Commit Graph

365 Commits

Author SHA1 Message Date
Jeffrey 'jf' Lim
5f1ae239bb
docs/platform-aws.md: add crucial note about ENA for linuxkit push aws
Signed-off-by: Jeffrey 'jf' Lim <jf@users.noreply.github.com>
2022-09-28 21:40:13 +08:00
Petr Fedchenkov
a46e6af650
Allow build for darwin without CGO
It is not easy to use cross-platform build with CGO enabled so lets
allow build without cgo for darwin and use virtualization framework only
 if we built with CGO.

Signed-off-by: Petr Fedchenkov <giggsoff@gmail.com>
2022-09-12 11:41:37 +03:00
Avi Deitcher
de1d8cdeda add support for virtualization framework
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-07-22 16:55:47 +03:00
Avi Deitcher
0929aabe50 build directly with buildkit
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-06-28 10:36:30 +03:00
Rolf Neugebauer
9e333a1358
Merge pull request #3775 from deitch/doc-kernel-builder
add docs about how to find the builder
2022-06-03 20:48:20 +01:00
Avi Deitcher
cd5cea8c02 remove need for maintainers to build packages
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-05-23 20:24:07 -10:00
Avi Deitcher
3351eee596 add docs about how to find the builder
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2022-04-24 17:44:24 +03:00
Yuri Volchkov
1a013f4424 Declare build-args in build.yml
This allows multiple build flavors for a single codebase, without
sacrificing reproducible builds. The build-args are set in build.yml,
which is typically under the source control (if it is not, then no
reproducible builds are possible anyways). Meaning that mutating
build-args would result in setting "dirty" flag.

Intended use of this commit is to switch between build flavors by
specifying a different yaml file (presumably also under the version
control)  by  `-build-yml` option.

Because it is impossible to build a final image from packages in
cache, the test for this feature relies on the `RUN echo $build-arg`
output during the `pkg build` process.

Signed-off-by: Yuri Volchkov <yuri@zededa.com>
2022-04-13 17:36:55 +00:00
Avi Deitcher
4e7abb5250 document and simplify some releasing
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-11-29 16:39:06 +02:00
David Scott
46ea02f65b moby: device "all" will add to the cgroup whitelist
After the runc security advisory[1] the default cgroup device
whitelist was changed.

In previous versions every container had "rwm" (read, write, mknod)
for every device ("a" for all). Typically this was overridden by
container engines like Docker. In LinuxKit we left the permissive
default.

In recent `runc` versions the default allow-all rule was removed,
so a container can only access a device if it is specifically
granted access, which LinuxKit handles via a device: entry.

However it is inconvenient for pkg/format, pkg/mount, pkg/swap
to list all possible block devices up-front. Therefore we add the
ability to grant access to an entire class of device with a single
rule:

```
- path: all
  type: b
```

Obviously a paranoid user can still override this with a specific
major/minor number in a device: rule.

[1] https://github.com/opencontainers/runc/security/advisories/GHSA-g54h-m393-cpwq

Signed-off-by: David Scott <dave@recoil.org>
2021-10-14 16:14:21 +01:00
David Scott
24db42dd68 moby: add a Devices array to the image yml
According to https://github.com/linuxkit/linuxkit/pull/3684#issuecomment-860128095

runc removed the console as a default device, so now it must be specified
explicitly in the OCI config.

See 60e21ec26e

The similar code in moby/moby is here: https://github.com/moby/moby/blob/master/oci/devices_linux.go

This patch allows packages to declare a `devices` array, which can contain `/dev/console` etc.

Signed-off-by: David Scott <dave@recoil.org>
2021-10-14 16:14:05 +01:00
Rolf Neugebauer
4eb60514c9 yaml: Update use of alpine:3.11 to alpine:3.13
Seceral YAML files used alpine:3:11. Update them to 3.13

