podvm: use ORAS to pull cdh and asr and aa

The artifacts are being retrieved from guest-component's ORAS now. Hence
the rust build infrastructure can be removed with this change.

There are some notable changes:
- guest-component exposed the TEE_PLATFORM param on its top level build
  script, which we use to pull the correct artifact. Since we don't
  build attestation-agent directly anymore the ATTESTER param has been
  removed from the projects build scripts
- in versions.yaml kata and guest-components have been moved from the
  "git" section to the "oci" section, however since the tag is dynamic,
  we also provide a "reference" field in those entries.

Signed-off-by: Magnus Kulke <[email protected]>

.github/workflows/azure-podvm-image-build.yml

@@ -107,7 +107,7 @@ jobs:
 
     - name: Build binaries
       run: make binaries \
-        ATTESTER="az-snp-vtpm-attester,az-tdx-vtpm-attester" \
+        TEE_PLATFORM="az-cvm-vtpm" \
         LIBC=gnu
 
     - uses: azure/login@v1

.github/workflows/e2e_libvirt.yaml

@@ -51,12 +51,12 @@ jobs:
       - name: Read properties from versions.yaml
         run: |
           sudo snap install yq
-          echo "KBS_REPO=$(yq -e '.git.kbs.url' versions.yaml)" >> "$GITHUB_ENV"
-          echo "KBS_VERSION=$(yq -e '.git.kbs.reference' versions.yaml)" >> "$GITHUB_ENV"
-          echo "RUST_VERSION=$(yq -e '.tools.rust' versions.yaml)" >> "$GITHUB_ENV"
+          echo "KBS_CLIENT_REGISTRY=$(yq -e '.oci.kbs-client.registry' versions.yaml)" >> "$GITHUB_ENV"
+          echo "KBS_CLIENT_REF=$(yq -e '.oci.kbs-client.reference' versions.yaml)" >> "$GITHUB_ENV"
           go_version="$(yq '.tools.golang' versions.yaml)"
           [ -n "$go_version" ]
           echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV"
+          echo "ORAS_VERSION=$(yq -e '.tools.oras' versions.yaml)" >> "$GITHUB_ENV"
 
       - name: Setup Golang version ${{ env.GO_VERSION }}
         uses: actions/setup-go@v4
@@ -89,26 +89,14 @@ jobs:
           # For debugging
           cat libvirt.properties
 
-      - name: Install rust toolchain
-        uses: actions-rs/toolchain@v1
+      - uses: oras-project/setup-oras@v1
         with:
-          toolchain: ${{ env.RUST_VERSION }}
-          override: true
-          profile: minimal
+          version: ${{ env.ORAS_VERSION }}
 
-      - name: Checkout kbs Repository and build kbs-client
+      - name: Download kbs-client via ORAS
         run: |
-          sudo apt-get update -y
-          sudo apt-get install -y build-essential pkg-config libssl-dev
-          git clone "${KBS_REPO}" test/trustee
-          pushd test/trustee
-          git checkout "${KBS_VERSION}"
-          pushd kbs
-          make CLI_FEATURES=sample_only cli
-          popd
-          # For debugging
-          ls ./target/release
-          popd
+          oras pull "${KBS_CLIENT_REGISTRY}:sample_only-x86_64-linux-gnu-${KBS_CLIENT_REF}"
+          chmod +x ./kbs-client
 
       - name: run tests
         id: runTests

docs/Release-Process.md

@@ -17,7 +17,7 @@ version is picked) and [trustee releases](https://github.com/confidential-contai
     `externals.coco-guest-components.version`, `externals.coco-trustee` and the `image-rs` crate in the agent's
     [`Cargo.toml`](https://github.com/kata-containers/kata-containers/blob/main/src/agent/Cargo.toml).
     - At this point it makes sense for us to stay in sync, by updating the guest-components and kbs that we use in peer pods,
-    by changing the `git.guest-components.reference` and `git.kbs.tag` values in [versions.yaml](../src/cloud-api-adaptor/versions.yaml).
+    by changing the `oci.guest-components.reference`, `oci.kbs.tag` and `oci.kbs-client.reference` values in [versions.yaml](../src/cloud-api-adaptor/versions.yaml).
     We should also bump the kata agent to the latest commit
     hash in our [version.yaml](../src/cloud-api-adaptor/versions.yaml) for testing.
 1. Kata Containers [releases](https://github.com/kata-containers/kata-containers/releases)

