This specifies the capabilities and bind mounts the dhcpcd daemon
needs.
While at it also update the Alpine base image
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- use new Makefile flags to add our build flags correctly now
- restore `dist` for now as it is useful for testing still, for now
Will remove both `dist` and `ctr` once we have our own tool, but will add
them to dev container instead.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This makes the package slightly bigger as tini from Alpine
is not statically linked but removes the dependency on
./tools/tini
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Also convert it to a multi-stage build and make
the HUB org/registry build time configurable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Also convert to a multi-stage build and make the
make the HUB org/registry build time configurable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The dhcpcd package only needs a basic alpine-baselayout and
dhcpcd. This reduces the size of the package from 4.3MB to 1.8MB.
Also make the HUB org/registry build time configurable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We only need the alpine-baselayout packe to run init. This also
removes the sha256 import from alpine:edge.
This also reduces the size of the init package by more than
50% to just 1.5MB.
Also make the HUB org/registry build time configurable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Also make the HUB org/registry build time configurable
for these packages.
Others will be reworked in sub sequent commits.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Works around https://github.com/moby/moby/issues/33176 and fixes#1807.
Updated al users of linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38 to
this new build.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
If a file is a simple string (as opposed to a map) then write it with the
default perms. This makes for slightly terser metadata when creating a simple
datafile.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
`ok` was not assigned when type casting to `map[string]interface{}` so the
subsequent check was testing a stale value.
Also, the error message upon failure had the wrong sense.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
There is no need for start-stop-daemon since this package
is using containerd. Remove it and update the init
package to alpine:edge
Also use the git tree hash for the package hash while at it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Directly install the required packages from the Alpine base
image to compile the rngd package.
Also use the git tree hash for the package hash while at it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This builds the dhcpcd package from a fixed Alpine 3.5 base and adds
the dhcpcd daemon from the Alpine base image. This should make the
build reproducible and allows us to use the git tree hash.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Bring it into line with official images: remove `jq`, `sfdisk` which
are not needed; we used them for disk mounting but this is down standalone.
Add the tools for other filesystems, which are needed for `dm`, `btrfs`.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Update examples/swap.yml to use latest linuxkit/swap image
Add comment to examples/swap.yml how to enable encryption
Add encrypt options to README
Make encrypted swap the default
Signed-off-by: Avi Deitcher <avi@deitcher.net>
for swap.sh, take any command-line options, not just those with an arg
that in turn requires a new hash on the example
Use latest 4.9.x kernel to keep in line with other examples
Replace (bash) herestring with (posix) heredoc in swap.sh, and update hash to match
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Not sure when this arrived but it was stopping anything running.
Appears not to be in the older test `init` containers.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Fix spaces after commas
Remove MAINTAINER
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Simplify swap.yml example to remove files section
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Switch swap.sh to sh from bash and remove bash from image
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Replace fallocate with dd and update calculation function to support it
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Fix indentation
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Change link to swap to just swap.sh
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Fix indent
Signed-off-by: Avi Deitcher <avi@deitcher.net>
We were using Debian but Alpine more consistent. Use nested build.
Currently extract the hash in a nasty way but this can be fixed later
when we switch over hashing method.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This was missed when things were renamed.
The intention with this code was (apparently) to provide a (pseudo)unique
hostname in the case where something more specific was not provided (e.g. by
DHCP). Make this a little clearer by using '(none)' rather than 'linuxkit' as
the default, in the normal case this will be overwritten by something more
specific and if it isn't we will change it to something somewhat unique derived
from the MAC address (as before). nb: '(none)' is already used by Debian so I
think it is a safe choice as the sentinel value.
The use of both CONFIG_DEFAULT_HOSTNAME and the explicit /etc/hostname from
mkimage.sh is likely to be redundant in some cases, but neither seems to
completely cover all cases so keep both.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Previously the "tini" contained the entire build. Using the
multi-stage build creates a new "tini" base image, which only
contains the "/bin/tini". This image can be used as the base
image for packages requiring "tini".
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Because we are not yet using the image store, this requires a
patched `ctr` that can run a specified rootfs rather than an
image.
We will switch to the image store later, but this requires
extensive build changes.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Implementing a String() interface for each provider makes it
easier for users to prefix log strings with the provider.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Previously only `/var` was `rshared` but some people need to share
mounts in `/opt` etc so let us make everything `rshared` for now.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This package handles meta and user data for different cloud
and other platforms. It should be easy to extend to new
platforms.
Currently, it handles GCP metadata and a simple CDROM userdata
provider.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This is needed for cloud environments that want to get their metadata in
the onboot phase over the network.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Added to Docker example as Swarm mode likes time sync.
Note uses pool.ntp.org at present, on some providers it
should use a different source.
Constraints not enabled as they seem to have an issue;
possibly trying to set before network is up.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Instead of mounting a new filesystem, revert to doing a `rw` bind.
However do not make `/` `rshared`, just `/var` as that is where we expect
filesystems to be mounted for persistence. Also only make the actual
container rootfs writeable, not the whole directory.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
As suggested by @shykes these are clearer
- onboot for things that are run at boot time to completion
- services for persistent services
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Also add ca-certificates to base, needed to use `dist` to pull.
Make two stage builds for `containerd` and `runc` so they have a
from `scratch` second stage.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
It is not necessary to bring up `eth0`, the program does it fine.
This means we can remove shell script, clean up build.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This works and runs containers now, if you eg `runc exec` into it.
Needs a few tweaks for rlimits, but will pull and run containers.
Will integrate better with ssh/dev containers to make more usable.
For a simple test use
```
./bin/moby build examples/docker.yml
./bin/moby run hyperkit -disk-size 100 docker
```
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is based on the code we used for Docker Editions, and
will format an external drive, to be used for example for
`/var` for Docker image persistence.
It does not `mount` the drive yet, as splitting format and mount
gives better modularity.
Example yaml fragment:
```
- name: format
image: "mobylinux/format:097d4f22b20f976b1f89d8f0b8a5d074d35b856c"
binds:
- /dev:/dev
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
```
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is compatible with containerd 8353da59c6ae7e1933aac2228df23541ef8b163f
which was picked up by d2caae4c1a.
This required jiggering with riddler output some more to update to new OCI
config.json format for capabilities.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Since Makefile contains the hashes we need a dependency otherwise changing the
hashes does not necessarily result in the binaries getting updated.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
- now supports image pull and run end to end
- update runc to last version before spec update fix#1302
- remove ext2 utils from init
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This does not get everything where we want it finally, see #1266
nor the optimal way of building, but it gets it out of top level.
Added instructions to build if you have a Go installation.
Not moving `vendor` yet.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- remove remainder of editions code
- add a new check container to run tests without Docker
- switch over `make test` to use new command to build tests
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