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2021-08-10 00:13:52 +01:00
Rolf Neugebauer
c63162964f
Merge pull request #3651 from deitch/kernel-tagging
tag kernel with builder version; simplify Makefile
2021-05-25 22:55:31 +01:00
Avi Deitcher
d053a0f279 tag kernel with builder version; simplify Makefile
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-05-25 15:51:01 +03:00
Avi Deitcher
4adc04a24d calculate manifest hash-tag using git ls-tree
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-05-21 01:31:14 +03:00
Dave Tucker
28f43e8121 docs: Document --skip-arches
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2021-05-02 17:31:33 +01:00
Avi Deitcher
f6d04977df Update to proper go-compile hash
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-30 02:01:55 +03:00
Avi Deitcher
d091f90f81 pass linkmode=external only for Linux
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-29 16:52:44 +03:00
Avi Deitcher
8576579f60 Update use of tools to latest
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-27 19:52:35 +03:00
Avi Deitcher
95ce6386aa Update Alpine base to 3.13; go-compile rebuilt with mod=vendor option, go bumped to 1.16
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-27 17:38:22 +03:00
Rolf Neugebauer
182646c776
Merge pull request #3630 from deitch/doc-s390x-docker
docs to hold maintainer build platforms
2021-04-23 21:19:59 +01:00
Avi Deitcher
e4a58e0130 docs to hold maintainer build platforms
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-23 02:12:07 +03:00
Avi Deitcher
c8ef7d0eb0 cross build packages
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-04-21 13:03:26 +03:00
Rolf Neugebauer
c7e753eb16 build: Update go-compile package
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2021-04-02 18:45:38 +01:00
Dave Tucker
561ce6f4be Remove Notary and Content Trust
This commit removes Notary and Content Trust.
Notary v1 is due to be replaced with Notary v2 soon.
There is no clean migration path from one to the other.
For now, this removes all signing from LinuxKit.
We will look to add this back once a new Notary alternative
becomes available.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2021-03-30 14:51:11 +01:00
Avi Deitcher
9633d23d37 write to cache
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-02-12 16:18:21 +02:00
Avi Deitcher
4e23d08a8c update docs
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2021-01-19 09:55:16 +02:00
Petr Fedchenkov
301e7ef13e
update to linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106
Signed-off-by: Petr Fedchenkov <giggsoff@gmail.com>
2021-01-18 16:54:37 +03:00
Avi Deitcher
0b7502f130 pull and cache images locally without docker
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2020-12-30 18:27:02 +02:00
Avi Deitcher
34373e3b52 describe how to sign tags manually
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2020-11-12 14:40:36 +02:00
Avi Deitcher
203cbd9b9f multiple containerd options
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2020-10-21 11:11:48 +03:00
Avi Deitcher
865ed8a1ce add containerd cli opts
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2020-10-19 14:49:15 +03:00
Avi Deitcher
00b9bb56a0
Merge pull request #3532 from deitch/split-push-sign
options to split image steps and manifest steps
2020-06-10 11:13:01 +03:00
Avi Deitcher
ea18be414e options to split image steps and manifest steps
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2020-05-24 16:23:46 +03:00
Avi Deitcher
bcd36a4661 support merge yaml flags
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2020-05-18 17:41:36 +03:00
Karol Woźniak
d861987b79 scaleway: Fix bugs and add option for changing image size
* Fix using ams1 as zone
* Allow specifying image size (+ calculate default from ISO size)
* Fix mangling logs when asking for ssh passphrase
* Some minor code and docs cleanups

Signed-off-by: Karol Woźniak <wozniakk@gmail.com>
2020-05-01 01:15:24 +02:00
Federico Pellegatta
5fc196c289 Add partition table type selector (defaulted to DOS/MBR) to format package
Signed-off-by: Federico Pellegatta <12744504+federico-pellegatta@users.noreply.github.com>
2020-04-23 10:16:36 +02:00
Rolf Neugebauer
25d5ba8ef8 Update linuxkit/go-compile to the latest
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2020-04-17 10:36:03 +01:00
Rolf Neugebauer
5d2f1ccbd0 Update use of tools to latest
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2020-04-17 10:36:03 +01:00
Aymen EL AMRI
a7a42e986d add SG to linuxkit run command
Signed-off-by: Aymen EL AMRI <aymen@eralabs.io>
2020-02-17 13:41:09 +01:00
Nick Jones
10b2436eec
[OpenStack] Support os-client-config usage for authentication
Update Gophercloud dependencies and also bring in the 'utils'
package.  This provides support for configuring access to OpenStack
clouds as detailed in the [official
documentation](https://docs.openstack.org/os-client-config/latest/user/configuration.html).

By relying on this package we can simplify the code required to
interact with OpenStack's APIs.  Support is also provided upstream for
self-signed and insecure SSL configurations.

Tested with a public cloud running OpenStack 'Rocky', the latest release.

Signed-off-by: Nick Jones <nick@dischord.org>
2019-10-08 12:46:43 +01:00
Simon Fridlund
fc88e2104e
Add Hetzner provider in the metadata package
Signed-off-by: Simon Fridlund <simon@fridlund.email>
2019-10-07 17:31:57 +02:00
Avi Deitcher
fad3354448 Add docker-standard ftp_proxy/FTP_PROXY env var, and socks-standard all_proxy/ALL_PROXY
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2019-09-03 11:00:26 +03:00
Patrik Cyvoct
6a4d127fd3
Update Scaleway Provider with new Go SDK
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
2019-06-17 19:12:47 +02:00
schrotthaufen
0120b7dc74 kernel: Include lan78xx kernel module for use with rpi3b+
Signed-off-by: schrotthaufen <schrotthaufen@invalid.invalid>
2019-05-16 20:32:43 +02:00
Rolf Neugebauer
da3f1e9c6c Update use of tools to latest
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-16 23:16:18 +01:00
sethp
993b392bdd Update example link
The directory the link previously went to has changed.

Signed-off-by: Seth Pellegrino <seth@codecopse.net>
2019-03-20 21:58:12 -07:00
Rolf Neugebauer
5910713bae Update use of tools to latest
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-02 19:18:46 +00:00
Rolf Neugebauer
eeb2d546d1
Merge pull request #3249 from chriswue/master
Adding support to mount an encrypted filesystem
2019-01-18 01:28:50 +01:00
Christian Wuerdig
a9bc7372de Adding dm-crypt as core pkg
Signed-off-by: Christian Wuerdig <christian.wuerdig@gmail.com>
2019-01-18 11:56:18 +13:00