github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-03-19 13:25:31 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: github:v1.4.0
Branches Tags
github:master
github:v1.8.2 github:v1.8.1 github:pkg-v1.2.0 github:v1.8.0 github:v1.7.1 github:pkg-v1.1.0 github:v1.7.0 github:v1.6.5 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.6.0 github:v1.5.3 github:v1.5.2 github:v1.5.1 github:v1.5.0 github:v1.4.0 github:v1.3.0 github:pkg-v1.0.0 github:v1.2.0 github:v1.0.1 github:v1.0.0 github:v0.8.1 github:v0.8 github:v0.7 github:v0.6 github:v0.5 github:v0.4 github:v0.3 github:v0.2
...
compare: github:pkg-v1.2.0
Branches Tags
github:master
github:v1.8.2 github:v1.8.1 github:pkg-v1.2.0 github:v1.8.0 github:v1.7.1 github:pkg-v1.1.0 github:v1.7.0 github:v1.6.5 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.6.0 github:v1.5.3 github:v1.5.2 github:v1.5.1 github:v1.5.0 github:v1.4.0 github:v1.3.0 github:pkg-v1.0.0 github:v1.2.0 github:v1.0.1 github:v1.0.0 github:v0.8.1 github:v0.8 github:v0.7 github:v0.6 github:v0.5 github:v0.4 github:v0.3 github:v0.2

116 Commits
v1.4.0 ... pkg-v1.2.0

Author SHA1 Message Date
Avi Deitcher
41cafa3cc3 bump runc to v1.3.0 and containerd to v2.1.4 (#4165) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-08-28 21:05:06 +03:00
Avi Deitcher
8d19b25408 add support for pkg build dry-run (#4163) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-08-28 13:35:52 +03:00
Avi Deitcher
c3228fb526 erofs output (#4162) 
* add erofs as output option

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* unify nearly identical functions

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-08-28 10:34:53 +03:00
Avi Deitcher
506d11f06d bump alpine; add erofs-utils package (#4161) 
* bump alpine to 3.22; include erofs-utils

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* tools/alpine: Update to latest

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* tools: Update to the latest linuxkit/alpine

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* Update use of tools to latest

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* Update use of test packages to latest

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* pkgs: Update packages to the latest linuxkit/alpine

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* Update package tags

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* fix scaleway error

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-08-27 19:07:26 +03:00
Avi Deitcher
5cd48735d5 update debian for binfmt (#4159) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-08-14 16:35:56 +03:00
Avi Deitcher
cacc2bbb8e simplify sharding in package tests for CI; increase to 12 shards (#4158) 
* simplify sharding in package tests for CI; increase to 12 shards

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* for CI setup-go action, determine it based on go.mod file

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-08-13 16:02:36 +03:00
Avi Deitcher
999110c6de add support for dynamically calculated build arg sets (#4156) 2025-08-13 12:33:52 +03:00
Avi Deitcher
1caf2feffc add support for custom build args (#4155) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-08-11 11:58:17 +03:00
Avi Deitcher
3d9bb9a128 add support for specifying additional certificates (#4153) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-07-31 19:36:10 +03:00
Avi Deitcher
1d3a8235a9 option to pull down required images from to the cache, so that buildkit never gets them over the network (#4149) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-07-27 19:07:20 +03:00
Avi Deitcher
ef68e7bcd5 provide mirror support (#4148) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-07-27 19:06:36 +03:00
Avi Deitcher
eae788724a check lock when reading cache provider index (#4147) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-07-21 22:14:59 +02:00
Avi Deitcher
bc44cb899c fix registry auth (#4146) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-07-15 14:07:20 +03:00
Avi Deitcher
33ee27971d for pkg build builder, copy config over rather than bind-mounting it (#4145) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-07-13 21:18:00 +03:00
Avi Deitcher
fa246722e2 add missing CRLF in log message (#4144) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-07-13 17:30:59 +03:00
Avi Deitcher
c0c5668116 swap 'pkg push' for 'pkg build --push', keeping 'pkg push' as deprecated but still working (#4141) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-07-04 18:00:28 +03:00
Avi Deitcher
2b4687338b add support for pkg build authentication (#4137) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-07-02 18:52:05 +03:00
Avi Deitcher
940c1b7b3b simplify cache locking (#4136) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-06-30 20:58:50 +03:00
Daniel S.
818bccf20f docs: Add instructions for OCI export from Docker (#4135) 
Signed-off-by: Daniel Smith <daniel@razorsecure.com>
 2025-06-30 16:27:54 +03:00
Avi Deitcher
50120bce2d ensure that new index does not break on missing lock file (#4134) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-06-27 11:01:43 +03:00
Avi Deitcher
254aefc953 check for dirty tree without update-index, which is not parallel-safe (#4133) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-06-26 19:53:13 +03:00
Avi Deitcher
4df360d62d Centralize safe cache writes (#4132) 
* centralize all writing of the index.json to one place

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* create filelock utility

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* leverage file locks for cache index.json

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-06-26 19:02:49 +03:00
christoph-zededa
3f54a80824 git: synchronize update-index with a mutex (#4130) 
if `pkglib.NewFromConfig` is used in parallel, it calls
```
git -C /some/directory update-index -q --refresh
```
in parallel.

But `git` does not like this and exits with 128.

This can be easily tried with:
```
git -C /some/dir update-index -q --refresh & \
git -C /some/dir update-index -q --refresh
```

Signed-off-by: Christoph Ostarek <christoph@zededa.com>
 2025-06-25 21:59:47 +03:00
Avi Deitcher
d45d3e8c6e more builder race condition; do restart if could not remove, and only go via container ID (#4129) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-06-25 21:21:51 +03:00
Avi Deitcher
5a13eda661 Bump buildkit (#4128) 
* bump buildkit to v0.23.1

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* bump buldkit library and deps to v0.23.1

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-06-25 14:07:15 +03:00
Avi Deitcher
18a76198dd pkg build: handle race condition where builder is started at same time (#4127) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-06-25 10:09:46 +03:00
Carsten Munk
b42e1a8bab feat: add riscv64 as supported arch (#4124) 
this makes kernel+squashfs flow work for risc64

Signed-off-by: Carsten Munk <carsten@zippie.com>
 2025-06-23 12:21:59 +03:00
Avi Deitcher
89a95f958e when updating an index, remove sboms or other manifests that reference unknown digests (#4117) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-05-02 13:56:37 +03:00
Avi Deitcher
7a129b6e8d bump golangci-lint to v2.0.2 and update all lint issues (#4116) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-04-09 17:53:20 +03:00
Chris Irrgang
ec70c1246f add efi_gop module to grub (#4113) 
* add efi_gop module to grub

fixes #4075

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* bump grub-dev package hash

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* bump grub package hash

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* bump mkimage hashes

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

---------

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
 2025-03-11 21:13:19 +02:00
Avi Deitcher
14c29db5c2 Containerd v2.0.3 (#4112) 
* containerd to semver v2.0.3

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* containerd v2.0.3 plus commits to fix blkdiscard

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update containerd-dev dependencies

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* updated pkg/init and pkg/containerd deps

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-03-06 17:12:07 +02:00
Avi Deitcher
198db9089f containerd 20 (#4100) 
* bump containerd-dev to 2.0.2

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update pkg/init libs to containerd-20

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* bump linuxkit CLI containerd deps to 20

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update test/pkg/containerd to work with containerd v2.x tests

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update containerd-dev deps

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update pkg/init and pkg/containerd dependencies

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update test/pkg/containerd deps

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-02-24 18:40:56 +02:00
Avi Deitcher
1d96f04934 Buildkit builder 0.20.0 (#4110) 
* bump buildkit version to 0.20.0

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update library dependency of buildkit to v0.20.0

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-02-23 17:51:21 +02:00
Avi Deitcher
5dbd8082fb bump golangci-lint-action (#4109) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-02-23 16:40:29 +02:00
Avi Deitcher
2053d17564 Enable riscv64 default (#4108) 
* include riscv64 in target architectures

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* add riscv64 to explicit packages

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* cadvisor update to v0.51.0 and support for riscv64

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update tools based on latest

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* updated example dependencies of tools

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* bump all test cases and example alpine:3.19 to alpine:3.21

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-02-23 13:37:06 +02:00
Avi Deitcher
18e7eea86f riscv64 kernel (#4106) 
* add riscv64 kernels to kernel/Makefile and kernel/Dockerfile.*, riscv64 kernel config, bump alpine version for kernel builds

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update bcc to v0.32.0 to include needed fixes

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* bump kernel builder alpine base to version including llvm19

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* in kernel-bcc, automatically determine python path

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* in kernel-perf, suppress newer gcc errors

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* riscv path in kernel build was incorrect

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* remove bcc compilation from kernel

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update usages of kernel/6.6.13 to kernel/6.6.71

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* next run of updating kernel config

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* update test dependencies on kernel hash version

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-02-21 11:10:35 +02:00
Avi Deitcher
efb139697e always tee test linuxkit run to tty, so if it gets stuck, we see why (#4107) 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-02-19 19:41:06 +02:00
Avi Deitcher
76b519705b Add alpine bcc tools (#4105) 
* Update linuxkit/alpine

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* tools/alpine: Update to latest

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* tools: Update to the latest linuxkit/alpine

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* Update use of tools to latest

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* tests: Update packages to the latest linuxkit/alpine

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* Update use of test packages to latest

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* pkgs: Update packages to the latest linuxkit/alpine

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* Update package tags

Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-02-17 11:12:49 +02:00
Chris Irrgang
7ac34a6aec pkg/extend fix panic for empty partition tables (#4101) 
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
 2025-01-30 15:55:14 +02:00
Chris Irrgang
66ca00915a Try resizing all found devices (#4099) 
* Try resizing all found devices

fixes #4098

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* Update package tags of pkg/extend

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

---------

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
 2025-01-27 11:24:45 +02:00
Chris Irrgang
fd6839d0fe Fix raw efi build image size calculation (#4097) 
fixes #4095

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
 2025-01-27 10:26:18 +02:00
Avi Deitcher
9398785bec Merge pull request #4094 from deitch/alpine-llvm-update 
Update llvm in alpine and downstream
 2025-01-15 21:36:39 +02:00
Avi Deitcher
fd778c4d95 Update use of test packages to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 17:31:39 +02:00
Avi Deitcher
caf39bbfff Update use of tools to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 17:31:19 +02:00
Avi Deitcher
53cb098008 add riscv64 to mkimage-qcow2-efi 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 17:25:31 +02:00
Avi Deitcher
da2988c634 Update use of test packages to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 15:58:15 +02:00
Avi Deitcher
4aa891d564 Update use of tools to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 15:58:01 +02:00
Avi Deitcher
5c2e62d2b9 Update package tags 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 14:59:47 +02:00
Avi Deitcher
ed42bcdd5e pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 14:59:27 +02:00
Avi Deitcher
f1117657eb Update use of test packages to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 14:59:18 +02:00
Avi Deitcher
9b5742fe4b tests: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 14:59:10 +02:00
Avi Deitcher
d83a55fce3 Update use of tools to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 14:59:08 +02:00
Avi Deitcher
084e2a08bc tools: Update to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 14:58:59 +02:00
Avi Deitcher
bdda3d0ad3 tools/alpine: Update to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 14:56:21 +02:00
Avi Deitcher
c4d88d66db Update linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-15 14:41:33 +02:00
Avi Deitcher
5e3e7cc077 Merge pull request #4093 from deitch/unify-alpine-packages 
add missing riscv64 packages
 2025-01-12 11:06:35 +02:00
Avi Deitcher
95fcdc3fe0 node_exporter to v1.8.2 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-12 09:51:01 +02:00
Avi Deitcher
0b677673b5 Update package tags 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-10 10:56:54 +02:00
Avi Deitcher
3e2df7ec19 pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-10 10:56:32 +02:00
Avi Deitcher
0edde24ef6 Update use of test packages to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-10 10:56:23 +02:00
Avi Deitcher
e625d0cdbc tests: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-10 10:56:15 +02:00
Avi Deitcher
68caa0b911 Update use of tools to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-10 10:56:13 +02:00
Avi Deitcher
a7baaaa4cc tools: Update to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-10 10:56:03 +02:00
Avi Deitcher
c7c3ab8c2a tools/alpine: Update to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-10 10:55:17 +02:00
Avi Deitcher
7270857bdf Update linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-10 10:40:27 +02:00
Avi Deitcher
b929f3b46a Merge pull request #4091 from deitch/remove-grub-dev 
Add grub from alpine replacing our custom built grub, and build grub for riscv64
 2025-01-09 11:56:09 +02:00
Avi Deitcher
df4d0c0d47 update built-in images in linuxkit cmd 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-09 11:08:02 +02:00
Avi Deitcher
0579188c33 Update package tags 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 20:54:27 +02:00
Avi Deitcher
810e3c1fa8 pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 20:54:08 +02:00
Avi Deitcher
6cbd483b5c Update use of test packages to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 20:54:01 +02:00
Avi Deitcher
6f46c2060b tests: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 20:53:52 +02:00
Avi Deitcher
da5fefe094 Update use of tools to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 20:53:50 +02:00
Avi Deitcher
48f5de7595 tools: Update to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 20:53:40 +02:00
Avi Deitcher
89ed0f5089 remove grub-dev in favour of grub package 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 20:51:36 +02:00
Avi Deitcher
35ab64822d update alpine install docs with riscv64 and no grub-dev 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 19:37:04 +02:00
Avi Deitcher
1c11777daf tools/alpine: Update to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 19:34:54 +02:00
Avi Deitcher
94d490235c Update linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-08 19:25:21 +02:00
Avi Deitcher
cfdeb545b1 Merge pull request #4090 from deitch/alpine-321-with-riscv64 
Alpine 321 with riscv64
 2025-01-07 22:13:37 +02:00
Avi Deitcher
d1b42ca0a8 update example for tss 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 21:44:21 +02:00
Avi Deitcher
0db6e01134 bump alpine in some test cases 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:50:59 +02:00
Avi Deitcher
4e384a86a4 fix tss compilation with patches 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:50:59 +02:00
Avi Deitcher
4165491275 Update package tags 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:50:58 +02:00
Avi Deitcher
67d6dad48a pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:50:07 +02:00
Avi Deitcher
db23fd9056 Update use of test packages to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:49:29 +02:00
Avi Deitcher
41ddfa054f tests: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:48:48 +02:00
Avi Deitcher
fb54321715 Update use of tools to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:47:25 +02:00
Avi Deitcher
bd30821cbf tools: Update to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:44:48 +02:00
Avi Deitcher
b7cc91e875 include riscv64 in push-manifest script 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:43:34 +02:00
Avi Deitcher
709a945207 tools/alpine: Update to latest 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 18:43:32 +02:00
Avi Deitcher
59c3f62102 Update linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2025-01-07 13:22:39 +02:00
Avi Deitcher
dc8c6d5985 Merge pull request #4089 from deitch/tag-in-build-yml 
support --tag in build.yml for packages
 2024-12-23 18:00:06 +02:00
Avi Deitcher
4f765b5da0 support --tag in build.yml for packages 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-12-23 17:28:49 +02:00
Avi Deitcher
ad95c6fc2e Merge pull request #4085 from deitch/volume-image 
additional volume support in building
 2024-10-01 15:57:17 +03:00
Avi Deitcher
76f4802ccf additional volume support in building 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-10-01 15:27:55 +03:00
Avi Deitcher
e4d41061b6 Merge pull request #4084 from deitch/cache-platform-instead-of-arch 
internal restructure to use explicit platform instead of implicit arch in cache
 2024-10-01 15:14:21 +03:00
Avi Deitcher
81f0c3eff2 internal restructure to use explicit platform instead of implicit arch in cache 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-10-01 14:30:03 +03:00
Avi Deitcher
5e3f7dd9a5 Merge pull request #4083 from deitch/restructure-logging 
restructure logging
 2024-10-01 14:00:06 +03:00
Avi Deitcher
67e9e22a36 restructure logging 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-10-01 12:50:43 +03:00
Avi Deitcher
8556f024ef Merge pull request #4082 from kolyshkin/moby-cap 
vendor: switch to moby/sys/capability
 2024-10-01 11:07:29 +03:00
Kir Kolyshkin
da3be29998 vendor: switch to moby/sys/capability 
github.com/moby/sys/capability is a fork of the (no longer maintained)
github.com/syndtr/gocapability package.

For changes since the fork took place, see
https://github.com/moby/sys/blob/main/capability/CHANGELOG.md

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2024-09-30 18:10:16 -07:00
Avi Deitcher
d7a6bc8899 Merge pull request #4077 from deitch/docker-bump 
bump docker deps to v27.2.0
 2024-09-08 13:00:19 +03:00
Avi Deitcher
2159aacb09 bump docker deps to v27.2.0 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-09-08 12:22:57 +03:00
Avi Deitcher
fa3207c86e Merge pull request #4072 from christoph-zededa/docker_cache_consider_architecture 
moby: check architecture for docker image
 2024-08-29 22:15:19 +03:00
Avi Deitcher
1d6d5fa612 Merge pull request #4074 from deitch/efi-kernel 
remove linuxefi grub EFI handover to normal linux loading
 2024-08-29 21:13:48 +03:00
Avi Deitcher
ba25e59640 remove linuxefi grub EFI handover to normal linux loading 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-08-29 17:30:57 +03:00
Avi Deitcher
6979859e76 Merge pull request #4073 from deitch/init-debug-no-control 
use only stdout/stderr or file for runc output
 2024-08-28 15:28:33 +03:00
Avi Deitcher
5848a2856f use only stdout/stderr or file for runc output 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-08-28 14:45:26 +03:00
Christoph Ostarek
cb8f36adf3 moby: check architecture for docker image 
under certain cases the container image is already in the local docker
registry, but with the wrong architecture; in this case just pretend
it is not there and let the caller decide if they want to build it

Signed-off-by: Christoph Ostarek <christoph@zededa.com>
 2024-08-27 15:49:21 +02:00
Avi Deitcher
5f09346e1e Merge pull request #4070 from deitch/verbose-runc 
more verbose runc messages
 2024-08-22 20:55:44 +03:00
Avi Deitcher
15c808c4ee more verbose runc messages 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-08-22 20:23:44 +03:00
Avi Deitcher
745da8f4c0 Merge pull request #4069 from deitch/fix-ro-volumes 
when building read-only volumes, still use overlayfs
 2024-08-22 19:20:35 +03:00
Avi Deitcher
b36cad081b when building read-only volumes, still use overlayfs 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-08-22 18:49:08 +03:00
Avi Deitcher
370bf51cdf Merge pull request #4067 from deitch/runc-debug-options 
support cmdline-driven debugging mode for runc
 2024-08-22 15:53:46 +03:00
Avi Deitcher
2af30c5503 support cmdline-driven debugging mode for runc 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-08-22 15:14:35 +03:00
Avi Deitcher
270fd1c5aa Merge pull request #4066 from deitch/ssh-support 
support for pkg build ssh
 2024-07-28 13:32:42 +03:00
Avi Deitcher
51727db254 support for pkg build ssh 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-07-28 11:39:55 +03:00
3584 changed files with 320722 additions and 174114 deletions
Expand all files Collapse all files

58
.github/workflows/ci.yml vendored
View File

@@ -1,6 +1,9 @@
name: LinuxKit CI
on: [push, pull_request]
env:
TOTAL_SHARDS: 12 # change here once
jobs:
build:
name: Build & Test
@@ -35,24 +38,24 @@ jobs:
runs-on: ${{ matrix.target.runner }}
steps:
- name: Set up Go 1.22
uses: actions/setup-go@v5
with:
go-version: 1.22.3
id: go
- name: Check out code
uses: actions/checkout@v4
- name: Set up Go based on go.mod
uses: actions/setup-go@v5
with:
go-version-file: 'src/cmd/linuxkit/go.mod'
id: go
- name: Set path
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
env:
GOPATH: ${{runner.workspace}}
- name: golangci-lint CLI
uses: golangci/golangci-lint-action@v6
uses: golangci/golangci-lint-action@v7
with:
version: v1.59.0
version: v2.0.2
working-directory: src/cmd/linuxkit
args: --verbose --timeout=10m
- name: go vet CLI
@@ -122,13 +125,13 @@ jobs:
- name: Build Packages
# Skip s390x as emulation is unreliable
run: |
make OPTIONS="-v --skip-platforms linux/s390x" -C pkg build
make OPTIONS="-v 2 --skip-platforms linux/s390x" -C pkg build
- name: Build Test Packages
# ensures that the test packages are in linuxkit cache when we need them for tests later
# Skip s390x as emulation is unreliable
run: |
make OPTIONS="-v --skip-platforms linux/s390x" -C test/pkg build
make OPTIONS="-v 2 --skip-platforms linux/s390x" -C test/pkg build
- name: Check Kernel Dependencies up to date
# checks that any kernel dependencies are up to date.
@@ -145,19 +148,48 @@ jobs:
# ensures that the kernel packages are in linuxkit cache when we need them for tests later
# no need for excluding s390x, as each build.yml in the kernel explicitly lists archs
run: |
make OPTIONS="-v" -C kernel build
make OPTIONS="-v 2" -C kernel build
- name: list cache contents
run: |
linuxkit cache ls
gen_package_test_matrix:
name: Generate Package Test Matrix
needs: [ build_packages, build ]
runs-on: ubuntu-latest
outputs:
shard_list: ${{ steps.mk.outputs.list }}
steps:
- name: Generate Test Matrix
id: mk
shell: bash
run: |
set -x
N="${{ env.TOTAL_SHARDS }}"
# Priority: repo var SHARDS → event-based default (PR=6, else 10)
if [ -n "${{ vars.SHARDS }}" ]; then
N="${{ vars.SHARDS }}"
fi
# Build JSON array ["1/N","2/N",...,"N/N"]
shards=""
for i in $(seq 1 "$N"); do
if [ -z "$shards" ]; then
shards="\"$i/$N\""
else
shards="$shards,\"$i/$N\""
fi
done
echo "list=[$shards]" >> "$GITHUB_OUTPUT"
test_packages:
name: Packages Tests
needs: [ build_packages, build ]
needs: [ build_packages, build, gen_package_test_matrix ]
runs-on: ubuntu-latest
strategy:
matrix:
shard: [1/10,2/10,3/10,4/10,5/10,6/10,7/10,8/10,9/10,10/10]
shard: ${{ fromJson(needs.gen_package_test_matrix.outputs.shard_list) }}
steps:
- name: Check out code
uses: actions/checkout@v4

