From ff7d73a62110f12fe14da36042ede26e08a0f80a Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 21 Nov 2025 21:30:01 +0000 Subject: [PATCH 01/43] gcp deployt --- yocto/image/build.py | 3 +-- yocto/utils/artifact.py | 44 +++++++++++++++++++++++++++++++++++++---- yocto/utils/metadata.py | 14 +++++++++---- yocto/utils/paths.py | 14 ++++++------- 4 files changed, 58 insertions(+), 17 deletions(-) diff --git a/yocto/image/build.py b/yocto/image/build.py index 20eebfc7..3afd7c77 100644 --- a/yocto/image/build.py +++ b/yocto/image/build.py @@ -5,6 +5,7 @@ from pathlib import Path from yocto.config import BuildConfigs, Configs +from yocto.cloud.cloud_config import CloudProvider from yocto.image.git import GitConfigs, update_git_mkosi_batch from yocto.image.measurements import Measurements, generate_measurements from yocto.utils.artifact import artifact_timestamp @@ -75,8 +76,6 @@ def build_image( raise RuntimeError(f"Image build failed: {err}") # Find the latest built image based on profile - from yocto.cloud.cloud_config import CloudProvider - if profile == "azure": cloud = CloudProvider.AZURE elif profile == "gcp": diff --git a/yocto/utils/artifact.py b/yocto/utils/artifact.py index 9150e87d..49a486b2 100644 --- a/yocto/utils/artifact.py +++ b/yocto/utils/artifact.py @@ -3,6 +3,7 @@ import logging import os import re +from pathlib import Path from yocto.utils.metadata import load_metadata, remove_artifact_from_metadata from yocto.utils.paths import BuildPaths @@ -49,7 +50,7 @@ def _artifact_from_timestamp( ) -> str | None: """Find artifact file by timestamp. - Searches the artifacts directory for files matching the timestamp. + Searches the artifacts directory (including subdirectories) for files matching the timestamp. Returns the filename if found, or constructs a legacy name as fallback. Args: @@ -62,8 +63,8 @@ def _artifact_from_timestamp( """ artifacts_path = BuildPaths(home).artifacts - # Search for any file with this timestamp - matches = list(glob.glob(f"{artifacts_path}/*{timestamp}*")) + # Search for any file with this timestamp in all subdirectories + matches = list(glob.glob(f"{artifacts_path}/**/*{timestamp}*", recursive=True)) if matches: # Filter by dev preference if dev: @@ -116,6 +117,40 @@ def expect_artifact(artifact_arg: str, home: str, dev: bool = False) -> str: return artifact +def get_artifact_path(artifact: str, home: str) -> Path: + """Get the full path to an artifact file. + + Args: + artifact: Artifact filename (e.g., "seismic-azure-20251121.vhd") + home: Home directory path + + Returns: + Full path to the artifact file + + Raises: + FileNotFoundError: If the artifact file doesn't exist + """ + artifacts_base = BuildPaths(home).artifacts + + # Determine subdirectory from artifact filename + if "-azure-" in artifact: + artifact_path = artifacts_base / "azure" / artifact + elif "-gcp-" in artifact: + artifact_path = artifacts_base / "gcp" / artifact + elif "-baremetal-" in artifact: + artifact_path = artifacts_base / "baremetal" / artifact + else: + raise ValueError( + f"Cannot determine cloud provider from artifact name: {artifact}. " + "Expected format: seismic-[azure|gcp|baremetal]-YYYYMMDDHHMMSS." + ) + + if not artifact_path.exists(): + raise FileNotFoundError(f"Artifact not found: {artifact_path}") + + return artifact_path + + def delete_artifact(artifact: str, home: str): resources = load_metadata(home).get("resources", {}) @@ -141,7 +176,8 @@ def delete_artifact(artifact: str, home: str): timestamp = _extract_timestamp(artifact) artifacts_path = BuildPaths(home).artifacts files_deleted = 0 - for filepath in glob.glob(f"{artifacts_path}/*{timestamp}*"): + # Search in all subdirectories + for filepath in glob.glob(f"{artifacts_path}/**/*{timestamp}*", recursive=True): os.remove(filepath) files_deleted += 1 diff --git a/yocto/utils/metadata.py b/yocto/utils/metadata.py index 67874b06..2c9ac867 100644 --- a/yocto/utils/metadata.py +++ b/yocto/utils/metadata.py @@ -51,18 +51,24 @@ def remove_artifact_from_metadata(name: str, home: str): def load_artifact_measurements( artifact: str, home: str ) -> tuple[Path, "Measurements"]: + from yocto.utils.artifact import get_artifact_path + artifacts = load_metadata(home).get("artifacts", {}) if artifact not in artifacts: metadata_path = BuildPaths(home).deploy_metadata msg = f"Could not find artifact {artifact} in {metadata_path}" raise ValueError(msg) - image_path = BuildPaths(home).artifacts / artifact - artifact = artifacts[artifact] - if not image_path.exists(): + + # Use get_artifact_path to handle subdirectory structure + try: + image_path = get_artifact_path(artifact, home) + except FileNotFoundError as e: raise FileNotFoundError( f"Artifact {artifact} is defined in the deploy metadata, " "but the corresponding file was not found on the machine" - ) + ) from e + + artifact = artifacts[artifact] return image_path, artifact["image"] diff --git a/yocto/utils/paths.py b/yocto/utils/paths.py index c5f762ca..5ea59da6 100644 --- a/yocto/utils/paths.py +++ b/yocto/utils/paths.py @@ -31,22 +31,22 @@ def artifact_pattern(cloud: "CloudProvider", dev: bool = False) -> str: dev: Whether this is a dev build Returns: - Glob pattern like "seismic-dev-azure-*.vhd" or "seismic-gcp-*.tar.gz" + Glob pattern like "azure/seismic-dev-azure-*.vhd" or "gcp/seismic-gcp-*.tar.gz" """ prefix = "seismic-dev" if dev else "seismic" if cloud == CloudProvider.AZURE: - # Dev builds include devtools profile, resulting in comma-separated profiles - # e.g., seismic-dev-azure,devtools-timestamp.vhd or seismic-azure-timestamp.vhd - return f"{prefix}-azure*-*.vhd" + # Dev builds use "seismic-dev" prefix + # e.g., azure/seismic-dev-azure-timestamp.vhd or azure/seismic-azure-timestamp.vhd + return f"azure/{prefix}-azure-*.vhd" elif cloud == CloudProvider.GCP: - return f"{prefix}-gcp*-*.tar.gz" + return f"gcp/{prefix}-gcp-*.tar.gz" elif cloud == CloudProvider.OVH: # OVH uses baremetal profile (no PROFILE in build) - return f"{prefix}-baremetal-*.efi" + return f"baremetal/{prefix}-baremetal-*.efi" else: # Bare metal or unknown - return f"{prefix}-baremetal-*.efi" + return f"baremetal/{prefix}-baremetal-*.efi" @staticmethod def artifact_prefix() -> str: From 234e8fa648e1e453d597b806c9996dc02b786e35 Mon Sep 17 00:00:00 2001 From: cdrappi Date: Fri, 21 Nov 2025 16:32:33 -0500 Subject: [PATCH 02/43] hm --- yocto/cloud/azure/api.py | 6 +++--- yocto/cloud/gcp/api.py | 3 +-- yocto/deployment/validators.py | 3 +-- yocto/genesis_deploy.py | 8 ++++---- yocto/image/build.py | 2 +- yocto/image/git.py | 2 +- yocto/image/measurements.py | 3 +-- yocto/utils/summit_client.py | 4 ++-- 8 files changed, 14 insertions(+), 17 deletions(-) diff --git a/yocto/cloud/azure/api.py b/yocto/cloud/azure/api.py index 50199bb3..939f7fde 100644 --- a/yocto/cloud/azure/api.py +++ b/yocto/cloud/azure/api.py @@ -18,12 +18,12 @@ from yocto.cloud.cloud_api import CloudApi from yocto.cloud.cloud_config import CloudProvider from yocto.cloud.cloud_parser import confirm -from yocto.config import DeployConfigs, VmConfigs +from yocto.config import DeployConfigs logger = logging.getLogger(__name__) OPEN_PORTS = [ - 22, # ssh + 22, # ssh 80, # http 443, # https 7878, # enclave @@ -461,7 +461,7 @@ def add_nsg_rule( source, ] cls.run_command(cmd, show_logs=config.show_logs) - + @staticmethod def get_nsg_rules(cls, config: DeployConfigs) -> list[str]: tcp_rules = [ diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index 93a28c07..26decba5 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -14,12 +14,11 @@ from google.cloud import compute_v1, resourcemanager_v3, storage -from yocto.cloud.azure.api import AzureApi, OPEN_PORTS +from yocto.cloud.azure.api import AzureApi from yocto.cloud.cloud_api import CloudApi from yocto.cloud.cloud_config import CloudProvider from yocto.cloud.cloud_parser import confirm from yocto.cloud.gcp.defaults import ( - CONSENSUS_PORT, DEFAULT_DISK_TYPE, DEFAULT_NETWORK_TIER, DEFAULT_NIC_TYPE, diff --git a/yocto/deployment/validators.py b/yocto/deployment/validators.py index d2f4df98..cce9f87d 100644 --- a/yocto/deployment/validators.py +++ b/yocto/deployment/validators.py @@ -10,7 +10,6 @@ from yocto.utils.metadata import load_metadata from yocto.utils.summit_client import SummitClient - _ANVIL_ADDRESSES = [ "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266", "0x70997970C51812dc3A010C7d01b50e0d17dc79C8", @@ -113,7 +112,7 @@ def main(): if args.node: node_numbers = args.node elif args.nodes == 0: - raise ValueError(f'Must provide --node or --nodes ') + raise ValueError('Must provide --node or --nodes ') else: node_numbers = list(range(1, args.nodes + 1)) diff --git a/yocto/genesis_deploy.py b/yocto/genesis_deploy.py index 7a9e6ebb..36ce7ccd 100755 --- a/yocto/genesis_deploy.py +++ b/yocto/genesis_deploy.py @@ -164,15 +164,15 @@ def deploy_genesis_vm(args: DeploymentConfig) -> None: print(f"IP Address: {ip_address}") print(f"Domain: {deploy_cfg.domain.record}.{deploy_cfg.domain.name}") print("\nNext steps:") - print(f"1. Register SSH key and domain config (port 8080):") + print("1. Register SSH key and domain config (port 8080):") print(f" curl -X POST http://{ip_address}:8080 -H 'Content-Type: application/json' -d '{payload_json}'") - print(f"\n2. Nginx with SSL will automatically set up after initialization") - print(f" Endpoints will be available at:") + print("\n2. Nginx with SSL will automatically set up after initialization") + print(" Endpoints will be available at:") print(f" https://{deploy_cfg.domain.record}.{deploy_cfg.domain.name}/rpc") print(f" https://{deploy_cfg.domain.record}.{deploy_cfg.domain.name}/ws") print(f" https://{deploy_cfg.domain.record}.{deploy_cfg.domain.name}/summit") if args.dev: - print(f"\n3. SSH access uses dropbear (from bob-common) on port 22") + print("\n3. SSH access uses dropbear (from bob-common) on port 22") print(" NOTE: Seismic uses bob-common's SSH setup:") print(" - Production: key-only auth, no root, no password") print("\n ⚠️ DEV MODE - SSH Root Access Enabled:") diff --git a/yocto/image/build.py b/yocto/image/build.py index 3afd7c77..ac815ff0 100644 --- a/yocto/image/build.py +++ b/yocto/image/build.py @@ -4,8 +4,8 @@ from dataclasses import dataclass from pathlib import Path -from yocto.config import BuildConfigs, Configs from yocto.cloud.cloud_config import CloudProvider +from yocto.config import BuildConfigs, Configs from yocto.image.git import GitConfigs, update_git_mkosi_batch from yocto.image.measurements import Measurements, generate_measurements from yocto.utils.artifact import artifact_timestamp diff --git a/yocto/image/git.py b/yocto/image/git.py index 8e9830f9..de72c03e 100644 --- a/yocto/image/git.py +++ b/yocto/image/git.py @@ -263,7 +263,7 @@ def update_git_mkosi_batch( logger.info("All packages updated in file") # Stage the file - run_command(f"git add seismic/mkosi.build", cwd=paths.flashbots_images) + run_command("git add seismic/mkosi.build", cwd=paths.flashbots_images) # Check if there are changes to commit status_result = run_command( diff --git a/yocto/image/measurements.py b/yocto/image/measurements.py index 7b4865af..e053fd3a 100644 --- a/yocto/image/measurements.py +++ b/yocto/image/measurements.py @@ -1,6 +1,5 @@ import json import logging -import os import subprocess import tempfile from pathlib import Path @@ -93,5 +92,5 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: "measurements": raw_measurements.get("measurements", raw_measurements), } - logger.info(f"Measurements generated successfully") + logger.info("Measurements generated successfully") return measurements diff --git a/yocto/utils/summit_client.py b/yocto/utils/summit_client.py index 269290f5..8f1e481e 100644 --- a/yocto/utils/summit_client.py +++ b/yocto/utils/summit_client.py @@ -1,10 +1,10 @@ import logging import tomllib +from dataclasses import dataclass from pathlib import Path from typing import Any import requests -from dataclasses import dataclass logger = logging.getLogger(__name__) @@ -25,7 +25,7 @@ def _get(self, path: str) -> str: response = requests.get(f"{self.url}/{path}") response.raise_for_status() return response.text - + def _get_json(self, path: str) -> str: response = requests.get(f"{self.url}/{path}") response.raise_for_status() From a2f1a15ed8fc79fe2fe5ccfaf66ecd5703fc1c30 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 21 Nov 2025 21:49:50 +0000 Subject: [PATCH 03/43] errors' gi --- yocto/cloud/azure/api.py | 11 +++++-- yocto/cloud/cloud_parser.py | 5 +++- yocto/config/mode.py | 3 +- yocto/deployment/deploy.py | 4 +-- yocto/deployment/deploy_bob.py | 12 ++++++-- yocto/deployment/validators.py | 9 ++++-- yocto/genesis_deploy.py | 10 +++++-- yocto/image/build.py | 13 ++++++-- yocto/image/git.py | 54 +++++++++++++++++++++++----------- yocto/image/measurements.py | 23 +++++++++------ yocto/utils/artifact.py | 32 +++++++++++++------- yocto/utils/parser.py | 5 +++- yocto/utils/paths.py | 6 ++-- 13 files changed, 130 insertions(+), 57 deletions(-) diff --git a/yocto/cloud/azure/api.py b/yocto/cloud/azure/api.py index 939f7fde..02adedeb 100644 --- a/yocto/cloud/azure/api.py +++ b/yocto/cloud/azure/api.py @@ -465,8 +465,15 @@ def add_nsg_rule( @staticmethod def get_nsg_rules(cls, config: DeployConfigs) -> list[str]: tcp_rules = [ - (f"Allow {port}", f"{103+i}", f"{port}", "tcp", "*", f"TCP {port} rule") - for port in OPEN_PORTS + ( + f"Allow {port}", + f"{103+i}", + f"{port}", + "tcp", + "*", + f"TCP {port} rule", + ) + for i, port in enumerate(OPEN_PORTS) ] return [ # NOTE: allowing SSH from anywhere; diff --git a/yocto/cloud/cloud_parser.py b/yocto/cloud/cloud_parser.py index 61784616..8279f682 100644 --- a/yocto/cloud/cloud_parser.py +++ b/yocto/cloud/cloud_parser.py @@ -49,7 +49,10 @@ def create_cloud_parser(description: str) -> argparse.ArgumentParser: type=str, choices=["azure", "gcp", "ovh"], required=False, - help="Cloud provider to use (azure, gcp, or ovh). Required for deployment, optional for build.", + help=( + "Cloud provider to use (azure, gcp, or ovh). " + "Required for deployment, optional for build." + ), ) # Region/Zone (optional, defaults based on cloud) diff --git a/yocto/config/mode.py b/yocto/config/mode.py index 083f8ad3..85c8219b 100644 --- a/yocto/config/mode.py +++ b/yocto/config/mode.py @@ -15,7 +15,8 @@ class Mode: @staticmethod def from_args(args: argparse.Namespace, home: str) -> "Mode": - # For delete_artifact, use dev flag if available (e.g., when deleting by timestamp) + # For delete_artifact, use dev flag if available + # (e.g., when deleting by timestamp) dev = getattr(args, "dev", False) mode = Mode( build=args.build, diff --git a/yocto/deployment/deploy.py b/yocto/deployment/deploy.py index 77215a27..531650b5 100644 --- a/yocto/deployment/deploy.py +++ b/yocto/deployment/deploy.py @@ -26,11 +26,9 @@ def delete_vm(vm_name: str, home: str) -> bool: # Search for VM in all clouds meta = None - cloud_str = None - for cloud_key, cloud_resources in resources.items(): + for _, cloud_resources in resources.items(): if vm_name in cloud_resources: meta = cloud_resources[vm_name] - cloud_str = cloud_key break if not meta: diff --git a/yocto/deployment/deploy_bob.py b/yocto/deployment/deploy_bob.py index f39a8380..219f4e9c 100755 --- a/yocto/deployment/deploy_bob.py +++ b/yocto/deployment/deploy_bob.py @@ -250,7 +250,10 @@ def print_next_steps( logger.info("\n⚠️ DEV MODE - SSH Access Enabled:") logger.info(f" ssh root@{ip_address}") logger.info(" Password: dqSPjo4p") - logger.info("\n Note: This is a development image with debugging tools enabled.") + logger.info( + "\n Note: This is a development image with debugging " + "tools enabled." + ) logger.info("\nNext Steps:") logger.info( @@ -386,10 +389,13 @@ def main(): ip_address = deploy_bob_vm(config, vhd_path, args.data_disk_size) - # Check if this is a dev build by looking for "-dev-" in the artifact name + # Check if this is a dev build by looking for "-dev-" in the + # artifact name is_dev = "-dev-" in args.artifact - print_next_steps(config.vm_name, ip_address, config.resource_group, is_dev) + print_next_steps( + config.vm_name, ip_address, config.resource_group, is_dev + ) except Exception as e: logger.error(f"Deployment failed: {e}") diff --git a/yocto/deployment/validators.py b/yocto/deployment/validators.py index cce9f87d..3ed4bdeb 100644 --- a/yocto/deployment/validators.py +++ b/yocto/deployment/validators.py @@ -45,7 +45,10 @@ def _parse_args() -> argparse.Namespace: "--node", nargs="*", type=int, - help="Specific node numbers (e.g., --node 23 24 25). Overrides -n/--nodes if provided.", + help=( + "Specific node numbers (e.g., --node 23 24 25). " + "Overrides -n/--nodes if provided." + ), ) parser.add_argument( "--code-path", @@ -94,7 +97,9 @@ def _get_pubkeys( "node_public_key": pubkeys.node, "consensus_public_key": pubkeys.consensus, "ip_address": f"{ip_address}:{CONSENSUS_PORT}", - "withdrawal_credentials": _ANVIL_ADDRESSES[i % len(_ANVIL_ADDRESSES)], + "withdrawal_credentials": _ANVIL_ADDRESSES[ + i % len(_ANVIL_ADDRESSES) + ], } ) node_to_pubkey[node] = pubkeys.node diff --git a/yocto/genesis_deploy.py b/yocto/genesis_deploy.py index 36ce7ccd..dae46fb7 100755 --- a/yocto/genesis_deploy.py +++ b/yocto/genesis_deploy.py @@ -165,7 +165,10 @@ def deploy_genesis_vm(args: DeploymentConfig) -> None: print(f"Domain: {deploy_cfg.domain.record}.{deploy_cfg.domain.name}") print("\nNext steps:") print("1. Register SSH key and domain config (port 8080):") - print(f" curl -X POST http://{ip_address}:8080 -H 'Content-Type: application/json' -d '{payload_json}'") + print( + f" curl -X POST http://{ip_address}:8080 " + f"-H 'Content-Type: application/json' -d '{payload_json}'" + ) print("\n2. Nginx with SSL will automatically set up after initialization") print(" Endpoints will be available at:") print(f" https://{deploy_cfg.domain.record}.{deploy_cfg.domain.name}/rpc") @@ -202,7 +205,10 @@ def parse_genesis_args(): parser.add_argument( "--name", type=str, - help="Manual VM name override (default: cloud-specific prefix + node number)", + help=( + "Manual VM name override " + "(default: cloud-specific prefix + node number)" + ), ) parser.add_argument( "--peers", diff --git a/yocto/image/build.py b/yocto/image/build.py index ac815ff0..9928f99b 100644 --- a/yocto/image/build.py +++ b/yocto/image/build.py @@ -35,7 +35,8 @@ def build_image( Args: home: Home directory path image_name: Image name (default: "seismic") - profile: Build profile - "azure", "gcp", or None for baremetal/no profile + profile: Build profile - "azure", "gcp", or None for + baremetal/no profile dev: Whether to build dev version capture_output: Whether to capture build output @@ -85,7 +86,11 @@ def build_image( else: cloud = None # Bare metal - artifact_pattern = BuildPaths.artifact_pattern(cloud, dev) if cloud else f"{image_name}-*.efi" + artifact_pattern = ( + BuildPaths.artifact_pattern(cloud, dev) + if cloud + else f"{image_name}-*.efi" + ) find_cmd = f""" find {BuildPaths(home).artifacts} \ @@ -103,7 +108,9 @@ def build_image( image_path_str = find_result.stdout.strip() if not image_path_str: - raise FileNotFoundError(f"No image file found matching: {artifact_pattern}") + raise FileNotFoundError( + f"No image file found matching: {artifact_pattern}" + ) ts = artifact_timestamp(image_path_str) if ( diff --git a/yocto/image/git.py b/yocto/image/git.py index de72c03e..d9de33fd 100644 --- a/yocto/image/git.py +++ b/yocto/image/git.py @@ -100,7 +100,8 @@ def _extract_commit_from_mkosi(build_file: Path, package_name: str) -> str: Args: build_file: Path to mkosi.build file - package_name: Package name (e.g., "summit", "seismic-reth", "seismic-enclave-server") + package_name: Package name (e.g., "summit", "seismic-reth", + "seismic-enclave-server") Returns: The commit hash as a string @@ -135,7 +136,8 @@ def _extract_branch_from_mkosi(build_file: Path, package_name: str) -> str: Args: build_file: Path to mkosi.build file - package_name: Package name (e.g., "summit", "seismic-reth", "seismic-enclave-server") + package_name: Package name (e.g., "summit", "seismic-reth", + "seismic-enclave-server") Returns: The branch name as a string @@ -178,11 +180,13 @@ def update_git_mkosi_batch( commit_message: str | None = None, ) -> dict[str, GitConfig]: """ - Update git commits for multiple packages in seismic/mkosi.build in a single commit. + Update git commits for multiple packages in seismic/mkosi.build in a + single commit. Args: updates: Dict mapping package name to GitConfig - (e.g., {"summit": GitConfig(...), "seismic-reth": GitConfig(...)}) + (e.g., {"summit": GitConfig(...), + "seismic-reth": GitConfig(...)}) home: Home directory path commit_message: Optional custom commit message @@ -215,15 +219,20 @@ def update_git_mkosi_batch( for package_name, git_config in updates.items(): if git_config.commit is None: # No commit specified, use current - current_commit = _extract_commit_from_mkosi(build_file, package_name) - current_branch = _extract_branch_from_mkosi(build_file, package_name) + current_commit = _extract_commit_from_mkosi( + build_file, package_name + ) + current_branch = _extract_branch_from_mkosi( + build_file, package_name + ) current_git = GitConfig( commit=current_commit, branch=git_config.branch or current_branch, ) logger.info( f"No git commit provided for {package_name}. " - f"Using current git state {current_git.branch}#{current_git.commit}" + f"Using current git state " + f"{current_git.branch}#{current_git.commit}" ) results[package_name] = current_git else: @@ -236,11 +245,17 @@ def update_git_mkosi_batch( logger.info("No packages to update") return results - logger.info(f"Updating {len(packages_to_update)} packages in {build_file.name}...") + logger.info( + f"Updating {len(packages_to_update)} packages in " + f"{build_file.name}..." + ) # Update all packages in one pass for package_name, git_config in packages_to_update: - logger.info(f" - {package_name} → {git_config.branch}#{git_config.commit[:8]}") + logger.info( + f" - {package_name} → " + f"{git_config.branch}#{git_config.commit[:8]}" + ) var_prefix = package_var_map.get(package_name) if not var_prefix: @@ -248,16 +263,18 @@ def update_git_mkosi_batch( # Update branch variable (e.g., RETH_BRANCH="seismic") branch_var = f"{var_prefix}_BRANCH" - branch_update_cmd = f""" - sed -i 's/^{branch_var}=.