* make each relevant heading a link
* HP->HPE, fix spelling of Arxan
* add mainline linuxkit insecure blurb
Signed-off-by: Tycho Andersen <tycho@docker.com>
This goes against collective responsibility for code. If you want to know the
author use git.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- '-disk-size' is now defaults to MB (but can be GB when appending 'G')
- The disk will be created if it doesn't exist (didn't happen in qemu)
Update the documentation.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This specifies the capabilities and bind mounts the dhcpcd daemon
needs.
While at it also update the Alpine base image
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
For all output formats except kernel+initrd, you must use the full path of
the file they want to run. Make the options auto detect.
Split the uefi option to mean "use uefi firmware" not be ISO specific.
Allow specifying a bootable disk image, so we can test disk image output
formats with qemu too.
Add a test case for qcow2 boot under qemu.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The kernel configs themselves are stored as diffs of what we want vs. each
version's defconfig.
Thus, things like e.g. CONFIG_DEVKMEM drop out after it was made
non-default. The implication of this is (I hope) that as upstream adopts
security features, our delta can shrink (or more realistically, only
include the next-next gen features).
Signed-off-by: Tycho Andersen <tycho@docker.com>
This is the script I used with [1] to generate the config diffs and
separate out the arch specific bits. Included mostly just so people can
play around with it if they want to generate their own diffs.
[1]: https://github.com/ulfalizer/Kconfiglib
Signed-off-by: Tycho Andersen <tycho@docker.com>
In particular, let's start with a defconfig and edit it, rather than try to
generate the config entirely from our own diff.
Signed-off-by: Tycho Andersen <tycho@docker.com>
This uses 'expect' instead of 'grep' because hyperkit is
a bit finicky with re-directing the output (it expects a
tty). 'expect' handles this and is installed on macOS by
default.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- Add a test for the kernel config for each supported kernel
- simplify YAML files: no need for ca certificates nor DHCP
- Explicitly state that the kernel module tests are for
the 4.9 kernel.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The qemu backend defaults to running against a locally installed
qemu but falls back to running in a container if qemu is not
installed. This test explicitly tests that the containerised
qemu backend works only if there is a locally installed qemu.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This now supports setting `source:` in the `files` section to read the contents of
a file rather than specifying it inline.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- show errors by outputting stderr
- as no input is wired up, fails as requests a tty, so don't do that
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
