github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-03-19 17:56:26 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: github:pkg-v1.0.0
Branches Tags
github:master
github:v1.8.2 github:v1.8.1 github:pkg-v1.2.0 github:v1.8.0 github:v1.7.1 github:pkg-v1.1.0 github:v1.7.0 github:v1.6.5 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.6.0 github:v1.5.3 github:v1.5.2 github:v1.5.1 github:v1.5.0 github:v1.4.0 github:v1.3.0 github:pkg-v1.0.0 github:v1.2.0 github:v1.0.1 github:v1.0.0 github:v0.8.1 github:v0.8 github:v0.7 github:v0.6 github:v0.5 github:v0.4 github:v0.3 github:v0.2
..
compare: github:v1.3.0
Branches Tags
github:master
github:v1.8.2 github:v1.8.1 github:pkg-v1.2.0 github:v1.8.0 github:v1.7.1 github:pkg-v1.1.0 github:v1.7.0 github:v1.6.5 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.6.0 github:v1.5.3 github:v1.5.2 github:v1.5.1 github:v1.5.0 github:v1.4.0 github:v1.3.0 github:pkg-v1.0.0 github:v1.2.0 github:v1.0.1 github:v1.0.0 github:v0.8.1 github:v0.8 github:v0.7 github:v0.6 github:v0.5 github:v0.4 github:v0.3 github:v0.2

56 Commits
pkg-v1.0.0 ... v1.3.0

Author SHA1 Message Date
Avi Deitcher
e6ffc8a8f3 Merge pull request #4057 from deitch/build-targets-all-not-macos 
make targets separated by OS
 2024-07-11 19:03:20 +02:00
Avi Deitcher
e6ac960951 make targets separated by OS 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-07-11 18:09:48 +02:00
Avi Deitcher
933445f071 Merge pull request #4056 from deitch/handle-cross-compilation-macos 
separate release builds of macOS CGO from others
 2024-07-11 17:24:05 +02:00
Avi Deitcher
7acc8262f2 separate release builds of macOS CGO from others 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-07-11 16:55:51 +02:00
Avi Deitcher
bfac135e4e Merge pull request #4055 from deitch/include-semver-in-version 
properly save linuxkit version
 2024-07-11 15:41:20 +02:00
Avi Deitcher
8bb9174b28 properly save linuxkit version 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-07-11 15:16:26 +02:00
Avi Deitcher
8d76ae282f Merge pull request #4054 from christoph-zededa/fix_build_command_args 
cmd: allow more than one config yaml for build
 2024-07-10 19:00:52 +03:00
Christoph Ostarek
04dc9042cf cmd: allow more than one config yaml for build 
according to the documentation the following command is valid:
`linuxkit build equinixmetal.yml equinixmetal.arm64.yml`
(docs/platform-equinixmetal.md)

So, make it valid.

Signed-off-by: Christoph Ostarek <christoph@zededa.com>
 2024-07-10 17:24:53 +02:00
Avi Deitcher
c90f2ee8f2 Merge pull request #4052 from deitch/packet-to-metal 
Packet to metal
 2024-07-07 16:39:18 +03:00
Avi Deitcher
ad4c97c430 switch linuxkit from deprecated packngo to equinixmetal go-sdk 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-07-05 17:57:48 +03:00
Avi Deitcher
8f6ea3c85e switch Packet references to Equinix Metal 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-07-05 17:22:25 +03:00
Avi Deitcher
3f80ca694f Merge pull request #4049 from danrzs/master 
ensured dumpFollow of logread includes 'follow' behaviour
 2024-07-03 19:57:34 +03:00
Daniel Smith
cda7577e3c ensured dumpFollow of logread includes 'follow' behaviour 
Signed-off-by: Daniel Smith <daniel@razorsecure.com>
 2024-07-03 13:55:46 +01:00
Avi Deitcher
be7dfdd42c Merge pull request #4046 from jalaziz/4045 
Improve support for third-party registry images
 2024-06-24 11:08:04 -07:00
Jameel Al-Aziz
21e9f0fa1c add tests 
Signed-off-by: Jameel Al-Aziz <jameel@bastion.io>
 2024-06-22 01:58:37 -04:00
Jameel Al-Aziz
5e42d050a7 Improve support for third-party registry images 
Update `ReferenceExpand` to support image references from remote
registries. This fixes local image lookup and pulling with newer
versions of Docker.

fixes #4045

Signed-off-by: Jameel Al-Aziz <jameel@bastion.io>
 2024-06-18 21:57:51 -07:00
Avi Deitcher
4f89f4f67e Merge pull request #4043 from deitch/buildkit-bump 2024-06-11 18:29:11 +03:00
Avi Deitcher
977afa7510 remove no longer necessary rand.Seed 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-06-11 17:42:55 +03:00
Avi Deitcher
7c46ac8c5d bump buildkit to latest v0.13.2 with deps 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-06-11 15:55:42 +03:00
Avi Deitcher
f48e442a46 Merge pull request #4044 from deitch/go-1.22 
bump actions/setup-go to v5 and go-version to 1.22.3
 2024-06-11 15:55:13 +03:00
Avi Deitcher
4c3d189a1a bump actions/setup-go to v5 and go-version to 1.22.3 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-06-11 15:20:58 +03:00
Avi Deitcher
9e06024567 Merge pull request #4040 from deitch/export-formats 
add cache export format OCI
 2024-05-16 15:48:20 +03:00
Avi Deitcher
f5dcefc7c2 add cache export format OCI 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-05-16 14:38:19 +03:00
Avi Deitcher
6d37353ca1 Merge pull request #4039 from deitch/split-moby 
move moby components that do not have runtime dependencies to own directory
 2024-05-07 20:27:35 +03:00
Avi Deitcher
379617ca0d move moby components that do not have runtime dependencies to own directory 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-05-07 19:51:25 +03:00
Avi Deitcher
b49e32af98 Merge pull request #4036 from deitch/fix-action-script-v7 2024-04-28 16:30:14 +03:00
Avi Deitcher
5299f948e3 use proper path for github-script properties 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-28 15:56:53 +03:00
Avi Deitcher
e171750da6 Merge pull request #4035 from deitch/action-script-v7 2024-04-28 15:25:33 +03:00
Avi Deitcher
c32c74bc1d github script v7 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-28 14:43:52 +03:00
Avi Deitcher
d3257af256 Merge pull request #4034 from deitch/token-for-actions 2024-04-28 13:58:27 +03:00
Avi Deitcher
2578ae23c6 explicitly use GITHUB_TOKEN for actions script 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-28 12:58:10 +03:00
Avi Deitcher
38e62bb61d Merge pull request #4033 from jacobweinstock/cgroupsv2-as-default 
Make cgroups v2 the default in the init pkg
 2024-04-28 11:45:00 +03:00
Jacob Weinstock
2fe19f7561 Update dependencies 
Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
 2024-04-27 15:40:30 -06:00
Jacob Weinstock
803747f01a Make cgroups v2 the default: 
cgroups v2 has been out since 2015. Not having
to set a kernel parameter helps improve the user
experience by not requiring it when it is required
by services in a build. Making this the default was
discussed back in 2021.

Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
 2024-04-27 15:40:00 -06:00
Avi Deitcher
8afecd5204 Merge pull request #4031 from deitch/update-actions 
bump actions to v4 to avoid deprecation
 2024-04-25 12:19:07 +03:00
Avi Deitcher
e6b0ae05eb Merge pull request #4030 from deitch/canonicalize-pull 
use canonical ref when looking in cache
 2024-04-25 11:50:19 +03:00
Avi Deitcher
04792e0d44 bump actions to v4 to avoid deprecation 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-25 11:44:38 +03:00
Avi Deitcher
c836e54d22 use canonical ref when looking in cache 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-24 15:00:39 +03:00
Avi Deitcher
bc5d08d6a3 Merge pull request #4028 from largemouth/master 
chore: fix function name in comment
 2024-04-24 13:27:34 +03:00
largemouth
4ce13640cd chore: fix function name in comment 
Signed-off-by: largemouth <largemouth@aliyun.com>
 2024-04-22 19:45:14 +08:00
Avi Deitcher
cea4c0d419 Merge pull request #4027 from deitch/not-same-file 
prevent using same file for input tar and output tar
 2024-04-21 13:55:30 +03:00
Avi Deitcher
dc12b9be69 prevent using same file for input tar and output tar 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-21 13:19:57 +03:00
Avi Deitcher
dd1ae909d6 Merge pull request #4026 from deitch/increment-tar-output 
add support for input-tar
 2024-04-19 17:08:03 +03:00
Avi Deitcher
632b4065d4 add support for input-tar 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-19 16:30:06 +03:00
Avi Deitcher
a610332100 Merge pull request #4025 from deitch/tag-sources-in-tar 
include image reference as source in every tar file header
 2024-04-18 16:34:05 +03:00
Avi Deitcher
1fe8cba107 include image reference as source in every tar file header 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-18 16:03:34 +03:00
Avi Deitcher
47d02ecd61 Merge pull request #4024 from deitch/fix-kernel-tools-build 
fix kernel tools build.yml files to reflect correct dockerfiles
 2024-04-17 11:41:18 +03:00
Avi Deitcher
4d212000ec fix kernel tools build.yml files to reflect correct dockerfiles 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-16 19:30:28 +03:00
Avi Deitcher
9e18c9247c Merge pull request #4023 from deitch/commit-tag-arg 
add tag to args passed for package builds
 2024-04-16 15:14:25 +03:00
Avi Deitcher
6af6291afe add tag to args passed for package builds 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-16 13:52:49 +03:00
Avi Deitcher
de79880fff Merge pull request #3960 from Fabsolute/fix-disk-parameter-for-virtualization 2024-04-12 16:50:03 +02:00
Fabsolute
f2240fbeea FIX disk parameter usage 
Signed-off-by: Fabsolute <ahmetturk93@gmail.com>
 2024-04-12 16:07:30 +02:00
Avi Deitcher
b7bb183d49 Merge pull request #4020 from christoph-zededa/fix_doc_build_iso-efi 
README.md: fix format parameter
 2024-03-20 09:10:12 +01:00
Christoph Ostarek
6a7cea9dbd README.md: fix format parameter 
linuxkit build expects '--format' or '-f' and not
'-format'

Signed-off-by: Christoph Ostarek <christoph@zededa.com>
 2024-03-19 18:01:22 +01:00
Avi Deitcher
3ff5dac063 Merge pull request #4018 from christoph-zededa/fix_pulling_from_localhost_registry 
util: allow pulling from local registry
 2024-03-17 00:57:54 -07:00
Christoph Ostarek
4496612c70 util: allow pulling from local registry 
before a command like
linuxkit cache pull 127.0.0.1:5000/pkgalpine

would result in trying to pull the following image:
docker.io/127.0.0.1:5000/pkgalpine

and this is wrong

Signed-off-by: Christoph Ostarek <christoph@zededa.com>
 2024-03-15 18:36:31 +01:00
2717 changed files with 288449 additions and 86383 deletions
Expand all files Collapse all files

60
.github/workflows/ci.yml vendored
View File

@@ -35,14 +35,14 @@ jobs:
runs-on: ${{ matrix.target.runner }}
steps:
- name: Set up Go 1.19
uses: actions/setup-go@v3
- name: Set up Go 1.22
uses: actions/setup-go@v5
with:
go-version: 1.19.2
go-version: 1.22.3
id: go
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Set path
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
@@ -50,9 +50,9 @@ jobs:
GOPATH: ${{runner.workspace}}
- name: golangci-lint CLI
uses: golangci/golangci-lint-action@v3
uses: golangci/golangci-lint-action@v6
with:
version: v1.50.0
version: v1.59.0
working-directory: src/cmd/linuxkit
args: --verbose --timeout=10m
- name: go vet CLI
@@ -79,7 +79,7 @@ jobs:
GOPATH: ${{runner.workspace}}
- name: Upload binary
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: linuxkit-${{matrix.target.suffix}}
path: |
@@ -93,14 +93,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Set up binfmt
# Only register arm64 as we are on amd64 already. s390x is not reliable
run: docker run --privileged --rm tonistiigi/binfmt --install arm64
- name: Download linuxkit
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: linuxkit-amd64-linux
path: bin
@@ -112,7 +112,7 @@ jobs:
/usr/local/bin/linuxkit version
- name: Cache Packages
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.linuxkit/cache/
key: ${{ runner.os }}-linuxkit-${{ github.sha }}
@@ -160,7 +160,7 @@ jobs:
shard: [1/10,2/10,3/10,4/10,5/10,6/10,7/10,8/10,9/10,10/10]
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install Pre-Requisites
run: |
@@ -170,7 +170,7 @@ jobs:
- name: Restore RTF From Cache
id: cache-rtf
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: bin
key: rtf-${{hashFiles('Makefile')}}
@@ -184,7 +184,7 @@ jobs:
sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf
- name: Download linuxkit
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: linuxkit-amd64-linux
path: bin
@@ -196,7 +196,7 @@ jobs:
/usr/local/bin/linuxkit version
- name: Restore Package Cache
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.linuxkit/cache/
key: ${{ runner.os }}-linuxkit-${{ github.sha }}
@@ -215,7 +215,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install Pre-Requisites
run: |
@@ -225,7 +225,7 @@ jobs:
- name: Restore RTF From Cache
id: cache-rtf
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: bin
key: rtf-${{hashFiles('Makefile')}}
@@ -239,7 +239,7 @@ jobs:
sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf
- name: Download linuxkit
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: linuxkit-amd64-linux
path: bin
@@ -251,7 +251,7 @@ jobs:
/usr/local/bin/linuxkit version
- name: Restore Package Cache
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.linuxkit/cache/
key: ${{ runner.os }}-linuxkit-${{ github.sha }}
@@ -271,7 +271,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install Pre-Requisites
run: |
@@ -281,13 +281,13 @@ jobs:
- name: Restore RTF From Cache
id: cache-rtf
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: bin
key: rtf-${{hashFiles('Makefile')}}
- name: Restore Package Cache
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.linuxkit/cache/
key: ${{ runner.os }}-linuxkit-${{ github.sha }}
@@ -303,7 +303,7 @@ jobs:
sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf
- name: Download linuxkit
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: linuxkit-amd64-linux
path: bin
@@ -327,7 +327,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install Pre-Requisites
run: |
@@ -337,7 +337,7 @@ jobs:
- name: Restore RTF From Cache
id: cache-rtf
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: bin
key: rtf-${{hashFiles('Makefile')}}
@@ -351,7 +351,7 @@ jobs:
sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf
- name: Download linuxkit
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: linuxkit-amd64-linux
path: bin
@@ -363,7 +363,7 @@ jobs:
/usr/local/bin/linuxkit version
- name: Restore Package Cache
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.linuxkit/cache/
key: ${{ runner.os }}-linuxkit-${{ github.sha }}
@@ -383,7 +383,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install Pre-Requisites
run: |
@@ -393,7 +393,7 @@ jobs:
- name: Restore RTF From Cache
id: cache-rtf
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: bin
key: rtf-${{hashFiles('Makefile')}}
@@ -407,7 +407,7 @@ jobs:
sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf
- name: Download linuxkit
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: linuxkit-amd64-linux
path: bin
@@ -419,7 +419,7 @@ jobs:
/usr/local/bin/linuxkit version
- name: Restore Package Cache
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.linuxkit/cache/
key: ${{ runner.os }}-linuxkit-${{ github.sha }}