*$/{branch_var}="{git_config.branch}"/' {build_file} - """ + branch_update_cmd = ( + f"sed -i 's/^{branch_var}=.*$/{branch_var}=" + f'"{git_config.branch}"\' {build_file}' + ) run_command(branch_update_cmd, cwd=paths.flashbots_images) # Update commit variable (e.g., RETH_COMMIT="abc123...") commit_var = f"{var_prefix}_COMMIT" - commit_update_cmd = f""" - sed -i 's/^{commit_var}=.*$/{commit_var}="{git_config.commit}"/' {build_file} - """ + commit_update_cmd = ( + f"sed -i 's/^{commit_var}=.*$/{commit_var}=" + f'"{git_config.commit}"\' {build_file}' + ) run_command(commit_update_cmd, cwd=paths.flashbots_images) logger.info("All packages updated in file") @@ -274,7 +291,9 @@ def update_git_mkosi_batch( if not commit_message: package_names = ", ".join([name for name, _ in packages_to_update]) commit_message = f"Update commit hashes for {package_names}" - run_command(f'git commit -m "{commit_message}"', cwd=paths.flashbots_images) + run_command( + f'git commit -m "{commit_message}"', cwd=paths.flashbots_images + ) logger.info("Committed changes") run_command("git push", cwd=paths.flashbots_images) @@ -295,7 +314,8 @@ def update_git_mkosi( """ Update the git commit for a single package in seismic/mkosi.build. - For batch updates of multiple packages, use update_git_mkosi_batch() instead. + For batch updates of multiple packages, use update_git_mkosi_batch() + instead. """ results = update_git_mkosi_batch( {package_name: git_config}, diff --git a/yocto/image/measurements.py b/yocto/image/measurements.py index e053fd3a..31f5f8f6 100644 --- a/yocto/image/measurements.py +++ b/yocto/image/measurements.py @@ -30,7 +30,8 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: efi_path = image_path if image_path.suffix in [".vhd", ".tar.gz"]: # Look for the corresponding .efi file - # Pattern: seismic-dev-azure-TIMESTAMP.vhd -> seismic-dev-azure-TIMESTAMP.efi + # Pattern: seismic-dev-azure-TIMESTAMP.vhd -> + # seismic-dev-azure-TIMESTAMP.efi efi_path = image_path.with_suffix(".efi") if not efi_path.exists(): raise FileNotFoundError( @@ -51,20 +52,24 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: # Use the same command as make measure, but with our specific EFI file # This is what make measure does internally: - # $(WRAPPER) measured-boot "$$EFI_FILE" build/measurements.json --direct-uki + # $(WRAPPER) measured-boot "$$EFI_FILE" build/measurements.json + # --direct-uki # - # Important: env_wrapper.sh runs in Lima VM where flashbots-images is mounted at ~/mnt - # So we need to use relative paths from flashbots-images root + # Important: env_wrapper.sh runs in Lima VM where flashbots-images is + # mounted at ~/mnt. So we need to use relative paths from + # flashbots-images root wrapper_script = paths.flashbots_images / "scripts" / "env_wrapper.sh" - # Get relative path from flashbots-images root (e.g., "build/seismic-dev-azure-*.efi") + # Get relative path from flashbots-images root + # (e.g., "build/seismic-dev-azure-*.efi") efi_relative = efi_path.relative_to(paths.flashbots_images) measurements_relative = "build/measurements.json" - measure_cmd = f""" - cd {paths.flashbots_images} && - IMAGE={image_name} {wrapper_script} measured-boot "{efi_relative}" {measurements_relative} --direct-uki - """ + measure_cmd = ( + f"cd {paths.flashbots_images} && " + f"IMAGE={image_name} {wrapper_script} measured-boot " + f'"{efi_relative}" {measurements_relative} --direct-uki' + ) result = subprocess.run( measure_cmd, shell=True, capture_output=True, text=True diff --git a/yocto/utils/artifact.py b/yocto/utils/artifact.py index 49a486b2..4fcd1da0 100644 --- a/yocto/utils/artifact.py +++ b/yocto/utils/artifact.py @@ -50,13 +50,15 @@ def _artifact_from_timestamp( ) -> str | None: """Find artifact file by timestamp. - Searches the artifacts directory (including subdirectories) for files matching the timestamp. - Returns the filename if found, or constructs a legacy name as fallback. + Searches the artifacts directory (including subdirectories) for files + matching the timestamp. Returns the filename if found, or constructs a + legacy name as fallback. Args: timestamp: 14-digit timestamp string home: Home directory path - dev: If True, prefer dev artifacts (seismic-dev-*), else prefer non-dev + dev: If True, prefer dev artifacts (seismic-dev-*), else prefer + non-dev Returns: Artifact filename @@ -64,7 +66,9 @@ def _artifact_from_timestamp( artifacts_path = BuildPaths(home).artifacts # Search for any file with this timestamp in all subdirectories - matches = list(glob.glob(f"{artifacts_path}/**/*{timestamp}*", recursive=True)) + matches = list( + glob.glob(f"{artifacts_path}/**/*{timestamp}*", recursive=True) + ) if matches: # Filter by dev preference if dev: @@ -78,7 +82,8 @@ def _artifact_from_timestamp( if non_dev_matches: matches = non_dev_matches - # Return the basename of the first match (preferring .vhd, .tar.gz, or .efi) + # Return the basename of the first match + # (preferring .vhd, .tar.gz, or .efi) for ext in [".vhd", ".tar.gz", ".efi"]: for match in matches: if match.endswith(ext): @@ -99,11 +104,12 @@ def parse_artifact( if len(artifact_arg) == 14: if all(a.isdigit() for a in artifact_arg): if home is None: - raise ValueError("home parameter required when parsing timestamp") + msg = "home parameter required when parsing timestamp" + raise ValueError(msg) return _artifact_from_timestamp(artifact_arg, home, dev) # Validate that it's correctly named - timestamp = _extract_timestamp(artifact_arg) + _extract_timestamp(artifact_arg) # If full artifact name provided, just return it # (it already has the correct format - either old or new) @@ -140,10 +146,12 @@ def get_artifact_path(artifact: str, home: str) -> Path: elif "-baremetal-" in artifact: artifact_path = artifacts_base / "baremetal" / artifact else: - raise ValueError( - f"Cannot determine cloud provider from artifact name: {artifact}. " - "Expected format: seismic-[azure|gcp|baremetal]-YYYYMMDDHHMMSS." + msg = ( + f"Cannot determine cloud provider from artifact name: " + f"{artifact}. Expected format: " + f"seismic-[azure|gcp|baremetal]-YYYYMMDDHHMMSS." ) + raise ValueError(msg) if not artifact_path.exists(): raise FileNotFoundError(f"Artifact not found: {artifact_path}") @@ -177,7 +185,9 @@ def delete_artifact(artifact: str, home: str): artifacts_path = BuildPaths(home).artifacts files_deleted = 0 # Search in all subdirectories - for filepath in glob.glob(f"{artifacts_path}/**/*{timestamp}*", recursive=True): + for filepath in glob.glob( + f"{artifacts_path}/**/*{timestamp}*", recursive=True + ): os.remove(filepath) files_deleted += 1 diff --git a/yocto/utils/parser.py b/yocto/utils/parser.py index 85f69d67..a9f94a39 100644 --- a/yocto/utils/parser.py +++ b/yocto/utils/parser.py @@ -30,7 +30,10 @@ def parse_args() -> argparse.Namespace: "--cloud", type=str, choices=["azure", "gcp", "ovh"], - help="Cloud provider (azure, gcp, ovh). Required for deployment, optional for build.", + help=( + "Cloud provider (azure, gcp, ovh). " + "Required for deployment, optional for build." + ), ) parser.add_argument( "--resource-group", diff --git a/yocto/utils/paths.py b/yocto/utils/paths.py index 5ea59da6..9993160f 100644 --- a/yocto/utils/paths.py +++ b/yocto/utils/paths.py @@ -31,13 +31,15 @@ def artifact_pattern(cloud: "CloudProvider", dev: bool = False) -> str: dev: Whether this is a dev build Returns: - Glob pattern like "azure/seismic-dev-azure-*.vhd" or "gcp/seismic-gcp-*.tar.gz" + Glob pattern like "azure/seismic-dev-azure-*.vhd" or + "gcp/seismic-gcp-*.tar.gz" """ prefix = "seismic-dev" if dev else "seismic" if cloud == CloudProvider.AZURE: # Dev builds use "seismic-dev" prefix - # e.g., azure/seismic-dev-azure-timestamp.vhd or azure/seismic-azure-timestamp.vhd + # e.g., azure/seismic-dev-azure-timestamp.vhd or + # azure/seismic-azure-timestamp.vhd return f"azure/{prefix}-azure-*.vhd" elif cloud == CloudProvider.GCP: return f"gcp/{prefix}-gcp-*.tar.gz" From acf7f43cc7bd64189ea2e5c6e4bdbe9300e06a7e Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 4 Dec 2025 19:06:00 +0000 Subject: [PATCH 04/43] git commit --- yocto/image/git.py | 137 +++++++++------------------------------------ 1 file changed, 25 insertions(+), 112 deletions(-) diff --git a/yocto/image/git.py b/yocto/image/git.py index d9de33fd..05104963 100644 --- a/yocto/image/git.py +++ b/yocto/image/git.py @@ -8,63 +8,35 @@ logger = logging.getLogger(__name__) +GitCommit = str | None -@dataclass -class GitConfig: - commit: str | None - branch: str - - @staticmethod - def from_args(args: Namespace, repo: str) -> "GitConfig": - values = vars(args) - return GitConfig( - commit=values[f"{repo}_commit"], branch=values[f"{repo}_branch"] - ) - - def to_dict(self) -> dict[str, str]: - # if not self.commit: - # raise ValueError( - # "Cannot call to_dict() on GitConfig without commit" - # ) - return { - "branch": self.branch, - "commit": self.commit, - } - @staticmethod - def branch_only(branch: str) -> "GitConfig": - return GitConfig(commit=None, branch=branch) +def commit_from_args(args: Namespace, repo: str) -> GitCommit: + values = vars(args) + return values[f"{repo}_commit"] @dataclass class GitConfigs: - enclave: GitConfig - sreth: GitConfig - summit: GitConfig + enclave: GitCommit + sreth: GitCommit + summit: GitCommit @staticmethod def from_args(args: Namespace) -> "GitConfigs": return GitConfigs( - enclave=GitConfig.from_args(args, "enclave"), - sreth=GitConfig.from_args(args, "sreth"), - summit=GitConfig.from_args(args, "summit"), + enclave=commit_from_args(args, "enclave"), + sreth=commit_from_args(args, "sreth"), + summit=commit_from_args(args, "summit"), ) def to_dict(self): return { - "enclave": self.enclave.to_dict(), - "sreth": self.sreth.to_dict(), - "summit": self.summit.to_dict(), + "enclave": self.enclave, + "sreth": self.sreth, + "summit": self.summit, } - @staticmethod - def default() -> "GitConfigs": - return GitConfigs( - enclave=GitConfig.branch_only("seismic"), - sreth=GitConfig.branch_only("seismic"), - summit=GitConfig.branch_only("main"), - ) - def run_command( cmd: str, cwd: Path | None = None @@ -131,54 +103,11 @@ def _extract_commit_from_mkosi(build_file: Path, package_name: str) -> str: return result -def _extract_branch_from_mkosi(build_file: Path, package_name: str) -> str: - """Extract branch name from mkosi.build file for a given package. - - Args: - build_file: Path to mkosi.build file - package_name: Package name (e.g., "summit", "seismic-reth", - "seismic-enclave-server") - - Returns: - The branch name as a string - - The format in mkosi.build is: - RETH_BRANCH="seismic" - """ - # Map package names to variable prefixes - package_var_map = { - "seismic-reth": "RETH", - "seismic-enclave-server": "ENCLAVE", - "summit": "SUMMIT", - } - - var_prefix = package_var_map.get(package_name) - if not var_prefix: - raise ValueError(f"Unknown package name: {package_name}") - - branch_var = f"{var_prefix}_BRANCH" - cmd = f"""grep '^{branch_var}=' {build_file} | cut -d'"' -f2""" - result = _extract(cmd, f"{package_name} branch") - if not result: - raise ValueError( - f"Failed to extract branch for {package_name}. " - f"Got: '{result}'" - ) - return result - - -def _extract_branch(bb_path: Path) -> str: - """Legacy function - branches are not stored in mkosi.build.""" - # For mkosi builds, we don't track branches separately - # The commit hash is what matters - return "main" - - def update_git_mkosi_batch( - updates: dict[str, GitConfig], + updates: dict[str, GitCommit], home: str, commit_message: str | None = None, -) -> dict[str, GitConfig]: +) -> dict[str, GitCommit]: """ Update git commits for multiple packages in seismic/mkosi.build in a single commit. @@ -217,24 +146,18 @@ def update_git_mkosi_batch( packages_to_update = [] for package_name, git_config in updates.items(): - if git_config.commit is None: + if git_config is None: # No commit specified, use current current_commit = _extract_commit_from_mkosi( - build_file, package_name - ) - current_branch = _extract_branch_from_mkosi( - build_file, package_name - ) - current_git = GitConfig( - commit=current_commit, - branch=git_config.branch or current_branch, + build_file=build_file, + package_name=package_name, ) logger.info( f"No git commit provided for {package_name}. " - f"Using current git state " - f"{current_git.branch}#{current_git.commit}" + f"Using current git commit " + f"{current_commit}" ) - results[package_name] = current_git + results[package_name] = current_commit else: # Mark for update packages_to_update.append((package_name, git_config)) @@ -251,24 +174,13 @@ def update_git_mkosi_batch( ) # Update all packages in one pass - for package_name, git_config in packages_to_update: - logger.info( - f" - {package_name} → " - f"{git_config.branch}#{git_config.commit[:8]}" - ) + for package_name, git_commit in packages_to_update: + logger.info(f" - {package_name} @ {git_commit[:8]}") var_prefix = package_var_map.get(package_name) if not var_prefix: raise ValueError(f"Unknown package name: {package_name}") - # Update branch variable (e.g., RETH_BRANCH="seismic") - branch_var = f"{var_prefix}_BRANCH" - branch_update_cmd = ( - f"sed -i 's/^{branch_var}=.*$/{branch_var}=" - f'"{git_config.branch}"\' {build_file}' - ) - run_command(branch_update_cmd, cwd=paths.flashbots_images) - # Update commit variable (e.g., RETH_COMMIT="abc123...") commit_var = f"{var_prefix}_COMMIT" commit_update_cmd = ( @@ -284,7 +196,8 @@ def update_git_mkosi_batch( # Check if there are changes to commit status_result = run_command( - "git status --porcelain", cwd=paths.flashbots_images + cmd="git status --porcelain", + cwd=paths.flashbots_images, ) if status_result.stdout.strip(): logger.info("Changes detected, committing...") From 5e72330efef0cdbfe0d0bcd9f89b427539e9016e Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 4 Dec 2025 15:02:39 -0500 Subject: [PATCH 05/43] remove --- yocto/image/git.py | 39 ++++++--------------------------------- 1 file changed, 6 insertions(+), 33 deletions(-) diff --git a/yocto/image/git.py b/yocto/image/git.py index 05104963..68b87bd5 100644 --- a/yocto/image/git.py +++ b/yocto/image/git.py @@ -113,14 +113,14 @@ def update_git_mkosi_batch( single commit. Args: - updates: Dict mapping package name to GitConfig - (e.g., {"summit": GitConfig(...), - "seismic-reth": GitConfig(...)}) + updates: Dict mapping package name to commit hash + (e.g., {"summit": "3720ab4...", + "seismic-reth": "3720ab4..."}) home: Home directory path commit_message: Optional custom commit message Returns: - Dict mapping package names to their final GitConfig + Dict mapping package names to their final commit hash """ paths = BuildPaths(home) @@ -220,10 +220,10 @@ def update_git_mkosi_batch( def update_git_mkosi( package_name: str, - git_config: GitConfig, + git_config: GitCommit, home: str, commit_message: str | None = None, -) -> GitConfig: +) -> GitCommit: """ Update the git commit for a single package in seismic/mkosi.build. @@ -236,30 +236,3 @@ def update_git_mkosi( commit_message, ) return results[package_name] - - -# Keep old function name for backwards compatibility, but delegate to new one -def update_git_bb( - bb_pathname: str, - git_config: GitConfig, - home: str, - commit_message: str | None = None, -) -> GitConfig: - """Legacy wrapper for update_git_mkosi. - - Maps old bb_pathname to package names: - - recipes-nodes/enclave/enclave.bb -> seismic-enclave-server - - recipes-nodes/reth/reth.bb -> seismic-reth - - recipes-nodes/summit/summit.bb -> summit - """ - package_map = { - "recipes-nodes/enclave/enclave.bb": "seismic-enclave-server", - "recipes-nodes/reth/reth.bb": "seismic-reth", - "recipes-nodes/summit/summit.bb": "summit", - } - - package_name = package_map.get(bb_pathname) - if not package_name: - raise ValueError(f"Unknown bb_pathname: {bb_pathname}") - - return update_git_mkosi(package_name, git_config, home, commit_message) From e58d64d76b68847182d8dabf81ba1f710400f39f Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 4 Dec 2025 15:04:53 -0500 Subject: [PATCH 06/43] hm --- yocto/README.md | 3 +-- yocto/utils/parser.py | 26 -------------------------- 2 files changed, 1 insertion(+), 28 deletions(-) diff --git a/yocto/README.md b/yocto/README.md index 3f20271f..24d647e7 100644 --- a/yocto/README.md +++ b/yocto/README.md @@ -98,10 +98,9 @@ Upon successful deployment, the script will: - `--logs` If flagged, print build and/or deploy logs as they run ### Build arguments -- `--enclave-branch` Seismic Enclave git branch name. Defaults to 'main' - `--enclave-commit` Seismic Enclave git gommit hash. If not provided, does not change image -- `--sreth-branch` Seismic Reth git branch name. Defaults to 'seismic' - `--sreth-commit` Seismic Reth git commit hash. If not provided, does not change image +- `--summit-commit` Summit git commit hash. If not provided, does not change image ### Deploy arguments - `--artifact` Required when running --deploy without --build (e.g. '20241203182636') diff --git a/yocto/utils/parser.py b/yocto/utils/parser.py index a9f94a39..6a1da4ae 100644 --- a/yocto/utils/parser.py +++ b/yocto/utils/parser.py @@ -55,14 +55,6 @@ def parse_args() -> argparse.Namespace: ) # Git args - parser.add_argument( - "--enclave-branch", - default="seismic", - help=( - "Seismic Enclave git branch name. Defaults to 'main'. " - "Only used if --enclave-commit is provided too" - ), - ) parser.add_argument( "--enclave-commit", help=( @@ -70,15 +62,6 @@ def parse_args() -> argparse.Namespace: "If not provided, does not change image" ), ) - - parser.add_argument( - "--sreth-branch", - default="seismic", - help=( - "Seismic Reth git branch name. Defaults to 'seismic'. " - "Only used if --sreth-commit is provided too" - ), - ) parser.add_argument( "--sreth-commit", help=( @@ -86,15 +69,6 @@ def parse_args() -> argparse.Namespace: "If not provided, does not change image" ), ) - - parser.add_argument( - "--summit-branch", - default="main", - help=( - "Summit git branch name. Defaults to 'main'. " - "Only used if --summit-commit is provided too" - ), - ) parser.add_argument( "--summit-commit", help=("Summit git commit hash. If not provided, does not change image"), From dac8b87983b280920996b90dd96758abb4f6edf9 Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 4 Dec 2025 15:19:05 -0500 Subject: [PATCH 07/43] fix paths --- yocto/image/build.py | 4 +-- yocto/image/git.py | 16 ++++++------ yocto/image/measurements.py | 12 ++++----- yocto/utils/paths.py | 49 ++++++------------------------------- 4 files changed, 23 insertions(+), 58 deletions(-) diff --git a/yocto/image/build.py b/yocto/image/build.py index 9928f99b..12fbc30b 100644 --- a/yocto/image/build.py +++ b/yocto/image/build.py @@ -43,7 +43,7 @@ def build_image( Returns: Path to the built image """ - flashbots_images_path = BuildPaths(home).flashbots_images + flashbots_images_path = BuildPaths(home).seismic_images if not flashbots_images_path.exists(): raise FileNotFoundError( f"flashbots-images path not found: {flashbots_images_path}" @@ -93,7 +93,7 @@ def build_image( ) find_cmd = f""" - find {BuildPaths(home).artifacts} \ + find {BuildPaths(home).artifacts / cloud} \ -name '{artifact_pattern}' \ -type f -printf '%T@ %p\n' | sort -n | tail -1 | cut -f2- -d" " """ diff --git a/yocto/image/git.py b/yocto/image/git.py index 68b87bd5..b7dbc836 100644 --- a/yocto/image/git.py +++ b/yocto/image/git.py @@ -124,11 +124,11 @@ def update_git_mkosi_batch( """ paths = BuildPaths(home) - build_file = paths.flashbots_images / "seismic" / "mkosi.build" + build_file = paths.seismic_images / "seismic" / "mkosi.build" - if not paths.flashbots_images.exists(): + if not paths.seismic_images.exists(): raise FileNotFoundError( - f"flashbots-images path not found: {paths.flashbots_images}" + f"flashbots-images path not found: {paths.seismic_images}" ) if not build_file.exists(): @@ -187,17 +187,17 @@ def update_git_mkosi_batch( f"sed -i 's/^{commit_var}=.