skopeo is a command line utility that performs various operations on
container images and image repositories.
skopeo can work with OCI images as well as the original Docker v2
images.
The recipe originates from from meta-overc commit a497792. It has
been updated with the new project URL and v0.1.39.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Podman is a daemonless container engine for developing, managing, and
running OCI Containers on your Linux System. Containers can either be
run as root or in rootless mode.
This patch adds the initial recipe for podman. Currently the build tags
systemd (if in DISTRO_FEATURES), seccomp, varlink and remoteclient are
enabled which allows to run podman with overlayfs as root and vfs in
rootless mode. The storage drivers btrfs and device-mapper have not
been tested and are disabled at the moment.
It seems that seccomp is mandatory, which makes meta-security which
provides libseccomp a mandatory dependency for this recipe.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since commit:
[
Author: Tom Rini <trini@konsulko.com>
Date: Fri Feb 8 13:22:35 2019 -0500
docker: Move /etc/docker to a symlink to volatiles
The only thing which docker uses /etc/docker for is a TLS key for
connecting with other TLS-enabled services. Make /etc/docker a symlink
to the existing docker volatiles directory so that we can use docker on
a read-only rootfs.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
We've had a transient / volatile docker configuration since we point
our /etc configuration to /run. This is not always a good thing if
a static configuration for keys, etc, is desired.
We maintain this functionality under the 'transient-config'
PACKAGECONFIG, and also allow the existing static/permanent config
to be used.
Signed-off-by: Matt Spencer <matthew@thespencers.me.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The recipe which was providing the default "docker" package was aligned
with the moby repositories. In order to make that alignment clear, we
rename that recipe docker-moby.
To allow easier switching between the docker providing recipes, we
introduce a virtual/docker PROVIDES to the common .inc file (and
hence each recipe). This allows users to chose what they want via
the standard PREFERRED_PROVIDER mechanism.
Also to allow existing package lists and image installs to
continue to work without changes, we make sure that the implementation
specific docker-<foo> packages RPROVIDE docker. If any packages are
missed, we'll add them to this list in future updates.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bump the git hashes to Docker CE v19.03.2.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since commit applied in moby [61a3285 Support cross-compile for arm]
it hardcoded var-CC to support cross-compile for arm
Correct it with "${parameter:-word}" format, it is helpful for user
define toolchains
(Use Default Values. If parameter is unset or null, the expansion of
word is substituted. Otherwise, the value of parameter is substituted.)
61a3285864
This fixes a build issue seen when building docker-ce:
exec: "aarch64-linux-gnu-gcc": executable file not found in $PATH
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Use GNU Make 4.2.1(such as fedora-29) to build k8s in a long directory,
it failed with `execvp: /bin/bash: Argument list too long'
[snip]
$ cd /buildarea1/hjia/wrlinux-1019/I_/suspect_/that_/if_/you_/create_/your_/project_/in_/a_/very_/deep_/directory/build_master-wr_qemux86-64_faw_2019090509/build/tmp-glibc/work/core2-64-wrs-linux/kubernetes/v1.16.0-alpha+git7054e3ead7e1a00ca6ac3ec47ea355b76061a35a-r0/kubernetes-v1.16.0-alpha+git7054e3ead7e1a00ca6ac3ec47ea355b76061a35a/src/import
$ make cross KUBE_BUILD_PLATFORMS=linux/amd64 GOLDFLAGS=""
|+++ [0804 16:38:32] Building go targets for linux/amd64:
| ./vendor/k8s.io/code-generator/cmd/deepcopy-gen
|make[1]: execvp: /bin/bash: Argument list too long
|make[1]: *** [Makefile.generated_files:184: pkg/kubectl/cmd/testing/zz_generated.deepcopy.go] Error 127
|make: *** [Makefile:557: generated_files] Error 2
...
[snip]
From make manual [1]
$?
The names of all the prerequisites that are newer than the target, with spaces between them.
While two `$?' was passed to bash in a line, it caused above failure,
drop a duplicated one could workaround the issue.
[1] https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When curl's MIT license is preferable to wget's GPLv3. Which it is in
several situations.
Change-Id: I72ee1ce66493c564557b73fae80f5219ef83af6d
Signed-off-by: Joakim Roubert <joakimr@axis.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
commit 7394c154a9 [containers: update oci-systemd-hook to 0.2.0]
incorrectly adjusted the context around the patch
0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch.
This resulted in containers failing with an error:
systemdhook <error>: Failed to mkdir new dest: /opt/container/cube-server/rootfs/sys/fs/cgroup/perf_event: No such file or directory
Unfortunately, the code was being patched in ahead of the mounting of
the tmpfs after the patch context was adjusted. You can even get a
hint of this in the comment "Systemd is already handled above". Here
we correct this by pushing the code down to the correct position in
the file/function, making the error go away and proper function
return.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
nl80211 device can't be moved to another namespace due to
e389f2afd8509(start: unify and simplify network creation), and lxc
community has fixed this issue with:
commit 3dd7829433f63b2ec1323a1f237efa7d67ea6e2b lxc upstream
This patch is grabbing the commit above, and should be abandoned with
lxc uprev afterwards.
See more details here: https://github.com/lxc/lxc/issues/3105
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since comit 3f64779e in meta-oe:
[ libdevmapper/lvm2: force recipe libdevmapper to populate sysroot only ]
libdevmapper recipe does not provide package any more, we need RDEPENDS
on libdevmapper which is being provided by lvm2 recipe.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
It defaults to "-s -w" [1] which strips debug information, refresh a backported
patch to build unstripped binaries
https://golang.org/cmd/link/
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Specify GOLDFLAGS as an empty string for building unstripped binaries, which allows
you to use code debugging tools like delve. When GOLDFLAGS is unspecified, it defaults
to "-s -w" which strips debug information. Other flags that can be used for GOLDFLAGS
are documented at https://golang.org/cmd/link/ [1]
[1] https://github.com/kubernetes/kubernetes/blob/master/build/root/Makefile#L82
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add a new PACKAGECONFIG, static, which when enabled will build
runc as static. Default to enable it.
We need this because we should allow users to build runc as not
static so that when docker's cgroup driver is set to systemd,
we don't get error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
There are unnessary and incorrect settings like GOOS and GOROOT.
