Epoll in `syscall` package does not work on arm64. We do not have
arm64 yet here, but we will when we add tpm support etc.
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
Rather than using an initrd, unpack full filesystem for ISO BIOS.
Stream docker output direct to file rather than via a buffer, to save
memory.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Now that LinuxKit works on a truly immutable filesystem, for an
ISO it makes sense to use the ISO filesystem rather than using
an initrd. Only major difference is you may need to specify the
device for the root filesystem in the kernel command line, but
we set a sane default of `/dev/sr0` if unspecified.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
When we converted these to cpio we were not noticing that they
were invalid as they had incorrect paths as we converted the
path to a symlink anyway. Only the busybox images have hard links
in, the Alpine ones are symlinks anyway, which is why it was
less visible too.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- append a architecture specific suffix (-amd64, -arm64) to the
image
- add a script which looks up the hashes from the 'versions' file
and creates a multi-arch manifest
- the manifest is pushed to hub and signed with notary
The new linuxkit/alpine multi-arch image is available with the
x86_64 hash without the '-amd64' suffix.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
These were removed as unused in 8acecf1b62 but with the update to 1.7.2 they
are now pulled in (again?) by the default system.
Signed-off-by: Ian Campbell <ijc@docker.com>
PR #2314 turned /var into a tmpfs (possibly overmounted by a persistent disk)
and made /var/run into a symlink to /run. Adjust various containers and bind
mount settings to allow for this change. In particular ensuring that everything
can find the correct shared /var/run/docker.sock, which due to the symlink is
now actually at /run.
Signed-off-by: Ian Campbell <ijc@docker.com>
The manifest-tool will be used to build multi-arch hub
images and currently needs a patched version to print
out the size/length of the manifest pushed to hub to
enable signing with notary.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The document showed the incorrect sub-command options for LinuxKit run azure which needs to be updated and hence fixed it.
Signed-off-by: Ajeet Raina <ajeetraina@gmail.com>
Only supports the use cases we currently need, currently support
for using Intel hardware rng to initialise and add entropy.
Supports oneshot and service mode. Call as `rngd -1` for one shot
mode.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously we were cheating and remounting /var `rw` but this does not
work if the filesystem is really read only. Nount a tmpfs, which may
be overmounted later by a persistent filesystem.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