*$/{commit_var}=" f'"{git_config.commit}"\' {build_file}' ) - run_command(commit_update_cmd, cwd=paths.flashbots_images) + run_command(commit_update_cmd, cwd=paths.seismic_images) logger.info("All packages updated in file") # Stage the file - run_command("git add seismic/mkosi.build", cwd=paths.flashbots_images) + run_command("git add seismic/mkosi.build", cwd=paths.seismic_images) # Check if there are changes to commit status_result = run_command( cmd="git status --porcelain", - cwd=paths.flashbots_images, + cwd=paths.seismic_images, ) if status_result.stdout.strip(): logger.info("Changes detected, committing...") @@ -205,11 +205,11 @@ def update_git_mkosi_batch( package_names = ", ".join([name for name, _ in packages_to_update]) commit_message = f"Update commit hashes for {package_names}" run_command( - f'git commit -m "{commit_message}"', cwd=paths.flashbots_images + f'git commit -m "{commit_message}"', cwd=paths.seismic_images ) logger.info("Committed changes") - run_command("git push", cwd=paths.flashbots_images) + run_command("git push", cwd=paths.seismic_images) logger.info("Successfully pushed changes") else: logger.info("No changes to commit") diff --git a/yocto/image/measurements.py b/yocto/image/measurements.py index 31f5f8f6..603076b9 100644 --- a/yocto/image/measurements.py +++ b/yocto/image/measurements.py @@ -39,9 +39,9 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: f"Expected: {efi_path}" ) - if not paths.flashbots_images.exists(): + if not paths.seismic_images.exists(): raise FileNotFoundError( - f"flashbots-images path not found: {paths.flashbots_images}" + f"flashbots-images path not found: {paths.seismic_images}" ) logger.info(f"Generating measurements for: {efi_path.name}") @@ -58,15 +58,15 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: # Important: env_wrapper.sh runs in Lima VM where flashbots-images is # mounted at ~/mnt. So we need to use relative paths from # flashbots-images root - wrapper_script = paths.flashbots_images / "scripts" / "env_wrapper.sh" + wrapper_script = paths.seismic_images / "scripts" / "env_wrapper.sh" # Get relative path from flashbots-images root # (e.g., "build/seismic-dev-azure-*.efi") - efi_relative = efi_path.relative_to(paths.flashbots_images) + efi_relative = efi_path.relative_to(paths.seismic_images) measurements_relative = "build/measurements.json" measure_cmd = ( - f"cd {paths.flashbots_images} && " + f"cd {paths.seismic_images} && " f"IMAGE={image_name} {wrapper_script} measured-boot " f'"{efi_relative}" {measurements_relative} --direct-uki' ) @@ -81,7 +81,7 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: ) # Read the generated measurements.json - measurements_output = paths.flashbots_images / measurements_relative + measurements_output = paths.seismic_images / measurements_relative if not measurements_output.exists(): raise FileNotFoundError( f"Measurements file not generated: {measurements_output}" diff --git a/yocto/utils/paths.py b/yocto/utils/paths.py index 9993160f..4acb3af9 100644 --- a/yocto/utils/paths.py +++ b/yocto/utils/paths.py @@ -11,16 +11,12 @@ def __init__(self, home: str): self.home = Path(home) @property - def yocto_manifests(self) -> Path: - return self.home / "yocto-manifests" - - @property - def flashbots_images(self) -> Path: - return self.home / "flashbots-images" + def seismic_images(self) -> Path: + return self.home / "seismic-images" @property def artifacts(self) -> Path: - return self.flashbots_images / "build" + return self.seismic_images / "build" @staticmethod def artifact_pattern(cloud: "CloudProvider", dev: bool = False) -> str: @@ -40,49 +36,22 @@ def artifact_pattern(cloud: "CloudProvider", dev: bool = False) -> str: # Dev builds use "seismic-dev" prefix # e.g., azure/seismic-dev-azure-timestamp.vhd or # azure/seismic-azure-timestamp.vhd - return f"azure/{prefix}-azure-*.vhd" + return f"{prefix}-azure-*.vhd" elif cloud == CloudProvider.GCP: - return f"gcp/{prefix}-gcp-*.tar.gz" - elif cloud == CloudProvider.OVH: - # OVH uses baremetal profile (no PROFILE in build) - return f"baremetal/{prefix}-baremetal-*.efi" + return f"{prefix}-gcp-*.tar.gz" else: - # Bare metal or unknown - return f"baremetal/{prefix}-baremetal-*.efi" + # OVH uses baremetal profile (no PROFILE in build) + return f"{prefix}-baremetal-*.efi" @staticmethod def artifact_prefix() -> str: """Legacy method for backward compatibility.""" return "cvm-image-azure-tdx.rootfs" - @property - def meta_seismic(self) -> Path: - return self.home / "meta-seismic" - - @property - def measured_boot(self) -> Path: - return self.home / "measured-boot" - - @property - def enclave_bb(self) -> str: - return "recipes-nodes/enclave/enclave.bb" - - @property - def sreth_bb(self) -> str: - return "recipes-nodes/reth/reth.bb" - - @property - def summit_bb(self) -> str: - return "recipes-nodes/summit/summit.bb" - @property def repo_root(self) -> Path: return self.home / "deploy" - @property - def deploy_script(self) -> Path: - return self.repo_root / "deploy.sh" - @property def deploy_metadata(self) -> Path: return self.repo_root / "deploy_metadata.json" @@ -90,7 +59,3 @@ def deploy_metadata(self) -> Path: @property def proxy_client(self) -> Path: return self.home / "cvm-reverse-proxy/build/proxy-client" - - @property - def source_env(self) -> Path: - return self.home / "yocto-manifests/build/srcs/poky" From 32d961d03400937e66c2f16a0da2826eb919094f Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 4 Dec 2025 15:21:23 -0500 Subject: [PATCH 08/43] OK --- yocto/image/build.py | 1 + 1 file changed, 1 insertion(+) diff --git a/yocto/image/build.py b/yocto/image/build.py index 12fbc30b..bba48f05 100644 --- a/yocto/image/build.py +++ b/yocto/image/build.py @@ -62,6 +62,7 @@ def build_image( build_cmd = " && ".join( [f"cd {flashbots_images_path}", f"{env_vars} make {make_target}"] ) + print(build_cmd) build_result = subprocess.run( build_cmd, shell=True, From 6fa2b01e97d630b8e480cbbd97554c25c13b4a66 Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 4 Dec 2025 16:01:54 -0500 Subject: [PATCH 09/43] gix --- yocto/image/git.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/yocto/image/git.py b/yocto/image/git.py index b7dbc836..29c9a90a 100644 --- a/yocto/image/git.py +++ b/yocto/image/git.py @@ -145,8 +145,8 @@ def update_git_mkosi_batch( results = {} packages_to_update = [] - for package_name, git_config in updates.items(): - if git_config is None: + for package_name, git_commit in updates.items(): + if git_commit is None: # No commit specified, use current current_commit = _extract_commit_from_mkosi( build_file=build_file, @@ -160,8 +160,8 @@ def update_git_mkosi_batch( results[package_name] = current_commit else: # Mark for update - packages_to_update.append((package_name, git_config)) - results[package_name] = git_config + packages_to_update.append((package_name, git_commit)) + results[package_name] = git_commit # If nothing to update, return early if not packages_to_update: @@ -185,7 +185,7 @@ def update_git_mkosi_batch( commit_var = f"{var_prefix}_COMMIT" commit_update_cmd = ( f"sed -i 's/^{commit_var}=.*$/{commit_var}=" - f'"{git_config.commit}"\' {build_file}' + f'"{git_commit}"\' {build_file}' ) run_command(commit_update_cmd, cwd=paths.seismic_images) From 37ebf423c55bcc731fb1c845c9e4ac41cae0a899 Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 4 Dec 2025 16:03:59 -0500 Subject: [PATCH 10/43] OK --- yocto/image/git.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/yocto/image/git.py b/yocto/image/git.py index 29c9a90a..1443c310 100644 --- a/yocto/image/git.py +++ b/yocto/image/git.py @@ -184,8 +184,8 @@ def update_git_mkosi_batch( # Update commit variable (e.g., RETH_COMMIT="abc123...") commit_var = f"{var_prefix}_COMMIT" commit_update_cmd = ( - f"sed -i 's/^{commit_var}=.*$/{commit_var}=" - f'"{git_commit}"\' {build_file}' + f"sed -i 's|^{commit_var}=.*$|{commit_var}=" + f'"{git_commit}"|' {build_file}' ) run_command(commit_update_cmd, cwd=paths.seismic_images) From 0d73dfcb23ee31d4f57488ba3244d030b2310994 Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 4 Dec 2025 16:06:25 -0500 Subject: [PATCH 11/43] FIX --- yocto/image/git.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yocto/image/git.py b/yocto/image/git.py index 1443c310..7308914d 100644 --- a/yocto/image/git.py +++ b/yocto/image/git.py @@ -185,7 +185,7 @@ def update_git_mkosi_batch( commit_var = f"{var_prefix}_COMMIT" commit_update_cmd = ( f"sed -i 's|^{commit_var}=.*$|{commit_var}=" - f'"{git_commit}"|' {build_file}' + f'"{git_commit}"|\' {build_file}' ) run_command(commit_update_cmd, cwd=paths.seismic_images) From dc7676e0451679f2734c9e99f1b9103a2c9f2548 Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 4 Dec 2025 16:46:47 -0500 Subject: [PATCH 12/43] OK --- yocto/image/measurements.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/yocto/image/measurements.py b/yocto/image/measurements.py index 603076b9..e4287070 100644 --- a/yocto/image/measurements.py +++ b/yocto/image/measurements.py @@ -77,7 +77,9 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: if result.returncode != 0: raise RuntimeError( - f"measured-boot failed: {result.stderr.strip()}" + f"measured-boot failed:\n" + f"{result.stderr.strip()}\n" + f"Command:\n{measure_cmd}" ) # Read the generated measurements.json From fdd8e40923d80f06de9f86cd96cd6c7e0e57ad3b Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 4 Dec 2025 22:56:01 +0000 Subject: [PATCH 13/43] gcp measuremnt slop --- yocto/image/measurements.py | 223 ++++++++++++++++++++++++++++++++---- 1 file changed, 199 insertions(+), 24 deletions(-) mode change 100644 => 100755 yocto/image/measurements.py diff --git a/yocto/image/measurements.py b/yocto/image/measurements.py old mode 100644 new mode 100755 index e4287070..e8f1f359 --- a/yocto/image/measurements.py +++ b/yocto/image/measurements.py @@ -1,6 +1,10 @@ +#!/usr/bin/env python3 +import argparse import json import logging +import re import subprocess +import sys import tempfile from pathlib import Path from typing import Any @@ -23,16 +27,24 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: """Generate measurements for TDX boot process using make measure""" paths = BuildPaths(home) + + # Resolve to absolute path + image_path = image_path.resolve() + if not image_path.exists(): raise FileNotFoundError(f"Image path not found: {image_path}") - # For mkosi builds, we need the .efi file for measurements, not .vhd + # For mkosi builds, we need the .efi file for measurements, not .vhd/.tar.gz efi_path = image_path - if image_path.suffix in [".vhd", ".tar.gz"]: + if image_path.suffix == ".vhd" or image_path.name.endswith(".tar.gz"): # Look for the corresponding .efi file - # Pattern: seismic-dev-azure-TIMESTAMP.vhd -> - # seismic-dev-azure-TIMESTAMP.efi - efi_path = image_path.with_suffix(".efi") + # Pattern: seismic-dev-azure-TIMESTAMP.vhd -> seismic-dev-azure-TIMESTAMP.efi + # Pattern: seismic-dev-gcp-TIMESTAMP.tar.gz -> seismic-dev-gcp-TIMESTAMP.efi + if image_path.name.endswith(".tar.gz"): + efi_path = Path(str(image_path)[:-7] + ".efi") # Remove .tar.gz, add .efi + else: + efi_path = image_path.with_suffix(".efi") + if not efi_path.exists(): raise FileNotFoundError( f"EFI file not found for {image_path.name}. " @@ -50,54 +62,217 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: # Extract image name from path (e.g., seismic from seismic-dev-azure-*.efi) image_name = efi_path.name.split("-")[0] - # Use the same command as make measure, but with our specific EFI file - # This is what make measure does internally: - # $(WRAPPER) measured-boot "$$EFI_FILE" build/measurements.json - # --direct-uki - # + # Detect cloud provider from filename (e.g., seismic-dev-gcp-*.efi) + is_gcp = "-gcp-" in efi_path.name.lower() + cloud_provider = "gcp" if is_gcp else "azure" + # Important: env_wrapper.sh runs in Lima VM where flashbots-images is # mounted at ~/mnt. So we need to use relative paths from # flashbots-images root wrapper_script = paths.seismic_images / "scripts" / "env_wrapper.sh" # Get relative path from flashbots-images root - # (e.g., "build/seismic-dev-azure-*.efi") + # (e.g., "build/gcp/seismic-dev-gcp-*.efi" or "build/seismic-dev-azure-*.efi") efi_relative = efi_path.relative_to(paths.seismic_images) - measurements_relative = "build/measurements.json" - measure_cmd = ( - f"cd {paths.seismic_images} && " - f"IMAGE={image_name} {wrapper_script} measured-boot " - f'"{efi_relative}" {measurements_relative} --direct-uki' - ) + # Generate timestamped output filename + # Extract timestamp from filename (e.g., 20251204212823 from seismic-dev-gcp-20251204212823.efi) + timestamp_match = re.search(r'-(\d{14})\.', efi_path.name) + timestamp = timestamp_match.group(1) if timestamp_match else "latest" + + if is_gcp: + measurements_relative = f"build/gcp_measurements-{timestamp}.json" + # GCP uses dstack-mr which outputs to stdout + # We need to capture only stdout (not the Lima message), so we'll handle this differently + measure_cmd = ( + f"cd {paths.seismic_images} && " + f"IMAGE={image_name} {wrapper_script} dstack-mr " + f'-uki "{efi_relative}" -json' + ) + else: + measurements_relative = f"build/measurements-{timestamp}.json" + # Azure uses measured-boot which writes to a file + measure_cmd = ( + f"cd {paths.seismic_images} && " + f"IMAGE={image_name} {wrapper_script} measured-boot " + f'"{efi_relative}" {measurements_relative} --direct-uki' + ) + + logger.info(f"Running measurement tool for {cloud_provider.upper()}") + logger.info(f"Output: {measurements_relative}") result = subprocess.run( measure_cmd, shell=True, capture_output=True, text=True ) if result.returncode != 0: + tool_name = "dstack-mr" if is_gcp else "measured-boot" raise RuntimeError( - f"measured-boot failed:\n" + f"{tool_name} failed:\n" f"{result.stderr.strip()}\n" f"Command:\n{measure_cmd}" ) - # Read the generated measurements.json + # For GCP, we need to manually write the stdout to file (filtering out non-JSON) measurements_output = paths.seismic_images / measurements_relative - if not measurements_output.exists(): - raise FileNotFoundError( - f"Measurements file not generated: {measurements_output}" - ) + if is_gcp: + # Parse stdout and extract only the JSON part (first valid JSON object) + stdout = result.stdout.strip() + + # Try to parse as JSON directly first (in case output is clean) + try: + measurements_data = json.loads(stdout) + json_str = json.dumps(measurements_data, indent=2) + except json.JSONDecodeError: + # If that fails, extract JSON by tracking brace balance + # This handles cases where Lima VM messages are mixed with output + json_lines = [] + brace_count = 0 + in_json = False + + for line in stdout.split('\n'): + stripped = line.strip() + # Look for the start of a JSON object + if not in_json and '{' in stripped: + in_json = True + # Find where the brace starts and slice from there + brace_pos = line.index('{') + line = line[brace_pos:] + + if in_json: + json_lines.append(line) + # Count braces on this line + brace_count += line.count('{') - line.count('}') + + # If brace count is 0, we've completed the JSON object + if brace_count == 0: + break + + if not json_lines: + raise RuntimeError( + f"Could not find JSON in dstack-mr output:\n{stdout}" + ) + + json_str = '\n'.join(json_lines) + # Validate it's valid JSON + try: + json.loads(json_str) + except json.JSONDecodeError as e: + raise RuntimeError( + f"Extracted invalid JSON from dstack-mr output:\n{json_str}\n\nError: {e}" + ) + + measurements_output.parent.mkdir(parents=True, exist_ok=True) + measurements_output.write_text(json_str) + else: + # measured-boot writes directly to file + if not measurements_output.exists(): + raise FileNotFoundError( + f"Measurements file not generated: {measurements_output}" + ) with open(measurements_output) as f: raw_measurements = json.load(f) # Format to match expected structure + attestation_type = f"{cloud_provider}-tdx" measurements = { "measurement_id": image_path.name, - "attestation_type": "azure-tdx", + "attestation_type": attestation_type, "measurements": raw_measurements.get("measurements", raw_measurements), } logger.info("Measurements generated successfully") return measurements + + +def main(): + """CLI entry point for standalone measurement generation.""" + parser = argparse.ArgumentParser( + description="Generate TDX measurements from UKI EFI files", + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=""" +Examples: + # Generate measurements for a GCP image + %(prog)s build/gcp/seismic-dev-gcp-20251204212823.tar.gz --home /home/azureuser + + # Generate measurements for an Azure image with explicit EFI path + %(prog)s build/azure/seismic-dev-azure-20251204212823.efi --home /home/azureuser + + # Override cloud provider detection + %(prog)s build/seismic.efi --home /home/azureuser --cloud gcp + + # Specify custom output path + %(prog)s build/seismic.efi --home /home/azureuser --output custom-measurements.json + """, + ) + parser.add_argument( + "image_path", + type=Path, + help="Path to image file (.efi, .vhd, or .tar.gz)", + ) + parser.add_argument( + "--home", + type=str, + required=True, + help="Home directory path (required for BuildPaths)", + ) + parser.add_argument( + "--cloud", + choices=["auto", "gcp", "azure"], + default="auto", + help="Cloud provider (default: auto-detect from filename)", + ) + parser.add_argument( + "--output", + type=Path, + help="Custom output path (default: auto-generated with timestamp)", + ) + parser.add_argument( + "-v", + "--verbose", + action="store_true", + help="Enable verbose logging", + ) + + args = parser.parse_args() + + # Setup logging + logging.basicConfig( + level=logging.DEBUG if args.verbose else logging.INFO, + format="%(levelname)s: %(message)s", + ) + + try: + # Generate measurements + measurements = generate_measurements(args.image_path, args.home) + + # If custom output specified, also write there + if args.output: + logger.info(f"Writing measurements to custom path: {args.output}") + args.output.parent.mkdir(parents=True, exist_ok=True) + with open(args.output, "w") as f: + json.dump(measurements, f, indent=2) + + logger.info(f"✓ Measurements generated successfully") + logger.info(f" Measurement ID: {measurements['measurement_id']}") + logger.info(f" Attestation Type: {measurements['attestation_type']}") + + return 0 + + except FileNotFoundError as e: + logger.error(f"File not found: {e}") + return 1 + except RuntimeError as e: + logger.error(f"Measurement generation failed: {e}") + return 1 + except Exception as e: + logger.error(f"Unexpected error: {e}") + if args.verbose: + import traceback + traceback.print_exc() + return 1 + + +if __name__ == "__main__": + sys.exit(main()) From 01cb7f0b7fe3548688c00fbafd9ad178c4165682 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 5 Dec 2025 14:19:38 +0000 Subject: [PATCH 14/43] OK --- deploy_metadata.json | 18 +++++- yocto/cloud/cloud_config.py | 15 +++++ yocto/image/measurements.py | 118 +++++++++++++++++++----------------- 3 files changed, 93 insertions(+), 58 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index d5560af2..bc1918d0 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -155,5 +155,21 @@ } } }, - "artifacts": {} + "artifacts": { + "seismic-dev-gcp-20251204212823.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251204212823.tar.gz", + "attestation_type": "gcp-tdx", + "measurements": { + "rtmr1": "8aec2780762adbe1dcedd4fb5198d680147c5c316efee9cb2fd115e77d65543ed8b980a46726656b003788c1a0d3347f", + "rtmr2": "eb9c5d58a250db1ee8a1ab2b9ce7626f84f2a313a19307e25842c3452cc3b8742a0e862641286b4d08e5e348d87492ee" + } + } + } + } } \ No newline at end of file diff --git a/yocto/cloud/cloud_config.py b/yocto/cloud/cloud_config.py index 5d842648..c48a0324 100644 --- a/yocto/cloud/cloud_config.py +++ b/yocto/cloud/cloud_config.py @@ -40,6 +40,21 @@ class CloudProvider(str, Enum): GCP = "gcp" OVH = "ovh" + @staticmethod + def from_string(s: str) -> "CloudProvider": + if "-azure-" in s.lower(): + return CloudProvider.AZURE + elif "-gcp-" in s.lower(): + return CloudProvider.GCP + else: + return CloudProvider.OVH + + def is_gcp(self) -> bool: + return self == CloudProvider.GCP + + def is_azure(self) -> bool: + return self == CloudProvider.AZURE + # Re-export for convenience __all__ = [ diff --git a/yocto/image/measurements.py b/yocto/image/measurements.py index e8f1f359..f862f8f0 100755 --- a/yocto/image/measurements.py +++ b/yocto/image/measurements.py @@ -10,6 +10,7 @@ from typing import Any from yocto.utils.paths import BuildPaths +from yocto.cloud.cloud_config import CloudProvider logger = logging.getLogger(__name__) @@ -23,6 +24,57 @@ def write_measurements_tmpfile(measurements: Measurements) -> Path: return measurements_tmpfile +def parse_gcp_measurements(measurements_output: Path, result: subprocess.CompletedProcess): + # Parse stdout and extract only the JSON part (first valid JSON object) + stdout = result.stdout.strip() + + # Try to parse as JSON directly first (in case output is clean) + try: + measurements_data = json.loads(stdout) + json_str = json.dumps(measurements_data, indent=2) + except json.JSONDecodeError: + # If that fails, extract JSON by tracking brace balance + # This handles cases where Lima VM messages are mixed with output + json_lines = [] + brace_count = 0 + in_json = False + + for line in stdout.split('\n'): + stripped = line.strip() + # Look for the start of a JSON object + if not in_json and '{' in stripped: + in_json = True + # Find where the brace starts and slice from there + brace_pos = line.index('{') + line = line[brace_pos:] + + if in_json: + json_lines.append(line) + # Count braces on this line + brace_count += line.count('{') - line.count('}') + + # If brace count is 0, we've completed the JSON object + if brace_count == 0: + break + + if not json_lines: + raise RuntimeError( + f"Could not find JSON in dstack-mr output:\n{stdout}" + ) + + json_str = '\n'.join(json_lines) + # Validate it's valid JSON + try: + json.loads(json_str) + except json.JSONDecodeError as e: + raise RuntimeError( + f"Extracted invalid JSON from dstack-mr output:\n{json_str}\n\nError: {e}" + ) + + measurements_output.parent.mkdir(parents=True, exist_ok=True) + measurements_output.write_text(json_str) + + def generate_measurements(image_path: Path, home: str) -> Measurements: """Generate measurements for TDX boot process using make measure""" @@ -63,8 +115,7 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: image_name = efi_path.name.split("-")[0] # Detect cloud provider from filename (e.g., seismic-dev-gcp-*.efi) - is_gcp = "-gcp-" in efi_path.name.lower() - cloud_provider = "gcp" if is_gcp else "azure" + cloud_provider = CloudProvider.from_string(efi_path.name) # Important: env_wrapper.sh runs in Lima VM where flashbots-images is # mounted at ~/mnt. So we need to use relative paths from @@ -80,8 +131,8 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: timestamp_match = re.search(r'-(\d{14})\.', efi_path.name) timestamp = timestamp_match.group(1) if timestamp_match else "latest" - if is_gcp: - measurements_relative = f"build/gcp_measurements-{timestamp}.json" + if cloud_provider.is_gcp(): + measurements_relative = f"build/gcp/measurements-{timestamp}.json" # GCP uses dstack-mr