the 4.14.38 kernel backported the Spectre mitigation requiring
a change of the kernel config.
Might as well enabled the mitigations by default.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This is useful for some baremetal configs, such as using
USB sticks on a RPi3. I enabled it for x86_64 as well
to keep the differences smaller.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
Note, the depeding SERIAL_DEV_CTRL_TTYPORT defaults to
'N' with the 4.14.x kernel and 'Y' for the 4.16.x kernel.
I chose to stick with the defaults.
This may fix the serial console issue, I've seen on the RPi3
with 4.14.x kernels.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/linuxkit.go embeds a yaml
fragement with some hashes in it, so avoid updating that since that would make
the vendoring unclean.
Signed-off-by: Ian Campbell <ijc@docker.com>
This updates to support updating things like `linuxkit/runc:v0.3` to a new hash
(or tag).
Running:
./scripts/update-component-sha.sh --image linuxkit/runc 100d0d046c
Still DTRT and updates runc to that (bogus) sha.
Furthermore, running:
./scripts/update-component-sha.sh --image linuxkit/runc v0.4
Updates runc to that (bogus) release (this worked before) but now running:
./scripts/update-component-sha.sh --image linuxkit/runc acba8886e4
Inverts things and puts them back.
(this is not quote a nop because
src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/linuxkit.go has a
different sha in it which is not put back)
Signed-off-by: Ian Campbell <ijc@docker.com>
Right now the difference is rather minor, but I'm about to make this case more
complicated.
Running:
./scripts/update-component-sha.sh --image linuxkit/runc 100d0d046c
Still DTRT and updates runc to that (bogus) sha.
Signed-off-by: Ian Campbell <ijc@docker.com>
I think the intention was to use "" for bits with substititions and '' for bits
without, but that makes it hard to read and the bits in '' are safe in the ""
context anyway.
Running:
./scripts/update-component-sha.sh --image linuxkit/runc 100d0d046c
Still DTRT and updates runc to that (bogus) sha.
Signed-off-by: Ian Campbell <ijc@docker.com>
The default Go tar has restrictions on filename length for example.
PAX is recommended over GNU.
Requires Go 1.10
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The s390x build VM we have access to is quite slow. Dropping
the 4.15.x kernel, which soon will be EOLed anyway, to
save some time.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
