Experimental kernel is much newer, and many configuration options have
dropped since 4.19. Let's use a whitelist to itemize what we expect to
be dropped in the final config if experimental kernel us utilized.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This isn't available in the baseline kernel, necessarily. Only
add these config options if an experimental kernel is being used.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Adding option `-e` to support experimental flag. When selected, the
kernel for virtio-fs is utilized instead of standard kernel.org.
This is a bit more hack-ish than I'd prefer, sorry.
Fixes: #700
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Create symlink to patches directory, the list of patches will be
included in the spec and rules files.
Signed-off-by: Julio Montes <julio.montes@intel.com>
- Run depends-on for packaging CI.
- Change were yq is installed
Depends-on: github.com/kata-containers/runtime#1996
Fixes: #683
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
In order to trim the list of devices, default-configs/i386-softmmu.mak must
be copied after having configured QEMU. This change helps to reduce the
attack surface and the QEMU binary size.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Upgrade the container before building qemu and nemu in order to install
the latest fixes for the CVEs.
fixes#676
Signed-off-by: Julio Montes <julio.montes@intel.com>
Do not use cache to build the docker images that build static qemu and nemu.
The latest version of the packages must be installed, since they may include
the fixes for theirs CVEs.
Signed-off-by: Julio Montes <julio.montes@intel.com>
In theory the latest ubuntu long term may have less CVE than previous versions,
so let's use it to build the static QEMU.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use the rootfs image by defult since performance is better,
smaller memory footprint and boot time.
fixes#667
Signed-off-by: Julio Montes <julio.montes@intel.com>
Upgrade openSUSE Leap version from 42.3 to the latest 15.1, since 42.3
version is now discontinued.
Fixes: #637
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Fix `arch` assignment and define `Dockerfile` variable to avoid
usage of unbound variables.
fixes#671
Signed-off-by: Julio Montes <julio.montes@intel.com>
The job to wait for packages are built is failing randomly.
Seems that sometimes the command is not returning and expected
out out and may be mask by the
`while osc pr | grep; done`
This probably can fail at osc pr but because it failed at
osc and not grep we consider is working.
- We check for more states that we consider not ready,
like excluded or blocked.
First query the result, if fail the script will stop,
if not then try to find the string `state=building`.
Additionally, check for failed jobs in the same query to
stop the job earlier.
Fixes: #665
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
OBS fails because of a syntax error in debian.rules
```
/bin/sh: 1: Syntax error: end of file unexpected (expecting "fi")
```
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use master branch to test the snap in order to detect errors earlier
before releasing the next snap
fixes#663
Signed-off-by: Julio Montes <julio.montes@intel.com>
In order to improve the security of Kata, nothing should be able to modify
the images. It would be really bad if a malicious container or process
modified them.
fixes#631
Signed-off-by: Julio Montes <julio.montes@intel.com>