There are also redundant settings like GOPATH, CGO_CFLAGS, etc,
whose latter setting will cover the previous one.
So clean all these up.
Also, remove the comment which suggests settings GOVERSION to "1.10%",
as it's no longer valid for current OE.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
cri-o depends on ostree, libselinux and libseccomp
and we should check if the layer which provides these
recipes exist or not before go on.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Currently kubernetes does not build for qemux86, qemumips, qemumips64,
qemuppc. So set COMPATIBLE_HOST to make this clear. Otherwise we get
build failure when trying to build like below.
fatal error: bits/long-double-64.h: No such file or directory
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
DOCKER_BUILDTAGS has tags that exclude btrfs and devicemapper graph
drivers. To enable either, the tags have to be removed, but this isn't
easily possible as DOCKER_BUILDTAGS can't be overridden via a
bbappend.
Define a BUILD_TAGS variable in the docker recipe that is set with the
exclude tags, and use it for setting DOCKER_BUILDTAGS. This makes it
possible for downstream to tweak BUILD_TAGS/DOCKER_BUILD_TAGS via a
bbappend.
Signed-off-by: Anoop Karollil <anoop.karollil@ge.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since commit applied in moby [61a3285 Support cross-compile for arm]
it hardcoded var-CC to support cross-compile for arm
Correct it with "${parameter:-word}" format, it is helpful for user
define toolchains
(Use Default Values. If parameter is unset or null, the expansion of
word is substituted. Otherwise, the value of parameter is substituted.)
61a3285864
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When the go-lang container recipes were first created there were issues
with strip and the resulting binaries. As such, strip was inhibited for
the various packages.
This variable is now set in the default classes, and tests show that
strip works on the binaries (saving up to 2M on disk for some binaries)
with no runtime issues found.
So we drop our explicit set of the inhibit and let the build proceed
by the defaults.
If issues are found, we can re-enable the setting or bbappends can
turn it back on for builds showing issues.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrading kubernetes to the 1.16 series. This is currently in alpha,
but will be released before the feature freeze.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the 1.15 release.
With this update there are significant new build constraints and
dependencies. As such, the cross binaries are now being be built
by default, with the old (non-cross) build being kept around as
an optional way to build the components.
There are still issues with the non-cross build, so it will
require more work in the future.
We also document the requirement for selinux and seccomp in the
README as dependencies if you build cri-o.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest containerd 0.2.x release. No build changes
were required, and runtime behaviour is the same.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest oci-systemd-hook version. We also refresh the
patches, specifically the selinux patch, for the updated context.
The additional cgroups mount patch needed to be tweaks for new
required parameters, but is otherwise unchanged.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating the reference spec to v1.01. No functional or runtime changes
are expected from this.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating the docker community edition to the 19.03 series.
The build changes are minor (mainly cleanup), but otherwise, we
are changing branches and setting new SRCREVs.
The LICENSE checksum tweak is due to copyright year changes in
the files.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
updating the full community build (moby) of the docker engine, cli
and networking components to the 19.03 release series.
The changes are minimal, versioning, branch selection, but otherwise
everything in the build is the same as the previous versions.
The SRCREVs are selected through an audit of moby and docker-ce to
synchronize the build points for the various components.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating the oci-image-tools to the tip of the master branch. This gets
us official integrations of some backported patches (along with other
associated minor fixes).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating the reference/source package of the oci-image-spec to v1.0.1.
We also cleanup the install rule to be a bit simpler (by using
--parents), and remove the .tool directory (which is new to this
version), since it won't be package by default (and hence throws a
QA error) and we don't need the .tool/* files.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating both the pure opencontainers runc and the docker opencontainers
variants to -rc8.
We track the tip of master for opencontainers and for docker we match
the -ce and moby -rc8 commit hashes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
after commit https://git.openembedded.org/openembedded-core/
commit/meta/classes/ptest.bbclass?id=b47194b57d94260b4e6438c5bf74914027f0b520
package ${PN}-ptest will depend on ${PN} by default,
but for docker-distribution, ${PN} is empty package, remove it from dependency
to avoid image do rootfs failure since nothing provides error.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
If docker run --init is used docker expects docker-init to be
present, if not Docker fails to start the container with the
following error:
docker: Error response from daemon: exec: "docker-init": executable file not found in $PATH.
However, docker-init does not get deployed by default since commit
d19fda3743 ("docker: consolidate common depends/options"). Readd
docker-init through a PACKAGECONFIG RDEPENDS to make sure it gets
deployed by default again.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Part of building cri-o is the generation of the 'conmon/config.h'
file. The content of this file is dynamic in that it has buffer sizes
and a socket path which will depend on constants that are set in other
parts of the code. For example the socket path can be setup for
Windows or for Linux.
To generate 'conmon/config.h' a small GO application is built and run
called crio-config. This isn't really suitable for a -native package
but we do have to run crio-config on the build host so we don't want
to cross compile it. We therefor use the native GO to build this. This
change allows things to work when the build host arch and the target
arch don't match. A small update to the Makefile avoids mixing build
host arch and target arch GO packages.
Finally, We drop the crio-config binary from the install as it is only
used to create the conmon/config.h as part of the build. This is
consistent with the Makefile's install rule which does not install
this binary as it has no use on the target.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
After oe-core commits
5f48939e2640 [goarch.bbclass: use MACHINEOVERRIDES and simplify go_map_arm()]
6300c4a83f7c [go.bbclass:Export more GO* environment variables]
we see a build failure with cri-o:
| go build runtime/cgo: attempting to install package runtime/cgo into read-only GOROOT
| Makefile:112: recipe for target 'conmon/config.h' failed
| make: *** [conmon/config.h] Error 1
to avoid this we should not overwrite the GO* environment being setup
by the go.bbclass, so we drop most of our GO* exports here.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Remove the following patch, because the 3.11 version already contain it.
0001-kdat-Don-t-open-run-criu.kdat-if-doesn-t-exists.patch
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The split between docker-ce and docker (moby) was initially
quite different, and docker-ce was more of a reference versus
a supported / working package.
Upstream has evolved such that both are valid options, and
may be chosen due to different requirements.
Rather than duplicating all the settings, we can move the
dependencies, init, rdepends, users, etc, into a .inc file and
share them.
