From 170f5ad87ead6e4ee72ed358791d1041648c92c5 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Mon, 15 Jan 2018 17:28:58 +0000 Subject: [PATCH 1/6] vendor: Update moby tool to latest This includes support for CPU microcode handling Signed-off-by: Rolf Neugebauer --- src/cmd/linuxkit/vendor.conf | 2 +- .../github.com/moby/tool/src/initrd/initrd.go | 11 ++- .../github.com/moby/tool/src/moby/build.go | 56 ++++++++++---- .../github.com/moby/tool/src/moby/config.go | 4 + .../github.com/moby/tool/src/moby/linuxkit.go | 2 +- .../github.com/moby/tool/src/moby/output.go | 77 +++++++++++++------ .../github.com/moby/tool/src/moby/schema.go | 3 +- 7 files changed, 112 insertions(+), 43 deletions(-) diff --git a/src/cmd/linuxkit/vendor.conf b/src/cmd/linuxkit/vendor.conf index d88d035c3..10c267284 100644 --- a/src/cmd/linuxkit/vendor.conf +++ b/src/cmd/linuxkit/vendor.conf @@ -26,7 +26,7 @@ github.com/moby/datakit 97b3d230535397a813323902c23751e176481a86 github.com/moby/hyperkit a12cd7250bcd8d689078e3e42ae4a7cf6a0cbaf3 # When updating also: # curl -fsSL -o src/cmd/linuxkit/build.go https://raw.githubusercontent.com/moby/tool/«hash»/cmd/moby/build.go -github.com/moby/tool f816553d2fc58638f6904fddedd13c36d237b498 +github.com/moby/tool 57b6e2ab947104d47fd60e5af0e34d0edeb9421c github.com/moby/vpnkit 0e4293bb1058598c4b0a406ed171f52573ef414c github.com/opencontainers/go-digest 21dfd564fd89c944783d00d069f33e3e7123c448 github.com/opencontainers/image-spec v1.0.0 diff --git a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/initrd/initrd.go b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/initrd/initrd.go index d479fdf42..2a4a27a06 100644 --- a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/initrd/initrd.go +++ b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/initrd/initrd.go @@ -110,13 +110,13 @@ func CopyTar(w *Writer, r *tar.Reader) (written int64, err error) { } } -// CopySplitTar copies a tar stream into an initrd, but splits out kernel and cmdline -func CopySplitTar(w *Writer, r *tar.Reader) (kernel []byte, cmdline string, err error) { +// CopySplitTar copies a tar stream into an initrd, but splits out kernel, cmdline, and ucode +func CopySplitTar(w *Writer, r *tar.Reader) (kernel []byte, cmdline string, ucode []byte, err error) { for { var thdr *tar.Header thdr, err = r.Next() if err == io.EOF { - return kernel, cmdline, nil + return kernel, cmdline, ucode, nil } if err != nil { return @@ -134,6 +134,11 @@ func CopySplitTar(w *Writer, r *tar.Reader) (kernel []byte, cmdline string, err return } cmdline = string(buf) + case "boot/ucode.cpio": + ucode, err = ioutil.ReadAll(r) + if err != nil { + return + } case "boot": // skip this entry default: diff --git a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/build.go b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/build.go index 2575428d4..bdd8c79ea 100644 --- a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/build.go +++ b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/build.go @@ -176,9 +176,9 @@ func Build(m Moby, w io.Writer, pull bool, tp string) error { dupMap := map[string]string{} if m.Kernel.ref != nil { - // get kernel and initrd tarball from container + // get kernel and initrd tarball and ucode cpio archive from container log.Infof("Extract kernel image: %s", m.Kernel.ref) - kf := newKernelFilter(iw, m.Kernel.Cmdline, m.Kernel.Binary, m.Kernel.Tar) + kf := newKernelFilter(iw, m.Kernel.Cmdline, m.Kernel.Binary, m.Kernel.Tar, m.Kernel.UCode) err := ImageTar(m.Kernel.ref, "", kf, enforceContentTrust(m.Kernel.ref.String(), &m.Trust), pull, "") if err != nil { return fmt.Errorf("Failed to extract kernel image and tarball: %v", err) @@ -259,13 +259,15 @@ type kernelFilter struct { cmdline string kernel string tar string + ucode string discard bool foundKernel bool foundKTar bool + foundUCode bool } -func newKernelFilter(tw *tar.Writer, cmdline string, kernel string, tar *string) *kernelFilter { - tarName, kernelName := "kernel.tar", "kernel" +func newKernelFilter(tw *tar.Writer, cmdline string, kernel string, tar, ucode *string) *kernelFilter { + tarName, kernelName, ucodeName := "kernel.tar", "kernel", "" if tar != nil { tarName = *tar if tarName == "none" { @@ -275,7 +277,10 @@ func newKernelFilter(tw *tar.Writer, cmdline string, kernel string, tar *string) if kernel != "" { kernelName = kernel } - return &kernelFilter{tw: tw, cmdline: cmdline, kernel: kernelName, tar: tarName} + if ucode != nil { + ucodeName = *ucode + } + return &kernelFilter{tw: tw, cmdline: cmdline, kernel: kernelName, tar: tarName, ucode: ucodeName} } func (k *kernelFilter) finishTar() error { @@ -329,16 +334,19 @@ func (k *kernelFilter) WriteHeader(hdr *tar.Header) error { } k.foundKernel = true k.discard = false - whdr := &tar.Header{ - Name: "boot", - Mode: 0755, - Typeflag: tar.TypeDir, - } - if err := tw.WriteHeader(whdr); err != nil { - return err + // If we handled the ucode, /boot already exist. + if !k.foundUCode { + whdr := &tar.Header{ + Name: "boot", + Mode: 0755, + Typeflag: tar.TypeDir, + } + if err := tw.WriteHeader(whdr); err != nil { + return err + } } // add the cmdline in /boot/cmdline - whdr = &tar.Header{ + whdr := &tar.Header{ Name: "boot/cmdline", Mode: 0644, Size: int64(len(k.cmdline)), @@ -363,6 +371,28 @@ func (k *kernelFilter) WriteHeader(hdr *tar.Header) error { k.foundKTar = true k.discard = false k.buffer = new(bytes.Buffer) + case k.ucode: + k.foundUCode = true + k.discard = false + // If we handled the kernel, /boot already exist. + if !k.foundKernel { + whdr := &tar.Header{ + Name: "boot", + Mode: 0755, + Typeflag: tar.TypeDir, + } + if err := tw.WriteHeader(whdr); err != nil { + return err + } + } + whdr := &tar.Header{ + Name: "boot/ucode.cpio", + Mode: hdr.Mode, + Size: hdr.Size, + } + if err := tw.WriteHeader(whdr); err != nil { + return err + } default: k.discard = true } diff --git a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/config.go b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/config.go index ac2ef3884..fc1107d5a 100644 --- a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/config.go +++ b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/config.go @@ -36,6 +36,7 @@ type KernelConfig struct { Cmdline string `yaml:"cmdline,omitempty" json:"cmdline,omitempty"` Binary string `yaml:"binary,omitempty" json:"binary,omitempty"` Tar *string `yaml:"tar,omitempty" json:"tar,omitempty"` + UCode *string `yaml:"ucode,omitempty" json:"ucode,omitempty"` ref *reference.Spec } @@ -289,6 +290,9 @@ func AppendConfig(m0, m1 Moby) (Moby, error) { if m1.Kernel.Tar != nil { moby.Kernel.Tar = m1.Kernel.Tar } + if m1.Kernel.UCode != nil { + moby.Kernel.UCode = m1.Kernel.UCode + } if m1.Kernel.ref != nil { moby.Kernel.ref = m1.Kernel.ref } diff --git a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/linuxkit.go b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/linuxkit.go index 67449e372..bc15a0896 100644 --- a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/linuxkit.go +++ b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/linuxkit.go @@ -72,7 +72,7 @@ func ensureLinuxkitImage(name string) error { return err } defer image.Close() - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } diff --git a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/output.go b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/output.go index 5cd649104..e21a70b3a 100644 --- a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/output.go +++ b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/output.go @@ -27,22 +27,22 @@ const ( var outFuns = map[string]func(string, io.Reader, int) error{ "kernel+initrd": func(base string, image io.Reader, size