common/DAX:
- ARCH_ENABLE_MEMORY_HOTPLUG: not needed (auto-selected)
- ARCH_HAS_ZONE_DEVICE: already automatically selected. This is
also removed in future kernels, so let's go ahead and drop.
- RADIX_TREE_MULTIORDER: already autoselected, and dropped in future
kernels
common/net:
- NF_NAT_NEEDED, NF_NAT_PROTO_*: these don't exist in newer kernels, as
they are refactored and unecessary in the upstream kernel. Keep them for
now, but consider dropping if we move to newer LTS. These are part of
whitelist of options we expect to be dropped with newer kernels in our
fragment building.
- NF_NAT_MASQUERADE_IPV4: this is a select, not a tristate. Also, in
the future much of the ipv4/ipv6 nat code is combined, so this config
will not exist in newer kernels. Dropped.
- INET6_XFRM_MODE_* are not needed on newer kernels. While I'm not
confident they are needed today for Kata, we will just note them and add
to whitelist for options we expect to be dropped with newer kernels in
our fragment building.
- MAY_USE_DEVLINK: removed in future kernels, and should not be needed
anyway. Dropped.
x86_64/DAX:
- ARCH_HAS_HMM: should not be needed, and is dropped in future kernels.
Dropped
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
These will be handled directly from virtio-fs gitlab, which is utilized
when experimental support is requested in kernel build.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Experimental kernel is much newer, and many configuration options have
dropped since 4.19. Let's use a whitelist to itemize what we expect to
be dropped in the final config if experimental kernel us utilized.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This isn't available in the baseline kernel, necessarily. Only
add these config options if an experimental kernel is being used.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Adding option `-e` to support experimental flag. When selected, the
kernel for virtio-fs is utilized instead of standard kernel.org.
This is a bit more hack-ish than I'd prefer, sorry.
Fixes: #700
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Create symlink to patches directory, the list of patches will be
included in the spec and rules files.
Signed-off-by: Julio Montes <julio.montes@intel.com>
- Run depends-on for packaging CI.
- Change were yq is installed
Depends-on: github.com/kata-containers/runtime#1996
Fixes: #683
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
In order to trim the list of devices, default-configs/i386-softmmu.mak must
be copied after having configured QEMU. This change helps to reduce the
attack surface and the QEMU binary size.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Upgrade the container before building qemu and nemu in order to install
the latest fixes for the CVEs.
fixes#676
Signed-off-by: Julio Montes <julio.montes@intel.com>
Do not use cache to build the docker images that build static qemu and nemu.
The latest version of the packages must be installed, since they may include
the fixes for theirs CVEs.
Signed-off-by: Julio Montes <julio.montes@intel.com>
In theory the latest ubuntu long term may have less CVE than previous versions,
so let's use it to build the static QEMU.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use the rootfs image by defult since performance is better,
smaller memory footprint and boot time.
fixes#667
Signed-off-by: Julio Montes <julio.montes@intel.com>
Upgrade openSUSE Leap version from 42.3 to the latest 15.1, since 42.3
version is now discontinued.
Fixes: #637
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Fix `arch` assignment and define `Dockerfile` variable to avoid
usage of unbound variables.
fixes#671
Signed-off-by: Julio Montes <julio.montes@intel.com>
The job to wait for packages are built is failing randomly.
Seems that sometimes the command is not returning and expected
out out and may be mask by the
`while osc pr | grep; done`
This probably can fail at osc pr but because it failed at
osc and not grep we consider is working.
- We check for more states that we consider not ready,
like excluded or blocked.
First query the result, if fail the script will stop,
if not then try to find the string `state=building`.
Additionally, check for failed jobs in the same query to
stop the job earlier.
Fixes: #665
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
OBS fails because of a syntax error in debian.rules
```
/bin/sh: 1: Syntax error: end of file unexpected (expecting "fi")
```
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use master branch to test the snap in order to detect errors earlier
before releasing the next snap
fixes#663
Signed-off-by: Julio Montes <julio.montes@intel.com>
