockerfile-aarch64.full \
+			.
+	@mkdir -p bin/
+	@id=$$(docker create trident/trident-build:latest) && \
+	    docker cp -q $$id:/work/trident-rpms.tar.gz $@ || \
+	    docker rm -v $$id
+	@rm -rf bin/RPMS/
+	@tar xf $@ -C bin/
+
 # This one does a fast trick-build where we build locally and inject the binary into the container to add it to the RPM.
 bin/trident-rpms.tar.gz: packaging/docker/Dockerfile.azl3 packaging/systemd/*.service packaging/rpm/trident.spec artifacts/osmodifier bin/trident packaging/selinux-policy-trident/*
 	@docker build -t trident/trident-build:latest \
@@ -186,6 +221,22 @@ bin/trident-rpms.tar.gz: packaging/docker/Dockerfile.azl3 packaging/systemd/*.se
 	@rm -rf bin/RPMS/
 	@tar xf $@ -C bin/
 
+# This one does a fast trick-build where we build locally and inject the binary into the container to add it to the RPM.
+bin/trident-rpms-aarch64.tar.gz: packaging/docker/Dockerfile-aarch64.azl3 packaging/systemd/*.service packaging/rpm/trident.spec artifacts/osmodifier-aarch64 bin/trident-aarch64 packaging/selinux-policy-trident/*
+	@docker build -t trident/trident-build:latest \
+		--build-arg TRIDENT_VERSION="$(LOCAL_BUILD_TRIDENT_VERSION)" \
+		--build-arg RPM_VER="$(TRIDENT_CARGO_VERSION)" \
+		--build-arg RPM_REL="dev.$(GIT_COMMIT)" \
+		--platform linux/arm64 \
+		-f packaging/docker/Dockerfile-aarch64.azl3 \
+		.
+	@mkdir -p bin/
+	@id=$$(docker create trident/trident-build:latest) && \
+	    docker cp -q $$id:/work/trident-rpms.tar.gz $@ || \
+	    docker rm -v $$id
+	@rm -rf bin/RPMS-aarch64/
+	@tar xf $@ -C bin/
+
 STEAMBOAT_RPMS_DIR ?= ../steamboat/build/uki/out/RPMS
 
 .PHONY: copy-rpms-to-steamboat
@@ -433,10 +484,12 @@ bin/storm-trident: tools/cmd/storm-trident/main.go tools/storm/**/*
 
 .PHONY: validate
 validate: $(TRIDENT_CONFIG) bin/trident
-	@bin/trident validate $(TRIDENT_CONFIG)
+	bin/trident validate $(TRIDENT_CONFIG)
 
 NETLAUNCH_ISO ?= bin/trident-mos.iso
 
+tools/vm-netlaunch.yaml: virtdeploy-create
+
 input/netlaunch.yaml: tools/vm-netlaunch.yaml
 	@mkdir -p input
 	ln -vsf "$$(realpath "$<")" $@
@@ -482,6 +535,10 @@ run-netlaunch-container-images: \
 watch-virtdeploy:
 	@while true; do virsh console virtdeploy-vm-0; sleep 1; done
 
+.PHONY: virtdeploy-create
+virtdeploy-create:
+	tools/virt-deploy create -d 70
+
 # This target leverages the samples that are automatically generated as part of
 # the build-api-docs target. The HC sample is selected by setting the
 # HOST_CONFIG variable to the filename of the autogenerated sample (from
@@ -498,7 +555,7 @@ watch-virtdeploy:
 .PHONY: run-netlaunch-sample
 run-netlaunch-sample: build-api-docs
 	$(eval TMP := $(shell mktemp))
-	yq '.os.users += [{"name": "$(shell whoami)", "sshPublicKeys": ["$(shell cat ~/.ssh/id_rsa.pub)"], "sshMode": "key-only", "secondaryGroups": ["wheel"]}] | (.. | select(tag == "!!str")) |= sub("file:///trident_cdrom/data", "http://NETLAUNCH_HOST_ADDRESS/files") | del(.storage.encryption.recoveryKeyUrl) | (.storage.filesystems[] | select(has("source")) | .source).sha256 = "ignored" | .storage.verityFilesystems[].dataImage.sha256 = "ignored" | .storage.verityFilesystems[].hashImage.sha256 = "ignored"' docs/Reference/Host-Configuration/Samples/$(HOST_CONFIG) > $(TMP)
+	yq '.os.users += [{"name": "$(shell whoami)", "sshPublicKeys": ["$(shell cat ~/.ssh/id_rsa.pub)"], "sshMode": "key-only", "secondaryGroups": ["wheel"]}] | (.. | select(tag == "!!str")) |= sub("file:///trident_cdrom/data", "http://NETLAUNCH_HOST_ADDRESS/files") | del(.storage.encryption.recoveryKeyUrl) | (.storage.filesystems[] | select(has("source")) | .source).sha256 = "ignored"' docs/Reference/Host-Configuration/Samples/$(HOST_CONFIG) > $(TMP)
 	TRIDENT_CONFIG=$(TMP) make run-netlaunch
 
 # Downloads regular, verity, and container COSI images from the latest successful

crates/osutils/Cargo.toml

@@ -22,7 +22,7 @@ log = "0.4.22"
 netplan-types = "0.5.0"
 nix = { version = "0.29.0", default-features = false, features = ["fs"] }
 once_cell = "1.19"
-openssl = "0.10.72"
+openssl = { version = "0.10.72", features = ["vendored"] }
 serde = { version = "1.0.215", features = ["derive"] }
 serde_json = "1.0"
 serde_yaml = "0.9.34"

crates/trident/Cargo.toml

@@ -19,6 +19,7 @@ duct = "0.13.7"
 enumflags2 = { version = "0.7", features = ["serde"] }
 env_logger = "0.11.5"
 glob = "0.3.1"
+home = { version = "0.5.9", optional = true }
 lazy_static = "1.5.0"
 libc = "0.2.167"
 log = "0.4.22"
@@ -83,7 +84,11 @@ sha2 = "0.10.8"
 
 
 [features]
-dangerous-options = ["trident_api/dangerous-options", "docker_credential"]
+dangerous-options = [
+    "trident_api/dangerous-options",
+    "docker_credential",
+    "home",
+]
 sysupdate = ["trident_api/sysupdate"]
 functional-test = [
     "pytest",