mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-04-27 11:31:05 +00:00
1b0d12ab78
This PR updates the libseccompt version to v2.5.5 which includes the following changes: - Update the syscall table for Linux - Fix minor issues with binary tree testing and with empty binary trees Fixes #8883 Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
422 lines
14 KiB
YAML
422 lines
14 KiB
YAML
#
|
|
# Copyright (c) 2018-2023 Intel Corporation
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
---
|
|
description: |
|
|
This file contains version details that are used by various
|
|
repositories for setting up the correct environment to run
|
|
tests and package components.
|
|
|
|
format: |
|
|
Each entry in this file MUST conform to the following format:
|
|
|
|
<group>:
|
|
description: "<brief-description>"
|
|
notes: "<notes>"
|
|
|
|
<project>:
|
|
description: "<brief-description>"
|
|
notes: "<notes>"
|
|
url: "<project-url>"
|
|
issue: "<bug-url>"
|
|
commit: "<commit>"
|
|
version: "<version>"
|
|
uscan-opts: "<optional uscan options>"
|
|
uscan-url: "<url regex for uscan to list versions>"
|
|
release: "<version>"
|
|
branch: "<git-branch>"
|
|
meta:
|
|
<key-1>: "<value-1>"
|
|
<key-n>: "<value-n>"
|
|
|
|
Notes:
|
|
|
|
- All sections (except "meta") MUST include a description where
|
|
applicable. This is expected to be a brief summary.
|
|
|
|
- A section MAY specify a "notes" section which may be multi-line.
|
|
It is expected to be expand on the information specified in
|
|
"description".
|
|
|
|
- All sections (except "meta") MUST include a URL where applicable.
|
|
|
|
- A section MAY specify a bug URL using the "issue" field.
|
|
|
|
- A section MAY define a "meta" section to store additional
|
|
information about a project or group.
|
|
|
|
- Each entry MUST specify ATLEAST one of "commit", "version", "release"
|
|
and "branch".
|
|
|
|
- WARNING: Gotcha alert! Remember to double-quote all strings
|
|
(except multi-line strings)! This avoids the possibility of a
|
|
version containing a period being treated as a floating point
|
|
number (and truncated!)
|
|
|
|
- NOTE: For the uscan related entries, refer to the following uscan pages:
|
|
https://manpages.debian.org/stretch/devscripts/uscan.1.en.html
|
|
https://wiki.debian.org/debian/watch
|
|
Particularly note the 'Common mistakes' section.
|
|
Also note, if you place the uscan strings on single lines in this file then
|
|
'\'s need to be '\'d, so are replaced with '\\', but this does not apply
|
|
for '>-' multi line entries, which can then use the normal uscan syntax.
|
|
|
|
assets:
|
|
description: "Additional required system elements"
|
|
|
|
hypervisor:
|
|
description: "Component used to create virtual machines"
|
|
|
|
cloud_hypervisor:
|
|
description: "Cloud Hypervisor is an open source Virtual Machine Monitor"
|
|
url: "https://github.com/cloud-hypervisor/cloud-hypervisor"
|
|
uscan-url: >-
|
|
https://github.com/cloud-hypervisor/cloud-hypervisor/tags.*/v?(\d\S+)\.tar\.gz
|
|
version: "v36.0"
|
|
|
|
firecracker:
|
|
description: "Firecracker micro-VMM"
|
|
url: "https://github.com/firecracker-microvm/firecracker"
|
|
uscan-url: >-
|
|
https://github.com/firecracker-microvm/firecracker/tags
|
|
.*/v?(\d\S+)\.tar\.gz
|
|
version: "v1.6.0"
|
|
|
|
qemu:
|
|
description: "VMM that uses KVM"
|
|
url: "https://github.com/qemu/qemu"
|
|
version: "v7.2.0"
|
|
tag: "v7.2.0"