8
.github/workflows/package_release.yml vendored
View File

@@ -9,13 +9,13 @@ jobs:
if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/pkg-v')
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.21
uses: actions/setup-go@v3
- name: Set up Go 1.22
uses: actions/setup-go@v5
with:
go-version: 1.21.5
go-version: 1.22.3
id: go
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Ensure bin/ directory
run: mkdir -p bin
- name: Install linuxkit

11
.github/workflows/publish.yaml vendored
View File

@@ -14,14 +14,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Ensure bin/ directory
run: mkdir -p bin
- name: Download linuxkit
uses: actions/github-script@v3.1.0
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
var artifacts = await github.actions.listWorkflowRunArtifacts({
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
@@ -29,7 +30,7 @@ jobs:
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "${{ env.linuxkit_file }}"
})[0];
var download = await github.actions.downloadArtifact({
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
@@ -45,7 +46,7 @@ jobs:
sudo ln -s $(pwd)/bin/${{ env.linuxkit_file }} /usr/local/bin/linuxkit
/usr/local/bin/linuxkit version
- name: Restore Package Cache
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.linuxkit/cache/
key: ${{ runner.os }}-linuxkit-${{ github.sha }}

73
.github/workflows/release.yml vendored
View File

@@ -4,20 +4,20 @@ on:
create:
jobs:
build:
name: Build all targets
build-all:
name: Build all targets expect macOS
if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.19
uses: actions/setup-go@v3
- name: Set up Go 1.122
uses: actions/setup-go@v5
with:
go-version: 1.19.2
go-version: 1.22.3
id: go
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Set path
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
@@ -26,10 +26,67 @@ jobs:
- name: Build
run: |
make build-all-targets
make build-targets-linux build-targets-windows
env:
GOPATH: ${{runner.workspace}}
- uses: actions/upload-artifact@v4
with:
name: release-targets-except-cgo
path: bin/
# separate macos build because macos needs CGO, and it is very hard to cross-compile that
build-macos:
name: Build macOS target
if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v')
runs-on: macos-latest
steps:
- name: Set up Go 1.122
uses: actions/setup-go@v5
with:
go-version: 1.22.3
id: go
- name: Check out code
uses: actions/checkout@v4
- name: Set path
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
env:
GOPATH: ${{runner.workspace}}
- name: Build
run: |
make build-targets-macos
env:
GOPATH: ${{runner.workspace}}
- uses: actions/upload-artifact@v4
with:
name: release-targets-macos
path: bin/
release-artifacts:
needs: [build-all, build-macos]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: release-targets-except-cgo
path: bintmp/release-targets-except-cgo
- uses: actions/download-artifact@v4
with:
name: release-targets-macos
path: bintmp/release-targets-macos
- name: Combine Artifacts
run: |
mkdir -p bin/
cp bintmp/*/* bin/
- name: Checksum Artifacts
run: |
make checksum-targets
- name: GitHub Release
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
env:
@@ -37,4 +94,4 @@ jobs:
with:
draft: true
files: bin/*
generate_release_notes: true
generate_release_notes: true

21
Makefile
View File

@@ -119,18 +119,27 @@ endif
./scripts/update-component-sha.sh --image $${img}$(image); \
done
.PHONY: build-all-targets
build-all-targets: bin
$(MAKE) GOOS=darwin GOARCH=arm64 LOCAL_TARGET=$(CURDIR)/bin/linuxkit-darwin-arm64 local-build
file bin/linuxkit-darwin-arm64
$(MAKE) GOOS=darwin GOARCH=amd64 LOCAL_TARGET=$(CURDIR)/bin/linuxkit-darwin-amd64 local-build
file bin/linuxkit-darwin-amd64
.PHONY: build-targets-all build-targets-linux build-targets-windows build-targets-macos checksum-targets
build-targets-all: build-targets-linux build-targets-windows build-targets-macos
build-targets-linux: bin
$(MAKE) GOOS=linux GOARCH=arm64 LOCAL_TARGET=$(CURDIR)/bin/linuxkit-linux-arm64 local-build
file bin/linuxkit-linux-arm64
$(MAKE) GOOS=linux GOARCH=amd64 LOCAL_TARGET=$(CURDIR)/bin/linuxkit-linux-amd64 local-build
file bin/linuxkit-linux-amd64
$(MAKE) GOOS=linux GOARCH=s390x LOCAL_TARGET=$(CURDIR)/bin/linuxkit-linux-s390x local-build
file bin/linuxkit-linux-s390x
build-targets-windows: bin
$(MAKE) GOOS=windows GOARCH=amd64 LOCAL_TARGET=$(CURDIR)/bin/linuxkit-windows-amd64.exe local-build
file bin/linuxkit-windows-amd64.exe
build-targets-macos: bin
$(MAKE) GOOS=darwin GOARCH=arm64 LOCAL_TARGET=$(CURDIR)/bin/linuxkit-darwin-arm64 local-build
file bin/linuxkit-darwin-arm64
$(MAKE) GOOS=darwin GOARCH=amd64 LOCAL_TARGET=$(CURDIR)/bin/linuxkit-darwin-amd64 local-build
file bin/linuxkit-darwin-amd64
checksum-targets: bin
cd bin && openssl sha256 -r linuxkit-* | tr -d '*' > checksums.txt

6
README.md
View File

@@ -63,8 +63,8 @@ Once you have built the tool, use
```
linuxkit build linuxkit.yml
```
to build the example configuration. You can also specify different output formats, eg `linuxkit build -format raw-bios linuxkit.yml` to
output a raw BIOS bootable disk image, or `linuxkit build -format iso-efi linuxkit.yml` to output an EFI bootable ISO image. See `linuxkit build -help` for more information.
to build the example configuration. You can also specify different output formats, eg `linuxkit build --format raw-bios linuxkit.yml` to
output a raw BIOS bootable disk image, or `linuxkit build --format iso-efi linuxkit.yml` to output an EFI bootable ISO image. See `linuxkit build -help` for more information.
### Booting and Testing
@@ -87,7 +87,7 @@ Currently supported platforms are:
- [OpenStack](docs/platform-openstack.md) `[x86_64]`
- [Scaleway](docs/platform-scaleway.md) `[x86_64]`
- Baremetal:
- [packet.net](docs/platform-packet.md) `[x86_64, arm64]`
- [deploy.equinix.com](docs/platform-equinixmetal.md) `[x86_64, arm64]`
- [Raspberry Pi Model 3b](docs/platform-rpi3.md) `[arm64]`

2
docs/packages.md
View File

@@ -272,6 +272,8 @@ When building packages, the following build-args automatically are set for you:
* `SOURCE` - the source repository of the package
* `REVISION` - the git commit that was used for the build
* `GOPKGVERSION` - the go package version or pseudo-version per https://go.dev/ref/mod#glos-pseudo-version
* `PKG_HASH` - the git tree hash of the package directory, e.g. `45a1ad5919f0b6acf0f0cf730e9434abfae11fe6`; tag part of `linuxkit pkg show-tag`
* `PKG_IMAGE` - the name of the image that is being built, e.g. `linuxkit/init`; image name part of `linuxkit pkg show-tag`. Combine with `PKG_HASH` for the full tag.
Note that the above are set **only** if you do not set them in `build.yaml`. Your settings _always_
override these built-in ones.

77
docs/platform-packet.md → docs/platform-equinixmetal.md
View File

@@ -1,26 +1,17 @@
# LinuxKit with bare metal on Packet
# LinuxKit with bare metal on Equinix Metal
[Packet](http://packet.net) is a bare metal hosting provider.
[Equinix Metal](http://deploy.equinix.com) is a bare metal hosting provider.
You will need to [create a Packet account] and a project to
You will need to [create an Equinix Metal account] and a project to
put this new machine into. You will also need to [create an API key]
with appropriate read/write permissions to allow the image to boot.
[create a Packet account]:https://app.packet.net/#/registration/
[create an API key]:https://help.packet.net/quick-start/api-integrations
[create an Equinix Metal account]:https://console.equinix.com/sign-up
[create an API key]:https://deploy.equinix.com/developers/docs/metal/identity-access-management/api-keys/
Linuxkit is known to boot on the [Type 0]
and [Type 1] servers at Packet.
Support for other server types, including the [Type 2A] ARM server,
is a work in progress.
[Type 0]:https://www.packet.net/bare-metal/servers/type-0/
[Type 1]:https://www.packet.net/bare-metal/servers/type-1/
[Type 2A]:https://www.packet.net/bare-metal/servers/type-2a/
The `linuxkit run packet` command can mostly either be configured via
The `linuxkit run equinixmetal` command can mostly either be configured via
command line options or with environment variables. see `linuxkit run
packet --help` for the options and environment variables.
equinixmetal --help` for the options and environment variables.
By default, `linuxkit run` will provision a new machine and remove it
once you are done. With the `-keep` option the provisioned machine
@@ -29,8 +20,8 @@ device ID on subsequent `linuxkit run` invocations to re-use an
existing machine. These subsequent runs will update the iPXE data so
you can boot alternative kernels on an existing machine.
There is an example YAML file for [x86_64](../examples/packet.yml) and
an additional YAML for [arm64](../examples/packet.arm64.yml) servers
There is an example YAML file for [x86_64](../examples/equinixmetal.yml) and
an additional YAML for [arm64](../examples/equinixmetal.arm64.yml) servers
which provide both access to the serial console and via ssh and
configures bonding for network devices via metadata (if supported).
@@ -47,52 +38,52 @@ retry the boot typically fixes this.
## Boot
LinuxKit on Packet boots the `kernel+initrd` output from moby via
[iPXE](https://help.packet.net/technical/infrastructure/custom-ipxe)
LinuxKit on Equinix Metal boots the `kernel+initrd` output from moby via
[iPXE](https://deploy.equinix.com/developers/docs/metal/operating-systems/custom-ipxe/)
which also requires a iPXE script. iPXE booting requires a HTTP server
on which you can store your images. The `-base-url` option specifies
the URL to a HTTP server from which `<name>-kernel`,
`<name>-initrd.img`, and `<name>-packet.ipxe` can be downloaded during
`<name>-initrd.img`, and `<name>-equinixmetal.ipxe` can be downloaded during
boot.
If you have your own HTTP server, you can use `linuxkit push packet`
If you have your own HTTP server, you can use `linuxkit push equinixmetal`
to create the files (including the iPXE script) you need to make
available.
If you don't have a public HTTP server at hand, you can use the
`-serve` option. This will create a local HTTP server which can either
be run on another Packet machine or be made accessible with tools
be run on another Equinix Metal machine or be made accessible with tools
like [ngrok](https://ngrok.com/).
For example, to boot the [example](../examples/packet.net)
For example, to boot the [example](../examples/platform-equinixmetal.yml)
with a local HTTP server:
```sh
linuxkit build packet.yml
linuxkit build platform-equinixmetal.yml
# run the web server
# run 'ngrok http 8080' in another window
PACKET_API_KEY=<API key> PACKET_PROJECT_ID=<Project ID> \
linuxkit run packet -serve :8080 -base-url <ngrok url> packet
METAL_AUTH_TOKEN=<API key> METAL_PROJECT_ID=<Project ID> \
linuxkit run equinixmetal -serve :8080 -base-url <ngrok url> equinixmetal
```
To boot a `arm64` image for Type 2a machine (`-machine baremetal_2a`)
you currently need to build using `linuxkit build packet.yml
packet.arm64.yml` and then un-compress both the kernel and the initrd
you currently need to build using `linuxkit build equinixmetal.yml
equinixmetal.arm64.yml` and then un-compress both the kernel and the initrd
before booting, e.g:
```sh
mv packet-initrd.img packet-initrd.img.gz && gzip -d packet-initrd.img.gz
mv packet-kernel packet-kernel.gz && gzip -d packet-kernel.gz
mv equinixmetal-initrd.img equinixmetal-initrd.img.gz && gzip -d equinixmetal-initrd.img.gz
mv equinixmetal-kernel equinixmetal-kernel.gz && gzip -d equinixmetal-kernel.gz
```
The LinuxKit image can then be booted with:
```sh
PACKET_API_KEY=<API key> PACKET_PROJECT_ID=<Project ID> \
linuxkit run packet -machine baremetal_2a -serve :8080 -base-url -base-url <ngrok url> packet
METAL_API_TOKEN=<API key> METAL_PROJECT_ID=<Project ID> \
linuxkit run equinixmetal -machine baremetal_2a -serve :8080 -base-url -base-url <ngrok url> equinixmetal
```
Alternatively, `linuxkit push packet` will uncompress the kernel and
Alternatively, `linuxkit push equinixmetal` will uncompress the kernel and
initrd images on arm machines (or explicitly via the `-decompress`
flag. There is also a `linuxkit serve` command which will start a
local HTTP server serving the specified directory.
@@ -104,18 +95,18 @@ messages.
## Console
By default, `linuxkit run packet ...` will connect to the
Packet
[SOS ("Serial over SSH") console](https://help.packet.net/technical/networking/sos-rescue-mode). This
By default, `linuxkit run equinixmetal ...` will connect to the
Equinix Metal
[SOS ("Serial over SSH") console](https://deploy.equinix.com/developers/docs/metal/resilience-recovery/serial-over-ssh/). This
requires `ssh` access, i.e., you must have uploaded your SSH keys to
Packet beforehand.
Equinix Metal beforehand.
You can exit the console vi `~.` on a new line once you are
disconnected from the serial, e.g. after poweroff.
**Note**: We also require that the Packet SOS host is in your
**Note**: We also require that the Equinix Metal SOS host is in your
`known_hosts` file, otherwise the connection to the console will
fail. There is a Packet SOS host per zone.
fail. There is a Equinix Metal SOS host per zone.
You can disable the serial console access with the `-console=false`
command line option.
@@ -124,7 +115,7 @@ command line option.
## Disks
At this moment the Linuxkit server boots from RAM, with no persistent
storage. We are working on adding persistent storage support on Packet.
storage. We are working on adding persistent storage support on Equinix Metal.
## Networking
@@ -139,13 +130,13 @@ On the baremetal type 2a system (arm64 Cavium Thunder X) the network device driv
to your YAML files before any containers requiring the network to be up, e.g., the `dhcpcd` container.
Some Packet server types have bonded networks; the `metadata` package has support for setting
Some Equinix Metal server types have bonded networks; the `metadata` package has support for setting
these up, and also for adding additional IP addresses.
## Integration services and Metadata
Packet supports [user state](https://help.packet.net/technical/infrastructure/user-state)
Equinix Metal supports [user state](https://deploy.equinix.com/developers/docs/metal/server-metadata/user-data/)
during system bringup, which enables the boot process to be more informative about the
current state of the boot process once the kernel has loaded but before the
system is ready for login.