For now, we keep the build separate, since depending on the
uprev status, they still can require different build options
and packaging.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
With the 5.0 kernel and docker 18.09 you can run into issues
pulling from docker hub due to an invalid/unknown certificate.
We fix that by adding ca-certifcates as a runtime dependency.
There can also be isuses setting up the network bridge, so we
add bridge-utils to the rdepends.
We also add some comments about this recipe and how it should
be updated using moby (and why it is like it is).
Finally, no one wants rt-tests and lxc when installing docker,
so we drop them from the rsuggests.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
With the 5.0 kernel and docker 18.09 you can run into issues
pulling from docker hub due to an invalid/unknown certificate.
We fix that by adding ca-certifcates as a runtime dependency.
There can also be isuses setting up the network bridge, so we
add bridge-utils to the rdepends.
Finally, no one wants rt-tests and lxc when installing docker,
so we drop them from the rsuggests.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
containerd has evolved since it was introduced and it no
longer makes sense for it to pull in container runtimes
as RRECOMMENDS. In particular most users don't want lxc to
be pulled in, and the hardcoded docker recommendation makes
it difficult to vary the docker implementation.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
runc shouldn't be RRECOMMENDing docker, since it is already
a RDEPENDS of docker. If we have this RRECOMMEND, you cannot
easily vary the docker and docker-ce packages with this runc
variant.
We could restore this RRECOMMEND in the future if a virtual/docker
dependency is introduced.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upreving the moby variant of the docker runtime to match
the 18.09.3 updates that are in the docker-ce recipe.
The signficant comments (engine), are as follows:
667e800b2c bump swarmkit to 415dc72789e2b733ea884f09188c286ca187d8ec
fc01c2b481 Merge pull request #37874 from justincormack/remove-libtrust
5a7d6dcf21 Merge pull request #38820 from bynnchapu/mkimage-yum_add-new-tag-option
57c2228cc1 Add new option to specify tag information
6e86b1198f Merge pull request #38780 from thaJeztah/remove_parse_tmpfs_options
13b7d11be1 Remove Schema1 integration test suite
98fc09128b Remove the rest of v1 manifest support
8aca18d631 Merge pull request #38813 from cpuguy83/add_experimental_interface
fa9df85c6a Had `HasExperimental()` to cluster backend
9c83848fc9 Merge pull request #38808 from alexellis/derek/add_pr_description_required
45eae4cb2b Merge pull request #38806 from tonistiigi/rootless-build-fixes
5c152ea10f Merge pull request #38810 from thaJeztah/network_dangling_docs
989d497d51 Merge pull request #38565 from dave-tucker/jenkinsfile
f9b9d5f584 builder-next: fixes for rootless mode
dc52692458 Merge pull request #38675 from thaJeztah/refactor_pkg_sysinfo
ca91918dd4 docs follow-ups for networks "dangling" filter
ed681c5c0d Merge pull request #38805 from thaJeztah/better_polling
3c9b9409e2 Update Derek behaviour
8df160dde7 Merge pull request #38790 from nakabonne/refactor-setting-graph-driver
ba641fef28 Merge pull request #31551 from KarthikNayak/dry_run
348d793351 Merge pull request #38737 from thaJeztah/fix_stopped_restart_containers
8c0ecb6387 Fix stopped containers with restart-policy showing as "restarting"
91d934b41b Merge pull request #38791 from thaJeztah/update_api_changes
131cbaf5b7 Network: add support for 'dangling' filter
67d6f174ae Add more details to RunningTasksCount
de7172b600 Merge pull request #38782 from Microsoft/fix-restart
501cb131a7 Merge pull request #38800 from dani-docker/esc-1090
4d7721cdcc Add Jenkinsfile
8073c4febd Merge pull request #38786 from gaorong/installer-shell-interpreter
3fbbeb703c set bigger grpc limit for GetConfigs api
5e77399b92 fix hack/dockerfile/install/containerd.installer test statement
19c5ff9c64 Merge pull request #38792 from thaJeztah/update_api_changelog
95faf3582c Merge pull request #38428 from thaJeztah/only_create_new_daemon_if_needed
5861a0db22 Fix container update resetting pidslimit on older API clients
fc77445147 Add new PidsLimit options to API version history
894ecb24d1 Merge the divided loops
dd94555787 Merge pull request #32519 from darkowlzz/32443-docker-update-pids-limit
308438c1ec Merge pull request #38783 from Microsoft/jjh/restarthypertests
b3407d2029 Testing: create new daemon (only) if needed
faaffd5d6d Windows:Disable 2 restart test when Hyper-V
5afe2705ac Windows: Fix restart for Hyper-V containers
144c95029c pkg/mount: remove unused ParseTmpfsOptions
74eb258ffb Add pids-limit support in docker update
cbb885b07a Merge pull request #38632 from dperny/gmsa-support
0e54f5e3a9 Merge pull request #38686 from cpuguy83/remove_deprecated_newclient
9688f120a2 Merge pull request #38758 from thaJeztah/add_missing_char_device_mode
c7a38c2c06 Graphdriver: fix "device" mode not being detected if "character-device" bit is set
6f1d7ddfa4 Use Runtime target