which outputs to stdout # We need to capture only stdout (not the Lima message), so we'll handle this differently measure_cmd = ( @@ -90,7 +141,7 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: f'-uki "{efi_relative}" -json' ) else: - measurements_relative = f"build/measurements-{timestamp}.json" + measurements_relative = f"build/{cloud_provider.value}/measurements-{timestamp}.json" # Azure uses measured-boot which writes to a file measure_cmd = ( f"cd {paths.seismic_images} && " @@ -98,7 +149,7 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: f'"{efi_relative}" {measurements_relative} --direct-uki' ) - logger.info(f"Running measurement tool for {cloud_provider.upper()}") + logger.info(f"Running measurement tool for {cloud_provider.value.upper()}") logger.info(f"Output: {measurements_relative}") result = subprocess.run( @@ -106,7 +157,7 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: ) if result.returncode != 0: - tool_name = "dstack-mr" if is_gcp else "measured-boot" + tool_name = "dstack-mr" if cloud_provider.is_gcp() else "measured-boot" raise RuntimeError( f"{tool_name} failed:\n" f"{result.stderr.strip()}\n" @@ -115,55 +166,8 @@ def generate_measurements(image_path: Path, home: str) -> Measurements: # For GCP, we need to manually write the stdout to file (filtering out non-JSON) measurements_output = paths.seismic_images / measurements_relative - if is_gcp: - # Parse stdout and extract only the JSON part (first valid JSON object) - stdout = result.stdout.strip() - - # Try to parse as JSON directly first (in case output is clean) - try: - measurements_data = json.loads(stdout) - json_str = json.dumps(measurements_data, indent=2) - except json.JSONDecodeError: - # If that fails, extract JSON by tracking brace balance - # This handles cases where Lima VM messages are mixed with output - json_lines = [] - brace_count = 0 - in_json = False - - for line in stdout.split('\n'): - stripped = line.strip() - # Look for the start of a JSON object - if not in_json and '{' in stripped: - in_json = True - # Find where the brace starts and slice from there - brace_pos = line.index('{') - line = line[brace_pos:] - - if in_json: - json_lines.append(line) - # Count braces on this line - brace_count += line.count('{') - line.count('}') - - # If brace count is 0, we've completed the JSON object - if brace_count == 0: - break - - if not json_lines: - raise RuntimeError( - f"Could not find JSON in dstack-mr output:\n{stdout}" - ) - - json_str = '\n'.join(json_lines) - # Validate it's valid JSON - try: - json.loads(json_str) - except json.JSONDecodeError as e: - raise RuntimeError( - f"Extracted invalid JSON from dstack-mr output:\n{json_str}\n\nError: {e}" - ) - - measurements_output.parent.mkdir(parents=True, exist_ok=True) - measurements_output.write_text(json_str) + if cloud_provider.is_gcp(): + parse_gcp_measurements(measurements_output, result) else: # measured-boot writes directly to file if not measurements_output.exists(): @@ -214,7 +218,7 @@ def main(): parser.add_argument( "--home", type=str, - required=True, + default="/home/azureuser", help="Home directory path (required for BuildPaths)", ) parser.add_argument( From 768ae9fe02dc6afcd663603e447c6d9a7ff060a6 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 5 Dec 2025 18:17:00 +0000 Subject: [PATCH 15/43] annoying --- deploy_metadata.json | 15 +++++++++++++++ yocto/image/measurements.py | 11 +++++++---- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index bc1918d0..cd120ad1 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -170,6 +170,21 @@ "rtmr2": "eb9c5d58a250db1ee8a1ab2b9ce7626f84f2a313a19307e25842c3452cc3b8742a0e862641286b4d08e5e348d87492ee" } } + }, + "seismic-dev-gcp-20251205142735.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251205142735.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "8aec2780762adbe1dcedd4fb5198d680147c5c316efee9cb2fd115e77d65543ed8b980a46726656b003788c1a0d3347f", + "rtmr2": "eb9c5d58a250db1ee8a1ab2b9ce7626f84f2a313a19307e25842c3452cc3b8742a0e862641286b4d08e5e348d87492ee" + } + } } } } \ No newline at end of file diff --git a/yocto/image/measurements.py b/yocto/image/measurements.py index f862f8f0..6007a4a2 100755 --- a/yocto/image/measurements.py +++ b/yocto/image/measurements.py @@ -216,10 +216,13 @@ def main(): help="Path to image file (.efi, .vhd, or .tar.gz)", ) parser.add_argument( - "--home", + "--code", type=str, - default="/home/azureuser", - help="Home directory path (required for BuildPaths)", + default=str(Path.home()), + help=( + f"Code directory path (required for BuildPaths). " + f"Defaults to $HOME: {Path.home()}" + ), ) parser.add_argument( "--cloud", @@ -249,7 +252,7 @@ def main(): try: # Generate measurements - measurements = generate_measurements(args.image_path, args.home) + measurements = generate_measurements(args.image_path, args.code) # If custom output specified, also write there if args.output: From aedaddca6c44d7a5c869282ead5fb984ca9f106f Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 5 Dec 2025 18:59:22 +0000 Subject: [PATCH 16/43] ugh --- deploy_metadata.json | 40 ++++++++++++++++++++++++++++++++++++++ yocto/cloud/gcp/api.py | 39 ++++++++++++++++++++++++------------- yocto/deployment/deploy.py | 2 +- 3 files changed, 66 insertions(+), 15 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index cd120ad1..c421772d 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -153,6 +153,46 @@ }, "data_disk": "az-genesis-4-persistent" } + }, + "gcp": { + "gcp-genesis-2": { + "artifact": "seismic-dev-gcp-20251205142735.tar.gz", + "public_ip": "136.119.55.52", + "domain": { + "url": "https://gcp-2.seismictest.net", + "record": "gcp-2", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-2", + "nsgName": "gcp-genesis-2", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-2-persistent" + }, + "gcp-genesis-3": { + "artifact": "seismic-dev-gcp-20251205142735.tar.gz", + "public_ip": "34.16.112.41", + "domain": { + "url": "https://gcp-3.seismictest.net", + "record": "gcp-3", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-3", + "nsgName": "gcp-genesis-3", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-3-persistent" + } } }, "artifacts": { diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index 26decba5..6e5b8dfc 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -12,6 +12,7 @@ import time from pathlib import Path +from google.api_core import exceptions as gcp_exceptions from google.cloud import compute_v1, resourcemanager_v3, storage from yocto.cloud.azure.api import AzureApi @@ -646,14 +647,19 @@ def delete_disk( ) disk_client = compute_v1.DisksClient() - operation = disk_client.delete( - project=resource_group, - zone=zone, - disk=disk_name, - ) + try: + operation = disk_client.delete( + project=resource_group, + zone=zone, + disk=disk_name, + ) - wait_for_extended_operation(operation, f"disk deletion for {disk_name}") - logger.info(f"Disk {disk_name} deleted successfully") + wait_for_extended_operation(operation, f"disk deletion for {disk_name}") + logger.info(f"Disk {disk_name} deleted successfully") + except gcp_exceptions.NotFound: + logger.info( + f"Disk {disk_name} not found - likely already deleted by Google automatically" + ) @classmethod def delete_disk_by_name( @@ -674,14 +680,19 @@ def delete_disk_by_name( ) disk_client = compute_v1.DisksClient() - operation = disk_client.delete( - project=resource_group, - zone=zone, - disk=disk_name, - ) + try: + operation = disk_client.delete( + project=resource_group, + zone=zone, + disk=disk_name, + ) - wait_for_extended_operation(operation, f"disk deletion for {disk_name}") - logger.info(f"Disk {disk_name} deleted successfully") + wait_for_extended_operation(operation, f"disk deletion for {disk_name}") + logger.info(f"Disk {disk_name} deleted successfully") + except gcp_exceptions.NotFound: + logger.info( + f"Disk {disk_name} not found - likely already deleted by Google automatically" + ) @classmethod def upload_disk(cls, config: DeployConfigs, image_path: Path) -> None: diff --git a/yocto/deployment/deploy.py b/yocto/deployment/deploy.py index 531650b5..ea4a370c 100644 --- a/yocto/deployment/deploy.py +++ b/yocto/deployment/deploy.py @@ -86,7 +86,7 @@ def deploy_image( disk_name=data_disk_name, location=configs.vm.location, size_gb=1024, # 1TB default - sku="Premium_LRS", + sku="pd-ssd", show_logs=configs.show_logs, ) cloud_api.attach_data_disk( From f219a4011b40e96162644d98de7a65960caa64b2 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 5 Dec 2025 21:25:49 +0000 Subject: [PATCH 17/43] delete --- deploy_metadata.json | 101 ++++++++++++++++++++++++++----------------- 1 file changed, 61 insertions(+), 40 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index c421772d..ae62d9b0 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -154,46 +154,7 @@ "data_disk": "az-genesis-4-persistent" } }, - "gcp": { - "gcp-genesis-2": { - "artifact": "seismic-dev-gcp-20251205142735.tar.gz", - "public_ip": "136.119.55.52", - "domain": { - "url": "https://gcp-2.seismictest.net", - "record": "gcp-2", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-2", - "nsgName": "gcp-genesis-2", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-2-persistent" - }, - "gcp-genesis-3": { - "artifact": "seismic-dev-gcp-20251205142735.tar.gz", - "public_ip": "34.16.112.41", - "domain": { - "url": "https://gcp-3.seismictest.net", - "record": "gcp-3", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-3", - "nsgName": "gcp-genesis-3", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-3-persistent" - } - } + "gcp": {} }, "artifacts": { "seismic-dev-gcp-20251204212823.tar.gz": { @@ -225,6 +186,66 @@ "rtmr2": "eb9c5d58a250db1ee8a1ab2b9ce7626f84f2a313a19307e25842c3452cc3b8742a0e862641286b4d08e5e348d87492ee" } } + }, + "seismic-dev-gcp-20251205191407.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251205191407.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "d87096db53a59c2df615ace2c9a312085c0eed742ecf10e954c6c96db2712154cb98b94320f788999bc35e5becfd64ee", + "rtmr2": "5565f2373a292a9ed686ae71a3be9048f64a1a32f5bb51fc528e6bd0a1f26a7490a643d130423b3aa27f8e042828ded7" + } + } + }, + "seismic-dev-gcp-20251205200008.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251205200008.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "d87096db53a59c2df615ace2c9a312085c0eed742ecf10e954c6c96db2712154cb98b94320f788999bc35e5becfd64ee", + "rtmr2": "5565f2373a292a9ed686ae71a3be9048f64a1a32f5bb51fc528e6bd0a1f26a7490a643d130423b3aa27f8e042828ded7" + } + } + }, + "seismic-dev-gcp-20251205202740.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251205202740.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "0d5f07b4a8ba4fe0cf7a150ee31fd55abb0d28cabe6d57383f29f362e081252430cb7ba71bd8b6a61c7cf294d7be1ca5", + "rtmr2": "6a99622b6fcf9a74c06c296cae790560eefdb90c8bf63d43db74a303c2fc11477b658fb268f5efb44956f351cca56eb2" + } + } + }, + "seismic-dev-gcp-20251205210739.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251205210739.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "2436ecf6703e709482e2ea5879bf76c6d7a69e2b855644bc34e770a78d5e07fd09befcef0806e6cd40eddcb92da9d41c", + "rtmr2": "d24a34692066b9f7a3a6bfb81e4214bd69768515dfa84cdaa6529fd0cf8236341d0919157498cbea4155fd8338153331" + } + } } } } \ No newline at end of file From dc95a52213674356a74546ad51c62cdc07d49fca Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 5 Dec 2025 22:12:42 +0000 Subject: [PATCH 18/43] OK --- deploy_metadata.json | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index ae62d9b0..f228bf68 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -154,7 +154,27 @@ "data_disk": "az-genesis-4-persistent" } }, - "gcp": {} + "gcp": { + "gcp-genesis-6": { + "artifact": "seismic-dev-gcp-20251205210739.tar.gz", + "public_ip": "34.172.12.168", + "domain": { + "url": "https://gcp-6.seismictest.net", + "record": "gcp-6", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-6", + "nsgName": "gcp-genesis-6", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-6-persistent" + } + } }, "artifacts": { "seismic-dev-gcp-20251204212823.tar.gz": { From 4a4917f9b4b8079e4519f6b92e426ecb7b8209c3 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 5 Dec 2025 22:51:35 +0000 Subject: [PATCH 19/43] gcp --- deploy_metadata.json | 34 ++++++++++++++++++++++++++++++++++ yocto/image/git.py | 4 ++-- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index f228bf68..b901b951 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -173,6 +173,25 @@ "size": "c3-standard-4" }, "data_disk": "gcp-genesis-6-persistent" + }, + "gcp-genesis-1": { + "artifact": "seismic-dev-gcp-20251205223407.tar.gz", + "public_ip": "136.112.41.176", + "domain": { + "url": "https://gcp-1.seismictest.net", + "record": "gcp-1", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-1", + "nsgName": "gcp-genesis-1", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-1-persistent" } } }, @@ -266,6 +285,21 @@ "rtmr2": "d24a34692066b9f7a3a6bfb81e4214bd69768515dfa84cdaa6529fd0cf8236341d0919157498cbea4155fd8338153331" } } + }, + "seismic-dev-gcp-20251205223407.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251205223407.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "28c0731109d4a615ab86f9cb78a6a66b8b4974230c8aaad3d7673138cc25336a42aeab38e9f1d023bb317afc9a161ce2", + "rtmr2": "96009de5c29b9060af7324c16cfd4d2bc6722035581dc4651aebe6e8865a930998635e8ed90079ff453f4aa42e788c61" + } + } } } } \ No newline at end of file diff --git a/yocto/image/git.py b/yocto/image/git.py index 7308914d..dca4afcb 100644 --- a/yocto/image/git.py +++ b/yocto/image/git.py @@ -194,9 +194,9 @@ def update_git_mkosi_batch( # Stage the file run_command("git add seismic/mkosi.build", cwd=paths.seismic_images) - # Check if there are changes to commit + # Check if there are staged changes to commit status_result = run_command( - cmd="git status --porcelain", + cmd="git diff --cached --name-only", cwd=paths.seismic_images, ) if status_result.stdout.strip(): From 751b898103a3abf36e6e43a171d197039edb92e9 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 9 Dec 2025 19:17:40 +0000 Subject: [PATCH 20/43] try more --- deploy_metadata.json | 124 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) diff --git a/deploy_metadata.json b/deploy_metadata.json index b901b951..5e14ffdc 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -192,6 +192,25 @@ "size": "c3-standard-4" }, "data_disk": "gcp-genesis-1-persistent" + }, + "gcp-genesis-2": { + "artifact": "seismic-dev-gcp-20251209181511.tar.gz", + "public_ip": "136.119.55.52", + "domain": { + "url": "https://gcp-2.seismictest.net", + "record": "gcp-2", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-2", + "nsgName": "gcp-genesis-2", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-2-persistent" } } }, @@ -300,6 +319,111 @@ "rtmr2": "96009de5c29b9060af7324c16cfd4d2bc6722035581dc4651aebe6e8865a930998635e8ed90079ff453f4aa42e788c61" } } + }, + "seismic-dev-gcp-20251208213459.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251208213459.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "526f4d25c56346a0960a2af450073398256d696e44f4c82dfd60e417bd0eaff4b4be0d501ef234d9d0d4ca38c79619f3", + "rtmr2": "8ee2d32b0d2db79c967f9fb70ce806c55e5a4b34b340e5e672069e125fc70756dbffad04f40b7ce93ae45fc300cee0af" + } + } + }, + "seismic-dev-gcp-20251208220938.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251208220938.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "14b230ca9a1b38e56b06fe2e07daa2aa1f0c7e4959a52ff2cb5f069cb792c066581a07a0e4aed1ab5699abc7dfd8f021", + "rtmr2": "6070a06119804f05903d401da675c0c8fb0ea8cce7d2cd1c4a316a18fe335b3a07269fe57467cc4389b9e9a2a2119153" + } + } + }, + "seismic-dev-gcp-20251209154717.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209154717.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "ceddd9cd4f72ee4032359a64a297a86d3a5341bc10b73a854e54a4a01103c79bdfbea39353376afa148b3eff3712f091", + "rtmr2": "d2750454488a8db2f3ccd78d13ea8504ad2e54886400b56b74c1a3239a2ad615ad43ba800b4f9cf5d0d25460a47c0014" + } + } + }, + "seismic-dev-gcp-20251209162240.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209162240.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "d9e0d6407360d45791c96601c76f87cd8aee5fb5e56cca2028013862fa49229784260088c80331e54a751bc0b97e691e", + "rtmr2": "f4e5a1981430f292d55e1da9791b622ba0229ec9e38590afab4f24f438b6a9662dc5e69e3d7f9373e0e85f72806b6fa1" + } + } + }, + "seismic-dev-gcp-20251209164245.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209164245.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "f8453ef5791ce913493f44fde40b90050751f7036b05a22d69be4b96adac61cc3ff254caa14527091d4cefd6ef8bd6cb", + "rtmr2": "2e6ab7b5ae1b48605bade66cb7f8fd928c9a3717c0ec40d80a6dc5b5d329749fa0a5c3253ca1c29c9c46ded2b536cd54" + } + } + }, + "seismic-dev-gcp-20251209170538.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209170538.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "8e01f69cc75c06d4654a2ae3c254e1daa3b08ef7dafd50f9bc8bf1044d3bb3b07f9505fd34380ea239f59a012eba63ca", + "rtmr2": "73daaead0a39e46eeaf3715d521a40c1c198c1dc25eb06bb5b6649b32a20bd00d79fe8b04da5ac70bde3decc9258a869" + } + } + }, + "seismic-dev-gcp-20251209181511.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209181511.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "ea500c04cc9f0ce8452f77d5c59030b1b6dfc2ac83d06faa05a5f98617dc864fc682e169645f156030a7d42e0630394c", + "rtmr2": "6b5b958247b5053c51b46f35a17f91f4c04429b3414dd525c2c88dd0a8204be1690278ac4c90c99fde45040b268ec449" + } + } } } } \ No newline at end of file From 8655e9a7de2d357c47961733f517e22632065cf3 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 9 Dec 2025 20:37:05 +0000 Subject: [PATCH 21/43] remove --- deploy_metadata.json | 80 ++++++++++++++++++++++++++++-------------- yocto/cloud/gcp/api.py | 1 + 2 files changed, 54 insertions(+), 27 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 5e14ffdc..9017a10d 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -174,43 +174,24 @@ }, "data_disk": "gcp-genesis-6-persistent" }, - "gcp-genesis-1": { - "artifact": "seismic-dev-gcp-20251205223407.tar.gz", - "public_ip": "136.112.41.176", + "gcp-genesis-17": { + "artifact": "seismic-dev-gcp-20251209201008.tar.gz", + "public_ip": "34.71.110.81", "domain": { - "url": "https://gcp-1.seismictest.net", - "record": "gcp-1", + "url": "https://gcp-17.seismictest.net", + "record": "gcp-17", "name": "seismictest.net", "resource_group": "yocto-testnet" }, "vm": { "resourceGroup": "testnet-477314", - "name": "gcp-genesis-1", - "nsgName": "gcp-genesis-1", + "name": "gcp-genesis-17", + "nsgName": "gcp-genesis-17", "cloud": "gcp", "region": "us-central1-a", "size": "c3-standard-4" }, - "data_disk": "gcp-genesis-1-persistent" - }, - "gcp-genesis-2": { - "artifact": "seismic-dev-gcp-20251209181511.tar.gz", - "public_ip": "136.119.55.52", - "domain": { - "url": "https://gcp-2.seismictest.net", - "record": "gcp-2", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-2", - "nsgName": "gcp-genesis-2", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-2-persistent" + "data_disk": "gcp-genesis-17-persistent" } } }, @@ -424,6 +405,51 @@ "rtmr2": "6b5b958247b5053c51b46f35a17f91f4c04429b3414dd525c2c88dd0a8204be1690278ac4c90c99fde45040b268ec449" } } + }, + "seismic-dev-gcp-20251209192151.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209192151.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "569d9f3d105fa06270d706fc48f60cbc43cd27fe1c2bba91efac4f7574fd85d54d4af650af19f0b5dbbf61769f6e64be", + "rtmr2": "72ee21552474f1443154db4a1f3f87ef8cb600c64ffcbcf4207aaaef48993294291155be168f70e26d67555b685c5ee4" + } + } + }, + "seismic-dev-gcp-20251209194711.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209194711.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "e4916570e3a5dd44650c31db904e627fac26634572517940a15832aced71a8e634bc2b17af8edaabf38a3228a93cffd3", + "rtmr2": "54338f5fe4083979301da21d146d3127cfa38058319cea9f868cbd7d1d05797bdeda783a6901e11c1707ea9272072177" + } + } + }, + "seismic-dev-gcp-20251209201008.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209201008.