Commit Graph

388 Commits

Author SHA1 Message Date
Avi Deitcher
76f4802ccf additional volume support in building
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-10-01 15:27:55 +03:00
Avi Deitcher
5848a2856f use only stdout/stderr or file for runc output
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-08-28 14:45:26 +03:00
Avi Deitcher
2af30c5503 support cmdline-driven debugging mode for runc
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-08-22 15:14:35 +03:00
Avi Deitcher
b953d1781c add support for volumes
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-07-21 17:48:38 +03:00
Avi Deitcher
8f6ea3c85e switch Packet references to Equinix Metal
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-07-05 17:22:25 +03:00
Avi Deitcher
6af6291afe add tag to args passed for package builds
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-04-16 13:52:49 +03:00
Avi Deitcher
4df07ddb6e add support for pkg release tags
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-03-11 10:07:43 +02:00
Avi Deitcher
d47a9284b4 update kernel Makefile for targets for yamls
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-03-03 17:06:45 +02:00
Avi Deitcher
3e7df6c869 move kernel series status into series dir
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-03-03 12:49:17 +02:00
Avi Deitcher
000b6f4bb1 switch kernel builds to linuxkit pkg build for simplicity
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-03-02 21:22:05 +02:00
Avi Deitcher
cd12a8613d restructure kernel builds into directories
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-02-27 15:14:06 +02:00
Avi Deitcher
06a05badf6 template in yaml file
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-02-23 15:43:45 +02:00
Avi Deitcher
0c31697e10 add support for specifying dockerfile in build process
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-02-21 21:15:08 +02:00
Avi Deitcher
4e070077c9 kernels Makefile support custom builders and archs
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-02-01 15:39:16 +02:00
Avi Deitcher
c388177596 updated kernel documents
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-01-31 10:54:47 +02:00
Avi Deitcher
7a0ae251c0 update alpine base comments
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2024-01-26 12:44:34 +02:00
Avi Deitcher
33cd7b749a sbom support
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2023-11-14 14:14:45 +02:00
Zixuan James Li
2d2df02a5a Fix broken links in the documentation.
Arguably the long term fix is to introduce a check for links in the
documentation with tools like markdown-link-check.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-06-23 22:27:55 -04:00
Avi Deitcher
de13ee521d include source repo, revision and go package version as build-args
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2023-06-08 18:24:25 +03:00
Avi Deitcher
0b6441ccbc start troubleshooting doc
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-12-30 10:41:34 +02:00
Avi Deitcher
b84548b039 fix alpine base update docs (#3886)
Signed-off-by: Avi Deitcher <avi@deitcher.net>

Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-12-29 16:47:29 +02:00
Avi Deitcher
154f943d01 switch from flags to cobra (#3884)
Signed-off-by: Avi Deitcher <avi@deitcher.net>

Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-12-29 10:31:57 +02:00
Michael Aldridge
06aaba5e05 pkg/sshd: Remove default bind of /root/.ssh
Signed-off-by: Michael Aldridge <aldridge.mac@gmail.com>
2022-11-09 18:50:44 -06:00
Jeffrey 'jf' Lim
5f1ae239bb docs/platform-aws.md: add crucial note about ENA for linuxkit push aws
Signed-off-by: Jeffrey 'jf' Lim <jf@users.noreply.github.com>
2022-09-28 21:40:13 +08:00
Petr Fedchenkov
a46e6af650 Allow build for darwin without CGO
It is not easy to use cross-platform build with CGO enabled so lets
allow build without cgo for darwin and use virtualization framework only
 if we built with CGO.

Signed-off-by: Petr Fedchenkov <giggsoff@gmail.com>
2022-09-12 11:41:37 +03:00
Avi Deitcher
de1d8cdeda add support for virtualization framework
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-07-22 16:55:47 +03:00
Avi Deitcher
0929aabe50 build directly with buildkit
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-06-28 10:36:30 +03:00
Rolf Neugebauer
9e333a1358 Merge pull request #3775 from deitch/doc-kernel-builder
add docs about how to find the builder
2022-06-03 20:48:20 +01:00
Avi Deitcher
cd5cea8c02 remove need for maintainers to build packages
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-05-23 20:24:07 -10:00
Avi Deitcher
3351eee596 add docs about how to find the builder
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-04-24 17:44:24 +03:00
Yuri Volchkov
1a013f4424 Declare build-args in build.yml
This allows multiple build flavors for a single codebase, without
sacrificing reproducible builds. The build-args are set in build.yml,
which is typically under the source control (if it is not, then no
reproducible builds are possible anyways). Meaning that mutating
build-args would result in setting "dirty" flag.