src/cloud-api-adaptor/Makefile

@@ -7,18 +7,18 @@ include Makefile.defaults
 
 SHELL = bash -o pipefail
 
-ARCH        ?= $(subst x86_64,amd64,$(shell uname -m))
+ARCH         ?= $(subst x86_64,amd64,$(shell uname -m))
 # Default is dev build. To create release build set RELEASE_BUILD=true
 RELEASE_BUILD ?= false
 # CLOUD_PROVIDER is used for runtime -- which provider should be run against the binary/code.
 CLOUD_PROVIDER ?=
-GOOPTIONS   ?= GOOS=linux GOARCH=$(ARCH) CGO_ENABLED=0
-GOFLAGS     ?=
-BINARIES    := cloud-api-adaptor agent-protocol-forwarder process-user-data
-SOURCEDIRS  := ./cmd ./pkg
-PACKAGES    := $(shell go list $(addsuffix /...,$(SOURCEDIRS)))
-SOURCES     := $(shell find $(SOURCEDIRS) -name '*.go' -print)
-ATTESTER    ?= none
+GOOPTIONS    ?= GOOS=linux GOARCH=$(ARCH) CGO_ENABLED=0
+GOFLAGS      ?=
+BINARIES     := cloud-api-adaptor agent-protocol-forwarder process-user-data
+SOURCEDIRS   := ./cmd ./pkg
+PACKAGES     := $(shell go list $(addsuffix /...,$(SOURCEDIRS)))
+SOURCES      := $(shell find $(SOURCEDIRS) -name '*.go' -print)
+TEE_PLATFORM ?= none
 # End-to-end tests overall run timeout.
 TEST_E2E_TIMEOUT ?= 60m
 # To run a sub-set of tests, set an unanchored regex matching the test's name as in go's test -run option.
@@ -172,7 +172,6 @@ podvm-builder:
 	--build-arg ACTIVATION_KEY=$(ACTIVATION_KEY) \
 	--build-arg ARCH=$(ARCH) \
 	--build-arg PROTOC_VERSION=$(PROTOC_VERSION) \
-	--build-arg RUST_VERSION=$(RUST_VERSION) \
 	--build-arg YQ_VERSION=$(YQ_VERSION) \
 	--build-arg YQ_CHECKSUM=${YQ_CHECKSUM_$(ARCH)} \
 	--build-arg YQ_ARCH=$(ARCH) \
@@ -187,7 +186,7 @@ podvm-binaries:
 	--build-arg BUILDER_IMG=$(PODVM_BUILDER_IMAGE) \
 	--build-arg PODVM_DISTRO=$(PODVM_DISTRO) \
 	--build-arg ARCH=$(ARCH) \
-	--build-arg ATTESTER=$(ATTESTER) \
+	--build-arg TEE_PLATFORM=$(TEE_PLATFORM) \
 	--build-arg PAUSE_REPO=$(PAUSE_REPO) \
 	--build-arg PAUSE_VERSION=$(PAUSE_VERSION) \
 	--build-arg PAUSE_BIN=$(PAUSE_BIN) \

src/cloud-api-adaptor/Makefile.defaults

@@ -7,7 +7,9 @@ PAUSE_BIN ?= pause
 # stored in versions.yaml
 YQ_VERSION := v4.35.1
 YQ_CHECKSUM := "sha256:bd695a6513f1196aeda17b174a15e9c351843fb1cef5f9be0af170f2dd744f08"
-YQ_CHECKSUM_s390x:= "sha256:4e6324d08630e7df733894a11830412a43703682d65a76f1fc925aac08268a45"
+YQ_CHECKSUM_s390x := "sha256:4e6324d08630e7df733894a11830412a43703682d65a76f1fc925aac08268a45"
+# none,az-cvm-vtpm,tdx,se,cca
+TEE_PLATFORM ?= none
 
