Linux has embraced another LTS kernel version v5.4.x.
Update the kernel config for Power as well.
Fixes: #936
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
yq is not exploding anchors anymore and requiere an extra flag.
Add flag to fix CI.
Fixes: #934
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Since we don't know how many CPUs can have the host, we should
use the maximum number of CPUs supported by KVM (240).
255 is the maximum number of CPUs supported in the kernel, but the
maximmum number of CPUs recommended by KVM is 240, if more than 240
CPUs are used, next error will be returned by QEMU
```
Number of hotpluggable cpus requested (255) exceeds the
recommended cpus supported by KVM (240)
```
fixes#922fixeskata-containers/runtime#2413
Signed-off-by: Julio Montes <julio.montes@intel.com>
Although CONFIG_IPV6 is enabled, this additional config is
needed so that multiple route tables are used for ipv6.
Without this, the kernel adds routes for "fe80::/64"
with proto kernel in the main table instead of the
local routing table.
This makes the behaviour similar to regular containers.
Fixes#920
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
If already exit do not clone it, but fetch.
Fetch will keep repository is up-to-date before checkout.
Fixes: #911
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
kata-containers is now part of the release processs.
Lets update the version for that repository.
Fixes: #905
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Firecracker needs CONFIG_X86_MPPARSE to support `vcpu_count`, otherwise the
amount of cpus wil always be 1.
fixes#901
Signed-off-by: Julio Montes <julio.montes@intel.com>
We still were adding NEMU binaries - remove, and make sure we create a
kata-clh file for kata-deploy binaries.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
1. AKS based action updated to be run from either packaging or remote
repository. We will only clone kata-deploy for yaml/scripts/tests if we
are running the action outside of the packaging repo. If in packaging,
the bits are already included. Misc. cleanup as well.
2. Workflow introduced which leverages the updated AKS action. This will
allow testing of packaging changes to kata-deploy.
The workflow itself uses the following github action: xt0rted/slash-command-action
The workflow will create a kata-deploy container image based off of the latest
release, utilizing the latest released Kata artifacts off of master. It
will then use the AKS kata-deploy GitHub action.
Users with admin access on the repo can trigger this test by:
/test kata-deploy
Fixes: #845
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Now that we have obs packages for ubuntu 19.04, we should add it in the
testing script.
Fixes#884
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Now CI depends on this repository, needed to make work stable
branches starting stable-1.10
Fixes: #894
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
The bootloader in firecracker on ARM platform only supports kernel
in Portable Executable(PE) format.
So we need `build-kernel.sh` to provide correct kernel image format
when parameter `hypervisor_target`, `-t`, defined with firecracker.
Fixes: #886
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If we want to run the build.sh by using a user this is failing by saying
that `failed to dial gRPC: cannot connect to the Docker daemon...
/var/run/docker.sock: connect: permission denied`. This PR fixes that issue.
Fixes#889
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Linux has embraced another LTS kernel version v5.4.x.
If we, AArch64, update stable guest kernel version
to v5.4.x, we could get rid of huge chunkes of backport
patches under patches/4.19.x/.
Except following configs are penny-defined turned on/off,
all the other are sort of `built-in` defined or inherited
from v4.19.x.
1. CONFIG_IO_URING = y
This option enables support for the io_uring interface.
2. CONFIG_RODATA_FULL_DEFAULT_ENABLED = n
Apply read-only attributes of VM areas to the linear
alias of the backing pages as well.
3. CONFIG_ARM64_TAGGED_ADDR_ABI = n
When this option is enabled, user applications can opt in to
a relaxed ABI allow virtual tagged addresses to be passed to
system calls as pointer arguments.
4. CONFIG_ARM64_PTR_AUTH = n
Pointer authentication provides instructions for signing and
authenticating pointers against secret keys, which can be used to
mitigate Return Oriented Programming (ROP) and other attacks.
Fixes: #882
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Fedora 28 has come to end of life status which makes not possible to
retrieve the repositories while performing an update. This PR removes
this distro with this version so we not longer create and test obs packages
for fedora 28.
Fixes#879
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
As no printk time enabled for arm64, printk and dmesg will show
without timestamp.
This patch enables printk_time in kernel for arm64.
Fixes: #875
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Use `sort -V -r` to sort versions and use a regexp to
make sure the tag has the right format, since not all
tags follow Semantic Versioning 2.0.0.
fixes#872
Signed-off-by: Julio Montes <julio.montes@intel.com>
Overwrite Makefile variable `DISTRO` in order to
build rootfs and initrd images with the right distro.
fixes#868
Signed-off-by: Julio Montes <julio.montes@intel.com>
`get_config_version` should not log anything because it's used
by functions that print a string as return value, hence its return value
can be tainted, i.e `get_config_version`.
fixes#867
Signed-off-by: Julio Montes <julio.montes@intel.com>
Modify existing patch to include EACCES condition to account for files
that do not have write access to be used as a memory backend.
With this not-only files on a read-only filesystem, but files without
write access on a read-write filesystem can be used as a memory
backend in qemu.
This will alow the image to be used read-only by a rootless user as
well.
Fixes#870
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Since kustomize was introduced, we need to take into account the new
paths for our kata-deploy yamls.
Fixes: #865
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This test is not executed at all and it is problematic when
tags are not updated.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
NEW_VERSION may be unbound whereas kata_version should be defined
following manual release process docs and while using github actions.
Use kata_version instead to checkout correct version of patches.
Check if kata_version is not empty before doing so,
as the release may be triggered for master as well.
Fixes#857
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