10
.github/workflows/package_release.yml vendored
View File

@@ -9,13 +9,13 @@ jobs:
if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/pkg-v')
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.22
uses: actions/setup-go@v5
with:
go-version: 1.22.3
id: go
- name: Check out code
uses: actions/checkout@v4
- name: Set up Go based on go.mod
uses: actions/setup-go@v5
with:
go-version-file: 'src/cmd/linuxkit/go.mod'
id: go
- name: Ensure bin/ directory
run: mkdir -p bin
- name: Install linuxkit

24
.github/workflows/release.yml vendored
View File

@@ -10,14 +10,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.122
uses: actions/setup-go@v5
with:
go-version: 1.22.3
id: go
- name: Check out code
uses: actions/checkout@v4
- name: Set up Go based on go.mod
uses: actions/setup-go@v5
with:
go-version-file: 'src/cmd/linuxkit/go.mod'
id: go
- name: Set path
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
@@ -42,14 +42,14 @@ jobs:
runs-on: macos-latest
steps:
- name: Set up Go 1.122
uses: actions/setup-go@v5
with:
go-version: 1.22.3
id: go
- name: Check out code
uses: actions/checkout@v4
- name: Set up Go based on go.mod
uses: actions/setup-go@v5
with:
go-version-file: 'src/cmd/linuxkit/go.mod'
id: go
- name: Set path
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH

4
Makefile
View File

@@ -4,7 +4,7 @@ VERSION="v0.8+"
TEST_SUITE ?=
TEST_SHARD ?=
GO_COMPILE=linuxkit/go-compile:c97703655e8510b7257ffc57f25e40337b0f0813
GO_COMPILE=linuxkit/go-compile:985a9db72a7e6941de5e1eb71c2b41b76bf0556f
ifeq ($(OS),Windows_NT)
LINUXKIT?=$(CURDIR)/bin/linuxkit.exe
@@ -34,7 +34,7 @@ export VERSION GO_COMPILE GOOS GOARCH LOCAL_TARGET LINUXKIT
default: linuxkit $(RTF)
all: default
RTF_COMMIT=b74a4f7c78e5cddcf7e6d2e6be7be312b9f645fc
RTF_COMMIT=1118e08445438dc37ec62b4c1e216918b3d804d2
RTF_CMD=github.com/linuxkit/rtf/cmd
RTF_VERSION=0.0
$(RTF): tmp_rtf_bin.tar | bin

2
contrib/open-vm-tools/open-vm-tools-ds.yaml
View File

@@ -30,7 +30,7 @@ spec:
operator: Exists
effect: NoSchedule
containers:
- image: linuxkit/open-vm-tools:728ddf726474178eea97604c0baeabd52edab7e9
- image: linuxkit/open-vm-tools:aa0a3b513f5020bcea5858632f0a988c81d16ed0
name: open-vm-tools
resources:
requests:

8
docs/alpine-base-update.md
View File

@@ -101,9 +101,9 @@ In the below, replace `linuxkit-arch` with each build machine's name:
```sh
# one of these will not be necessary, as you will likely be executing it on one of these machines
scp linuxkit-s390x:$LK_ROOT/tools/alpine/versions.s390x $LK_ROOT/tools/alpine/versions.s390x
scp linuxkit-aarch64:$LK_ROOT/tools/alpine/versions.aarch64 $LK_ROOT/tools/alpine/versions.aarch64
scp linuxkit-x86_64:$LK_ROOT/tools/alpine/versions.x86_64 $LK_ROOT/tools/alpine/versions.x86_64
for arch in x86_64 aarch64 riscv64; do
scp linuxkit-$arch:$LK_ROOT/tools/alpine/versions.$arch $LK_ROOT/tools/alpine/versions.$arch
done
git commit -a -s -m "tools/alpine: Update to latest"
git push $LK_REMOTE $LK_BRANCH
```
@@ -131,7 +131,6 @@ following which is an explanation of each one.
# Update tools packages
cd $LK_ROOT/tools
$LK_ROOT/scripts/update-component-sha.sh --image $LK_ALPINE
git checkout grub-dev/Dockerfile
git checkout mkimage-rpi3/Dockerfile
git commit -a -s -m "tools: Update to the latest linuxkit/alpine"
@@ -183,7 +182,6 @@ Note, the `git checkout` reverts the changes made by
Important is the `git checkout` of some sensitive packages that only can be built with
specific older versions of upstream packages:
* `grub-dev`
* `mkimage-rpi3`
Only update those if you know what you are doing with them.

19
docs/cmdline.md Normal file
View File

@@ -0,0 +1,19 @@
# Kernel command-line options
The kernel command-line is a string of text that the kernel parses as it is starting up. It is passed by the boot loader
to the kernel and specifies parameters that the kernel uses to configure the system. The command-line is a list of command-line
options separated by spaces. The options are parsed by the kernel and can be used to enable or disable certain features.
LinuxKit passes all command-line options to the kernel, which uses them in the usual way.
There are several options that can be used to control the behaviour of linuxkit itself, or specifically packages
within linuxkit. Unless standard Linux options exist, these all are prefaced with `linuxkit.`.
| Option | Description |
|---|---|
| `linuxkit.unified_cgroup_hierarchy=0` | Start up cgroups v1. If not present or set to 1, default to cgroups v1. |
| `linuxkit.runc_debug=1` | Start runc for `onboot` and `onshutdown` containers to run with `--debug`, and add extra logging messages for each stage of starting those containers. If not present or set to 0, default to usual mode. |
| `linuxkit.runc_console=1` | Send logs for runc for `onboot` and `onshutdown` containers, as well as the output of the containers themselves, to the console, instead of the normal output to logfiles. If not present or set to 0, default to usual mode. |
It often is useful to combine both of the `linuxkit.runc_debug` and `linuxkit.runc_console` options to get the most
information about what is happening with `onboot` containers.

28
docs/image-cache.md
View File

@@ -59,3 +59,31 @@ is provided, it always will pull, independent of what is in the cache.
The read process is smart enough to check each blob in the local cache before downloading
it from a registry.
## Imports from local Docker instance
To import an image from your local Docker daemon into LinuxKit, youll need to ensure the image is exported in the [OCI image format](https://docs.docker.com/build/exporters/oci-docker/), which LinuxKit understands.
This requires using a `docker-container` [buildx driver](https://docs.docker.com/build/builders/drivers/docker-container/), rather than the default.
Set it up like so:
```shell
docker buildx create --driver docker-container --driver-opt image=moby/buildkit:latest --name=ocibuilder --bootstrap
```
Then build and export your image using the OCI format:
```shell
docker buildx build --builder=ocibuilder --output type=oci,name=foo . > foo.tar
```
You can now import it into LinuxKit with:
```shell
linuxkit cache import foo.tar
```
Note that this process, as described, will only produce images for the platform/architecture you're currently on. To produce multi-platform images requires extra docker build flags and external builder or QEMU support - see [here](https://docs.docker.com/build/building/multi-platform/).
This workaround is only necessary when working with the local Docker daemon. If youre pulling from Docker Hub or another registry, you dont need to do any of this.