7403497573 Merge pull request #38756 from kolyshkin/fix-test-int
447ce1325d Merge pull request #38741 from Microsoft/jjh/signalname
228bc35e82 make test-integration: use correct dockerd binary
c093c1e08b Merge pull request #38718 from thaJeztah/update_containerd_1.2.4
733a69e26b Windows:Update dumpstack event name
fcb286895b Merge pull request #38364 from cpuguy83/fix_stale_container_on_start
5ba30cd1dc Delete stale containerd object on start failure
818d2ddf02 Merge pull request #38730 from AkihiroSuda/rootlesskit-030alpha2
206004e3a7 Merge pull request #38728 from AkihiroSuda/fix-rootless-stick-xdg
f1a87919e0 bump up rootlesskit (fix CentOS failure)
56bea903ef dockerd: call StickRuntimeDirContents only in rootless mode
defb2b57a7 Update containerd client to 1.2.4
26413ede57 Update containerd runtime 1.2.4
0111ee7087 Merge pull request #38717 from thaJeztah/update_containerd_1.2.3
a327428bdb Merge pull request #38716 from thaJeztah/bump_runc_cve_2019-5736
c4763e02d1 Update containerd to 1.2.3
f03698b69a Update runc to 6635b4f (fix CVE-2019-5736)
6800954050 Merge pull request #38677 from tiborvass/fix-validate
f18cf23e97 Merge pull request #38692 from Microsoft/jjh/runtime-spec
98dcded647 Merge pull request #38701 from thaJeztah/bump_gorilla_mux
477eeef60c Bump gorilla/mux to 1.7.0
832ce62cb2 Merge pull request #38693 from tiborvass/fix-timeout-bug
42dcfc894a hack: Have TIMEOUT take -test.count into account when testing for flakiness
9f1b2b7031 Vendor opencontainers/runtime-spec 29686dbc
e063099f91 Completely remove `d.NewClient` from testing tools
e6fe7f8f29 Merge pull request #38685 from yongtang/go-vet
611b23c1a0 Merge pull request #38580 from andrey-ko/fix-restart
86312a4732 Fix go-vet issue
c63a2b7619 Merge pull request #38678 from Microsoft/jjh/lcowpushspace
f8e29fdd68 Merge pull request #38679 from AkihiroSuda/rootlesskit-030alpha1
6501a8ff90 Merge pull request #38684 from tonistiigi/vpnkit-restore
61da822eeb Merge pull request #38683 from tonistiigi/ptrace-seccomp-update
2c79d3520a Merge pull request #38681 from Microsoft/jjh/hcsshim086
20e8572a4c hack: restore bundling vpnkit on amd64
f091a8dd62 Merge pull request #38680 from Microsoft/jjh/dumpduterr
e76380b67b seccomp: review update
07742515fb Vendor Microsoft/hcsshim @ v0.8.6
bc80e8df3e Windows CI: Dump possible panic log
bcc4c03092 bump up rootlesskit (fix armv7 compilation failure)
1603af9689 Merge pull request #38137 from tonistiigi/seccomp-ptrace
feb70fd5c9 hack: no need to git fetch in CI
20383d504b Add support for using Configs as CredentialSpecs in services
04995fa7c7 Add CredentialSpec from configs support
2c8522b0a3 LCOW:Enable image push when files have spaces
e7a9a7cdbc Merge pull request #35355 from x1022as/unless-stop
8e06006717 Merge pull request #37296 from yusuf-gunaydin/lcow_limits
53460047e4 Refactor pkg/sysinfo
93d994e29c Merge pull request #38050 from AkihiroSuda/rootless
ec87479b7e allow running `dockerd` in an unprivileged user namespace (rootless mode)
86bd2e9864 Implemented memory and CPU limits for LCOW.
50e63adf30 Merge pull request #38574 from StefanScherer/improve-no-matching-manifest-error
b17188be39 Merge pull request #38673 from thaJeztah/fix_proto_capitalization
8e293be4ba fix unless-stopped unexpected behavior
b462bba1b0 Bump SwarmKit to fix proto capitalization
d440fea460 Merge pull request #38655 from thaJeztah/override_validate
acf08532a7 Merge pull request #38520 from thaJeztah/fix_update_status_check
94429d4078 Remove use of serviceSpecIsUpdated
0e60e48134 Bump swarmkit to 1a0ebd43b2d156983a695f90e56f4ecba6ced902
87903f2fb5 Merge pull request #38609 from kwojcicki/enhancement/38518-docker_info_builder_version
8a43b7bb99 Merge pull request #38570 from thaJeztah/keep_your_head_up
fc4a40b510 Merge pull request #38658 from thaJeztah/use_stable_cli
7e7e100be0 Add HEAD support for /_ping endpoint
393838ca5e Merge pull request #38569 from thaJeztah/forget_about_it
22e4f12e5f Merge pull request #38653 from sreis/38636-fix-nil-pointer-dereference
468eb93e5a Use 17.06 stable channel for CLI used in CI
5a2f15b5d5 Merge pull request #38625 from thaJeztah/remove_docs_role
2a08f33166 Allow overriding repository and branch in validate scripts
44af96c0fc Merge pull request #38634 from kolyshkin/cp-longname
3134161be3 Fix nil pointer derefence on failure to connect to containerd
0d9dc3f4b5 Merge pull request #38604 from thaJeztah/remove_deprecated_newclient
8b10292153 Merge pull request #38644 from yongtang/fatalf
5fba9b32b3 Merge pull request #38635 from JoeWrightss/patch-3
3a4bb96ab7 Remove use of deprecated client.NewClient()
5801c04345 Merge pull request #38380 from olljanat/capabilities-support
0cde75e2ea Merge pull request #38398 from RaviTezu/replace_gotty_with_aec
f04e8bb075 Fatalf -> Fatal
6351619e2c Merge pull request #38606 from thaJeztah/move_client_opts
974294600f Fix some typos in ROADMAP.md
f55a4176fe pkg/archive:CopyTo(): fix for long dest filename
27c7178933 Merge pull request #38629 from thaJeztah/bump_golang_1.11.5
20b34412dc Bump Golang 1.11.5 (CVE-2019-6486)
e017717d96 keep old network ids
de86ba27fb Merge pull request #38598 from yongtang/serviceRunningTasksCount