2
examples/addbinds.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/cadvisor.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/dm-crypt-loop.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/dm-crypt.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/docker-for-mac.yml
View File

@@ -4,7 +4,7 @@ kernel:
cmdline: "console=ttyS0 page_poison=1"
init:
- linuxkit/vpnkit-expose-port:77e45e4681c78d59f1d8a48818260948d55f9d05 # install vpnkit-expose-port and vpnkit-iptables-wrapper on host
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/docker.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/getty.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/hostmount-writeable-overlay.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/influxdb-os.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/logging.yml
View File

@@ -3,7 +3,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/minimal.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
onboot:

2
examples/node_exporter.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
services:

2
examples/openstack.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/platform-aws.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/platform-azure.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

4
examples/platform-packet.arm64.yml → examples/platform-equinixmetal.arm64.yml
View File

@@ -1,5 +1,5 @@
# This YAML snippet is to be used in conjunction with packet.yml to
# build a arm64 image for packet.net. It adds a modprobe of the NIC
# This YAML snippet is to be used in conjunction with equinixmetal.yml to
# build a arm64 image for Equinix Metal. It adds a modprobe of the NIC
# driver and overrides the kernel section to disable prepending the
# Intel CPU microcode to the initrd. If writing a YAML specifically
# for arm64 then the 'ucode' line in the kernel section can be left

4
examples/platform-packet.yml → examples/platform-equinixmetal.yml
View File

@@ -3,7 +3,7 @@ kernel:
cmdline: console=ttyS1
ucode: intel-ucode.cpio
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
@@ -19,7 +19,7 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: metadata
image: linuxkit/metadata:b082f1bf97a9034d1e4c0e36a5d2923f4e58f540
command: ["/usr/bin/metadata", "packet"]
command: ["/usr/bin/metadata", "equinixmetal"]
services:
- name: rngd
image: linuxkit/rngd:cdb919e4aee49fed0bf6075f0a104037cba83c39

2
examples/platform-gcp.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/platform-hetzner.yml
View File

@@ -3,7 +3,7 @@ kernel:
cmdline: console=ttyS1
ucode: intel-ucode.cpio
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/platform-rt-for-vmware.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13-rt
cmdline: "console=tty0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/platform-scaleway.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0 root=/dev/vda"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/platform-vmware.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/platform-vultr.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/redis-os.yml
View File

@@ -4,7 +4,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
onboot:

2
examples/sshd.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/static-ip.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
onboot:

2
examples/swap.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/tpm.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
examples/vpnkit-forwarder.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
onboot:

2
examples/vsudd-containerd.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
onboot:

2
examples/wireguard.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

4
kernel/Dockerfile.bcc
View File

@@ -1,6 +1,8 @@
ARG BUILD_IMAGE
ARG KERNEL_VERSION
ARG PKG_HASH
FROM ${KERNEL_VERSION}-${HASH} as ksrc
FROM linuxkit/kernel:${KERNEL_VERSION}-${PKG_HASH} as ksrc
FROM ${BUILD_IMAGE} AS build
RUN apk update && apk upgrade -a && \

4
kernel/Dockerfile.perf
View File

@@ -1,8 +1,10 @@
# This Dockerfile extracts the source code and headers from a kernel package,
# builds the perf utility, and places it into a scratch image
ARG BUILD_IMAGE
ARG KERNEL_VERSION
ARG PKG_HASH
FROM ${KERNEL_VERSION}-${HASH} AS ksrc
FROM linuxkit/kernel:${KERNEL_VERSION}-${PKG_HASH} as ksrc
FROM ${BUILD_IMAGE} AS build
RUN apk add \

1
kernel/build-bcc.yml
View File

@@ -1,2 +1,3 @@
image: kernel-bcc
network: true
dockerfile: Dockerfile.bcc

1
kernel/build-perf.yml
View File

@@ -1,2 +1,3 @@
image: kernel-perf
network: true
dockerfile: Dockerfile.perf

2
linuxkit.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

10
pkg/init/cmd/rc.init/main.go
View File

@@ -225,9 +225,7 @@ func doMounts() {
// misc /proc mounted fs
mountSilent("binfmt_misc", "/proc/sys/fs/binfmt_misc", "binfmt_misc", noexec|nosuid|nodev, "")
if isCgroupV2() {
mount("cgroup2", "/sys/fs/cgroup", "cgroup2", noexec|nosuid|nodev, "")
} else {
if isCgroupV1() {
// mount cgroup root tmpfs
mount("cgroup_root", "/sys/fs/cgroup", "tmpfs", nodev|noexec|nosuid, "mode=755,size=10m")
// mount cgroups filesystems for all enabled cgroups
@@ -243,6 +241,8 @@ func doMounts() {
// many things assume systemd
mkdir("/sys/fs/cgroup/systemd", 0555)
mount("cgroup", "/sys/fs/cgroup/systemd", "cgroup", 0, "none,name=systemd")
} else {
mount("cgroup2", "/sys/fs/cgroup", "cgroup2", noexec|nosuid|nodev, "")
}
// make / rshared
@@ -423,14 +423,14 @@ func doShutdown(action string) {
os.Exit(0)
}
func isCgroupV2() bool {
func isCgroupV1() bool {
dt, err := os.ReadFile("/proc/cmdline")
if err != nil {
log.Printf("error reading /proc/cmdline: %v", err)
return false
}
for _, s := range strings.Fields(string(dt)) {
if s == "linuxkit.unified_cgroup_hierarchy=1" {
if s == "linuxkit.unified_cgroup_hierarchy=0" {
return true
}
}

5
pkg/memlogd/cmd/logread/main.go
View File

@@ -41,6 +41,11 @@ func main() {
flag.BoolVar(&follow, "f", false, "follow log buffer")
flag.Parse()
if dumpFollow {
// StreamLogs() has seperate 'dump' and 'follow' flags, since 'dumpFollow' includes 'follow' we set that too
follow = true
}
c, err := StreamLogs(socketPath, follow, dumpFollow)
if err != nil {
panic(err)

14
pkg/metadata/go.mod
View File

@@ -1,12 +1,22 @@
module github.com/linuxkit/linuxkit/pkg/metadata
go 1.16
go 1.21
require (
github.com/diskfs/go-diskfs v1.3.1-0.20230612151643-22d22fd7e558
github.com/packethost/packngo v0.1.0
github.com/sirupsen/logrus v1.9.0
github.com/vishvananda/netlink v0.0.0-20170808154308-f5a6f697a596
github.com/vishvananda/netns v0.0.0-20170707011535-86bef332bfc3 // indirect
github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3
)
require (
github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/pierrec/lz4/v4 v4.1.17 // indirect
github.com/pkg/xattr v0.4.9 // indirect
github.com/ulikunitz/xz v0.5.11 // indirect
github.com/vishvananda/netns v0.0.0-20170707011535-86bef332bfc3 // indirect
golang.org/x/sys v0.5.0 // indirect
gopkg.in/djherbis/times.v1 v1.3.0 // indirect
)

6
pkg/metadata/main.go
View File

@@ -77,7 +77,7 @@ func main() {
log.SetLevel(log.DebugLevel)
}
providers := []string{"aws", "gcp", "hetzner", "openstack", "scaleway", "vultr", "digitalocean", "packet", "metaldata", "vmware", "cdrom"}
providers := []string{"aws", "gcp", "hetzner", "openstack", "scaleway", "vultr", "digitalocean", "equinixmetal", "metaldata", "vmware", "cdrom"}
args := flag.Args()
if len(args) > 0 {
providers = args
@@ -92,8 +92,8 @@ func main() {
netProviders = append(netProviders, NewHetzner())
case p == "openstack":
netProviders = append(netProviders, NewOpenstack())
case p == "packet":
netProviders = append(netProviders, NewPacket())
case p == "equinixmetal":
netProviders = append(netProviders, NewEquinixMetal())
case p == "scaleway":
netProviders = append(netProviders, NewScaleway())
case p == "vultr":

30
pkg/metadata/provider_packet.go → pkg/metadata/provider_equinixmetal.go
View File

@@ -12,30 +12,30 @@ import (
"github.com/vishvananda/netlink"
)
// ProviderPacket is the type implementing the Provider interface for Packet.net
type ProviderPacket struct {
// ProviderEquinixMetal is the type implementing the Provider interface for Equinix Metal
type ProviderEquinixMetal struct {
metadata *metadata.CurrentDevice
err error
}
// NewPacket returns a new ProviderPacket
func NewPacket() *ProviderPacket {
return &ProviderPacket{}
// NewEquinixMetal returns a new ProviderEquinixMetal
func NewEquinixMetal() *ProviderEquinixMetal {
return &ProviderEquinixMetal{}
}
func (p *ProviderPacket) String() string {
return "Packet"
func (p *ProviderEquinixMetal) String() string {
return "EquinixMetal"
}
// Probe checks if we are running on Packet
func (p *ProviderPacket) Probe() bool {
// Probe checks if we are running on EquinixMetal
func (p *ProviderEquinixMetal) Probe() bool {
// Unfortunately the host is resolveable globally, so no easy test
p.metadata, p.err = metadata.GetMetadata()
return p.err == nil
}
// Extract gets both the Packet specific and generic userdata
func (p *ProviderPacket) Extract() ([]byte, error) {
// Extract gets both the EquinixMetal specific and generic userdata
func (p *ProviderEquinixMetal) Extract() ([]byte, error) {
// do not retrieve if we Probed
if p.metadata == nil && p.err == nil {
p.metadata, p.err = metadata.GetMetadata()
@@ -47,7 +47,7 @@ func (p *ProviderPacket) Extract() ([]byte, error) {
}
if err := os.WriteFile(path.Join(ConfigPath, Hostname), []byte(p.metadata.Hostname), 0644); err != nil {
return nil, fmt.Errorf("Packet: Failed to write hostname: %s", err)
return nil, fmt.Errorf("EquinixMetal: Failed to write hostname: %s", err)
}
if err := os.MkdirAll(path.Join(ConfigPath, SSH), 0755); err != nil {
@@ -66,7 +66,7 @@ func (p *ProviderPacket) Extract() ([]byte, error) {
userData, err := metadata.GetUserData()
if err != nil {
return nil, fmt.Errorf("Packet: failed to get userdata: %s", err)
return nil, fmt.Errorf("EquinixMetal: failed to get userdata: %s", err)
}
if len(userData) == 0 {
@@ -81,7 +81,7 @@ func (p *ProviderPacket) Extract() ([]byte, error) {
return userData, nil
}
// networkConfig handles Packet network configuration, primarily bonding
// networkConfig handles EquinixMetal network configuration, primarily bonding
func networkConfig(ni metadata.NetworkInfo) error {
// rename interfaces to match what the metadata calls them
links, err := netlink.LinkList()
@@ -119,7 +119,7 @@ func networkConfig(ni metadata.NetworkInfo) error {
// set up bonding
la := netlink.LinkAttrs{Name: "bond0"}
bond := &netlink.GenericLink{la, "bond"}
bond := &netlink.GenericLink{LinkAttrs: la, LinkType: "bond"}
if err := netlink.LinkAdd(bond); err != nil {
// weirdly creating a bind always seems to return EEXIST
fmt.Fprintf(os.Stderr, "Error adding bond0: %v (ignoring)", err)

2
pkg/metadata/provider_scaleway.go
View File

@@ -123,7 +123,7 @@ func (p *ProviderScaleway) Extract() ([]byte, error) {
return userData, nil
}
// exctractInformation returns the extracted information given as parameter from the metadata
// extractInformation returns the extracted information given as parameter from the metadata
func (p *ProviderScaleway) extractInformation(metadata []byte, information string) ([]byte, error) {
query := strings.ToUpper(information) + "="
for _, line := range bytes.Split(metadata, []byte("\n")) {

15
pkg/metadata/vendor/github.com/diskfs/go-diskfs/go.mod generated vendored
View File

@@ -1,15 +0,0 @@
module github.com/diskfs/go-diskfs
go 1.19
require (
github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab
github.com/go-test/deep v1.0.8
github.com/google/uuid v1.3.0
github.com/pierrec/lz4/v4 v4.1.17
github.com/pkg/xattr v0.4.9
github.com/sirupsen/logrus v1.9.0
github.com/ulikunitz/xz v0.5.11
golang.org/x/sys v0.5.0
gopkg.in/djherbis/times.v1 v1.3.0
)

31
pkg/metadata/vendor/github.com/diskfs/go-diskfs/go.sum generated vendored
View File

@@ -1,31 +0,0 @@
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab h1:h1UgjJdAAhj+uPL68n7XASS6bU+07ZX1WJvVS2eyoeY=
github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab/go.mod h1:GLo/8fDswSAniFG+BFIaiSPcK610jyzgEhWYPQwuQdw=
github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/pierrec/lz4/v4 v4.1.17 h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc=
github.com/pierrec/lz4/v4 v4.1.17/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/djherbis/times.v1 v1.3.0 h1:uxMS4iMtH6Pwsxog094W0FYldiNnfY/xba00vq6C2+o=
gopkg.in/djherbis/times.v1 v1.3.0/go.mod h1:AQlg6unIsrsCEdQYhTzERy542dz6SFdQFZFv6mUY0P8=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

3
pkg/metadata/vendor/github.com/elliotwutingfeng/asciiset/go.mod generated vendored
View File

@@ -1,3 +0,0 @@
module github.com/elliotwutingfeng/asciiset
go 1.11

1
pkg/metadata/vendor/github.com/google/uuid/go.mod generated vendored
View File

@@ -1 +0,0 @@
module github.com/google/uuid

3
pkg/metadata/vendor/github.com/pierrec/lz4/v4/go.mod generated vendored
View File

@@ -1,3 +0,0 @@
module github.com/pierrec/lz4/v4
go 1.14

0
pkg/metadata/vendor/github.com/pierrec/lz4/v4/go.sum generated vendored
View File

5
pkg/metadata/vendor/github.com/pkg/xattr/go.mod generated vendored
View File

@@ -1,5 +0,0 @@
module github.com/pkg/xattr
go 1.14
require golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f

4
pkg/metadata/vendor/github.com/pkg/xattr/go.sum generated vendored
View File

@@ -1,4 +0,0 @@
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1 h1:a/mKvvZr9Jcc8oKfcmgzyp7OwF73JPWsQLvH1z2Kxck=
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f h1:8w7RhxzTVgUzw/AH/9mUV5q0vMgy40SQRursCcfmkCw=
golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

9
pkg/metadata/vendor/github.com/sirupsen/logrus/go.mod generated vendored
View File

@@ -1,9 +0,0 @@
module github.com/sirupsen/logrus
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/stretchr/testify v1.7.0
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8
)
go 1.13

14
pkg/metadata/vendor/github.com/sirupsen/logrus/go.sum generated vendored
View File

@@ -1,14 +0,0 @@
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

3
pkg/metadata/vendor/github.com/ulikunitz/xz/go.mod generated vendored
View File