int) error { - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, ucode, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } - err = outputKernelInitrd(base, kernel, initrd, cmdline) + err = outputKernelInitrd(base, kernel, initrd, cmdline, ucode) if err != nil { return fmt.Errorf("Error writing kernel+initrd output: %v", err) } return nil }, "tar-kernel-initrd": func(base string, image io.Reader, size int) error { - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, ucode, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } - if err := outputKernelInitrdTarball(base, kernel, initrd, cmdline); err != nil { + if err := outputKernelInitrdTarball(base, kernel, initrd, cmdline, ucode); err != nil { return fmt.Errorf("Error writing kernel+initrd tarball output: %v", err) } return nil @@ -62,10 +62,11 @@ var outFuns = map[string]func(string, io.Reader, int) error{ return nil }, "raw-bios": func(base string, image io.Reader, size int) error { - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } + // TODO: Handle ucode err = outputImg(rawBios, base+"-bios.img", kernel, initrd, cmdline) if err != nil { return fmt.Errorf("Error writing raw-bios output: %v", err) @@ -73,7 +74,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{ return nil }, "raw-efi": func(base string, image io.Reader, size int) error { - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } @@ -86,7 +87,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{ "aws": func(base string, image io.Reader, size int) error { filename := base + ".raw" log.Infof(" %s", filename) - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } @@ -97,7 +98,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{ return nil }, "gcp": func(base string, image io.Reader, size int) error { - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } @@ -110,10 +111,11 @@ var outFuns = map[string]func(string, io.Reader, int) error{ "qcow2-bios": func(base string, image io.Reader, size int) error { filename := base + ".qcow2" log.Infof(" %s", filename) - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } + // TODO: Handle ucode err = outputLinuxKit("qcow2", filename, kernel, initrd, cmdline, size) if err != nil { return fmt.Errorf("Error writing qcow2 output: %v", err) @@ -121,7 +123,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{ return nil }, "vhd": func(base string, image io.Reader, size int) error { - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } @@ -132,7 +134,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{ return nil }, "dynamic-vhd": func(base string, image io.Reader, size int) error { - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } @@ -143,7 +145,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{ return nil }, "vmdk": func(base string, image io.Reader, size int) error { - kernel, initrd, cmdline, err := tarToInitrd(image) + kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } @@ -220,16 +222,16 @@ func Formats(base string, image string, formats []string, size int) error { return nil } -func tarToInitrd(r io.Reader) ([]byte, []byte, string, error) { +func tarToInitrd(r io.Reader) ([]byte, []byte, string, []byte, error) { w := new(bytes.Buffer) iw := initrd.NewWriter(w) tr := tar.NewReader(r) - kernel, cmdline, err := initrd.CopySplitTar(iw, tr) + kernel, cmdline, ucode, err := initrd.CopySplitTar(iw, tr) if err != nil { - return []byte{}, []byte{}, "", err + return []byte{}, []byte{}, "", []byte{}, err } iw.Close() - return kernel, w.Bytes(), cmdline, nil + return kernel, w.Bytes(), cmdline, ucode, nil } func tarInitrdKernel(kernel, initrd []byte, cmdline string) (*bytes.Buffer, error) { @@ -314,21 +316,35 @@ func outputRPi3(image, filename string, filesystem io.Reader) error { return dockerRun(filesystem, output, true, image) } -func outputKernelInitrd(base string, kernel []byte, initrd []byte, cmdline