89ce20fa25 Merge pull request #38603 from thaJeztah/remove_deprecated_daemonhost
2cb25409c2 Remove "docs maintainers" section
528ca931e6 Merge pull request #38621 from fntlnz/fix/reviewing-merge-label
c133553154 REVIEWING.md: Fix status 4 merge label
0ecba1523d Merge pull request #38422 from debayande/even-more-names-redux
80d7bfd54d Capabilities refactor - Add support for exact list of capabilities, support only OCI model - Support OCI model on CapAdd and CapDrop but remain backward compatibility - Create variable locally instead of declaring it at the top - Use const for magic "ALL" value - Rename `cap` variable as it overlaps with `cap()` built-in - Normalize and validate capabilities before use - Move validation for conflicting options to validateHostConfig() - TweakCapabilities: simplify logic to calculate capabilities
f821f002e5 Adding builder version
8d7889e510 Merge pull request #38605 from thaJeztah/explicit_nilerror_check
69d9ff3455 Move deprecated client constructors to a separate file
01eb35bfb3 Move client-opts to a separate file
3449b12cc7 Use assert.NilError() instead of assert.Assert()
3105ca26dc integration-cli: remove deprecated daemonHost() utility
e485a60e2b Move serviceRunningTasksCount to integration/internal/swarm
1990a3e409 replace gotty with aec, since gotty hasn't been updated since very long time and aec can drop in for gotty Signed-off-by: RaviTeja Pothana <ravi-teja@live.com>
5ec31380a5 Merge pull request #38481 from thaJeztah/run_volume_tests_remotely
64fd09bd29 Merge pull request #38553 from thaJeztah/faster_api_node_drain_pause
bba833928c Merge pull request #38487 from LinuxMercedes/error-on-empty-dockerfile
0dc531243d Merge pull request #38554 from thaJeztah/check_for_errors
4b9db209fe Improve 'no matching manifest' error
5ebb679598 Merge pull request #38544 from thaJeztah/dont_sprintf
cd60e8a752 Merge pull request #38547 from yongtang/waitAndAssert
e21f50cbf0 Merge pull request #38572 from yongtang/assert.NilError
b5be9f63eb Merge pull request #38567 from thaJeztah/use_the_skip
38015177d8 Merge pull request #38557 from thaJeztah/remove_duplicated_code
a827f17306 Merge pull request #38552 from thaJeztah/improve_test_events_filter_labels
508e5f7b70 Merge pull request #37974 from thaJeztah/add_more_component_versions
834801a4e5 Merge pull request #38568 from thaJeztah/fix_ping_test
52475f8dd5 Replace t.Fatal(err) with assert.NilError(t, err)
a0674481ee Merge pull request #38566 from thaJeztah/fix_task_logs_swagger
68e266ee3a Replace waitAndAssert in config_test.go with poll.WaitOn
18c7e8b927 Test: dockerfiles with no instructions are detected
64466b0cd9 Convert parse errors to more informative format
d104a750f9 Update buildkit version -- improved parse errors
8472e04f79 Merge pull request #38555 from yongtang/assert.NilError
ef91b404ef Merge pull request #38524 from thaJeztah/update_docker_py
b8277edd9c Merge pull request #38546 from thaJeztah/wait_a_second
2137b8ccf2 Add containerd, runc, and docker-init versions to /version
5f788fbf56 Add Cache-Control headers to disable caching /_ping endpoint
46b80550c1 Fix ping-tests using wrong status-code
c11be31710 TestCgroupDriverSystemdMemoryLimit: use skip.If()
5ccc0714f7 Swagger: fix "task logs" outside of "tasks" section
beef00cb26 Merge pull request #38558 from thaJeztah/pass_client_instead_of_daemon
a3f626d101 Merge pull request #38543 from thaJeztah/save_the_environment
56a68c15f8 Integration tests: remove some duplicated code, and preserve context
60d93aab2e Refactor TestInspectNetwork
8172edf04c GetRunningTasks: pass client instead of daemon
0e15c02465 Make TestEventsFilterLabels less flaky
32f6aeee8a Replace t.Fatal(err) with assert.NilError(err)
2e326eba70 Add missing error-check in TestAPISwarmManagerRestore
ebdc9a3afc Slightly speed up TestAPISwarmNodeDrainPause
ebc0750e9f Merge pull request #38459 from JoeWrightss/patch-2
1ac557c506 Merge pull request #38548 from yongtang/networkIsRemoved
28b7824caa Remove code duplication and consolidate networkIsRemoved
e3c03d172e Merge pull request #38545 from thaJeztah/integration_on_swarm_nits
973ca00d60 reduce flakiness of TestSwarmLockUnlockCluster and TestSwarmJoinPromoteLocked
8f158db4ed pkg/signal.TestTrap: use a subtest
c855d411bf testing: pkg/signal; remove redundant fmt.Sprintf()
ead47f0a83 no need to set exec.Env to os.Environ() as it's the default
b84bff7f8a Fix: plugin-tests discarding current environment
ad2765b35e Merge pull request #38523 from olljanat/flaky-test-finder
c7444a4f31 Merge pull request #38537 from vdemeester/update-code-owners
295413c9d0 Merge pull request #38533 from kolyshkin/derek
89e3a4af62 fix code typo
f25972151b Merge pull request #38530 from SUSE/fix-config-segfault
66210fae70 .DEREK.yml: add myself
5d5798c7cc Merge pull request #38527 from thaJeztah/bash_the_bashisms
c0c05affc7 Update docker-py to 3.7.0
8a8fd37f6f CI: Introduce flaky test finder
3efd75b972 Merge pull request #38529 from thaJeztah/improve_make_help
4627bc8a26 Remove myself from codeowners 😅
7f3910c92e Fix possible segfault in config reload
202c9d8c98 Makefile: make help: fix newline wrapping, and missing targets