 VERSIONS_HASH := $(firstword $(shell sha256sum $(VERSIONS_SRC)))
 
@@ -30,18 +32,17 @@ rhel_s390x_IMAGE_CHECKSUM := $(call query,cloudimg.rhel.$(rhel_RELEASE).s390x.ch
 
 COCO_OPERATOR_REF := $(or $(COCO_OPERATOR_REF),$(call query,git.coco-operator.reference))
 COCO_OPERATOR_REPO := $(or $(COCO_OPERATOR_REPO),$(call query,git.coco-operator.url))
-KATA_SRC := $(or $(KATA_SRC),$(call query,git.kata-containers.url))
-KATA_SRC_REF := $(or $(KATA_SRC_REF),$(call query,git.kata-containers.reference))
+KATA_REGISTRY := $(or $(KATA_REGISTRY), $(call query,oci.kata-containers.registry))
+KATA_REF := $(or $(KATA_REF), $(call query,oci.kata-containers.reference))
 GO_VERSION := $(or $(GO_VERSION),$(call query,tools.golang))
 PROTOC_VERSION := $(or $(PROTOC_VERSION),$(call query,tools.protoc))
-RUST_VERSION := $(or $(RUST_VERSION),$(call query,tools.rust))
 ORAS_VERSION := $(or $(ORAS_VERSION),$(call query,tools.oras))
 SKOPEO_REPO := $(or $(SKOPEO_REPO),$(call query,git.skopeo.url))
 SKOPEO_VERSION := $(or $(SKOPEO_VERSION),$(call query,git.skopeo.reference))
 UMOCI_REPO := $(or $(UMOCI_REPO),$(call query,git.umoci.url))
 UMOCI_VERSION := $(or $(UMOCI_VERSION),$(call query,git.umoci.reference))
-GUEST_COMPONENTS_REPO := $(or $(GUEST_COMPONENTS_REPO),$(call query,git.guest-components.url))
-GUEST_COMPONENTS_VERSION := $(or $(GUEST_COMPONENTS_VERSION),$(call query,git.guest-components.reference))
+GUEST_COMPONENTS_REGISTRY := $(or $(GUEST_COMPONENTS_REGISTRY), $(call query,oci.guest-components.registry))
+GUEST_COMPONENTS_REF := $(or $(GUEST_COMPONENTS_REF),$(call query,oci.guest-components.reference))
 PAUSE_REPO :=  $(or $(PAUSE_REPO),$(call query,oci.pause.registry))
 PAUSE_VERSION := $(or $(PAUSE_VERSION),$(call query,oci.pause.tag))
 PACKER_VERSION := $(or $(PACKER_VERSION),$(call query,tools.packer))

src/cloud-api-adaptor/azure/build-image.md

@@ -92,7 +92,6 @@ sudo apt install \
 
 - Install `yq` by following instructions [here](https://mikefarah.gitbook.io/yq/#install).
 - Install Golang by following instructions [here](https://go.dev/doc/install).
-- Install Rust (`cargo`) by following instructions [here](https://www.rust-lang.org/tools/install).
 - Install packer by following [these instructions](https://learn.hashicorp.com/tutorials/packer/get-started-install-cli).
 
 **Build**
@@ -110,7 +109,7 @@ export PKR_VAR_az_gallery_image_version="0.0.1"
 export PKR_VAR_offer=0001-com-ubuntu-confidential-vm-jammy
 export PKR_VAR_sku=22_04-lts-cvm
 