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "6e2a9f0b0ef38068ab343eb643519d4bd3bc027ea20e49d823579e298a90dac57246d222f1350cde09708fa8416a5906", + "rtmr2": "55c6a5f53c4ca833c515e964caad06aa06bcc22a0508f7f63c6fe07784485db50e7196182ea909bc03f68d7238aa16f3" + } + } } } } \ No newline at end of file diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index 6e5b8dfc..e69a1bd9 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -824,6 +824,7 @@ def attach_data_disk( disk_path = f"projects/{resource_group}/zones/{zone}/disks/" attached_disk.source = f"{disk_path}{disk_name}" attached_disk.auto_delete = False + attached_disk.interface = "SCSI" # Use SCSI to avoid NVMe I/O issues on TDX operation = instance_client.attach_disk( project=resource_group, From 8b7cd4a5e9eba92b4d46caa0237fd3d126cf83bf Mon Sep 17 00:00:00 2001 From: cdrappi Date: Wed, 10 Dec 2025 13:44:23 -0500 Subject: [PATCH 22/43] hopefully --- yocto/cloud/gcp/api.py | 186 +++++-------------------------------- yocto/deployment/deploy.py | 28 +++--- 2 files changed, 41 insertions(+), 173 deletions(-) diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index e69a1bd9..6067bc46 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -801,158 +801,6 @@ def create_data_disk( ) logger.info(f"Data disk {disk_name} created successfully") - @classmethod - def attach_data_disk( - cls, - resource_group: str, - vm_name: str, - disk_name: str, - zone: str, - lun: int = 10, - show_logs: bool = False, - ) -> None: - """Attach a data disk to a VM. - - Args: - zone: For GCP, the zone where the VM and disk are located. - """ - logger.info(f"Attaching data disk {disk_name} to {vm_name}") - - instance_client = compute_v1.InstancesClient() - - attached_disk = compute_v1.AttachedDisk() - disk_path = f"projects/{resource_group}/zones/{zone}/disks/" - attached_disk.source = f"{disk_path}{disk_name}" - attached_disk.auto_delete = False - attached_disk.interface = "SCSI" # Use SCSI to avoid NVMe I/O issues on TDX - - operation = instance_client.attach_disk( - project=resource_group, - zone=zone, - instance=vm_name, - attached_disk_resource=attached_disk, - ) - - wait_for_extended_operation( - operation, f"disk attachment for {disk_name}" - ) - logger.info(f"Disk {disk_name} attached to {vm_name} successfully") - - @classmethod - def create_user_data_file(cls, config: DeployConfigs) -> str: - """Create temporary user data file.""" - fd, temp_file = tempfile.mkstemp(suffix=".yaml") - try: - with os.fdopen(fd, "w") as f: - f.write(f'CERTBOT_EMAIL="{config.email}"\n') - f.write(f'RECORD_NAME="{config.domain.record}"\n') - f.write(f'DOMAIN="{config.domain.name}"\n') - - logger.info(f"Created temporary user-data file: {temp_file}") - with open(temp_file) as f: - logger.info(f.read()) - - return temp_file - except: - os.close(fd) - raise - - @classmethod - def create_vm_simple( - cls, - vm_name: str, - vm_size: str, - resource_group: str, - location: str, - os_disk_name: str, - nsg_name: str, - ip_name: str, - show_logs: bool = False, - ) -> None: - """Create a confidential VM without user-data. - - Args: - location: For GCP, this should be the zone (e.g., 'us-central1-a') - """ - logger.info("Creating TDX-enabled confidential VM...") - - instance_client = compute_v1.InstancesClient() - - # Configure network interface with external IP - network_interface = compute_v1.NetworkInterface() - network_interface.network = ( - f"projects/{resource_group}/global/networks/default" - ) - network_interface.stack_type = "IPV4_ONLY" - network_interface.nic_type = DEFAULT_NIC_TYPE - - # Add access config for external IP - access_config = compute_v1.AccessConfig() - access_config.name = "External NAT" - access_config.type_ = "ONE_TO_ONE_NAT" - - # Get the reserved IP address if ip_name is provided - if ip_name: - reserved_ip = cls.get_existing_public_ip(ip_name, resource_group) - if reserved_ip: - access_config.nat_i_p = reserved_ip - logger.info(f"Using reserved IP: {reserved_ip}") - else: - logger.warning( - f"Reserved IP {ip_name} not found, using ephemeral IP" - ) - - network_interface.access_configs = [access_config] - - # Configure attached disk - attached_disk = compute_v1.AttachedDisk() - attached_disk.boot = True - attached_disk.auto_delete = True - attached_disk.mode = "READ_WRITE" - attached_disk.device_name = vm_name - attached_disk.source = ( - f"projects/{resource_group}/zones/{location}/disks/{os_disk_name}" - ) - - # Configure shielded instance config - shielded_config = compute_v1.ShieldedInstanceConfig() - shielded_config.enable_secure_boot = False - shielded_config.enable_vtpm = True - shielded_config.enable_integrity_monitoring = True - - # Configure confidential instance config - confidential_config = compute_v1.ConfidentialInstanceConfig() - confidential_config.confidential_instance_type = "TDX" - - # Configure scheduling - scheduling = compute_v1.Scheduling() - scheduling.on_host_maintenance = "TERMINATE" - scheduling.provisioning_model = DEFAULT_PROVISIONING_MODEL - - # Configure network tags for firewall rules - tags = compute_v1.Tags() - tags.items = [vm_name] - - # Create instance - instance = compute_v1.Instance() - instance.name = vm_name - instance.machine_type = f"zones/{location}/machineTypes/{vm_size}" - instance.network_interfaces = [network_interface] - instance.disks = [attached_disk] - instance.shielded_instance_config = shielded_config - instance.confidential_instance_config = confidential_config - instance.scheduling = scheduling - instance.tags = tags - - operation = instance_client.insert( - project=resource_group, - zone=location, - instance_resource=instance, - ) - - wait_for_extended_operation(operation, "VM creation") - logger.info(f"VM {vm_name} created successfully") - @classmethod def create_vm( cls, @@ -960,14 +808,15 @@ def create_vm( image_path: Path, ip_name: str, disk_name: str, + data_disk_name: str | None = None, ) -> None: """Create the virtual machine with user-data. - Args: config: Deployment configuration image_path: Path to the image file ip_name: Name of the IP address disk_name: Sanitized disk name to use for the VM + data_disk_name: Optional name of the persistent data disk """ user_data_file = cls.create_user_data_file(config) @@ -1009,17 +858,32 @@ def create_vm( network_interface.access_configs = [access_config] - # Configure attached disk - attached_disk = compute_v1.AttachedDisk() - attached_disk.boot = True - attached_disk.auto_delete = True - attached_disk.mode = "READ_WRITE" - attached_disk.device_name = config.vm.name - attached_disk.source = ( + # Configure boot disk + boot_disk = compute_v1.AttachedDisk() + boot_disk.boot = True + boot_disk.auto_delete = True + boot_disk.mode = "READ_WRITE" + boot_disk.device_name = config.vm.name + boot_disk.source = ( f"projects/{config.vm.resource_group}/zones/" f"{config.vm.location}/disks/{disk_name}" ) + disks = [boot_disk] + + # Configure and add data disk if provided + if data_disk_name: + logger.info(f"Attaching data disk {data_disk_name} at creation") + data_disk = compute_v1.AttachedDisk() + data_disk.source = ( + f"projects/{config.vm.resource_group}/zones/" + f"{config.vm.location}/disks/{data_disk_name}" + ) + data_disk.auto_delete = False + # Use NVME for data disks on GCP + data_disk.interface = "NVME" + disks.append(data_disk) + # Configure shielded instance config shielded_config = compute_v1.ShieldedInstanceConfig() shielded_config.enable_secure_boot = False @@ -1053,7 +917,7 @@ def create_vm( f"zones/{config.vm.location}/machineTypes/{config.vm.size}" ) instance.network_interfaces = [network_interface] - instance.disks = [attached_disk] + instance.disks = disks instance.shielded_instance_config = shielded_config instance.confidential_instance_config = confidential_config instance.scheduling = scheduling diff --git a/yocto/deployment/deploy.py b/yocto/deployment/deploy.py index ea4a370c..4642b226 100644 --- a/yocto/deployment/deploy.py +++ b/yocto/deployment/deploy.py @@ -75,9 +75,6 @@ def deploy_image( cloud_api.create_nsg(configs) cloud_api.create_standard_nsg_rules(configs) - # Actually create the VM - cloud_api.create_vm(configs, image_path, ip_name, disk_name) - # Create and attach persistent data disk at LUN 10 (required by tdx-init) data_disk_name = f"{configs.vm.name}-persistent" logger.info(f"Creating persistent data disk: {data_disk_name}") @@ -86,18 +83,25 @@ def deploy_image( disk_name=data_disk_name, location=configs.vm.location, size_gb=1024, # 1TB default - sku="pd-ssd", - show_logs=configs.show_logs, - ) - cloud_api.attach_data_disk( - resource_group=configs.vm.resource_group, - vm_name=configs.vm.name, - disk_name=data_disk_name, - zone=configs.vm.location, # Not used by Azure but required by API - lun=10, # MUST be LUN 10 for tdx-init show_logs=configs.show_logs, ) + # Actually create the VM + if configs.vm.cloud == CloudProvider.GCP: + # For GCP, attach the data disk at creation to avoid hot-plug issues + cloud_api.create_vm(configs, image_path, ip_name, disk_name, data_disk_name) + else: + # For Azure, create the VM and then attach the disk + cloud_api.create_vm(configs, image_path, ip_name, disk_name) + cloud_api.attach_data_disk( + resource_group=configs.vm.resource_group, + vm_name=configs.vm.name, + disk_name=data_disk_name, + zone=configs.vm.location, # Not used by Azure but required by API + lun=10, # MUST be LUN 10 for tdx-init + show_logs=configs.show_logs, + ) + # Get the VM's IP address public_ip = cloud_api.get_vm_ip( vm_name=configs.vm.name, From 73507a2dc1c723cbc8a6dfcc03e0cceae8dcca29 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 10 Dec 2025 18:45:36 +0000 Subject: [PATCH 23/43] ghm --- deploy_metadata.json | 136 ++++++++++++++++++++++++++++++++++++++--- yocto/cloud/gcp/api.py | 4 +- 2 files changed, 131 insertions(+), 9 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 9017a10d..7def4d7d 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -174,24 +174,24 @@ }, "data_disk": "gcp-genesis-6-persistent" }, - "gcp-genesis-17": { - "artifact": "seismic-dev-gcp-20251209201008.tar.gz", - "public_ip": "34.71.110.81", + "gcp-genesis-13": { + "artifact": "seismic-dev-gcp-20251210170519.tar.gz", + "public_ip": "34.63.184.53", "domain": { - "url": "https://gcp-17.seismictest.net", - "record": "gcp-17", + "url": "https://gcp-13.seismictest.net", + "record": "gcp-13", "name": "seismictest.net", "resource_group": "yocto-testnet" }, "vm": { "resourceGroup": "testnet-477314", - "name": "gcp-genesis-17", - "nsgName": "gcp-genesis-17", + "name": "gcp-genesis-13", + "nsgName": "gcp-genesis-13", "cloud": "gcp", "region": "us-central1-a", "size": "c3-standard-4" }, - "data_disk": "gcp-genesis-17-persistent" + "data_disk": "gcp-genesis-13-persistent" } } }, @@ -450,6 +450,126 @@ "rtmr2": "55c6a5f53c4ca833c515e964caad06aa06bcc22a0508f7f63c6fe07784485db50e7196182ea909bc03f68d7238aa16f3" } } + }, + "seismic-dev-gcp-20251209204128.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209204128.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "640f8acdc5d1b4181ce6900ec83d1881099511191f35e19643d4f4b14f580420bebf181be6aeb07fc9e96908777027fa", + "rtmr2": "d7d2a7568eff24b2f3f8806d5733f8f0cf86257f012aef9971bd5eef3d1bebe4acca12d82cda51852e037ef83261c273" + } + } + }, + "seismic-dev-gcp-20251209214038.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209214038.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "d51eda2641253a8611cd2dfc897c1721743bb45474b2704d04cc5fcc8838c69ad630f0c0eee9684fc3d64b2145898bca", + "rtmr2": "b44c1282c4e49c821e421cb83abf7ca4810f5fc4c4303cda19d3bd4d91c770da99f7c4f2e46e754a4bb5c8ce13f39b58" + } + } + }, + "seismic-dev-gcp-20251209220132.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209220132.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "9e324aaf3e810d21654b91a29a741ade57af7e8955634649af903aadca534b25cb3ca55fdd6526886b067c2e1187a3b2", + "rtmr2": "a4047a4a0ac573ec91473ae5ca2890d37862ed87abc7425cc3ec56c8c6a677166979b60a02165065ccb07e060c8e7bd0" + } + } + }, + "seismic-dev-gcp-20251209221845.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209221845.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "c39cd9af8c89e28ec8f1b0789e5e603a053caf87a25c7d5aacf3721882dcac3c334a205952348ce0075a66d02a9172d8", + "rtmr2": "95c84b28a1a3cc427e2edc0003bdc05bfb3c033b23dbfe78642f4652c63fbab4b983a8c6ac53a5a95ed76bf137d6cecb" + } + } + }, + "seismic-dev-gcp-20251209224347.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251209224347.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "3d3826d3dfa1bc159533788d42251fecb8348ca4ffc6cace7ca0d2d46f8f2f2f94b7aec2b318d201a65e945005b80611", + "rtmr2": "91d88e891e4b3622b96ba4722d22397785fb4e9e233bd66efbcb7e88ab6d17ec8fc844bd5ad8b9f59e0c1058a86fdd04" + } + } + }, + "seismic-dev-gcp-20251210154444.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251210154444.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "7377ca21167fe0eb4b918c9092ef7cef29c641378823965e8a48789167d67763c2a09463eeb63849b3392623549f5f46", + "rtmr2": "91c449bee765dbd4fa0f038d939f749986da1722a6980789d6dd45df2e331165282eae5147b010961d93307101e8e4c1" + } + } + }, + "seismic-dev-gcp-20251210165057.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251210165057.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "b76f15c6d7d5f5f2ca1031f4de09f6f374db05a23c26f2047e0cf9d6231b476e0fcd0feaaf68f228d7f14e935636afb3", + "rtmr2": "39ad4f528a97d31316652818f8cc231220abff98d3e79d16b3995ba79b24d7029c9f1cd39647895b163bcd54d5b976bf" + } + } + }, + "seismic-dev-gcp-20251210170519.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251210170519.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "3a3523a0c2b385579fe3816c33774c96fcae9afa6001ea094bd1b32439c85796fcbd133860cbf46e0d80147e0b2ba6f4", + "rtmr2": "b7698feabad08fdb4e43469547f06991ce8b02152c69e146f372eb82ba93aa4267430c2a2e359e647a8235c05a53aa32" + } + } } } } \ No newline at end of file diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index e69a1bd9..179eb8e1 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -824,7 +824,7 @@ def attach_data_disk( disk_path = f"projects/{resource_group}/zones/{zone}/disks/" attached_disk.source = f"{disk_path}{disk_name}" attached_disk.auto_delete = False - attached_disk.interface = "SCSI" # Use SCSI to avoid NVMe I/O issues on TDX + attached_disk.interface = "NVME" operation = instance_client.attach_disk( project=resource_group, @@ -909,6 +909,7 @@ def create_vm_simple( attached_disk.boot = True attached_disk.auto_delete = True attached_disk.mode = "READ_WRITE" + attached_disk.interface = "NVME" attached_disk.device_name = vm_name attached_disk.source = ( f"projects/{resource_group}/zones/{location}/disks/{os_disk_name}" @@ -1014,6 +1015,7 @@ def create_vm( attached_disk.boot = True attached_disk.auto_delete = True attached_disk.mode = "READ_WRITE" + attached_disk.interface = "NVME" attached_disk.device_name = config.vm.name attached_disk.source = ( f"projects/{config.vm.resource_group}/zones/" From 3b6ce3a6e3d5e5d64849762d35e7fbedb944dbbc Mon Sep 17 00:00:00 2001 From: cdrappi Date: Wed, 10 Dec 2025 13:56:15 -0500 Subject: [PATCH 24/43] fix --- yocto/cloud/azure/api.py | 66 ++++++------- yocto/cloud/cloud_api.py | 6 +- yocto/cloud/gcp/api.py | 198 ++++++++++++++++++--------------------- 3 files changed, 120 insertions(+), 150 deletions(-) diff --git a/yocto/cloud/azure/api.py b/yocto/cloud/azure/api.py index 49162eca..58b60161 100644 --- a/yocto/cloud/azure/api.py +++ b/yocto/cloud/azure/api.py @@ -645,43 +645,35 @@ def create_vm( disk_name: str, ) -> None: """Create the virtual machine with user-data.""" - user_data_file = cls.create_user_data_file(config) - - try: - logger.info("Booting VM...") - cmd = [ - "az", - "vm", - "create", - "--name", - config.vm.name, - "--size", - config.vm.size, - "--resource-group", - config.vm.resource_group, - "--attach-os-disk", - disk_name, - "--security-type", - "ConfidentialVM", - "--enable-vtpm", - "true", - "--enable-secure-boot", - "false", - "--os-disk-security-encryption-type", - "NonPersistedTPM", - "--os-type", - "Linux", - "--nsg", - config.vm.nsg_name, - "--public-ip-address", - ip_name, - "--user-data", - user_data_file, - ] - cls.run_command(cmd, show_logs=False) - finally: - os.unlink(user_data_file) - logger.info(f"Deleted temporary user-data file: {user_data_file}") + logger.info("Booting VM...") + cmd = [ + "az", + "vm", + "create", + "--name", + config.vm.name, + "--size", + config.vm.size, + "--resource-group", + config.vm.resource_group, + "--attach-os-disk", + disk_name, + "--security-type", + "ConfidentialVM", + "--enable-vtpm", + "true", + "--enable-secure-boot", + "false", + "--os-disk-security-encryption-type", + "NonPersistedTPM", + "--os-type", + "Linux", + "--nsg", + config.vm.nsg_name, + "--public-ip-address", + ip_name, + ] + cls.run_command(cmd, show_logs=False) @classmethod def get_vm_ip(cls, vm_name: str, resource_group: str, location: str) -> str: diff --git a/yocto/cloud/cloud_api.py b/yocto/cloud/cloud_api.py index c2b41d2c..744951e7 100644 --- a/yocto/cloud/cloud_api.py +++ b/yocto/cloud/cloud_api.py @@ -239,11 +239,7 @@ def attach_data_disk( """Attach a data disk to a VM.""" raise NotImplementedError - @classmethod - @abstractmethod - def create_user_data_file(cls, config: "DeployConfigs") -> str: - """Create temporary user data file.""" - raise NotImplementedError + @classmethod @abstractmethod diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index 6067bc46..87ebffaf 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -818,123 +818,105 @@ def create_vm( disk_name: Sanitized disk name to use for the VM data_disk_name: Optional name of the persistent data disk """ - user_data_file = cls.create_user_data_file(config) + logger.info("Booting VM...") - try: - logger.info("Booting VM...") - - instance_client = compute_v1.InstancesClient() - - # Read user data content - with open(user_data_file) as f: - user_data_content = f.read() + instance_client = compute_v1.InstancesClient() - # Configure network interface with external IP - network_interface = compute_v1.NetworkInterface() - network_interface.network = ( - f"projects/{config.vm.resource_group}/global/networks/default" + # Configure network interface with external IP + network_interface = compute_v1.NetworkInterface() + network_interface.network = ( + f"projects/{config.vm.resource_group}/global/networks/default" + ) + network_interface.stack_type = "IPV4_ONLY" + network_interface.nic_type = DEFAULT_NIC_TYPE + + # Add access config for external IP + access_config = compute_v1.AccessConfig() + access_config.name = "External NAT" + access_config.type_ = "ONE_TO_ONE_NAT" + + # Get the reserved IP address if ip_name is provided + if ip_name: + reserved_ip = cls.get_existing_public_ip( + ip_name, config.vm.resource_group ) - network_interface.stack_type = "IPV4_ONLY" - network_interface.nic_type = DEFAULT_NIC_TYPE - - # Add access config for external IP - access_config = compute_v1.AccessConfig() - access_config.name = "External NAT" - access_config.type_ = "ONE_TO_ONE_NAT" - - # Get the reserved IP address if ip_name is provided - if ip_name: - reserved_ip = cls.get_existing_public_ip( - ip_name, config.vm.resource_group + if reserved_ip: + access_config.nat_i_p = reserved_ip + logger.info(f"Using reserved IP: {reserved_ip}") + else: + logger.warning( + f"Reserved IP {ip_name} not found, " + "using ephemeral IP" ) - if reserved_ip: - access_config.nat_i_p = reserved_ip - logger.info(f"Using reserved IP: {reserved_ip}") - else: - logger.warning( - f"Reserved IP {ip_name} not found, " - "using ephemeral IP" - ) - - network_interface.access_configs = [access_config] - # Configure boot disk - boot_disk = compute_v1.AttachedDisk() - boot_disk.boot = True - boot_disk.auto_delete = True - boot_disk.mode = "READ_WRITE" - boot_disk.device_name = config.vm.name - boot_disk.source = ( - f"projects/{config.vm.resource_group}/zones/" - f"{config.vm.location}/disks/{disk_name}" - ) + network_interface.access_configs = [access_config] + + # Configure boot disk + boot_disk = compute_v1.AttachedDisk() + boot_disk.boot = True + boot_disk.auto_delete = True + boot_disk.mode = "READ_WRITE" + boot_disk.device_name = config.vm.name + boot_disk.source = ( + f"projects/{config.vm.resource_group}/zones/" + f"{config.vm.location}/disks/{disk_name}" + ) - disks = [boot_disk] + disks = [boot_disk] - # Configure and add data disk if provided - if data_disk_name: - logger.info(f"Attaching data disk {data_disk_name} at creation") - data_disk = compute_v1.AttachedDisk() - data_disk.source = ( - f"projects/{config.vm.resource_group}/zones/" - f"{config.vm.location}/disks/{data_disk_name}" - ) - data_disk.auto_delete = False - # Use NVME for data disks on GCP - data_disk.interface = "NVME" - disks.append(data_disk) - - # Configure shielded instance config - shielded_config = compute_v1.ShieldedInstanceConfig() - shielded_config.enable_secure_boot = False - shielded_config.enable_vtpm = True - shielded_config.enable_integrity_monitoring = True - - # Configure confidential instance config - confidential_config = compute_v1.ConfidentialInstanceConfig() - confidential_config.confidential_instance_type = "TDX" - - # Configure scheduling - scheduling = compute_v1.Scheduling() - scheduling.on_host_maintenance = "TERMINATE" - scheduling.provisioning_model = DEFAULT_PROVISIONING_MODEL - - # Configure metadata with user-data - metadata = compute_v1.Metadata() - metadata_item = compute_v1.Items() - metadata_item.key = "user-data" - metadata_item.value = user_data_content - metadata.items = [metadata_item] - - # Configure network tags for firewall rules - tags = compute_v1.Tags() - tags.items = [config.vm.name] - - # Create instance - instance = compute_v1.Instance() - instance.name = config.vm.name - instance.machine_type = ( - f"zones/{config.vm.location}/machineTypes/{config.vm.size}" - ) - instance.network_interfaces = [network_interface] - instance.disks = disks - instance.shielded_instance_config = shielded_config - instance.confidential_instance_config = confidential_config - instance.scheduling = scheduling - instance.metadata = metadata - instance.tags = tags - - operation = instance_client.insert( - project=config.vm.resource_group, - zone=config.vm.location, - instance_resource=instance, + # Configure and add data disk if provided + if data_disk_name: + logger.info(f"Attaching data disk {data_disk_name} at creation") + data_disk = compute_v1.AttachedDisk() + data_disk.source = ( + f"projects/{config.vm.resource_group}/zones/" + f"{config.vm.location}/disks/{data_disk_name}" ) + data_disk.auto_delete = False + # Use NVME for data disks on GCP + data_disk.interface = "NVME" + disks.append(data_disk) + + # Configure shielded instance config + shielded_config = compute_v1.ShieldedInstanceConfig() + shielded_config.enable_secure_boot = False + shielded_config.enable_vtpm = True + shielded_config.enable_integrity_monitoring = True + + # Configure confidential instance config + confidential_config = compute_v1.ConfidentialInstanceConfig() + confidential_config.confidential_instance_type = "TDX" + + # Configure scheduling + scheduling = compute_v1.Scheduling() + scheduling.on_host_maintenance = "TERMINATE" + scheduling.provisioning_model = DEFAULT_PROVISIONING_MODEL + + # Configure network tags for firewall rules + tags = compute_v1.Tags() + tags.items = [config.vm.name] + + # Create instance + instance = compute_v1.Instance() + instance.name = config.vm.name + instance.machine_type = ( + f"zones/{config.vm.location}/machineTypes/{config.vm.size}" + ) + instance.network_interfaces = [network_interface] + instance.disks = disks + instance.shielded_instance_config = shielded_config + instance.confidential_instance_config = confidential_config + instance.scheduling = scheduling + instance.tags = tags + + operation = instance_client.insert( + project=config.vm.resource_group, + zone=config.vm.location, + instance_resource=instance, + ) - wait_for_extended_operation(operation, "VM creation") - logger.info(f"VM {config.vm.name} created successfully") - finally: - os.unlink(user_data_file) - logger.info(f"Deleted temporary user-data file: {user_data_file}") + wait_for_extended_operation(operation, "VM creation") + logger.info(f"VM {config.vm.name} created successfully") @classmethod def get_vm_ip(cls, vm_name: str, resource_group: str, location: str) -> str: From 397b950eda49bb111fe056cb61c61d625236319a Mon Sep 17 00:00:00 2001 From: cdrappi Date: Wed, 10 Dec 2025 14:30:37 -0500 Subject: [PATCH 25/43] data disk name --- yocto/cloud/gcp/api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index 87ebffaf..844dff69 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -353,7 +353,6 @@ def _create_image_from_gcs( # VIRTIO_SCSI_MULTIQUEUE,GVNIC,TDX_CAPABLE guest_os_features = [ "UEFI_COMPATIBLE", - "VIRTIO_SCSI_MULTIQUEUE", "GVNIC", "TDX_CAPABLE", ] @@ -873,6 +872,7 @@ def create_vm( f"{config.vm.location}/disks/{data_disk_name}" ) data_disk.auto_delete = False + data_disk.device_name = data_disk_name # Use NVME for data disks on GCP data_disk.interface = "NVME" disks.append(data_disk) From cc63ed1b862dd55fa549d708de7d933c70659fe2 Mon Sep 17 00:00:00 2001 From: cdrappi Date: Wed, 10 Dec 2025 17:03:37 -0500 Subject: [PATCH 26/43] only balanced disk --- yocto/deployment/deploy.py | 1 + 1 file changed, 1 insertion(+) diff --git a/yocto/deployment/deploy.py b/yocto/deployment/deploy.py index 4642b226..71c267ee 100644 --- a/yocto/deployment/deploy.py +++ b/yocto/deployment/deploy.py @@ -83,6 +83,7 @@ def deploy_image( disk_name=data_disk_name, location=configs.vm.location, size_gb=1024, # 1TB default + sku="pd-balanced", # Required for GCP TDX show_logs=configs.show_logs, ) From 64bab5158aa504c6dacd333cc1572b2c16844c25 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 10 Dec 2025 22:04:14 +0000 Subject: [PATCH 27/43] fix --- deploy_metadata.json | 62 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 7def4d7d..a4cac916 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -175,7 +175,7 @@ "data_disk": "gcp-genesis-6-persistent" }, "gcp-genesis-13": { - "artifact": "seismic-dev-gcp-20251210170519.tar.gz", + "artifact": "seismic-dev-gcp-20251210214248.tar.gz", "public_ip": "34.63.184.53", "domain": { "url": "https://gcp-13.seismictest.net", @@ -570,6 +570,66 @@ "rtmr2": "b7698feabad08fdb4e43469547f06991ce8b02152c69e146f372eb82ba93aa4267430c2a2e359e647a8235c05a53aa32" } } + }, + "seismic-dev-gcp-20251210203654.