With the current firmware being pulled for the RPi3, recent revisions of
the RPi hardware, such as the 3 B+ will fail to boot.
The issue is exhibited as when RPi 3 B+ receives power and attempts to
boot, the power LED will turn off and the ACT LED will flash 8 times.
According to elinux.org troubleshooting guide[0] this correlates to an
SDRAM initialisation error that can be fixed by updating the firmware.
After updating this firmware the power light stays on, and UBoot can be
seen booting.
[0] - https://elinux.org/R-Pi_Troubleshooting#Green_LED_blinks_in_a_specific_pattern
Signed-off-by: Sachi King <nakato@nakato.io>
The make-gcp script in the mkimage-gcp tool creates a virtual fs of 1GB, excactly. If your filesystem needs to be larger, then make-gcp errors in a poorly explained way. Simply removing the arg makes the fs the same size as the image used to build it.
Signed-off-by: Daniel Smith <daniel@razorsecure.com>
The wireguard package has some sub-packages which are
now dependencies. Include them in the alpine base.
Also include openresolv, which is required by one
of the wireguard packages.
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
On Linux a key in `~/.docker/config.json` indicates if a credentials helper is
in use (and which), if one is then the method is identical to the Darwin case
so refactor to support that.
Signed-off-by: Ian Campbell <ijc@docker.com>
When dealing with apk, `uname -m` doesn't always match the architecture
name that apk uses. Instead `apk --print-arch` is used.
Signed-off-by: Alan Raison <alanraison@users.noreply.github.com>
I am doing some upstream `runc` work with kernel keys and have
various other uses. No urgency so not updating the package
builds yet.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This utility image takes a tarball as input and places the
contents into a read-only, compressed squashfs filesystem
which is produced on stdout.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Most of the tools packages are not usable on s390x so
explicitly list them.
Also removed arm64 from mkimage-gcp as GCP does not
support arm machines and fixed a minor inconsistency
the way the architecture was specified in mkimage-raw-bios.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- On macOS, docker-credential-osxkeychain.bin was renamed to
docker-credential-osxkeychain
- Pass --ignore-missing to the manifest-tool invocation.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This is temporary to un-break the build until we have pushed
a alpine base image for s390x.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Currently, there is a conflict in musl versions between stable
(used for tools/alpine) and edge (where wireguard-tools is).
This cased the tools/alpine build to fail.
With this commit we build our own wireguard-tools package,
using the APKBUILD file from edge, against the libraries
libraries from stable. We then add the wireguard-tools package
to the mirror.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Add support for s390 architecture for linuxkit/alpine and the
other docker images in tools and pkg.
Signed-off-by: Alice Frosi <alice@linux.vnet.ibm.com>
Looks like bc791e60e7 ("Update docs and test cases to work with
latest format versions") accidentally replaced 'qcow2' with
'qcow2-bios' for two of the output formats. Fix it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This part reverts f7c50156c5 ("tools: pull linuxkit/guestfs by digest
only (not digest+tag)") as pulling by tag now seems to work and we
have content trust enabled, so pulling by digest should not be necessary.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Moby is moving to using pigz instead of the the golang gzip
library (https://github.com/moby/moby/pull/35697)
Include pigz in the base for downstream projects to use.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The iucode_tool is used to convert the Intel CPU microcode
binaries into a cpio archive. There is no alpine package
for it, so compile it from source.
This is for x86_64 only and on other archs we create a empty
file.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Before the alpine base image is multi-arch and signed, the
DOCKER_CONTENT_TRUST=1 doesn't work on AArch64 for 'docker build'.
Now since the alpine base image is already multi-arch and signed,
also we've used 'push_manifest.sh' to push and sign linuxkit/image,
so we can remove this workaround.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
Remove the grub2 patch from LinuxKit since it has already been merged
into the CoreOS grub2 mainline code.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
The package contains u-boot and the RPi firmware blobs. It expects
a tar ball of the root filesystem (including kernel and dtbs) on stdin
and produces a compressed tar ball on stdout with the files to copy to
a FAT32 formatted SD card.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Note that a237b51511 ("Bump alpine base across the board.") inadvertently
corrupted `tools/alpine/versions.aarch64` (by updating it to the amd64 hash),
this commit corrects this as part of the rebuild.
Signed-off-by: Ian Campbell <ijc@docker.com>
Signing is not setup for these repositories. It seems they haven't been updated
since before trust was added since their previous Makefile metadata (which was
translated in build.yml) did not contain `NOTRUST=1`.
Signed-off-by: Ian Campbell <ijc@docker.com>
By running:
./scripts/update-component-sha.sh --image linuxkit/alpine ad35b6ddbc70faa07e59a9d7dee7707c08122e8d
Signed-off-by: Ian Campbell <ijc@docker.com>
tools/alpine and tools/guestfs are omitted since they do not currently use
pkg/package.mk and do their own thing. Slightly hacky arrangements are made for
these. Note that previously they were only recursed into for their default
target (push) and that behaviour is retained.
