github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 10:09:07 +00:00
Code Issues Projects Releases Wiki Activity
5,622 Commits 1 Branch 27 Tags 240 MiB
b32e7471eb
Commit Graph

5622 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Campbell
e8f7429811 Bump yml to pickup containerd v1.0.1 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-18 11:21:19 +00:00
Ian Campbell
a811110ad8 Bump packages to new alpine w/ containerd v1.0.1 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-18 10:59:41 +00:00
Ian Campbell
594e098c4c alpine: Bump to containerd v1.0.1 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-18 10:58:28 +00:00
Rolf Neugebauer
c7a38de332
Merge pull request #2870 from rn/kern-up 
Update kernel to 4.14.14/4.9.77/4.4.112
 2018-01-17 22:29:37 +00:00
Justin Cormack
a804d113d7
Merge pull request #2871 from rn/gcp-nested 
Add option to enable nested-virt on GCP
 2018-01-17 22:17:31 +00:00
Rolf Neugebauer
7e03dadf2f docs: Add a note on nested virt on GCP 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 18:00:41 +00:00
Rolf Neugebauer
3326a23031 docs: Update security note in toplevel README 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 15:00:36 +00:00
Rolf Neugebauer
bcb9d5ec3f Update YAML files to the latest kernels 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 14:45:16 +00:00
Rolf Neugebauer
130c6222bb kernel: Adjust kernel config with new options 
- Enable RETPOLINE by default. Note, however, this will
  only be used if the compiler supports it.
- Enable sysfs interface for vulnerabilities

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 14:36:30 +00:00
Rolf Neugebauer
bfceb1dfbb kernel: Update to 4.14.14/4.9.77/4.4.112 
The 4.4.14 has a number of important fixes/additions:
- New support for retpolines (enabled but requires newer gcc
  to take advantage of). This provides mitigation for Spectre
  style attacks.
- Various KPTI fixes including fixes for EFI booting
- More eBPF fixes around out-of-bounds and overflow of
  maps. These were used for variant 1 of CVE-2017-5753.
- Several KVM related to CVE-2017-5753, CVE-2017-5715,
  CVE-2017-17741.
- New sysfs interface listing vulnerabilities:
  /sys/devices/system/cpu/vulnerabilities

The 4.9.77 kernel also has seems to have most/all of the above
back-ported.

See https://lwn.net/SubscriberLink/744287/1fc3c18173f732e7/
for more details on the Spectre mitigation.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 14:31:54 +00:00
Rolf Neugebauer
0470dc89a8 cmd/gcp: Add -nest-virt option to push and run 
If the flag is set on push, then the image will have the license
set to enabled the currently experimental netsted virtualisation
feature. The flag currently also needs to be set on run to make
sure the right CPU model (at least Haswell) is selected.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 14:07:27 +00:00
Rolf Neugebauer
358a020b1a cmd: Update vendored google cloud API 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 11:30:44 +00:00
Rolf Neugebauer
0b39a733d0
Merge pull request #2867 from rn/fw 
Add support for driver (and CPU) firmware
 2018-01-16 20:26:24 +00:00
Rolf Neugebauer
9c8d31582a examples/packet: Add new firmware package 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-16 19:10:14 +00:00
Rolf Neugebauer
aa2791a6dd pkg/firmware-all: Add package containing all Linux Firmware blobs 
This package is primarily for users of custom or foreign
kernels which may have drivers enabled for which the
'firmware' package does not contain the firmware blobs.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-16 19:08:19 +00:00
Rolf Neugebauer
1d9c4361c0 pkg/firmware: Add a package with firmware required by enabled device drivers 
This new 'firmware' package contains the firmware blobs required
by the device drivers in a LinuxKit kernel. The list of required
blobs is determined by calling 'modinfo' on each module.

We also unconditionally include the AMD CPU microcode and the
licence files.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-16 19:08:18 +00:00
Rolf Neugebauer
f09d0227bc doc: Update packet.net doc wrt to Intel CPU microcode update 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-16 19:08:18 +00:00
Rolf Neugebauer
eb6459f6ed packet: Add inte-ucode.cpio to packet example 
and override it for the arm64 add on

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-16 19:08:18 +00:00
Rolf Neugebauer
170f5ad87e vendor: Update moby tool to latest 
This includes support for CPU microcode handling

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-16 19:08:18 +00:00
Rolf Neugebauer
44dbf76b11
Merge pull request #2865 from rn/ucode 
Vendor latest moby and update packet.net examples to include CPU ucode
 2018-01-16 12:10:00 +00:00
Avi Deitcher
5870a325b9
Merge pull request #2866 from deitch/update-metadata-hashes 
Update hashes to use latest metadata
 2018-01-16 13:15:01 +02:00
Rolf Neugebauer
a41ef21f73 doc: Update packet.net doc wrt to Intel CPU microcode update 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-16 10:44:47 +00:00
Rolf Neugebauer
9f183f7012 packet: Add inte-ucode.cpio to packet example 
and override it for the arm64 add on

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-16 10:27:59 +00:00
Rolf Neugebauer
63ec7f58c0 vendor: Update moby tool to latest 
This includes support for CPU microcode handling