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251210203654.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "6dd58a5f9958f39e46ae9459d2a388435bcbdbd740d4669f4551353a96de21f7357b5510ee5e5034fed72d824e7c4e03", + "rtmr2": "2f8a3bd9f0d00576c48a067ad9faee233e5c4046880bfcc43cf7d788bb5dbdcfdd8fe8862e28e47cea3c61afe2bbe29d" + } + } + }, + "seismic-dev-gcp-20251210205115.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251210205115.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "043b0c166c40f42827358a0223ddb7b9cf4152c385255e3c1b7592958b4d9807cbc27b0c3858d5da0588d08cedeb90a3", + "rtmr2": "83067a792db196d783d68077773363a6c8e89818605d1ad5656c88822c180cee621a5cab81e91f5c89d004fd33400a74" + } + } + }, + "seismic-dev-gcp-20251210210846.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251210210846.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "c2caefbb5e9b806428503a9af611a6fea99614424abc7c2bfebce90dd306cc688145642ec0362c10ed9e54e2562342cb", + "rtmr2": "2ee545ca43eb99be87088783f608c62c996322edbb377f17cf38b8135abdd2040a77d3171b5582f6251b0f463112d5de" + } + } + }, + "seismic-dev-gcp-20251210214248.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251210214248.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "346fcb50776abfef689ff5bb965c182ad7cc7b88b7c08e6b1a7889298522fce0d7717c3ef33f8d69405308ed04cebb60", + "rtmr2": "8b0c33342b5ebf675e366ad0120d6a5895490d16bb2e0abc01a1010301a85c0bbff60aba5b4f8dad0c0434af3db981a1" + } + } } } } \ No newline at end of file From d296557c6f67fde8bf96c8aa37475bf5f500c5ee Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 11 Dec 2025 00:14:52 +0000 Subject: [PATCH 28/43] ugh --- deploy_metadata.json | 47 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index a4cac916..5ec4dcc9 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -175,7 +175,7 @@ "data_disk": "gcp-genesis-6-persistent" }, "gcp-genesis-13": { - "artifact": "seismic-dev-gcp-20251210214248.tar.gz", + "artifact": "seismic-dev-gcp-20251211000054.tar.gz", "public_ip": "34.63.184.53", "domain": { "url": "https://gcp-13.seismictest.net", @@ -630,6 +630,51 @@ "rtmr2": "8b0c33342b5ebf675e366ad0120d6a5895490d16bb2e0abc01a1010301a85c0bbff60aba5b4f8dad0c0434af3db981a1" } } + }, + "seismic-dev-gcp-20251210222624.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251210222624.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "4feca596080f9584418f8c92ff00a9f45f57a3eb1b75677bf680e22a4d4ebb00b6cd91a3c4dfd9ae0588c3e75a7eb976", + "rtmr2": "62a6fe6cf2177aa6e8271142942c9147a79b955f379aa283e8c62b92089ad0a3bbfaed3b00c18a511b5154bd5e78289a" + } + } + }, + "seismic-dev-gcp-20251210234005.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251210234005.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "9988d7be47c84274322d9b7cd88041e1a603f3dde5569a091266feca2279c14b28f131df6ea24ed328660b26b0afa4b2", + "rtmr2": "d9f416df261f2b004e4f876eb84855a785bb4133ab9a0888db40ba603c23cca50068e83552aa716b278675b08a8d138f" + } + } + }, + "seismic-dev-gcp-20251211000054.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211000054.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "61e889d1db6a02ef1cfcbf1f6e32f383c005673761986e4cbc7652f85bbea5354d205761abd536fea49e13ac6132bf73", + "rtmr2": "c3bdbcde00c3de823611830faf8014200a77fe8a0c2905d347af44b118aea4aaca296789ba15a4ae9fe61a78ac1717ea" + } + } } } } \ No newline at end of file From 39dd4e7291bb0da67e99413f2fb375acfda898cc Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 11 Dec 2025 19:14:22 +0000 Subject: [PATCH 29/43] more failures --- deploy_metadata.json | 137 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 136 insertions(+), 1 deletion(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 5ec4dcc9..636e964b 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -175,7 +175,7 @@ "data_disk": "gcp-genesis-6-persistent" }, "gcp-genesis-13": { - "artifact": "seismic-dev-gcp-20251211000054.tar.gz", + "artifact": "seismic-dev-gcp-20251211182712.tar.gz", "public_ip": "34.63.184.53", "domain": { "url": "https://gcp-13.seismictest.net", @@ -675,6 +675,141 @@ "rtmr2": "c3bdbcde00c3de823611830faf8014200a77fe8a0c2905d347af44b118aea4aaca296789ba15a4ae9fe61a78ac1717ea" } } + }, + "seismic-dev-gcp-20251211140647.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211140647.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "e1db8eb533d85bdb5afe623c1954e8ad0f05c95574f0a4980d2312a72ae9bfc7d35ddd4733dfee151020a4f95d3e61db", + "rtmr2": "7652f51fb2b93497caa286f5f2d5f370efa11511ff67b3ab7cac7fd1969244b34b266c1e0e71db02b06c93c141b34400" + } + } + }, + "seismic-dev-gcp-20251211145352.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211145352.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "88563c9db2d9614cf220ca58782e76a63cdccff21c5e5dbe818781b1ce661039375136f40dceb2745501ef0765807220", + "rtmr2": "f820c1564135bba0f987c630fe523bdb26e83a87c0091c74f9fac31e4b7640f3bf7e7216da13979da366100d60a987cb" + } + } + }, + "seismic-dev-gcp-20251211151738.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211151738.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "a9f623eee9f3ff0419d20bfb6bfbdb0c89d479e27a19f6a2856779a78ab50ded92655ad80b426cb4d4dd00f04197c3ef", + "rtmr2": "dbcb1ee7544db6d2bccda6169e104ad82b0a0a1628fdd0c89ae6d1d43bca4b53520243db7571e846e392239287a53432" + } + } + }, + "seismic-dev-gcp-20251211161255.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211161255.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "464c436543f9b2267ae614f92d6554759b41e06d4fd2cf909e6d72fd0b574539963fd8ce298751089f2e1745c86970b9", + "rtmr2": "d529a00ef9c48aa0929e40d586e8206f8a9a516e6dfe586e6c973556e4003be32b3b64e68a00c5d8bdc031f043d1706d" + } + } + }, + "seismic-dev-gcp-20251211161802.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211161802.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "c1b632d84eb4fb8b6c41d783780627e35633ec67e05873a8cf4e0a70847b229bcc5dc21a529f795bc067eeb6c04ba463", + "rtmr2": "8f4262f0061bd0bc28888afefd3111b8f7792fe3fd870bfc6e52f2699b8bdccea0e11fcd317a3c4b0d18a5296acdb941" + } + } + }, + "seismic-dev-gcp-20251211163634.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211163634.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "1470d99b1e6bf540805c71a2667a0d52375297babced1319448e9ac6708661d086036efada6afca94c6fee0028619122", + "rtmr2": "aa9510a8c63820f54f106b1184d0a708e645ecee4f4d234be4332a71fbed61473b6497def7d6a1f8f024098954b16d28" + } + } + }, + "seismic-dev-gcp-20251211175220.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211175220.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "ee44bbf962d390fed9290f662cc16a64f15af5a15492f79a96d4f8946bf7e7992b8081cc5143446cea6efeeb2b5da64f", + "rtmr2": "79f6d54b6a4854ff19069bc97fcbf0e9d6f31f87534e616003baca4720e170b39bc544b34548c47a689fcbf197cfbbcb" + } + } + }, + "seismic-dev-gcp-20251211182712.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211182712.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "530d9dd31f04fd0eba8117f45f76ab1f0efd32a78724ac3fe3c555b884620b8f90cb41213c6da060060184edd13da7e9", + "rtmr2": "e276c27bf148885d310e4fcabf8f36cf8e9fffb32917bfc5e9675a3f1d6d0e55806c248bb66bab64e7fba5e1a733d630" + } + } + }, + "seismic-dev-gcp-20251211190010.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251211190010.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "5a52facfce3d4a31a98b258dd7924ef2956275e06de70b022a5efd57ab5a1452dc05427544119a44df90e92e3c929a99", + "rtmr2": "99a10d35695fe21fa58f8d3bf929efb940eb3b8681363d402ca2a6a9ad37ebb2bd3c8b05587ffaf6d8f9b40505bbb26e" + } + } } } } \ No newline at end of file From 8157972049c157cc921a3c3305db3b746ca7c1e2 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 12 Dec 2025 16:35:19 +0000 Subject: [PATCH 30/43] annoying --- deploy_metadata.json | 601 ++--------------------------------------- yocto/cloud/gcp/api.py | 13 +- 2 files changed, 29 insertions(+), 585 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 636e964b..a9765243 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -173,397 +173,14 @@ "size": "c3-standard-4" }, "data_disk": "gcp-genesis-6-persistent" - }, - "gcp-genesis-13": { - "artifact": "seismic-dev-gcp-20251211182712.tar.gz", - "public_ip": "34.63.184.53", - "domain": { - "url": "https://gcp-13.seismictest.net", - "record": "gcp-13", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-13", - "nsgName": "gcp-genesis-13", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-13-persistent" } } }, "artifacts": { - "seismic-dev-gcp-20251204212823.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251204212823.tar.gz", - "attestation_type": "gcp-tdx", - "measurements": { - "rtmr1": "8aec2780762adbe1dcedd4fb5198d680147c5c316efee9cb2fd115e77d65543ed8b980a46726656b003788c1a0d3347f", - "rtmr2": "eb9c5d58a250db1ee8a1ab2b9ce7626f84f2a313a19307e25842c3452cc3b8742a0e862641286b4d08e5e348d87492ee" - } - } - }, - "seismic-dev-gcp-20251205142735.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251205142735.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "8aec2780762adbe1dcedd4fb5198d680147c5c316efee9cb2fd115e77d65543ed8b980a46726656b003788c1a0d3347f", - "rtmr2": "eb9c5d58a250db1ee8a1ab2b9ce7626f84f2a313a19307e25842c3452cc3b8742a0e862641286b4d08e5e348d87492ee" - } - } - }, - "seismic-dev-gcp-20251205191407.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251205191407.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "d87096db53a59c2df615ace2c9a312085c0eed742ecf10e954c6c96db2712154cb98b94320f788999bc35e5becfd64ee", - "rtmr2": "5565f2373a292a9ed686ae71a3be9048f64a1a32f5bb51fc528e6bd0a1f26a7490a643d130423b3aa27f8e042828ded7" - } - } - }, - "seismic-dev-gcp-20251205200008.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251205200008.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "d87096db53a59c2df615ace2c9a312085c0eed742ecf10e954c6c96db2712154cb98b94320f788999bc35e5becfd64ee", - "rtmr2": "5565f2373a292a9ed686ae71a3be9048f64a1a32f5bb51fc528e6bd0a1f26a7490a643d130423b3aa27f8e042828ded7" - } - } - }, - "seismic-dev-gcp-20251205202740.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251205202740.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "0d5f07b4a8ba4fe0cf7a150ee31fd55abb0d28cabe6d57383f29f362e081252430cb7ba71bd8b6a61c7cf294d7be1ca5", - "rtmr2": "6a99622b6fcf9a74c06c296cae790560eefdb90c8bf63d43db74a303c2fc11477b658fb268f5efb44956f351cca56eb2" - } - } - }, - "seismic-dev-gcp-20251205210739.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251205210739.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "2436ecf6703e709482e2ea5879bf76c6d7a69e2b855644bc34e770a78d5e07fd09befcef0806e6cd40eddcb92da9d41c", - "rtmr2": "d24a34692066b9f7a3a6bfb81e4214bd69768515dfa84cdaa6529fd0cf8236341d0919157498cbea4155fd8338153331" - } - } - }, - "seismic-dev-gcp-20251205223407.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "e1251e6a4378a8f64b802e48f7ea1d2bf6862b41" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251205223407.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "28c0731109d4a615ab86f9cb78a6a66b8b4974230c8aaad3d7673138cc25336a42aeab38e9f1d023bb317afc9a161ce2", - "rtmr2": "96009de5c29b9060af7324c16cfd4d2bc6722035581dc4651aebe6e8865a930998635e8ed90079ff453f4aa42e788c61" - } - } - }, - "seismic-dev-gcp-20251208213459.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251208213459.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "526f4d25c56346a0960a2af450073398256d696e44f4c82dfd60e417bd0eaff4b4be0d501ef234d9d0d4ca38c79619f3", - "rtmr2": "8ee2d32b0d2db79c967f9fb70ce806c55e5a4b34b340e5e672069e125fc70756dbffad04f40b7ce93ae45fc300cee0af" - } - } - }, - "seismic-dev-gcp-20251208220938.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251208220938.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "14b230ca9a1b38e56b06fe2e07daa2aa1f0c7e4959a52ff2cb5f069cb792c066581a07a0e4aed1ab5699abc7dfd8f021", - "rtmr2": "6070a06119804f05903d401da675c0c8fb0ea8cce7d2cd1c4a316a18fe335b3a07269fe57467cc4389b9e9a2a2119153" - } - } - }, - "seismic-dev-gcp-20251209154717.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209154717.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "ceddd9cd4f72ee4032359a64a297a86d3a5341bc10b73a854e54a4a01103c79bdfbea39353376afa148b3eff3712f091", - "rtmr2": "d2750454488a8db2f3ccd78d13ea8504ad2e54886400b56b74c1a3239a2ad615ad43ba800b4f9cf5d0d25460a47c0014" - } - } - }, - "seismic-dev-gcp-20251209162240.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209162240.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "d9e0d6407360d45791c96601c76f87cd8aee5fb5e56cca2028013862fa49229784260088c80331e54a751bc0b97e691e", - "rtmr2": "f4e5a1981430f292d55e1da9791b622ba0229ec9e38590afab4f24f438b6a9662dc5e69e3d7f9373e0e85f72806b6fa1" - } - } - }, - "seismic-dev-gcp-20251209164245.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209164245.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "f8453ef5791ce913493f44fde40b90050751f7036b05a22d69be4b96adac61cc3ff254caa14527091d4cefd6ef8bd6cb", - "rtmr2": "2e6ab7b5ae1b48605bade66cb7f8fd928c9a3717c0ec40d80a6dc5b5d329749fa0a5c3253ca1c29c9c46ded2b536cd54" - } - } - }, - "seismic-dev-gcp-20251209170538.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209170538.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "8e01f69cc75c06d4654a2ae3c254e1daa3b08ef7dafd50f9bc8bf1044d3bb3b07f9505fd34380ea239f59a012eba63ca", - "rtmr2": "73daaead0a39e46eeaf3715d521a40c1c198c1dc25eb06bb5b6649b32a20bd00d79fe8b04da5ac70bde3decc9258a869" - } - } - }, - "seismic-dev-gcp-20251209181511.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209181511.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "ea500c04cc9f0ce8452f77d5c59030b1b6dfc2ac83d06faa05a5f98617dc864fc682e169645f156030a7d42e0630394c", - "rtmr2": "6b5b958247b5053c51b46f35a17f91f4c04429b3414dd525c2c88dd0a8204be1690278ac4c90c99fde45040b268ec449" - } - } - }, - "seismic-dev-gcp-20251209192151.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209192151.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "569d9f3d105fa06270d706fc48f60cbc43cd27fe1c2bba91efac4f7574fd85d54d4af650af19f0b5dbbf61769f6e64be", - "rtmr2": "72ee21552474f1443154db4a1f3f87ef8cb600c64ffcbcf4207aaaef48993294291155be168f70e26d67555b685c5ee4" - } - } - }, - "seismic-dev-gcp-20251209194711.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209194711.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "e4916570e3a5dd44650c31db904e627fac26634572517940a15832aced71a8e634bc2b17af8edaabf38a3228a93cffd3", - "rtmr2": "54338f5fe4083979301da21d146d3127cfa38058319cea9f868cbd7d1d05797bdeda783a6901e11c1707ea9272072177" - } - } - }, - "seismic-dev-gcp-20251209201008.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209201008.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "6e2a9f0b0ef38068ab343eb643519d4bd3bc027ea20e49d823579e298a90dac57246d222f1350cde09708fa8416a5906", - "rtmr2": "55c6a5f53c4ca833c515e964caad06aa06bcc22a0508f7f63c6fe07784485db50e7196182ea909bc03f68d7238aa16f3" - } - } - }, - "seismic-dev-gcp-20251209204128.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209204128.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "640f8acdc5d1b4181ce6900ec83d1881099511191f35e19643d4f4b14f580420bebf181be6aeb07fc9e96908777027fa", - "rtmr2": "d7d2a7568eff24b2f3f8806d5733f8f0cf86257f012aef9971bd5eef3d1bebe4acca12d82cda51852e037ef83261c273" - } - } - }, - "seismic-dev-gcp-20251209214038.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209214038.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "d51eda2641253a8611cd2dfc897c1721743bb45474b2704d04cc5fcc8838c69ad630f0c0eee9684fc3d64b2145898bca", - "rtmr2": "b44c1282c4e49c821e421cb83abf7ca4810f5fc4c4303cda19d3bd4d91c770da99f7c4f2e46e754a4bb5c8ce13f39b58" - } - } - }, - "seismic-dev-gcp-20251209220132.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209220132.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "9e324aaf3e810d21654b91a29a741ade57af7e8955634649af903aadca534b25cb3ca55fdd6526886b067c2e1187a3b2", - "rtmr2": "a4047a4a0ac573ec91473ae5ca2890d37862ed87abc7425cc3ec56c8c6a677166979b60a02165065ccb07e060c8e7bd0" - } - } - }, - "seismic-dev-gcp-20251209221845.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, + "seismic-dev-gcp-20251211193000.tar.gz": { + "repos": {}, "image": { - "measurement_id": "seismic-dev-gcp-20251209221845.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "c39cd9af8c89e28ec8f1b0789e5e603a053caf87a25c7d5aacf3721882dcac3c334a205952348ce0075a66d02a9172d8", - "rtmr2": "95c84b28a1a3cc427e2edc0003bdc05bfb3c033b23dbfe78642f4652c63fbab4b983a8c6ac53a5a95ed76bf137d6cecb" - } - } - }, - "seismic-dev-gcp-20251209224347.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251209224347.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "3d3826d3dfa1bc159533788d42251fecb8348ca4ffc6cace7ca0d2d46f8f2f2f94b7aec2b318d201a65e945005b80611", - "rtmr2": "91d88e891e4b3622b96ba4722d22397785fb4e9e233bd66efbcb7e88ab6d17ec8fc844bd5ad8b9f59e0c1058a86fdd04" - } - } - }, - "seismic-dev-gcp-20251210154444.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251210154444.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "7377ca21167fe0eb4b918c9092ef7cef29c641378823965e8a48789167d67763c2a09463eeb63849b3392623549f5f46", - "rtmr2": "91c449bee765dbd4fa0f038d939f749986da1722a6980789d6dd45df2e331165282eae5147b010961d93307101e8e4c1" - } - } - }, - "seismic-dev-gcp-20251210165057.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251210165057.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "b76f15c6d7d5f5f2ca1031f4de09f6f374db05a23c26f2047e0cf9d6231b476e0fcd0feaaf68f228d7f14e935636afb3", - "rtmr2": "39ad4f528a97d31316652818f8cc231220abff98d3e79d16b3995ba79b24d7029c9f1cd39647895b163bcd54d5b976bf" - } - } - }, - "seismic-dev-gcp-20251210170519.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251210170519.tar.gz", + "measurement_id": "seismic-dev-gcp-20251211193000.tar.gz", "attestation_type": "CloudProvider.GCP-tdx", "measurements": { "rtmr1": "3a3523a0c2b385579fe3816c33774c96fcae9afa6001ea094bd1b32439c85796fcbd133860cbf46e0d80147e0b2ba6f4", @@ -571,243 +188,63 @@ } } }, - "seismic-dev-gcp-20251210203654.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251210203654.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "6dd58a5f9958f39e46ae9459d2a388435bcbdbd740d4669f4551353a96de21f7357b5510ee5e5034fed72d824e7c4e03", - "rtmr2": "2f8a3bd9f0d00576c48a067ad9faee233e5c4046880bfcc43cf7d788bb5dbdcfdd8fe8862e28e47cea3c61afe2bbe29d" - } - } - }, - "seismic-dev-gcp-20251210205115.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251210205115.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "043b0c166c40f42827358a0223ddb7b9cf4152c385255e3c1b7592958b4d9807cbc27b0c3858d5da0588d08cedeb90a3", - "rtmr2": "83067a792db196d783d68077773363a6c8e89818605d1ad5656c88822c180cee621a5cab81e91f5c89d004fd33400a74" - } - } - }, - "seismic-dev-gcp-20251210210846.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251210210846.