The PR to enable notary signing has been merged. Also update
documentation as `got get` should now also work.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
On arm64 the serial console is a ttyAMA0. Non-existing
consoles are ignored, so this should work on x86 and arm64.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- When executing on aarch64, use it as the default arch
- When selecting aarch64 on a non aarch64 system set the
CPU flag to a default value (not 'host').
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This requires that users have `CAP_SYSLOG` in order to access `dmesg`.
This means that containers by default have no access to `dmesg` (which
can leak information about the host or other containers) unless they
have this capability added.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
They either won't work or the packages are specific
to x86_64 like the DfM or VMware packages.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The following packages did not work on aarch64:
- linuxkit/test-docker-bench
- linuxkit/test-ltp
- linuxkit/test-ns
- linuxkit/test-virtsock
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
A package makefile can specify a list of architectures ('ARCHES')
it supports. If build on a unsupported architecture, a message is
printed and make exits without an error.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This now completes the steps to bootstrap the other
packages with multi-arch as we now have the tools both
on arm64 and amd64.
Also update vendoring doc with new hash
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Also adjust the 'linuxkit/alpine' script to follow the
same pattern.
The new version of the script extract username/password from
the credential helper (or docker) and build and 'expect'
script to feed the info to 'notary'.
They can be invoked by:
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="phrase" ./push-manifest.sh ...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
It is not in any wa=y a required container, and now that arm64
and other architecture machines are widely available we should
start to deprecate it, as it has many issues, eg requires patches
to qemu for Go support, will mislabel images etc.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This checks if any CDROM in the system has metadata. Useful if
you boot off CDROM and also have a metadata CDROM.
Also switch the metadata container to read only, as it is only
writing to bind mounted in directories, and /tmp.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit updates the support for pushing images into OpenStack by
inheriting environment variables for endpoint and authentication
information, when available.
It also attempts to make the `openstack run` support more consistent
with other providers (specifically GCP and AWS), i.e just take the name
of the image as the argument and launch an instance using that.
Finally, it also updates the relevant documentation for OpenStack
support.
Signed-off-by: Nick Jones <nick@dischord.org>
Epoll in `syscall` package does not work on arm64. We do not have
arm64 yet here, but we will when we add tpm support etc.
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