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-16 10:27:58 +00:00
Avi Deitcher
cd409f87c5 Update hashes to use latest metadata 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2018-01-16 11:59:10 +02:00
Avi Deitcher
c0ff9cf6f0
Merge pull request #2864 from deitch/fix-metadata-label 
Add /run to binds and use newer yml label format
 2018-01-16 11:36:49 +02:00
Ian Campbell
1fcf8b636d
Merge pull request #2863 from ijc/govet-fixes 
Fix some issues highlighted by go vet
 2018-01-16 09:26:41 +00:00
Avi Deitcher
0d4b2742e2 Add /run to binds and use newer yml label format 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2018-01-15 19:51:35 +02:00
Ian Campbell
c0de474e4f Bump hashes 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-15 17:28:38 +00:00
Ian Campbell
779be8cff1 mount: Add missing argument to Printf 
go_vet (via https://goreportcard.com/report/github.com/linuxkit/linuxkit)
reported:

    error: missing argument for Printf("%v"): format reads arg 2, have only 1 args (vet)
    error: wrong number of args for format in Printf call: 2 needed but 3 args (vet)

Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-15 17:24:36 +00:00
Ian Campbell
826ee28c8d metadata: print Entry objects with %+v not %s 
go_vet (via https://goreportcard.com/report/github.com/linuxkit/linuxkit)
reported:

    error: arg current for printf verb %s of wrong type: main.Entry (vet)

For each of these.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-15 17:24:36 +00:00
Ian Campbell
a4230b74aa init: print integer with %d not %s 
go_vet (via https://goreportcard.com/report/github.com/linuxkit/linuxkit)
reported:

    error: arg resource for printf verb %s of wrong type: int (vet)

Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-15 17:24:36 +00:00
Ian Campbell
6483a2e6dc linuxkit: print response status, not the response object when validating a URL 
go_vet (via https://goreportcard.com/report/github.com/linuxkit/linuxkit)
reported:

    error: arg resp for printf verb %s of wrong type: *net/http.Response (vet)

Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-15 17:24:36 +00:00
Avi Deitcher
190a87557f
Merge pull request #2860 from deitch/metadata-to-run 
Move metadata to /run instead of /var
 2018-01-15 18:11:45 +02:00
Avi Deitcher
34bd0689b6
Merge pull request #2861 from deitch/metadata-path 
Split linuxkit run -data options into string and file
 2018-01-15 18:10:02 +02:00
Avi Deitcher
6c015141f5 Split linuxkit run -data options into string and file 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2018-01-15 16:57:03 +02:00
Avi Deitcher
2af908d1b7 Move metadata to /run instead of /var 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2018-01-15 14:23:03 +02:00
Rolf Neugebauer
62d4858a3e
Merge pull request #2858 from rn/ucode 
Add the intel ucode cpio archive to the kernel package
 2018-01-14 15:42:47 +00:00
Rolf Neugebauer
2ed5334823 kernel: Fix up README.md 
The content about debug was no longer valid.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-14 13:07:27 +00:00
Rolf Neugebauer
430bea64c3 kernel: Build the Intel ucode cpio archive and add to the kernel package 
DOwnload and verify the Intel microcode package and convert it
to a cpio archive which can be prepended to the initrd.

It also adds the license file to the kernel package.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-14 13:07:27 +00:00
Rolf Neugebauer
e68cc70352 tools/alpine: Update alpine base 
This also adds the iucode_tool utility for x86_64

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-14 13:04:57 +00:00
Rolf Neugebauer
31cb9539b8 tools/alpine: Add iucode_tool to base 
The iucode_tool is used to convert the Intel CPU microcode
binaries into a cpio archive. There is no alpine package
for it, so compile it from source.

This is for x86_64 only and on other archs we create a empty
file.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-14 12:42:57 +00:00
Ian Campbell
96f6b3b077
Merge pull request #2857 from ijc/containerd-v1.0.1-rc.0 
Bump to containerd v1.0.1-rc.0
 2018-01-12 13:12:27 +00:00
Ian Campbell
db5c8a7da8 Bump yml to pickup containerd v1.0.1-rc.0 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-12 10:58:07 +00:00
Ian Campbell
e0b871560a Bump to runc 7f24b40cc5423 as used by containerd v1.0.1-rc.0 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-12 10:51:34 +00:00
Ian Campbell
913e6420ba Bump packages to new alpine w/ containerd v1.0.1-rc.0 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-12 10:51:01 +00:00
Ian Campbell
e862410a07 alpine: Bump to containerd v1.0.1-rc.0 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-12 10:50:17 +00:00
Ian Campbell
965c678f9c
Merge pull request #2845 from ijc/example-hostmount-writeable-overlay 
Add an example of setting up a writeable overlay of a host path
 2018-01-11 16:03:15 +00:00
Rolf Neugebauer
e3284d50e0
Merge pull request #2847 from w9n/nvme 
format: fix for nvme
 2018-01-11 14:21:03 +00:00
Ian Campbell
4476169fce Add an example of setting up a writeable overlay of a host path 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-01-11 13:21:31 +00:00