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "c2caefbb5e9b806428503a9af611a6fea99614424abc7c2bfebce90dd306cc688145642ec0362c10ed9e54e2562342cb", - "rtmr2": "2ee545ca43eb99be87088783f608c62c996322edbb377f17cf38b8135abdd2040a77d3171b5582f6251b0f463112d5de" - } - } - }, - "seismic-dev-gcp-20251210214248.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251210214248.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "346fcb50776abfef689ff5bb965c182ad7cc7b88b7c08e6b1a7889298522fce0d7717c3ef33f8d69405308ed04cebb60", - "rtmr2": "8b0c33342b5ebf675e366ad0120d6a5895490d16bb2e0abc01a1010301a85c0bbff60aba5b4f8dad0c0434af3db981a1" - } - } - }, - "seismic-dev-gcp-20251210222624.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251210222624.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "4feca596080f9584418f8c92ff00a9f45f57a3eb1b75677bf680e22a4d4ebb00b6cd91a3c4dfd9ae0588c3e75a7eb976", - "rtmr2": "62a6fe6cf2177aa6e8271142942c9147a79b955f379aa283e8c62b92089ad0a3bbfaed3b00c18a511b5154bd5e78289a" - } - } - }, - "seismic-dev-gcp-20251210234005.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251210234005.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "9988d7be47c84274322d9b7cd88041e1a603f3dde5569a091266feca2279c14b28f131df6ea24ed328660b26b0afa4b2", - "rtmr2": "d9f416df261f2b004e4f876eb84855a785bb4133ab9a0888db40ba603c23cca50068e83552aa716b278675b08a8d138f" - } - } - }, - "seismic-dev-gcp-20251211000054.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251211000054.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "61e889d1db6a02ef1cfcbf1f6e32f383c005673761986e4cbc7652f85bbea5354d205761abd536fea49e13ac6132bf73", - "rtmr2": "c3bdbcde00c3de823611830faf8014200a77fe8a0c2905d347af44b118aea4aaca296789ba15a4ae9fe61a78ac1717ea" - } - } - }, - "seismic-dev-gcp-20251211140647.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251211140647.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "e1db8eb533d85bdb5afe623c1954e8ad0f05c95574f0a4980d2312a72ae9bfc7d35ddd4733dfee151020a4f95d3e61db", - "rtmr2": "7652f51fb2b93497caa286f5f2d5f370efa11511ff67b3ab7cac7fd1969244b34b266c1e0e71db02b06c93c141b34400" - } - } - }, - "seismic-dev-gcp-20251211145352.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251211145352.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "88563c9db2d9614cf220ca58782e76a63cdccff21c5e5dbe818781b1ce661039375136f40dceb2745501ef0765807220", - "rtmr2": "f820c1564135bba0f987c630fe523bdb26e83a87c0091c74f9fac31e4b7640f3bf7e7216da13979da366100d60a987cb" - } - } - }, - "seismic-dev-gcp-20251211151738.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251211151738.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "a9f623eee9f3ff0419d20bfb6bfbdb0c89d479e27a19f6a2856779a78ab50ded92655ad80b426cb4d4dd00f04197c3ef", - "rtmr2": "dbcb1ee7544db6d2bccda6169e104ad82b0a0a1628fdd0c89ae6d1d43bca4b53520243db7571e846e392239287a53432" - } - } - }, - "seismic-dev-gcp-20251211161255.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251211161255.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "464c436543f9b2267ae614f92d6554759b41e06d4fd2cf909e6d72fd0b574539963fd8ce298751089f2e1745c86970b9", - "rtmr2": "d529a00ef9c48aa0929e40d586e8206f8a9a516e6dfe586e6c973556e4003be32b3b64e68a00c5d8bdc031f043d1706d" - } - } - }, - "seismic-dev-gcp-20251211161802.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251211161802.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "c1b632d84eb4fb8b6c41d783780627e35633ec67e05873a8cf4e0a70847b229bcc5dc21a529f795bc067eeb6c04ba463", - "rtmr2": "8f4262f0061bd0bc28888afefd3111b8f7792fe3fd870bfc6e52f2699b8bdccea0e11fcd317a3c4b0d18a5296acdb941" - } - } - }, - "seismic-dev-gcp-20251211163634.tar.gz": { + "seismic-dev-gcp-20251211220928.tar.gz": { "repos": { "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" }, "image": { - "measurement_id": "seismic-dev-gcp-20251211163634.tar.gz", + "measurement_id": "seismic-dev-gcp-20251211220928.tar.gz", "attestation_type": "CloudProvider.GCP-tdx", "measurements": { - "rtmr1": "1470d99b1e6bf540805c71a2667a0d52375297babced1319448e9ac6708661d086036efada6afca94c6fee0028619122", - "rtmr2": "aa9510a8c63820f54f106b1184d0a708e645ecee4f4d234be4332a71fbed61473b6497def7d6a1f8f024098954b16d28" + "rtmr1": "6b1900c3cf76ce813e972290929175494ca0f05183530d294e1fdd124a521543b2b7a6c5b3384579805d14beb2882143", + "rtmr2": "fee6ff453e1a3d3f60b403f051c0c9035fc023f61a5e8fa291edae2ec86750f67bfb9b2ef7e34d4b95e6db2e029d5562" } } }, - "seismic-dev-gcp-20251211175220.tar.gz": { + "seismic-dev-gcp-20251211225451.tar.gz": { "repos": { "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" }, "image": { - "measurement_id": "seismic-dev-gcp-20251211175220.tar.gz", + "measurement_id": "seismic-dev-gcp-20251211225451.tar.gz", "attestation_type": "CloudProvider.GCP-tdx", "measurements": { - "rtmr1": "ee44bbf962d390fed9290f662cc16a64f15af5a15492f79a96d4f8946bf7e7992b8081cc5143446cea6efeeb2b5da64f", - "rtmr2": "79f6d54b6a4854ff19069bc97fcbf0e9d6f31f87534e616003baca4720e170b39bc544b34548c47a689fcbf197cfbbcb" + "rtmr1": "9a9fbe522f4bb24601ffc5de5a75b6f41f1f27bb5bb5219fec7677245aba54afb4c5dc2518bc0e5e49c5f1a4140815ea", + "rtmr2": "9c638449153ea2b6f6343150d8861561cd53a0a734009efc2cede521aeb723c25ab835cf3df4890e2ec0cc66694974ad" } } }, - "seismic-dev-gcp-20251211182712.tar.gz": { + "seismic-dev-gcp-20251211233945.tar.gz": { "repos": { "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" }, "image": { - "measurement_id": "seismic-dev-gcp-20251211182712.tar.gz", + "measurement_id": "seismic-dev-gcp-20251211233945.tar.gz", "attestation_type": "CloudProvider.GCP-tdx", "measurements": { - "rtmr1": "530d9dd31f04fd0eba8117f45f76ab1f0efd32a78724ac3fe3c555b884620b8f90cb41213c6da060060184edd13da7e9", - "rtmr2": "e276c27bf148885d310e4fcabf8f36cf8e9fffb32917bfc5e9675a3f1d6d0e55806c248bb66bab64e7fba5e1a733d630" + "rtmr1": "b4f6d9ee36f4e14e0a6a7ceaf50f2316b10ba5db5e5470f5109a5178016548b30046527fa91ead25d818000d5edb3d17", + "rtmr2": "7ce96ae4481a008f4500c34418b33e64aed8320f727da87e802dd9378d9878b2d4e03de7a23a5ea5f249d605b903a4c6" } } }, - "seismic-dev-gcp-20251211190010.tar.gz": { + "seismic-dev-gcp-20251212000509.tar.gz": { "repos": { "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" }, "image": { - "measurement_id": "seismic-dev-gcp-20251211190010.tar.gz", + "measurement_id": "seismic-dev-gcp-20251212000509.tar.gz", "attestation_type": "CloudProvider.GCP-tdx", "measurements": { - "rtmr1": "5a52facfce3d4a31a98b258dd7924ef2956275e06de70b022a5efd57ab5a1452dc05427544119a44df90e92e3c929a99", - "rtmr2": "99a10d35695fe21fa58f8d3bf929efb940eb3b8681363d402ca2a6a9ad37ebb2bd3c8b05587ffaf6d8f9b40505bbb26e" + "rtmr1": "7b12acdb31f68eb0736a92d3a640a9159685fbea0fa383c6080157af9adb6ec9aafec1b1ae0dcb362267efcf3cd206e2", + "rtmr2": "d189449e9c7e93f59fea5190b0c60b08d648fed5be6f7384bab8090a261e4175c7466b4fbcb31b662dfc2c2dbaa3dbae" } } } diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index 844dff69..d7528f10 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -349,12 +349,18 @@ def _create_image_from_gcs( logger.info("Source type: RAW") # Add all required guest OS features for TDX - # These match: --guest-os-features=UEFI_COMPATIBLE, - # VIRTIO_SCSI_MULTIQUEUE,GVNIC,TDX_CAPABLE + # These match the features from a working GCP TDX instance guest_os_features = [ + "VIRTIO_SCSI_MULTIQUEUE", + "SEV_CAPABLE", + "SEV_SNP_CAPABLE", + "SEV_LIVE_MIGRATABLE", + "SEV_LIVE_MIGRATABLE_V2", + "SNP_SVSM_CAPABLE", + "IDPF", + "TDX_CAPABLE", "UEFI_COMPATIBLE", "GVNIC", - "TDX_CAPABLE", ] image.guest_os_features = [] @@ -855,6 +861,7 @@ def create_vm( boot_disk.boot = True boot_disk.auto_delete = True boot_disk.mode = "READ_WRITE" + boot_disk.interface = "NVME" boot_disk.device_name = config.vm.name boot_disk.source = ( f"projects/{config.vm.resource_group}/zones/" From dd453b86da3d6155922331473178161e80e5fc82 Mon Sep 17 00:00:00 2001 From: cdrappi Date: Tue, 16 Dec 2025 13:28:45 -0500 Subject: [PATCH 31/43] deploy metadata --- deploy_metadata.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/deploy_metadata.json b/deploy_metadata.json index 7def4d7d..5cf55af3 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -570,6 +570,17 @@ "rtmr2": "b7698feabad08fdb4e43469547f06991ce8b02152c69e146f372eb82ba93aa4267430c2a2e359e647a8235c05a53aa32" } } + }, + "seismic-dev-gcp-20251211193000.tar.gz": { + "repos": {}, + "image": { + "measurement_id": "seismic-dev-gcp-20251211193000.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "3a3523a0c2b385579fe3816c33774c96fcae9afa6001ea094bd1b32439c85796fcbd133860cbf46e0d80147e0b2ba6f4", + "rtmr2": "b7698feabad08fdb4e43469547f06991ce8b02152c69e146f372eb82ba93aa4267430c2a2e359e647a8235c05a53aa32" + } + } } } } \ No newline at end of file From 683217b82fe89ca5b0730f011c123fd987e82ce5 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 16 Dec 2025 18:33:53 +0000 Subject: [PATCH 32/43] more --- deploy_metadata.json | 124 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) diff --git a/deploy_metadata.json b/deploy_metadata.json index a9765243..d782b1cb 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -173,6 +173,25 @@ "size": "c3-standard-4" }, "data_disk": "gcp-genesis-6-persistent" + }, + "gcp-genesis-13": { + "artifact": "seismic-dev-gcp-20251212204732.tar.gz", + "public_ip": "34.63.184.53", + "domain": { + "url": "https://gcp-13.seismictest.net", + "record": "gcp-13", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-13", + "nsgName": "gcp-genesis-13", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-13-persistent" } } }, @@ -247,6 +266,111 @@ "rtmr2": "d189449e9c7e93f59fea5190b0c60b08d648fed5be6f7384bab8090a261e4175c7466b4fbcb31b662dfc2c2dbaa3dbae" } } + }, + "seismic-dev-gcp-20251212165303.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251212165303.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "441c2e95600b83da5f97e9271aa218b64ea91848c170feadae4b69b9bb41f116bb5c15f6aa3294c5a61530f9ff5cc6eb", + "rtmr2": "bd57dae72e38c89c7b585be1925cf6629c4986cc9b673ce6463c6c9a8d7972de37978e4b991a0031f349e546319a611c" + } + } + }, + "seismic-dev-gcp-20251212172004.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251212172004.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "55849cd453192b8862238e58f84aaef466794a7da1358e6f46bb8296327765dac67cdc48f331ab9e6d42b1a165c8945d", + "rtmr2": "4b81b42e1c0a80639abbdc46576bf21da6a15ede734d45229644488619fa4ca9b85376172d7a10ae3ae33e0ea1106814" + } + } + }, + "seismic-dev-gcp-20251212180914.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251212180914.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "f9fecc6ce3a579d94e985a7d7281b8d387df83f9c722355da81b334e7348c17703293939fad51eb4a325890a32a6cbc5", + "rtmr2": "20674a505ac31d52539c8a03c7a87930ba0b94fd170a0359b4eb4e0775356f3a6fb1c6de77b917e567d4efaa884b5750" + } + } + }, + "seismic-dev-gcp-20251212183338.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251212183338.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "1f56c6aa27b595062a70502ca4778bcc105b3f84b858d32d09f1b2b8f37097061c0c8fb62a999bff3bd3b523a6648324", + "rtmr2": "d64416e8155c88f3ceb0e6e824789a8e3b3bb051ede7ae62da2423e666c8f664f01f00a311a6dc4b78a46d223ce8db5e" + } + } + }, + "seismic-dev-gcp-20251212195638.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251212195638.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "b004abe1c307f966cef6ee591a7b334812b6ee7c5506fcfe01a5b41dde3bbf4fe2f984cbd0ac6f0062408185b30c0872", + "rtmr2": "f0654eda6839eb9f02e30b5bebd68fd7837249eb91294f6259712f3459c017d66714ba9b930081951e502abcc9ba4eac" + } + } + }, + "seismic-dev-gcp-20251212204732.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251212204732.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "a1cc0cb9a5a14774f0e9f898ffa52e1adcb08d99ca76fa911be89a2a97a702380244480aa9cd3dc8c2683c39d31a119d", + "rtmr2": "c401bcc7d5b21a99d45adb4e2ba85aa90e0487d38da8bb60c16712234dfa0016ea98a4c1703031da7ff58b32404d953d" + } + } + }, + "seismic-dev-gcp-20251212221100.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251212221100.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "6d02988de632b420b82a8478f3259b819c78158c1116177f63bbb5537df96d59ed19387d4b271d6ae1dd5d3bae240293", + "rtmr2": "9ec15222f612bd718e98cb282b73887c6364cdef8997acc52b6e1178061325835ef54a6cc01085537918196c1827ff54" + } + } } } } \ No newline at end of file From 3e6e0f45baca4d01d9a35dd651ed5504dc9c0499 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 16 Dec 2025 21:54:34 +0000 Subject: [PATCH 33/43] more gcp ' --- deploy_metadata.json | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/deploy_metadata.json b/deploy_metadata.json index d782b1cb..69e7386b 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -192,6 +192,25 @@ "size": "c3-standard-4" }, "data_disk": "gcp-genesis-13-persistent" + }, + "gcp-genesis-14": { + "artifact": "seismic-dev-gcp-20251216203946.tar.gz", + "public_ip": "34.69.233.60", + "domain": { + "url": "https://gcp-14.seismictest.net", + "record": "gcp-14", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-14", + "nsgName": "gcp-genesis-14", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-14-persistent" } } }, @@ -371,6 +390,21 @@ "rtmr2": "9ec15222f612bd718e98cb282b73887c6364cdef8997acc52b6e1178061325835ef54a6cc01085537918196c1827ff54" } } + }, + "seismic-dev-gcp-20251216203946.tar.gz": { + "repos": { + "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", + "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", + "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251216203946.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "f0b7a1cb4f5e13912c0f92c94c5a594c693255a61764be676c6a5313993ae43a04081c3b19035189429b67b35749886e", + "rtmr2": "4fad64acf101b90afaf1855d81e0887ff148204ea3d109414924565f6e5f34f8ddeeba1832eb36b7486d619e3d638452" + } + } } } } \ No newline at end of file From 0b42ab811bea7dc1e8cfbfcc0b622aeb2d2890a6 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 18 Dec 2025 17:54:30 +0000 Subject: [PATCH 34/43] gcp --- deploy_metadata.json | 71 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 62 insertions(+), 9 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 69e7386b..a3e126bb 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -174,8 +174,46 @@ }, "data_disk": "gcp-genesis-6-persistent" }, + "gcp-genesis-14": { + "artifact": "seismic-dev-gcp-20251216203946.tar.gz", + "public_ip": "34.69.233.60", + "domain": { + "url": "https://gcp-14.seismictest.net", + "record": "gcp-14", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-14", + "nsgName": "gcp-genesis-14", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-14-persistent" + }, + "gcp-genesis-15": { + "artifact": "seismic-dev-gcp-20251217213403.tar.gz", + "public_ip": "34.66.148.90", + "domain": { + "url": "https://gcp-15.seismictest.net", + "record": "gcp-15", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-15", + "nsgName": "gcp-genesis-15", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-15-persistent" + }, "gcp-genesis-13": { - "artifact": "seismic-dev-gcp-20251212204732.tar.gz", + "artifact": "seismic-dev-gcp-20251217213403.tar.gz", "public_ip": "34.63.184.53", "domain": { "url": "https://gcp-13.seismictest.net", @@ -193,24 +231,24 @@ }, "data_disk": "gcp-genesis-13-persistent" }, - "gcp-genesis-14": { - "artifact": "seismic-dev-gcp-20251216203946.tar.gz", - "public_ip": "34.69.233.60", + "gcp-genesis-16": { + "artifact": "seismic-dev-gcp-20251217213403.tar.gz", + "public_ip": "34.68.94.42", "domain": { - "url": "https://gcp-14.seismictest.net", - "record": "gcp-14", + "url": "https://gcp-16.seismictest.net", + "record": "gcp-16", "name": "seismictest.net", "resource_group": "yocto-testnet" }, "vm": { "resourceGroup": "testnet-477314", - "name": "gcp-genesis-14", - "nsgName": "gcp-genesis-14", + "name": "gcp-genesis-16", + "nsgName": "gcp-genesis-16", "cloud": "gcp", "region": "us-central1-a", "size": "c3-standard-4" }, - "data_disk": "gcp-genesis-14-persistent" + "data_disk": "gcp-genesis-16-persistent" } } }, @@ -405,6 +443,21 @@ "rtmr2": "4fad64acf101b90afaf1855d81e0887ff148204ea3d109414924565f6e5f34f8ddeeba1832eb36b7486d619e3d638452" } } + }, + "seismic-dev-gcp-20251217213403.tar.gz": { + "repos": { + "enclave": "074aa8336bff2db21dc4b0e4453397c191d93c6d", + "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", + "summit": "846ad5a2e1ccb5173f8fddd8e052acc270730171" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251217213403.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "4c2e269908e2c2539ff2833a9bbfc0a47c7ebe710d9d79c1d07ada6bb08341d789c4e5558b866594ed67fce47307dda5", + "rtmr2": "b3dd2cf072b2a35d552d00d228282980ad6125341258ccde3a894b3b1774125c42a6b546ff4aad1fd2e4f6e0434dbc29" + } + } } } } \ No newline at end of file From 2e5268675ddbc2dcb470f6a10db03af9b7a373fc Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 18 Dec 2025 21:01:50 +0000 Subject: [PATCH 35/43] serial port --- deploy_metadata.json | 15 +++++++++++++++ yocto/cloud/gcp/api.py | 13 +++++++++++++ 2 files changed, 28 insertions(+) diff --git a/deploy_metadata.json b/deploy_metadata.json index a3e126bb..601724c2 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -458,6 +458,21 @@ "rtmr2": "b3dd2cf072b2a35d552d00d228282980ad6125341258ccde3a894b3b1774125c42a6b546ff4aad1fd2e4f6e0434dbc29" } } + }, + "seismic-dev-gcp-20251218205246.tar.gz": { + "repos": { + "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", + "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", + "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251218205246.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "bab64cfafff04d5b49db57392dcd8c6275f0a9624a16dc3789d65e2b1d96d9b19ba3f339734afc6631ff83dc318201a7", + "rtmr2": "c387f609a3f28bef432527b1f7e951f5b623e0ccdc5b001b5b893ced586d88e287183ca9c1c94714c45dab4e5c4f9527" + } + } } } } \ No newline at end of file diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index d7528f10..05d80209 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -903,6 +903,18 @@ def create_vm( tags = compute_v1.Tags() tags.items = [config.vm.name] + # Configure metadata for serial port + metadata = compute_v1.Metadata() + metadata_items = [] + + # Enable serial port + serial_port_item = compute_v1.Items() + serial_port_item.key = "serial-port-enable" + serial_port_item.value = "TRUE" + metadata_items.append(serial_port_item) + + metadata.items = metadata_items + # Create instance instance = compute_v1.Instance() instance.name = config.vm.name @@ -915,6 +927,7 @@ def create_vm( instance.confidential_instance_config = confidential_config instance.scheduling = scheduling instance.tags = tags + instance.metadata = metadata operation = instance_client.insert( project=config.vm.resource_group, From acd2b023fe8c1a7ff8c0e850373f944873061dbc Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 18 Dec 2025 16:05:43 -0500 Subject: [PATCH 36/43] strip features --- yocto/cloud/gcp/api.