@@ -1,3 +0,0 @@
module github.com/ulikunitz/xz
go 1.12

13
pkg/metadata/vendor/modules.txt vendored
View File

@@ -1,5 +1,5 @@
# github.com/diskfs/go-diskfs v1.3.1-0.20230612151643-22d22fd7e558
## explicit
## explicit; go 1.19
github.com/diskfs/go-diskfs
github.com/diskfs/go-diskfs/disk
github.com/diskfs/go-diskfs/filesystem
@@ -12,24 +12,29 @@ github.com/diskfs/go-diskfs/partition/mbr
github.com/diskfs/go-diskfs/partition/part
github.com/diskfs/go-diskfs/util
# github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab
## explicit; go 1.11
github.com/elliotwutingfeng/asciiset
# github.com/google/uuid v1.3.0
## explicit
github.com/google/uuid
# github.com/packethost/packngo v0.1.0
## explicit
github.com/packethost/packngo/metadata
# github.com/pierrec/lz4/v4 v4.1.17
## explicit; go 1.14
github.com/pierrec/lz4/v4
github.com/pierrec/lz4/v4/internal/lz4block
github.com/pierrec/lz4/v4/internal/lz4errors
github.com/pierrec/lz4/v4/internal/lz4stream
github.com/pierrec/lz4/v4/internal/xxh32
# github.com/pkg/xattr v0.4.9
## explicit; go 1.14
github.com/pkg/xattr
# github.com/sirupsen/logrus v1.9.0
## explicit
## explicit; go 1.13
github.com/sirupsen/logrus
# github.com/ulikunitz/xz v0.5.11
## explicit; go 1.12
github.com/ulikunitz/xz
github.com/ulikunitz/xz/internal/hash
github.com/ulikunitz/xz/internal/xlog
@@ -42,15 +47,17 @@ github.com/vishvananda/netlink/nl
## explicit
github.com/vishvananda/netns
# github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3
## explicit
## explicit; go 1.12
github.com/vmware/vmw-guestinfo/bdoor
github.com/vmware/vmw-guestinfo/message
github.com/vmware/vmw-guestinfo/rpcout
github.com/vmware/vmw-guestinfo/rpcvmx
github.com/vmware/vmw-guestinfo/vmcheck
# golang.org/x/sys v0.5.0
## explicit; go 1.17
golang.org/x/sys/internal/unsafeheader
golang.org/x/sys/unix
golang.org/x/sys/windows
# gopkg.in/djherbis/times.v1 v1.3.0
## explicit
gopkg.in/djherbis/times.v1

2
projects/clear-containers/clear-containers.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel-clear-containers:4.9.x
cmdline: "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug iommu=off quiet cryptomgr.notests page_poison=on"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
onboot:
- name: sysctl
image: mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c

2
projects/compose/compose-dynamic.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0 page_poison=1"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
projects/compose/compose-static.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0 page_poison=1"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
projects/ima-namespace/ima-namespace.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel-ima:4.11.1-186dd3605ee7b23214850142f8f02b4679dbd148
cmdline: "console=ttyS0 console=tty0 page_poison=1 ima_appraise=enforce_ns"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
projects/landlock/landlock.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: mobylinux/kernel-landlock:4.9.x
cmdline: "console=ttyS0 page_poison=1"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
- mobylinux/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935

2
projects/memorizer/memorizer.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: "linuxkitprojects/kernel-memorizer:4.10_dbg"
cmdline: "console=ttyS0 page_poison=1"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
onboot:

2
projects/miragesdk/examples/fdd.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0 page_poison=1"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
projects/miragesdk/examples/mirage-dhcp.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0 page_poison=1"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
onboot:

2
projects/okernel/examples/okernel_simple.yaml
View File

@@ -2,7 +2,7 @@ kernel:
image: okernel:latest
cmdline: "console=tty0 page_poison=1"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

2
projects/shiftfs/shiftfs.yml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkitprojects/kernel-shiftfs:4.11.4-881a041fc14bd95814cf140b5e98d97dd65160b5
cmdline: "console=ttyS0 console=tty0 page_poison=1"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff

21
src/cmd/linuxkit/Makefile
View File

@@ -1,5 +1,24 @@
VERSION?="v0.0-dev"
# determine the version we save in the build binary
# we always include the git commit.
# the version is the current semver if it this commit matches the tag,
# else it is the following: <tag>-<commits since tag>-<short commit hash>
# if the git tree is dirty, append "-dirty"
# most recent commit
GIT_COMMIT=$(shell git rev-list -1 HEAD)
# whether or not it is dirty, i.e. has uncommitted changes
GIT_DIRTY=$(shell git update-index -q --refresh && git diff-index --quiet HEAD -- . || echo "-dirty")
# most recent tag, might or might not point to GIT_COMMIT
GIT_TAG=$(shell git describe --tags --match="v*")
# include the possible "-dirty" suffix
VERSION=$(GIT_TAG)$(GIT_DIRTY)
report:
@echo "VERSION: $(VERSION)"
@echo "GIT_COMMIT: $(GIT_COMMIT)"
@echo "GIT_DIRTY: $(GIT_DIRTY)"
@echo "GIT_TAG: $(GIT_TAG)"
@echo "VERSION: $(VERSION)"
GO_COMPILE?=linuxkit/go-compile:c97703655e8510b7257ffc57f25e40337b0f0813
export GO_FLAGS=-mod=vendor

74
src/cmd/linuxkit/build.go
View File

@@ -11,6 +11,7 @@ import (
"strings"
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/moby"
mobybuild "github.com/linuxkit/linuxkit/src/cmd/linuxkit/moby/build"
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/spec"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
@@ -52,9 +53,10 @@ func buildCmd() *cobra.Command {
arch string
cacheDir flagOverEnvVarOverDefaultString
buildFormats formatList
outputTypes = moby.OutputTypes()
outputTypes = mobybuild.OutputTypes()
noSbom bool
sbomOutputFilename string
inputTar string
sbomCurrentTime bool
dryRun bool
)
@@ -66,7 +68,7 @@ func buildCmd() *cobra.Command {
The generated image can be in one of multiple formats which can be run on various platforms.
`,
Example: ` linuxkit build [options] <file>[.yml]`,
Args: cobra.ExactArgs(1),
Args: cobra.MinimumNArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
if name == "" && outputFile == "" {
conf := args[len(args)-1]
@@ -93,13 +95,13 @@ The generated image can be in one of multiple formats which can be run on variou
if len(buildFormats) > 1 {
for _, o := range buildFormats {
if moby.Streamable(o) {
return fmt.Errorf("Format type %s must be the only format specified", o)
if mobybuild.Streamable(o) {
return fmt.Errorf("format type %s must be the only format specified", o)
}
}
}
if len(buildFormats) == 1 && moby.Streamable(buildFormats[0]) {
if len(buildFormats) == 1 && mobybuild.Streamable(buildFormats[0]) {
if outputFile == "" {
outputFile = filepath.Join(dir, name+"."+buildFormats[0])
// stop the errors in the validation below
@@ -107,25 +109,29 @@ The generated image can be in one of multiple formats which can be run on variou
dir = ""
}
} else {
err := moby.ValidateFormats(buildFormats, cacheDir.String())
err := mobybuild.ValidateFormats(buildFormats, cacheDir.String())
if err != nil {
return fmt.Errorf("Error parsing formats: %v", err)
return fmt.Errorf("error parsing formats: %v", err)
}
}
if inputTar != "" && pull {
return fmt.Errorf("cannot use --input-tar and --pull together")
}
var outfile *os.File
if outputFile != "" {
if len(buildFormats) > 1 {
return fmt.Errorf("The -output option can only be specified when generating a single output format")
return fmt.Errorf("the -output option can only be specified when generating a single output format")
}
if name != "" {
return fmt.Errorf("The -output option cannot be specified with -name")
return fmt.Errorf("the -output option cannot be specified with -name")
}
if dir != "" {
return fmt.Errorf("The -output option cannot be specified with -dir")
return fmt.Errorf("the -output option cannot be specified with -dir")
}
if !moby.Streamable(buildFormats[0]) {
return fmt.Errorf("The -output option cannot be specified for build type %s as it cannot be streamed", buildFormats[0])
if !mobybuild.Streamable(buildFormats[0]) {
return fmt.Errorf("the -output option cannot be specified for build type %s as it cannot be streamed", buildFormats[0])
}
if outputFile == "-" {
outfile = os.Stdout
@@ -133,7 +139,7 @@ The generated image can be in one of multiple formats which can be run on variou
var err error
outfile, err = os.Create(outputFile)
if err != nil {
log.Fatalf("Cannot open output file: %v", err)
log.Fatalf("cannot open output file: %v", err)
}
defer outfile.Close()
}
@@ -141,7 +147,7 @@ The generated image can be in one of multiple formats which can be run on variou
size, err := getDiskSizeMB(sizeString)
if err != nil {
log.Fatalf("Unable to parse disk size: %v", err)
log.Fatalf("unable to parse disk size: %v", err)
}
var (
@@ -154,25 +160,25 @@ The generated image can be in one of multiple formats which can be run on variou
var err error
config, err = io.ReadAll(os.Stdin)
if err != nil {
return fmt.Errorf("Cannot read stdin: %v", err)
return fmt.Errorf("cannot read stdin: %v", err)
}
} else if strings.HasPrefix(arg, "http://") || strings.HasPrefix(arg, "https://") {
buffer := new(bytes.Buffer)
response, err := http.Get(arg)
if err != nil {
return fmt.Errorf("Cannot fetch remote yaml file: %v", err)
return fmt.Errorf("cannot fetch remote yaml file: %v", err)
}
defer response.Body.Close()
_, err = io.Copy(buffer, response.Body)
if err != nil {
return fmt.Errorf("Error reading http body: %v", err)
return fmt.Errorf("error reading http body: %v", err)
}
config = buffer.Bytes()
} else {
var err error
config, err = os.ReadFile(conf)
if err != nil {
return fmt.Errorf("Cannot open config file: %v", err)
return fmt.Errorf("cannot open config file: %v", err)
}
// templates are only supported for local files
templatesSupported = true
@@ -183,49 +189,54 @@ The generated image can be in one of multiple formats which can be run on variou
}
c, err := moby.NewConfig(config, pkgFinder)
if err != nil {
return fmt.Errorf("Invalid config: %v", err)
return fmt.Errorf("invalid config: %v", err)
}
m, err = moby.AppendConfig(m, c)
if err != nil {
return fmt.Errorf("Cannot append config files: %v", err)
return fmt.Errorf("cannot append config files: %v", err)
}
}
if dryRun {
yml, err := yaml.Marshal(m)
if err != nil {
return fmt.Errorf("Error generating YAML: %v", err)
return fmt.Errorf("error generating YAML: %v", err)
}
fmt.Println(string(yml))
return nil
}
var tf *os.File
var w io.Writer
var (
tf *os.File
w io.Writer
)
if outfile != nil {
w = outfile
} else {
if tf, err = os.CreateTemp("", ""); err != nil {
log.Fatalf("Error creating tempfile: %v", err)
log.Fatalf("error creating tempfile: %v", err)
}
defer os.Remove(tf.Name())
w = tf
}
if inputTar != "" && inputTar == outputFile {
return fmt.Errorf("input-tar and output file cannot be the same")
}
// this is a weird interface, but currently only streamable types can have additional files
// need to split up the base tarball outputs from the secondary stages
var tp string
if moby.Streamable(buildFormats[0]) {
if mobybuild.Streamable(buildFormats[0]) {
tp = buildFormats[0]
}
var sbomGenerator *moby.SbomGenerator
var sbomGenerator *mobybuild.SbomGenerator
if !noSbom {
sbomGenerator, err = moby.NewSbomGenerator(sbomOutputFilename, sbomCurrentTime)
sbomGenerator, err = mobybuild.NewSbomGenerator(sbomOutputFilename, sbomCurrentTime)
if err != nil {
return fmt.Errorf("error creating sbom generator: %v", err)
}
}
err = moby.Build(m, w, moby.BuildOpts{Pull: pull, BuilderType: tp, DecompressKernel: decompressKernel, CacheDir: cacheDir.String(), DockerCache: docker, Arch: arch, SbomGenerator: sbomGenerator})
err = mobybuild.Build(m, w, mobybuild.BuildOpts{Pull: pull, BuilderType: tp, DecompressKernel: decompressKernel, CacheDir: cacheDir.String(), DockerCache: docker, Arch: arch, SbomGenerator: sbomGenerator, InputTar: inputTar})
if err != nil {
return fmt.Errorf("%v", err)
}
@@ -233,13 +244,13 @@ The generated image can be in one of multiple formats which can be run on variou
if outfile == nil {
image := tf.Name()
if err := tf.Close(); err != nil {
return fmt.Errorf("Error closing tempfile: %v", err)
return fmt.Errorf("error closing tempfile: %v", err)
}
log.Infof("Create outputs:")
err = moby.Formats(filepath.Join(dir, name), image, buildFormats, size, arch, cacheDir.String())
err = mobybuild.Formats(filepath.Join(dir, name), image, buildFormats, size, arch, cacheDir.String())
if err != nil {
return fmt.Errorf("Error writing outputs: %v", err)
return fmt.Errorf("error writing outputs: %v", err)
}
}
return nil
@@ -255,6 +266,7 @@ The generated image can be in one of multiple formats which can be run on variou
cmd.Flags().BoolVar(&decompressKernel, "decompress-kernel", false, "Decompress the Linux kernel (default false)")
cmd.Flags().StringVar(&arch, "arch", runtime.GOARCH, "target architecture for which to build")
cmd.Flags().VarP(&buildFormats, "format", "f", "Formats to create [ "+strings.Join(outputTypes, " ")+" ]")
cmd.Flags().StringVar(&inputTar, "input-tar", "", "path to tar from previous linuxkit build to use as input; if provided, will take files from images from this tar, using OCI images only to replace or update files. Always copies to a temporary working directory to avoid overwriting. Only works if input-tar file has the linuxkit.yaml used to build it in the exact same location. Incompatible with --pull")
cacheDir = flagOverEnvVarOverDefaultString{def: defaultLinuxkitCache(), envVar: envVarCacheDir}
cmd.Flags().Var(&cacheDir, "cache", fmt.Sprintf("Directory for caching and finding cached image, overrides env var %s", envVarCacheDir))
cmd.Flags().BoolVar(&noSbom, "no-sbom", false, "suppress consolidation of sboms on input container images to a single sbom and saving in the output filesystem")