13
docs/kernels.md
View File

@@ -274,7 +274,7 @@ your local Docker setup.
The process of modifying the kernel configuration is as follows:
1. Create a `linuxkit/kconfig` container image: `make kconfig`. This is not pushed out.
1. Create a `linuxkit/kconfig` container image: `make kconfig`. This is not pushed out. By default, this will be for your local architecture, but you can override it with `make kconfig ARCH=${ARCH}`, e.g. `make kconfig ARCH=arm64`. The image is tagged with the architecture, e.g. `linuxkit/kconfig:arm64`.
1. Run a container based on `linuxkit/kconfig`.
1. In the container, modify the config to suit your needs using normal kernel tools like `make defconfig` or `make menuconfig`.
1. Save the config from the image.
@@ -287,7 +287,11 @@ so that `make menuconfig` and `make defconfig` work correctly.
Run the container as follows:
```sh
docker run --rm -ti -v $(pwd):/src linuxkit/kconfig
docker run --rm -ti -v $(pwd):/src linuxkit/kconfig:aarch64
# or
docker run --rm -ti -v $(pwd):/src linuxkit/kconfig:x86_64
# or
docker run --rm -ti -v $(pwd):/src linuxkit/kconfig:riscv64
```
This will give you a interactive shell where you can modify the kernel
@@ -321,6 +325,11 @@ make ARCH=arm64 defconfig
make ARCH=arm64 oldconfig # or menuconfig
```
It is important to note that sometimes the configuration can be subtly different
when running `make defconfig` across architectures. Of note is that `make ARCH=riscv` on
x86_64 or aarch64 comes out slightly differently than when run natively on riscv64.
Feel free to try it cross, but do not be surprised if it generates outputs that are not the same.
Note that the generated file **must** be final. When you actually build the kernel,
it will check that running `make defconfig` will have no changes. If there are changes,
the build will fail.

55
docs/packages.md
View File

@@ -50,13 +50,14 @@ A package source consists of a directory containing at least two files:
- `image` _(string)_: *(mandatory)* The name of the image to build
- `org` _(string)_: The hub/registry organisation to which this package belongs
- `tag` _(string)_: The tag to use for the image, can be fixed string or template (default: `{{.Hash}}`)
- `dockerfile` _(string)_: The dockerfile to use to build this package, must be in this directory or below (default: `Dockerfile`)
- `arches` _(list of string)_: The architectures which this package should be built for (valid entries are `GOARCH` names)
- `extra-sources` _(list of strings)_: Additional sources for the package outside the package directory. The format is `src:dst`, where `src` can be relative to the package directory and `dst` is the destination in the build context. This is useful for sharing files, such as vendored go code, between packages.
- `gitrepo` _(string)_: The git repository where the package source is kept.
- `network` _(bool)_: Allow network access during the package build (default: no)
- `disable-cache` _(bool)_: Disable build cache for this package (default: no)
- `buildArgs` will forward a list of build arguments down to docker. As if `--build-arg` was specified during `docker build`
- `buildArgs` will forward a list of build arguments down to docker. As if `--build-arg` was specified during `docker build`. See [BuildArgs][BuildArgs] for more information.
- `config`: _(struct `github.com/moby/tool/src/moby.ImageConfig`)_: Image configuration, marshalled to JSON and added as `org.mobyproject.config` label on image (default: no label)
- `depends`: Contains information on prerequisites which must be satisfied in order to build the package. Has subfields:
- `docker-images`: Docker images to be made available (as `tar` files via `docker image save`) within the package build context. Contains the following nested fields:
@@ -381,6 +382,58 @@ ARG all_proxy
LinuxKit does not judge between lower-cased or upper-cased variants of these options, e.g. `http_proxy` vs `HTTP_PROXY`,
as `docker build` does not either. It just passes them through "as-is".
## Build Args
`linuxkit` does not support passing random CLI flags for build arguments when building packages.
This is inline with its philosophy, of having as reproducible builds as possible, which requires
everything to be available on disk and in the repository.
It is possible to bypass this, but this is not recommended.
As described in [Preset build arguments][Preset build arguments], linuxkit automatically sets some build arguments
when building packages. However, you can also set your own build arguments, which will be passed to the
`docker build` command.
You can include your own build args in several ways.
* `build.yml` - you can add a `buildArgs` field to the `build.yml` file, which will be passed as `--build-arg` to `docker build`.
* `linuxkit pkg build` - you can pass the `--build-arg-file <file>` flag, with one `<key>=<value>` pair per line, which will be passed as `--build-arg` to `docker build`.
When parsing for build args, whether from `build.yml`'s `buildArgs` field or from the `--build-arg-file`,
linuxkit has support for certain calculated build args for the value of the arg. You can set these using the following syntax.
All calculated build args are prefixed with `@lkt:`.
* `VAR=@lkt:pkg:<path>` - the linuxkit package hash of the path, as determined by `linuxkit pkg show-tag <path>`. The `<path>` can be absolute, or if provided as a relative path, it is relative to the working directory of the file. For example, if provided in the `buildArgs` section of `build.yml`, it is relative to the package directory; if provided in `--build-arg-file <file>`, it is relative to the directory in which <file> exists.
For example:
```yaml
buildArgs:
- DEP_HASH=@lkt:pkg:/usr/local/foo # will be replaced with the value of `linuxkit pkg show-tag /usr/local/foo`
- REL_HASH=@lkt:pkg:foo # will be replaced with the value of `linuxkit pkg show-tag foo` relative to this build.yml file
```
* `VAR_%=@lkt:pkgs:<paths>` - (note `pkgs` plural) the linuxkit package hashes of the multiple packages satisfied by `<paths>`. linuxkit will get the linuxkit package hash of each path in `<paths>`, as determined by `linuxkit pkg show-tag <path>`. The `<paths>` can be absolute, or if provided as a relative path, it is relative to the working directory of the file which contains the build arg, whether `build.yml` in a package or the build arg
file provided to `--build-arg-file <file>`. The `<paths>` supports basic shell globbing, such as `./foo/*` or `/var/foo{1,2,3}`. Globs that start with `.` will be ignored, e.g. `foo/*` will match `foo/one` and `foo/two` but not `foo/.git` and `foo/.bar`. For each package in `<paths>`, it will create a build arg with the name `VAR_<package-name>` and the value of the package hash, where: the `%` is replaced with the name of the package; an all `/` and `-` characters are replaced with `_`; all characters are upper-cased.
There _must_ be at least one valid environment variable character before the `%` character.
For example:
```yaml
buildArgs:
- DEP_HASH_%=@lkt:pkgs:/usr/local/foo/*
```
If there are packages in `/usr/local/foo/` named `bar`, `baz`, and `qux`, and each of them has a package as shown
by `linuxkit pkg show-tag` as `linuxkit/bar:123abc`, `linuxkit/baz:aabb666`, and `linuxkit/qux:bbcc777`, this will create the following build args:
```
DEP_HASH_LINUXKIT_BAR=linuxkit/bar:123abc
DEP_HASH_LINUXKIT_BAZ=linuxkit/baz:aabb666
DEP_HASH_LINUXKIT_QUX=linuxkit/qux:bbcc777
```
## Releases
Normally, whenever a package is updated, CI will build and push the package to Docker Hub by calling `linuxkit pkg push`.

110
docs/yaml.md
View File

@@ -18,8 +18,17 @@ For private registries or private repositories on a registry credentials provide
## Sections
The configuration file is processed in the order `kernel`, `init`, `onboot`, `onshutdown`,
`services`, `files`, `volumes`. Each section adds files to the root file system. Sections may be omitted.
The configuration file is processed in the order:
1. `kernel`
1. `init`
1. `volumes`
1. `onboot`
1. `onshutdown`
1. `services`
1. `files`
Each section adds files to the root file system. Sections may be omitted.
Each container that is specified is allocated a unique `uid` and `gid` that it may use if it
wishes to run as an isolated user (or user namespace). Anywhere you specify a `uid` or `gid`
@@ -52,6 +61,9 @@ which should contain a `kernel` file that will be booted (eg a `bzImage` for `am
called `kernel.tar` which is a tarball that is unpacked into the root, which should usually
contain a kernel modules directory. `cmdline` specifies the kernel command line options if required.
The contents of `cmdline` are passed to the kernel as-is. There are several special values that are
used to control the behaviour of linuxkit packages. See [kernel command line options](../docs/cmdline.md).
To override the names, you can specify the kernel image name with `binary: bzImage` and the tar image
with `tar: kernel.tar` or the empty string or `none` if you do not want to use a tarball at all.
@@ -97,8 +109,13 @@ including those in `services`, `onboot` and `onshutdown`. The volumes are create
chosen by linuxkit at build-time. The volumes then can be referenced by other containers and
mounted into them.
Volumes normally are blank directories. If an image is provided, the contents of that image
will be used to populate the volume.
Volumes can be in one of several formats:
* Blank directory: This is the default, and is an empty directory that is created at build-time. It is an overlayfs mount, and can be shared among multiple containers.
* Image laid out as filesystem: The contents of the image are used to populate the volume. Default format when an image is provided.
* Image as OCI v1-layout: The image is used as an [OCI v1-layout](https://github.com/opencontainers/image-spec/blob/main/image-layout.md). Indicated by `format: oci`.
Examples of each are given later in this section.
The `volumes` section can declare a volume to be read-write or read-only. If the volume is read-write,
a volume that is mounted into a container can be mounted read-only or read-write. If the volume is read-only,
@@ -108,7 +125,36 @@ By default, volumes are created read-write, and are mounted read-write.
Volume names **must** be unique, and must contain only lower-case alphanumeric characters, hyphens, and
underscores.
Sample `volumes` section:
#### Samples of `volumes`
##### Empty directory
Yaml showing both read-only and read-write:
```yml
volumes:
- name: dira
readonly: true
- name: dirb
readonly: true
```
Contents:
```sh
$ cd dir && ls -la
drwxr-xr-x 19 root wheel 608 Sep 30 15:03 .
drwxrwxrwt 130 root wheel 4160 Sep 30 15:03 ..
```
In the above example:
* `dira` is empty and is read-only.
* `volb` is empty and is read-write.
##### Image directory
Yaml showing both read-only and read-write:
```yml
volumes:
@@ -117,8 +163,7 @@ volumes:
readonly: true
- name: volb
image: alpine:latest
readonly: false
- name: volc
format: filesystem # optional, as this is the default format
readonly: false
```
@@ -126,7 +171,56 @@ In the above example:
* `vola` is populated by the contents of `alpine:latest` and is read-only.
* `volb` is populated by the contents of `alpine:latest` and is read-write.
* `volc` is an empty volume and is read-write.
Contents:
```sh
$ cd dir && ls -la
drwxr-xr-x 19 root wheel 608 Sep 30 15:03 .
drwxrwxrwt 130 root wheel 4160 Sep 30 15:03 ..
drwxr-xr-x 84 root wheel 2688 Sep 6 14:34 bin
drwxr-xr-x 2 root wheel 64 Sep 6 14:34 dev
drwxr-xr-x 37 root wheel 1184 Sep 6 14:34 etc
drwxr-xr-x 2 root wheel 64 Sep 6 14:34 home
drwxr-xr-x 13 root wheel 416 Sep 6 14:34 lib
drwxr-xr-x 5 root wheel 160 Sep 6 14:34 media
drwxr-xr-x 2 root wheel 64 Sep 6 14:34 mnt
drwxr-xr-x 2 root wheel 64 Sep 6 14:34 opt
dr-xr-xr-x 2 root wheel 64 Sep 6 14:34 proc
drwx------ 2 root wheel 64 Sep 6 14:34 root
drwxr-xr-x 2 root wheel 64 Sep 6 14:34 run
drwxr-xr-x 63 root wheel 2016 Sep 6 14:34 sbin
drwxr-xr-x 2 root wheel 64 Sep 6 14:34 srv
drwxr-xr-x 2 root wheel 64 Sep 6 14:34 sys
drwxr-xr-x 2 root wheel 64 Sep 6 14:34 tmp
drwxr-xr-x 7 root wheel 224 Sep 6 14:34 usr
drwxr-xr-x 13 root wheel 416 Sep 6 14:34 var
```
##### Image OCI Layout
Yaml showing both read-only and read-write, and both all architectures and a limited subset:
```yml
volumes:
- name: volo
image: alpine:latest
format: oci
readonly: true
- name: volp
image: alpine:latest
readonly: false
format: oci
platforms:
- linux/amd64
```
In the above example:
* `volo` is populated by the contents of `alpine:latest` as an OCI v1-layout for all architectures and is read-only.
* `volb` is populated by the contents of `alpine:latest` as an OCI v1-layout just for linux/amd64 and is read-write.
##### Volumes in `services`
Sample usage of volumes in `services` section:

18
examples/addbinds.yml
View File

@@ -1,25 +1,25 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
binds.add:
# this will keep all of the existing ones as well
- /var/tmp:/var/tmp
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
files:
- path: etc/getty.shadow
# sample sets password for root to "abcdefgh" (without quotes)

28
examples/cadvisor.yml
View File

@@ -1,34 +1,34 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: sysfs
image: linuxkit/sysfs:ec174e06ca756f492e7a3fd6200d5c1672b97511
image: linuxkit/sysfs:8d484374bb71b04984fa1e989b1dfc34b3e258a7
- name: format
image: linuxkit/format:e040f4f045f03138a1ee8a22bb6feae7fd5596a6
image: linuxkit/format:512d4fb6cd40c1d90a4aa8335d1bd167fa34a10e
- name: mount
image: linuxkit/mount:19ff89c251a4156bda8ed11c95faad2f40eb770e
image: linuxkit/mount:54906e884b21aca02bf5ecae65f3741b89d8c4e6
command: ["/usr/bin/mountie", "/var/lib/docker"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: ntpd
image: linuxkit/openntpd:c90c6dd90f5dfb0ca71a73aac2dad69c8d956af3
image: linuxkit/openntpd:c28b50438374f8a413b10297f68c65c0f31bf830
- name: docker
image: docker:20.10.6-dind
@@ -46,7 +46,7 @@ services:
- /etc/docker/daemon.json:/etc/docker/daemon.json
command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
- name: cadvisor
image: linuxkit/cadvisor:c57efffad1139b2c5df1c3f66c1e3d586ce9e07d
image: linuxkit/cadvisor:5de4a2ebf2cc9be79363d1c6f5f2e71d55b5922a
files:
- path: var/lib/docker
directory: true

18
examples/containerd-debug.yml
View File

@@ -1,17 +1,17 @@
# example with volumes, both blank and populated
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
onshutdown:
- name: shutdown
@@ -19,11 +19,11 @@ onshutdown:
command: ["/bin/echo", "so long and thanks for all the fish"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:cdb919e4aee49fed0bf6075f0a104037cba83c39
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: nginx
image: nginx:1.19.5-alpine
capabilities:

28
examples/dm-crypt-loop.yml
View File

@@ -1,31 +1,31 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: format
image: linuxkit/format:e040f4f045f03138a1ee8a22bb6feae7fd5596a6
image: linuxkit/format:512d4fb6cd40c1d90a4aa8335d1bd167fa34a10e
command: ["/usr/bin/format", "/dev/sda"]
- name: mount
image: linuxkit/mount:19ff89c251a4156bda8ed11c95faad2f40eb770e
image: linuxkit/mount:54906e884b21aca02bf5ecae65f3741b89d8c4e6
command: ["/usr/bin/mountie", "/dev/sda1", "/var/external"]
- name: loop
image: linuxkit/losetup:65e3ad6336a321749394f58c3f28003cfce1e28c
image: linuxkit/losetup:2b71926debfd2ca482e694bec4ad85ddeebb63aa
command: ["/usr/bin/loopy", "--create", "/var/external/storage_file"]
- name: dm-crypt
image: linuxkit/dm-crypt:d49723bc9d10c5ada9e03b0670f4e57416d5d084
image: linuxkit/dm-crypt:f5966a7f10705cf259ca80c30e087764b87cbd26
command: ["/usr/bin/crypto", "crypt_loop_dev", "/dev/loop0"]
- name: mount
image: linuxkit/mount:19ff89c251a4156bda8ed11c95faad2f40eb770e
image: linuxkit/mount:54906e884b21aca02bf5ecae65f3741b89d8c4e6
command: ["/usr/bin/mountie", "/dev/mapper/crypt_loop_dev", "/var/secure_storage"]
- name: bbox
image: busybox
@@ -34,11 +34,11 @@ onboot:
- /var:/var
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
files:
- path: etc/dm-crypt/key
# the below key is just to keep the example self-contained

24
examples/dm-crypt.yml
View File

@@ -1,25 +1,25 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: format
image: linuxkit/format:e040f4f045f03138a1ee8a22bb6feae7fd5596a6
image: linuxkit/format:512d4fb6cd40c1d90a4aa8335d1bd167fa34a10e
command: ["/usr/bin/format", "/dev/sda"]
- name: dm-crypt
image: linuxkit/dm-crypt:d49723bc9d10c5ada9e03b0670f4e57416d5d084
image: linuxkit/dm-crypt:f5966a7f10705cf259ca80c30e087764b87cbd26
command: ["/usr/bin/crypto", "crypt_dev", "/dev/sda1"]
- name: mount
image: linuxkit/mount:19ff89c251a4156bda8ed11c95faad2f40eb770e
image: linuxkit/mount:54906e884b21aca02bf5ecae65f3741b89d8c4e6
command: ["/usr/bin/mountie", "/dev/mapper/crypt_dev", "/var/secure_storage"]
- name: bbox
image: busybox
@@ -28,11 +28,11 @@ onboot:
- /var:/var
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
files:
- path: etc/dm-crypt/key
# the below key is just to keep the example self-contained

42
examples/docker-for-mac.yml
View File

@@ -1,32 +1,32 @@
# This is an example for building the open source components of Docker for Mac
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=ttyS0 page_poison=1"
init:
- linuxkit/vpnkit-expose-port:77e45e4681c78d59f1d8a48818260948d55f9d05 # install vpnkit-expose-port and vpnkit-iptables-wrapper on host
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/vpnkit-expose-port:e39447f4ca312f9ca256e7737a6bec59bd36aec9 # install vpnkit-expose-port and vpnkit-iptables-wrapper on host
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
# support metadata for optional config in /run/config
- name: metadata
image: linuxkit/metadata:b082f1bf97a9034d1e4c0e36a5d2923f4e58f540
image: linuxkit/metadata:db835ad616084adb6b474e7fd804928fd1d5dd5f
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: sysfs
image: linuxkit/sysfs:ec174e06ca756f492e7a3fd6200d5c1672b97511
image: linuxkit/sysfs:8d484374bb71b04984fa1e989b1dfc34b3e258a7
- name: binfmt
image: linuxkit/binfmt:68604c81876812ca1c9e2d9f098c28f463713e61
image: linuxkit/binfmt:0dbbe9b1394561d693fe593aab3ec83d992b20d1
# Format and mount the disk image in /var/lib/docker
- name: format
image: linuxkit/format:e040f4f045f03138a1ee8a22bb6feae7fd5596a6
image: linuxkit/format:512d4fb6cd40c1d90a4aa8335d1bd167fa34a10e
- name: mount
image: linuxkit/mount:19ff89c251a4156bda8ed11c95faad2f40eb770e
image: linuxkit/mount:54906e884b21aca02bf5ecae65f3741b89d8c4e6
command: ["/usr/bin/mountie", "/var/lib"]
# make a swap file on the mounted disk
- name: swap
image: linuxkit/swap:c57f3319ce770515357f0058035e40519c22b752
image: linuxkit/swap:d63836313d3e63712de097aa5a1b4b8cda948106
command: ["/swap.sh", "--path", "/var/lib/swap", "--size", "1024M"]
# mount-vpnkit mounts the 9p share used by vpnkit to coordinate port forwarding
- name: mount-vpnkit
@@ -44,41 +44,41 @@ onboot:
- /var:/host_var
command: ["sh", "-c", "mv -v /host_var/log /host_var/lib && ln -vs /var/lib/log /host_var/log"]
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
# Enable acpi to shutdown on power events
- name: acpid
image: linuxkit/acpid:3b1560c81d3884e049ebbd9d9bf94ccb394e6cd3
image: linuxkit/acpid:0cbffea2a050fae4e5a942f3a3b9f52257c6db28
# Enable getty for easier debugging
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
# Run ntpd to keep time synchronised in the VM
- name: ntpd
image: linuxkit/openntpd:c90c6dd90f5dfb0ca71a73aac2dad69c8d956af3
image: linuxkit/openntpd:c28b50438374f8a413b10297f68c65c0f31bf830
# VSOCK to unix domain socket forwarding. Forwards guest /var/run/docker.sock
# to a socket on the host.
- name: vsudd
image: linuxkit/vsudd:b4d80d243733f80906cdbcf77f367a7b5744dc09
image: linuxkit/vsudd:e98493f495a206c83f4b1b4eb60255e15da7e223
binds:
- /var/run:/var/run
command: ["/vsudd", "-inport", "2376:unix:/var/run/docker.sock"]
# vpnkit-forwarder forwards network traffic to/from the host via VSOCK port 62373.
# It needs access to the vpnkit 9P coordination share
- name: vpnkit-forwarder
image: linuxkit/vpnkit-forwarder:a89ec807d7d675dccd53773c07382bc707db3396
image: linuxkit/vpnkit-forwarder:870678494d2bf615787b036a87ff1bc5f477c850
binds:
- /var/vpnkit:/port
net: host
command: ["/vpnkit-forwarder", "-vsockPort", "62373"]
# Monitor for image deletes and invoke a TRIM on the container filesystem
- name: trim-after-delete
image: linuxkit/trim-after-delete:6ba98bfb111a808b7a1ca890aca9fc2b3709fca2
image: linuxkit/trim-after-delete:ffcb95df35984f0b28951f3483a38cafb6f2198e
# When the host resumes from sleep, force a clock resync
- name: host-timesync-daemon
image: linuxkit/host-timesync-daemon:0d351aee24b5cf853927647e4f5e6998014959db
image: linuxkit/host-timesync-daemon:2c39149907038dcc7ab4731f079e1880cfb19bd7
# Run dockerd with the vpnkit userland proxy from the vpnkit-forwarder container.
# Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit
# for vpnkit coordination and /run/config/docker for the configuration file.

26
examples/docker.yml
View File

@@ -1,32 +1,32 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: sysfs
image: linuxkit/sysfs:ec174e06ca756f492e7a3fd6200d5c1672b97511
image: linuxkit/sysfs:8d484374bb71b04984fa1e989b1dfc34b3e258a7
- name: format
image: linuxkit/format:e040f4f045f03138a1ee8a22bb6feae7fd5596a6
image: linuxkit/format:512d4fb6cd40c1d90a4aa8335d1bd167fa34a10e
- name: mount
image: linuxkit/mount:19ff89c251a4156bda8ed11c95faad2f40eb770e
image: linuxkit/mount:54906e884b21aca02bf5ecae65f3741b89d8c4e6
