Rolf Neugebauer
bf64d238db
Merge pull request #2768 from rn/circle
...
Minor tweaks to CircleCI config
2017-11-22 10:59:54 +00:00
Rolf Neugebauer
61ce897d72
Merge pull request #2767 from rn/kern-up
...
Update kernels (multiple times) and add security related configs
2017-11-22 10:48:08 +00:00
Rolf Neugebauer
6af06e5c25
Merge pull request #2765 from RobbKistler/docs-fix
...
docs: minor fixes for use of `-data`
2017-11-22 00:24:31 +00:00
Rolf Neugebauer
763e5e317f
circle: use .exe as extension for Windows binary
...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 19:56:57 +00:00
Rolf Neugebauer
592d0fd7c5
circle: Add batch to README.md
...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 19:56:56 +00:00
Rolf Neugebauer
464a46d74a
Update YAML files to latest kernels.
...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 17:19:42 +00:00
Rolf Neugebauer
06689b5d68
tests: Add kernel module tests for all supported kernels
...
Also add libelf-dev as this is needed for ORC_UNWINDER. While this is only
a feature of 4.14.x we added it to all Dockerfiles to keep things in synch.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 17:14:19 +00:00
Rolf Neugebauer
6ede240737
kernel: Update to 4.14.1/4.13.15/4.9.64/4.4.100
...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 17:05:35 +00:00
Rolf Neugebauer
57226034e6
kernel: Move KEYS_COMPAT
...
Commit 31c8c4942820 ("security/keys: add CONFIG_KEYS_COMPAT
to Kconfig") moved the KEYS_COMPAT config option to a different
section. Adjust config file.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 15:55:47 +00:00
Rolf Neugebauer
f5e970b7fb
kernel: Update to 4.13.14/4.9.63/4.4.99
...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 15:54:15 +00:00
Rolf Neugebauer
717829ea89
kernel: Don't build a debug kernel for 4.13
...
We already have too many kernels to build and 4.13 will be EOLed soon
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 15:53:34 +00:00
Rolf Neugebauer
f79c392ce3
kernel: Enable REFCOUNT_FULL on kernels supporting it
...
REFCOUNT_FULL enables full reference count validation. There is a
potential slow down but ti protects against certain use-after-free
attacks.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 14:02:33 +00:00
Rolf Neugebauer
66342d0646
kernel: Enable GCC_PLUGIN_RANDSTRUCT on kernels supporting it
...
On 4.13 and 4.14 kernels GCC_PLUGIN_RANDSTRUCT can be use to randomise
some kernel data structures such as structs with function pointers.
We also select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE which
tries harder to restrict randomisation to cache-lines in order to reduce
performance impact.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 14:02:33 +00:00
Rolf Neugebauer
8d16426644
kernel: Enable GCC_PLUGIN_STRUCTLEAK on kernels supporting it
...
The 4.13 and 4.14 kernels support GCC_PLUGIN_STRUCTLEAK, a GCC plugin
to zero initialise any structures with the __user attribute to prevent
information exposure.
On 4.14 kernels also enable GCC_PLUGIN_STRUCTLEAK_BYREF_ALL which is
an extension of the above
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 14:02:33 +00:00
Rolf Neugebauer
b0db43567e
kernel: Enable GCC_PLUGIN on kernels supporting it
...
Subsequent commits will enable selected sub options.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 14:02:33 +00:00
Rolf Neugebauer
2c1fdc7b47
kernel: Use latest linuxkit/alpine and install mpc1-dev/mpfr-dev
...
The GCC_PLUGINS config options enabled in the next commits
require mpc1-dev/mpfr-dev
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 14:02:33 +00:00
Rolf Neugebauer
eb9a5604a8
tools/alpine: Add mpc1-dev/mpfr-dev
...
These are needed to enable GCC_PLUGINS for the Linux kernel build.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 14:02:33 +00:00
Rolf Neugebauer
5995d9a10d
kernel: Fix Dockerfile.kbuild
...
Patches were not applied and this fixes it as well as tidying
up the error handling.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-21 14:02:33 +00:00
Rolf Neugebauer
3184572403
Merge pull request #2764 from riyazdf/signing-init-script
...
signing: add init script and public certificate fixtures
2017-11-21 12:27:12 +00:00
Justin Cormack
83522d81fd
Merge pull request #2761 from justincormack/restore-build
...
Restore linuxkit build
2017-11-21 10:21:39 +00:00
Robb Kistler
4f542ad46a
docs: replace --data
with -data
...
Signed-off-by: Robb Kistler <robb.kistler@docker.com>
2017-11-20 18:21:10 -08:00
Justin Cormack
b2a67710fa
Remove bits that build moby tool from Makefile
...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-11-20 23:49:27 +00:00
Justin Cormack
934450c697
Update docs to only say install linuxkit tool.
...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-11-20 23:49:17 +00:00
Riyaz Faizullabhoy
057e59d0dc
signing: add init script and public certificate fixtures
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2017-11-20 15:06:28 -08:00
Rolf Neugebauer
ebe6fd8b4a
Merge pull request #2762 from ijc/handle-empty-metadata
...
Handle empty metadata file better (by ignoring)
2017-11-20 22:12:38 +00:00
Rolf Neugebauer
e3606477b2
Merge pull request #2754 from Wolphin-project/node-exporter
...
