mirror of
https://github.com/linuxkit/linuxkit.git
synced 2026-04-04 20:17:50 +00:00
56a8d2468a
This updates the build of the two image caches to use the `pkg/package.mk` infrastructure, albeit in a slightly (ok, very) atypical way. In order to share the bulk of the build code (including the `Dockerfile` and the `Makefile` machinery to download the images) we arrange for the necessary bits to be copied at build time into distinct subdirectories and for the `pkg/package.mk` to be aware of this possibility. Since pkg/package.mk is only set up to build a single package we use a single `image-cache/Makefile` to drive the whole process and recurse into `Makefile.pkg` to build individual packages. One particular subtlety is that the package hash is based on the `image-cache` directory (which is in `git`) rather than the generated subdirectories (which are not in `git`). Since all the generators (and their inputs) are in the `image-cache` directory this is what we want. This means that the two images are given the same tag, but this is deliberate and desirable. The generated directories are completely temporary to avoid picking up stale versions of images when versions are updated. Images are hardlinked into place. The images are moved to the linuxkitprojects org. Using a dev tag for now, will update once everything is in place. Also use "tag" rather than "build" where appropriate in the Makefile. There is no point in the .dockerignore now, but add a .gitignore. Signed-off-by: Ian Campbell <ijc@docker.com>
Projects
We aim to provide a set of open spaces for collaboration to help move projects towards production. Projects should usually
at a minimum provide a README of how to get started using the project with Moby, and a roadmap document explaining what
the aims are and how to contribute. Most projects will probably provide a way to run the project in a custom Moby build
in its current state, which ideally will be integrated in the Moby CI so there are checks that it builds and runs. Over
time we hope that many projects will graduate into the recommended production defaults, but other projects may remain as
ongoing projects, such as kernel hardening.
If you want to create a project, please submit a pull request to create a new directory here.
Current projects
- Kernel Self Protection Project enhancements
- Mirage SDK privilege separation for userspace services
- Wireguard cryptographic enforced container network separation
- OKernel intra-kernel protection using EPT (HPE)
- eBPF iovisor eBPF tools
- Swarmd Standalone swarmkit based orchestrator
- Landlock LSM programmatic access control
- Clear Containers Clear Containers image
- Logging Experimental logging tools
- etcd cluster etcd cluster demo from DockerCon'17
- kernel-config an experiment on how to manage kernel config
- IMA-namespace patches for supporting per-mount-namespace IMA policies
- shiftfs is a filesystem for mapping mountpoints across user namespaces
Current projects not yet documented
- VMWare support (VMWare)
- ARM port and secure boot integration (ARM)
Completed projects
aws/: AWS support was merged into mainline in #1964.