189
src/cmd/linuxkit/cache/source.go vendored
View File

@@ -1,6 +1,7 @@
package cache
import (
"archive/tar"
"bytes"
"encoding/json"
"fmt"
@@ -9,10 +10,12 @@ import (
"github.com/containerd/containerd/reference"
"github.com/google/go-containerregistry/pkg/name"
v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/empty"
"github.com/google/go-containerregistry/pkg/v1/match"
"github.com/google/go-containerregistry/pkg/v1/mutate"
"github.com/google/go-containerregistry/pkg/v1/partial"
"github.com/google/go-containerregistry/pkg/v1/tarball"
"github.com/google/go-containerregistry/pkg/v1/types"
intoto "github.com/in-toto/in-toto-golang/in_toto"
lktspec "github.com/linuxkit/linuxkit/src/cmd/linuxkit/spec"
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/util"
@@ -21,6 +24,9 @@ import (
const (
inTotoJsonMediaType = "application/vnd.in-toto+json"
layoutFile = `{
"imageLayoutVersion": "1.0.0"
}`
)
// ImageSource a source for an image in the OCI distribution cache.
@@ -111,6 +117,189 @@ func (c ImageSource) V1TarReader(overrideName string) (io.ReadCloser, error) {
return r, nil
}
// OCITarReader return an io.ReadCloser to read the image as a v1 tarball
func (c ImageSource) OCITarReader(overrideName string) (io.ReadCloser, error) {
imageName := c.ref.String()
saveName := imageName
if overrideName != "" {
saveName = overrideName
}
refName, err := name.ParseReference(saveName)
if err != nil {
return nil, fmt.Errorf("error parsing image name: %v", err)
}
// get a reference to the image
image, err := c.provider.findImage(imageName, c.architecture)
if err != nil {
return nil, err
}
// convert the writer to a reader
r, w := io.Pipe()
go func() {
defer w.Close()
tw := tar.NewWriter(w)
defer tw.Close()
// layout file
layoutFileBytes := []byte(layoutFile)
if err := tw.WriteHeader(&tar.Header{
Name: "oci-layout",
Mode: 0644,
Size: int64(len(layoutFileBytes)),
Typeflag: tar.TypeReg,
}); err != nil {
_ = w.CloseWithError(err)
return
}
if _, err := tw.Write(layoutFileBytes); err != nil {
_ = w.CloseWithError(err)
return
}
// make blobs directory
if err := tw.WriteHeader(&tar.Header{
Name: "blobs/",
Mode: 0755,
Typeflag: tar.TypeDir,
}); err != nil {
_ = w.CloseWithError(err)
return
}
// make blobs/sha256 directory
if err := tw.WriteHeader(&tar.Header{
Name: "blobs/sha256/",
Mode: 0755,
Typeflag: tar.TypeDir,
}); err != nil {
_ = w.CloseWithError(err)
return
}
// write config, each layer, manifest, saving the digest for each
config, err := image.RawConfigFile()
if err != nil {
_ = w.CloseWithError(err)
return
}
configDigest, configSize, err := v1.SHA256(bytes.NewReader(config))
if err != nil {
_ = w.CloseWithError(err)
return
}
if err := tw.WriteHeader(&tar.Header{
Name: fmt.Sprintf("blobs/sha256/%s", configDigest.Hex),
Mode: 0644,
Typeflag: tar.TypeReg,
Size: configSize,
}); err != nil {
_ = w.CloseWithError(err)
return
}
if _, err := tw.Write(config); err != nil {
_ = w.CloseWithError(err)
return
}
layers, err := image.Layers()
if err != nil {
_ = w.CloseWithError(err)
return
}
for _, layer := range layers {
blob, err := layer.Compressed()
if err != nil {
_ = w.CloseWithError(err)
return
}
defer blob.Close()
blobDigest, err := layer.Digest()
if err != nil {
_ = w.CloseWithError(err)
return
}
blobSize, err := layer.Size()
if err != nil {
_ = w.CloseWithError(err)
return
}
if err := tw.WriteHeader(&tar.Header{
Name: fmt.Sprintf("blobs/sha256/%s", blobDigest.Hex),
Mode: 0644,
Size: blobSize,
Typeflag: tar.TypeReg,
}); err != nil {
_ = w.CloseWithError(err)
return
}
if _, err := io.Copy(tw, blob); err != nil {
_ = w.CloseWithError(err)
return
}
}
// write the manifest
manifest, err := image.RawManifest()
if err != nil {
_ = w.CloseWithError(err)
return
}
manifestDigest, manifestSize, err := v1.SHA256(bytes.NewReader(manifest))
if err != nil {
_ = w.CloseWithError(err)
return
}
if err := tw.WriteHeader(&tar.Header{
Name: fmt.Sprintf("blobs/sha256/%s", manifestDigest.Hex),
Mode: 0644,
Size: int64(len(manifest)),
Typeflag: tar.TypeReg,
}); err != nil {
_ = w.CloseWithError(err)
return
}
if _, err := tw.Write(manifest); err != nil {
_ = w.CloseWithError(err)
return
}
// write the index file
desc := v1.Descriptor{
MediaType: types.OCIImageIndex,
Size: manifestSize,
Digest: manifestDigest,
Annotations: map[string]string{
imagespec.AnnotationRefName: refName.String(),
},
}
ii := empty.Index
index, err := ii.IndexManifest()
if err != nil {
_ = w.CloseWithError(err)
return
}
index.Manifests = append(index.Manifests, desc)
rawIndex, err := json.MarshalIndent(index, "", " ")
if err != nil {
_ = w.CloseWithError(err)
return
}
// write the index
if err := tw.WriteHeader(&tar.Header{
Name: "index.json",
Mode: 0644,
Size: int64(len(rawIndex)),
}); err != nil {
_ = w.CloseWithError(err)
return
}
if _, err := tw.Write(rawIndex); err != nil {
_ = w.CloseWithError(err)
return
}
}()
return r, nil
}
// Descriptor return the descriptor of the image.
func (c ImageSource) Descriptor() *v1.Descriptor {
return c.descriptor

7
src/cmd/linuxkit/cache/write.go vendored
View File

@@ -20,6 +20,7 @@ import (
"github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/google/go-containerregistry/pkg/v1/types"
lktspec "github.com/linuxkit/linuxkit/src/cmd/linuxkit/spec"
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/util"
lktutil "github.com/linuxkit/linuxkit/src/cmd/linuxkit/util"
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
log "github.com/sirupsen/logrus"
@@ -41,6 +42,12 @@ const (
// Note that ImagePull does try ValidateImage first, so if the image is already in the cache, it will not
// do any network activity at all.
func (p *Provider) ImagePull(ref *reference.Spec, trustedRef, architecture string, alwaysPull bool) (lktspec.ImageSource, error) {
imageName := util.ReferenceExpand(ref.String())
canonicalRef, err := reference.Parse(imageName)
if err != nil {
return ImageSource{}, fmt.Errorf("invalid image name %s: %v", imageName, err)
}
ref = &canonicalRef
image := ref.String()
pullImageName := image
remoteOptions := []remote.Option{remote.WithAuthFromKeychain(authn.DefaultKeychain)}

10
src/cmd/linuxkit/cache_export.go
View File

@@ -45,12 +45,18 @@ func cacheExportCmd() *cobra.Command {
src := p.NewSource(&ref, arch, desc)
var reader io.ReadCloser
switch format {
case "oci":
case "docker":
fullTagName := fullname
if tagName != "" {
fullTagName = util.ReferenceExpand(tagName)
}
reader, err = src.V1TarReader(fullTagName)
case "oci":
fullTagName := fullname
if tagName != "" {
fullTagName = util.ReferenceExpand(tagName)
}
reader, err = src.OCITarReader(fullTagName)
case "filesystem":
reader, err = src.TarReader()
default:
@@ -84,7 +90,7 @@ func cacheExportCmd() *cobra.Command {
cmd.Flags().StringVar(&arch, "arch", runtime.GOARCH, "Architecture to resolve an index to an image, if the provided image name is an index")
cmd.Flags().StringVar(&outputFile, "outfile", "", "Path to file to save output, '-' for stdout")
cmd.Flags().StringVar(&format, "format", "oci", "export format, one of 'oci', 'filesystem'")
cmd.Flags().StringVar(&format, "format", "oci", "export format, one of 'oci' (OCI tar), 'docker' (docker tar), 'filesystem'")
cmd.Flags().StringVar(&tagName, "name", "", "override the provided image name in the exported tar file; useful only for format=oci")
return cmd

6
src/cmd/linuxkit/docker/cmd.go
View File

@@ -10,7 +10,7 @@ import (
"github.com/containerd/containerd/reference"
"github.com/docker/cli/cli/connhelper"
dockertypes "github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/client"
log "github.com/sirupsen/logrus"
)
@@ -85,7 +85,7 @@ func Create(image string, withNetwork bool) (string, error) {
return "", errors.New("could not initialize Docker API client")
}
// we do not ever run the container, so /dev/null is used as command
config := &container.Config{
config := &containertypes.Config{
Cmd: []string{"/dev/null"},
Image: image,
NetworkDisabled: !withNetwork,
@@ -128,7 +128,7 @@ func Rm(container string) error {
if err != nil {
return errors.New("could not initialize Docker API client")
}
if err = cli.ContainerRemove(context.Background(), container, dockertypes.ContainerRemoveOptions{}); err != nil {
if err = cli.ContainerRemove(context.Background(), container, containertypes.RemoveOptions{}); err != nil {
return err
}
log.Debugf("docker rm: %s...Done", container)

5
src/cmd/linuxkit/docker/source.go
View File

@@ -86,6 +86,11 @@ func (d ImageSource) V1TarReader(overrideName string) (io.ReadCloser, error) {
return Save(saveName)
}
// OCITarReader return an io.ReadCloser to read the save of the image
func (d ImageSource) OCITarReader(overrideName string) (io.ReadCloser, error) {
return nil, fmt.Errorf("unsupported")
}
// Descriptor return the descriptor of the image.
func (d ImageSource) Descriptor() *v1.Descriptor {
return nil

148
src/cmd/linuxkit/go.mod
View File

@@ -1,6 +1,6 @@
module github.com/linuxkit/linuxkit/src/cmd/linuxkit
go 1.19
go 1.21
require (
github.com/Azure/azure-sdk-for-go v56.3.0+incompatible
@@ -8,105 +8,110 @@ require (
github.com/Azure/go-autorest/autorest v0.11.24
github.com/Azure/go-autorest/autorest/adal v0.9.18
github.com/Azure/go-autorest/autorest/to v0.4.0
github.com/Microsoft/go-winio v0.5.2
github.com/Microsoft/go-winio v0.6.1
github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681
github.com/aws/aws-sdk-go v1.44.82
github.com/containerd/containerd v1.6.18
github.com/docker/buildx v0.8.2
github.com/docker/cli v23.0.0-rc.1+incompatible
github.com/docker/docker v23.0.0-rc.1+incompatible
github.com/containerd/containerd v1.7.15
github.com/docker/buildx v0.14.1
github.com/docker/cli v26.1.3+incompatible
github.com/docker/docker v26.0.0+incompatible
github.com/docker/go-units v0.5.0
github.com/estesp/manifest-tool/v2 v2.0.7-0.20230216152337-24a86fc0b513
github.com/google/go-containerregistry v0.6.1-0.20211105150418-5c9c442d5d68
github.com/google/uuid v1.3.0
github.com/google/go-containerregistry v0.14.0
github.com/google/uuid v1.6.0
github.com/gophercloud/gophercloud v0.1.0
github.com/gophercloud/utils v0.0.0-20181029231510-34f5991525d1
github.com/hashicorp/go-version v1.2.0
github.com/klauspost/pgzip v1.2.5
github.com/moby/buildkit v0.11.1
github.com/moby/buildkit v0.13.2
github.com/moby/hyperkit v0.0.0-20180416161519-d65b09c1c28a
//github.com/moby/moby v20.10.3-0.20220728162118-71cb54cec41e+incompatible // indirect
github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6
github.com/moby/term v0.5.0
github.com/moby/vpnkit v0.4.1-0.20200311130018-2ffc1dd8a84e
github.com/moul/gotty-client v1.7.1-0.20180526075433-e5589f6df359
github.com/opencontainers/image-spec v1.1.0-rc2
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
github.com/packethost/packngo v0.1.1-0.20171201154433-f1be085ecd6f
github.com/opencontainers/image-spec v1.1.0-rc5
github.com/opencontainers/runtime-spec v1.1.0
github.com/pkg/term v1.1.0
github.com/radu-matei/azure-sdk-for-go v5.0.0-beta.0.20161118192335-3b1282355199+incompatible
github.com/radu-matei/azure-vhd-utils v0.0.0-20170531165126-e52754d5569d
github.com/rn/iso9660wrap v0.0.0-20171120145750-baf8d62ad315
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.6
github.com/sirupsen/logrus v1.9.0
github.com/stretchr/testify v1.8.4
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.9.0
github.com/surma/gocpio v1.0.2-0.20160926205914-fcb68777e7dc
github.com/vmware/govmomi v0.20.3
github.com/xeipuuv/gojsonschema v1.2.0
golang.org/x/crypto v0.2.0
golang.org/x/net v0.4.0
golang.org/x/oauth2 v0.1.0
golang.org/x/sync v0.1.0
golang.org/x/sys v0.3.0
golang.org/x/term v0.3.0
google.golang.org/api v0.84.0
golang.org/x/crypto v0.21.0
golang.org/x/net v0.23.0
golang.org/x/oauth2 v0.11.0
golang.org/x/sync v0.6.0
golang.org/x/sys v0.18.0
golang.org/x/term v0.18.0
google.golang.org/api v0.128.0
gopkg.in/yaml.v2 v2.4.0
)
require (
github.com/Code-Hex/vz/v3 v3.0.0
github.com/equinix/equinix-sdk-go v0.42.0
github.com/in-toto/in-toto-golang v0.5.0
github.com/spdx/tools-golang v0.5.3
github.com/spf13/cobra v1.6.1
github.com/spf13/cobra v1.8.0
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
gopkg.in/yaml.v3 v3.0.1
)
require (
cloud.google.com/go/compute v1.7.0 // indirect
cloud.google.com/go/compute v1.23.1 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/Azure/go-autorest v14.2.1-0.20210115164004-c0fe8b0fea3d+incompatible // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/Microsoft/hcsshim v0.9.6 // indirect
github.com/Microsoft/hcsshim v0.11.4 // indirect
github.com/agext/levenshtein v1.2.3 // indirect
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
github.com/containerd/cgroups v1.0.4 // indirect
github.com/containerd/console v1.0.3 // indirect
github.com/containerd/continuity v0.3.0 // indirect
github.com/containerd/fifo v1.0.0 // indirect
github.com/containerd/nydus-snapshotter v0.3.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.13.0 // indirect
github.com/containerd/ttrpc v1.1.0 // indirect
github.com/containerd/typeurl v1.0.2 // indirect
github.com/containerd/console v1.0.4 // indirect
github.com/containerd/continuity v0.4.3 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
github.com/containerd/ttrpc v1.2.3 // indirect
github.com/containerd/typeurl/v2 v2.1.1 // indirect
github.com/creack/goselect v0.0.0-20180501195510-58854f77ee8d // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
github.com/docker/distribution v2.8.1+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/docker/go-connections v0.4.1-0.20190612165340-fd1b1942c4d5 // indirect
github.com/felixge/httpsnoop v1.0.2 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/distribution/reference v0.5.0 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.0 // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/gofrs/flock v0.8.1 // indirect
github.com/gogo/googleapis v1.4.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/s2a-go v0.1.4 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa // indirect
github.com/googleapis/gax-go/v2 v2.4.0 // indirect
github.com/gorilla/websocket v1.4.2 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
github.com/inconshreveable/mousetrap v1.0.1 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/klauspost/compress v1.15.12 // indirect
github.com/klauspost/compress v1.17.4 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/patternmatcher v0.5.0 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
@@ -114,30 +119,31 @@ require (
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/secure-systems-lab/go-securesystemslib v0.4.0 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/smartystreets/goconvey v1.8.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/tonistiigi/fsutil v0.0.0-20230105215944-fb433841cbfa // indirect
github.com/tonistiigi/fsutil v0.0.0-20240424095704-91a3fc46842c // indirect
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f // indirect
github.com/vbatts/tar-split v0.11.2 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
github.com/tonistiigi/vt100 v0.0.0-20230623042737-f9a4f7ef6531 // indirect
github.com/vbatts/tar-split v0.11.5 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
go.opencensus.io v0.23.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.29.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.29.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 // indirect
go.opentelemetry.io/otel v1.4.1 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.1 // indirect
go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect
go.opentelemetry.io/otel/metric v0.27.0 // indirect
go.opentelemetry.io/otel/sdk v1.4.1 // indirect
go.opentelemetry.io/otel/trace v1.4.1 // indirect
go.opentelemetry.io/proto/otlp v0.12.0 // indirect
golang.org/x/mod v0.6.0 // indirect
golang.org/x/text v0.5.0 // indirect
golang.org/x/time v0.1.0 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
go.opentelemetry.io/otel v1.21.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/sdk v1.21.0 // indirect
go.opentelemetry.io/otel/trace v1.21.0 // indirect
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.17.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20220706185917-7780775163c4 // indirect
google.golang.org/grpc v1.50.1 // indirect
google.golang.org/protobuf v1.28.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/grpc v1.59.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
)

