github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-09-01 23:18:41 +00:00
Code Issues Projects Releases Wiki Activity
7,724 Commits 1 Branch 29 Tags
7b836c2bd8599b0ac7e548a87d9a32a039c816b2
Commit Graph

7724 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Campbell
aec82c4cdf Split config-related fields of Image into a substruct. 
Where "config-related" here means "ones you might find in the
"org.mobyproject.config" label on an image.

By making this new struct an anonymous member of the existing Image struct the
Go json parser does the right thing (i.e. inlines into the parent) when parsing
a complete image (from a yml assembly) by default. The Go yaml library which we
use requires a tag on the anonymous field to achieve the same.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-11-27 14:16:59 +00:00
Rolf Neugebauer
3cd02db567 Merge pull request #2774 from rn/kern-up 
Update kernels
 2017-11-27 11:42:38 +00:00
Rolf Neugebauer
bec7456d9b Update YAML files with latests kernels 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-24 15:13:09 +00:00
Rolf Neugebauer
43b2caf69e kernel: Update to 4.4.102/4.9.65/4.13.16/4.14.2 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-24 13:55:21 +00:00
Rolf Neugebauer
c6721e5343 kernel: Update to 4.4.101 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-24 13:55:21 +00:00
Rolf Neugebauer
4aa1845b96 kernel: Fix 4.14.x/4.13.x config for aarch64 
The update in 6ede240737 ("kernel: Update to
4.14.1/4.13.15/4.9.64/4.4.100") failed to build on aarch64.
This fixes it.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-24 13:55:21 +00:00
Ian Campbell
c003d0c44f Merge pull request #2772 from ijc/linuxkit-pkg-push-no-build 
linuxkit pkg: allow skipping build before push
 2017-11-24 13:51:49 +00:00
Rolf Neugebauer
d88cf65928 Merge pull request #2770 from rn/cadvisor 
Update cadvisor and add build test
 2017-11-24 13:36:17 +00:00
Rolf Neugebauer
b7b773d4ba tests: Add build test for cadvisor example 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-24 10:56:23 +00:00
Ian Campbell
ae53577078 linuxkit pkg: allow skipping build before push 
If doing the build separately from pushing (as I am intending in
https://github.com/linuxkit/kubernetes/pull/8/) it is desirable to avoid a
second build when pushing.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-11-24 09:52:27 +00:00
Rolf Neugebauer
932b9f1c10 Merge pull request #2731 from arm64b/kernel-makefile-fixing 
kernel: Fixing kernel_perf and kernel_zfs build issue
 2017-11-23 22:56:32 +00:00
Dennis Chen
b0cbfe1988 kernel: Fixing kernel_perf and kernel_zfs build issue 
For 'build_perf_' and 'build_zfs_' targets in the Makefile,
since both of them are dependends on the build_$(2)$(3) target,
So, we pull the image with DCT as part of the dependency on build_$(2)$(3)
and then build with DOCKER_CONTENT_TRUST explicitly set to 0.

Signed-off-by: Dennis Chen <dennis.chen@arm.com>
 2017-11-23 10:34:54 +00:00
Rolf Neugebauer
bc185996f9 example: Update kernel in examples/cadvisor 
The PR adding cadvisor overlapped with the kernel updates. This
brings the example back in line.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-22 19:36:57 +00:00
Rolf Neugebauer
ddcc98c3fe Merge pull request #2736 from Wolphin-project/cadvisor 
cAdvisor
 2017-11-22 19:35:30 +00:00
Rolf Neugebauer
bf64d238db Merge pull request #2768 from rn/circle 
Minor tweaks to CircleCI config
 2017-11-22 10:59:54 +00:00
Rolf Neugebauer
61ce897d72 Merge pull request #2767 from rn/kern-up 
Update kernels (multiple times) and add security related configs
 2017-11-22 10:48:08 +00:00
Rolf Neugebauer
6af06e5c25 Merge pull request #2765 from RobbKistler/docs-fix 
docs: minor fixes for use of `-data`
 2017-11-22 00:24:31 +00:00
Rolf Neugebauer
763e5e317f circle: use .exe as extension for Windows binary 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 19:56:57 +00:00
Rolf Neugebauer
592d0fd7c5 circle: Add batch to README.md 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 19:56:56 +00:00
Rolf Neugebauer
464a46d74a Update YAML files to latest kernels. 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 17:19:42 +00:00
Rolf Neugebauer
06689b5d68 tests: Add kernel module tests for all supported kernels 
Also add libelf-dev as this is needed for ORC_UNWINDER. While this is only
a feature of 4.14.x we added it to all Dockerfiles to keep things in synch.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 17:14:19 +00:00
Rolf Neugebauer
6ede240737 kernel: Update to 4.14.1/4.13.15/4.9.64/4.4.100 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 17:05:35 +00:00
Rolf Neugebauer
57226034e6 kernel: Move KEYS_COMPAT 
Commit 31c8c4942820 ("security/keys: add CONFIG_KEYS_COMPAT
to Kconfig") moved the KEYS_COMPAT config option to a different
section. Adjust config file.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 15:55:47 +00:00
Rolf Neugebauer
f5e970b7fb kernel: Update to 4.13.14/4.9.63/4.4.99 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 15:54:15 +00:00
Rolf Neugebauer
717829ea89 kernel: Don't build a debug kernel for 4.13 
We already have too many kernels to build and 4.13 will be EOLed soon

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 15:53:34 +00:00
Rolf Neugebauer
f79c392ce3 kernel: Enable REFCOUNT_FULL on kernels supporting it 
REFCOUNT_FULL enables full reference count validation. There is a
potential slow down but ti protects against certain use-after-free
attacks.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 14:02:33 +00:00
Rolf Neugebauer
66342d0646 kernel: Enable GCC_PLUGIN_RANDSTRUCT on kernels supporting it 
On 4.13 and 4.14 kernels GCC_PLUGIN_RANDSTRUCT can be use to randomise
some kernel data structures such as structs with function pointers.