command: ["/usr/bin/mountie", "/var/lib/docker"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
- name: ntpd
image: linuxkit/openntpd:c90c6dd90f5dfb0ca71a73aac2dad69c8d956af3
image: linuxkit/openntpd:c28b50438374f8a413b10297f68c65c0f31bf830
- name: docker
image: docker:20.10.6-dind
capabilities:

18
examples/getty.yml
View File

@@ -1,25 +1,25 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
# to make insecure with passwordless root login, uncomment following lines
#env:
# - INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
files:
- path: etc/getty.shadow
# sample sets password for root to "abcdefgh" (without quotes)

18
examples/hostmount-writeable-overlay.yml
View File

@@ -1,16 +1,16 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
onshutdown:
- name: shutdown
@@ -18,7 +18,7 @@ onshutdown:
command: ["/bin/echo", "so long and thanks for all the fish"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
runtime:
@@ -30,7 +30,7 @@ services:
destination: writeable-host-etc
options: ["rw", "lowerdir=/etc", "upperdir=/run/hostetc/upper", "workdir=/run/hostetc/work"]
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: nginx
image: nginx:1.13.8-alpine
capabilities:

14
examples/influxdb-os.yml
View File

@@ -1,18 +1,18 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: influxdb

22
examples/logging.yml
View File

@@ -1,23 +1,23 @@
# Simple example of using an external logging service
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/memlogd:cb79fd19e6485cfc61b85c607ca172cd860554c5
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
- linuxkit/memlogd:c5521cc1bb602f8b6343c071e05da596523a4196
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
# Inside the getty type `/proc/1/root/usr/bin/logread -F` to follow the log
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
# A service which generates log messages for testing
@@ -25,6 +25,6 @@ services:
image: alpine:3.13
command: ["/bin/sh", "-c", "while /bin/true; do echo hello $(date); sleep 1; done" ]
- name: write-and-rotate-logs
image: linuxkit/logwrite:c1c66d246080a40658903916d650206f2dcd707a
image: linuxkit/logwrite:8a0a9aa499adcd30fd6729a29e0567b14a4d468f
- name: kmsg
image: linuxkit/kmsg:423844f262467e1199480dc93d69e38610c78133
image: linuxkit/kmsg:c4616ea416202761421215ee1783108610175126

12
examples/minimal.yml
View File

@@ -1,16 +1,16 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
onboot:
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true

16
examples/node_exporter.yml
View File

@@ -1,18 +1,18 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
- name: node_exporter
image: linuxkit/node_exporter:9bcd8479b7ba2844773ef4f01a60c901c4800982
image: linuxkit/node_exporter:0acda272031d6475c229e440e1ac0643f290b06c

20
examples/openstack.yml
View File

@@ -1,25 +1,25 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: metadata
image: linuxkit/metadata:b082f1bf97a9034d1e4c0e36a5d2923f4e58f540
image: linuxkit/metadata:db835ad616084adb6b474e7fd804928fd1d5dd5f
command: ["/usr/bin/metadata", "openstack"]
services:
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: sshd
image: linuxkit/sshd:75f399fbfb6455dfccd4cb30543d0b4b494d28c8
image: linuxkit/sshd:240e5e4f716bce51099b3785c209bf37613db8f0
binds.add:
- /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys
- name: nginx

22
examples/platform-aws.yml
View File

@@ -1,27 +1,27 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: metadata
image: linuxkit/metadata:b082f1bf97a9034d1e4c0e36a5d2923f4e58f540
image: linuxkit/metadata:db835ad616084adb6b474e7fd804928fd1d5dd5f
services:
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: dhcpcd2
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf"]
- name: sshd
image: linuxkit/sshd:75f399fbfb6455dfccd4cb30543d0b4b494d28c8
image: linuxkit/sshd:240e5e4f716bce51099b3785c209bf37613db8f0
binds.add:
- /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys
- name: nginx

18
examples/platform-azure.yml
View File

@@ -1,21 +1,21 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
services:
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
- name: sshd
image: linuxkit/sshd:75f399fbfb6455dfccd4cb30543d0b4b494d28c8
image: linuxkit/sshd:240e5e4f716bce51099b3785c209bf37613db8f0
binds.add:
- /root/.ssh:/root/.ssh
files:

4
examples/platform-equinixmetal.arm64.yml
View File

@@ -5,10 +5,10 @@
# for arm64 then the 'ucode' line in the kernel section can be left
# out.
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=ttyAMA0"
ucode: ""
onboot:
- name: modprobe
image: linuxkit/modprobe:ab5ac4d5e7e7a5f2d103764850f7846b69230676
image: linuxkit/modprobe:c2d61d0989a54b0d41b8622304fb0f1f00e173e3
command: ["modprobe", "nicvf"]

26
examples/platform-equinixmetal.yml
View File

@@ -1,34 +1,34 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: console=ttyS1
ucode: intel-ucode.cpio
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/firmware:8def159583422181ddee3704f7024ecb9c02d348
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
- linuxkit/firmware:c9c7d24ecc626db5d293d31ffaaed0a7ffa776e6
onboot:
- name: rngd1
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
command: ["/sbin/rngd", "-1"]
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: metadata
image: linuxkit/metadata:b082f1bf97a9034d1e4c0e36a5d2923f4e58f540
image: linuxkit/metadata:db835ad616084adb6b474e7fd804928fd1d5dd5f
command: ["/usr/bin/metadata", "equinixmetal"]
services:
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: sshd
image: linuxkit/sshd:75f399fbfb6455dfccd4cb30543d0b4b494d28c8
image: linuxkit/sshd:240e5e4f716bce51099b3785c209bf37613db8f0
binds.add:
- /root/.ssh:/root/.ssh
files:

22
examples/platform-gcp.yml
View File

@@ -1,28 +1,28 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: metadata
image: linuxkit/metadata:b082f1bf97a9034d1e4c0e36a5d2923f4e58f540
image: linuxkit/metadata:db835ad616084adb6b474e7fd804928fd1d5dd5f
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: sshd
image: linuxkit/sshd:75f399fbfb6455dfccd4cb30543d0b4b494d28c8
image: linuxkit/sshd:240e5e4f716bce51099b3785c209bf37613db8f0
binds.add:
- /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys
- name: nginx

26
examples/platform-hetzner.yml
View File

@@ -1,34 +1,34 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: console=ttyS1
ucode: intel-ucode.cpio
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/firmware:8def159583422181ddee3704f7024ecb9c02d348
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
- linuxkit/firmware:c9c7d24ecc626db5d293d31ffaaed0a7ffa776e6
onboot:
- name: rngd1
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
command: ["/sbin/rngd", "-1"]
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: metadata
image: linuxkit/metadata:b082f1bf97a9034d1e4c0e36a5d2923f4e58f540
image: linuxkit/metadata:db835ad616084adb6b474e7fd804928fd1d5dd5f
command: ["/usr/bin/metadata", "hetzner"]
services:
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: sshd
image: linuxkit/sshd:75f399fbfb6455dfccd4cb30543d0b4b494d28c8
image: linuxkit/sshd:240e5e4f716bce51099b3785c209bf37613db8f0
binds.add:
- /root/.ssh:/root/.ssh
files:

20
examples/platform-rt-for-vmware.yml
View File

@@ -1,25 +1,25 @@
kernel:
image: linuxkit/kernel:6.6.13-rt
image: linuxkit/kernel:6.6.71-rt
cmdline: "console=tty0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
- name: open-vm-tools
image: linuxkit/open-vm-tools:728ddf726474178eea97604c0baeabd52edab7e9
image: linuxkit/open-vm-tools:aa0a3b513f5020bcea5858632f0a988c81d16ed0
- name: nginx
image: nginx:1.13.8-alpine
capabilities:

22
examples/platform-scaleway.yml
View File

@@ -1,26 +1,26 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0 root=/dev/vda"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: rngd1
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
command: ["/sbin/rngd", "-1"]
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: metadata
image: linuxkit/metadata:b082f1bf97a9034d1e4c0e36a5d2923f4e58f540
image: linuxkit/metadata:db835ad616084adb6b474e7fd804928fd1d5dd5f
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b

18
examples/platform-vmware.yml
View File

@@ -1,23 +1,23 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
- name: nginx
image: nginx:1.13.8-alpine
capabilities:

22
examples/platform-vultr.yml
View File

@@ -1,29 +1,29 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: metadata
image: linuxkit/metadata:b082f1bf97a9034d1e4c0e36a5d2923f4e58f540
image: linuxkit/metadata:db835ad616084adb6b474e7fd804928fd1d5dd5f
command: ["/usr/bin/metadata", "vultr"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: sshd
image: linuxkit/sshd:75f399fbfb6455dfccd4cb30543d0b4b494d28c8
image: linuxkit/sshd:240e5e4f716bce51099b3785c209bf37613db8f0
binds.add:
- /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys
- name: nginx

12
examples/redis-os.yml
View File

@@ -1,19 +1,19 @@
# Minimal YAML to run a redis server (used at DockerCon'17)
# connect: nc localhost 6379
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
onboot:
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
# Currently redis:4.0.6-alpine has trust issue with multi-arch

22
examples/sshd.yml
View File

@@ -1,28 +1,28 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: rngd1
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
command: ["/sbin/rngd", "-1"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
- name: sshd
image: linuxkit/sshd:75f399fbfb6455dfccd4cb30543d0b4b494d28c8
image: linuxkit/sshd:240e5e4f716bce51099b3785c209bf37613db8f0
binds.add:
- /root/.ssh:/root/.ssh
files:

12
examples/static-ip.yml
View File

@@ -1,19 +1,19 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
onboot:
- name: ip
image: linuxkit/ip:bb250017b05de5e16ac436b1eb19a39c87b5a252
image: linuxkit/ip:afb85d0e238bb26f35546d98c14d41b6f41ccd50
binds:
- /etc/ip:/etc/ip
command: ["ip", "-b", "/etc/ip/eth0.conf"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
files:

24
examples/swap.yml
View File

@@ -1,31 +1,31 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: format
image: linuxkit/format:e040f4f045f03138a1ee8a22bb6feae7fd5596a6
image: linuxkit/format:512d4fb6cd40c1d90a4aa8335d1bd167fa34a10e
- name: mount
image: linuxkit/mount:19ff89c251a4156bda8ed11c95faad2f40eb770e
image: linuxkit/mount:54906e884b21aca02bf5ecae65f3741b89d8c4e6
command: ["/usr/bin/mountie", "/var/external"]
- name: swap
image: linuxkit/swap:c57f3319ce770515357f0058035e40519c22b752
image: linuxkit/swap:d63836313d3e63712de097aa5a1b4b8cda948106
# to use unencrypted swap, use:
# command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G"]
command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b

20
examples/tpm.yml
View File

@@ -1,26 +1,26 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: tss
image: linuxkit/tss:856286012a613598d6ef6869b196f9a72245b7d2
image: linuxkit/tss:3da81eb650611fcdd465499b1af659039dc03af6
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
files:
- path: etc/getty.shadow
# sample sets password for root to "abcdefgh" (without quotes)

20
examples/volumes.yml
View File

@@ -1,17 +1,17 @@
# example with volumes, both blank and populated
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
onshutdown:
- name: shutdown
@@ -19,11 +19,11 @@ onshutdown:
command: ["/bin/echo", "so long and thanks for all the fish"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:cdb919e4aee49fed0bf6075f0a104037cba83c39
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: nginx
image: nginx:1.19.5-alpine
capabilities:
@@ -39,7 +39,7 @@ services:
volumes:
- name: blank # blank volume
- name: alpine # populated volume
image: alpine:3.19
image: alpine:3.21
files:
- path: etc/linuxkit-config
metadata: yaml

14
examples/vpnkit-forwarder.yml
View File

@@ -1,13 +1,13 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
onboot:
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: mount-vpnkit
image: alpine:3.13
@@ -19,11 +19,11 @@ onboot:
command: ["sh", "-c", "mkdir /host_var/vpnkit && mount -v -t 9p -o trans=virtio,dfltuid=1001,dfltgid=50,version=9p2000 port /host_var/vpnkit"]
services:
- name: sshd
image: linuxkit/sshd:75f399fbfb6455dfccd4cb30543d0b4b494d28c8
image: linuxkit/sshd:240e5e4f716bce51099b3785c209bf37613db8f0
binds.add:
- /root/.ssh:/root/.ssh
- name: vpnkit-forwarder
image: linuxkit/vpnkit-forwarder:a89ec807d7d675dccd53773c07382bc707db3396
image: linuxkit/vpnkit-forwarder:870678494d2bf615787b036a87ff1bc5f477c850
binds:
- /var/vpnkit:/port
net: host

12
examples/vsudd-containerd.yml
View File

@@ -1,17 +1,17 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=ttyS0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
onboot:
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
- name: vsudd
image: linuxkit/vsudd:b4d80d243733f80906cdbcf77f367a7b5744dc09
image: linuxkit/vsudd:e98493f495a206c83f4b1b4eb60255e15da7e223
binds:
- /run/containerd/containerd.sock:/run/containerd/containerd.sock
command: ["/vsudd",

22
examples/wireguard.yml
View File

@@ -1,19 +1,19 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: wg0
image: linuxkit/ip:bb250017b05de5e16ac436b1eb19a39c87b5a252
image: linuxkit/ip:afb85d0e238bb26f35546d98c14d41b6f41ccd50
net: new
binds:
- /etc/wireguard:/etc/wireguard
@@ -26,7 +26,7 @@ onboot:
bindNS:
net: /run/netns/wg0
- name: wg1
image: linuxkit/ip:bb250017b05de5e16ac436b1eb19a39c87b5a252
image: linuxkit/ip:afb85d0e238bb26f35546d98c14d41b6f41ccd50
net: new
binds:
- /etc/wireguard:/etc/wireguard
@@ -40,12 +40,12 @@ onboot:
net: /run/netns/wg1
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
net: /run/netns/wg1
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: nginx
image: nginx:1.13.8-alpine
net: /run/netns/wg0

4
kernel/6.6.x/build-args
View File

@@ -1,3 +1,3 @@
KERNEL_VERSION=6.6.13
KERNEL_VERSION=6.6.71
KERNEL_SERIES=6.6.x
BUILD_IMAGE=linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e
BUILD_IMAGE=linuxkit/alpine:35b33c6b03c40e51046c3b053dd131a68a26c37a

31
kernel/6.6.x/config-aarch64
View File

@@ -1,20 +1,21 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/arm64 6.6.13 Kernel Configuration
# Linux/arm64 6.6.71 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014"
CONFIG_CC_VERSION_TEXT="gcc (Alpine 14.2.0) 14.2.0"
CONFIG_CC_IS_GCC=y
CONFIG_GCC_VERSION=130201
CONFIG_GCC_VERSION=140200
CONFIG_CLANG_VERSION=0
CONFIG_AS_IS_GNU=y
CONFIG_AS_VERSION=24100
CONFIG_AS_VERSION=24301
CONFIG_LD_IS_BFD=y
CONFIG_LD_VERSION=24100
CONFIG_LD_VERSION=24301
CONFIG_LLD_VERSION=0
CONFIG_CC_CAN_LINK=y
CONFIG_CC_CAN_LINK_STATIC=y
CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
CONFIG_TOOLS_SUPPORT_RELR=y
CONFIG_CC_HAS_ASM_INLINE=y
CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
CONFIG_PAHOLE_VERSION=0
@@ -157,7 +158,7 @@ CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
CONFIG_CC_HAS_INT128=y
CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5"
CONFIG_GCC11_NO_ARRAY_BOUNDS=y
CONFIG_GCC10_NO_ARRAY_BOUNDS=y
CONFIG_CC_NO_ARRAY_BOUNDS=y
CONFIG_ARCH_SUPPORTS_INT128=y
CONFIG_CGROUPS=y
@@ -371,7 +372,10 @@ CONFIG_ARM64_ERRATUM_2067961=y
CONFIG_ARM64_ERRATUM_2441009=y
CONFIG_ARM64_ERRATUM_2457168=y
CONFIG_ARM64_ERRATUM_2645198=y
CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD=y
CONFIG_ARM64_ERRATUM_2966298=y
CONFIG_ARM64_ERRATUM_3117295=y
CONFIG_ARM64_ERRATUM_3194386=y
CONFIG_CAVIUM_ERRATUM_22375=y
CONFIG_CAVIUM_ERRATUM_23154=y
CONFIG_CAVIUM_ERRATUM_27456=y
@@ -488,7 +492,6 @@ CONFIG_ARM64_EPAN=y
# end of ARMv8.7 architectural features
CONFIG_ARM64_SVE=y
CONFIG_ARM64_SME=y
# CONFIG_ARM64_PSEUDO_NMI is not set
CONFIG_RELOCATABLE=y
CONFIG_RANDOMIZE_BASE=y
@@ -631,6 +634,7 @@ CONFIG_KVM_GENERIC_HARDWARE_ENABLING=y
CONFIG_VIRTUALIZATION=y
CONFIG_KVM=y
# CONFIG_NVHE_EL2_DEBUG is not set
CONFIG_CPU_MITIGATIONS=y
#
# General architecture-dependent options
@@ -730,6 +734,7 @@ CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y
CONFIG_ARCH_USE_MEMREMAP_PROT=y
# CONFIG_LOCK_EVENT_COUNTS is not set
CONFIG_ARCH_HAS_RELR=y
CONFIG_RELR=y
CONFIG_HAVE_PREEMPT_DYNAMIC=y
CONFIG_HAVE_PREEMPT_DYNAMIC_KEY=y
CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y
@@ -905,6 +910,7 @@ CONFIG_PAGE_REPORTING=y
CONFIG_MIGRATION=y
CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y
CONFIG_ARCH_ENABLE_THP_MIGRATION=y
CONFIG_PCP_BATCH_SCALE_MAX=5
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_MMU_NOTIFIER=y
CONFIG_KSM=y
@@ -3354,7 +3360,6 @@ CONFIG_MFD_CORE=y
# CONFIG_MFD_SKY81452 is not set
# CONFIG_MFD_STMPE is not set
CONFIG_MFD_SYSCON=y
# CONFIG_MFD_TI_AM335X_TSCADC is not set
# CONFIG_MFD_LP3943 is not set
# CONFIG_MFD_LP8788 is not set
# CONFIG_MFD_TI_LMU is not set
@@ -3413,6 +3418,7 @@ CONFIG_MFD_VEXPRESS_SYSREG=y
# Graphics support
#
CONFIG_APERTURE_HELPERS=y
CONFIG_SCREEN_INFO=y
CONFIG_VIDEO_CMDLINE=y
# CONFIG_AUXDISPLAY is not set
# CONFIG_DRM is not set
@@ -3474,6 +3480,7 @@ CONFIG_FB_SYS_IMAGEBLIT=y
# CONFIG_FB_FOREIGN_ENDIAN is not set
CONFIG_FB_SYS_FOPS=y
CONFIG_FB_DEFERRED_IO=y
CONFIG_FB_IOMEM_FOPS=y
CONFIG_FB_IOMEM_HELPERS=y
CONFIG_FB_SYSMEM_HELPERS=y
CONFIG_FB_SYSMEM_HELPERS_DEFERRED=y
@@ -3600,6 +3607,7 @@ CONFIG_HID_GENERIC=y
# CONFIG_HID_ZYDACRON is not set
# CONFIG_HID_SENSOR_HUB is not set
# CONFIG_HID_ALPS is not set
# CONFIG_HID_MCP2200 is not set
# CONFIG_HID_MCP2221 is not set
# end of Special HID drivers
@@ -3821,8 +3829,6 @@ CONFIG_MMC_SDHCI_PLTFM=m
# CONFIG_MMC_TOSHIBA_PCI is not set
# CONFIG_MMC_MTK is not set
# CONFIG_MMC_SDHCI_XENON is not set
# CONFIG_MMC_SDHCI_OMAP is not set
# CONFIG_MMC_SDHCI_AM654 is not set
# CONFIG_SCSI_UFSHCD is not set
# CONFIG_MEMSTICK is not set
# CONFIG_NEW_LEDS is not set
@@ -4726,6 +4732,9 @@ CONFIG_ENCRYPTED_KEYS=y
# CONFIG_USER_DECRYPTED_DATA is not set
CONFIG_KEY_DH_OPERATIONS=y
CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_PROC_MEM_ALWAYS_FORCE=y
# CONFIG_PROC_MEM_FORCE_PTRACE is not set
# CONFIG_PROC_MEM_NO_FORCE is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
@@ -4821,6 +4830,7 @@ CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_SIG=y
CONFIG_CRYPTO_SIG2=y
CONFIG_CRYPTO_SKCIPHER=y
CONFIG_CRYPTO_SKCIPHER2=y
@@ -5191,7 +5201,6 @@ CONFIG_DMA_DIRECT_REMAP=y
# CONFIG_DMA_MAP_BENCHMARK is not set
CONFIG_SGL_ALLOC=y
CONFIG_CHECK_SIGNATURE=y
# CONFIG_FORCE_NR_CPUS is not set
CONFIG_CPU_RMAP=y
CONFIG_DQL=y
CONFIG_GLOB=y

4968
kernel/6.6.x/config-riscv64 Normal file
View File

File diff suppressed because it is too large Load Diff

28
kernel/6.6.x/config-x86_64
View File

@@ -1,15 +1,15 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 6.6.13 Kernel Configuration
# Linux/x86 6.6.71 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014"
CONFIG_CC_VERSION_TEXT="gcc (Alpine 14.2.0) 14.2.0"
CONFIG_CC_IS_GCC=y
CONFIG_GCC_VERSION=130201
CONFIG_GCC_VERSION=140200
CONFIG_CLANG_VERSION=0
CONFIG_AS_IS_GNU=y
CONFIG_AS_VERSION=24100
CONFIG_AS_VERSION=24301
CONFIG_LD_IS_BFD=y
CONFIG_LD_VERSION=24100
CONFIG_LD_VERSION=24301
CONFIG_LLD_VERSION=0
CONFIG_CC_CAN_LINK=y
CONFIG_CC_CAN_LINK_STATIC=y
@@ -180,7 +180,7 @@ CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
CONFIG_CC_HAS_INT128=y
CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5"
CONFIG_GCC11_NO_ARRAY_BOUNDS=y
CONFIG_GCC10_NO_ARRAY_BOUNDS=y
CONFIG_CC_NO_ARRAY_BOUNDS=y
CONFIG_ARCH_SUPPORTS_INT128=y
CONFIG_CGROUPS=y
@@ -470,7 +470,6 @@ CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_DYNAMIC_MEMORY_LAYOUT=y
CONFIG_RANDOMIZE_MEMORY=y
CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
# CONFIG_ADDRESS_MASKING is not set
CONFIG_HOTPLUG_CPU=y
# CONFIG_COMPAT_VDSO is not set
# CONFIG_LEGACY_VSYSCALL_XONLY is not set
@@ -490,7 +489,7 @@ CONFIG_CALL_PADDING=y
CONFIG_HAVE_CALL_THUNKS=y
CONFIG_CALL_THUNKS=y
CONFIG_PREFIX_SYMBOLS=y
CONFIG_SPECULATION_MITIGATIONS=y
CONFIG_CPU_MITIGATIONS=y
CONFIG_PAGE_TABLE_ISOLATION=y
CONFIG_RETPOLINE=y
CONFIG_RETHUNK=y
@@ -502,6 +501,8 @@ CONFIG_CPU_IBRS_ENTRY=y
CONFIG_CPU_SRSO=y
# CONFIG_SLS is not set
# CONFIG_GDS_FORCE_MITIGATION is not set
CONFIG_MITIGATION_RFDS=y
CONFIG_MITIGATION_SPECTRE_BHI=y
CONFIG_ARCH_HAS_ADD_PAGES=y
#
@@ -684,6 +685,7 @@ CONFIG_AS_SHA256_NI=y
CONFIG_AS_TPAUSE=y
CONFIG_AS_GFNI=y
CONFIG_AS_WRUSS=y
CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y
#
# General architecture-dependent options
@@ -1004,6 +1006,7 @@ CONFIG_DEVICE_MIGRATION=y
CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y
CONFIG_ARCH_ENABLE_THP_MIGRATION=y
CONFIG_CONTIG_ALLOC=y
CONFIG_PCP_BATCH_SCALE_MAX=5
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_MMU_NOTIFIER=y
CONFIG_KSM=y
@@ -3177,7 +3180,6 @@ CONFIG_LPC_SCH=y
CONFIG_MFD_SM501=y
# CONFIG_MFD_SKY81452 is not set
# CONFIG_MFD_SYSCON is not set
# CONFIG_MFD_TI_AM335X_TSCADC is not set
# CONFIG_MFD_LP3943 is not set
# CONFIG_MFD_LP8788 is not set
# CONFIG_MFD_TI_LMU is not set
@@ -3219,6 +3221,7 @@ CONFIG_MFD_VX855=y
# Graphics support
#
CONFIG_APERTURE_HELPERS=y
CONFIG_SCREEN_INFO=y
CONFIG_VIDEO_CMDLINE=y
CONFIG_VIDEO_NOMODESET=y
# CONFIG_AUXDISPLAY is not set
@@ -3290,6 +3293,7 @@ CONFIG_FB_SYS_IMAGEBLIT=y
# CONFIG_FB_FOREIGN_ENDIAN is not set
CONFIG_FB_SYS_FOPS=y
CONFIG_FB_DEFERRED_IO=y
CONFIG_FB_IOMEM_FOPS=y
CONFIG_FB_IOMEM_HELPERS=y
CONFIG_FB_SYSMEM_HELPERS=y
CONFIG_FB_SYSMEM_HELPERS_DEFERRED=y
@@ -4352,6 +4356,9 @@ CONFIG_ENCRYPTED_KEYS=y
# CONFIG_USER_DECRYPTED_DATA is not set
CONFIG_KEY_DH_OPERATIONS=y
CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_PROC_MEM_ALWAYS_FORCE=y
# CONFIG_PROC_MEM_FORCE_PTRACE is not set
# CONFIG_PROC_MEM_NO_FORCE is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
@@ -4447,6 +4454,7 @@ CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_SIG=y