2269
src/cmd/linuxkit/go.sum
View File

File diff suppressed because it is too large Load Diff

16
src/cmd/linuxkit/moby/apk_tarwriter.go
View File

@@ -8,17 +8,21 @@ import (
// apkTarWriter apk-aware tar writer that consolidates installed database, so that
// it can be called multiple times and will do the union of all such databases,
// rather than overwriting the previous one.
// Useful only for things that write to the base filesystem, i.e. init, since everything
// else is inside containers.
const apkInstalledPath = "lib/apk/db/installed"
type apkTarWriter struct {
*tar.Writer
dbs [][]byte
current *bytes.Buffer
dbs [][]byte
current *bytes.Buffer
location string
}
func newAPKTarWriter(w *tar.Writer) *apkTarWriter {
func NewAPKTarWriter(w *tar.Writer, location string) *apkTarWriter {
return &apkTarWriter{
Writer: w,
Writer: w,
location: location,
}
}
@@ -67,6 +71,10 @@ func (a *apkTarWriter) WriteAPKDB() error {
Gid: 0,
Typeflag: tar.TypeReg,
Size: int64(size),
PAXRecords: map[string]string{
PaxRecordLinuxkitSource: "LINUXKIT.apkinit",
PaxRecordLinuxkitLocation: a.location,
},
}
if err := a.Writer.WriteHeader(hdr); err != nil {
return err

319
src/cmd/linuxkit/moby/build.go → src/cmd/linuxkit/moby/build/build.go
View File

@@ -1,4 +1,4 @@
package moby
package build
import (
"archive/tar"
@@ -18,6 +18,7 @@ import (
"github.com/containerd/containerd/reference"
// drop-in 100% compatible replacement and 17% faster than compress/gzip.
gzip "github.com/klauspost/pgzip"
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/moby"
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/util"
log "github.com/sirupsen/logrus"
"gopkg.in/yaml.v2"
@@ -83,7 +84,7 @@ func OutputTypes() []string {
return ts
}
func outputImage(image *Image, section string, prefix string, m Moby, idMap map[string]uint32, dupMap map[string]string, iw *tar.Writer, opts BuildOpts) error {
func outputImage(image *moby.Image, section string, index int, prefix string, m moby.Moby, idMap map[string]uint32, dupMap map[string]string, iw *tar.Writer, opts BuildOpts) error {
log.Infof(" Create OCI config for %s", image.Image)
imageName := util.ReferenceExpand(image.Image)
ref, err := reference.Parse(imageName)
@@ -92,31 +93,32 @@ func outputImage(image *Image, section string, prefix string, m Moby, idMap map[
}
src, err := imagePull(&ref, opts.Pull, opts.CacheDir, opts.DockerCache, opts.Arch)
if err != nil {
return fmt.Errorf("Could not pull image %s: %v", image.Image, err)
return fmt.Errorf("could not pull image %s: %v", image.Image, err)
}
configRaw, err := src.Config()
if err != nil {
return fmt.Errorf("Failed to retrieve config for %s: %v", image.Image, err)
return fmt.Errorf("failed to retrieve config for %s: %v", image.Image, err)
}
oci, runtime, err := ConfigToOCI(image, configRaw, idMap)
oci, runtime, err := moby.ConfigToOCI(image, configRaw, idMap)
if err != nil {
return fmt.Errorf("Failed to create OCI spec for %s: %v", image.Image, err)
return fmt.Errorf("failed to create OCI spec for %s: %v", image.Image, err)
}
config, err := json.MarshalIndent(oci, "", " ")
if err != nil {
return fmt.Errorf("Failed to create config for %s: %v", image.Image, err)
return fmt.Errorf("failed to create config for %s: %v", image.Image, err)
}
path := path.Join("containers", section, prefix+image.Name)
readonly := oci.Root.Readonly
err = ImageBundle(path, image.ref, config, runtime, iw, readonly, dupMap, opts)
err = ImageBundle(path, fmt.Sprintf("%s[%d]", section, index), image.Ref(), config, runtime, iw, readonly, dupMap, opts)
if err != nil {
return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err)
return fmt.Errorf("failed to extract root filesystem for %s: %v", image.Image, err)
}
return nil
}
// Build performs the actual build process
func Build(m Moby, w io.Writer, opts BuildOpts) error {
// Build performs the actual build process. The output is the filesystem
// in a tar stream written to w.
func Build(m moby.Moby, w io.Writer, opts BuildOpts) error {
if MobyDir == "" {
MobyDir = defaultMobyConfigDir()
}
@@ -126,6 +128,57 @@ func Build(m Moby, w io.Writer, opts BuildOpts) error {
return err
}
// find the Moby config file from the existing tar
var metadataLocation string
if m.Files != nil {
for _, f := range m.Files {
if f.Metadata == "" {
continue
}
metadataLocation = strings.TrimPrefix(f.Path, "/")
}
}
var (
oldConfig *moby.Moby
in *os.File
err error
)
if metadataLocation != "" && opts.InputTar != "" {
// copy the file over, in case it ends up being the same output
in, err = os.Open(opts.InputTar)
if err != nil {
return fmt.Errorf("failed to open input tar: %w", err)
}
defer in.Close()
if _, err := in.Seek(0, 0); err != nil {
return fmt.Errorf("failed to seek to beginning of tmpfile: %w", err)
}
// read the tar until we find the metadata file
inputTarReader := tar.NewReader(in)
for {
hdr, err := inputTarReader.Next()
if err == io.EOF {
break
}
if err != nil {
return fmt.Errorf("failed to read input tar: %w", err)
}
if strings.TrimPrefix(hdr.Name, "/") == metadataLocation {
buf := new(bytes.Buffer)
if _, err := buf.ReadFrom(inputTarReader); err != nil {
return fmt.Errorf("failed to read metadata file from input tar: %w", err)
}
config, err := moby.NewConfig(buf.Bytes(), nil)
if err != nil {
return fmt.Errorf("invalid config in existing tar file: %v", err)
}
oldConfig = &config
break
}
}
}
// do we have an inTar
iw := tar.NewWriter(w)
// add additions
@@ -150,17 +203,29 @@ func Build(m Moby, w io.Writer, opts BuildOpts) error {
// deduplicate containers with the same image
dupMap := map[string]string{}
if m.Kernel.ref != nil {
// get kernel and initrd tarball and ucode cpio archive from container
log.Infof("Extract kernel image: %s", m.Kernel.ref)
kf := newKernelFilter(iw, m.Kernel.Cmdline, m.Kernel.Binary, m.Kernel.Tar, m.Kernel.UCode, opts.DecompressKernel)
err := ImageTar(m.Kernel.ref, "", kf, "", opts)
if err != nil {
return fmt.Errorf("Failed to extract kernel image and tarball: %v", err)
}
err = kf.Close()
if err != nil {
return fmt.Errorf("Close error: %v", err)
kernelRef := m.Kernel.Ref()
var oldKernelRef *reference.Spec
if oldConfig != nil {
oldKernelRef = oldConfig.Kernel.Ref()
}
if kernelRef != nil {
// first check if the existing one had it
if oldKernelRef != nil && oldKernelRef.String() == kernelRef.String() {
if err := extractPackageFilesFromTar(in, iw, kernelRef.String(), "kernel"); err != nil {
return err
}
} else {
// get kernel and initrd tarball and ucode cpio archive from container
log.Infof("Extract kernel image: %s", m.Kernel.Ref())
kf := newKernelFilter(kernelRef, iw, m.Kernel.Cmdline, m.Kernel.Binary, m.Kernel.Tar, m.Kernel.UCode, opts.DecompressKernel)
err := ImageTar("kernel", kernelRef, "", kf, "", opts)
if err != nil {
return fmt.Errorf("failed to extract kernel image and tarball: %v", err)
}
err = kf.Close()
if err != nil {
return fmt.Errorf("close error: %v", err)
}
}
}
@@ -168,12 +233,23 @@ func Build(m Moby, w io.Writer, opts BuildOpts) error {
if len(m.Init) != 0 {
log.Infof("Add init containers:")
}
apkTar := newAPKTarWriter(iw)
for _, ii := range m.initRefs {
log.Infof("Process init image: %s", ii)
err := ImageTar(ii, "", apkTar, resolvconfSymlink, opts)
if err != nil {
return fmt.Errorf("failed to build init tarball from %s: %v", ii, err)
apkTar := moby.NewAPKTarWriter(iw, "init")
initRefs := m.InitRefs()
var oldInitRefs []*reference.Spec
if oldConfig != nil {
oldInitRefs = oldConfig.InitRefs()
}
for i, ii := range initRefs {
if len(oldInitRefs) > i && oldInitRefs[i].String() == ii.String() {
if err := extractPackageFilesFromTar(in, apkTar, ii.String(), fmt.Sprintf("init[%d]", i)); err != nil {
return err
}
} else {
log.Infof("Process init image: %s", ii)
err := ImageTar(fmt.Sprintf("init[%d]", i), ii, "", apkTar, resolvconfSymlink, opts)
if err != nil {
return fmt.Errorf("failed to build init tarball from %s: %v", ii, err)
}
}
}
if err := apkTar.WriteAPKDB(); err != nil {
@@ -184,9 +260,15 @@ func Build(m Moby, w io.Writer, opts BuildOpts) error {
log.Infof("Add onboot containers:")
}
for i, image := range m.Onboot {
so := fmt.Sprintf("%03d", i)
if err := outputImage(image, "onboot", so+"-", m, idMap, dupMap, iw, opts); err != nil {
return err
if oldConfig != nil && len(oldConfig.Onboot) > i && oldConfig.Onboot[i].Equal(image) {
if err := extractPackageFilesFromTar(in, iw, image.Image, fmt.Sprintf("onboot[%d]", i)); err != nil {
return err
}
} else {
so := fmt.Sprintf("%03d", i)
if err := outputImage(image, "onboot", i, so+"-", m, idMap, dupMap, iw, opts); err != nil {
return err
}
}
}
@@ -194,24 +276,35 @@ func Build(m Moby, w io.Writer, opts BuildOpts) error {
log.Infof("Add onshutdown containers:")
}
for i, image := range m.Onshutdown {
so := fmt.Sprintf("%03d", i)
if err := outputImage(image, "onshutdown", so+"-", m, idMap, dupMap, iw, opts); err != nil {
return err
if oldConfig != nil && len(oldConfig.Onshutdown) > i && oldConfig.Onshutdown[i].Equal(image) {
if err := extractPackageFilesFromTar(in, iw, image.Image, fmt.Sprintf("onshutdown[%d]", i)); err != nil {
return err
}
} else {
so := fmt.Sprintf("%03d", i)
if err := outputImage(image, "onshutdown", i, so+"-", m, idMap, dupMap, iw, opts); err != nil {
return err
}
}
}
if len(m.Services) != 0 {
log.Infof("Add service containers:")
}
for _, image := range m.Services {
if err := outputImage(image, "services", "", m, idMap, dupMap, iw, opts); err != nil {
return err
for i, image := range m.Services {
if oldConfig != nil && len(oldConfig.Services) > i && oldConfig.Services[i].Equal(image) {
if err := extractPackageFilesFromTar(in, iw, image.Image, fmt.Sprintf("services[%d]", i)); err != nil {
return err
}
} else {
if err := outputImage(image, "services", i, "", m, idMap, dupMap, iw, opts); err != nil {
return err
}
}
}
// add files
err := filesystem(m, iw, idMap)
if err != nil {
if err := filesystem(m, iw, idMap); err != nil {
return fmt.Errorf("failed to add filesystem parts: %v", err)
}
@@ -252,9 +345,10 @@ type kernelFilter struct {
foundKernel bool
foundKTar bool
foundUCode bool
ref *reference.Spec
}
func newKernelFilter(tw *tar.Writer, cmdline string, kernel string, tar, ucode *string, decompressKernel bool) *kernelFilter {
func newKernelFilter(ref *reference.Spec, tw *tar.Writer, cmdline string, kernel string, tar, ucode *string, decompressKernel bool) *kernelFilter {
tarName, kernelName, ucodeName := "kernel.tar", "kernel", ""
if tar != nil {
tarName = *tar
@@ -268,7 +362,7 @@ func newKernelFilter(tw *tar.Writer, cmdline string, kernel string, tar, ucode *
if ucode != nil {
ucodeName = *ucode
}
return &kernelFilter{tw: tw, cmdline: cmdline, kernel: kernelName, tar: tarName, ucode: ucodeName, decompressKernel: decompressKernel}
return &kernelFilter{ref: ref, tw: tw, cmdline: cmdline, kernel: kernelName, tar: tarName, ucode: ucodeName, decompressKernel: decompressKernel}
}
func (k *kernelFilter) finishTar() error {
@@ -299,7 +393,7 @@ func (k *kernelFilter) finishTar() error {
}
tr := tar.NewReader(k.buffer)
err := tarAppend(k.tw, tr)
err := tarAppend(k.ref, k.tw, tr)
k.buffer = nil
return err
}
@@ -348,11 +442,12 @@ func (k *kernelFilter) WriteHeader(hdr *tar.Header) error {
// If we handled the ucode, /boot already exist.
if !k.foundUCode {
whdr := &tar.Header{
Name: "boot",
Mode: 0755,
Typeflag: tar.TypeDir,
ModTime: defaultModTime,
Format: tar.FormatPAX,
Name: "boot",
Mode: 0755,
Typeflag: tar.TypeDir,
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: hdr.PAXRecords,
}
if err := tw.WriteHeader(whdr); err != nil {
return err
@@ -360,11 +455,12 @@ func (k *kernelFilter) WriteHeader(hdr *tar.Header) error {
}
// add the cmdline in /boot/cmdline
whdr := &tar.Header{
Name: "boot/cmdline",
Mode: 0644,
Size: int64(len(k.cmdline)),
ModTime: defaultModTime,
Format: tar.FormatPAX,
Name: "boot/cmdline",
Mode: 0644,
Size: int64(len(k.cmdline)),
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: hdr.PAXRecords,
}
if err := tw.WriteHeader(whdr); err != nil {
return err
@@ -375,11 +471,12 @@ func (k *kernelFilter) WriteHeader(hdr *tar.Header) error {
}
// Stash the kernel header and prime the buffer for the kernel
k.hdr = &tar.Header{
Name: "boot/kernel",
Mode: hdr.Mode,
Size: hdr.Size,
ModTime: defaultModTime,
Format: tar.FormatPAX,
Name: "boot/kernel",
Mode: hdr.Mode,
Size: hdr.Size,
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: hdr.PAXRecords,
}
k.buffer = new(bytes.Buffer)
case k.tar:
@@ -392,22 +489,24 @@ func (k *kernelFilter) WriteHeader(hdr *tar.Header) error {
// If we handled the kernel, /boot already exist.
if !k.foundKernel {
whdr := &tar.Header{
Name: "boot",
Mode: 0755,
Typeflag: tar.TypeDir,
ModTime: defaultModTime,
Format: tar.FormatPAX,
Name: "boot",
Mode: 0755,
Typeflag: tar.TypeDir,
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: hdr.PAXRecords,
}
if err := tw.WriteHeader(whdr); err != nil {
return err
}
}
whdr := &tar.Header{
Name: "boot/ucode.cpio",
Mode: hdr.Mode,
Size: hdr.Size,
ModTime: defaultModTime,
Format: tar.FormatPAX,
Name: "boot/ucode.cpio",
Mode: hdr.Mode,
Size: hdr.Size,
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: hdr.PAXRecords,
}
if err := tw.WriteHeader(whdr); err != nil {
return err
@@ -419,7 +518,7 @@ func (k *kernelFilter) WriteHeader(hdr *tar.Header) error {
return nil
}
func tarAppend(iw *tar.Writer, tr *tar.Reader) error {
func tarAppend(ref *reference.Spec, iw *tar.Writer, tr *tar.Reader) error {
for {
hdr, err := tr.Next()
if err == io.EOF {
@@ -428,6 +527,12 @@ func tarAppend(iw *tar.Writer, tr *tar.Reader) error {
if err != nil {
return err
}
hdr.Format = tar.FormatPAX
if hdr.PAXRecords == nil {
hdr.PAXRecords = make(map[string]string)
}
hdr.PAXRecords[moby.PaxRecordLinuxkitSource] = ref.String()
hdr.PAXRecords[moby.PaxRecordLinuxkitLocation] = "kernel"
err = iw.WriteHeader(hdr)
if err != nil {
return err
@@ -478,7 +583,7 @@ func decompressKernel(src *bytes.Buffer) (*bytes.Buffer, error) {
versionMajor := int(s[versionIdx])
versionMinor := int(s[versionIdx+1])
if versionMajor < 2 && versionMinor < 8 {
return nil, fmt.Errorf("Unsupported bzImage version: %d.%d", versionMajor, versionMinor)
return nil, fmt.Errorf("unsupported bzImage version: %d.%d", versionMajor, versionMinor)
}
setupSectors := uint32(s[setupSectorsIdx])
@@ -488,7 +593,7 @@ func decompressKernel(src *bytes.Buffer) (*bytes.Buffer, error) {
log.Debugf("bzImage: Payload at Offset: %d Length: %d", payloadOff, payloadLen)
if len(s) < int(payloadOff+payloadLen) {
return nil, fmt.Errorf("Compressed bzImage payload exceeds size of image")
return nil, fmt.Errorf("compressed bzImage payload exceeds size of image")
}
if bytes.HasPrefix(s[payloadOff:], []byte(gzipMagic)) {
@@ -496,10 +601,10 @@ func decompressKernel(src *bytes.Buffer) (*bytes.Buffer, error) {
return gunzip(bytes.NewBuffer(s[payloadOff : payloadOff+payloadLen]))
}
// TODO(rn): Add more supported formats
return nil, fmt.Errorf("Unsupported bzImage payload format at offset %d", payloadOff)
return nil, fmt.Errorf("unsupported bzImage payload format at offset %d", payloadOff)
}
return nil, fmt.Errorf("No compressed kernel or no supported format found")
return nil, fmt.Errorf("no compressed kernel or no supported format found")
}
func gunzip(src *bytes.Buffer) (*bytes.Buffer, error) {
@@ -520,30 +625,30 @@ func gunzip(src *bytes.Buffer) (*bytes.Buffer, error) {
}
// this allows inserting metadata into a file in the image
func metadata(m Moby, md string) ([]byte, error) {
func metadata(m moby.Moby, md string) ([]byte, error) {
// Make sure the Image strings are update to date with the refs
updateImages(&m)
moby.UpdateImages(&m)
switch md {
case "json":
return json.MarshalIndent(m, "", " ")
case "yaml":
return yaml.Marshal(m)
default:
return []byte{}, fmt.Errorf("Unsupported metadata type: %s", md)
return []byte{}, fmt.Errorf("unsupported metadata type: %s", md)
}
}
func filesystem(m Moby, tw *tar.Writer, idMap map[string]uint32) error {
func filesystem(m moby.Moby, tw *tar.Writer, idMap map[string]uint32) error {
// TODO also include the files added in other parts of the build
var addedFiles = map[string]bool{}
if len(m.Files) != 0 {
log.Infof("Add files:")
}
for _, f := range m.Files {
for filecount, f := range m.Files {
log.Infof(" %s", f.Path)
if f.Path == "" {
return errors.New("Did not specify path for file")
return errors.New("did not specify path for file")
}
// tar archives should not have absolute paths
if f.Path[0] == '/' {
@@ -557,7 +662,7 @@ func filesystem(m Moby, tw *tar.Writer, idMap map[string]uint32) error {
var err error
mode, err = strconv.ParseInt(f.Mode, 8, 32)
if err != nil {
return fmt.Errorf("Cannot parse file mode as octal value: %v", err)
return fmt.Errorf("cannot parse file mode as octal value: %v", err)
}
}
dirMode := mode
@@ -571,11 +676,11 @@ func filesystem(m Moby, tw *tar.Writer, idMap map[string]uint32) error {
dirMode |= 0001
}
uid, err := idNumeric(f.UID, idMap)
uid, err := moby.IDNumeric(f.UID, idMap)
if err != nil {
return err
}
gid, err := idNumeric(f.GID, idMap)
gid, err := moby.IDNumeric(f.GID, idMap)
if err != nil {
return err
}
@@ -586,10 +691,10 @@ func filesystem(m Moby, tw *tar.Writer, idMap map[string]uint32) error {
}
if !f.Directory && f.Symlink == "" && f.Contents == nil {
if f.Source == "" && f.Metadata == "" {
return fmt.Errorf("Contents of file (%s) not specified", f.Path)
return fmt.Errorf("contents of file (%s) not specified", f.Path)
}
if f.Source != "" && f.Metadata != "" {
return fmt.Errorf("Specified Source and Metadata for file: %s", f.Path)
return fmt.Errorf("specified Source and Metadata for file: %s", f.Path)
}
if f.Source != "" {
source := f.Source
@@ -600,7 +705,7 @@ func filesystem(m Moby, tw *tar.Writer, idMap map[string]uint32) error {
_, err := os.Stat(source)
if err != nil {
// skip if not found or readable
log.Debugf("Skipping file [%s] as not readable and marked optional", source)
log.Debugf("skipping file [%s] as not readable and marked optional", source)
continue
}
}
@@ -617,10 +722,10 @@ func filesystem(m Moby, tw *tar.Writer, idMap map[string]uint32) error {
}
} else {
if f.Metadata != "" {
return fmt.Errorf("Specified Contents and Metadata for file: %s", f.Path)
return fmt.Errorf("specified Contents and Metadata for file: %s", f.Path)
}
if f.Source != "" {
return fmt.Errorf("Specified Contents and Source for file: %s", f.Path)
return fmt.Errorf("specified Contents and Source for file: %s", f.Path)
}
}
// we need all the leading directories
@@ -644,6 +749,10 @@ func filesystem(m Moby, tw *tar.Writer, idMap map[string]uint32) error {
Uid: int(uid),
Gid: int(gid),
Format: tar.FormatPAX,
PAXRecords: map[string]string{
moby.PaxRecordLinuxkitSource: "linuxkit.files",
moby.PaxRecordLinuxkitLocation: fmt.Sprintf("files[%d]", filecount),
},
}
err := tw.WriteHeader(hdr)
if err != nil {
@@ -660,10 +769,14 @@ func filesystem(m Moby, tw *tar.Writer, idMap map[string]uint32) error {
Uid: int(uid),
Gid: int(gid),
Format: tar.FormatPAX,
PAXRecords: map[string]string{
moby.PaxRecordLinuxkitSource: "linuxkit.files",
moby.PaxRecordLinuxkitLocation: fmt.Sprintf("files[%d]", filecount),
},
}
if f.Directory {
if f.Contents != nil {
return errors.New("Directory with contents not allowed")
return errors.New("directory with contents not allowed")
}
hdr.Typeflag = tar.TypeDir
err := tw.WriteHeader(hdr)
@@ -691,3 +804,35 @@ func filesystem(m Moby, tw *tar.Writer, idMap map[string]uint32) error {
}
return nil
}
// extractPackageFilesFromTar reads files from the input tar and extracts those that have the correct
// PAXRecords - keys and values - to the tarWriter.
func extractPackageFilesFromTar(inTar *os.File, tw tarWriter, image, section string) error {
log.Infof("Copy %s files from input tar: %s", section, image)
// copy kernel files over
if _, err := inTar.Seek(0, 0); err != nil {
return fmt.Errorf("failed to seek to beginning of input tar: %w", err)
}
tr := tar.NewReader(inTar)
for {
hdr, err := tr.Next()
if err == io.EOF {
break
}
if err != nil {
return fmt.Errorf("failed to read input tar: %w", err)
}
if hdr.PAXRecords == nil {
continue
}
if hdr.PAXRecords[moby.PaxRecordLinuxkitSource] == image && hdr.PAXRecords[moby.PaxRecordLinuxkitLocation] == section {
if err := tw.WriteHeader(hdr); err != nil {
return fmt.Errorf("failed to write header: %w", err)
}
if _, err := io.Copy(tw, tr); err != nil {
return fmt.Errorf("failed to copy %s file: %w", section, err)
}
}
}
return nil
}

