Simple version bump. Changes:
* noise: handshake constants can be read-only after init
* noise: no need to take the RCU lock if we're not dereferencing
* send: improve dead packet control flow
* receive: improve control flow
* socket: eliminate dead code
* device: our use of queues means this check is worthless
* device: no need to take lock for integer comparison
* blake2s: modernize API and have faster _final
* compat: support READ_ONCE
* compat: just make ro_after_init read_mostly
Assorted cleanups to the module, including nice things like marking our
precomputations as const.
* Makefile: even prettier output
* Makefile: do not clean before cloc
* selftest: better test index for rate limiter
* netns: disable accept_dad for all interfaces
Fixes in our testing and build infrastructure. Now works on the 4.14 rc
series.
* qemu: add build-only target
* qemu: work on ubuntu toolchain
* qemu: add more debugging options to main makefile
* qemu: simplify shutdown
* qemu: open /dev/console if we're started early
* qemu: phase out bitbanging
* qemu: always create directory before untarring
* qemu: newer packages
* qemu: put hvc directive into configuration
This is the beginning of working out a cross building test suite, so we do
several tricks to be less platform independent.
* tools: encoding: be more paranoid
* tools: retry resolution except when fatal
* tools: don't insist on having a private key
* tools: add pass example to wg-quick man page
* tools: style
* tools: newline after warning
* tools: account for padding being in zero attribute
Several important tools fixes, one of which suppresses a needless warning.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Could be e.g.:
```
pkg:
content-trust-passphrase-command: "lpass show <key> --password"
```
or
```
pkg:
content-trust-passphrase-command: "gpg -d ~/.notary/passphrase.gpg"
```
Signed-off-by: Ian Campbell <ijc@docker.com>
This must have had a merge error. Fixes version mismatch which
stops this working. The test was updated so is fine.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Note that a237b51511 ("Bump alpine base across the board.") inadvertently
corrupted `tools/alpine/versions.aarch64` (by updating it to the amd64 hash),
this commit corrects this as part of the rebuild.
Signed-off-by: Ian Campbell <ijc@docker.com>
Adding a `PRETTY_NAME` to this causes it to appear in the node information:
$ kubectl --namespace=kube-system get -o wide nodes
NAME STATUS ROLES AGE VERSION EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
linuxkit-b6e09efea36e Ready master 29m v1.8.0 <none> LinuxKit Kubernetes Project 4.9.53-linuxkit containerd://1.0.0-beta.1
Previously it would be `Unknown`.
A later yaml passed to `moby build` can override this by simply duplicating
the path.
Signed-off-by: Ian Campbell <ijc@docker.com>
With the old package.mk arrangements we would only append -dirty and -$arch to
the hash if the user didn't specify a HASH= directly. So the following would
work
make ORG=ijc HASH=dev tag
and produce an image `ijc/«image»:dev`.
However the new equivalent:
linuxkit pkg build -org=ijc --hash-=dev
instead produces an image `ijc/«image»:dev-dirty-$arch`. Which is undesirable.
This commit refactors the code in two main ways:
Firstly directly append `-dirty` to the hash as we extract it from git (rather
than on use in the `Tag()` method), and only do this if the user has not
specified an explicit tag. Note that we still track dirtiness in the `Pkg`
object and so will not allow a push (or release) from a dirty tree (the
makefile version would have tried this with unpredictable results), nor will we
apply the `org.opencontainers.image.revision` label to a dirty build.
Secondly if we are not pushing the image+manifest then we retag the -$arch
suffixed image without the the -$arch. This differs from the Makefile version
which would simply have built without the -$arch in the first place, I think
this is an improvement. If we are pushing the manifest-tool remains responsible
for creating the non -$arch image.
Signed-off-by: Ian Campbell <ijc@docker.com>