CONFIG_CRYPTO_SIG2=y
CONFIG_CRYPTO_SKCIPHER=y
CONFIG_CRYPTO_SKCIPHER2=y
@@ -4798,7 +4806,6 @@ CONFIG_SWIOTLB=y
# CONFIG_DMA_MAP_BENCHMARK is not set
CONFIG_SGL_ALLOC=y
CONFIG_CHECK_SIGNATURE=y
# CONFIG_FORCE_NR_CPUS is not set
CONFIG_CPU_RMAP=y
CONFIG_DQL=y
CONFIG_GLOB=y
@@ -4957,6 +4964,7 @@ CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y
CONFIG_HAVE_ARCH_KASAN=y
CONFIG_HAVE_ARCH_KASAN_VMALLOC=y
CONFIG_CC_HAS_KASAN_GENERIC=y
CONFIG_CC_HAS_KASAN_SW_TAGS=y
CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y
# CONFIG_KASAN is not set
CONFIG_HAVE_ARCH_KFENCE=y

6
kernel/Dockerfile
View File

@@ -115,6 +115,9 @@ RUN case $(uname -m) in \
aarch64) \
KERNEL_DEF_CONF=/linux/arch/arm64/configs/defconfig; \
;; \
riscv64) \
KERNEL_DEF_CONF=/linux/arch/riscv/configs/defconfig; \
;; \
esac && \
cp /src/${KERNEL_SERIES}/config-$(uname -m) ${KERNEL_DEF_CONF}; \
if [ -n "${EXTRA}" ] && [ -f "/src/${KERNEL_SERIES}-${EXTRA}/config-$(uname -m)" ]; then \
@@ -139,6 +142,9 @@ RUN make -j "$(getconf _NPROCESSORS_ONLN)" KCFLAGS="-fno-pie" && \
aarch64) \
cp arch/arm64/boot/Image.gz /out/kernel; \
;; \
riscv64) \
cp arch/riscv/boot/Image.gz /out/kernel; \
;; \
esac && \
cp System.map /out && \
([ -n "${DEBUG}" ] && cp vmlinux /out || true)

48
kernel/Dockerfile.bcc
View File

@@ -24,11 +24,11 @@ RUN apk update && apk upgrade -a && \
iperf3 \
libedit-dev \
libtool \
llvm \
llvm-dev \
llvm-static \
llvm17-gtest \
luajit-dev \
libxml2 \
llvm19 \
llvm19-dev \
llvm19-static \
llvm19-gtest \
m4 \
musl-fts-dev \
python3 \
@@ -38,21 +38,8 @@ RUN apk update && apk upgrade -a && \
zlib-dev \
&& true
# this is just here to make later copies easier; do not forget to change this if the python version updates
ENV PYTHON_VERSION=3.11
RUN ln -s /usr/lib/cmake/llvm10/ /usr/lib/cmake/llvm && \
ln -s /usr/include/llvm10/llvm-c/ /usr/include/llvm-c && \
ln -s /usr/include/llvm10/llvm/ /usr/include/llvm
WORKDIR /build
ENV BCC_COMMIT=v0.29.1
RUN git clone https://github.com/iovisor/bcc.git && \
cd bcc && \
git checkout $BCC_COMMIT && \
sed -i 's/<error.h>/<errno.h>/' examples/cpp/KModRetExample.cc
COPY --from=ksrc /kernel-headers.tar /build
COPY --from=ksrc /kernel-dev.tar /build
COPY --from=ksrc /kernel.tar /build
@@ -60,15 +47,6 @@ RUN tar xf /build/kernel-headers.tar && \
tar xf /build/kernel-dev.tar && \
tar xf /build/kernel.tar
RUN mkdir -p bcc/build && cd bcc/build && \
cmake .. -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \
-DCMAKE_C_FLAGS="-I/build/usr/include" \
-DPYTHON_CMD=python3 \
-DCMAKE_CXX_FLAGS="-I/build/usr/include" \
-DCMAKE_INSTALL_PREFIX=/usr && \
make && \
make install
RUN mkdir -p /out/usr/ && \
cp -a /build/usr/src /out/usr/ && \
cp -a /build/usr/include /out/usr
@@ -76,23 +54,25 @@ RUN mkdir -p /out/usr/lib && \
cp -a /usr/lib/libelf* /out/usr/lib/ && \
cp -a /usr/lib/libstdc* /out/usr/lib/ && \
cp -a /usr/lib/libintl* /out/usr/lib/
RUN mkdir -p /out/usr/lib/python${PYTHON_VERSION} && \
cp -a /usr/lib/python${PYTHON_VERSION}/site-packages /out/usr/lib/python${PYTHON_VERSION}/
RUN mkdir -p /out/usr/share && \
cp -a /usr/share/bcc /out/usr/share/
RUN mkdir -p /out/usr/bin && \
cp -a /usr/bin/bcc-lua /out/usr/bin/
RUN PYTHONPATH=$(python3 -c "import sysconfig; print(sysconfig.get_path('stdlib'))") && mkdir -p /out${PYTHONPATH} && \
cp -a ${PYTHONPATH}/site-packages /out/${PYTHONPATH}
FROM ${BUILD_IMAGE} as mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk update && apk upgrade -a && \
apk add --no-cache --initdb -p /out \
bcc \
bcc-dev \
bcc-tools \
busybox \
luajit \
python3 \
zlib \
&& true
# lua/luajit is not available on all platforms, but we do not consider it blocking
RUN apk add --no-cache -p /out luajit || true
RUN apk add --no-cache -p /out bcc-lua || true
FROM scratch
ENTRYPOINT []
CMD []

3
kernel/Dockerfile.kconfig
View File

@@ -43,8 +43,9 @@ RUN set -e && \
patch -t -F0 -N -u -p1 < "$patch"; \
done; \
fi && \
[ ! -f /config-${SERIES}-x86_64 ] || mv /config-${SERIES}-x86_64 arch/x86/configs/x86_64_defconfig && \
[ ! -f /config-${SERIES}-x86_64 ] || mv /config-${SERIES}-x86_64 arch/x86/configs/x86_64_defconfig ; \
[ ! -f /config-${SERIES}-aarch64 ] || mv /config-${SERIES}-aarch64 arch/arm64/configs/defconfig ; \
[ ! -f /config-${SERIES}-riscv64 ] || mv /config-${SERIES}-riscv64 arch/riscv64/configs/riscv64_defconfig ; \
done
ENTRYPOINT ["/bin/sh"]

3
kernel/Dockerfile.kconfigx
View File

@@ -58,6 +58,9 @@ for VERSION in ${KERNEL_VERSIONS}; do
elif [ ${TARGETARCH} = "arm64" ] ; then
cp /config-${SERIES}-aarch64 .config
ARCH=arm64 make oldconfig
elif [ ${TARGETARCH} = "riscv64" ] ; then
cp /config-${SERIES}-riscv64 .config
ARCH=riscv64 make oldconfig
fi
done
EOF

2
kernel/Dockerfile.perf
View File

@@ -53,7 +53,7 @@ RUN make -C libtraceevent all install V=1
WORKDIR /linux
RUN mkdir -p /out && \
make -C tools/perf LDFLAGS=-static V=1 && \
make -C tools/perf EXTRA_CFLAGS="-Wno-alloc-size -Wno-calloc-transposed-args" LDFLAGS=-static V=1 && \
strip tools/perf/perf && \
cp tools/perf/perf /out

52
kernel/Makefile
View File

@@ -16,7 +16,7 @@ RM = rm -f
# Name and Org on Hub
ORG?=linuxkit
IMAGE?=kernel
IMAGE_BUILDER=linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e
IMAGE_BUILDER=linuxkit/alpine:35b33c6b03c40e51046c3b053dd131a68a26c37a
# You can specify an extra options for the Makefile. This will:
# - append a config$(EXTRA) to the kernel config for your kernel/arch
@@ -37,21 +37,23 @@ endif
REPO_ROOT:=$(shell git rev-parse --show-toplevel)
# determine our architecture
BUILDERARCH=
ARCH?=$(shell uname -m)
BUILDERARCH=$(ARCH)
ifneq ($(ARCH),)
ifeq ($(ARCH),$(filter $(ARCH),x86_64 amd64))
override ARCH=x86_64
BUILDERARCH=amd64
override BUILDERARCH=amd64
endif
ifeq ($(ARCH),$(filter $(ARCH),aarch64 arm64))
override ARCH=aarch64
BUILDERARCH=arm64
override BUILDERARCH=arm64
endif
ifeq ($(ARCH),riscv64)
override BUILDERARCH=riscv64
endif
endif
ifneq ($(BUILDERARCH),)
PLATFORMS=--platforms linux/$(BUILDERARCH)
endif
BUILD_PLATFORM=linux/$(BUILDERARCH)
HASHTAG=$(HASH)$(DIRTY)
@@ -124,11 +126,11 @@ buildkerneldeps-%: Dockerfile Makefile $(wildcard patches-$(call series,$*)/*) $
buildplainkernel-%: buildkerneldeps-%
$(eval KERNEL_SERIES=$(call series,$*))
linuxkit pkg build . $(FORCE) $(PLATFORMS) --build-yml ./build-kernel.yml --tag "$*-{{.Hash}}" --build-arg-file $(KERNEL_SERIES)/build-args
linuxkit pkg build . $(FORCE) --platforms $(BUILD_PLATFORM) --build-yml ./build-kernel.yml --tag "$*-{{.Hash}}" --build-arg-file $(KERNEL_SERIES)/build-args
builddebugkernel-%: buildkerneldeps-%
$(eval KERNEL_SERIES=$(call series,$*))
linuxkit pkg build . $(FORCE) $(PLATFORMS) --build-yml ./build-kernel.yml --tag "$*-dbg-{{.Hash}}" --build-arg-file $(KERNEL_SERIES)/build-args --build-arg-file build-args-debug
linuxkit pkg build . $(FORCE) --platforms $(BUILD_PLATFORM) --build-yml ./build-kernel.yml --tag "$*-dbg-{{.Hash}}" --build-arg-file $(KERNEL_SERIES)/build-args --build-arg-file build-args-debug
push-%: notdirty build-% pushkernel-% tagbuilder-% pushtools-%;
@@ -163,7 +165,7 @@ buildtool-%:
$(eval TOOL=$(call toolname,$*))
$(eval KERNEL_VERSION=$(call toolkernel,$*))
$(eval KERNEL_SERIES=$(call series,$(KERNEL_VERSION)))
linuxkit pkg build . $(FORCE) $(PLATFORMS) --build-yml ./build-$(TOOL).yml --tag "$(KERNEL_VERSION)-{{.Hash}}" --build-arg-file $(KERNEL_SERIES)/build-args
linuxkit pkg build . $(FORCE) --platforms $(BUILD_PLATFORM) --build-yml ./build-$(TOOL).yml --tag "$(KERNEL_VERSION)-{{.Hash}}" --build-arg-file $(KERNEL_SERIES)/build-args
pushtools-%: $(addprefix pushtool-%$(RELEASESEP),$(TOOLS));
@@ -206,34 +208,34 @@ update-kernel-semver-yaml-%:
update-kernel-yamls: $(addprefix update-kernel-hash-yaml-,$(KERNELS)) update-kernel-semver-yaml-$(KERNEL_HIGHEST);
# Target for kernel config
kconfig:
ifeq (${KCONFIG_TAG},)
docker build --no-cache -f Dockerfile.kconfig \
--build-arg KERNEL_VERSIONS="$(KERNEL_VERSIONS)" \
--build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \
-t linuxkit/kconfig .
else
docker build --no-cache -f Dockerfile.kconfig \
--build-arg KERNEL_VERSIONS="$(KERNEL_VERSIONS)" \
--build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \
-t linuxkit/kconfig:${KCONFIG_TAG} .
KCONFIG_TAG_EXTENSION=
ifneq (${KCONFIG_TAG},)
KCONFIG_TAG_EXTENSION=-${KCONFIG_TAG}
endif
kconfig:
docker build --no-cache -f Dockerfile.kconfig \
--build-arg KERNEL_VERSIONS="$(KERNEL_VERSIONS)" \
--build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \
--platform $(BUILD_PLATFORM) \
-t linuxkit/kconfig:$(ARCH)${KCONFIG_TAG_EXTENSION} .
kconfigx:
ifeq (${KCONFIG_TAG},)
docker buildx build --no-cache -f Dockerfile.kconfigx \
--platform=$(PLATFORMS) \
--platform $(BUILD_PLATFORM) \
--output . \
--build-arg KERNEL_VERSIONS="$(KERNEL_VERSIONS)" \
--build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \
-t linuxkit/kconfigx .
-t linuxkit/kconfigx:$(ARCH) .
cp linux_arm64/config-${KERNEL_VERSIONS}-arm64 config-${KERNEL_SERIES}-aarch64
cp linux_amd64/config-${KERNEL_VERSIONS}-amd64 config-${KERNEL_SERIES}-x86_64
cp linux_amd64/config-${KERNEL_VERSIONS}-riscv64 config-${KERNEL_SERIES}-riscv64
else
docker buildx build --no-cache -f Dockerfile.kconfigx \
--platform=$(PLATFORMS) --push \
--platform $(BUILD_PLATFORM) --push \
--output . \
--build-arg KERNEL_VERSIONS="$(KERNEL_VERSIONS)" \
--build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \
-t linuxkit/kconfigx:${KCONFIG_TAG} .
-t linuxkit/kconfigx:$(ARCH)${KCONFIG_TAG_EXTENSION} .
endif

2
linuxkit-template.yml
View File

@@ -1,5 +1,5 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- "@pkg:./pkg/init"

18
linuxkit.yml
View File

@@ -1,16 +1,16 @@
kernel:
image: linuxkit/kernel:6.6.13
image: linuxkit/kernel:6.6.71
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
init:
- linuxkit/init:872d2e1be745f1acb948762562cf31c367303a3b
- linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
- linuxkit/containerd:39301e7312f13eedf19bd5d5551af7b37001d435
- linuxkit/ca-certificates:5aaa343474e5ac3ac01f8b917e82efb1063d80ff
- linuxkit/init:680da6e6f79bb8236a095147d532cd2160e23c9f
- linuxkit/runc:2dfee46421e963d6c0d946137e46fe36fa606d29
- linuxkit/containerd:838b745e38e43309393675ce3cf04bee9047eb91
- linuxkit/ca-certificates:a4f15fe71bb0ad7560ff78f48504dd2af500a442
onboot:
- name: sysctl
image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
image: linuxkit/sysctl:2fad4cdf96faa97bf7888696b8c3ca00f98137af
- name: dhcpcd
image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
image: linuxkit/dhcpcd:4681273eeea47c26d980958656e60fe70d49e318
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
onshutdown:
- name: shutdown
@@ -18,11 +18,11 @@ onshutdown:
command: ["/bin/echo", "so long and thanks for all the fish"]
services:
- name: getty
image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
image: linuxkit/getty:37a16fb37f56ad0aee6532c1a39d780416f7fb80
env:
- INSECURE=true
- name: rngd
image: linuxkit/rngd:83a6481f04da73e710c1d416355920b8ff4dc1dd
image: linuxkit/rngd:80f22b0f60d23c29ce28d06674bc77fe3775a38b
- name: nginx
image: nginx:1.19.5-alpine
capabilities:

4
pkg/acpid/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \
@@ -6,7 +6,7 @@ RUN apk add --no-cache --initdb -p /out \
busybox
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror2
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror2
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \
acpid

2
pkg/auditd/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --initdb -p /out alpine-baselayout apk-tools audit busybox tini

4
pkg/binfmt/Dockerfile
View File

@@ -1,5 +1,5 @@
# Use Debian testing Qemu 4.2.0 until https://bugs.alpinelinux.org/issues/8131 is resolved.
FROM debian@sha256:d828cca5497a2519da9c6d42372066895fa28a69f1e8a46a38ce8f750bd2adf0 AS qemu
FROM debian@sha256:731dd1380d6a8d170a695dbeb17fe0eade0e1c29f654cf0a3a07f372191c3f4b AS qemu
RUN apt-get update && apt-get install -y qemu-user-static && \
mv /usr/bin/qemu-aarch64-static /usr/bin/qemu-aarch64 && \
mv /usr/bin/qemu-arm-static /usr/bin/qemu-arm && \
@@ -9,7 +9,7 @@ RUN apt-get update && apt-get install -y qemu-user-static && \
mv /usr/bin/qemu-loongarch64-static /usr/bin/qemu-loongarch64 && \
rm /usr/bin/qemu-*-static
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN apk add --no-cache go musl-dev
ENV GOPATH=/go PATH=$PATH:/go/bin

2
pkg/bpftrace/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS build
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS build
RUN apk add --update \
bison \
build-base \

2
pkg/ca-certificates/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e as alpine
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 as alpine
RUN apk add ca-certificates

8
pkg/cadvisor/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e as build
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 as build
RUN apk add --no-cache bash go git musl-dev linux-headers make patch
# Hack to work around an issue with go on arm64 requiring gcc
@@ -7,7 +7,7 @@ RUN [ $(uname -m) = aarch64 ] && apk add --no-cache gcc || true
ENV GOPATH=/go PATH=$PATH:/go/bin
ENV GITBASE=github.com/google
ENV GITREPO=github.com/google/cadvisor
ENV COMMIT=v0.36.0
ENV COMMIT=v0.51.0
ADD /static.patch /tmp/
@@ -18,10 +18,10 @@ RUN mkdir -p /go/src/${GITBASE} \
&& git checkout ${COMMIT} \
&& patch -p1 build/build.sh </tmp/static.patch \
&& make build \
&& mv cadvisor /usr/bin/
&& mv _output/cadvisor /usr/bin/
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \

1
pkg/cadvisor/build.yml
View File

@@ -3,6 +3,7 @@ network: true
arches:
- amd64
- arm64
- riscv64
config:
pid: host
binds:

2
pkg/cadvisor/static.patch
View File

@@ -1,6 +1,6 @@
--- build/build.sh.orig 2017-11-16 16:29:18.281342577 +0000
+++ build/build.sh 2017-11-16 16:29:55.534787421 +0000
@@ -44,6 +44,7 @@
@@ -47,6 +47,7 @@
-X ${repo_path}/version.BuildDate${ldseparator}${BUILD_DATE}
-X ${repo_path}/version.GoVersion${ldseparator}${go_version}"

6
pkg/containerd/Dockerfile
View File

@@ -1,15 +1,15 @@
# Dockerfile to build linuxkit/containerd for linuxkit
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e as alpine
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 as alpine
RUN apk add tzdata binutils
RUN mkdir -p /etc/init.d && ln -s /usr/bin/service /etc/init.d/020-containerd
FROM linuxkit/containerd-dev:af26a5c09a71b919ee8113501d783a5bf299482d as containerd-dev
FROM linuxkit/containerd-dev:1a4eee3fc0d683667c9115256f035f792f681f30 as containerd-dev
FROM scratch
ENTRYPOINT []
WORKDIR /
COPY --from=containerd-dev /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /usr/bin/containerd-shim-runc-v2 /usr/bin/
COPY --from=containerd-dev /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim-runc-v2 /usr/bin/
COPY --from=alpine /usr/share/zoneinfo/UTC /etc/localtime
COPY --from=alpine /etc/init.d/ /etc/init.d/
COPY etc etc/

2
pkg/dhcpcd/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \
alpine-baselayout \

2
pkg/dm-crypt/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \
alpine-baselayout \

2
pkg/dummy/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS build
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS build
RUN apk add --no-cache --initdb make
FROM scratch

4
pkg/extend/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \
@@ -15,7 +15,7 @@ RUN apk add --no-cache --initdb -p /out \
&& true
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS build
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS build
RUN apk add --no-cache go musl-dev
ENV GOPATH=/go PATH=$PATH:/go/bin

19
pkg/extend/extend.go
View File

@@ -22,8 +22,9 @@ import (
const timeout = 60
var (
fsTypeVar string
driveKeys []string
fsTypeVar string
stopOnError bool
driveKeys []string
)
// Fdisk is the JSON output from libfdisk
@@ -57,7 +58,12 @@ func autoextend(fsType string) error {
continue
}
if err := extend(d, fsType); err != nil {
return err
if stopOnError {
return err
}
log.Printf("Could not extend partition on device %s. Skipping", d)
continue
}
}
return nil
@@ -76,6 +82,11 @@ func extend(d, fsType string) error {
return fmt.Errorf("Unable to unmarshal partition table from sfdisk: %v", err)
}
if len(f.PartitionTable.Partitions) == 0 {
log.Printf("Disk %s has no partitions. Skipping", d)
return nil
}
if len(f.PartitionTable.Partitions) > 1 {
log.Printf("Disk %s has more than 1 partition. Skipping", d)
return nil
@@ -312,11 +323,13 @@ func findDrives() {
func init() {
flag.StringVar(&fsTypeVar, "type", "ext4", "Type of filesystem to create")
flag.BoolVar(&stopOnError, "stop-on-error", true, "Stops extending the remaining devices on first error")
}
func main() {
flag.Parse()
findDrives()
if flag.NArg() == 0 {
if err := autoextend(fsTypeVar); err != nil {
log.Fatalf("%v", err)

2
pkg/firmware-all/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS build
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS build
RUN apk add --no-cache git
# Make sure you also update the FW_COMMIT in ../firmware/Dockerfile

1
pkg/firmware-all/build.yml
View File

@@ -3,3 +3,4 @@ network: true
arches:
- amd64
- arm64
- riscv64

4
pkg/firmware/Dockerfile
View File

@@ -1,7 +1,7 @@
# Make modules from a recentish kernel available
FROM linuxkit/kernel:6.6.13 AS kernel
FROM linuxkit/kernel:6.6.71 AS kernel
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS build
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS build
RUN apk add --no-cache git kmod
# Clone the firmware repository

2
pkg/firmware/build.yml
View File

@@ -3,3 +3,5 @@ network: true
arches:
- amd64
- arm64
- riscv64

4
pkg/format/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \
@@ -15,7 +15,7 @@ RUN apk add --no-cache --initdb -p /out \
&& true
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS build
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS build
RUN apk add --no-cache go musl-dev
ENV GOPATH=/go PATH=$PATH:/go/bin

2
pkg/getty/Dockerfile
View File

@@ -1,5 +1,5 @@
# Dockerfile to build linuxkit/getty for linuxkit
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \

2
pkg/host-timesync-daemon/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN apk add --no-cache go musl-dev git
ENV GOPATH=/go PATH=$PATH:/go/bin

6
pkg/init/Dockerfile
View File

@@ -1,6 +1,6 @@
# Dockerfile to build linuxkit/init for linuxkit
FROM linuxkit/containerd-dev:af26a5c09a71b919ee8113501d783a5bf299482d AS containerd-dev
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS build
FROM linuxkit/containerd-dev:1a4eee3fc0d683667c9115256f035f792f681f30 AS containerd-dev
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS build
RUN apk add --no-cache --initdb alpine-baselayout make gcc musl-dev git linux-headers
ADD usermode-helper.c ./
@@ -27,7 +27,7 @@ RUN go-compile.sh /go/src/cmd/service
# volumes link to start
RUN mkdir -p /etc/init.d && ln -s /usr/bin/service /etc/init.d/005-volumes
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror
FROM linuxkit/alpine:6090baae063eb5023c9601966e88df831f789a70 AS mirror
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out alpine-baselayout busybox musl

14
pkg/init/cmd/service/cmd.go
View File

@@ -8,9 +8,9 @@ import (
"os"
"path/filepath"
"github.com/containerd/containerd"
"github.com/containerd/containerd/cio"
"github.com/containerd/containerd/namespaces"
"github.com/containerd/containerd/v2/client"
"github.com/containerd/containerd/v2/pkg/cio"
"github.com/containerd/containerd/v2/pkg/namespaces"
"github.com/opencontainers/runtime-spec/specs-go"
log "github.com/sirupsen/logrus"
)
@@ -104,7 +104,7 @@ func stop(ctx context.Context, service, sock, basePath string) (string, uint32,
runtimeConfig := getRuntimeConfig(path)
client, err := containerd.New(sock)
cli, err := client.New(sock)
if err != nil {
return "", 0, "creating containerd client", err
}
@@ -113,7 +113,7 @@ func stop(ctx context.Context, service, sock, basePath string) (string, uint32,
ctx = namespaces.WithNamespace(ctx, runtimeConfig.Namespace)
}
ctr, err := client.LoadContainer(ctx, service)
ctr, err := cli.LoadContainer(ctx, service)
if err != nil {
return "", 0, "loading container", err
}
@@ -160,7 +160,7 @@ func start(ctx context.Context, service, sock, basePath, dumpSpec string) (strin
return "", 0, "preparing filesystem", err
}
client, err := containerd.New(sock)
cli, err := client.New(sock)
if err != nil {
return "", 0, "creating containerd client", err
}
@@ -193,7 +193,7 @@ func start(ctx context.Context, service, sock, basePath, dumpSpec string) (strin
ctx = namespaces.WithNamespace(ctx, runtimeConfig.Namespace)
}
ctr, err := client.NewContainer(ctx, service, containerd.WithSpec(spec))
ctr, err := cli.NewContainer(ctx, service, client.WithSpec(spec))
if err != nil {
return "", 0, "failed to create container", err
}

2
pkg/init/cmd/service/main.go
View File

@@ -8,7 +8,7 @@ import (
"path/filepath"
"strings"
"github.com/containerd/containerd/namespaces"
"github.com/containerd/containerd/v2/pkg/namespaces"
log "github.com/sirupsen/logrus"
)

58
pkg/init/cmd/service/runc.go
View File

@@ -7,6 +7,7 @@ import (
"path"
"path/filepath"
"strconv"
"strings"
log "github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
@@ -62,10 +63,40 @@ func runcInit(rootPath, serviceType string) int {
}
logger := GetLog(logDir)
v2, err := isCgroupV2()
if err != nil {
log.Fatalf("Cannot determine cgroup version: %v", err)
}
msg := "cgroup v1"
if v2 {
msg = "cgroup v2"
}
log.Printf("Using %s", msg)
// did we choose to run in debug mode? If so, runc will be in debug, and all messages will go to stdout/stderr in addition to the log