2
src/cmd/linuxkit/moby/util.go → src/cmd/linuxkit/moby/build/dir.go
View File

@@ -1,4 +1,4 @@
package moby
package build
import (
"path/filepath"

2
src/cmd/linuxkit/moby/docker.go → src/cmd/linuxkit/moby/build/docker.go
View File

@@ -1,4 +1,4 @@
package moby
package build
// We want to replace much of this with use of containerd tools
// and also using the Docker API not shelling out

59
src/cmd/linuxkit/moby/image.go → src/cmd/linuxkit/moby/build/image.go
View File

@@ -1,4 +1,4 @@
package moby
package build
import (
"archive/tar"
@@ -10,6 +10,7 @@ import (
"strings"
"github.com/containerd/containerd/reference"
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/moby"
"github.com/opencontainers/runtime-spec/specs-go"
log "github.com/sirupsen/logrus"
)
@@ -140,7 +141,8 @@ var touch = map[string]tar.Header{
}
// tarPrefix creates the leading directories for a path
func tarPrefix(path string, tw tarWriter) error {
// path is the path to prefix, location is where this appears in the linuxkit.yaml file
func tarPrefix(path, location string, ref *reference.Spec, tw tarWriter) error {
if path == "" {
return nil
}
@@ -160,6 +162,10 @@ func tarPrefix(path string, tw tarWriter) error {
ModTime: defaultModTime,
Typeflag: tar.TypeDir,
Format: tar.FormatPAX,
PAXRecords: map[string]string{
moby.PaxRecordLinuxkitSource: ref.String(),
moby.PaxRecordLinuxkitLocation: location,
},
}
if err := tw.WriteHeader(hdr); err != nil {
return err
@@ -170,13 +176,14 @@ func tarPrefix(path string, tw tarWriter) error {
}
// ImageTar takes a Docker image and outputs it to a tar stream
func ImageTar(ref *reference.Spec, prefix string, tw tarWriter, resolv string, opts BuildOpts) (e error) {
// location is where it is in the linuxkit.yaml file
func ImageTar(location string, ref *reference.Spec, prefix string, tw tarWriter, resolv string, opts BuildOpts) (e error) {
log.Debugf("image tar: %s %s", ref, prefix)
if prefix != "" && prefix[len(prefix)-1] != '/' {
return fmt.Errorf("prefix does not end with /: %s", prefix)
}
err := tarPrefix(prefix, tw)
err := tarPrefix(prefix, location, ref, tw)
if err != nil {
return err
}
@@ -185,12 +192,12 @@ func ImageTar(ref *reference.Spec, prefix string, tw tarWriter, resolv string, o
// If pull==true, then it always tries to pull from registry.
src, err := imagePull(ref, opts.Pull, opts.CacheDir, opts.DockerCache, opts.Arch)
if err != nil {
return fmt.Errorf("Could not pull image %s: %v", ref, err)
return fmt.Errorf("could not pull image %s: %v", ref, err)
}
contents, err := src.TarReader()
if err != nil {
return fmt.Errorf("Could not unpack image %s: %v", ref, err)
return fmt.Errorf("could not unpack image %s: %v", ref, err)
}
defer contents.Close()
@@ -214,6 +221,12 @@ func ImageTar(ref *reference.Spec, prefix string, tw tarWriter, resolv string, o
// force PAX format, since it allows for unlimited Name/Linkname
// and we move all files below prefix.
hdr.Format = tar.FormatPAX
// ensure we record the source of the file in the PAX header
if hdr.PAXRecords == nil {
hdr.PAXRecords = make(map[string]string)
}
hdr.PAXRecords[moby.PaxRecordLinuxkitSource] = ref.String()
hdr.PAXRecords[moby.PaxRecordLinuxkitLocation] = location
if exclude[hdr.Name] {
log.Debugf("image tar: %s %s exclude %s", ref, prefix, hdr.Name)
_, err = io.Copy(io.Discard, tr)
@@ -286,6 +299,12 @@ func ImageTar(ref *reference.Spec, prefix string, tw tarWriter, resolv string, o
continue
}
hdr := touch[name]
// ensure that we record the source of the file
if hdr.PAXRecords == nil {
hdr.PAXRecords = make(map[string]string)
}
hdr.PAXRecords[moby.PaxRecordLinuxkitSource] = ref.String()
hdr.PAXRecords[moby.PaxRecordLinuxkitLocation] = location
origName := hdr.Name
hdr.Name = prefix + origName
hdr.Format = tar.FormatPAX
@@ -329,7 +348,7 @@ func ImageTar(ref *reference.Spec, prefix string, tw tarWriter, resolv string, o
}
// ImageBundle produces an OCI bundle at the given path in a tarball, given an image and a config.json
func ImageBundle(prefix string, ref *reference.Spec, config []byte, runtime Runtime, tw tarWriter, readonly bool, dupMap map[string]string, opts BuildOpts) error { // nolint: lll
func ImageBundle(prefix, location string, ref *reference.Spec, config []byte, runtime moby.Runtime, tw tarWriter, readonly bool, dupMap map[string]string, opts BuildOpts) error { // nolint: lll
// if read only, just unpack in rootfs/ but otherwise set up for overlay
rootExtract := "rootfs"
if !readonly {
@@ -340,12 +359,12 @@ func ImageBundle(prefix string, ref *reference.Spec, config []byte, runtime Runt
root := path.Join(prefix, rootExtract)
var foundElsewhere = dupMap[ref.String()] != ""
if !foundElsewhere {
if err := ImageTar(ref, root+"/", tw, "", opts); err != nil {
if err := ImageTar(location, ref, root+"/", tw, "", opts); err != nil {
return err
}
dupMap[ref.String()] = root
} else {
if err := tarPrefix(prefix+"/", tw); err != nil {
if err := tarPrefix(prefix+"/", location, ref, tw); err != nil {
return err
}
root = dupMap[ref.String()]
@@ -357,6 +376,10 @@ func ImageBundle(prefix string, ref *reference.Spec, config []byte, runtime Runt
Size: int64(len(config)),
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: map[string]string{
moby.PaxRecordLinuxkitSource: ref.String(),
moby.PaxRecordLinuxkitLocation: location,
},
}
if err := tw.WriteHeader(hdr); err != nil {
return err
@@ -375,6 +398,10 @@ func ImageBundle(prefix string, ref *reference.Spec, config []byte, runtime Runt
Typeflag: tar.TypeDir,
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: map[string]string{
moby.PaxRecordLinuxkitSource: ref.String(),
moby.PaxRecordLinuxkitLocation: location,
},
}
if err := tw.WriteHeader(hdr); err != nil {
return err
@@ -386,6 +413,10 @@ func ImageBundle(prefix string, ref *reference.Spec, config []byte, runtime Runt
Typeflag: tar.TypeDir,
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: map[string]string{
moby.PaxRecordLinuxkitSource: ref.String(),
moby.PaxRecordLinuxkitLocation: location,
},
}
if err := tw.WriteHeader(hdr); err != nil {
return err
@@ -406,6 +437,10 @@ func ImageBundle(prefix string, ref *reference.Spec, config []byte, runtime Runt
Typeflag: tar.TypeDir,
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: map[string]string{
moby.PaxRecordLinuxkitSource: ref.String(),
moby.PaxRecordLinuxkitLocation: location,
},
}
if err := tw.WriteHeader(hdr); err != nil {
return err
@@ -424,7 +459,7 @@ func ImageBundle(prefix string, ref *reference.Spec, config []byte, runtime Runt
// write the runtime config
runtimeConfig, err := json.MarshalIndent(runtime, "", " ")
if err != nil {
return fmt.Errorf("Failed to create runtime config for %s: %v", ref, err)
return fmt.Errorf("failed to create runtime config for %s: %v", ref, err)
}
hdr = &tar.Header{
@@ -433,6 +468,10 @@ func ImageBundle(prefix string, ref *reference.Spec, config []byte, runtime Runt
Size: int64(len(runtimeConfig)),
ModTime: defaultModTime,
Format: tar.FormatPAX,
PAXRecords: map[string]string{
moby.PaxRecordLinuxkitSource: ref.String(),
moby.PaxRecordLinuxkitLocation: location,
},
}
if err := tw.WriteHeader(hdr); err != nil {
return err