We also select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE which
tries harder to restrict randomisation to cache-lines in order to reduce
performance impact.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 14:02:33 +00:00
Rolf Neugebauer
8d16426644 kernel: Enable GCC_PLUGIN_STRUCTLEAK on kernels supporting it 
The 4.13 and 4.14 kernels support GCC_PLUGIN_STRUCTLEAK, a GCC plugin
to zero initialise any structures with the __user attribute to prevent
information exposure.

On 4.14 kernels also enable GCC_PLUGIN_STRUCTLEAK_BYREF_ALL which is
an extension of the above

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 14:02:33 +00:00
Rolf Neugebauer
b0db43567e kernel: Enable GCC_PLUGIN on kernels supporting it 
Subsequent commits will enable selected sub options.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 14:02:33 +00:00
Rolf Neugebauer
2c1fdc7b47 kernel: Use latest linuxkit/alpine and install mpc1-dev/mpfr-dev 
The GCC_PLUGINS config options enabled in the next commits
require mpc1-dev/mpfr-dev

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 14:02:33 +00:00
Rolf Neugebauer
eb9a5604a8 tools/alpine: Add mpc1-dev/mpfr-dev 
These are needed to enable GCC_PLUGINS for the Linux kernel build.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 14:02:33 +00:00
Rolf Neugebauer
5995d9a10d kernel: Fix Dockerfile.kbuild 
Patches were not applied and this fixes it as well as tidying
up the error handling.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 14:02:33 +00:00
Marco Mariani
e871cd693e examples/cadvisor.yml 
Signed-off-by: Marco Mariani <marco.mariani@alterway.fr>
 2017-11-21 13:49:19 +01:00
Marco Mariani
959b6dd96d pkg/cadvisor 
Signed-off-by: Marco Mariani <marco.mariani@alterway.fr>
 2017-11-21 13:46:42 +01:00
Rolf Neugebauer
3184572403 Merge pull request #2764 from riyazdf/signing-init-script 
signing: add init script and public certificate fixtures
 2017-11-21 12:27:12 +00:00
Justin Cormack
83522d81fd Merge pull request #2761 from justincormack/restore-build 
Restore linuxkit build
 2017-11-21 10:21:39 +00:00
Robb Kistler
4f542ad46a docs: replace --data with -data 
Signed-off-by: Robb Kistler <robb.kistler@docker.com>
 2017-11-20 18:21:10 -08:00
Justin Cormack
b2a67710fa Remove bits that build moby tool from Makefile 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-11-20 23:49:27 +00:00
Justin Cormack
934450c697 Update docs to only say install linuxkit tool. 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-11-20 23:49:17 +00:00
Riyaz Faizullabhoy
057e59d0dc signing: add init script and public certificate fixtures 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-11-20 15:06:28 -08:00
Rolf Neugebauer
ebe6fd8b4a Merge pull request #2762 from ijc/handle-empty-metadata 
Handle empty metadata file better (by ignoring)
 2017-11-20 22:12:38 +00:00
Rolf Neugebauer
e3606477b2 Merge pull request #2754 from Wolphin-project/node-exporter 
Node exporter
 2017-11-20 22:10:39 +00:00
Justin Cormack
f8e352d375 Replace moby build with linuxkit build throughout 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-11-20 17:06:54 +00:00
Justin Cormack
ca0b1309b0 Update vendoring for moby/tool 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-11-20 17:06:47 +00:00
Justin Cormack
63a5dedd28 Merge pull request #188 from justincormack/make-tmp-dir 
Create tmp dir in case required
 2017-11-20 16:59:27 +00:00
Justin Cormack
3389f89c44 Create tmp dir in case required 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-11-20 16:50:58 +00:00
Ian Campbell
cef9d11f58 Only create metadata if file is non-zero sized 
The recent iso9660wrap vendoring bump means this does now work, but it seems
pointless in this case so skip.

Relates to https://github.com/linuxkit/kubernetes/issues/4

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-11-20 15:26:51 +00:00
Ian Campbell
a5e5d42368 Move metadata ISO creation to common code 
This code was identical in the QEMU and HyperKit cases. Move it to util.go and
wrap it in a function, with minimal changes for returning an error.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-11-20 15:22:02 +00:00
Ian Campbell
db9a783821 Bump iso9660wrap to baf8d62ad315 
Reduces the linuxkit binary by 12k by removing The Raven. Also allows zero
sized files to be created, see https://github.com/linuxkit/kubernetes/issues/4

4606f848a0...baf8d62ad3

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-11-20 15:17:57 +00:00
Justin Cormack
eef8ab7757 Add linuxkit build, using vendored moby/tool as a library 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-11-20 14:48:48 +00:00