string) error { +func outputKernelInitrd(base string, kernel []byte, initrd []byte, cmdline string, ucode []byte) error { log.Debugf("output kernel/initrd: %s %s", base, cmdline) - log.Infof(" %s %s %s", base+"-kernel", base+"-initrd.img", base+"-cmdline") - err := ioutil.WriteFile(base+"-initrd.img", initrd, os.FileMode(0644)) - if err != nil { - return err + + if len(ucode) != 0 { + log.Infof(" %s ucode+%s %s", base+"-kernel", base+"-initrd.img", base+"-cmdline") + if err := ioutil.WriteFile(base+"-initrd.img", ucode, os.FileMode(0644)); err != nil { + return err + } + f, err := os.OpenFile(base+"-initrd.img", os.O_APPEND|os.O_WRONLY, 0644) + if err != nil { + return err + } + defer f.Close() + if _, err = f.Write(initrd); err != nil { + return err + } + } else { + log.Infof(" %s %s %s", base+"-kernel", base+"-initrd.img", base+"-cmdline") + if err := ioutil.WriteFile(base+"-initrd.img", initrd, os.FileMode(0644)); err != nil { + return err + } } - err = ioutil.WriteFile(base+"-kernel", kernel, os.FileMode(0644)) - if err != nil { + if err := ioutil.WriteFile(base+"-kernel", kernel, os.FileMode(0644)); err != nil { return err } return ioutil.WriteFile(base+"-cmdline", []byte(cmdline), os.FileMode(0644)) } -func outputKernelInitrdTarball(base string, kernel []byte, initrd []byte, cmdline string) error { +func outputKernelInitrdTarball(base string, kernel []byte, initrd []byte, cmdline string, ucode []byte) error { log.Debugf("output kernel/initrd tarball: %s %s", base, cmdline) log.Infof(" %s", base+"-initrd.tar") f, err := os.Create(base + "-initrd.tar") @@ -370,5 +386,18 @@ func outputKernelInitrdTarball(base string, kernel []byte, initrd []byte, cmdlin if _, err := tw.Write([]byte(cmdline)); err != nil { return err } + if len(ucode) != 0 { + hdr := &tar.Header{ + Name: "ucode.cpio", + Mode: 0644, + Size: int64(len(ucode)), + } + if err := tw.WriteHeader(hdr); err != nil { + return err + } + if _, err := tw.Write(ucode); err != nil { + return err + } + } return tw.Close() } diff --git a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/schema.go b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/schema.go index 2ca2c3c4f..7c2771214 100644 --- a/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/schema.go +++ b/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/schema.go @@ -13,7 +13,8 @@ var schema = string(` "image": {"type": "string"}, "cmdline": {"type": "string"}, "binary": {"type": "string"}, - "tar": {"type": "string"} + "tar": {"type": "string"}, + "ucode": {"type": "string"} } }, "file": { From eb6459f6ed714023064758c7307f59feaa3db2b2 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Mon, 15 Jan 2018 17:42:47 +0000 Subject: [PATCH 2/6] packet: Add inte-ucode.cpio to packet example and override it for the arm64 add on Signed-off-by: Rolf Neugebauer --- examples/packet.arm64.yml | 10 ++++++++++ examples/packet.yml | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/examples/packet.arm64.yml b/examples/packet.arm64.yml index 4ee5c3bfc..d15b44f62 100644 --- a/examples/packet.arm64.yml +++ b/examples/packet.arm64.yml @@ -1,3 +1,13 @@ +# This YAML snippet is to be used in conjunction with packet.yml to +# build a arm64 image for packet.net. It adds a modprobe of the NIC +# driver and overrides the kernel section to disable prepending the +# Intel CPU microcode to the initrd. If writing a YAML specifically +# for arm64 then the 'ucode' line in the kernel section can be left +# out. +kernel: + image: linuxkit/kernel:4.9.76 + cmdline: "console=ttyAMA0" + ucode: "" onboot: - name: modprobe image: linuxkit/modprobe:1a192d168adadec47afa860e3fc874fbc2a823ff diff --git a/examples/packet.yml b/examples/packet.yml index 3df470f79..1aaf99c3b 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -1,6 +1,7 @@ kernel: image: linuxkit/kernel:4.9.76 - cmdline: "console=ttyS1 console=ttyAMA0" + cmdline: console=ttyS1 + ucode: intel-ucode.cpio init: - linuxkit/init:f7a3d03face99e933626533a3381ae4476fbc8de - linuxkit/runc:7b15b00b4e3507d62e3ed8d44dfe650561cd35ff From f09d0227bc9057c49e21198b39df5ecccb630331 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Mon, 15 Jan 2018 18:10:33 +0000 Subject: [PATCH 3/6] doc: Update packet.net doc wrt to Intel CPU microcode update Signed-off-by: Rolf Neugebauer --- docs/platform-packet.