var runcDebugMode, runcConsoleMode bool
dt, err := os.ReadFile("/proc/cmdline")
if err != nil {
log.Fatalf("error reading /proc/cmdline: %v", err)
}
debugLogger := log.New()
debugLogger.Level = log.InfoLevel
for _, s := range strings.Fields(string(dt)) {
if s == "linuxkit.runc_debug=1" {
runcDebugMode = true
debugLogger.Level = log.DebugLevel
}
if s == "linuxkit.runc_console=1" {
runcConsoleMode = true
}
}
for _, file := range files {
name := file.Name()
path := filepath.Join(rootPath, name)
log.Printf("%s %s: from %s", serviceType, name, path)
runtimeConfig := getRuntimeConfig(path)
@@ -74,8 +105,13 @@ func runcInit(rootPath, serviceType string) int {
status = 1
continue
}
debugLogger.Debugf("%s %s: creating", serviceType, name)
pidfile := filepath.Join(tmpdir, name)
cmd := exec.Command(runcBinary, "create", "--bundle", path, "--pid-file", pidfile, name)
cmdArgs := []string{"create", "--bundle", path, "--pid-file", pidfile, name}
if runcDebugMode {
cmdArgs = append([]string{"--debug"}, cmdArgs...)
}
cmd := exec.Command(runcBinary, cmdArgs...)
stdoutLog := serviceType + "." + name + ".out"
stdout, err := logger.Open(stdoutLog)
@@ -98,6 +134,15 @@ func runcInit(rootPath, serviceType string) int {
cmd.Stdout = stdout
cmd.Stderr = stderr
// if in console mode, send output to stdout/stderr instead of the log
// do not try io.MultiWriter(os.Stdout, stdout) as console messages will hang.
// it is not clear why, but since this is all for debugging anyways, it doesn't matter
// much.
if runcConsoleMode {
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
}
if err := cmd.Run(); err != nil {
log.Printf("Error creating %s: %v", name, err)
status = 1
@@ -117,6 +162,7 @@ func runcInit(rootPath, serviceType string) int {
continue
}
debugLogger.Debugf("%s %s: preparing", serviceType, name)
if err := prepareProcess(pid, runtimeConfig); err != nil {
log.Printf("Cannot prepare process: %v", err)
status = 1
@@ -134,7 +180,12 @@ func runcInit(rootPath, serviceType string) int {
waitFor <- state
}()
cmd = exec.Command(runcBinary, "start", name)
debugLogger.Debugf("%s %s: starting", serviceType, name)
cmdArgs = []string{"start", name}
if runcDebugMode {
cmdArgs = append([]string{"--debug"}, cmdArgs...)
}
cmd = exec.Command(runcBinary, cmdArgs...)
cmd.Stdout = stdout
cmd.Stderr = stderr
@@ -144,8 +195,10 @@ func runcInit(rootPath, serviceType string) int {
continue
}
debugLogger.Debugf("%s %s: waiting for completion", serviceType, name)
_ = <-waitFor
debugLogger.Debugf("%s %s: cleaning up", serviceType, name)
cleanup(path)
_ = os.Remove(pidfile)
@@ -154,6 +207,7 @@ func runcInit(rootPath, serviceType string) int {
// once that is fixed, this can be cleaned up
logger.Dump(stdoutLog)
logger.Dump(stderrLog)
debugLogger.Debugf("%s %s: complete", serviceType, name)
}
_ = os.RemoveAll(tmpdir)

8
pkg/init/cmd/service/system_init.go
View File

@@ -12,8 +12,8 @@ import (
"syscall"
"time"
"github.com/containerd/containerd"
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/v2/client"
"github.com/containerd/errdefs"
"github.com/pelletier/go-toml"
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
@@ -23,7 +23,7 @@ const (
containerdOptsFile = "/etc/containerd/runtime-config.toml"
)
func cleanupTask(ctx context.Context, ctr containerd.Container) error {
func cleanupTask(ctx context.Context, ctr client.Container) error {
task, err := ctr.Task(ctx, nil)
if err != nil {
if errdefs.IsNotFound(err) {
@@ -143,7 +143,7 @@ func systemInitCmd(ctx context.Context, args []string) {
}
// connect to containerd
client, err := containerd.New(*sock)
client, err := client.New(*sock)
if err != nil {
log.WithError(err).Fatal("creating containerd client")
}

56
pkg/init/cmd/service/volumeinit.go
View File

@@ -6,6 +6,7 @@ import (
"fmt"
"os"
"path/filepath"
"strings"
log "github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
@@ -59,36 +60,35 @@ func volumeInitCmd(ctx context.Context) int {
}
lowerDir := filepath.Join(*path, vol.Name(), "lower")
mergedDir := filepath.Join(*path, vol.Name(), "merged")
// need a tmpfs to create the workdir and upper
tmpDir := filepath.Join(*path, vol.Name(), "tmp")
if err := unix.Mount("tmpfs", tmpDir, "tmpfs", unix.MS_RELATIME, ""); err != nil {
log.WithError(err).Errorf("Error creating tmpDir for volume %s", vol.Name())
return 1
}
workDir := filepath.Join(tmpDir, "work")
upperDir := filepath.Join(tmpDir, "upper")
if err := os.Mkdir(upperDir, 0755); err != nil {
log.WithError(err).Errorf("Error creating upper dir for volume %s", vol.Name())
return 1
}
if err := os.Mkdir(workDir, 0755); err != nil {
log.WithError(err).Errorf("Error creating work dir for volume %s", vol.Name())
return 1
}
// and let's mount the actual dir
mountOps := []string{fmt.Sprintf("lowerdir=%s", lowerDir), fmt.Sprintf("upperdir=%s", upperDir), fmt.Sprintf("workdir=%s", workDir)}
if !readWrite {
log.Infof("Volume %s is read-only, bind-mounting read-only", vol.Name())
if err := unix.Mount(lowerDir, mergedDir, "bind", unix.MS_RDONLY, ""); err != nil {
log.WithError(err).Errorf("Error bind-mounting volume %s", vol.Name())
return 1
}
log.Infof("Volume %s is read-only", vol.Name())
mountOps = append(mountOps, "ro")
} else {
log.Infof("Volume %s is read-write, overlay mounting", vol.Name())
// need a tmpfs to create the workdir and upper
tmpDir := filepath.Join(*path, vol.Name(), "tmp")
if err := unix.Mount("tmpfs", tmpDir, "tmpfs", unix.MS_RELATIME, ""); err != nil {
log.WithError(err).Errorf("Error creating tmpDir for volume %s", vol.Name())
return 1
}
workDir := filepath.Join(tmpDir, "work")
upperDir := filepath.Join(tmpDir, "upper")
if err := os.Mkdir(upperDir, 0755); err != nil {
log.WithError(err).Errorf("Error creating upper dir for volume %s", vol.Name())
return 1
}
if err := os.Mkdir(workDir, 0755); err != nil {
log.WithError(err).Errorf("Error creating work dir for volume %s", vol.Name())
return 1
}
// and let's mount the actual dir
data := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerDir, upperDir, workDir)
if err := unix.Mount("overlay", mergedDir, "overlay", unix.MS_RELATIME, data); err != nil {
log.WithError(err).Errorf("Error overlay-mounting volume %s", vol.Name())
return 1
}
log.Infof("Volume %s is read-write", vol.Name())
}
data := strings.Join(mountOps, ",")
if err := unix.Mount("overlay", mergedDir, "overlay", unix.MS_RELATIME, data); err != nil {
log.WithError(err).Errorf("Error overlay-mounting volume %s", vol.Name())
return 1
}
}
return 0

72
pkg/init/go.mod
View File

@@ -1,60 +1,70 @@
module github.com/linuxkit/linuxkit/pkg/init
go 1.21.0
go 1.22.0
toolchain go1.23.1
require (
github.com/containerd/containerd v1.7.19
github.com/containerd/containerd/v2 v2.0.2
github.com/containerd/errdefs v1.0.0
github.com/opencontainers/runtime-spec v1.2.0
github.com/pelletier/go-toml v1.9.5
github.com/pkg/errors v0.9.1
github.com/sirupsen/logrus v1.9.3
github.com/vishvananda/netlink v1.2.1-beta.2
golang.org/x/sys v0.22.0
github.com/vishvananda/netlink v1.3.0
golang.org/x/sys v0.26.0
)
require (
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Microsoft/hcsshim v0.12.5 // indirect
github.com/Microsoft/hcsshim v0.12.9 // indirect
github.com/containerd/cgroups/v3 v3.0.3 // indirect
github.com/containerd/containerd/api v1.7.19 // indirect
github.com/containerd/continuity v0.4.3 // indirect
github.com/containerd/errdefs v0.1.0 // indirect
github.com/containerd/containerd/api v1.8.0 // indirect
github.com/containerd/continuity v0.4.4 // indirect
github.com/containerd/errdefs/pkg v0.3.0 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/platforms v0.2.1 // indirect
github.com/containerd/ttrpc v1.2.5 // indirect
github.com/containerd/typeurl/v2 v2.2.0 // indirect
github.com/containerd/platforms v1.0.0-rc.1 // indirect
github.com/containerd/plugin v1.0.0 // indirect
github.com/containerd/ttrpc v1.2.7 // indirect
github.com/containerd/typeurl/v2 v2.2.3 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/klauspost/compress v1.17.9 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/klauspost/compress v1.17.11 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/sys/mountinfo v0.7.1 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
github.com/moby/sys/user v0.1.0 // indirect
github.com/moby/sys/mountinfo v0.7.2 // indirect
github.com/moby/sys/sequential v0.6.0 // indirect
github.com/moby/sys/signal v0.7.1 // indirect
github.com/moby/sys/user v0.3.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 // indirect
github.com/opencontainers/selinux v1.11.1 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
github.com/vishvananda/netns v0.0.4 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
go.opentelemetry.io/otel v1.28.0 // indirect
go.opentelemetry.io/otel/metric v1.28.0 // indirect
go.opentelemetry.io/otel/trace v1.28.0 // indirect
golang.org/x/net v0.27.0 // indirect
golang.org/x/sync v0.7.0 // indirect
golang.org/x/text v0.16.0 // indirect
google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect
google.golang.org/grpc v1.65.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect
go.opentelemetry.io/otel v1.31.0 // indirect
go.opentelemetry.io/otel/metric v1.31.0 // indirect
go.opentelemetry.io/otel/trace v1.31.0 // indirect
golang.org/x/mod v0.21.0 // indirect
golang.org/x/net v0.30.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/text v0.19.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
google.golang.org/grpc v1.67.1 // indirect
google.golang.org/protobuf v1.35.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
tags.cncf.io/container-device-interface v0.8.0 // indirect
tags.cncf.io/container-device-interface/specs-go v0.8.0 // indirect
)

177
pkg/init/go.sum
View File

@@ -1,49 +1,55 @@
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 h1:dIScnXFlF784X79oi7MzVT6GWqr/W1uUt0pB5CsDs9M=
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2/go.mod h1:gCLVsLfv1egrcZu+GoJATN5ts75F2s62ih/457eWzOw=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
github.com/Microsoft/hcsshim v0.12.5 h1:bpTInLlDy/nDRWFVcefDZZ1+U8tS+rz3MxjKgu9boo0=
github.com/Microsoft/hcsshim v0.12.5/go.mod h1:tIUGego4G1EN5Hb6KC90aDYiUI2dqLSTTOCjVNpOgZ8=
github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg=
github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y=
github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0=
github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
github.com/containerd/containerd v1.7.19 h1:/xQ4XRJ0tamDkdzrrBAUy/LE5nCcxFKdBm4EcPrSMEE=
github.com/containerd/containerd v1.7.19/go.mod h1:h4FtNYUUMB4Phr6v+xG89RYKj9XccvbNSCKjdufCrkc=
github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA=
github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig=
github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
github.com/containerd/containerd/api v1.8.0 h1:hVTNJKR8fMc/2Tiw60ZRijntNMd1U+JVMyTRdsD2bS0=
github.com/containerd/containerd/api v1.8.0/go.mod h1:dFv4lt6S20wTu/hMcP4350RL87qPWLVa/OHOwmmdnYc=
github.com/containerd/containerd/v2 v2.0.2 h1:GmH/tRBlTvrXOLwSpWE2vNAm8+MqI6nmxKpKBNKY8Wc=
github.com/containerd/containerd/v2 v2.0.2/go.mod h1:wIqEvQ/6cyPFUGJ5yMFanspPabMLor+bF865OHvNTTI=
github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII=
github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU=
github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso=
github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g=
github.com/containerd/platforms v1.0.0-rc.1 h1:83KIq4yy1erSRgOVHNk1HYdPvzdJ5CnsWaRoJX4C41E=
github.com/containerd/platforms v1.0.0-rc.1/go.mod h1:J71L7B+aiM5SdIEqmd9wp6THLVRzJGXfNuWCZCllLA4=
github.com/containerd/plugin v1.0.0 h1:c8Kf1TNl6+e2TtMHZt+39yAPDbouRH9WAToRjex483Y=
github.com/containerd/plugin v1.0.0/go.mod h1:hQfJe5nmWfImiqT1q8Si3jLv3ynMUIBB47bQ+KexvO8=
github.com/containerd/ttrpc v1.2.7 h1:qIrroQvuOL9HQ1X6KHe2ohc7p+HP/0VE6XPU7elJRqQ=
github.com/containerd/ttrpc v1.2.7/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40=
github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -71,33 +77,46 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g=
github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg=
github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU=
github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4=
github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
github.com/moby/sys/signal v0.7.1 h1:PrQxdvxcGijdo6UXXo/lU/TvHUWyPhj7UOpSo8tuvk0=
github.com/moby/sys/signal v0.7.1/go.mod h1:Se1VGehYokAkrSQwL4tDzHvETwUZlnY7S5XtQ50mQp8=
github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo=
github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 h1:DmNGcqH3WDbV5k8OJ+esPWbqUOX5rMLR2PMvziDMJi0=
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8=
github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -105,36 +124,48 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/urfave/cli v1.19.1/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM=
go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -144,6 +175,8 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -153,31 +186,31 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -195,17 +228,15 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d h1:/hmn0Ku5kWij/kjGsrcJeC1T/MrJi2iNWwgAqrihFwc=
google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -215,11 +246,19 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
tags.cncf.io/container-device-interface v0.8.0 h1:8bCFo/g9WODjWx3m6EYl3GfUG31eKJbaggyBDxEldRc=
tags.cncf.io/container-device-interface v0.8.0/go.mod h1:Apb7N4VdILW0EVdEMRYXIDVRZfNJZ+kmEUss2kRRQ6Y=
tags.cncf.io/container-device-interface/specs-go v0.8.0 h1:QYGFzGxvYK/ZLMrjhvY0RjpUavIn4KcmRmVP/JjdBTA=
tags.cncf.io/container-device-interface/specs-go v0.8.0/go.mod h1:BhJIkjjPh4qpys+qm4DAYtUyryaTDg9zris+AczXyws=

48
pkg/init/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go generated vendored
View File

@@ -48,6 +48,7 @@ type ConsumeFuzzer struct {
NumberOfCalls int
position uint32
fuzzUnexportedFields bool
forceUTF8Strings bool
curDepth int
Funcs map[reflect.Type]reflect.Value
}
@@ -104,6 +105,14 @@ func (f *ConsumeFuzzer) DisallowUnexportedFields() {
f.fuzzUnexportedFields = false
}
func (f *ConsumeFuzzer) AllowNonUTF8Strings() {
f.forceUTF8Strings = false
}
func (f *ConsumeFuzzer) DisallowNonUTF8Strings() {
f.forceUTF8Strings = true
}
func (f *ConsumeFuzzer) GenerateStruct(targetStruct interface{}) error {
e := reflect.ValueOf(targetStruct).Elem()
return f.fuzzStruct(e, false)
@@ -224,6 +233,14 @@ func (f *ConsumeFuzzer) fuzzStruct(e reflect.Value, customFunctions bool) error
if e.CanSet() {
e.Set(uu)
}
case reflect.Uint:
newInt, err := f.GetUint()
if err != nil {
return err
}
if e.CanSet() {
e.SetUint(uint64(newInt))
}
case reflect.Uint16:
newInt, err := f.GetUint16()
if err != nil {
@@ -309,6 +326,14 @@ func (f *ConsumeFuzzer) fuzzStruct(e reflect.Value, customFunctions bool) error
if e.CanSet() {
e.SetUint(uint64(b))
}
case reflect.Bool:
b, err := f.GetBool()
if err != nil {
return err
}
if e.CanSet() {
e.SetBool(b)
}
}
return nil
}
@@ -410,6 +435,23 @@ func (f *ConsumeFuzzer) GetUint64() (uint64, error) {
return binary.BigEndian.Uint64(u64), nil
}
func (f *ConsumeFuzzer) GetUint() (uint, error) {
var zero uint
size := int(unsafe.Sizeof(zero))
if size == 8 {
u64, err := f.GetUint64()
if err != nil {
return 0, err
}
return uint(u64), nil
}
u32, err := f.GetUint32()
if err != nil {
return 0, err
}
return uint(u32), nil
}
func (f *ConsumeFuzzer) GetBytes() ([]byte, error) {
var length uint32
var err error
@@ -461,7 +503,11 @@ func (f *ConsumeFuzzer) GetString() (string, error) {
return "nil", errors.New("numbers overflow")
}
f.position = byteBegin + length
return string(f.data[byteBegin:f.position]), nil
s := string(f.data[byteBegin:f.position])
if f.forceUTF8Strings {
s = strings.ToValidUTF8(s, "")
}
return s, nil
}
func (f *ConsumeFuzzer) GetBool() (bool, error) {

2
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go generated vendored
View File

@@ -29,7 +29,7 @@ const (
)
func (es EndpointState) String() string {
return [...]string{"Uninitialized", "Attached", "AttachedSharing", "Detached", "Degraded", "Destroyed"}[es]
return [...]string{"Uninitialized", "Created", "Attached", "AttachedSharing", "Detached", "Degraded", "Destroyed"}[es]
}
// HNSEndpoint represents a network endpoint in HNS

11
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go generated vendored
View File

@@ -188,7 +188,7 @@ func Open(ctx context.Context, options *Options) (_ *JobObject, err error) {
return nil, winapi.RtlNtStatusToDosError(status)
}
} else {
jobHandle, err = winapi.OpenJobObject(winapi.JOB_OBJECT_ALL_ACCESS, 0, unicodeJobName.Buffer)
jobHandle, err = winapi.OpenJobObject(winapi.JOB_OBJECT_ALL_ACCESS, false, unicodeJobName.Buffer)
if err != nil {
return nil, err
}
@@ -523,12 +523,9 @@ func (job *JobObject) ApplyFileBinding(root, target string, readOnly bool) error
func isJobSilo(h windows.Handle) bool {
// None of the information from the structure that this info class expects will be used, this is just used as
// the call will fail if the job hasn't been upgraded to a silo so we can use this to tell when we open a job
// if it's a silo or not. Because none of the info matters simply define a dummy struct with the size that the call
// expects which is 16 bytes.
type isSiloObj struct {
_ [16]byte
}
var siloInfo isSiloObj
// if it's a silo or not. We still need to define the struct layout as expected by Win32, else the struct
// alignment might be different and the call will fail.
var siloInfo winapi.SILOOBJECT_BASIC_INFORMATION
err := winapi.QueryInformationJobObject(
h,
winapi.JobObjectSiloBasicInformation,

2
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/oc/errors.go generated vendored
View File

@@ -6,7 +6,7 @@ import (
"net"
"os"
"github.com/containerd/errdefs"
errdefs "github.com/containerd/errdefs/pkg/errgrpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)

3
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/vhdx/doc.go generated vendored Normal file
View File

@@ -0,0 +1,3 @@
// vhdx package adds the utility methods necessary to deal with the vhdx that are used as the scratch
// space for the containers and the uvm.
package vhdx

233
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/vhdx/info.go generated vendored Normal file
View File

@@ -0,0 +1,233 @@
//go:build windows
package vhdx
import (
"bytes"
"context"
"encoding/binary"
"fmt"
"os"
"syscall"
"unsafe"
"github.com/Microsoft/go-winio/pkg/guid"
"github.com/Microsoft/go-winio/vhd"
"github.com/Microsoft/hcsshim/internal/log"
"github.com/Microsoft/hcsshim/internal/oc"
"github.com/sirupsen/logrus"
"go.opencensus.io/trace"
"golang.org/x/sys/windows"
)
const _IOCTL_DISK_GET_DRIVE_LAYOUT_EX = 0x00070050
var partitionBasicDataGUID = guid.GUID{
Data1: 0xebd0a0a2,
Data2: 0xb9e5,
Data3: 0x4433,
Data4: [8]byte{0x87, 0xc0, 0x68, 0xb6, 0xb7, 0x26, 0x99, 0xc7},
}
const (
partitionStyleMBR uint32 = iota
partitionStyleGPT
partitionStyleRaw
)
// type partitionInformationMBR struct {
// PartitionType uint8
// BootIndicator uint8
// RecognizedPartition uint8
// HiddenSectors uint32
// PartitionId guid.GUID
// }
type partitionInformationGPT struct {
PartitionType guid.GUID
PartitionId guid.GUID
Attributes uint64
Name [72]byte // wide char
}
type partitionInformationEx struct {
PartitionStyle uint32
StartingOffset int64
PartitionLength int64
PartitionNumber uint32
RewritePartition uint8
IsServicePartition uint8
_ uint16
// A union of partitionInformationMBR and partitionInformationGPT
// since partitionInformationGPT is largest with 112 bytes
GptMbrUnion [112]byte
}
type driveLayoutInformationGPT struct {
DiskID guid.GUID
StartingUsableOffset int64
UsableLength int64
MaxPartitionCount uint32
}
// type driveLayoutInformationMBR struct {
// Signature uint32
// Checksum uint32
// }
type driveLayoutInformationEx struct {
PartitionStyle uint32
PartitionCount uint32
// A union of driveLayoutInformationGPT and driveLayoutInformationMBR
// since driveLayoutInformationGPT is largest with 40 bytes
GptMbrUnion [40]byte
PartitionEntry [1]partitionInformationEx
}
// Takes the physical path of a disk and retrieves the drive layout information of that disk. Returns the
// driveLayoutInformationEx struct and a slice of partitionInfomrationEx struct containing one element for
// each partition found on the vhdx. Note: some of the members like (GptMbrUnion) of these structs are raw
// byte arrays and it is the responsibility of the calling function to properly parse them.
func getDriveLayout(ctx context.Context, drivePhysicalPath string) (driveLayoutInformationEx, []partitionInformationEx, error) {
var (
outBytes uint32
err error
volume *os.File
)
layoutData := struct {
info driveLayoutInformationEx
// driveLayoutInformationEx has a flexible array member at the end. The data returned
// by IOCTL_DISK_GET_DRIVE_LAYOUT_EX usually has driveLayoutInformationEx.PartitionCount
// number of elements in this array. For all practical purposes we don't expect to have
// more than 64 partitions in a container/uvm vhdx.
partitions [63]partitionInformationEx
}{}
volume, err = os.OpenFile(drivePhysicalPath, os.O_RDONLY, 0)
if err != nil {
return layoutData.info, layoutData.partitions[:0], fmt.Errorf("failed to open drive: %w", err)
}
defer volume.Close()
err = windows.DeviceIoControl(windows.Handle(volume.Fd()),
_IOCTL_DISK_GET_DRIVE_LAYOUT_EX,
nil,
0,
(*byte)(unsafe.Pointer(&layoutData)),
uint32(unsafe.Sizeof(layoutData)),
&outBytes,
