Ensure that all git commands are run as if from the package directory using the
`-C` option. Otherwise the various attempts to use git fail if `linuxkit pkg`
is invoked from outside the git repo.
Signed-off-by: Ian Campbell <ijc@docker.com>
Could be e.g.:
```
pkg:
content-trust-passphrase-command: "lpass show <key> --password"
```
or
```
pkg:
content-trust-passphrase-command: "gpg -d ~/.notary/passphrase.gpg"
```
Signed-off-by: Ian Campbell <ijc@docker.com>
With the old package.mk arrangements we would only append -dirty and -$arch to
the hash if the user didn't specify a HASH= directly. So the following would
work
make ORG=ijc HASH=dev tag
and produce an image `ijc/«image»:dev`.
However the new equivalent:
linuxkit pkg build -org=ijc --hash-=dev
instead produces an image `ijc/«image»:dev-dirty-$arch`. Which is undesirable.
This commit refactors the code in two main ways:
Firstly directly append `-dirty` to the hash as we extract it from git (rather
than on use in the `Tag()` method), and only do this if the user has not
specified an explicit tag. Note that we still track dirtiness in the `Pkg`
object and so will not allow a push (or release) from a dirty tree (the
makefile version would have tried this with unpredictable results), nor will we
apply the `org.opencontainers.image.revision` label to a dirty build.
Secondly if we are not pushing the image+manifest then we retag the -$arch
suffixed image without the the -$arch. This differs from the Makefile version
which would simply have built without the -$arch in the first place, I think
this is an improvement. If we are pushing the manifest-tool remains responsible
for creating the non -$arch image.
Signed-off-by: Ian Campbell <ijc@docker.com>
Previously there would be a make "entering directory" hint in the logs, but
with the switch to `linuxkit pkg` that no longer occurs.
Signed-off-by: Ian Campbell <ijc@docker.com>
Done as follows:
find -name build.yml | xargs dirname | while read d ; do
t=$(linuxkit pkg show-tag $d)
./scripts/update-component-sha.sh --image ${t%:*} ${t#*:}
done
git commit -s test pkg tools blueprints examples projects/kubernetes projects/swarmd docs linuxkit.yml Makefile src
This explicitly excludes projects/* which I did not know whether to update.
Then:
git reset --hard
for i in init runc containerd ca-certificates sysctl dhcpcd getty rngd ; do
o=$(git grep -h "\(image:\|-\) *linuxkit/$i:[0-9a-f]\{40\}" origin/master:linuxkit.yml | awk '// { print $2 }')
n=$(linuxkit pkg show-tag pkg/$i)
./scripts/update-component-sha.sh "$o" "$n"
done
git commit --amend projects
This updates any projects which were using components with the same hash as the
top-level linuxkit.yml.
Signed-off-by: Ian Campbell <ijc@docker.com>
Rather than a hard fail. This allows batch builds of a set of packages without
the surrounding loop needing to be away of the possibility.
Signed-off-by: Ian Campbell <ijc@docker.com>
This is a bit gross, but hopefully this script will be written in go sooner
rather than later and in the meantime this avoids the need to install yet
another tool on user's systems (and get it into brew etc).
Checkin the result of `go:generate` for now. Once there are no more users of
push-manifest.sh it can be moved alongside the go code (if it hasn't been
rewritten in go along the way).
Signed-off-by: Ian Campbell <ijc@docker.com>
This implements the proposal in #2564 and converts a handful of representative
or especially interesting (from a build PoV) packages to use it.
For now those pkg/* affected get a stub-`Makefile`, once all packages are
converted then `pkg/Makefile` can be adjusted and those stubs can be removed.
For now only `pkg/package.mk`'s functionality is implemented. In particular:
- `push-manifest.sh` remains a separate script, to enable calling it on systems
with just the LinuxKit tools installed arrange to install it under a less
generic name.
- `kernel` and `tools/alpine` do not use `pkg/package.mk` and those cases are
not yet fully considered/covered.
I have updated the documentation assuming that the existing uses of
`pkg/package.mk` will be removed quite soon in a follow up PR rather than
trying to document the situation which results after just this commit.
Due to `cmd/linuxkit` now gaining a library the build needs adjusting slightly to
allow both `make bin/linuxkit` and `go build` to work.
`go vet` has forced me to write some rather asinine comments for things that
are rather obvious from the name.
Signed-off-by: Ian Campbell <ijc@docker.com>
This commit introduces a new option - `keyname` - to the OpenStack
runner, which allows the user to specify the name of a keypair they want
to associate with the instance at the time of creation.
Signed-off-by: Nick Jones <nick@dischord.org>
If the state dir is preserved then the VM should come up with the same mac
address on subsequent reboots.
Fixes regression in #2498.
Rather than fixing the typo in the associated comments just remove them since
they don't really convey any useful information.
Signed-off-by: Ian Campbell <ijc@docker.com>
This PR is used to fix the issue #2488.
Currently we use '-net' the old way to initialize a host nic
interface, this method will not work on arm64 platform(#2488 issue),
so we use the '-netdev' method which will work on both arm64 and amd64.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
This adds support for the updated Hyperkit API, which is needed to
request a specific IP address in new versions of VPNKit / Docker for
Mac. IPs encoded in the UUID (the old method) will now be ignored by
VPNKit.
A preferred IPv4 address can be requested directly via the new API. The
IP is then associated with the VPNKit UUID identifying the connection.
The UUID is either user specified or randomly assigned if left empty.
VMs launched with the same VPNKit UUID it will get the same IP address.
To avoid having to copy the assigned UUID manually, a file `uuid.vpnkit`
is now saved in the state directory when the UUID is generated. The UUID
from this file is reused automatically if it exists, unless a different
VPNKit UUID is specified on the command line. This also means that VMs
that use dynamically assigned IPs will by default get the same IP each
time they are started, as long as the state directory exists.
This change is incompatible with earlier versions of VPNKit / Hyperkit
and a recent version of Docker for Mac has to be installed. If the
feature is unsupported using the `--ip` parameter will exit with an
error message.
Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
Tested with:
- boot from kernel + initrd with metadata (appears as sr0)
- boot from iso with no metadata (root is sr0)
- boot from iso with metadata (root is sr0, metadata is sr1)
- boot from iso with metadata using containerized qemu
In all cases where it was present the metadata was correctly expanded to
/var/config.
Signed-off-by: Ian Campbell <ijc@docker.com>
The local changes were merged, so switching back to the original
repository. A minor change in API was needed.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Currently we depend on the qemu to detect the firmware file format
automatically, which is dangerous. This patch specify the 'raw'
format explicitly to remove the kind of restrictions.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
This add a -device option which enables the re-use of an existing
device. The device state is update to use a potentially new base-url
ro PXE boot from. This maybe faster than provisioning a new server.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Adds a new option, '-keep' which will keep the machine around,
but by default remove the machine when done.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The -serve command starts a local HTTP server which serves
the kernel and initrd files. The server can then easily be
made available via ngrok or other means.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
When an AWS machine is stopped and there is no console output the CLI
panics due to a nil pointer dereference. This commit checks that the
console output is not null before attempting to decode it.
Signed-off-by: Dave Tucker <dt@docker.com>
Instances were being created in a different AZ to the one specified in
the zone variable. This could lead to situations where the disks and the
instance were in different AZs and would result in an error.
This commit adds placement information to the API call used to create
the instance.
Fixes: #2388
Signed-off-by: Dave Tucker <dt@docker.com>