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/platform-packet.md b/docs/platform-packet.md index d830b1afe..56f32fb59 100644 --- a/docs/platform-packet.md +++ b/docs/platform-packet.md @@ -34,6 +34,13 @@ an additional YAML for [arm64](../examples/packet.arm64.yml) servers which provide both access to the serial console and via ssh and configures bonding for network devices via metadata (if supported). +For x86_64 builds for Intel servers we strongly recommend adding +`ucode: intel-ucode.cpio` to the kernel section in the YAML. This +updates the Intel CPU microcode to the latest by prepending it to the +generated initrd file. The `ucode` entry is only recommended when +booting on baremetal. It should be omitted (but is harmless) when +building images to boot in VMs. + **Note**: The update of the iPXE configuration sometimes may take some time and the first boot may fail. Hitting return on the console to retry the boot typically fixes this. From 1d9c4361c007b77b69ba96692af878fdf66ed361 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 16 Jan 2018 15:16:24 +0000 Subject: [PATCH 4/6] pkg/firmware: Add a package with firmware required by enabled device drivers This new 'firmware' package contains the firmware blobs required by the device drivers in a LinuxKit kernel. The list of required blobs is determined by calling 'modinfo' on each module. We also unconditionally include the AMD CPU microcode and the licence files. Signed-off-by: Rolf Neugebauer --- pkg/firmware/Dockerfile | 44 +++++++++++++++++++++++++++++++++++++++++ pkg/firmware/README.md | 12 +++++++++++ pkg/firmware/build.yml | 2 ++ 3 files changed, 58 insertions(+) create mode 100644 pkg/firmware/Dockerfile create mode 100644 pkg/firmware/README.md create mode 100644 pkg/firmware/build.yml diff --git a/pkg/firmware/Dockerfile b/pkg/firmware/Dockerfile new file mode 100644 index 000000000..c36fa5ce5 --- /dev/null +++ b/pkg/firmware/Dockerfile @@ -0,0 +1,44 @@ +# Make modules from a recentish kernel available +FROM linuxkit/kernel:4.14.12 AS kernel + +FROM linuxkit/alpine:34518265c6cb63ff02074549cc5b64bef40c336f AS build +RUN apk add --no-cache git kmod + +# Clone the firmware repository +# Make sure you also update the FW_COMMIT in ../firmware-all/Dockerfile +ENV FW_URL=git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git +ENV FW_COMMIT=65b1c68c63f974d72610db38dfae49861117cae2 +WORKDIR / +RUN git clone ${FW_URL} && \ + cd /linux-firmware && \ + git checkout ${FW_COMMIT} + +# Copy files we always need/want: Licenses, docs and AMD CPU microcode +WORKDIR /linux-firmware +RUN set -e && \ + mkdir -p /out/lib/firmware && \ + cp README WHENCE /out/lib/firmware && \ + cp GPL-? LICENSE.* LICENCE.* /out/lib/firmware && \ + case $(uname -m) in \ + x86_64) \ + cp -r amd-ucode /out/lib/firmware; \ + ;; \ + esac + +# Extract kernel modules for +WORKDIR / +COPY --from=kernel /kernel.tar /kernel.tar +RUN tar xf /kernel.tar + +# Copy files required by the modules +RUN set -e && \ + for fw in $(find /lib/modules -name \*.ko -exec modinfo --field=firmware {} \;); do \ + mkdir -p "/out/lib/firmware/$fw" && \ + cp "/linux-firmware/$fw" "/out/lib/firmware/$fw"; \ + done + +FROM scratch +WORKDIR / +ENTRYPOINT [] +COPY --from=build /out/lib/ /lib/ + diff --git a/pkg/firmware/README.md b/pkg/firmware/README.md new file mode 100644 index 000000000..c901225cb --- /dev/null +++ b/pkg/firmware/README.md @@ -0,0 +1,12 @@ +The `firmware` package contains updated firmware files required by any +driver compiled as a module. Based on the modules included in a recent +LinuxKit kernel, copy the required firmware binaries as reported by +'modinfo'. We deliberately do *not* pick the latest version here to +prevent it being updated on kernel updates. Firmware revisions do not +change very often and we expect older and newer kernels to work with a +range of firmware binaries. + +Note: The current mechanism only handles firmware blobs required by +modules and ignores firmware blobs required by drivers compiled into +the kernel. However, with the LinuxKit kernels we typically compile +all hardware drivers as modules. diff --git a/pkg/firmware/build.yml b/pkg/firmware/build.yml new file mode 100644 index 000000000..1a926eabc --- /dev/null +++ b/pkg/firmware/build.yml @@ -0,0 +1,2 @@ +image: firmware +network: true From aa2791a6dd6bdc0142abbe44bb6d00145c0c6ef3 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 16 Jan 2018 12:19:00 +0000 Subject: [PATCH 5/6] pkg/firmware-all: Add package containing all Linux Firmware blobs This package is primarily for users of custom or foreign kernels which may have drivers enabled for which the 'firmware' package does not contain the firmware blobs. Signed-off-by: Rolf Neugebauer --- pkg/firmware-all/Dockerfile | 19 +++++++++++++++++++ pkg/firmware-all/README.md | 8 ++++++++ pkg/firmware-all/build.yml | 2 ++ 3 files changed, 29 insertions(+) create mode 100644 pkg/firmware-all/Dockerfile create mode 100644 pkg/firmware-all/README.md create mode 100644 pkg/firmware-all/build.yml diff --git a/pkg/firmware-all/Dockerfile b/pkg/firmware-all/Dockerfile new file mode 100644 index 000000000..2b5294530 --- /dev/null +++ b/pkg/firmware-all/Dockerfile @@ -0,0 +1,19 @@ +FROM linuxkit/alpine:34518265c6cb63ff02074549cc5b64bef40c336f AS build +RUN apk add --no-cache git + +# Make sure you also update the FW_COMMIT in ../firmware/Dockerfile +ENV FW_URL=git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git +ENV FW_COMMIT=65b1c68c63f974d72610db38dfae49861117cae2 + +RUN mkdir -p /out/lib && \ + cd /out/lib && \ + git clone ${FW_URL} firmware && \ + cd firmware && \ + git checkout ${FW_COMMIT} && \ + rm -rf .git + +FROM scratch +WORKDIR / +ENTRYPOINT [] +COPY --from=build /out/lib/ /lib/ + diff --git a/pkg/firmware-all/README.md b/pkg/firmware-all/README.md new file mode 100644 index 000000000..095aa1f58 --- /dev/null +++ b/pkg/firmware-all/README.md @@ -0,0 +1,8 @@ +The `firmware-all` package contains all firmware binaries from the +[Linux firmware +repository](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/). It +is quite large. + +For use with the LinuxKit kernel we recommend using the +[`firmware`](../firmware/) package, which only contains the firmware +binaries for which drivers are enabled. diff --git a/pkg/firmware-all/build.yml b/pkg/firmware-all/build.yml new file mode 100644 index 000000000..8a6e84585 --- /dev/null +++ b/pkg/firmware-all/build.yml @@ -0,0 +1,2 @@ +image: firmware-all +network: true From 9c8d31582a68a796ef7146fa9e0a4588d5bcb658 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 16 Jan 2018 18:49:35 +0000 Subject: [PATCH 6/6] examples/packet: Add new firmware package Signed-off-by: Rolf Neugebauer --- examples/packet.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/packet.yml b/examples/packet.yml index 1aaf99c3b..fa7dcd534 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -7,6 +7,7 @@ init: - linuxkit/runc:7b15b00b4e3507d62e3ed8d44dfe650561cd35ff - linuxkit/containerd:1b6b8a5884e17b26e2725cb82c436841070fca95 - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 + - linuxkit/firmware:8fc7d7702589b67e5b1aa72bb61cc72b47a048aa onboot: - name: rngd1 image: linuxkit/rngd:94e01a4b16fadb053455cdc2269c4eb0b39199cd