2a5405bedd Run volume-tests again remote daemons as well
37498f009d Shell scripts: fix bare variables
c3650770cc Revert "Bash scripts; use double brackets, fix bare variables, add quotes"
b4842cfe88 Merge pull request #38354 from thaJeztah/fix_ipam_swagger
3f2ecb5452 Merge pull request #38515 from yongtang/01082019-oll.WaitOn
cb501886db Merge pull request #38456 from thaJeztah/make_errdefs_idempotent
156b2abd0c Merge pull request #38472 from thaJeztah/remove_debugging_code
9dd43415ae Merge pull request #38499 from olljanat/change_serviceIsUpdated2
0492b0997b Use poll.WaitOn in authz_plugin_test.go
b868ada474 integration: Corrected service update tests logic
77df18c24a Merge pull request #38509 from thaJeztah/bump_containerd_v1.2.2
27cc170d28 Bump containerd to v1.2.2
f9dbd383bb Merge pull request #38418 from thaJeztah/mega_power
e8592828eb Merge pull request #38482 from thaJeztah/skip_consistently
263e28a830 Fix some minor wording / issues
69c0b7e476 Simplify skip checks
84224935ea Only build IPCmode tests on Linux
a3948d17d3 Improve consistency in "skip"
545d00e752 Merge pull request #38416 from thaJeztah/fix_build_session_test
f5238762a8 Merge pull request #38480 from thaJeztah/run_slow_test_parallel
16df93c231 Merge pull request #38497 from yongtang/go-vet
7315a2bb11 Fix go vet issue in daemon/daemon.go
8edcd4c3cd integration: wait for service update to be completed
2ee53a42db Merge pull request #38490 from kolyshkin/test-rename-anon-ct
55b5b8de79 Merge pull request #38486 from thaJeztah/dont_use_deprecated_envclient
926edd68a5 Merge pull request #38493 from thaJeztah/skip_kmem_tests_on_rhel
b958b430aa Merge pull request #38417 from thaJeztah/replace_newclient
0104abf0d6 Merge pull request #38409 from innovimax/patch-1
5a718ef0f9 Merge pull request #38496 from Microsoft/jjh/dockerfile.windows
6825db8c94 Merge pull request #38450 from thaJeztah/remove_deprecated_grpc_functions
3bcf582366 Add note to Dockerfile.windows
1e1156cf67 Skip kernel-memory tests on RHEL/CentOS daemons
de640c9f49 Merge pull request #38038 from AkihiroSuda/ubuntu-overlayfs
74ad4f2d2c Merge pull request #38423 from olljanat/disable-integration-tests-on-z-and-powerpc
ae3ca7bb97 Run TestImportExtremelyLargeImageWorks in parallel
2ca6896aee TestRenameAnonymousContainer: fix error msg
c8ff5ecc09 Remove use of deprecated client.NewEnvClient()
2b7e084dc9 Merge pull request #38473 from thaJeztah/use_testenv_client
e78a3dca21 Merge pull request #38477 from yongtang/38407-follow-up
0de62d9bbc Integration: use testenv.APIClient()
4d88a95d67 Don't mix t.Parallel() wth environment.ProtectAll()
264775b52b Make errdefs helpers idempotent
3f7898cfcd Merge pull request #38451 from thaJeztah/skip_test_info_warnings
9a6b704fac Merge pull request #38464 from thaJeztah/wrap_some_errors
1930e8eb2e Merge pull request #38455 from thaJeztah/add_errdefs_nil_check
0281db99a9 Follow up to PR 38407
626022d0f6 Merge pull request #38407 from maximilianomaccanti/master
f9fedf1308 TestBuildMultiStageParentConfig: remove unneeded sleep and ImageList call
e0e9942dc5 Merge pull request #38419 from thaJeztah/fix_nuke_everything
27234ffe3e Merge pull request #37564 from adshmh/migrate-docker_cli_service_update_test-to-integration-service-fixed-flake
8f93a33755 Merge pull request #35894 from joninvski/improve-syslog-logger-unit-test-coverage
744940056d client/request: wrap some errors
43a8ec654b Add missing nil-check on errdefs.Unavailable()
72b0b0387d Replace deprecated grpc.ErrorDesc() and grpc.Code() calls
f76d6a078d Merge pull request #38370 from farnasirim/36413-bind-dir-skip-copy
056840c2a6 Skip TestInfoAPIWarnings on remote daemons
53bb992c3b Merge pull request #38445 from thaJeztah/dont_use_deprecated_withdialer
8d3feccfa9 Replace deprecated client.WithDialer()
31348a2936 fix typo
e6d7df2e5d Use BuildKit to skip source code COPY if BIND_DIR set
5ddb1d410a Merge pull request #38426 from thaJeztah/remove_unused_experimental_check
c32f042e2b Merge pull request #38430 from thaJeztah/fix_prefix_double_slash
a7020454ca Add options validation to syslog logger test
be151a73f0 migrated service integration tests from integration-cli/docker_cli_service_update_test.go to integration/service
8fbf2598f5 Merge pull request #37940 from olljanat/replicas-max-per-node
5d5adcd898 Fix double slash after $PREFIX
3587efed6b Merge pull request #38414 from thaJeztah/minor_volume_tweaks
052a20f361 Merge pull request #38424 from thaJeztah/bash_da_bash_bash_bash
43b15e924f Remove SameHostDaemon, use testEnv.IsLocalDaemon instead
362f737e1c Remove unused ExperimentalDaemon, NotS390X, NotPausable requirement checks
9a3911ced8 Fix TestBuildWithSession, TestBuildSquashParent using wrong daemon during test
02157c638b Disabled these tests on s390x and ppc64le: - TestAPISwarmLeaderElection - TestAPISwarmRaftQuorum - TestSwarmClusterRotateUnlockKey
153171e9dd Added support for maximum replicas per node to services
297b30df5f Bash scripts; use double brackets, fix bare variables, add quotes
d147fe0582 Merge pull request #38413 from slp/master
e50f791d42 Makes a few modifications to the name generator.
