Since we are building containerd v1.1.0 with go 1.10 (as it requires) to the
same for init and runc too for consistency. In the case of init it is actually
required since we use the containerd client library there.
The subreaper interfaces have been removed from containerd and replaced with a
similar interface in runc/libcontainer, update init to use that now.
Signed-off-by: Ian Campbell <ijc@docker.com>
crosvm is a VMM written on Rust which can run the device
backends in secomp isolated processes.
This adds build support for crosvm for x86 and arm64 as well
as some instructions on how to run LinuxKit built images on crosvm.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
For example kernel module signatures if you do not provide a key. So add
to the dependencies for kernel builds.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Unlike the hyperkit runner, the qemu runner already had better
support for auto-detecting the boot method so the changes
are less invasive (and backward compatible).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Previous commits added support for building 'kernel+squashfs'.
This commit adds support for booting this build format on hyperkit.
The changes are a little bigger because some restructuring of the
code was required to support a third (after kernel+initrd and EFI
ISO) boot method.
To keep the code simpler this commit also removes some auto-detection
code for ISO booting. Users now have to specify '-iso -uefi' on the
command line to boot an EFI ISO. Previously, only '-uefi' was
required.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This contains a small fix to the disk binadings and allows
booting with a kernel alone (no initrd).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This includes two improvements:
- being able to specify the packages used for building images
- support for building squashfs images.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This utility image takes a tarball as input and places the
contents into a read-only, compressed squashfs filesystem
which is produced on stdout.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
$ git diff linuxkit.yml
diff --git a/linuxkit.yml b/linuxkit.yml
index e2ec829db..21b84e4ad 100644
--- a/linuxkit.yml
+++ b/linuxkit.yml
@@ -1,6 +1,6 @@
kernel:
image: linuxkit/kernel:4.14.32
- cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
+ cmdline: "console=ttyS0 console=foobar"
init:
- linuxkit/init:v0.3
- linuxkit/runc:v0.3
$ linuxkit build linuxkit.yml
[...]
$ linuxkit run linuxkit
[...]
getty: cmdline has console=foobar but /dev/foobar is not a character device; not starting getty for foobar
linuxkit-2ae2c420a11c login: root (automatic login)
Welcome to LinuxKit!
NOTE: This system is namespaced.
The namespace you are currently in may not be the root.
(ns: getty) linuxkit-2ae2c420a11c:~# ls -l /proc/1/root/dev/foobar
-rw-r--r-- 1 root root 311 Apr 9 13:19 /proc/1/root/dev/foobar
(ns: getty) linuxkit-2ae2c420a11c:~# cat /proc/1/root/dev/foobar
Welcome to LinuxKit
## .
## ## ## ==
## ## ## ## ## ===
/"""""""""""""""""\___/ ===
{ / ===-
\______ O __/
\ \ __/
\____\_______/
Also added quotes around $tty for good measure.
Signed-off-by: Ian Campbell <ijc@docker.com>
This option was removed in 4.16.x in favour of
CONFIG_CC_STACKPROTECTOR_AUTO. We do not check for
this option as we also force CONFIG_CC_STACKPROTECTOR_STRONG.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The kernel config is based on the 4.15.x kernel config
run through 'make defconfig && make oldconfig' and then
tweaked a little by hand.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
If you happen to be exactly on a tag then:
$ linuxkit pkg build --dev pkg/init
Building "ijc/init:dev"
Cannot release "v0.3" if not pushing
Do not try and infer a release if not pushing so this is possible again.
The subsequent check for `bo.release != "" && !bo.push` remains since the
caller could have used `WithRelease` but not `WithPush`. Our CLI never does
this, but a hypothetical other user of the library might.
Signed-off-by: Ian Campbell <ijc@docker.com>
static pie only seems to work on Alpine currently, but static is
a good default. Give the user choices...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
