github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-12-02 14:43:45 +00:00
Code Issues Projects Releases Wiki Activity
1,615 Commits 1 Branch 31 Tags
ae885bd714ff3e9d91b72328a9d9865b65a68f01
Commit Graph

55 Commits

Author SHA1 Message Date
Justin Cormack
ae885bd714 Use DOCKER_CONTENT_TRUST=1 when pulling library images 
When building the base images always test signatures.

This will be the default at some point.

Add a test that content trust is working.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-30 13:35:38 +00:00
Justin Cormack
8d3691fabb Containerize binfmt_misc 
- statically make containerd symlinks so rootfs can be read only
- run binfmt_misc in a containerd container
- ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8

fix #53

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-30 12:49:37 +00:00
Justin Cormack
33888458e5 Fix build failure in toybox build with one argument 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-28 11:59:09 +00:00
Justin Cormack
be56c8e68a Re-add strace 
Trying to debug apk issues.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-25 17:26:34 +00:00
Justin Cormack
35c0bfe529 Make sure we do apk upgrade -a 
Also base off 3.4 for consistency.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-24 21:07:00 +00:00
Justin Cormack
a984ddba27 Update Alpine 3.5 base image 
- openrc updates
- SSL certs package no longer depends on openssl tool in libressl package.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-24 12:08:13 +00:00
Justin Cormack
20f6db11b3 Remove ssh server packages 
These will be containerised, and were disabled anyway.

Need client, as git needs it, and docker needs git.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 21:47:10 +00:00
Justin Cormack
835a16d601 Update base image to Alpine 3.5-rc2 
- switch to libressl
- hvtools in main

Note the build images are not switched over yet

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 20:30:33 +00:00
Justin Cormack
d2992691a1 Remove Alpine packages just used for debugging and build 
- make, GNU tar only used for self hosting
- strace, ipvsadmin, openssl just for debug

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 20:15:37 +00:00
Justin Cormack
7730fa15ca Simplify file system format code 
- use our own code rather than Alpine setup-disk
- remove alpine setup code as not needed
- do not create swap partitions
- create swap file on desktop editions for now (may remove)

Fix #619

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 18:35:13 +00:00
Justin Cormack
b46925a0b1 Add some basic shell commands in media image for debug 
Add toybox statically linked ls, sh, find etc so that it is
possible to examine the archive eaily.

Fix #749

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-19 16:19:59 +00:00
Justin Cormack
e48bce798b revert to upstream check-config as PR merged 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-18 13:30:39 +00:00
Justin Cormack
c05ba1397e Update check-config for Linux 4.8 
Temporarily using unmerged version until upstream.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-18 11:50:36 +00:00
Justin Cormack
43d956c201 Update base image 
- tar update

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-08 21:06:45 +00:00
Justin Cormack
85fd9a96ae Remove lvm2 package 
We have no lvm support, so not needed.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-08 10:48:44 +00:00
Justin Cormack
db3be17a84 Remove bind tools 
We are not using these anywhere, busybox provides some of them.

Avoids security warnings.

Rework of #684

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-08 10:14:07 +00:00
Justin Cormack
dc8b40f0e1 Update base image 
- bind update
- edge packages moved to 3.5

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-08 10:09:10 +00:00
Justin Cormack
218e345136 Curl security update 
Upgrade to 7.51, fix the following CVEs

  CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616,
  CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620,
  CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-06 19:32:19 +00:00
Nathan LeClaire
56e0bdad03 Merge pull request #579 from justincormack/vhdfix2 
Use alpine to do raw2vhd
 2016-11-02 13:26:00 -07:00
Justin Cormack
7c43ec4d01 Add ipvsadm for debugging 
Fix #437

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-02 00:10:16 +00:00
Justin Cormack
fbebf2a131 Add a base image for building AMIs 
Faster and more repeatable. As the Alpine edge package is not
working, use pip.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-01 13:26:44 +00:00
Justin Cormack
249df1e912 Add check-config container and test 
Currently the test will never fail, planning to fix this upstream.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-28 12:39:31 +01:00
Justin Cormack
ae9079a526 Use alpine to do raw2vhd 
Force late enough version of qemu from alpine edge.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-21 15:26:19 +01:00
Justin Cormack
e34c320abd Update base image with Musl bugfix 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-20 13:20:00 +01:00
Justin Cormack
db0376cb88 add git to Go build package 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-16 13:49:28 +01:00
Justin Cormack
b9d77945f3 fix hash calculation for Go build container 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-16 13:42:55 +01:00
Justin Cormack
0ac6beff82 Do not create latest tags for base images 
As we never use these, do not create them.