nil)
if err != nil {
return layoutData.info, layoutData.partitions[:0], fmt.Errorf("IOCTL to get disk layout failed: %w", err)
}
if layoutData.info.PartitionCount == 0 {
return layoutData.info, []partitionInformationEx{}, nil
} else {
// parse the retrieved data into driveLayoutInformationEx and partitionInformationEx
partitions := make([]partitionInformationEx, layoutData.info.PartitionCount)
partitions[0] = layoutData.info.PartitionEntry[0]
copy(partitions[1:], layoutData.partitions[:layoutData.info.PartitionCount-1])
return layoutData.info, partitions, nil
}
}
// Scratch VHDs are formatted with GPT style and have 1 MSFT_RESERVED
// partition and 1 BASIC_DATA partition. This struct contains the
// partitionID of this BASIC_DATA partition and the DiskID of this
// scratch vhdx.
type ScratchVhdxPartitionInfo struct {
DiskID guid.GUID
PartitionID guid.GUID
}
// Returns the VhdxInfo of a GPT vhdx at path vhdxPath.
func GetScratchVhdPartitionInfo(ctx context.Context, vhdxPath string) (_ ScratchVhdxPartitionInfo, err error) {
var (
diskHandle syscall.Handle
driveLayout driveLayoutInformationEx
partitions []partitionInformationEx
gptDriveLayout driveLayoutInformationGPT
gptPartitionInfo partitionInformationGPT
volumePath string
)
title := "hcsshim::GetScratchVhdPartitionInfo"
ctx, span := trace.StartSpan(ctx, title)
defer span.End()
defer func() { oc.SetSpanStatus(span, err) }()
span.AddAttributes(
trace.StringAttribute("path", vhdxPath))
diskHandle, err = vhd.OpenVirtualDisk(vhdxPath, vhd.VirtualDiskAccessNone, vhd.OpenVirtualDiskFlagNone)
if err != nil {
return ScratchVhdxPartitionInfo{}, fmt.Errorf("get scratch vhd info failed: %w", err)
}
defer func() {
if closeErr := syscall.CloseHandle(diskHandle); closeErr != nil {
log.G(ctx).WithFields(logrus.Fields{
"disk path": vhdxPath,
"error": closeErr,
}).Warn("failed to close vhd handle")
}
}()
err = vhd.AttachVirtualDisk(diskHandle, vhd.AttachVirtualDiskFlagNone, &vhd.AttachVirtualDiskParameters{Version: 2})
if err != nil {
return ScratchVhdxPartitionInfo{}, fmt.Errorf("get scratch vhd info failed: %w", err)
}
defer func() {
if detachErr := vhd.DetachVirtualDisk(diskHandle); detachErr != nil {
log.G(ctx).WithFields(logrus.Fields{
"disk path": vhdxPath,
"error": detachErr,
}).Warn("failed to detach vhd")
}
}()
volumePath, err = vhd.GetVirtualDiskPhysicalPath(diskHandle)
if err != nil {
return ScratchVhdxPartitionInfo{}, fmt.Errorf("get vhd physical path: %w", err)
}
driveLayout, partitions, err = getDriveLayout(ctx, volumePath)
if err != nil {
return ScratchVhdxPartitionInfo{}, err
}
if driveLayout.PartitionStyle != partitionStyleGPT {
return ScratchVhdxPartitionInfo{}, fmt.Errorf("drive Layout:Expected partition style GPT(%d) found %d", partitionStyleGPT, driveLayout.PartitionStyle)
}
if driveLayout.PartitionCount != 2 || len(partitions) != 2 {
return ScratchVhdxPartitionInfo{}, fmt.Errorf("expected exactly 2 partitions. Got %d partitions and partition count of %d", len(partitions), driveLayout.PartitionCount)
}
if partitions[1].PartitionStyle != partitionStyleGPT {
return ScratchVhdxPartitionInfo{}, fmt.Errorf("partition Info:Expected partition style GPT(%d) found %d", partitionStyleGPT, partitions[1].PartitionStyle)
}
bufReader := bytes.NewBuffer(driveLayout.GptMbrUnion[:])
if err := binary.Read(bufReader, binary.LittleEndian, &gptDriveLayout); err != nil {
return ScratchVhdxPartitionInfo{}, fmt.Errorf("failed to parse drive GPT layout: %w", err)
}
bufReader = bytes.NewBuffer(partitions[1].GptMbrUnion[:])
if err := binary.Read(bufReader, binary.LittleEndian, &gptPartitionInfo); err != nil {
return ScratchVhdxPartitionInfo{}, fmt.Errorf("failed to parse GPT partition info: %w", err)
}
if gptPartitionInfo.PartitionType != partitionBasicDataGUID {
return ScratchVhdxPartitionInfo{}, fmt.Errorf("expected partition type to have %s GUID found %s instead", partitionBasicDataGUID, gptPartitionInfo.PartitionType)
}
log.G(ctx).WithFields(logrus.Fields{
"Disk ID": gptDriveLayout.DiskID,
"GPT Partition ID": gptPartitionInfo.PartitionId,
}).Debug("Scratch VHD partition info")
return ScratchVhdxPartitionInfo{DiskID: gptDriveLayout.DiskID, PartitionID: gptPartitionInfo.PartitionId}, nil
}

289
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/wclayer/cim/LayerWriter.go generated vendored Normal file
View File

@@ -0,0 +1,289 @@
//go:build windows
package cim
import (
"context"
"fmt"
"io"
"os"
"path/filepath"
"strconv"
"strings"
"github.com/Microsoft/go-winio"
"github.com/Microsoft/hcsshim/internal/log"
"github.com/Microsoft/hcsshim/internal/oc"
"github.com/Microsoft/hcsshim/internal/wclayer"
"github.com/Microsoft/hcsshim/osversion"
"github.com/Microsoft/hcsshim/pkg/cimfs"
"go.opencensus.io/trace"
)
// A CimLayerWriter implements the wclayer.LayerWriter interface to allow writing container
// image layers in the cim format.
// A cim layer consist of cim files (which are usually stored in the `cim-layers` directory and
// some other files which are stored in the directory of that layer (i.e the `path` directory).
type CimLayerWriter struct {
ctx context.Context
s *trace.Span
// path to the layer (i.e layer's directory) as provided by the caller.
// Even if a layer is stored as a cim in the cim directory, some files associated
// with a layer are still stored in this path.
path string
// parent layer paths
parentLayerPaths []string
// Handle to the layer cim - writes to the cim file
cimWriter *cimfs.CimFsWriter
// Handle to the writer for writing files in the local filesystem
stdFileWriter *stdFileWriter
// reference to currently active writer either cimWriter or stdFileWriter
activeWriter io.Writer
// denotes if this layer has the UtilityVM directory
hasUtilityVM bool
// some files are written outside the cim during initial import (via stdFileWriter) because we need to
// make some modifications to these files before writing them to the cim. The pendingOps slice
// maintains a list of such delayed modifications to the layer cim. These modifications are applied at
// the very end of layer import process.
pendingOps []pendingCimOp
}
type hive struct {
name string
base string
delta string
}
var (
hives = []hive{
{"SYSTEM", "SYSTEM_BASE", "SYSTEM_DELTA"},
{"SOFTWARE", "SOFTWARE_BASE", "SOFTWARE_DELTA"},
{"SAM", "SAM_BASE", "SAM_DELTA"},
{"SECURITY", "SECURITY_BASE", "SECURITY_DELTA"},
{"DEFAULT", "DEFAULTUSER_BASE", "DEFAULTUSER_DELTA"},
}
)
func isDeltaOrBaseHive(path string) bool {
for _, hv := range hives {
if strings.EqualFold(path, filepath.Join(wclayer.HivesPath, hv.delta)) ||
strings.EqualFold(path, filepath.Join(wclayer.RegFilesPath, hv.name)) {
return true
}
}
return false
}
// checks if this particular file should be written with a stdFileWriter instead of
// using the cimWriter.
func isStdFile(path string) bool {
return (isDeltaOrBaseHive(path) ||
path == filepath.Join(wclayer.UtilityVMPath, wclayer.RegFilesPath, "SYSTEM") ||
path == filepath.Join(wclayer.UtilityVMPath, wclayer.RegFilesPath, "SOFTWARE") ||
path == wclayer.BcdFilePath || path == wclayer.BootMgrFilePath)
}
// Add adds a file to the layer with given metadata.
func (cw *CimLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo, fileSize int64, securityDescriptor []byte, extendedAttributes []byte, reparseData []byte) error {
if name == wclayer.UtilityVMPath {
cw.hasUtilityVM = true
}
if isStdFile(name) {
// create a pending op for this file
cw.pendingOps = append(cw.pendingOps, &addOp{
pathInCim: name,
hostPath: filepath.Join(cw.path, name),
fileInfo: fileInfo,
securityDescriptor: securityDescriptor,
extendedAttributes: extendedAttributes,
reparseData: reparseData,
})
if err := cw.stdFileWriter.Add(name); err != nil {
return err
}
cw.activeWriter = cw.stdFileWriter
} else {
if err := cw.cimWriter.AddFile(name, fileInfo, fileSize, securityDescriptor, extendedAttributes, reparseData); err != nil {
return err
}
cw.activeWriter = cw.cimWriter
}
return nil
}
// AddLink adds a hard link to the layer. The target must already have been added.
func (cw *CimLayerWriter) AddLink(name string, target string) error {
// set active write to nil so that we panic if layer tar is incorrectly formatted.
cw.activeWriter = nil
if isStdFile(target) {
// If this is a link to a std file it will have to be added later once the
// std file is written to the CIM. Create a pending op for this
cw.pendingOps = append(cw.pendingOps, &linkOp{
oldPath: target,
newPath: name,
})
return nil
} else if isStdFile(name) {
// None of the predefined std files are links. If they show up as links this is unexpected
// behavior. Error out.
return fmt.Errorf("unexpected link %s in layer", name)
} else {
return cw.cimWriter.AddLink(target, name)
}
}
// AddAlternateStream creates another alternate stream at the given
// path. Any writes made after this call will go to that stream.
func (cw *CimLayerWriter) AddAlternateStream(name string, size uint64) error {
if isStdFile(name) {
// As of now there is no known case of std file having multiple data streams.
// If such a file is encountered our assumptions are wrong. Error out.
return fmt.Errorf("unexpected alternate stream %s in layer", name)
}
if err := cw.cimWriter.CreateAlternateStream(name, size); err != nil {
return err
}
cw.activeWriter = cw.cimWriter
return nil
}
// Remove removes a file that was present in a parent layer from the layer.
func (cw *CimLayerWriter) Remove(name string) error {
// set active write to nil so that we panic if layer tar is incorrectly formatted.
cw.activeWriter = nil
return cw.cimWriter.Unlink(name)
}
// Write writes data to the current file. The data must be in the format of a Win32
// backup stream.
func (cw *CimLayerWriter) Write(b []byte) (int, error) {
return cw.activeWriter.Write(b)
}
// Close finishes the layer writing process and releases any resources.
func (cw *CimLayerWriter) Close(ctx context.Context) (retErr error) {
if err := cw.stdFileWriter.Close(ctx); err != nil {
return err
}
// cimWriter must be closed even if there are errors.
defer func() {
if err := cw.cimWriter.Close(); retErr == nil {
retErr = err
}
}()
// Find out the osversion of this layer, both base & non-base layers can have UtilityVM layer.
processUtilityVM := false
if cw.hasUtilityVM {
uvmSoftwareHivePath := filepath.Join(cw.path, wclayer.UtilityVMPath, wclayer.RegFilesPath, "SOFTWARE")
osvStr, err := getOsBuildNumberFromRegistry(uvmSoftwareHivePath)
if err != nil {
return fmt.Errorf("read os version string from UtilityVM SOFTWARE hive: %w", err)
}
osv, err := strconv.ParseUint(osvStr, 10, 16)
if err != nil {
return fmt.Errorf("parse os version string (%s): %w", osvStr, err)
}
// write this version to a file for future reference by the shim process
if err = wclayer.WriteLayerUvmBuildFile(cw.path, uint16(osv)); err != nil {
return fmt.Errorf("write uvm build version: %w", err)
}
// CIMFS for hyperV isolated is only supported after 20348, processing UtilityVM layer on 2048
// & lower will cause failures since those images won't have CIMFS specific UVM files (mostly
// BCD entries required for CIMFS)
processUtilityVM = (osv > osversion.LTSC2022)
log.G(ctx).Debugf("import image os version %d, processing UtilityVM layer: %t\n", osv, processUtilityVM)
}
if len(cw.parentLayerPaths) == 0 {
if err := cw.processBaseLayer(ctx, processUtilityVM); err != nil {
return fmt.Errorf("process base layer: %w", err)
}
} else {
if err := cw.processNonBaseLayer(ctx, processUtilityVM); err != nil {
return fmt.Errorf("process non base layer: %w", err)
}
}
for _, op := range cw.pendingOps {
if err := op.apply(cw.cimWriter); err != nil {
return fmt.Errorf("apply pending operations: %w", err)
}
}
return nil
}
func NewCimLayerWriter(ctx context.Context, path string, parentLayerPaths []string) (_ *CimLayerWriter, err error) {
if !cimfs.IsCimFSSupported() {
return nil, fmt.Errorf("CimFs not supported on this build")
}
ctx, span := trace.StartSpan(ctx, "hcsshim::NewCimLayerWriter")
defer func() {
if err != nil {
oc.SetSpanStatus(span, err)
span.End()
}
}()
span.AddAttributes(
trace.StringAttribute("path", path),
trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
parentCim := ""
cimDirPath := GetCimDirFromLayer(path)
if _, err = os.Stat(cimDirPath); os.IsNotExist(err) {
// create cim directory
if err = os.Mkdir(cimDirPath, 0755); err != nil {
return nil, fmt.Errorf("failed while creating cim layers directory: %w", err)
}
} else if err != nil {
return nil, fmt.Errorf("unable to access cim layers directory: %w", err)
}
if len(parentLayerPaths) > 0 {
parentCim = GetCimNameFromLayer(parentLayerPaths[0])
}
cim, err := cimfs.Create(cimDirPath, parentCim, GetCimNameFromLayer(path))
if err != nil {
return nil, fmt.Errorf("error in creating a new cim: %w", err)
}
sfw, err := newStdFileWriter(path, parentLayerPaths)
if err != nil {
return nil, fmt.Errorf("error in creating new standard file writer: %w", err)
}
return &CimLayerWriter{
ctx: ctx,
s: span,
path: path,
parentLayerPaths: parentLayerPaths,
cimWriter: cim,
stdFileWriter: sfw,
}, nil
}
// DestroyCimLayer destroys a cim layer i.e it removes all the cimfs files for the given layer as well as
// all of the other files that are stored in the layer directory (at path `layerPath`).
// If this is not a cimfs layer (i.e a cim file for the given layer does not exist) then nothing is done.
func DestroyCimLayer(ctx context.Context, layerPath string) error {
cimPath := GetCimPathFromLayer(layerPath)
// verify that such a cim exists first, sometimes containerd tries to call
// this with the root snapshot directory as the layer path. We don't want to
// destroy everything inside the snapshots directory.
if _, err := os.Stat(cimPath); err != nil {
if os.IsNotExist(err) {
return nil
}
return err
}
return cimfs.DestroyCim(ctx, cimPath)
}

107
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/wclayer/cim/bcd.go generated vendored Normal file
View File

@@ -0,0 +1,107 @@
//go:build windows
package cim
import (
"bytes"
"fmt"
"os/exec"
"github.com/Microsoft/go-winio/pkg/guid"
)
const (
bcdFilePath = "UtilityVM\\Files\\EFI\\Microsoft\\Boot\\BCD"
cimfsDeviceOptionsID = "{763e9fea-502d-434f-aad9-5fabe9c91a7b}"
vmbusDeviceID = "{c63c9bdf-5fa5-4208-b03f-6b458b365592}"
compositeDeviceOptionsID = "{e1787220-d17f-49e7-977a-d8fe4c8537e2}"
bootContainerID = "{b890454c-80de-4e98-a7ab-56b74b4fbd0c}"
)
func bcdExec(storePath string, args ...string) error {
var out bytes.Buffer
argsArr := []string{"/store", storePath, "/offline"}
argsArr = append(argsArr, args...)
cmd := exec.Command("bcdedit.exe", argsArr...)
cmd.Stdout = &out
if err := cmd.Run(); err != nil {
return fmt.Errorf("bcd command (%s) failed: %w", cmd, err)
}
return nil
}
// A registry configuration required for the uvm.
func setBcdRestartOnFailure(storePath string) error {
return bcdExec(storePath, "/set", "{default}", "restartonfailure", "yes")
}
func setBcdCimBootDevice(storePath, cimPathRelativeToVSMB string, diskID, partitionID guid.GUID) error {
// create options for cimfs boot device
if err := bcdExec(storePath, "/create", cimfsDeviceOptionsID, "/d", "CimFS Device Options", "/device"); err != nil {
return err
}
// Set options. For now we need to set 2 options. First is the parent device i.e the device under
// which all cim files will be available. Second is the path of the cim (from which this UVM should
// boot) relative to the parent device. Note that even though the 2nd option is named
// `cimfsrootdirectory` it expects a path to the cim file and not a directory path.
if err := bcdExec(storePath, "/set", cimfsDeviceOptionsID, "cimfsparentdevice", fmt.Sprintf("vmbus=%s", vmbusDeviceID)); err != nil {
return err
}
if err := bcdExec(storePath, "/set", cimfsDeviceOptionsID, "cimfsrootdirectory", fmt.Sprintf("\\%s", cimPathRelativeToVSMB)); err != nil {
return err
}
// create options for the composite device
if err := bcdExec(storePath, "/create", compositeDeviceOptionsID, "/d", "Composite Device Options", "/device"); err != nil {
return err
}
// We need to specify the diskID & the partition ID of the boot disk and we need to set the cimfs boot
// options ID
partitionStr := fmt.Sprintf("gpt_partition={%s};{%s}", diskID, partitionID)
if err := bcdExec(storePath, "/set", compositeDeviceOptionsID, "primarydevice", partitionStr); err != nil {
return err
}
if err := bcdExec(storePath, "/set", compositeDeviceOptionsID, "secondarydevice", fmt.Sprintf("cimfs=%s,%s", bootContainerID, cimfsDeviceOptionsID)); err != nil {
return err
}
if err := bcdExec(storePath, "/set", "{default}", "device", fmt.Sprintf("composite=0,%s", compositeDeviceOptionsID)); err != nil {
return err
}
if err := bcdExec(storePath, "/set", "{default}", "osdevice", fmt.Sprintf("composite=0,%s", compositeDeviceOptionsID)); err != nil {
return err
}
// Since our UVM file are stored under UtilityVM\Files directory inside the CIM we must prepend that
// directory in front of paths used by bootmgr
if err := bcdExec(storePath, "/set", "{default}", "path", "\\UtilityVM\\Files\\Windows\\System32\\winload.efi"); err != nil {
return err
}
if err := bcdExec(storePath, "/set", "{default}", "systemroot", "\\UtilityVM\\Files\\Windows"); err != nil {
return err
}
return nil
}
// updateBcdStoreForBoot Updates the bcd store at path layerPath + UtilityVM\Files\EFI\Microsoft\Boot\BCD` to
// boot with the disk with given ID and given partitionID. cimPathRelativeToVSMB is the path of the cim which
// will be used for booting this UVM relative to the VSMB share. (Usually, the entire snapshots directory will
// be shared over VSMB, so if this is the cim-layers\1.cim under that directory, the value of
// `cimPathRelativeToVSMB` should be cim-layers\1.cim)
func updateBcdStoreForBoot(storePath string, cimPathRelativeToVSMB string, diskID, partitionID guid.GUID) error {
if err := setBcdRestartOnFailure(storePath); err != nil {
return err
}
if err := setBcdCimBootDevice(storePath, cimPathRelativeToVSMB, diskID, partitionID); err != nil {
return err
}
return nil
}

41
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/wclayer/cim/common.go generated vendored Normal file
View File

@@ -0,0 +1,41 @@
//go:build windows
package cim
import (
"os"
"path/filepath"
)
const (
// name of the directory in which cims are stored
cimDir = "cim-layers"
)
// Usually layers are stored at ./root/io.containerd.snapshotter.v1.windows/snapshots/<layerid>. For cimfs we
// must store all layer cims in the same directory (for forked cims to work). So all cim layers are stored in
// /root/io.containerd.snapshotter.v1.windows/snapshots/cim-layers. And the cim file representing each
// individual layer is stored at /root/io.containerd.snapshotter.v1.windows/snapshots/cim-layers/<layerid>.cim
// CimName is the filename (<layerid>.cim) of the file representing the cim
func GetCimNameFromLayer(layerPath string) string {
return filepath.Base(layerPath) + ".cim"
}
// CimPath is the path to the CimDir/<layerid>.cim file that represents a layer cim.
func GetCimPathFromLayer(layerPath string) string {
return filepath.Join(GetCimDirFromLayer(layerPath), GetCimNameFromLayer(layerPath))
}
// CimDir is the directory inside which all cims are stored.
func GetCimDirFromLayer(layerPath string) string {
dir := filepath.Dir(layerPath)
return filepath.Join(dir, cimDir)
}
// IsCimLayer returns `true` if the layer at path `layerPath` is a cim layer. Returns `false` otherwise.
func IsCimLayer(layerPath string) bool {
cimPath := GetCimPathFromLayer(layerPath)
_, err := os.Stat(cimPath)
return (err == nil)
}

3
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/wclayer/cim/doc.go generated vendored Normal file
View File

@@ -0,0 +1,3 @@
// This package provides utilities for working with container image layers in the cim format
// via the wclayer APIs.
package cim

90
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/wclayer/cim/file_writer.go generated vendored Normal file
View File

@@ -0,0 +1,90 @@
//go:build windows
package cim
import (
"context"
"fmt"
"os"
"path/filepath"
"syscall"
"github.com/Microsoft/go-winio"
"github.com/Microsoft/hcsshim/internal/safefile"
"github.com/Microsoft/hcsshim/internal/winapi"
)
// stdFileWriter writes the files of a layer to the layer folder instead of writing them inside the cim.
// For some files (like the Hive files or some UtilityVM files) it is necessary to write them as a normal file
// first, do some modifications on them (for example merging of hives or processing of UtilityVM files)
// and then write the modified versions into the cim. This writer is used for such files.
type stdFileWriter struct {
activeFile *os.File
// parent layer paths
parentLayerPaths []string
// path to the current layer
path string
// the open handle to the path directory
root *os.File
}
func newStdFileWriter(root string, parentRoots []string) (sfw *stdFileWriter, err error) {
sfw = &stdFileWriter{
path: root,
parentLayerPaths: parentRoots,
}
sfw.root, err = safefile.OpenRoot(root)
if err != nil {
return
}
return
}
func (sfw *stdFileWriter) closeActiveFile() (err error) {
if sfw.activeFile != nil {
err = sfw.activeFile.Close()
sfw.activeFile = nil
}
return
}
// Adds a new file or an alternate data stream to an existing file inside the layer directory.
func (sfw *stdFileWriter) Add(name string) error {
if err := sfw.closeActiveFile(); err != nil {
return err
}
// The directory of this file might be created inside the cim.
// make sure we have the same parent directory chain here
if err := safefile.MkdirAllRelative(filepath.Dir(name), sfw.root); err != nil {
