github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-08-08 10:07:35 +00:00
Code Issues Projects Releases Wiki Activity
8,434 Commits 1 Branch 27 Tags 240 MiB
v1.5.3
Commit Graph

389 Commits

Author SHA1 Message Date
Avi Deitcher
4f765b5da0 support --tag in build.yml for packages 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-12-23 17:28:49 +02:00
Avi Deitcher
76f4802ccf additional volume support in building 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-10-01 15:27:55 +03:00
Avi Deitcher
5848a2856f use only stdout/stderr or file for runc output 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-08-28 14:45:26 +03:00
Avi Deitcher
2af30c5503 support cmdline-driven debugging mode for runc 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-08-22 15:14:35 +03:00
Avi Deitcher
b953d1781c add support for volumes 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-07-21 17:48:38 +03:00
Avi Deitcher
8f6ea3c85e switch Packet references to Equinix Metal 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-07-05 17:22:25 +03:00
Avi Deitcher
6af6291afe add tag to args passed for package builds 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-16 13:52:49 +03:00
Avi Deitcher
4df07ddb6e add support for pkg release tags 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-03-11 10:07:43 +02:00
Avi Deitcher
d47a9284b4 update kernel Makefile for targets for yamls 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-03-03 17:06:45 +02:00
Avi Deitcher
3e7df6c869 move kernel series status into series dir 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-03-03 12:49:17 +02:00
Avi Deitcher
000b6f4bb1 switch kernel builds to linuxkit pkg build for simplicity 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-03-02 21:22:05 +02:00
Avi Deitcher
cd12a8613d restructure kernel builds into directories 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-02-27 15:14:06 +02:00
Avi Deitcher
06a05badf6 template in yaml file 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-02-23 15:43:45 +02:00
Avi Deitcher
0c31697e10 add support for specifying dockerfile in build process 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-02-21 21:15:08 +02:00
Avi Deitcher
4e070077c9 kernels Makefile support custom builders and archs 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-02-01 15:39:16 +02:00
Avi Deitcher
c388177596 updated kernel documents 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-01-31 10:54:47 +02:00
Avi Deitcher
7a0ae251c0 update alpine base comments 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-01-26 12:44:34 +02:00
Avi Deitcher
33cd7b749a sbom support 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2023-11-14 14:14:45 +02:00
Zixuan James Li
2d2df02a5a
Fix broken links in the documentation. 
Arguably the long term fix is to introduce a check for links in the
documentation with tools like markdown-link-check.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
 2023-06-23 22:27:55 -04:00
Avi Deitcher
de13ee521d include source repo, revision and go package version as build-args 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2023-06-08 18:24:25 +03:00
Avi Deitcher
0b6441ccbc start troubleshooting doc 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2022-12-30 10:41:34 +02:00
Avi Deitcher
b84548b039
fix alpine base update docs (#3886) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2022-12-29 16:47:29 +02:00
Avi Deitcher
154f943d01
switch from flags to cobra (#3884) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2022-12-29 10:31:57 +02:00
Michael Aldridge
06aaba5e05 pkg/sshd: Remove default bind of /root/.ssh 
Signed-off-by: Michael Aldridge <aldridge.mac@gmail.com>
 2022-11-09 18:50:44 -06:00
Jeffrey 'jf' Lim
5f1ae239bb
docs/platform-aws.md: add crucial note about ENA for linuxkit push aws 
Signed-off-by: Jeffrey 'jf' Lim <jf@users.noreply.github.com>
 2022-09-28 21:40:13 +08:00
Petr Fedchenkov
a46e6af650
Allow build for darwin without CGO 
It is not easy to use cross-platform build with CGO enabled so lets
allow build without cgo for darwin and use virtualization framework only
 if we built with CGO.

Signed-off-by: Petr Fedchenkov <giggsoff@gmail.com>
 2022-09-12 11:41:37 +03:00
Avi Deitcher
de1d8cdeda add support for virtualization framework 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2022-07-22 16:55:47 +03:00
Avi Deitcher
0929aabe50 build directly with buildkit 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2022-06-28 10:36:30 +03:00
Rolf Neugebauer
9e333a1358
Merge pull request #3775 from deitch/doc-kernel-builder 
add docs about how to find the builder
 2022-06-03 20:48:20 +01:00
Avi Deitcher
cd5cea8c02 remove need for maintainers to build packages 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2022-05-23 20:24:07 -10:00
Avi Deitcher
3351eee596 add docs about how to find the builder 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2022-04-24 17:44:24 +03:00
Yuri Volchkov
1a013f4424 Declare build-args in build.yml 
This allows multiple build flavors for a single codebase, without
sacrificing reproducible builds. The build-args are set in build.yml,
which is typically under the source control (if it is not, then no
reproducible builds are possible anyways). Meaning that mutating
build-args would result in setting "dirty" flag.

