A package makefile can specify a list of architectures ('ARCHES')
it supports. If build on a unsupported architecture, a message is
printed and make exits without an error.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This checks if any CDROM in the system has metadata. Useful if
you boot off CDROM and also have a metadata CDROM.
Also switch the metadata container to read only, as it is only
writing to bind mounted in directories, and /tmp.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Epoll in `syscall` package does not work on arm64. We do not have
arm64 yet here, but we will when we add tpm support etc.
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
Only supports the use cases we currently need, currently support
for using Intel hardware rng to initialise and add entropy.
Supports oneshot and service mode. Call as `rngd -1` for one shot
mode.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously we were cheating and remounting /var `rw` but this does not
work if the filesystem is really read only. Nount a tmpfs, which may
be overmounted later by a persistent filesystem.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
We need to add 'ttyAMA0' console used on ARM64 platform into
securetty file to make it's possible to log into the system
as root. Also it will dismiss the below warning message before
login:
"getty: cmdline has console=ttyAMA0 but does not exist in
/etc/securetty; will not be able to log in as root on this tty ttyAMA0."
'ttyAMA1' is also added order to handle some system happens have that one
instead of 'ttyAMA0'
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
Current package.mk will operate on the first dependence object
'check-dirty', which will result the make process abort earlier
with below message:
pkg/package.mk:60: *** Your repository is not clean. Will not push package image. Stop.
This is not expected behavior since we have no chance to build
a docker image locally in case of the user has no intention to
push that image.
This patch adjust the dependece order for the default target, thus
we can build the docker image locally but can't push that image
since we're in a dirty git repository.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
The logrus import path has changed, so adjust. Also there is a minor API change
to the containerd.IOCreation() function spec, it now takes a string id which we
can ignore.
Signed-off-by: Ian Campbell <ijc@docker.com>
At present they use a small shared function called "prepare"
that does the read-write remounts, that I will switch to doing overlay
mounts soon.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This was split out from pkg/format into its own package.
It has the ability to extend ext4, btrfs and xfs partitions.
Signed-off-by: Dave Tucker <dt@docker.com>
This commit rewrites the mount package in Go.
It adds the ability to mount the by label, UUID or name.
It also fixes the automatic mount logic to check that a drive isn't
already mounted before attempting to mount it. This allows for multiple
uses of the mount pkg in a single YAML file.
Signed-off-by: Dave Tucker <dt@docker.com>
This commit re-writes the format package in Go and adds the ability to
add partition labels and also specify either ext4, btrfs or xfs
Signed-off-by: Dave Tucker <dt@docker.com>
This moves most of the initialisation of containers to the
service init in the `service` command.
Still leaves remounting root file systems read only but this
will go away shortly. Another step closer to removing shell
scripts in base system.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is like the `push` target but omits the pulls and depends on forcetag
instead. With the git commit now being embedded into the image this is now a
necessary part of rebasing a PR for which images have already been pushed.
Also adds PHONY targets for existing forcetag and push targets which were
missing.
NB $(error) appends a "." to omit the final one from the error message
Signed-off-by: Ian Campbell <ijc@docker.com>
The filesystem is supposed to be immutable, so do not try to make
a symlink; new versions of moby tool should add one anyway. But
try to make the directory a symlink points to, assuming that it
will be on a writeable filesystem.
fix#1920
see also #2288
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This uses a more memory efficient copy, and gets us closer to
not having a shell in the base system if not required.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
People really want to play around with this, so adding them here makes
it possible. Just as iproute2 is part of these, so should
wireguard-tools.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Since these are the user login containers, having the ability to add packages
is useful (e.g. I quite often find I want strace).
Doing this requires that we not share `/var` with the login containers since we
want the apk database therein. Previously it was thought that the containers
might need some parts of `/var` for `ctr` to work (e.g. `/var/lib/containerd`)
but this is not the case now (if it ever was) based on my testing.
Fixes#2206.
Signed-off-by: Ian Campbell <ijc@docker.com>
This is actually containerd#1141 rebased onto v1.0.0-alpha1.
The `dist` command has been integreated into `ctr` and so is removed, including
from the getty and sshd bind mounts and the test which uses it is updated..
There is no change to the version of runc vendored by containerd, so this is
unchanged.
Signed-off-by: Ian Campbell <ijc@docker.com>
If the configuration .json has contents like:
{
"etc": {
"ssl": {
"certs": {
"ca-certificates.crt": {
"perm": "0644",
"content": "large amount of certificate text"
}
}
}
},
...
}
then we print a warning because the node "ssl" has no "perm".
Previously the warning would include the contents of "ssl", which
would be large (and in theory could include secret information).
This patch modifies the warning print to only print the key and
not the value.
Without this patch, I see on the console:
2017/07/20 10:03:04 CDROM: Probe succeeded
2017/07/20 10:03:04 No permission provided ssl:map[certs:map[ca-certificates.crt:map[perm:0644 content:large amount of certificate text]]]
- 000-metadata
With this patch, I see on the console:
2017/07/20 09:54:18 CDROM: Probe succeeded
2017/07/20 09:54:18 No permission provided ssl
- 000-metadata
Signed-off-by: David Scott <dave.scott@docker.com>