|
|
# Do not include any non-full release versions
|
|
# Break the line *without CR or space being appended*, to appease
|
|
# yamllint, and note the deliberate ' ' at the end of the expression.
|
|
uscan-opts: "opts=uversionmangle=s/(\\d)[_\\.\\-\\+]?\
|
|
((RC|rc|pre|dev|beta|alpha)\\d*)$/$1~$2/ "
|
|
uscan-url: >-
|
|
https://github.com/qemu/qemu/tags
|
|
.*/v?(\d\S+)\.tar\.gz
|
|
|
|
qemu-tdx-experimental:
|
|
# yamllint disable-line rule:line-length
|
|
description: "QEMU with TDX support - based on https://github.com/intel/tdx-tools/releases/tag/2023ww15"
|
|
url: "https://github.com/kata-containers/qemu"
|
|
tag: "b67b00e6b4c7831a3f5bc684bc0df7a9bfd1bd56-plus-TDX-v1.10"
|
|
|
|
qemu-snp-experimental:
|
|
description: "QEMU with experimental SNP support (no UPM)"
|
|
url: "https://github.com/AMDESE/qemu"
|
|
tag: "3b6a2b6b7466f6dea53243900b7516c3f29027b7"
|
|
|
|
stratovirt:
|
|
description: "StratoVirt is an lightweight opensource VMM"
|
|
url: "https://github.com/openeuler-mirror/stratovirt"
|
|
version: "v2.3.0"
|
|
|
|
image:
|
|
description: |
|
|
Root filesystem disk image used to boot the guest virtual
|
|
machine.
|
|
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
|
|
architecture:
|
|
aarch64:
|
|
name: &default-image-name "ubuntu"
|
|
version: &default-image-version "latest"
|
|
ppc64le:
|
|
name: *default-image-name
|
|
version: *default-image-version
|
|
s390x:
|
|
name: *default-image-name
|
|
version: *default-image-version
|
|
x86_64:
|
|
name: *default-image-name
|
|
version: *default-image-version
|
|
tdx:
|
|
name: *default-image-name
|
|
version: *default-image-version
|
|
meta:
|
|
image-type: *default-image-name
|
|
|
|
initrd:
|
|
description: |
|
|
Root filesystem initrd used to boot the guest virtual
|
|
machine.
|
|
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
|
|
architecture:
|
|
aarch64:
|
|
name: &default-initrd-name "alpine"
|
|
version: &default-initrd-version "3.18"
|
|
# Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
|
|
# there is no such Rust target
|
|
ppc64le:
|
|
name: &glibc-initrd-name "ubuntu"
|
|
version: &glibc-initrd-version "20.04"
|
|
s390x:
|
|
name: *glibc-initrd-name
|
|
version: *glibc-initrd-version
|
|
x86_64:
|
|
name: *default-initrd-name
|
|
version: *default-initrd-version
|
|
mariner:
|
|
name: "cbl-mariner"
|
|
version: "2.0"
|
|
sev:
|
|
name: *glibc-initrd-name
|
|
version: *glibc-initrd-version
|
|
|
|
kernel:
|
|
description: "Linux kernel optimised for virtual machines"
|
|
url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
|
|
version: "v6.1.62"
|
|
confidential:
|
|
description: "Linux kernel with x86_64 TEEs (SEV, SNP, and TDX) support"
|
|
url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
|
|
version: "v6.7"
|
|
sev:
|
|
description: "Linux kernel that supports SEV and SNP"
|
|
url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
|
|
version: "v5.19.2"
|
|
snp:
|
|
description: "Linux kernel that supports AMD SEV-SNP for VMs"
|
|
url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
|
|
version: "v5.19.2"
|
|
|
|
kernel-arm-experimental:
|
|
description: "Linux kernel with cpu/mem hotplug support on arm64"
|
|
url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
|
|
version: "v5.15.138"
|
|
|
|
kernel-dragonball-experimental:
|
|
description: "Linux kernel with Dragonball VMM optimizations like upcall"
|
|
url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
|
|
version: "v5.10.25"
|
|
|
|
kernel-tdx-experimental:
|
|
# yamllint disable-line rule:line-length
|
|
description: "Linux kernel with TDX support -- based on https://github.com/intel/tdx-tools/releases/tag/2023ww15"
|
|
url: "https://github.com/kata-containers/linux/archive/refs/tags"
|
|
version: "6.2-TDX-v1.8"
|
|
|
|
externals:
|
|
description: "Third-party projects used by the system"
|
|
|
|
cni-plugins:
|
|
description: "CNI network plugins"
|
|
url: "https://github.com/containernetworking/plugins"
|
|
version: "v1.2.0"
|
|
|
|
conmon:
|
|
description: "An OCI container runtime monitor"
|
|
url: "https://github.com/containers/conmon"
|
|
version: "v2.0.10"
|
|
|
|
crio:
|
|
description: |
|
|
OCI-based Kubernetes Container Runtime Interface implementation
|
|
url: "https://github.com/cri-o/cri-o"
|
|
branch: "release-1.23"
|
|
|
|
containerd:
|
|
description: |
|
|
Containerd for Kubernetes Container Runtime Interface.