Intended use of this commit is to switch between build flavors by
specifying a different yaml file (presumably also under the version
control)  by  `-build-yml` option.

Because it is impossible to build a final image from packages in
cache, the test for this feature relies on the `RUN echo $build-arg`
output during the `pkg build` process.

Signed-off-by: Yuri Volchkov <yuri@zededa.com>
2022-04-13 17:36:55 +00:00
Avi Deitcher
4e7abb5250 document and simplify some releasing
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-11-29 16:39:06 +02:00
David Scott
46ea02f65b moby: device "all" will add to the cgroup whitelist
After the runc security advisory[1] the default cgroup device
whitelist was changed.

In previous versions every container had "rwm" (read, write, mknod)
for every device ("a" for all). Typically this was overridden by
container engines like Docker. In LinuxKit we left the permissive
default.

In recent `runc` versions the default allow-all rule was removed,
so a container can only access a device if it is specifically
granted access, which LinuxKit handles via a device: entry.

However it is inconvenient for pkg/format, pkg/mount, pkg/swap
to list all possible block devices up-front. Therefore we add the
ability to grant access to an entire class of device with a single
rule:

```
- path: all
  type: b
```

Obviously a paranoid user can still override this with a specific
major/minor number in a device: rule.

[1] https://github.com/opencontainers/runc/security/advisories/GHSA-g54h-m393-cpwq

Signed-off-by: David Scott <dave@recoil.org>
2021-10-14 16:14:21 +01:00
David Scott
24db42dd68 moby: add a Devices array to the image yml
According to https://github.com/linuxkit/linuxkit/pull/3684#issuecomment-860128095

runc removed the console as a default device, so now it must be specified
explicitly in the OCI config.

See 60e21ec26e

The similar code in moby/moby is here: https://github.com/moby/moby/blob/master/oci/devices_linux.go

This patch allows packages to declare a `devices` array, which can contain `/dev/console` etc.

Signed-off-by: David Scott <dave@recoil.org>
2021-10-14 16:14:05 +01:00
Rolf Neugebauer
4eb60514c9 yaml: Update use of alpine:3.11 to alpine:3.13
Seceral YAML files used alpine:3:11. Update them to 3.13

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2021-08-10 00:13:52 +01:00
Rolf Neugebauer
c63162964f Merge pull request #3651 from deitch/kernel-tagging
tag kernel with builder version; simplify Makefile
2021-05-25 22:55:31 +01:00
Avi Deitcher
d053a0f279 tag kernel with builder version; simplify Makefile
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-05-25 15:51:01 +03:00
Avi Deitcher
4adc04a24d calculate manifest hash-tag using git ls-tree
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-05-21 01:31:14 +03:00
Dave Tucker
28f43e8121 docs: Document --skip-arches
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2021-05-02 17:31:33 +01:00
Avi Deitcher
f6d04977df Update to proper go-compile hash
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-30 02:01:55 +03:00
Avi Deitcher
d091f90f81 pass linkmode=external only for Linux
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-29 16:52:44 +03:00
Avi Deitcher
8576579f60 Update use of tools to latest
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-27 19:52:35 +03:00
Avi Deitcher
95ce6386aa Update Alpine base to 3.13; go-compile rebuilt with mod=vendor option, go bumped to 1.16
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-27 17:38:22 +03:00
Rolf Neugebauer
182646c776 Merge pull request #3630 from deitch/doc-s390x-docker
docs to hold maintainer build platforms
2021-04-23 21:19:59 +01:00
Avi Deitcher
e4a58e0130 docs to hold maintainer build platforms
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-23 02:12:07 +03:00
Avi Deitcher
c8ef7d0eb0 cross build packages
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-21 13:03:26 +03:00
Rolf Neugebauer
c7e753eb16 build: Update go-compile package
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2021-04-02 18:45:38 +01:00
Dave Tucker
561ce6f4be Remove Notary and Content Trust
This commit removes Notary and Content Trust.
Notary v1 is due to be replaced with Notary v2 soon.
There is no clean migration path from one to the other.
For now, this removes all signing from LinuxKit.
We will look to add this back once a new Notary alternative
becomes available.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2021-03-30 14:51:11 +01:00
Avi Deitcher
9633d23d37 write to cache
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-02-12 16:18:21 +02:00
Avi Deitcher
4e23d08a8c update docs
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-01-19 09:55:16 +02:00