-export ATTESTER="az-snp-vtpm-attester,az-tdx-vtpm-attester"
+export TEE_PLATFORM="az-cvm-vtpm"
 export LIBC=gnu
 export CLOUD_PROVIDER=azure
 PODVM_DISTRO=ubuntu make image

src/cloud-api-adaptor/ibmcloud-powervs/image/prereq.sh

@@ -2,7 +2,6 @@
 
 # FIXME to pickup these values from versions.yaml
 GO_VERSION="1.22.7"
-RUST_VERSION="1.75.0"
 
 # Install dependencies
 yum install -y curl libseccomp-devel openssl openssl-devel skopeo clang clang-devel
@@ -17,7 +16,3 @@ yum install -y device-mapper-devel-1.02.197-2.el9.ppc64le.rpm
 curl https://dl.google.com/go/go${GO_VERSION}.linux-ppc64le.tar.gz -o go${GO_VERSION}.linux-ppc64le.tar.gz && \
 rm -rf /usr/local/go && tar -C /usr/local -xzf go${GO_VERSION}.linux-ppc64le.tar.gz && \
 rm -f go${GO_VERSION}.linux-ppc64le.tar.gz
-
-# Install Rust
-curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST_VERSION}
-rustup target add powerpc64le-unknown-linux-gnu

src/cloud-api-adaptor/podvm-mkosi/Makefile

@@ -1,10 +1,10 @@
 include ../Makefile.defaults
 
-ATTESTER  ?= none
-ARCH      ?= $(subst x86_64,amd64,$(shell uname -m))
-BUILDER   = fedora-binaries-builder-$(ARCH)
-SE_BOOT   ?= false
-IS_DEBIAN := $(shell if grep -q 'ID_LIKE=debian' /etc/os-release; then echo "true"; else echo "false"; fi)
+TEE_PLATFORM ?= none
+ARCH         ?= $(subst x86_64,amd64,$(shell uname -m))
+BUILDER      = fedora-binaries-builder-$(ARCH)
+SE_BOOT      ?= false
+IS_DEBIAN    := $(shell if grep -q 'ID_LIKE=debian' /etc/os-release; then echo "true"; else echo "false"; fi)
 
 REGISTRY ?= quay.io/confidential-containers
 PODVM_DISTRO ?= fedora
@@ -34,7 +34,6 @@ fedora-binaries-builder:
 		--build-arg GO_VERSION=$(GO_VERSION) \
 		--build-arg ARCH=$(ARCH) \
 		--build-arg PROTOC_VERSION=$(PROTOC_VERSION) \
-		--build-arg RUST_VERSION=$(RUST_VERSION) \
 		--build-arg YQ_VERSION=$(YQ_VERSION) \
 		--build-arg YQ_CHECKSUM=$(YQ_CHECKSUM) \
 		--build-arg YQ_ARCH=$(ARCH) \
@@ -52,7 +51,7 @@ ifeq ($(IS_DEBIAN),true)
 endif
 	docker buildx build \
 		--build-arg BUILDER_IMG=$(BUILDER) \
-		--build-arg ATTESTER=$(ATTESTER) \
+		--build-arg TEE_PLATFORM=$(TEE_PLATFORM) \
 		--build-arg PAUSE_REPO=$(PAUSE_REPO) \
 		--build-arg PAUSE_VERSION=$(PAUSE_VERSION) \
 		--build-arg PAUSE_BIN=$(PAUSE_BIN) \