return fmt.Errorf("failed to create file %s: %w", name, err)
}
f, err := safefile.OpenRelative(
name,
sfw.root,
syscall.GENERIC_READ|syscall.GENERIC_WRITE|winio.WRITE_DAC|winio.WRITE_OWNER,
syscall.FILE_SHARE_READ,
winapi.FILE_CREATE,
0,
)
if err != nil {
return fmt.Errorf("error creating file %s: %w", name, err)
}
sfw.activeFile = f
return nil
}
// Write writes data to the current file. The data must be in the format of a Win32
// backup stream.
func (sfw *stdFileWriter) Write(b []byte) (int, error) {
return sfw.activeFile.Write(b)
}
// Close finishes the layer writing process and releases any resources.
func (sfw *stdFileWriter) Close(ctx context.Context) error {
if err := sfw.closeActiveFile(); err != nil {
return fmt.Errorf("failed to close active file %s : %w", sfw.activeFile.Name(), err)
}
return nil
}

89
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/wclayer/cim/mount.go generated vendored Normal file
View File

@@ -0,0 +1,89 @@
//go:build windows
package cim
import (
"context"
"fmt"
"os"
"sync"
"github.com/Microsoft/go-winio/pkg/guid"
hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
cimfs "github.com/Microsoft/hcsshim/pkg/cimfs"
)
// a cache of cim layer to its mounted volume - The mount manager plugin currently doesn't have an option of
// querying a mounted cim to get the volume at which it is mounted, so we maintain a cache of that here
var (
cimMounts map[string]string = make(map[string]string)
cimMountMapLock sync.Mutex
// A random GUID used as a namespace for generating cim mount volume GUIDs: 6827367b-c388-4e9b-95ec-961c6d2c936c
cimMountNamespace guid.GUID = guid.GUID{Data1: 0x6827367b, Data2: 0xc388, Data3: 0x4e9b, Data4: [8]byte{0x96, 0x1c, 0x6d, 0x2c, 0x93, 0x6c}}
)
// MountCimLayer mounts the cim at path `cimPath` and returns the mount location of that cim. This method
// uses the `CimMountFlagCacheFiles` mount flag when mounting the cim. The containerID is used to generated
// the volumeID for the volume at which this CIM is mounted. containerID is used so that if the shim process
// crashes for any reason, the mounted cim can be correctly cleaned up during `shim delete` call.
func MountCimLayer(ctx context.Context, cimPath, containerID string) (string, error) {
volumeGUID, err := guid.NewV5(cimMountNamespace, []byte(containerID))
if err != nil {
return "", fmt.Errorf("generated cim mount GUID: %w", err)
}
vol, err := cimfs.Mount(cimPath, volumeGUID, hcsschema.CimMountFlagCacheFiles)
if err != nil {
return "", err
}
cimMountMapLock.Lock()
defer cimMountMapLock.Unlock()
cimMounts[fmt.Sprintf("%s_%s", containerID, cimPath)] = vol
return vol, nil
}
// Unmount unmounts the cim at mounted for given container.
func UnmountCimLayer(ctx context.Context, cimPath, containerID string) error {
cimMountMapLock.Lock()
defer cimMountMapLock.Unlock()
if vol, ok := cimMounts[fmt.Sprintf("%s_%s", containerID, cimPath)]; !ok {
return fmt.Errorf("cim %s not mounted", cimPath)
} else {
delete(cimMounts, fmt.Sprintf("%s_%s", containerID, cimPath))
err := cimfs.Unmount(vol)
if err != nil {
return err
}
}
return nil
}
// GetCimMountPath returns the volume at which a cim is mounted. If the cim is not mounted returns error
func GetCimMountPath(cimPath, containerID string) (string, error) {
cimMountMapLock.Lock()
defer cimMountMapLock.Unlock()
if vol, ok := cimMounts[fmt.Sprintf("%s_%s", containerID, cimPath)]; !ok {
return "", fmt.Errorf("cim %s not mounted", cimPath)
} else {
return vol, nil
}
}
func CleanupContainerMounts(containerID string) error {
volumeGUID, err := guid.NewV5(cimMountNamespace, []byte(containerID))
if err != nil {
return fmt.Errorf("generated cim mount GUID: %w", err)
}
volPath := fmt.Sprintf("\\\\?\\Volume{%s}\\", volumeGUID.String())
if _, err := os.Stat(volPath); err == nil {
err = cimfs.Unmount(volPath)
if err != nil {
return err
}
}
return nil
}

68
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/wclayer/cim/pending.go generated vendored Normal file
View File

@@ -0,0 +1,68 @@
//go:build windows
package cim
import (
"fmt"
"io"
"os"
"github.com/Microsoft/go-winio"
"github.com/Microsoft/hcsshim/pkg/cimfs"
"golang.org/x/sys/windows"
)
type pendingCimOp interface {
apply(cw *cimfs.CimFsWriter) error
}
// add op represents a pending operation of adding a new file inside the cim
type addOp struct {
// path inside the cim at which the file should be added
pathInCim string
// host path where this file was temporarily written.
hostPath string
// other file metadata fields that were provided during the add call.
fileInfo *winio.FileBasicInfo
securityDescriptor []byte
extendedAttributes []byte
reparseData []byte
}
func (o *addOp) apply(cw *cimfs.CimFsWriter) error {
f, err := os.Open(o.hostPath)
if err != nil {
return fmt.Errorf("open file %s: %w", o.hostPath, err)
}
defer f.Close()
fs, err := f.Stat()
if err != nil {
return fmt.Errorf("stat file %s: %w", o.hostPath, err)
}
if err := cw.AddFile(o.pathInCim, o.fileInfo, fs.Size(), o.securityDescriptor, o.extendedAttributes, o.reparseData); err != nil {
return fmt.Errorf("cim add file %s: %w", o.hostPath, err)
}
if o.fileInfo.FileAttributes != windows.FILE_ATTRIBUTE_DIRECTORY {
written, err := io.Copy(cw, f)
if err != nil {
return fmt.Errorf("write file %s inside cim: %w", o.hostPath, err)
} else if written != fs.Size() {
return fmt.Errorf("short write to cim for file %s, expected %d bytes wrote %d", o.hostPath, fs.Size(), written)
}
}
return nil
}
// linkOp represents a pending link file operation inside the cim
type linkOp struct {
// old & new paths inside the cim where the link should be created
oldPath string
newPath string
}
func (o *linkOp) apply(cw *cimfs.CimFsWriter) error {
return cw.AddLink(o.oldPath, o.newPath)
}

230
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/wclayer/cim/process.go generated vendored Normal file
View File

@@ -0,0 +1,230 @@
//go:build windows
package cim
import (
"context"
"fmt"
"os"
"path/filepath"
"syscall"
"time"
"github.com/Microsoft/go-winio"
"github.com/Microsoft/go-winio/vhd"
"github.com/Microsoft/hcsshim/computestorage"
"github.com/Microsoft/hcsshim/internal/memory"
"github.com/Microsoft/hcsshim/internal/security"
"github.com/Microsoft/hcsshim/internal/vhdx"
"github.com/Microsoft/hcsshim/internal/wclayer"
"golang.org/x/sys/windows"
)
const defaultVHDXBlockSizeInMB = 1
// processUtilityVMLayer is similar to createContainerBaseLayerVHDs but along with the scratch creation it
// also does some BCD modifications to allow the UVM to boot from the CIM. It expects that the UVM BCD file is
// present at layerPath/`wclayer.BcdFilePath` and a UVM SYSTEM hive is present at
// layerPath/UtilityVM/`wclayer.RegFilesPath`/SYSTEM. The scratch VHDs are created under the `layerPath`
// directory.
func processUtilityVMLayer(ctx context.Context, layerPath string) error {
// func createUtilityVMLayerVHDs(ctx context.Context, layerPath string) error {
baseVhdPath := filepath.Join(layerPath, wclayer.UtilityVMPath, wclayer.UtilityVMBaseVhd)
diffVhdPath := filepath.Join(layerPath, wclayer.UtilityVMPath, wclayer.UtilityVMScratchVhd)
defaultVhdSize := uint64(10)
// Just create the vhdx for utilityVM layer, no need to format it.
createParams := &vhd.CreateVirtualDiskParameters{
Version: 2,
Version2: vhd.CreateVersion2{
MaximumSize: defaultVhdSize * memory.GiB,
BlockSizeInBytes: defaultVHDXBlockSizeInMB * memory.MiB,
},
}
handle, err := vhd.CreateVirtualDisk(baseVhdPath, vhd.VirtualDiskAccessNone, vhd.CreateVirtualDiskFlagNone, createParams)
if err != nil {
return fmt.Errorf("failed to create vhdx: %w", err)
}
defer func() {
if err != nil {
os.RemoveAll(baseVhdPath)
os.RemoveAll(diffVhdPath)
}
}()
err = computestorage.FormatWritableLayerVhd(ctx, windows.Handle(handle))
closeErr := syscall.CloseHandle(handle)
if err != nil {
return err
} else if closeErr != nil {
return fmt.Errorf("failed to close vhdx handle: %w", closeErr)
}
partitionInfo, err := vhdx.GetScratchVhdPartitionInfo(ctx, baseVhdPath)
if err != nil {
return fmt.Errorf("failed to get base vhd layout info: %w", err)
}
// relativeCimPath needs to be the cim path relative to the snapshots directory. The snapshots
// directory is shared inside the UVM over VSMB, so during the UVM boot this relative path will be
// used to find the cim file under that VSMB share.
relativeCimPath := filepath.Join(filepath.Base(GetCimDirFromLayer(layerPath)), GetCimNameFromLayer(layerPath))
bcdPath := filepath.Join(layerPath, bcdFilePath)
if err = updateBcdStoreForBoot(bcdPath, relativeCimPath, partitionInfo.DiskID, partitionInfo.PartitionID); err != nil {
return fmt.Errorf("failed to update BCD: %w", err)
}
if err := enableCimBoot(filepath.Join(layerPath, wclayer.UtilityVMPath, wclayer.RegFilesPath, "SYSTEM")); err != nil {
return fmt.Errorf("failed to setup cim image for uvm boot: %w", err)
}
// Note: diff vhd creation and granting of vm group access must be done AFTER
// getting the partition info of the base VHD. Otherwise it causes the vhd parent
// chain to get corrupted.
// TODO(ambarve): figure out why this happens so that bcd update can be moved to a separate function
// Create the differencing disk that will be what's copied for the final rw layer
// for a container.
if err = vhd.CreateDiffVhd(diffVhdPath, baseVhdPath, defaultVHDXBlockSizeInMB); err != nil {
return fmt.Errorf("failed to create differencing disk: %w", err)
}
if err := security.GrantVmGroupAccess(baseVhdPath); err != nil {
return fmt.Errorf("failed to grant vm group access to %s: %w", baseVhdPath, err)
}
if err := security.GrantVmGroupAccess(diffVhdPath); err != nil {
return fmt.Errorf("failed to grant vm group access to %s: %w", diffVhdPath, err)
}
return nil
}
// processBaseLayerHives make the base layer specific modifications on the hives and emits equivalent the
// pendingCimOps that should be applied on the CIM. In base layer we need to create hard links from registry
// hives under Files/Windows/Sysetm32/config into Hives/*_BASE. This function creates these links outside so
// that the registry hives under Hives/ are available during children layers import. Then we write these hive
// files inside the cim and create links inside the cim.
func processBaseLayerHives(layerPath string) ([]pendingCimOp, error) {
pendingOps := []pendingCimOp{}
// make hives directory both outside and in the cim
if err := os.Mkdir(filepath.Join(layerPath, wclayer.HivesPath), 0755); err != nil {
return pendingOps, fmt.Errorf("hives directory creation: %w", err)
}
hivesDirInfo := &winio.FileBasicInfo{
CreationTime: windows.NsecToFiletime(time.Now().UnixNano()),
LastAccessTime: windows.NsecToFiletime(time.Now().UnixNano()),
LastWriteTime: windows.NsecToFiletime(time.Now().UnixNano()),
ChangeTime: windows.NsecToFiletime(time.Now().UnixNano()),
FileAttributes: windows.FILE_ATTRIBUTE_DIRECTORY,
}
pendingOps = append(pendingOps, &addOp{
pathInCim: wclayer.HivesPath,
hostPath: filepath.Join(layerPath, wclayer.HivesPath),
fileInfo: hivesDirInfo,
})
// add hard links from base hive files.
for _, hv := range hives {
oldHivePathRelative := filepath.Join(wclayer.RegFilesPath, hv.name)
newHivePathRelative := filepath.Join(wclayer.HivesPath, hv.base)
if err := os.Link(filepath.Join(layerPath, oldHivePathRelative), filepath.Join(layerPath, newHivePathRelative)); err != nil {
return pendingOps, fmt.Errorf("hive link creation: %w", err)
}
pendingOps = append(pendingOps, &linkOp{
oldPath: oldHivePathRelative,
newPath: newHivePathRelative,
})
}
return pendingOps, nil
}
// processLayoutFile creates a file named "layout" in the root of the base layer. This allows certain
// container startup related functions to understand that the hives are a part of the container rootfs.
func processLayoutFile(layerPath string) ([]pendingCimOp, error) {
fileContents := "vhd-with-hives\n"
if err := os.WriteFile(filepath.Join(layerPath, "layout"), []byte(fileContents), 0755); err != nil {
return []pendingCimOp{}, fmt.Errorf("write layout file: %w", err)
}
layoutFileInfo := &winio.FileBasicInfo{
CreationTime: windows.NsecToFiletime(time.Now().UnixNano()),
LastAccessTime: windows.NsecToFiletime(time.Now().UnixNano()),
LastWriteTime: windows.NsecToFiletime(time.Now().UnixNano()),
ChangeTime: windows.NsecToFiletime(time.Now().UnixNano()),
FileAttributes: windows.FILE_ATTRIBUTE_NORMAL,
}
op := &addOp{
pathInCim: "layout",
hostPath: filepath.Join(layerPath, "layout"),
fileInfo: layoutFileInfo,
}
return []pendingCimOp{op}, nil
}
// Some of the layer files that are generated during the processBaseLayer call must be added back
// inside the cim, some registry file links must be updated. This function takes care of all those
// steps. This function opens the cim file for writing and updates it.
func (cw *CimLayerWriter) processBaseLayer(ctx context.Context, processUtilityVM bool) (err error) {
if processUtilityVM {
if err = processUtilityVMLayer(ctx, cw.path); err != nil {
return fmt.Errorf("process utilityVM layer: %w", err)
}
}
ops, err := processBaseLayerHives(cw.path)
if err != nil {
return err
}
cw.pendingOps = append(cw.pendingOps, ops...)
ops, err = processLayoutFile(cw.path)
if err != nil {
return err
}
cw.pendingOps = append(cw.pendingOps, ops...)
return nil
}
// processNonBaseLayer takes care of the processing required for a non base layer. As of now
// the only processing required for non base layer is to merge the delta registry hives of the
// non-base layer with it's parent layer.
func (cw *CimLayerWriter) processNonBaseLayer(ctx context.Context, processUtilityVM bool) (err error) {
for _, hv := range hives {
baseHive := filepath.Join(wclayer.HivesPath, hv.base)
deltaHive := filepath.Join(wclayer.HivesPath, hv.delta)
_, err := os.Stat(filepath.Join(cw.path, deltaHive))
// merge with parent layer if delta exists.
if err != nil && !os.IsNotExist(err) {
return fmt.Errorf("stat delta hive %s: %w", filepath.Join(cw.path, deltaHive), err)
} else if err == nil {
// merge base hive of parent layer with the delta hive of this layer and write it as
// the base hive of this layer.
err = mergeHive(filepath.Join(cw.parentLayerPaths[0], baseHive), filepath.Join(cw.path, deltaHive), filepath.Join(cw.path, baseHive))
if err != nil {
return err
}
// the newly created merged file must be added to the cim
cw.pendingOps = append(cw.pendingOps, &addOp{
pathInCim: baseHive,
hostPath: filepath.Join(cw.path, baseHive),
fileInfo: &winio.FileBasicInfo{
CreationTime: windows.NsecToFiletime(time.Now().UnixNano()),
LastAccessTime: windows.NsecToFiletime(time.Now().UnixNano()),
LastWriteTime: windows.NsecToFiletime(time.Now().UnixNano()),
ChangeTime: windows.NsecToFiletime(time.Now().UnixNano()),
FileAttributes: windows.FILE_ATTRIBUTE_NORMAL,
},
})
}
}
if processUtilityVM {
return processUtilityVMLayer(ctx, cw.path)
}
return nil
}

172
pkg/init/vendor/github.com/Microsoft/hcsshim/internal/wclayer/cim/registry.go generated vendored Normal file
View File

@@ -0,0 +1,172 @@
//go:build windows
package cim
import (
"encoding/binary"
"fmt"
"os"
"unsafe"
"github.com/Microsoft/hcsshim/internal/log"
"github.com/Microsoft/hcsshim/internal/winapi"
"github.com/Microsoft/hcsshim/osversion"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/windows"
)
// enableCimBoot Opens the SYSTEM registry hive at path `hivePath` and updates it to include a CIMFS Start
// registry key. This prepares the uvm to boot from a cim file if requested. The registry changes required to
// actually make the uvm boot from a cim will be added in the uvm config (look at
// addBootFromCimRegistryChanges for details). This registry key needs to be available in the early boot
// phase and so including it in the uvm config doesn't work.
func enableCimBoot(hivePath string) (err error) {
dataZero := make([]byte, 4)
dataOne := make([]byte, 4)
binary.LittleEndian.PutUint32(dataOne, 1)
dataFour := make([]byte, 4)
binary.LittleEndian.PutUint32(dataFour, 4)
bootGUID, err := windows.UTF16FromString(bootContainerID)
if err != nil {
return fmt.Errorf("failed to encode boot guid to utf16: %w", err)
}
overrideBootPath, err := windows.UTF16FromString("\\Windows\\")
if err != nil {
return fmt.Errorf("failed to encode override boot path to utf16: %w", err)
}
regChanges := []struct {
keyPath string
valueName string
valueType winapi.RegType
data *byte
dataLen uint32
}{
{"ControlSet001\\Control", "BootContainerGuid", winapi.REG_TYPE_SZ, (*byte)(unsafe.Pointer(&bootGUID[0])), 2 * uint32(len(bootGUID))},
{"ControlSet001\\Services\\UnionFS", "Start", winapi.REG_TYPE_DWORD, &dataZero[0], uint32(len(dataZero))},
{"ControlSet001\\Services\\wcifs", "Start", winapi.REG_TYPE_DWORD, &dataFour[0], uint32(len(dataZero))},
// The bootmgr loads the uvm files from the cim and so uses the relative path `UtilityVM\\Files` inside the cim to access the uvm files. However, once the cim is mounted UnionFS will merge the correct directory (UtilityVM\\Files) of the cim with the scratch and then that point onwards we don't need to use the relative path. Below registry key tells the kernel that the boot path that was provided in BCD should now be overriden with this new path.
{"Setup", "BootPathOverride", winapi.REG_TYPE_SZ, (*byte)(unsafe.Pointer(&overrideBootPath[0])), 2 * uint32(len(overrideBootPath))},
}
var storeHandle winapi.ORHKey
if err = winapi.OROpenHive(hivePath, &storeHandle); err != nil {
return fmt.Errorf("failed to open registry store at %s: %w", hivePath, err)
}
for _, change := range regChanges {
var changeKey winapi.ORHKey
if err = winapi.ORCreateKey(storeHandle, change.keyPath, 0, 0, 0, &changeKey, nil); err != nil {
return fmt.Errorf("failed to open reg key %s: %w", change.keyPath, err)
}
if err = winapi.ORSetValue(changeKey, change.valueName, uint32(change.valueType), change.data, change.dataLen); err != nil {
return fmt.Errorf("failed to set value for regkey %s\\%s : %w", change.keyPath, change.valueName, err)
}
}
// remove the existing file first
if err := os.Remove(hivePath); err != nil {
return fmt.Errorf("failed to remove existing registry %s: %w", hivePath, err)
}
if err = winapi.ORSaveHive(winapi.ORHKey(storeHandle), hivePath, uint32(osversion.Get().MajorVersion), uint32(osversion.Get().MinorVersion)); err != nil {
return fmt.Errorf("error saving the registry store: %w", err)
}
// close hive irrespective of the errors
if err := winapi.ORCloseHive(winapi.ORHKey(storeHandle)); err != nil {
return fmt.Errorf("error closing registry store; %w", err)
}
return nil
}
// mergeHive merges the hive located at parentHivePath with the hive located at deltaHivePath and stores
// the result into the file at mergedHivePath. If a file already exists at path `mergedHivePath` then it
// throws an error.
func mergeHive(parentHivePath, deltaHivePath, mergedHivePath string) (err error) {
var baseHive, deltaHive, mergedHive winapi.ORHKey
if err := winapi.OROpenHive(parentHivePath, &baseHive); err != nil {
return fmt.Errorf("failed to open base hive %s: %w", parentHivePath, err)
}
defer func() {
err2 := winapi.ORCloseHive(baseHive)
if err == nil {
err = errors.Wrap(err2, "failed to close base hive")
}
}()
if err := winapi.OROpenHive(deltaHivePath, &deltaHive); err != nil {
return fmt.Errorf("failed to open delta hive %s: %w", deltaHivePath, err)
}
defer func() {
err2 := winapi.ORCloseHive(deltaHive)
if err == nil {
err = errors.Wrap(err2, "failed to close delta hive")
}
}()
if err := winapi.ORMergeHives([]winapi.ORHKey{baseHive, deltaHive}, &mergedHive); err != nil {
return fmt.Errorf("failed to merge hives: %w", err)
}
defer func() {
err2 := winapi.ORCloseHive(mergedHive)
if err == nil {
err = errors.Wrap(err2, "failed to close merged hive")
}
}()
if err := winapi.ORSaveHive(mergedHive, mergedHivePath, uint32(osversion.Get().MajorVersion), uint32(osversion.Get().MinorVersion)); err != nil {
return fmt.Errorf("failed to save hive: %w", err)
}
return
}
// getOsBuildNumberFromRegistry fetches the "CurrentBuild" value at path
// "Microsoft\Windows NT\CurrentVersion" from the SOFTWARE registry hive at path
// `regHivePath`. This is used to detect the build version of the uvm.
func getOsBuildNumberFromRegistry(regHivePath string) (_ string, err error) {
var storeHandle, keyHandle winapi.ORHKey
var dataType, dataLen uint32
keyPath := "Microsoft\\Windows NT\\CurrentVersion"
valueName := "CurrentBuild"
dataLen = 16 // build version string can't be more than 5 wide chars?
dataBuf := make([]byte, dataLen)
if err = winapi.OROpenHive(regHivePath, &storeHandle); err != nil {
return "", fmt.Errorf("failed to open registry store at %s: %w", regHivePath, err)
}
defer func() {
if closeErr := winapi.ORCloseHive(storeHandle); closeErr != nil {
log.L.WithFields(logrus.Fields{
"error": closeErr,
"hive": regHivePath,
}).Warnf("failed to close hive")
}
}()
if err = winapi.OROpenKey(storeHandle, keyPath, &keyHandle); err != nil {
return "", fmt.Errorf("failed to open key at %s: %w", keyPath, err)
}
defer func() {
if closeErr := winapi.ORCloseKey(keyHandle); closeErr != nil {
log.L.WithFields(logrus.Fields{
"error": closeErr,
"hive": regHivePath,
"key": keyPath,
"value": valueName,
}).Warnf("failed to close hive key")
}
}()
if err = winapi.ORGetValue(keyHandle, "", valueName, &dataType, &dataBuf[0], &dataLen); err != nil {
return "", fmt.Errorf("failed to get value of %s: %w", valueName, err)
}
if dataType != uint32(winapi.REG_TYPE_SZ) {
return "", fmt.Errorf("unexpected build number data type (%d)", dataType)
}
return winapi.ParseUtf16LE(dataBuf[:(dataLen - 2)]), nil
}

Some files were not shown because too many files have changed in this diff Show More