Also update images where applicable.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-10 14:55:48 +01:00
Justin Cormack
e1454f0249 add ncurses to C build for menuconfig 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-01 18:26:38 +01:00
Justin Cormack
6c00b85e53 remove use of rm /var/cache/apk 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-29 21:04:16 +01:00
Justin Cormack
0214c41ff3 Use patched aufs-utils so can compile kernel with alpine 
This is going to be submitted upstream.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-29 16:17:46 +01:00
Justin Cormack
0abcf36f2a Remove syslinux from base image 
Only needed for build, so save space and avoid security scan errors.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-27 11:23:54 +01:00
Justin Cormack
c8da76aa02 openssl security update 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-27 10:15:50 +01:00
Rolf Neugebauer
fa0104c04c base: update manifest 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2016-09-23 11:11:07 +01:00
Rolf Neugebauer
8666f6c9f4 packages: add hvtools from edge/testing 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2016-09-23 11:03:40 +01:00
Justin Cormack
a62f4ce7dd Update base image 
- fix `df` failing with overlay
- four more openssl CVEs
- add dhcpcd (unused)
- add openssh server (unused)

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-22 16:42:06 +01:00
Justin Cormack
602c9266f9 Sort list of packages 
fix #537

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-22 13:42:09 +01:00
Justin Cormack
2d483a20b0 Standalone make iso image, rather than build+run 
Simpler to have an image that takes the kernel and initrd as input,
rather than building them into the image.

The rest need converting.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-22 13:12:23 +01:00
Justin Cormack
6488328b69 Add package manifest for base image 
See #527

Easy to see what has been updated via diffs.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-20 12:48:34 +01:00
Justin Cormack
468c8ba010 Add rngd 
Tweak the config to use RDSEED or (fallback) RDRAND. Makes sure
we have initial random seed in cases where there is no other
random source if these are supported.

The default config in Alpine currently disables these, which makes
it pretty useless, as there is no motherboard rng support any more.

Replaces #517
Fix #514
Fix #183

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-16 15:32:56 +01:00
Justin Cormack
a81485c79f Add curl to base 
We need this to self host if you specify a custom version of Docker.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-16 12:54:03 +01:00
Justin Cormack
4b9b8295c5 Explicitly set the apk repositories we use 
Previously we used the defaults (main and community) but we
currently only need main, but are likely to need some packages
from edge soon.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-16 10:58:54 +01:00
Justin Cormack
955aad6276 Use a random tag for Debian kernel build base 
To store all the old images they need a different tag, so use a
random one.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-12 16:36:01 +01:00
Justin Cormack
35070c03f7 Use a base image for building kernel 
As we do not have a simple way to hash Debian, use the Docker
sha256 until we switch to Alpine.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-12 16:36:01 +01:00
Justin Cormack
8ed08dcdda Make self hosting by adding make and GNU tar 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-12 16:36:01 +01:00
Justin Cormack
cb9178f314 Use our own qemu base image 
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
 2016-09-12 16:02:07 +01:00
Justin Cormack
af85abc84d reproducible builds for efi and bios isos 
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
 2016-09-12 16:02:07 +01:00
Justin Cormack
089c592873 Include the Go binary in the hash of the go build base 
As this is not installed via apk it was not being included in the
checksum.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-09 15:46:23 +01:00
Justin Cormack
d4b5fc07c9 Closer to reproducible builds 
Make an alpine base image for C and Go builds.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-06 13:18:11 +01:00
Justin Cormack
6ba5c7c8c0 add delete on error to Makefile 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-05 15:10:00 +01:00
Justin Cormack
80bba73349 Switch to ksyslogd to add log rotation 
See #441

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-08-30 11:37:30 +01:00