Signed-off-by: Ian Campbell <ijc@docker.com>
Current versions of Docker complain:
Sending build context to Docker daemon 5.12kB
Step 1/4 : FROM linuxkit/guestfs@sha256:62e810869e83dabe04af7ac8fcd81d9f177d986a3424dcb9c4eb5439993c962f
...
Successfully tagged linuxkit/mkimage-gcp:736880776838c8f41c081276d9c017ae6adbf1bb-amd64
Tagging linuxkit/guestfs@sha256:62e810869e83dabe04af7ac8fcd81d9f177d986a3424dcb9c4eb5439993c962f as linuxkit/guestfs:aecc40bf84ce4f4238e06934c46d7cc570a39eed@sha256:62e810869e83dabe04af7ac8fcd81d9f177d986a3424dcb9c4eb5439993c962f
refusing to create a tag with a digest reference
../../pkg/package.mk:82: recipe for target 'tag-y' failed
Just use the digest for now. Perhaps someone will have time to fixup this build
properly at some point.
Make the same change to test/pkg/ltp.
Signed-off-by: Ian Campbell <ijc@docker.com>
Using explicit targets is cleaner and easier to follow.
Also add `forcepush` to pkg and test/pkg and make `push` explicit.
The `dirs` phony was non-existent in all three cases. Likewise `$(DIR)` wasn't
used in that way in pkg or test/pkg and is nolonger used in that way in tools.
Finally, `clean` was bogus in all cases (tools cleaned a thing which never
exists and pkg and test/pkg were a syntax error).
Signed-off-by: Ian Campbell <ijc@docker.com>
On x86_64, the blkid package gets installed as a dependency, but
not on arm64. Explicitly add it as the new format package depends
on it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Currently projects/kubernetes pulls in the binaries, adding these dependencies
will allow us to build them as part of our packaging process.
Signed-off-by: Ian Campbell <ijc@docker.com>
This patch uses coreos grub2 instead of the built-in gummiboot
tool with Alpine distribution.
Coreos grub2 has the security feature such as TPM and kernel
verification, so we can setup a trust chain when loading
modules with grub2.
GNU grub2[1] also has the plan to add those security related
features, they have a 'verifiers' branch to do that, but
there're some build issue need to fix,so this patch use
coreos as an alternative.
This patch is used to address the #2359#2375.
Thanks Avi Deitcher <avi@deitcher.net> for the contribution
to build the GRUB2 from ubuntu 16.04 to alpine base image.
Change Log:
1.Address the comments raised by @rn
2.Change the '/dev/vda' as the device name point by kernel command
line 'root=' on arm64, '/dev/sr0' on amd64. As next plan, we can adapt
a more flexible method to get the dev name of the CDROM.
3.Switch the base image to build grub2 from ubuntu 16.04 to alpine.
4.'linux' as the grub2 menu entry on arm64, while 'linuxefi' on amd64.
[1] https://git.savannah.gnu.org/git/grub.git
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
This makes it easier to add the containerd testing tools like
`containerd-stress` to test packages, for example, and also at
some point move `ctr` out of the base image as it can be installed
from the alpine image.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The first is needed by the okernel project and last two to run
configure on the zfs kernel modules.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
As discussed before, as we use this in three places, cloning in
base makes more sense.
Update base image.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
These are needed by Kubernetes which is currently not using the standard abse image.
Also sort it.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
In line with BIOS ISO changes previously.
Remove boot options, user can add if required, they made boot very slow.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Also adjust the 'linuxkit/alpine' script to follow the
same pattern.
The new version of the script extract username/password from
the credential helper (or docker) and build and 'expect'
script to feed the info to 'notary'.
They can be invoked by:
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="phrase" ./push-manifest.sh ...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Now that LinuxKit works on a truly immutable filesystem, for an
ISO it makes sense to use the ISO filesystem rather than using
an initrd. Only major difference is you may need to specify the
device for the root filesystem in the kernel command line, but
we set a sane default of `/dev/sr0` if unspecified.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- append a architecture specific suffix (-amd64, -arm64) to the
image
- add a script which looks up the hashes from the 'versions' file
and creates a multi-arch manifest
- the manifest is pushed to hub and signed with notary
The new linuxkit/alpine multi-arch image is available with the
x86_64 hash without the '-amd64' suffix.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This should reduce instability due to different people's environment. This
undoes the reordering done by "alpine: Update to containerd v1.0.0-alpha2",
leaving just the hash update (as expected).
Signed-off-by: Ian Campbell <ijc@docker.com>
The previous commit moved ovmf to the packages instead
of stashing it on the filesystem. This requires the
package to be installed here.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