2
src/cmd/linuxkit/moby/images.go → src/cmd/linuxkit/moby/build/images.go
View File

@@ -1,4 +1,4 @@
package moby
package build
import (
"github.com/containerd/containerd/reference"

0
src/cmd/linuxkit/moby/images.yaml → src/cmd/linuxkit/moby/build/images.yaml
View File

5
src/cmd/linuxkit/moby/linuxkit.go → src/cmd/linuxkit/moby/build/linuxkit.go
View File

@@ -1,4 +1,4 @@
package moby
package build
import (
"crypto/sha256"
@@ -13,6 +13,7 @@ import (
"path/filepath"
"runtime"
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/moby"
log "github.com/sirupsen/logrus"
)
@@ -43,7 +44,7 @@ func ensureLinuxkitImage(name, cache string) error {
yaml := linuxkitYaml[name]
m, err := NewConfig([]byte(yaml), nil)
m, err := moby.NewConfig([]byte(yaml), nil)
if err != nil {
return err
}

2
src/cmd/linuxkit/moby/mkimage.yaml → src/cmd/linuxkit/moby/build/mkimage.yaml
View File

@@ -2,7 +2,7 @@ kernel:
image: linuxkit/kernel:6.6.13
cmdline: "console=ttyS0"
init:
- linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
- linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
onboot:
- name: mkimage

3
src/cmd/linuxkit/moby/opts.go → src/cmd/linuxkit/moby/build/opts.go
View File

@@ -1,4 +1,4 @@
package moby
package build
// BuildOpts options that control the linuxkit build process
type BuildOpts struct {
@@ -9,4 +9,5 @@ type BuildOpts struct {
DockerCache bool
Arch string
SbomGenerator *SbomGenerator
InputTar string
}

2
src/cmd/linuxkit/moby/output.go → src/cmd/linuxkit/moby/build/output.go
View File

@@ -1,4 +1,4 @@
package moby
package build
import (
"archive/tar"

2
src/cmd/linuxkit/moby/sbom.go → src/cmd/linuxkit/moby/build/sbom.go
View File

@@ -1,4 +1,4 @@
package moby
package build
import (
"archive/tar"

44
src/cmd/linuxkit/moby/config.go
View File

@@ -1,6 +1,7 @@
package moby
import (
"bytes"
"fmt"
"os"
"sort"
@@ -30,6 +31,10 @@ type Moby struct {
initRefs []*reference.Spec
}
func (m Moby) InitRefs() []*reference.Spec {
return m.initRefs
}
// KernelConfig is the type of the config for a kernel
type KernelConfig struct {
Image string `yaml:"image" json:"image"`
@@ -41,6 +46,10 @@ type KernelConfig struct {
ref *reference.Spec
}
func (k KernelConfig) Ref() *reference.Spec {
return k.ref
}
// File is the type of a file specification
type File struct {
Path string `yaml:"path" json:"path"`
@@ -62,6 +71,27 @@ type Image struct {
ImageConfig `yaml:",inline"`
}
// Equal check if another Image is functionally equal to this one.
// Takes the easy path by marshaling both into yaml and then comparing the yaml.
// There may be a more efficient way to do this, but this is simplest.
func (i *Image) Equal(o *Image) bool {
// if we are going to compare, we must canonicalized both image names
i0 := i
i0.Image = util.ReferenceExpand(i.Image)
iy, err := yaml.Marshal(i0)
if err != nil {
return false
}
o0 := o
o0.Image = util.ReferenceExpand(o.Image)
oy, err := yaml.Marshal(o)
if err != nil {
return false
}
return bytes.Equal(iy, oy)
}
// ImageConfig is the configuration part of Image, it is the subset
// which is valid in a "org.mobyproject.config" label on an image.
// Everything except Runtime and ref is used to build the OCI spec
@@ -105,6 +135,10 @@ type ImageConfig struct {
ref *reference.Spec
}
func (i ImageConfig) Ref() *reference.Spec {
return i.ref
}
// Device specifies a device to be exposed to the container.
type Device struct {
Path string `yaml:"path" json:"path"`
@@ -215,7 +249,7 @@ func extractReferences(m *Moby) error {
return nil
}
func updateImages(m *Moby) {
func UpdateImages(m *Moby) {
if m.Kernel.ref != nil {
m.Kernel.Image = m.Kernel.ref.String()
}
@@ -667,7 +701,7 @@ func getAllCapabilities() []string {
var allCaps = getAllCapabilities()
func idNumeric(v interface{}, idMap map[string]uint32) (uint32, error) {
func IDNumeric(v interface{}, idMap map[string]uint32) (uint32, error) {
switch id := v.(type) {
case nil:
return uint32(0), nil
@@ -962,17 +996,17 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin
uidIf := assignInterface(label.UID, yaml.UID)
gidIf := assignInterface(label.GID, yaml.GID)
agIf := assignInterfaceArray(label.AdditionalGids, yaml.AdditionalGids)
uid, err := idNumeric(uidIf, idMap)
uid, err := IDNumeric(uidIf, idMap)
if err != nil {
return oci, runtime, err
}
gid, err := idNumeric(gidIf, idMap)
gid, err := IDNumeric(gidIf, idMap)
if err != nil {
return oci, runtime, err
}
var additionalGroups []uint32
for _, id := range agIf {
ag, err := idNumeric(id, idMap)
ag, err := IDNumeric(id, idMap)
if err != nil {
return oci, runtime, err
}

9
src/cmd/linuxkit/moby/const.go Normal file
View File

@@ -0,0 +1,9 @@
package moby
const (
// PaxRecordLinuxkitSource report the package source for a specific file
PaxRecordLinuxkitSource = "LINUXKIT.source"
// PaxRecordLinuxkitLocation report the location of the file in the linuxkit.yaml
// that led to this file being in this location
PaxRecordLinuxkitLocation = "LINUXKIT.location"
)

10
src/cmd/linuxkit/moby/schema.go
View File

@@ -60,7 +60,15 @@ var schema = `
"destination": { "type": "string" },
"type": { "type": "string" },
"source": { "type": "string" },
"options": { "$ref": "#/definitions/strings" }
"options": { "$ref": "#/definitions/strings" },
"uidmappings": {
"type": "array",
"items": { "$ref": "#/definitions/idmapping" }
},
"gidmappings": {
"type": "array",
"items": { "$ref": "#/definitions/idmapping" }
}
}
},
"mounts": {

8
src/cmd/linuxkit/pkglib/build.go
View File

@@ -431,6 +431,14 @@ func (p Pkg) Build(bos ...BuildOpt) error {
if _, ok := imageBuildOpts.BuildArgs["GOPKGVERSION"]; !ok && goPkgVersion != "" {
imageBuildOpts.BuildArgs["GOPKGVERSION"] = &goPkgVersion
}
if _, ok := imageBuildOpts.BuildArgs["PKG_HASH"]; !ok && p.Hash() != "" {
ret := p.Hash()
imageBuildOpts.BuildArgs["PKG_HASH"] = &ret
}
if _, ok := imageBuildOpts.BuildArgs["PKG_IMAGE"]; !ok && p.Image() != "" {
ret := p.Image()
imageBuildOpts.BuildArgs["PKG_IMAGE"] = &ret
}
// build for each arch and save in the linuxkit cache
for _, platform := range platformsToBuild {

9
src/cmd/linuxkit/pkglib/build_test.go
View File

@@ -494,6 +494,15 @@ func (c cacheMockerSource) V1TarReader(overrideName string) (io.ReadCloser, erro
_, _ = rand.Read(b)
return io.NopCloser(bytes.NewReader(b)), nil
}
func (c cacheMockerSource) OCITarReader(overrideName string) (io.ReadCloser, error) {
_, found := c.c.images[c.ref.String()]
if !found {
return nil, fmt.Errorf("no image found with ref: %s", c.ref.String())
}
b := make([]byte, 256)
_, _ = rand.Read(b)
return io.NopCloser(bytes.NewReader(b)), nil
}
func (c cacheMockerSource) Descriptor() *registry.Descriptor {
return c.descriptor
}

19
src/cmd/linuxkit/pkglib/docker.go
View File

@@ -30,12 +30,13 @@ import (
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/spec"
"github.com/linuxkit/linuxkit/src/cmd/linuxkit/util"
buildkitClient "github.com/moby/buildkit/client"
"github.com/moby/buildkit/frontend/dockerui"
"github.com/moby/buildkit/util/progress/progressui"
// golint requires comments on non-main(test)
// package for blank import
_ "github.com/moby/buildkit/client/connhelper/dockercontainer"
_ "github.com/moby/buildkit/client/connhelper/ssh"
"github.com/moby/buildkit/frontend/dockerfile/builder"
"github.com/moby/buildkit/frontend/dockerfile/instructions"
"github.com/moby/buildkit/frontend/dockerfile/parser"
"github.com/moby/buildkit/frontend/dockerfile/shell"
@@ -193,7 +194,7 @@ func (dr *dockerRunnerImpl) versionCheck(version string) (string, string, error)
return clientVersionString, serverVersionString, nil
}
// contextCheck checks if contexts are supported. This is necessary because github uses some strange versions
// contextSupportCheck checks if contexts are supported. This is necessary because github uses some strange versions
// of docker in Actions, which makes it difficult to tell if context is supported.
// See https://github.community/t/what-really-is-docker-3-0-6/16171
func (dr *dockerRunnerImpl) contextSupportCheck() error {
@@ -473,8 +474,8 @@ func (dr *dockerRunnerImpl) build(ctx context.Context, tag, pkg, dockerfile, doc
solveOpts.Session = append(solveOpts.Session, up)
} else {
solveOpts.LocalDirs = map[string]string{
builder.DefaultLocalNameDockerfile: pkg,
builder.DefaultLocalNameContext: pkg,
dockerui.DefaultLocalNameDockerfile: pkg,
dockerui.DefaultLocalNameContext: pkg,
}
}
frontendAttrs["filename"] = dockerfile
@@ -561,10 +562,14 @@ func (dr *dockerRunnerImpl) build(ctx context.Context, tag, pkg, dockerfile, doc
ctx2, cancel := context.WithCancel(context.TODO())
defer cancel()
if progressType == "" {
progressType = "auto"
buildkitProgressType := progressui.DisplayMode(progressType)
if buildkitProgressType == progressui.DefaultMode {
buildkitProgressType = progressui.AutoMode
}
printer, err := progress.NewPrinter(ctx2, os.Stderr, buildkitProgressType)
if err != nil {
return fmt.Errorf("unable to create progress printer: %v", err)
}
printer := progress.NewPrinter(ctx2, os.Stderr, os.Stderr, progressType)
pw := progress.WithPrefix(printer, "", false)
ch, done := progress.NewChannel(pw)
defer func() { <-done }()

7
src/cmd/linuxkit/pkglib/pkglib.go
View File

@@ -55,7 +55,7 @@ type PkglibConfig struct {
Tag string // Tag is a text/template string, defaults to {{.Hash}}
}
// NewPkInfo returns a new pkgInfo with default values
// NewPkgInfo returns a new pkgInfo with default values
func NewPkgInfo() pkgInfo {
return pkgInfo{
Org: "linuxkit",
@@ -317,6 +317,11 @@ func (p Pkg) Tag() string {
return p.org + "/" + p.image + ":" + t
}
// Image returns the image name without the tag
func (p Pkg) Image() string {
return p.org + "/" + p.image
}
// FullTag returns a reference expanded tag
func (p Pkg) FullTag() string {
return util.ReferenceExpand(p.Tag())

Some files were not shown because too many files have changed in this diff Show More