With the switch to github.com/satori/go.uuid this is no
longer needed. Strangely, it was not in vendor.conf...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
When hyperkit is used with VPNKit we can "publish" VM ports
on localhost by using an API to the VPNKit process.
This commit adds a "-publish" flag to the hyperkit backend
exposing this functionality. "-publish" can be used multiple
times and is used the same way as for the qemu backend.
Other changes:
- Use 'github.com/google/uuid' as the 'uuid' package since
VPKNkit uses it
- use 'vpnkit' prefix instead of 'vpnKit'
- Improve logging
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The type of the guest and host ports should be uint16 not int. Also
make them public member of the PublishPort structure.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This code will soon be shared by other backends.
While at it, also rename the type to PublishPort (from publishPorts)
as it is just one Port and the function from splitPublish() to
NewPublishPort() as this seems more go like.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
On Linux the default is /dev/random which may block if there
is not enough entropy (and it determines lack of entropy
conservatively). /dev/urandom never blocks but is fed from
the same entropy source as /dev/random so this change should
not affect platforms which have hardware RNGs but helps to
prevent stalls on platforms, in particular some arm64 platforms,
where the hardware RNG is either not present or not enabled.
If you really care about proper entropy inside a VM do not use
'linuxkit run', it's mostly for testing and shouldn't be used
for production anyway.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This fixes issue #2635 related to no network being passed during an
image upload as no network is required. However a hostname is still
required due to vCenter handing the upload to a vSphere server and it’s
DataStore.
Signed-off-by: Dan Finneran <daniel.finneran@gmail.com>
Pulling the arch suffixed version does not provide any assurance that a
previous build was actually completed.
Signed-off-by: Ian Campbell <ijc@docker.com>
There is more to do on these, but clean up some unused variables,
missing args, stray `\n` etc.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Detect if this is the case by checking if the given path is not in git and
conditionalising anything which would touch git.
Images built from outside git will, in the absence of options to force
otherwise, get tagged "latest".
Fixes: #2613
Signed-off-by: Ian Campbell <ijc@docker.com>
Currently all forward it to os.Stderr, but in my next patch I will want to
direct to /dev/null for one command.
Signed-off-by: Ian Campbell <ijc@docker.com>
Ensure that all git commands are run as if from the package directory using the
`-C` option. Otherwise the various attempts to use git fail if `linuxkit pkg`
is invoked from outside the git repo.
Signed-off-by: Ian Campbell <ijc@docker.com>
Could be e.g.:
```
pkg:
content-trust-passphrase-command: "lpass show <key> --password"
```
or
```
pkg:
content-trust-passphrase-command: "gpg -d ~/.notary/passphrase.gpg"
```
Signed-off-by: Ian Campbell <ijc@docker.com>
With the old package.mk arrangements we would only append -dirty and -$arch to
the hash if the user didn't specify a HASH= directly. So the following would
work
make ORG=ijc HASH=dev tag
and produce an image `ijc/«image»:dev`.
However the new equivalent:
linuxkit pkg build -org=ijc --hash-=dev
instead produces an image `ijc/«image»:dev-dirty-$arch`. Which is undesirable.
This commit refactors the code in two main ways:
Firstly directly append `-dirty` to the hash as we extract it from git (rather
than on use in the `Tag()` method), and only do this if the user has not
specified an explicit tag. Note that we still track dirtiness in the `Pkg`
object and so will not allow a push (or release) from a dirty tree (the
makefile version would have tried this with unpredictable results), nor will we
apply the `org.opencontainers.image.revision` label to a dirty build.
Secondly if we are not pushing the image+manifest then we retag the -$arch
suffixed image without the the -$arch. This differs from the Makefile version
which would simply have built without the -$arch in the first place, I think
this is an improvement. If we are pushing the manifest-tool remains responsible
for creating the non -$arch image.
Signed-off-by: Ian Campbell <ijc@docker.com>
Previously there would be a make "entering directory" hint in the logs, but
with the switch to `linuxkit pkg` that no longer occurs.
Signed-off-by: Ian Campbell <ijc@docker.com>
Done as follows:
find -name build.yml | xargs dirname | while read d ; do
t=$(linuxkit pkg show-tag $d)
./scripts/update-component-sha.sh --image ${t%:*} ${t#*:}
done
git commit -s test pkg tools blueprints examples projects/kubernetes projects/swarmd docs linuxkit.yml Makefile src
This explicitly excludes projects/* which I did not know whether to update.
Then:
git reset --hard
for i in init runc containerd ca-certificates sysctl dhcpcd getty rngd ; do
o=$(git grep -h "\(image:\|-\) *linuxkit/$i:[0-9a-f]\{40\}" origin/master:linuxkit.yml | awk '// { print $2 }')
n=$(linuxkit pkg show-tag pkg/$i)
./scripts/update-component-sha.sh "$o" "$n"
done
git commit --amend projects
This updates any projects which were using components with the same hash as the
top-level linuxkit.yml.
Signed-off-by: Ian Campbell <ijc@docker.com>
Rather than a hard fail. This allows batch builds of a set of packages without
the surrounding loop needing to be away of the possibility.
Signed-off-by: Ian Campbell <ijc@docker.com>
