Now CI depends on this repository, needed to make work stable
branches starting stable-1.10
Fixes: #894
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
The bootloader in firecracker on ARM platform only supports kernel
in Portable Executable(PE) format.
So we need `build-kernel.sh` to provide correct kernel image format
when parameter `hypervisor_target`, `-t`, defined with firecracker.
Fixes: #886
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If we want to run the build.sh by using a user this is failing by saying
that `failed to dial gRPC: cannot connect to the Docker daemon...
/var/run/docker.sock: connect: permission denied`. This PR fixes that issue.
Fixes#889
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Linux has embraced another LTS kernel version v5.4.x.
If we, AArch64, update stable guest kernel version
to v5.4.x, we could get rid of huge chunkes of backport
patches under patches/4.19.x/.
Except following configs are penny-defined turned on/off,
all the other are sort of `built-in` defined or inherited
from v4.19.x.
1. CONFIG_IO_URING = y
This option enables support for the io_uring interface.
2. CONFIG_RODATA_FULL_DEFAULT_ENABLED = n
Apply read-only attributes of VM areas to the linear
alias of the backing pages as well.
3. CONFIG_ARM64_TAGGED_ADDR_ABI = n
When this option is enabled, user applications can opt in to
a relaxed ABI allow virtual tagged addresses to be passed to
system calls as pointer arguments.
4. CONFIG_ARM64_PTR_AUTH = n
Pointer authentication provides instructions for signing and
authenticating pointers against secret keys, which can be used to
mitigate Return Oriented Programming (ROP) and other attacks.
Fixes: #882
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Fedora 28 has come to end of life status which makes not possible to
retrieve the repositories while performing an update. This PR removes
this distro with this version so we not longer create and test obs packages
for fedora 28.
Fixes#879
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
As no printk time enabled for arm64, printk and dmesg will show
without timestamp.
This patch enables printk_time in kernel for arm64.
Fixes: #875
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Use `sort -V -r` to sort versions and use a regexp to
make sure the tag has the right format, since not all
tags follow Semantic Versioning 2.0.0.
fixes#872
Signed-off-by: Julio Montes <julio.montes@intel.com>
Overwrite Makefile variable `DISTRO` in order to
build rootfs and initrd images with the right distro.
fixes#868
Signed-off-by: Julio Montes <julio.montes@intel.com>
`get_config_version` should not log anything because it's used
by functions that print a string as return value, hence its return value
can be tainted, i.e `get_config_version`.
fixes#867
Signed-off-by: Julio Montes <julio.montes@intel.com>
Modify existing patch to include EACCES condition to account for files
that do not have write access to be used as a memory backend.
With this not-only files on a read-only filesystem, but files without
write access on a read-write filesystem can be used as a memory
backend in qemu.
This will alow the image to be used read-only by a rootless user as
well.
Fixes#870
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Since kustomize was introduced, we need to take into account the new
paths for our kata-deploy yamls.
Fixes: #865
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This test is not executed at all and it is problematic when
tags are not updated.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
NEW_VERSION may be unbound whereas kata_version should be defined
following manual release process docs and while using github actions.
Use kata_version instead to checkout correct version of patches.
Check if kata_version is not empty before doing so,
as the release may be triggered for master as well.
Fixes#857
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
- release: Fix bug in how version is determined for actions
- kata-deploy: improve debug message, longer cleanup timeout
- v4.19.86: patch update for v4.19.86 on AArch64
- kata-deploy: add k3s support
- ci: Add obs testing for packaging
- kernel: Fix that the help is not printed twice
- obs: Check for broken packages
- kata-deploy: Increase the wait timeout for control plane to come up
- obs: Failed when we have unresolvable packages
- obs: Add fakeroot dependency for ubuntu 19.04
ff20f20 release: Checkout right version of kernel patches
9377c5d release: Fix bug in how version is determined for actions
168709c v4.19.86: patch update for v4.19.86 on AArch64
bbcffc3 kata-deploy: improve debug message, longer cleanup timeout
34ce361 ci: Add obs testing for packaging
0d84085 kernel: Fix that the help is not printed twice
e9bb8e5 kata-deploy: Increase the wait timeout for control plane to come up
37bce87 obs: Check for broken packages
9e716ae kata-deploy: add k3s support
380bd92 kata-deploy: reorganize files to support kustomize
0b9b722 obs: Add fakeroot dependency for ubuntu 19.04
5956065 obs: Failed when we have unresolvable packages
Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
Checkout tag for packaging repo based on env variable NEW_VERSION
or kata_version with kata_version taking precedence.
With this, we checkout to the right version of packaging repo before
applying kernel patches.
Fixes#849
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Althought, we changed the script "gen_versions_txt.sh" to accept a tag
rather than a branch, this change is not sufficient.
This script generates the right version file based on a tag, but
function `get_from_kata_deps` does not use this, and ends up using the
master branch instead. This is because this function looks at an env
variable called $BRANCH and ends up using master branch if the variable
is not defined.
Pass the tag/new version to the build scripts, so that this tag is
passed along to `get_from_kata_dep`.
With this change, the correct version information is consumed by the
build scripts for the various hypervisors and kernel.
Fixes#831
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
we need to do patch update for kernel bump to v4.19.86.
Fixes: #806
Depends-on: github.com/kata-containers/runtime#2185
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
I am seeing tests fail at times waiting for label cleanup. Let's improve
the error message when this fails, and give the control plane a bit more
time, to improve stability of this test.
Fixes: #846
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This will test that is possible to install the obs packages in different
distributions.
Fixes#621
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
While running the build-kernel.sh script with no arguments, the help is
printed twice. This PR will fix that.
Fixes#433
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Recent runs of setting up aks with github workflows shows that a timeout
of 5m is not always sufficent fot aks control plane to come up.
Increase this from 5m to 10m.
Fixes#839
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
By default, k3s uses an embedded containerd. Reconfiguring this
containerd requires modifying a template config file and restarting the
k3s (master node) or k3s-agent (worker node) systemd service.
Signed-off-by: Brandon Wilson <brandon@coil.com>
It seems that to build ksm-throttler, proxy, runtime and shim OBS packages
for ubuntu 19.04, we need fakeroot in order to have unresolvable OBS packages. This adds that dependency so we can build the packages.
Fixes#776
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
We need to fail when we have unresolvable packages as they are not build
correctly.
Fixes#820
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
