# Weekly LinuxKit report for 2017-05-22 to 2017-05-28

This report covers weekly developments in the [linuxkit], [linuxkit-ci], [virtsock], and [linuxkit/rtf] repositories.

We now sign and verify LinuxKit component images, such as `linuxkit/kernel`, using [Notary](https://github.com/docker/notary) ([#1900] [@justincormack] [@ijc25] [@rneugeba]). The Alpine base was also updated to add config labels and trust ([#1909] [@rneugeba]), and the organisation key wad added to the yaml file ([#1913] [@dave-tucker] [@justincormack] [@rneugeba] [@riyazdf]).

The `linuxkit` tool has had several improvements that change its syntax:
- Output formats must be specified in the CLI not in the yaml file. ([#1908]  [@justincormack])
- Disk command line options for local hypervisors have been unified ([#1888]  [@thebsdbox] [@justincormack] [@IJC] [@ijc25] [@rneugeba])
- Hyperkit backends now have a `-start-vpnkit` flag ([#1891] [@rneugeba] [@MagnusS]) and a `-vpnkit-socket` flag ([#1907] [@justincormack] [@rneugeba])
- The Qemu backend was made more consistent. For all output formats except kernel+initrd, we now require the full path of the file to run, and in return makes the default options more automatic.  It also now allows specifying a bootable disk image, so we can test disk image output formats with qemu too.  ([#1873] [@justincormack])

A VMware vCenter backend was added, by using the VMware Go SDK in order to allow LinuxKit to push ISOs to VMware and run them.  ([#1882] [#1860] [@justincormack] [@thebsdbox])

The Alpine base image was extended with:
- VM integration agents ([#1887]  [@MagnusS] [@ijc25] [@rneugeba])
- Strace ([#1922]  [@justincormack])
- There is discussion on how to improve the Address Space Layout Randomization (ASLR) and Position Independent Executables (PIE) in the base ([#1902] [@rneugeba] [@justincormack] [@riyazdf] [@fntlnz])

Other improvements were made to the packages:
- Add a mkimage package ([#1896] [@justincormack])
- Add a open-vm-tools package ([#1898] [@ijc25] [@justincormack] [@rneugeba])
- Moby config labels were added to common packages ([#1884] [@rneugeba])

Managing kernel configurations got easier via the [kernel-config project](projects/kernel-config/) which now has a real implementation of kernel configs ([#1877] [@tych0]).
There is also ongoing work to update to the 4.11.2/4.10.17/4.9.29/4.4.69 kernels ([#1870] [@rneugeba]).

The experimental projects area saw several changes:

- Wireguard improvements ([#1915] [@tych0] [@justincormack] [@riyazdf])
- Use kernel images for Integrity Measurement Architecture (IMA) ([#1914] [@rneugeba])

The first Moby Security SIG was held, with meeting notes and PRs available in the tree.  Please continue to send any fixes to them from your participation:

- 2017-05-24 meeting notes ([#1892] [@jcvenegas] [@zx2c4] [@avsm] [@tych0] [@riyazdf] [@mcastelino])
- Draft agenda for 2017-06-07 meeting ([#1893] [@tych0] [@riyazdf])
- Video recording of meeting notes ([#1894] [@tych0] [@riyazdf])
- Fix link to ima-namespace project ([#1899] [@cyli] [@rneugeba])
- Add buildchain security to agenda, proposed time allocations ([#1903] [@fntlnz] [@avsm] [@samoht]  [@rneugeba] [@riyazdf] [@SvenDowideit])
- More detail to security SIG agenda ([#1876] [@tych0])

General housekeeping activity:

- Improve Makefile to rebuild `bin/moby` as necessary ([#1910] [@tych0] [@justincormack])
- Only output qemu disk creation info in debug mode ([#1911] [@justincormack])
- Add a few more aliases to .mailmap and re-generated AUTHORS ([#1879] [@justincormack] [@rneugeba])
- Add a blurb about CVE-2017-1000363 ([#1885] [@justincormack])
- Remove AUTHOR from tests ([#1890] [@justincormack])
- Add docs on how to use external disk ([#1776] [@justincormack] [@deitch])
- Add a docs section on custom kernel builds ([#1838] [@rneugeba] [@yankunsam])
- Update LinuxKit YAML file for Virtsock ([virtsock#29] [@rneugeba])
- RTF templates: Fix path To top-wevel library ([linuxkit/rtf#15] [@dave-tucker])
- Improve fetching of CI results ([linuxkit-ci#8])
- Add a test-containerd to CI ([#1906] [@dmcgowan] [@justincormack] [@rneugeba])
- Continue fixing `qemu-img` in a container ([#1871])

Other reports in this series can be browsed directly in the repository at [linuxkit:/reports](https://github.com/linuxkit/tree/master/reports/).