|
|
url: "github.com/containerd/containerd"
|
|
tarball_url: "https://github.com/containerd/containerd/releases/download"
|
|
# containerd from v1.5.0 used the path unix socket
|
|
# instead of abstract socket, thus kata wouldn's support the containerd's
|
|
# version older than them.
|
|
version: "v1.6.8"
|
|
lts: "v1.6"
|
|
active: "v1.7"
|
|
|
|
critools:
|
|
description: "CLI tool for Container Runtime Interface (CRI)"
|
|
url: "https://github.com/kubernetes-sigs/cri-tools"
|
|
version: "1.23.0"
|
|
# As we don't want to disrupt what we have on the `tests` repo, let's
|
|
# create a "latest" entry and use that for the GitHub actions tests.
|
|
latest: "v1.27"
|
|
|
|
cryptsetup:
|
|
description: "A utility used to setup disk encryption, integrity protection"
|
|
url: "https://gitlab.com/cryptsetup/cryptsetup"
|
|
version: "v2.5.0"
|
|
|
|
gperf:
|
|
description: "GNU gperf is a perfect hash function generator"
|
|
url: "http://ftp.gnu.org/pub/gnu/gperf/"
|
|
version: "3.1"
|
|
|
|
hadolint:
|
|
description: "the dockerfile linter used by static-checks"
|
|
url: "https://github.com/hadolint/hadolint"
|
|
version: "2.12.0"
|
|
|
|
lvm2:
|
|
description: "LVM2 and device-mapper tools and libraries"
|
|
url: "https://github.com/lvmteam/lvm2"
|
|
version: "v2_03_16"
|
|
|
|
kubernetes:
|
|
description: "Kubernetes project container manager"
|
|
url: "https://github.com/kubernetes/kubernetes"
|
|
# regexp formed to match 'd.tar.gz', deliberately to not match any alpha or
|
|
# beta type releases
|
|
uscan-url: >-
|
|
https://github.com/kubernetes/kubernetes/tags
|
|
.*/v?([\d\.]+)\.tar\.gz
|
|
version: "1.23.1-00"
|
|
|
|
libseccomp:
|
|
description: "High level interface to Linux seccomp filter"
|
|
url: "https://github.com/seccomp/libseccomp"
|
|
version: "2.5.5"
|
|
|
|
runc:
|
|
description: "OCI CLI reference runtime implementation"
|
|
url: "https://github.com/opencontainers/runc"
|
|
# Oddly, here we do want rc versions, as there appears to be little else
|
|
# really for runc.
|
|
uscan-url: >-
|
|
https://github.com/opencontainers/runc/tags
|
|
.*/v?(\d\S+)\.tar\.gz
|
|
version: "v1.1.11"
|
|
|
|
nydus:
|
|
description: "Nydus image acceleration service"
|
|
url: "https://github.com/dragonflyoss/image-service"
|
|
version: "v2.2.3"
|
|
|
|
nydus-snapshotter:
|
|
description: "Snapshotter for Nydus image acceleration service"
|
|
url: "https://github.com/containerd/nydus-snapshotter"
|
|
version: "v0.12.0"
|
|
|
|
open-policy-agent:
|
|
description: "Open Policy Agent"
|
|
url: "https://github.com/open-policy-agent/opa"
|
|
version: "v0.55.0"
|
|
meta:
|
|
# - If an OPA package is available for the Guest image distro, that
|
|
# package is used instead of the binary below.
|
|
#
|
|
# - TODO: if an OPA package is not available for the Guest image distro,
|
|
# Kata should cache the OPA source code, toolchain information, etc.
|
|
# OPA should be built from the cached source code instead of downloading
|
|
# this binary.
|
|
#
|
|
# yamllint disable-line rule:line-length
|
|
binary: "https://github.com/open-policy-agent/opa/releases/download/v0.55.0/opa_linux_amd64_static"
|
|
|
|
ovmf:
|
|
description: "Firmware, implementation of UEFI for virtual machines."
