This commit adds support for authentication for image pulls for
'linuxkit build'. For each image reference we look up credentials
via the docker CLI configuration and use it if defined for
a given registry server. The code caches credentials to avoid
lookups for every image.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
A subsequent commit will enable support for private repositories.
This requires some functions from 'github.com/docker/cli' which
in turn relies on some newer versions of some of the vendored
packages here.
In this commit, update all packages used here to the versions
used by 'github.com/docker/cli' release 18.06 (the latest stable).
This requires vendoring a bunch of additional packages, such
as prometheus
Also run 'sort' over 'vendor.conf' to keep things in order.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- use the mkimage hashes that we had in LinuxKit as more up to date than tool.
- update docs
- move the code from moby under src/cmd/linuxkit
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
Previously name and image were always the same so running two hosts
from one image was not possible!
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The default Go tar has restrictions on filename length for example.
PAX is recommended over GNU.
Requires Go 1.10
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Unlike the hyperkit runner, the qemu runner already had better
support for auto-detecting the boot method so the changes
are less invasive (and backward compatible).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Previous commits added support for building 'kernel+squashfs'.
This commit adds support for booting this build format on hyperkit.
The changes are a little bigger because some restructuring of the
code was required to support a third (after kernel+initrd and EFI
ISO) boot method.
To keep the code simpler this commit also removes some auto-detection
code for ISO booting. Users now have to specify '-iso -uefi' on the
command line to boot an EFI ISO. Previously, only '-uefi' was
required.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This contains a small fix to the disk binadings and allows
booting with a kernel alone (no initrd).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This includes two improvements:
- being able to specify the packages used for building images
- support for building squashfs images.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
For the initrd we only want to extract kernel, cmdline, and
the ucode CPIO archive. Skip whatever is left in ./boot
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This output produces a kernel and a root filesystem
in squashfs format. squashfs is a read-only, compressed
filesystem.
The 'kernel+squashfs' output can be used in a similar way as
the default 'kernel+initrd' output format with the benefit
that the rootfs does not consume any memory.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We currently hardcode the Linuxkit/mkimage- images. This has the
unfortunate consequence that, if we update the LinuxKit image used
to generate the output, we have to update the Moby tool and then
vendor it back into the LinuxKit repository.
This commit introduces UpdateOutputImages() which allows a client
of the Moby tools package to selectively overwrite the packages
used to generate the outputs.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
If you happen to be exactly on a tag then:
$ linuxkit pkg build --dev pkg/init
Building "ijc/init:dev"
Cannot release "v0.3" if not pushing
Do not try and infer a release if not pushing so this is possible again.
The subsequent check for `bo.release != "" && !bo.push` remains since the
caller could have used `WithRelease` but not `WithPush`. Our CLI never does
this, but a hypothetical other user of the library might.
Signed-off-by: Ian Campbell <ijc@docker.com>
It is quite confusing that from the host or another container that
binds `/containers` you cannot see the bind mounts, you have to enter
the container namespace. I think `rshared` is a better default. You
can always be explicit and add `private` if you want a private bind mount.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Starting a virtualbox vm in bridged networking mode requires the host's
network interface to attach to the bridge being specified. This commit
adds command line option '--bridgeadapter iface' to 'linuxkit vbox run',
where 'iface' is the host's network interface to use in bridged mode.
Fixes: #2929
Signed-off-by: Olaf Bergner <olaf.bergner@gmx.de>