Node exporter
2017-11-20 22:10:39 +00:00
Justin Cormack
f8e352d375
Replace moby build with linuxkit build throughout
...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-11-20 17:06:54 +00:00
Justin Cormack
ca0b1309b0
Update vendoring for moby/tool
...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-11-20 17:06:47 +00:00
Ian Campbell
cef9d11f58
Only create metadata if file is non-zero sized
...
The recent iso9660wrap vendoring bump means this does now work, but it seems
pointless in this case so skip.
Relates to https://github.com/linuxkit/kubernetes/issues/4
Signed-off-by: Ian Campbell <ijc@docker.com>
2017-11-20 15:26:51 +00:00
Ian Campbell
a5e5d42368
Move metadata ISO creation to common code
...
This code was identical in the QEMU and HyperKit cases. Move it to util.go and
wrap it in a function, with minimal changes for returning an error.
Signed-off-by: Ian Campbell <ijc@docker.com>
2017-11-20 15:22:02 +00:00
Ian Campbell
db9a783821
Bump iso9660wrap to baf8d62ad315
...
Reduces the linuxkit binary by 12k by removing The Raven. Also allows zero
sized files to be created, see https://github.com/linuxkit/kubernetes/issues/4
4606f848a0...baf8d62ad3
Signed-off-by: Ian Campbell <ijc@docker.com>
2017-11-20 15:17:57 +00:00
Justin Cormack
eef8ab7757
Add linuxkit build, using vendored moby/tool as a library
...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-11-20 14:48:48 +00:00
Justin Cormack
c928acf73e
Merge pull request #2757 from errordeveloper/patch-1
...
docs: Improve intro in packages.md
2017-11-20 14:48:33 +00:00
Ilya Dmitrichenko
490a4d4cd8
docs: Improve intro in packages.md
...
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
2017-11-20 13:05:12 +00:00
Justin Cormack
98ba4f3b02
Merge pull request #2759 from damdo/fix-some-reports-typos
...
Fix some typos and no-break char in reports markd
2017-11-20 11:48:27 +00:00
Marco Mariani
7f2ed70b89
updated examples/node_exporter.yml (built from sources)
...
Signed-off-by: Marco Mariani <marco.mariani@alterway.fr>
2017-11-20 12:13:26 +01:00
Marco Mariani
01d0a1835c
pkg/node_exporter from sources
...
Signed-off-by: Marco Mariani <marco.mariani@alterway.fr>
2017-11-20 12:13:26 +01:00
Rolf Neugebauer
41a4c2df10
Merge pull request #2760 from zlim/patch-2
...
kernel: update README.md
2017-11-20 08:40:18 +00:00
zlim
8e5006f8f9
kernel: update README.md
...
Update description to reflect link to ../doc/kernels.md.
Signed-off-by: Zi Shen Lim <zlim.lnx@gmail.com>
2017-11-19 22:19:49 -08:00
Damiano Donati
6daa911fa6
Fix some typos and no-break char in reports markd
...
Signed-off-by: Damiano Donati <damiano.donati@gmail.com>
2017-11-17 20:31:39 +01:00
Rolf Neugebauer
29f711be94
Merge pull request #2728 from arm64b/rm-content-trust-build-wr
...
alpine: Remove the 'content trust build' workaround
2017-11-17 18:27:53 +00:00
Rolf Neugebauer
0a2db0ac83
Merge pull request #2758 from rn/no-lcow
...
Remove LCOW
2017-11-17 17:23:34 +00:00
Justin Cormack
cad6527033
Merge pull request #2755 from justincormack/runtime-cgroups
...
Add support for creating cgroups in runtime section
2017-11-17 17:01:27 +00:00
Justin Cormack
d3533febe7
Merge pull request #2756 from justincormack/no-logos
...
Improve language detection
2017-11-17 16:26:15 +00:00
Justin Cormack
a7b5b0ae07
Merge pull request #2752 from ijc/remove-kubernetes
...
Remove projects/kubernetes, moved to https://github.com/linuxkit/kubernetes
2017-11-17 16:14:35 +00:00
Rolf Neugebauer
32fca2954f
Remove LCOW
...
It is now under https://github.com/linuxkit/lcow
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-11-17 15:55:19 +00:00
Justin Cormack
914fce3f9f
Improve language detection
...
github is marking a lot of ekrnel config files as "logos" again.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-11-17 15:00:31 +00:00
Ian Campbell
a09e6a5c7b
Add pointers to the new kubernetes location
...
Signed-off-by: Ian Campbell <ijc@docker.com>
2017-11-17 14:25:32 +00:00
Justin Cormack
9e65b8b4c3
Merge pull request #2751 from ijc/simplify-circle-artifacts
...
Move CI build artifacts to top level
2017-11-17 14:23:39 +00:00
Justin Cormack
6cb919b489
Add support for creating cgroups in runtime section
...
Implements https://github.com/moby/tool/pull/181
Design for things like Kubernetes setup that requires some cgroups to
exist when the service starts but it is not running in these, other
services are, so there would be a race if they are not created in each.
Essentially it is just a sugared `mkdir` in all the cgroup dirs.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-11-17 14:12:41 +00:00