src/cloud-api-adaptor/podvm-mkosi/README.md

@@ -93,7 +93,7 @@ Another issue is s390x does not support UEFI. Instead, we can first use **mkosi*
 It requires a **s390x host** to build s390x image with make commands:
 ```
 make fedora-binaries-builder
-ATTESTER=se-attester make binaries
+TEE_PLATFORM=se-attester make binaries
 make image
 # SE_BOOT=true make image
 # make image-debug

src/cloud-api-adaptor/podvm/Dockerfile.podvm

@@ -52,8 +52,6 @@ RUN tar xvf /src/cloud-api-adaptor/podvm/files/pause-bundle.tar.gz -C /src/cloud
 COPY . /src
 
 WORKDIR /src/cloud-api-adaptor/podvm
-# Installs add-ons for foreign target, if required
-RUN ./hack/cross-build-extras.sh
 
 # Will rebuild only the local binaries (agent-protocol-forwarder/process-user-data)
 # To rebuild everything update to "make FORCE=true image"

src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries

@@ -14,7 +14,7 @@ ARG GUEST_COMPONENTS_VERSION
 ARG GUEST_COMPONENTS_REPO
 # By default AA will be built with the `all-attesters` feature,
 # which doesn't compile ootb on ubuntu.
-ARG ATTESTER=none
+ARG TEE_PLATFORM=none
 # If not provided, uses system architecture
 ARG ARCH
 #This is the name of the policy file under
@@ -33,7 +33,7 @@ ENV CLOUD_PROVIDER=${CLOUD_PROVIDER}
 ENV PODVM_DISTRO=${PODVM_DISTRO}
 ENV GUEST_COMPONENTS_VERSION=${GUEST_COMPONENTS_VERSION}
 ENV GUEST_COMPONENTS_REPO=${GUEST_COMPONENTS_REPO}
-ENV ATTESTER=${ATTESTER}
+ENV TEE_PLATFORM=${TEE_PLATFORM}
 ENV ARCH=${ARCH}
 ENV DEFAULT_AGENT_POLICY_FILE=${DEFAULT_AGENT_POLICY_FILE}
 
@@ -44,8 +44,6 @@ ENV IMAGE_CHECKSUM="none"
 COPY . /src
 
 WORKDIR /src/cloud-api-adaptor/podvm
-# Installs add-ons for foreign target, if required
-RUN ./hack/cross-build-extras.sh
 
 RUN LIBC=gnu make binaries
 

src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.fedora

@@ -14,7 +14,7 @@ ARG GUEST_COMPONENTS_VERSION
 ARG GUEST_COMPONENTS_REPO
 # By default AA will be built with the `all-attesters` feature,
 # which doesn't compile on fedora.
-ARG ATTESTER=none
+ARG TEE_PLATFORM=none
 # If not provided, uses system architecture
 ARG ARCH
 #This is the name of the policy file under
@@ -34,7 +34,7 @@ ENV CLOUD_PROVIDER=${CLOUD_PROVIDER}
 ENV PODVM_DISTRO=${PODVM_DISTRO}
 ENV GUEST_COMPONENTS_VERSION=${GUEST_COMPONENTS_VERSION}
 ENV GUEST_COMPONENTS_REPO=${GUEST_COMPONENTS_REPO}
-ENV ATTESTER=${ATTESTER}
+ENV TEE_PLATFORM=${TEE_PLATFORM}
 ENV ARCH=${ARCH}
 ENV DEFAULT_AGENT_POLICY_FILE=${DEFAULT_AGENT_POLICY_FILE}
 ENV IMAGE_NAME=${IMAGE_NAME}

src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.rhel

@@ -11,7 +11,7 @@ FROM ${BUILDER_IMG} AS podvm_builder
 ARG PODVM_DISTRO=rhel
 # By default AA will be built with the `all-attesters` feature,
 # which doesn't compile ootb on RHEL.
-ARG ATTESTER=none
+ARG TEE_PLATFORM=none
 # If not provided, uses system architecture
 ARG ARCH
 #This is the name of the policy file under
@@ -27,7 +27,7 @@ ENV PAUSE_REPO=${PAUSE_REPO}
 ENV PAUSE_VERSION=${PAUSE_VERSION}
 ENV PAUSE_BIN=${PAUSE_BIN}
 ENV PODVM_DISTRO=${PODVM_DISTRO}
-ENV ATTESTER=${ATTESTER}
+ENV TEE_PLATFORM=${TEE_PLATFORM}
 ENV ARCH=${ARCH}
 ENV DEFAULT_AGENT_POLICY_FILE=${DEFAULT_AGENT_POLICY_FILE}
 

src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder

@@ -14,13 +14,11 @@ ARG YQ_ARCH="amd64"
 ARG PROTOC_ARCH="x86_64"