Intended use of this commit is to switch between build flavors by
specifying a different yaml file (presumably also under the version
control)  by  `-build-yml` option.

Because it is impossible to build a final image from packages in
cache, the test for this feature relies on the `RUN echo $build-arg`
output during the `pkg build` process.

Signed-off-by: Yuri Volchkov <yuri@zededa.com>
 2022-04-13 17:36:55 +00:00
Avi Deitcher
4e7abb5250 document and simplify some releasing 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-11-29 16:39:06 +02:00
David Scott
46ea02f65b moby: device "all" will add to the cgroup whitelist 
After the runc security advisory[1] the default cgroup device
whitelist was changed.

In previous versions every container had "rwm" (read, write, mknod)
for every device ("a" for all). Typically this was overridden by
container engines like Docker. In LinuxKit we left the permissive
default.

In recent `runc` versions the default allow-all rule was removed,
so a container can only access a device if it is specifically
granted access, which LinuxKit handles via a device: entry.

However it is inconvenient for pkg/format, pkg/mount, pkg/swap
to list all possible block devices up-front. Therefore we add the
ability to grant access to an entire class of device with a single
rule:

```
- path: all
  type: b
```

Obviously a paranoid user can still override this with a specific
major/minor number in a device: rule.

[1] https://github.com/opencontainers/runc/security/advisories/GHSA-g54h-m393-cpwq

Signed-off-by: David Scott <dave@recoil.org>
 2021-10-14 16:14:21 +01:00
David Scott
24db42dd68 moby: add a Devices array to the image yml 
According to https://github.com/linuxkit/linuxkit/pull/3684#issuecomment-860128095

runc removed the console as a default device, so now it must be specified
explicitly in the OCI config.

See 60e21ec26e

The similar code in moby/moby is here: https://github.com/moby/moby/blob/master/oci/devices_linux.go

This patch allows packages to declare a `devices` array, which can contain `/dev/console` etc.

Signed-off-by: David Scott <dave@recoil.org>
 2021-10-14 16:14:05 +01:00
Rolf Neugebauer
4eb60514c9 yaml: Update use of alpine:3.11 to alpine:3.13 
Seceral YAML files used alpine:3:11. Update them to 3.13

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2021-08-10 00:13:52 +01:00
Rolf Neugebauer
c63162964f
Merge pull request #3651 from deitch/kernel-tagging 
tag kernel with builder version; simplify Makefile
 2021-05-25 22:55:31 +01:00
Avi Deitcher
d053a0f279 tag kernel with builder version; simplify Makefile 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-05-25 15:51:01 +03:00
Avi Deitcher
4adc04a24d calculate manifest hash-tag using git ls-tree 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-05-21 01:31:14 +03:00
Dave Tucker
28f43e8121 docs: Document --skip-arches 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2021-05-02 17:31:33 +01:00
Avi Deitcher
f6d04977df Update to proper go-compile hash 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-04-30 02:01:55 +03:00
Avi Deitcher
d091f90f81 pass linkmode=external only for Linux 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-04-29 16:52:44 +03:00
Avi Deitcher
8576579f60 Update use of tools to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-04-27 19:52:35 +03:00
Avi Deitcher
95ce6386aa Update Alpine base to 3.13; go-compile rebuilt with mod=vendor option, go bumped to 1.16 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-04-27 17:38:22 +03:00
Rolf Neugebauer
182646c776
Merge pull request #3630 from deitch/doc-s390x-docker 
docs to hold maintainer build platforms
 2021-04-23 21:19:59 +01:00
Avi Deitcher
e4a58e0130 docs to hold maintainer build platforms 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-04-23 02:12:07 +03:00
Avi Deitcher
c8ef7d0eb0 cross build packages 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-04-21 13:03:26 +03:00
Rolf Neugebauer
c7e753eb16 build: Update go-compile package 
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2021-04-02 18:45:38 +01:00
Dave Tucker
561ce6f4be Remove Notary and Content Trust 
This commit removes Notary and Content Trust.
Notary v1 is due to be replaced with Notary v2 soon.
There is no clean migration path from one to the other.
For now, this removes all signing from LinuxKit.
We will look to add this back once a new Notary alternative
becomes available.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2021-03-30 14:51:11 +01:00
Avi Deitcher
9633d23d37 write to cache 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-02-12 16:18:21 +02:00