0d6dd91e13 Move `validateOpts()` to local_unix.go as it is not used on Windows
5580b79813 PowerShell: fix "Nuke-Everything" failing to remove images
755d3057ab PowerShell: Go-version check; only select the first match
6130c89cce PowerShell: remove aliases, use their real commands instead
b394d25f03 PowerShell: move $null to left-hand for comparisons
0f8b616c0c PowerShell: fix mixed tabs/spaces
11b88be247 Remove validationError type, and use errdefs.InvalidParameter
342f7a357a Use a map[string]struct{} for validOpts
d5b271c155 add check for local volume option
2cb7b73a1b Test: Replace NewClient() with NewClientT()
ad8a8e8a9e NewStreamConfig UTest fixes
687cbfa739 Split StreamConfig from New, Utest table driven
512ac778bf Add two configurable options to awslogs driver
2cb26cfe9c Merge pull request #38301 from cyphar/waitgroup-limits
a07fbfbd15 Merge pull request #38411 from kolyshkin/dont-panic
5a52917e4d daemon: switch to semaphore-gated WaitGroup for startup tasks
ab318fa6ca Merge pull request #38403 from thaJeztah/switch_to_alpine_3.8
5846db10af layer/layer_store: ensure NewInputTarStream resources are released
7e7ff2a033 integration-cli/build: don't panic
c77afb700d Merge pull request #38402 from thaJeztah/bump_golang_1.11.4
92b34ec9c6 Merge pull request #38408 from josegonzalez/patch-1
a2d0de6559 Correct spelling error in roadmap
7c8dcebd30 Switch Dockerfile.e2e to alpine 3.8
3770f38647 Bump Golang 1.11.4
bcd817ee6b Merge pull request #38393 from thaJeztah/refactor_container_validation
170ed8d7e7 Merge pull request #38399 from thaJeztah/fix_govet_issues
7e220b3f83 Merge pull request #38266 from thaJeztah/logrus_formatting
b33dc72523 Merge pull request #38335 from yongtang/38258-syslog-rfc5424
f81cafd12b Merge pull request #38381 from thaJeztah/unify_api_version_checks
9c83124302 Fix some go_vet issues
40f245b7c8 Merge pull request #38097 from cpuguy83/roadmap.md
1edf943dc7 Configure log-format earlier, and small refactor
d1117e8e10 Merge pull request #38372 from FabianKramm/fix-darwin-compile
f6002117a4 Extract container-config and container-hostconfig validation
44b360f884 Merge pull request #38391 from olljanat/derek
5fc0f03426 Extract workingdir validation/conversion to a function
c0697c27aa Extract port-mapping validation to a function
e1809510ca Extract restart-policy-validation to a function
6a7da0b31b Extract healthcheck-validation to a function
b6e373c525 Rename verifyContainerResources to verifyPlatformContainerResources
c07d79bcc2 Merge pull request #38369 from thaJeztah/bump_golang_1.11.3
e278678705 Remove unused argument from verifyPlatformContainerSettings
10c97b9357 Unify logging container validation warnings
2e23ef5350 Move port-publishing check to linux platform-check
46c713ab5a Add curators rights for olljanat
57f1305e74 Move "OOM Kill disable" warning to the daemon
419972a714 Merge pull request #38376 from crosbymichael/bump-containerd
8422e6f6fa Merge pull request #38383 from tonistiigi/exec-ctx
c4c4963228 Unify API-version checks
332f134890 libcontainerd: prevent exec delete locking
efba5f8565 Merge pull request #38371 from farnasirim/doc-test-fix-regex
e5d9d72162 Update containerd to aa5e000c963756778ab3ebd1a12c6
eea4977d02 Fix unmount redeclaration on darwin in github.com/docker/docker/pkg/mount
c46c3c1689 Update test.md doc to fix sample test regex
6b7c093b0d Bump Golang 1.11.3 (CVE-2018-16875)
f711f2bdc3 Merge pull request #38360 from thaJeztah/fix_missing_import
d69968d6d3 Fix missing import
56cc56b0fa Merge pull request #38126 from mjameswh/fix-1715
759ad5a981 Merge pull request #38338 from Bevisy/master
f810141387 Merge pull request #38348 from Quasilyte/patch-1
f34727f704 Merge pull request #38316 from dmandalidis/xattr-fix
d4a6e1c44f Merge pull request #38068 from kolyshkin/err
a5dd68186c Swagger: fix definition of IPAM driver options
62d80835ab Merge pull request #38342 from crosbymichael/oci-refactor
560ac1c996 Merge pull request #38135 from moredhel/defer-container-interface
510805655b Merge pull request #38265 from AkihiroSuda/remove-migrate-v1
b940cc5cff Move caps and device spec utils to `oci` pkg
a5c185b994 registry: use len(via)!=0 instead of via!=nil
4555ae59e4 Merge pull request #38294 from jaswdr/issue-38096
d0192ae154 Ignore xattr ENOTSUP errors on copy (fixes#38155)
6533136961 pkg/mount: wrap mount/umount errors
90be078fe5 pkg/mount: refactor Unmount()
2f98b5f51f aufs: get rid of mount()
77bc327e24 UnmountIpcMount: simplify
8072e62d83 pkg/system/stat_unix: wrap errors in PathError
65f669331a delete unnecessary blank lines
3e44f58966 Merge pull request #38142 from thaJeztah/fix_api_return_code
ec153ccfc8 pkg/archive: add TestReexecUserNSOverlayWhiteoutConverter
037e370de1 pkg/archive: annotate tests that requires initial userns
f8ed19c8b4 pkg/archive: support overlayfs in userns (Ubuntu kernel only)
6e3113f700 Merge pull request #38327 from andrewhsu/ctrd
0cd6eabeef Merge pull request #38339 from tonistiigi/update-buildkit
126f371e47 Fix mistake in docs/contributing/test.md running specific unit test (#38096)
ce58fcedd8 Merge pull request #38292 from AkihiroSuda/fix-pkg-archive-xattr-test
32f4805815 vendor: update buildkit to d9f75920
7bfd8a7a72 Merge pull request #38336 from yongtang/12082018-go-vet
1082d1edf2 go vet fix for TestfillLicense
fa6dabf876 Add zero padding for RFC5424 syslog format
edf5134ba7 Merge pull request #38323 from nostrad/fix-deb-security-check
78045a5419 use empty string as cgroup path to grab first find
75c4b74155 vndr libnetwork to adjust for updated runc
615eecf8ac update containerd to v1.2.1
a4a816b6bb Merge pull request #38328 from andrewhsu/abbr
1014b2bb66 update just installer of containerd to 1.2.1
5a9cb68eb3 Merge pull request #38314 from gaozhenhai/master
8db540370c mkimage: Fix Debian security presence check
1895e082b6 Merge pull request #38313 from Microsoft/jjh/hcsshim08
ce67af6938 Fix log output format
05151dcc39 Windows:Bump HCSShim to v0.8.3
65d9a5dde5 Merge pull request #38267 from thaJeztah/wrap_errors
6a3d1e3e3e Unify the defer syntax
ad1354ffb4 Merge pull request #38305 from OmriShiv/master
5480e74971 Merge pull request #38299 from jaswdr/issue-38285
fe1083d462 fix typo
49217e7b2d Merge pull request #37302 from cyphar/nis-domainname
64e52ff3db Masked /proc/asound
f38ac72bca oci: add integration tests for kernel.domainname configuration
7417f50575 oci: include the domainname in "kernel.domainname"
a8d2b29e8d Use errors.Wrap() in daemon/config
a2e384682b Use idtools.LookupGroup instead of parsing /etc/group file for docker.sock ownership
baab736a36 Merge pull request #38291 from tonistiigi/builder-networking-performance
9ddd6e47a9 pkg/archive: fix TestTarUntarWithXattr failure on recent kernel
bcf1967dd0 builder: delete sandbox in a goroutine for performance
1ad272c7e4 builder: set exernalkey option for faster hook processing
852542b397 Merge pull request #38284 from cpuguy83/context_in_api
8391a667d6 Merge pull request #38281 from thaJeztah/kernel_memory_tcp_docs_touchups
1b22bc52fa Merge pull request #38282 from thaJeztah/kernel_memory_tcp_warnings
05390c4f6e Rely on request.Context() cancellation
d5916f6393 Update gorilla/mux
bb7de1f7cb Minor docs touch-ups for KernelMemoryTCP support
6f70946a27 Add warning to /info if KernelMemoryTCP is not supported
d3e75e4220 Merge pull request #37043 from yongtang/37038-kernelTCP
6fa149805c Merge pull request #37638 from jterry75/devices_windows
2555344858 Merge pull request #38278 from Microsoft/jjh/busyboxstage2
561e0f6b7f Windows: Bump busybox to v1.1
ed37f60b86 Merge pull request #38263 from gaozhenhai/master
ae7210f79d Merge pull request #38277 from Microsoft/jjh/busybox
ee74cd777a Skip KernelMemoryTCP if version is less than 1.40
f023816608 Add memory.kernelTCP support for linux
ea3ac621e3 Merge pull request #37982 from Microsoft/jjh/archive
c7a3c3cd94 Merge pull request #38239 from tiborvass/filters-clone
4a74a46f44 Update roadmap to reflect reality.