|
|
url: "https://github.com/tianocore/edk2"
|
|
x86_64:
|
|
description: "Vanilla firmware build"
|
|
version: "edk2-stable202202"
|
|
package: "OvmfPkg/OvmfPkgX64.dsc"
|
|
package_output_dir: "OvmfX64"
|
|
sev:
|
|
description: "AmdSev build needed for SEV measured direct boot."
|
|
version: "edk2-stable202302"
|
|
package: "OvmfPkg/AmdSev/AmdSevX64.dsc"
|
|
package_output_dir: "AmdSev"
|
|
tdx:
|
|
# yamllint disable-line rule:line-length
|
|
description: "QEMU with TDX support - based on https://github.com/intel/tdx-tools/releases/tag/2023ww15"
|
|
version: "edk2-stable202302"
|
|
package: "OvmfPkg/IntelTdx/IntelTdxX64.dsc"
|
|
package_output_dir: "IntelTdx"
|
|
|
|
td-shim:
|
|
description: "Confidential Containers Shim Firmware"
|
|
url: "https://github.com/confidential-containers/td-shim"
|
|
version: "cf9592ef70bd6ba4c7ab1330d278a743f5ba3133"
|
|
toolchain: "nightly-2022-05-15"
|
|
|
|
virtiofsd:
|
|
description: "vhost-user virtio-fs device backend written in Rust"
|
|
url: "https://gitlab.com/virtio-fs/virtiofsd"
|
|
version: "v1.8.0"
|
|
toolchain: "1.72.0"
|
|
meta:
|
|
# From https://gitlab.com/virtio-fs/virtiofsd/-/releases/v1.8.0,
|
|
# this is the link labelled virtiofsd-v1.8.0.zip
|
|
#
|
|
# yamllint disable-line rule:line-length
|
|
binary: "https://gitlab.com/virtio-fs/virtiofsd/uploads/9ec473efd0203219d016e66aac4190aa/virtiofsd-v1.8.0.zip"
|
|
|
|
xurls:
|
|
description: |
|
|
Tool used by the CI to check URLs in documents and code comments.
|
|
url: "mvdan.cc/xurls/v2/cmd/xurls"
|
|
version: "v2.5.0"
|
|
|
|
languages:
|
|
description: |
|
|
Details of programming languages required to build system
|
|
components.
|
|
|
|
golang:
|
|
description: "Google's 'go' language"
|
|
notes: "'version' is the default minimum version used by this project."
|
|
version: "1.19.3"
|
|
meta:
|
|
description: |
|
|
'newest-version' is the latest version known to work when
|
|
building Kata
|
|
newest-version: "1.19.3"
|
|
|
|
rust:
|
|
description: "Rust language"
|
|
notes: "'version' is the default minimum version used by this project."
|
|
version: "1.72.0"
|
|
meta:
|
|
description: |
|
|
'newest-version' is the latest version known to work when
|
|
building Kata
|
|
newest-version: "1.72.0"
|
|
|
|
golangci-lint:
|
|
description: "golangci-lint"
|
|
notes: "'version' is the default minimum version used by this project."
|
|
url: "github.com/golangci/golangci-lint"
|
|
version: "1.50.1"
|
|
meta:
|
|
description: |
|
|
'newest-version' is the latest version known to work when
|
|
building Kata
|
|
newest-version: "1.50.1"
|
|
|
|
specs:
|
|
description: "Details of important specifications"
|
|
|
|
oci:
|
|
description: "Open Containers Initiative runtime specification"
|
|
url: "https://github.com/opencontainers/runtime-spec/releases"
|
|
uscan-url: >-
|
|
https://github.com/opencontainers/runtime-spec/tags
|
|
.*/v?(\d\S+)\.tar\.gz
|
|
version: "v1.0.2"
|
|
|
|
plugins:
|
|
description: |
|
|
Details of plugins required for the components or testing.
|
|
|
|
sriov-network-device:
|
|
description: |
|
|
The SR-IOV network device plugin is Kubernetes device plugin for
|
|
discovering and advertising SR-IOV virtual functions (VFs)
|
|
available on a Kubernetes host.
|
|
url: "https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin"
|
|
version: "b7f6d3e0679796e907ecca88cfab0e32e326850d"
|
|
|
|
docker_images:
|
|
description: "Docker hub images used for testing"
|
|
|
|
nginx:
|
|
description: "Proxy server for HTTP, HTTPS, SMTP, POP3 and IMAP protocols"
|
|
url: "https://hub.docker.com/_/nginx/"
|
|
version: "1.15-alpine"
|