 ARG GO_VERSION
 ARG PROTOC_VERSION
-ARG RUST_VERSION
 ARG YQ_VERSION
 ARG YQ_CHECKSUM
 ARG ORAS_VERSION
 # Without setting ENV gh-action is failing to use the correct values
 ENV GO_VERSION=${GO_VERSION}
-ENV RUST_VERSION=${RUST_VERSION}
 ENV PROTOC_VERSION=${PROTOC_VERSION}
 ENV ARCH=${ARCH}
 ENV YQ_ARCH=${YQ_ARCH}
@@ -48,11 +46,7 @@ ADD https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${Y
 RUN echo "${YQ_CHECKSUM#sha256:} /usr/local/bin/yq" | sha256sum -c
 RUN chmod a+x /usr/local/bin/yq
 
-ENV PATH="/root/.cargo/bin:/usr/local/go/bin:$PATH"
-
-ADD https://sh.rustup.rs rustup
-RUN chmod a+x rustup && ./rustup -y --default-toolchain ${RUST_VERSION} \
-    && rustup target add x86_64-unknown-linux-musl && ln -sf /usr/bin/g++ /bin/musl-g++
+ENV PATH="/usr/local/go/bin:$PATH"
 
 ADD https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip protoc-${PROTOC_VERSION}-linux-x86_64.zip
 RUN unzip protoc-${PROTOC_VERSION}-linux-x86_64.zip -d /usr/local && rm -f protoc-${PROTOC_VERSION}-linux-x86_64.zip

src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder.fedora

@@ -13,7 +13,6 @@ ARG YQ_ARCH="amd64"
 ARG PROTOC_ARCH="x86_64"
 ARG GO_VERSION
 ARG PROTOC_VERSION
-ARG RUST_VERSION
 ARG YQ_VERSION
 ARG YQ_CHECKSUM
 ARG ORAS_VERSION
@@ -32,10 +31,7 @@ ADD https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${Y
 RUN echo "${YQ_CHECKSUM#sha256:} /usr/local/bin/yq" | sha256sum -c
 RUN chmod a+x /usr/local/bin/yq
 
-ENV PATH="/root/.cargo/bin:/usr/local/go/bin:$PATH"
-
-ADD https://sh.rustup.rs rustup
-RUN chmod a+x rustup && ./rustup -y --default-toolchain ${RUST_VERSION}
+ENV PATH="/usr/local/go/bin:$PATH"
 
 ADD https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip
 RUN unzip protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip -d /usr/local && rm -f protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip

src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder.rhel

@@ -14,7 +14,6 @@ ARG YQ_ARCH="amd64"
 ARG PROTOC_ARCH="x86_64"
 ARG GO_VERSION
 ARG PROTOC_VERSION
-ARG RUST_VERSION
 ARG PACKER_VERSION
 ARG ORAS_VERSION
 ARG YQ_VERSION
@@ -24,7 +23,6 @@ ARG ACTIVATION_KEY
 
 # Without setting ENV gh-action is failing to use the correct values
 ENV GO_VERSION=${GO_VERSION}
-ENV RUST_VERSION=${RUST_VERSION}
 ENV PROTOC_VERSION=${PROTOC_VERSION}
 ENV PROTOC_ARCH=${PROTOC_ARCH}
 ENV ARCH=${ARCH}
@@ -74,9 +72,7 @@ RUN ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-system-$(uname -m)
 RUN git clone https://github.com/canonical/cloud-utils
 RUN cd cloud-utils && make install
 
-RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain "${RUST_VERSION}"
-
-ENV PATH="/root/.cargo/bin:/usr/local/go/bin:$PATH"
+ENV PATH="/usr/local/go/bin:$PATH"
 
 RUN wget https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip && \
     unzip protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip -d /usr/local && rm -f protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip

src/cloud-api-adaptor/podvm/Makefile

@@ -20,8 +20,6 @@ ifndef IMAGE_CHECKSUM
 $(error "IMAGE_CHECKSUM is not defined")
 endif
 
-KATA_AGENT_SRC := ../../kata-containers/src/agent
-STATIC_LIBSECCOMP_BUILDER := ../../kata-containers/ci/install_libseccomp.sh
 AGENT_PROTOCOL_FORWARDER_SRC := ../
 
 QEMU_MACHINE_TYPE_s390x := s390-ccw-virtio