[@HackToday]: https://github.com/HackToday
[@IJC]: https://github.com/IJC
[@MagnusS]: https://github.com/MagnusS
[@SvenDowideit]: https://github.com/SvenDowideit
[@alanyih]: https://github.com/alanyih
[@avsm]: https://github.com/avsm
[@cyli]: https://github.com/cyli
[@dave-tucker]: https://github.com/dave-tucker
[@deitch]: https://github.com/deitch
[@dmcgowan]: https://github.com/dmcgowan
[@fntlnz]: https://github.com/fntlnz
[@ijc25]: https://github.com/ijc25
[@jcvenegas]: https://github.com/jcvenegas
[@justincormack]: https://github.com/justincormack
[@majst01]: https://github.com/majst01
[@mbruzek]: https://github.com/mbruzek
[@mcastelino]: https://github.com/mcastelino
[@riyazdf]: https://github.com/riyazdf
[@rneugeba]: https://github.com/rneugeba
[@samoht]: https://github.com/samoht
[@thebsdbox]: https://github.com/thebsdbox
[@tych0]: https://github.com/tych0
[@yankunsam]: https://github.com/yankunsam
[@zx2c4]: https://github.com/zx2c4
[linuxkit]: https://github.com/linuxkit
[#1247]: https://github.com/linuxkit/linuxkit/issues/1247
[#1742]: https://github.com/linuxkit/linuxkit/issues/1742
[#1751]: https://github.com/linuxkit/linuxkit/issues/1751
[#1767]: https://github.com/linuxkit/linuxkit/issues/1767
[#1768]: https://github.com/linuxkit/linuxkit/pull/1768
[#1776]: https://github.com/linuxkit/linuxkit/pull/1776
[#1838]: https://github.com/linuxkit/linuxkit/pull/1838
[#1839]: https://github.com/linuxkit/linuxkit/issues/1839
[#1848]: https://github.com/linuxkit/linuxkit/issues/1848
[#1859]: https://github.com/linuxkit/linuxkit/issues/1859
[#1860]: https://github.com/linuxkit/linuxkit/pull/1860
[#1866]: https://github.com/linuxkit/linuxkit/issues/1866
[#1867]: https://github.com/linuxkit/linuxkit/pull/1867
[#1868]: https://github.com/linuxkit/linuxkit/pull/1868
[#1869]: https://github.com/linuxkit/linuxkit/pull/1869
[#1870]: https://github.com/linuxkit/linuxkit/pull/1870
[#1871]: https://github.com/linuxkit/linuxkit/pull/1871
[#1872]: https://github.com/linuxkit/linuxkit/issues/1872
[#1873]: https://github.com/linuxkit/linuxkit/pull/1873
[#1874]: https://github.com/linuxkit/linuxkit/pull/1874
[#1876]: https://github.com/linuxkit/linuxkit/pull/1876
[#1877]: https://github.com/linuxkit/linuxkit/pull/1877
[#1878]: https://github.com/linuxkit/linuxkit/issues/1878
[#1879]: https://github.com/linuxkit/linuxkit/pull/1879
[#1880]: https://github.com/linuxkit/linuxkit/issues/1880
[#1881]: https://github.com/linuxkit/linuxkit/pull/1881
[#1882]: https://github.com/linuxkit/linuxkit/pull/1882
[#1884]: https://github.com/linuxkit/linuxkit/pull/1884
[#1885]: https://github.com/linuxkit/linuxkit/pull/1885
[#1886]: https://github.com/linuxkit/linuxkit/issues/1886
[#1887]: https://github.com/linuxkit/linuxkit/pull/1887
[#1888]: https://github.com/linuxkit/linuxkit/pull/1888
[#1889]: https://github.com/linuxkit/linuxkit/issues/1889
[#1890]: https://github.com/linuxkit/linuxkit/pull/1890
[#1891]: https://github.com/linuxkit/linuxkit/pull/1891
[#1892]: https://github.com/linuxkit/linuxkit/pull/1892
[#1893]: https://github.com/linuxkit/linuxkit/pull/1893
[#1894]: https://github.com/linuxkit/linuxkit/pull/1894
[#1895]: https://github.com/linuxkit/linuxkit/issues/1895
[#1896]: https://github.com/linuxkit/linuxkit/pull/1896
[#1897]: https://github.com/linuxkit/linuxkit/pull/1897
[#1898]: https://github.com/linuxkit/linuxkit/pull/1898
[#1899]: https://github.com/linuxkit/linuxkit/pull/1899
[#1900]: https://github.com/linuxkit/linuxkit/pull/1900
[#1901]: https://github.com/linuxkit/linuxkit/issues/1901
[#1902]: https://github.com/linuxkit/linuxkit/issues/1902
[#1903]: https://github.com/linuxkit/linuxkit/pull/1903
[#1904]: https://github.com/linuxkit/linuxkit/issues/1904
[#1905]: https://github.com/linuxkit/linuxkit/issues/1905
[#1906]: https://github.com/linuxkit/linuxkit/pull/1906
[#1907]: https://github.com/linuxkit/linuxkit/pull/1907
[#1908]: https://github.com/linuxkit/linuxkit/pull/1908
[#1909]: https://github.com/linuxkit/linuxkit/pull/1909
[#1910]: https://github.com/linuxkit/linuxkit/pull/1910
[#1911]: https://github.com/linuxkit/linuxkit/pull/1911
[#1913]: https://github.com/linuxkit/linuxkit/pull/1913
[#1914]: https://github.com/linuxkit/linuxkit/pull/1914
[#1915]: https://github.com/linuxkit/linuxkit/pull/1915
[#1916]: https://github.com/linuxkit/linuxkit/issues/1916
[#1917]: https://github.com/linuxkit/linuxkit/issues/1917
[#1918]: https://github.com/linuxkit/linuxkit/issues/1918
[#1920]: https://github.com/linuxkit/linuxkit/issues/1920
[#1922]: https://github.com/linuxkit/linuxkit/pull/1922
[#1924]: https://github.com/linuxkit/linuxkit/issues/1924
[#714]: https://github.com/linuxkit/linuxkit/issues/714
[linuxkit-ci]: https://github.com/linuxkit-ci
[linuxkit-ci#8]: https://github.com/linuxkit/linuxkit-ci/pull/8
[linuxkit/rtf]: https://github.com/linuxkit/rtf
[linuxkit/rtf#15]: https://github.com/linuxkit/rtf/pull/15
[virtsock]: https://github.com/virtsock
[virtsock#29]: https://github.com/linuxkit/virtsock/pull/29