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index d7528f10..23d43f10 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -351,16 +351,10 @@ def _create_image_from_gcs( # Add all required guest OS features for TDX # These match the features from a working GCP TDX instance guest_os_features = [ - "VIRTIO_SCSI_MULTIQUEUE", - "SEV_CAPABLE", - "SEV_SNP_CAPABLE", - "SEV_LIVE_MIGRATABLE", - "SEV_LIVE_MIGRATABLE_V2", - "SNP_SVSM_CAPABLE", - "IDPF", - "TDX_CAPABLE", "UEFI_COMPATIBLE", + "VIRTIO_SCSI_MULTIQUEUE", "GVNIC", + "TDX_CAPABLE", ] image.guest_os_features = [] From 92d3e2f082eeb31d2fc58bee3efa11792738f197 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 18 Dec 2025 21:06:22 +0000 Subject: [PATCH 37/43] morre --- deploy_metadata.json | 57 -------------------------------------------- 1 file changed, 57 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 601724c2..82863a12 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -192,63 +192,6 @@ "size": "c3-standard-4" }, "data_disk": "gcp-genesis-14-persistent" - }, - "gcp-genesis-15": { - "artifact": "seismic-dev-gcp-20251217213403.tar.gz", - "public_ip": "34.66.148.90", - "domain": { - "url": "https://gcp-15.seismictest.net", - "record": "gcp-15", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-15", - "nsgName": "gcp-genesis-15", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-15-persistent" - }, - "gcp-genesis-13": { - "artifact": "seismic-dev-gcp-20251217213403.tar.gz", - "public_ip": "34.63.184.53", - "domain": { - "url": "https://gcp-13.seismictest.net", - "record": "gcp-13", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-13", - "nsgName": "gcp-genesis-13", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-13-persistent" - }, - "gcp-genesis-16": { - "artifact": "seismic-dev-gcp-20251217213403.tar.gz", - "public_ip": "34.68.94.42", - "domain": { - "url": "https://gcp-16.seismictest.net", - "record": "gcp-16", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-16", - "nsgName": "gcp-genesis-16", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-16-persistent" } } }, From 445edfdc3594feac11c8eb33f7a57afbf02f4218 Mon Sep 17 00:00:00 2001 From: cdrappi Date: Thu, 18 Dec 2025 16:07:23 -0500 Subject: [PATCH 38/43] yay --- deploy_metadata.json | 403 +------------------------------------------ 1 file changed, 1 insertion(+), 402 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 82863a12..27208b26 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -1,407 +1,6 @@ { - "resources": { - "azure": { - "az-genesis-200": { - "artifact": "seismic-dev-azure-20251121185658.vhd", - "public_ip": "51.8.245.138", - "domain": { - "url": "https://az-200.seismictest.net", - "record": "az-200", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "tdx-testnet", - "name": "az-genesis-200", - "nsgName": "az-genesis-200", - "cloud": "azure", - "region": "eastus", - "size": "Standard_DC4es_v6" - }, - "data_disk": "az-genesis-200-persistent" - }, - "az-genesis-201": { - "artifact": "seismic-dev-azure-20251121185658.vhd", - "public_ip": "135.237.40.94", - "domain": { - "url": "https://az-201.seismictest.net", - "record": "az-201", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "tdx-testnet", - "name": "az-genesis-201", - "nsgName": "az-genesis-201", - "cloud": "azure", - "region": "eastus", - "size": "Standard_DC4es_v6" - }, - "data_disk": "az-genesis-201-persistent" - }, - "az-genesis-202": { - "artifact": "seismic-dev-azure-20251121185658.vhd", - "public_ip": "48.194.106.11", - "domain": { - "url": "https://az-202.seismictest.net", - "record": "az-202", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "tdx-testnet", - "name": "az-genesis-202", - "nsgName": "az-genesis-202", - "cloud": "azure", - "region": "eastus", - "size": "Standard_DC4es_v6" - }, - "data_disk": "az-genesis-202-persistent" - }, - "az-genesis-203": { - "artifact": "seismic-dev-azure-20251121185658.vhd", - "public_ip": "51.8.237.70", - "domain": { - "url": "https://az-203.seismictest.net", - "record": "az-203", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "tdx-testnet", - "name": "az-genesis-203", - "nsgName": "az-genesis-203", - "cloud": "azure", - "region": "eastus", - "size": "Standard_DC4es_v6" - }, - "data_disk": "az-genesis-203-persistent" - }, - "az-genesis-1": { - "artifact": "seismic-dev-azure-20251124143117.vhd", - "public_ip": "48.223.236.240", - "domain": { - "url": "https://az-1.seismictest.net", - "record": "az-1", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "tdx-testnet", - "name": "az-genesis-1", - "nsgName": "az-genesis-1", - "cloud": "azure", - "region": "eastus", - "size": "Standard_DC4es_v6" - }, - "data_disk": "az-genesis-1-persistent" - }, - "az-genesis-2": { - "artifact": "seismic-dev-azure-20251124143117.vhd", - "public_ip": "48.223.215.252", - "domain": { - "url": "https://az-2.seismictest.net", - "record": "az-2", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "tdx-testnet", - "name": "az-genesis-2", - "nsgName": "az-genesis-2", - "cloud": "azure", - "region": "eastus", - "size": "Standard_DC4es_v6" - }, - "data_disk": "az-genesis-2-persistent" - }, - "az-genesis-3": { - "artifact": "seismic-dev-azure-20251124143117.vhd", - "public_ip": "134.33.152.130", - "domain": { - "url": "https://az-3.seismictest.net", - "record": "az-3", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "tdx-testnet", - "name": "az-genesis-3", - "nsgName": "az-genesis-3", - "cloud": "azure", - "region": "eastus", - "size": "Standard_DC4es_v6" - }, - "data_disk": "az-genesis-3-persistent" - }, - "az-genesis-4": { - "artifact": "seismic-dev-azure-20251124143117.vhd", - "public_ip": "128.203.77.183", - "domain": { - "url": "https://az-4.seismictest.net", - "record": "az-4", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "tdx-testnet", - "name": "az-genesis-4", - "nsgName": "az-genesis-4", - "cloud": "azure", - "region": "eastus", - "size": "Standard_DC4es_v6" - }, - "data_disk": "az-genesis-4-persistent" - } - }, - "gcp": { - "gcp-genesis-6": { - "artifact": "seismic-dev-gcp-20251205210739.tar.gz", - "public_ip": "34.172.12.168", - "domain": { - "url": "https://gcp-6.seismictest.net", - "record": "gcp-6", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-6", - "nsgName": "gcp-genesis-6", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-6-persistent" - }, - "gcp-genesis-14": { - "artifact": "seismic-dev-gcp-20251216203946.tar.gz", - "public_ip": "34.69.233.60", - "domain": { - "url": "https://gcp-14.seismictest.net", - "record": "gcp-14", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-14", - "nsgName": "gcp-genesis-14", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-14-persistent" - } - } - }, + "resources": {}, "artifacts": { - "seismic-dev-gcp-20251211193000.tar.gz": { - "repos": {}, - "image": { - "measurement_id": "seismic-dev-gcp-20251211193000.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "3a3523a0c2b385579fe3816c33774c96fcae9afa6001ea094bd1b32439c85796fcbd133860cbf46e0d80147e0b2ba6f4", - "rtmr2": "b7698feabad08fdb4e43469547f06991ce8b02152c69e146f372eb82ba93aa4267430c2a2e359e647a8235c05a53aa32" - } - } - }, - "seismic-dev-gcp-20251211220928.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251211220928.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "6b1900c3cf76ce813e972290929175494ca0f05183530d294e1fdd124a521543b2b7a6c5b3384579805d14beb2882143", - "rtmr2": "fee6ff453e1a3d3f60b403f051c0c9035fc023f61a5e8fa291edae2ec86750f67bfb9b2ef7e34d4b95e6db2e029d5562" - } - } - }, - "seismic-dev-gcp-20251211225451.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251211225451.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "9a9fbe522f4bb24601ffc5de5a75b6f41f1f27bb5bb5219fec7677245aba54afb4c5dc2518bc0e5e49c5f1a4140815ea", - "rtmr2": "9c638449153ea2b6f6343150d8861561cd53a0a734009efc2cede521aeb723c25ab835cf3df4890e2ec0cc66694974ad" - } - } - }, - "seismic-dev-gcp-20251211233945.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251211233945.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "b4f6d9ee36f4e14e0a6a7ceaf50f2316b10ba5db5e5470f5109a5178016548b30046527fa91ead25d818000d5edb3d17", - "rtmr2": "7ce96ae4481a008f4500c34418b33e64aed8320f727da87e802dd9378d9878b2d4e03de7a23a5ea5f249d605b903a4c6" - } - } - }, - "seismic-dev-gcp-20251212000509.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251212000509.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "7b12acdb31f68eb0736a92d3a640a9159685fbea0fa383c6080157af9adb6ec9aafec1b1ae0dcb362267efcf3cd206e2", - "rtmr2": "d189449e9c7e93f59fea5190b0c60b08d648fed5be6f7384bab8090a261e4175c7466b4fbcb31b662dfc2c2dbaa3dbae" - } - } - }, - "seismic-dev-gcp-20251212165303.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251212165303.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "441c2e95600b83da5f97e9271aa218b64ea91848c170feadae4b69b9bb41f116bb5c15f6aa3294c5a61530f9ff5cc6eb", - "rtmr2": "bd57dae72e38c89c7b585be1925cf6629c4986cc9b673ce6463c6c9a8d7972de37978e4b991a0031f349e546319a611c" - } - } - }, - "seismic-dev-gcp-20251212172004.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251212172004.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "55849cd453192b8862238e58f84aaef466794a7da1358e6f46bb8296327765dac67cdc48f331ab9e6d42b1a165c8945d", - "rtmr2": "4b81b42e1c0a80639abbdc46576bf21da6a15ede734d45229644488619fa4ca9b85376172d7a10ae3ae33e0ea1106814" - } - } - }, - "seismic-dev-gcp-20251212180914.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251212180914.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "f9fecc6ce3a579d94e985a7d7281b8d387df83f9c722355da81b334e7348c17703293939fad51eb4a325890a32a6cbc5", - "rtmr2": "20674a505ac31d52539c8a03c7a87930ba0b94fd170a0359b4eb4e0775356f3a6fb1c6de77b917e567d4efaa884b5750" - } - } - }, - "seismic-dev-gcp-20251212183338.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251212183338.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "1f56c6aa27b595062a70502ca4778bcc105b3f84b858d32d09f1b2b8f37097061c0c8fb62a999bff3bd3b523a6648324", - "rtmr2": "d64416e8155c88f3ceb0e6e824789a8e3b3bb051ede7ae62da2423e666c8f664f01f00a311a6dc4b78a46d223ce8db5e" - } - } - }, - "seismic-dev-gcp-20251212195638.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251212195638.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "b004abe1c307f966cef6ee591a7b334812b6ee7c5506fcfe01a5b41dde3bbf4fe2f984cbd0ac6f0062408185b30c0872", - "rtmr2": "f0654eda6839eb9f02e30b5bebd68fd7837249eb91294f6259712f3459c017d66714ba9b930081951e502abcc9ba4eac" - } - } - }, - "seismic-dev-gcp-20251212204732.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251212204732.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "a1cc0cb9a5a14774f0e9f898ffa52e1adcb08d99ca76fa911be89a2a97a702380244480aa9cd3dc8c2683c39d31a119d", - "rtmr2": "c401bcc7d5b21a99d45adb4e2ba85aa90e0487d38da8bb60c16712234dfa0016ea98a4c1703031da7ff58b32404d953d" - } - } - }, - "seismic-dev-gcp-20251212221100.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251212221100.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "6d02988de632b420b82a8478f3259b819c78158c1116177f63bbb5537df96d59ed19387d4b271d6ae1dd5d3bae240293", - "rtmr2": "9ec15222f612bd718e98cb282b73887c6364cdef8997acc52b6e1178061325835ef54a6cc01085537918196c1827ff54" - } - } - }, - "seismic-dev-gcp-20251216203946.tar.gz": { - "repos": { - "enclave": "90d53fd7c49600d78d0ab815869d05e2f4187ca8", - "sreth": "7f744454b9a7aef999a1b79c7ed8adb6f336cd45", - "summit": "12d921b0a338be0bbf50dcc33fe92b60f732218d" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251216203946.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "f0b7a1cb4f5e13912c0f92c94c5a594c693255a61764be676c6a5313993ae43a04081c3b19035189429b67b35749886e", - "rtmr2": "4fad64acf101b90afaf1855d81e0887ff148204ea3d109414924565f6e5f34f8ddeeba1832eb36b7486d619e3d638452" - } - } - }, - "seismic-dev-gcp-20251217213403.tar.gz": { - "repos": { - "enclave": "074aa8336bff2db21dc4b0e4453397c191d93c6d", - "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", - "summit": "846ad5a2e1ccb5173f8fddd8e052acc270730171" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251217213403.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "4c2e269908e2c2539ff2833a9bbfc0a47c7ebe710d9d79c1d07ada6bb08341d789c4e5558b866594ed67fce47307dda5", - "rtmr2": "b3dd2cf072b2a35d552d00d228282980ad6125341258ccde3a894b3b1774125c42a6b546ff4aad1fd2e4f6e0434dbc29" - } - } - }, "seismic-dev-gcp-20251218205246.tar.gz": { "repos": { "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", From f0aaa812c929f776023d2f5b997aa4046095f384 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 31 Dec 2025 20:09:23 +0000 Subject: [PATCH 39/43] remove gcp-13 --- deploy_metadata.json | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 27208b26..fe28775a 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -1,5 +1,7 @@ { - "resources": {}, + "resources": { + "gcp": {} + }, "artifacts": { "seismic-dev-gcp-20251218205246.tar.gz": { "repos": { @@ -15,6 +17,36 @@ "rtmr2": "c387f609a3f28bef432527b1f7e951f5b623e0ccdc5b001b5b893ced586d88e287183ca9c1c94714c45dab4e5c4f9527" } } + }, + "seismic-dev-gcp-20251218233113.tar.gz": { + "repos": { + "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", + "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", + "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251218233113.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "18d4d4a9cfdce4d9fc2bb877cb4aa0ab72799bd5a01802b4555dccdccafaba78189d1de886976780033f06786293ea27", + "rtmr2": "c759d3b5582128c81d7049d9016e429b1dbc4dc689f142c816be35041ce313b034d57150c24bbf1fc7d40330d20076d9" + } + } + }, + "seismic-dev-gcp-20251219004415.tar.gz": { + "repos": { + "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", + "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", + "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251219004415.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "63d4684bd8700cc2eee8dc7c85e5b0fcc2f1885927e01b5b92d1e910b1d95492b86c72ad2ce1417c77f6a54b014c649c", + "rtmr2": "38b6d470a677fd7da73f6681ce2acd22733201c7df3798e694e77dd5fe9b4dc702cf52fdd06610662599a3e7fdab34b6" + } + } } } } \ No newline at end of file From 8450038df86326f1c8056e9095d3d50b58d1e6c9 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 5 Jan 2026 20:03:10 +0000 Subject: [PATCH 40/43] newest iamge --- deploy_metadata.json | 67 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index fe28775a..11d4a1f6 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -1,6 +1,26 @@ { "resources": { - "gcp": {} + "gcp": { + "gcp-genesis-13": { + "artifact": "seismic-dev-gcp-20260105194129.tar.gz", + "public_ip": "34.63.184.53", + "domain": { + "url": "https://gcp-13.seismictest.net", + "record": "gcp-13", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-13", + "nsgName": "gcp-genesis-13", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-13-persistent" + } + } }, "artifacts": { "seismic-dev-gcp-20251218205246.tar.gz": { @@ -47,6 +67,51 @@ "rtmr2": "38b6d470a677fd7da73f6681ce2acd22733201c7df3798e694e77dd5fe9b4dc702cf52fdd06610662599a3e7fdab34b6" } } + }, + "seismic-dev-gcp-20251231221318.tar.gz": { + "repos": { + "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", + "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", + "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20251231221318.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "bf7c04254d74354a1851315e814aa27503dc1c7abdf3854911038177633d5445efe3d4bd45adea862347d6ba1d993e7c", + "rtmr2": "285c54addfdda9ad2f4bfb85535f2f6cf7bf63e18d5a98fbdc8d25e9df4b64808ad6bcc430e101109b42061dbaa5696a" + } + } + }, + "seismic-dev-gcp-20260105171237.tar.gz": { + "repos": { + "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", + "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", + "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20260105171237.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "53a52b6baf43cfb5512e7d31a7392942f45b8a8fe3e265a97d842aa30e0071588d78907102b52517b59ccbeed5393e50", + "rtmr2": "f0c0b9bc3e9ff0adb8da2f5cba294889ab19211ccef8b0b17572bdb85fe9c7b88069776d16839dec390e5a6290fba500" + } + } + }, + "seismic-dev-gcp-20260105194129.tar.gz": { + "repos": { + "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", + "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", + "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" + }, + "image": { + "measurement_id": "seismic-dev-gcp-20260105194129.tar.gz", + "attestation_type": "CloudProvider.GCP-tdx", + "measurements": { + "rtmr1": "0fe6ebf7930fd14f169126dde7f5c5e6502272b8f21f2968d94af6fe48502dc3bd3d4bb2a59827d15693f971ddabef2c", + "rtmr2": "1fbce1a7530d2f2d48f9fe6cd2b4b63247a461874b8fa44c1dedbb6512467b2b45128188641d198a3ba6d6a59381ec96" + } + } } } } \ No newline at end of file From 2416b616cf312930be8dd795323f52cd9acf08ba Mon Sep 17 00:00:00 2001 From: cdrappi Date: Mon, 5 Jan 2026 18:39:40 -0500 Subject: [PATCH 41/43] set architecture --- yocto/cloud/gcp/api.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index 82670ded..b6e82029 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -345,8 +345,12 @@ def _create_image_from_gcs( # Set sourceType to RAW (required by gcloud flow) image.source_type = "RAW" + # Set architecture to X86_64 (required for TDX C3 VMs) + image.architecture = "X86_64" + logger.info(f"Using Storage API URL: {storage_api_url}") logger.info("Source type: RAW") + logger.info("Architecture: X86_64") # Add all required guest OS features for TDX # These match the features from a working GCP TDX instance @@ -402,6 +406,7 @@ def _create_disk_from_image( disk.name = disk_name disk.source_image = f"projects/{project}/global/images/{image_name}" disk.type_ = f"projects/{project}/zones/{zone}/diskTypes/{disk_type}" + disk.enable_confidential_compute = True operation = disk_client.insert( project=project, @@ -770,7 +775,7 @@ def create_data_disk( disk_name: str, location: str, size_gb: int, - sku: str = "pd-ssd", + sku: str = DEFAULT_DISK_TYPE, show_logs: bool = False, ) -> None: """Create a data disk for persistent storage. @@ -886,6 +891,7 @@ def create_vm( # Configure confidential instance config confidential_config = compute_v1.ConfidentialInstanceConfig() + confidential_config.enable_confidential_compute = True confidential_config.confidential_instance_type = "TDX" # Configure scheduling From 39e9643d422e788a3d9c82f1ae68a6fa244e80c4 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 5 Jan 2026 23:40:39 +0000 Subject: [PATCH 42/43] try --- deploy_metadata.json | 98 ++++---------------------------------------- 1 file changed, 9 insertions(+), 89 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 11d4a1f6..7f779418 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -1,115 +1,35 @@ { "resources": { - "gcp": { - "gcp-genesis-13": { - "artifact": "seismic-dev-gcp-20260105194129.tar.gz", - "public_ip": "34.63.184.53", - "domain": { - "url": "https://gcp-13.seismictest.net", - "record": "gcp-13", - "name": "seismictest.net", - "resource_group": "yocto-testnet" - }, - "vm": { - "resourceGroup": "testnet-477314", - "name": "gcp-genesis-13", - "nsgName": "gcp-genesis-13", - "cloud": "gcp", - "region": "us-central1-a", - "size": "c3-standard-4" - }, - "data_disk": "gcp-genesis-13-persistent" - } - } + "gcp": {} }, "artifacts": { - "seismic-dev-gcp-20251218205246.tar.gz": { - "repos": { - "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", - "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", - "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251218205246.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "bab64cfafff04d5b49db57392dcd8c6275f0a9624a16dc3789d65e2b1d96d9b19ba3f339734afc6631ff83dc318201a7", - "rtmr2": "c387f609a3f28bef432527b1f7e951f5b623e0ccdc5b001b5b893ced586d88e287183ca9c1c94714c45dab4e5c4f9527" - } - } - }, - "seismic-dev-gcp-20251218233113.tar.gz": { - "repos": { - "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", - "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", - "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251218233113.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "18d4d4a9cfdce4d9fc2bb877cb4aa0ab72799bd5a01802b4555dccdccafaba78189d1de886976780033f06786293ea27", - "rtmr2": "c759d3b5582128c81d7049d9016e429b1dbc4dc689f142c816be35041ce313b034d57150c24bbf1fc7d40330d20076d9" - } - } - }, - "seismic-dev-gcp-20251219004415.tar.gz": { - "repos": { - "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", - "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", - "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251219004415.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "63d4684bd8700cc2eee8dc7c85e5b0fcc2f1885927e01b5b92d1e910b1d95492b86c72ad2ce1417c77f6a54b014c649c", - "rtmr2": "38b6d470a677fd7da73f6681ce2acd22733201c7df3798e694e77dd5fe9b4dc702cf52fdd06610662599a3e7fdab34b6" - } - } - }, - "seismic-dev-gcp-20251231221318.tar.gz": { - "repos": { - "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", - "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", - "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" - }, - "image": { - "measurement_id": "seismic-dev-gcp-20251231221318.tar.gz", - "attestation_type": "CloudProvider.GCP-tdx", - "measurements": { - "rtmr1": "bf7c04254d74354a1851315e814aa27503dc1c7abdf3854911038177633d5445efe3d4bd45adea862347d6ba1d993e7c", - "rtmr2": "285c54addfdda9ad2f4bfb85535f2f6cf7bf63e18d5a98fbdc8d25e9df4b64808ad6bcc430e101109b42061dbaa5696a" - } - } - }, - "seismic-dev-gcp-20260105171237.tar.gz": { + "seismic-dev-gcp-20260105211714.tar.gz": { "repos": { "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" }, "image": { - "measurement_id": "seismic-dev-gcp-20260105171237.tar.gz", + "measurement_id": "seismic-dev-gcp-20260105211714.tar.gz", "attestation_type": "CloudProvider.GCP-tdx", "measurements": { - "rtmr1": "53a52b6baf43cfb5512e7d31a7392942f45b8a8fe3e265a97d842aa30e0071588d78907102b52517b59ccbeed5393e50", - "rtmr2": "f0c0b9bc3e9ff0adb8da2f5cba294889ab19211ccef8b0b17572bdb85fe9c7b88069776d16839dec390e5a6290fba500" + "rtmr1": "791f162f5ddf2e5fd3411e3c1c1b2696905172af02e3a28d665794a9571b4e0ce867e4695680076eb09e4d6bd2076cc0", + "rtmr2": "569879bf0d25b1f7fe45eaf9bcb9222138ebe1b3f482c62ba1afee6eb34bfe7fa3e40da798c54bb990b0487850cca247" } } }, - "seismic-dev-gcp-20260105194129.tar.gz": { + "seismic-dev-gcp-20260105213931.tar.gz": { "repos": { "enclave": "d6c4badd0ee5639a432e96d3cced228cbf5fa3b3", "sreth": "4141f746b6169f5afeb7a94b9bf087cc2fe35221", "summit": "2435d1b5c762c170cf68a67ef5300052d2d66265" }, "image": { - "measurement_id": "seismic-dev-gcp-20260105194129.tar.gz", + "measurement_id": "seismic-dev-gcp-20260105213931.tar.gz", "attestation_type": "CloudProvider.GCP-tdx", "measurements": { - "rtmr1": "0fe6ebf7930fd14f169126dde7f5c5e6502272b8f21f2968d94af6fe48502dc3bd3d4bb2a59827d15693f971ddabef2c", - "rtmr2": "1fbce1a7530d2f2d48f9fe6cd2b4b63247a461874b8fa44c1dedbb6512467b2b45128188641d198a3ba6d6a59381ec96" + "rtmr1": "f913c622cb1e665d44a4bf13a29d97506200ca1dce73e3baca7adba8f3de436e10efcfc0cb2d1ffabc362ebca41a631a", + "rtmr2": "fcacd15646e24245dff786003c104c100fed55628ec4b70a3be0f120fd52e6d71d7de3971ddb086e4a2aef4594732179" } } } From 4279860b2904b745f56d05eb037d7c8c4d940328 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 5 Jan 2026 23:45:54 +0000 Subject: [PATCH 43/43] architecture --- deploy_metadata.json | 22 +++++++++++++++++++++- yocto/cloud/gcp/api.py | 2 +- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/deploy_metadata.json b/deploy_metadata.json index 7f779418..d946667d 100644 --- a/deploy_metadata.json +++ b/deploy_metadata.json @@ -1,6 +1,26 @@ { "resources": { - "gcp": {} + "gcp": { + "gcp-genesis-13": { + "artifact": "seismic-dev-gcp-20260105213931.tar.gz", + "public_ip": "34.63.184.53", + "domain": { + "url": "https://gcp-13.seismictest.net", + "record": "gcp-13", + "name": "seismictest.net", + "resource_group": "yocto-testnet" + }, + "vm": { + "resourceGroup": "testnet-477314", + "name": "gcp-genesis-13", + "nsgName": "gcp-genesis-13", + "cloud": "gcp", + "region": "us-central1-a", + "size": "c3-standard-4" + }, + "data_disk": "gcp-genesis-13-persistent" + } + } }, "artifacts": { "seismic-dev-gcp-20260105211714.tar.gz": { diff --git a/yocto/cloud/gcp/api.py b/yocto/cloud/gcp/api.py index b6e82029..95fd4e9a 100644 --- a/yocto/cloud/gcp/api.py +++ b/yocto/cloud/gcp/api.py @@ -406,7 +406,7 @@ def _create_disk_from_image( disk.name = disk_name disk.source_image = f"projects/{project}/global/images/{image_name}" disk.type_ = f"projects/{project}/zones/{zone}/diskTypes/{disk_type}" - disk.enable_confidential_compute = True + disk.architecture = "X86_64" operation = disk_client.insert( project=project,