56b732058e pkg/archive fixes, and port most unit tests to Windows
14c8b67e51 Windows:Tie busybox to version
b466101d43 Fix log output when don't use formatted
b0de11cf30 Add test for status code on conflicting service names
0b7cb16dde Merge pull request #38102 from selansen/master
1fea38856a Remove v1.10 migrator
618741ba87 Merge pull request #38171 from ZYecho/fix-multi-images-filter
32180ac0c7 VXLAN UDP Port configuration support This commit contains changes to configure DataPathPort option. By default we use 4789 port number. But this commit will allow user to configure port number during swarm init. DataPathPort can't be modified after swarm init. Signed-off-by: selansen <elango.siva@docker.com>
a7ce3140f5 Vendor commit for VXLAN UDP Port configuration support This commit brings Swarmkit and Libnetwork library changes Signed-off-by: selansen <elango.siva@docker.com>
74baf62f4b Merge pull request #38245 from thaJeztah/bump_containerd_v1.2.1
5007c36d71 cli: fix images filter when use multi reference filter
c58cd154f5 Merge pull request #38231 from adshmh/bump-swarmkit-tmpfs-exec-option
b2d99865ea Add --device support for Windows
cf5d4aa1ad Merge pull request #38204 from thaJeztah/check_for_more_ipvs_options
2483e03531 Merge pull request #38238 from tiborvass/fix-38208
e6244aa598 Merge pull request #38226 from tonistiigi/nil-credentials
b1d28ee6bb Merge pull request #38244 from tonistiigi/vendor-buildkit
2fb5de68a9 Update containerd to v1.2.1-rc.0
59eacf28d6 filters: add Clone() method
6204eb0645 vendor: update buildkit to v0.3.3
62923f29f5 builder: ignore `label` and `label!` prune filters
369da264ba builder: deprecate prune filter `unused-for` in favor of `until`
bce98f9a3e bump swarmkit to bc032e24784ea618044ee438fedec3458abb2ef9 to vendor exec option for tmpfs
68cbc3712c Merge pull request #38168 from crosbymichael/ctd12
04287e4934 Merge pull request #38196 from thaJeztah/fence_default_addr_pools
6c51d0707d Merge pull request #38219 from gowalking/master
effb2bd9d2 builder: avoid unset credentials in containerd
d13528c635 wip: bump containerd and runc version
7af4c904b3 Bump containerd binary to fix shim hang
fc0038a3ed Update runc to 58592df56734acf62e574865fe40b9e53e967910
8674930c84 Update containerd to v1.2.0
287144db42 Merge pull request #38213 from thaJeztah/add_note_about_runc_vendoring
92d545552f Merge pull request #38218 from thaJeztah/fix_default_addr_pools_swagger
e6b56ffed7 Merge pull request #38216 from thaJeztah/bump_sys
f11b87bfca Merge pull request #37831 from cyphar/apparmor-external-templates
7c5cf58328 Fix a typos in layer_windows.go
2e8c913dbd Add missing default address pool fields to swagger
826da28efa Bump golang.org/x/sys to 90868a75fefd03942536221d7c0e2f84ec62a668
da3810d235 Add a note about updating runc / runc vendoring
44e1c6ce81 Add CONFIG_IP_VS_PROTO_TCP, CONFIG_IP_VS_PROTO_UDP, IP_NF_TARGET_REDIRECT to check-config.sh
7632ccbc66 Ignore default address-pools on API < 1.39
758255791e Merge pull request #38177 from mooncak/fix_duplicate
345d1fd089 Cleanup duplication in daemon files
a5e2dd2bb1 Merge pull request #38128 from kolyshkin/runc
13e9563d42 Merge pull request #38123 from thaJeztah/bump_swarmkit
279452fedd Merge pull request #38159 from thaJeztah/bump_toml_0.3.1
1e7c43dfae Merge pull request #38161 from thaJeztah/listen_very_carefully_I_shall_say_this_only_once
a7fe1ae2c2 Remove duplicate CONTRIBUTING.md
6b0b9962da Bump BurntSushi/toml to v0.3.1
06a4fd5009 Merge pull request #38141 from thaJeztah/handle_invalid_json
bd224b5fe5 Merge pull request #38003 from AkihiroSuda/non-recursive-bind
bb1914b195 Merge pull request #38125 from kangp3/add_scheme_override
c7b488fbc8 API: properly handle invalid JSON to return a 400 status
2f902930e9 Merge pull request #38143 from thaJeztah/bump_golang_1.11.2
8972aa9350 runc.installer: add nokmem build tag for rhel7 kernel
d022271796 Merge pull request #37845 from wk8/wk8/allow_arbitrary_docker_run_flags
335736fb01 Bump runc
c21c9b5fad Merge pull request #38053 from tiborvass/bk-fix-filters
bfc62bb1f9 Merge pull request #38145 from thaJeztah/bump_containerd_client_only_v1.2.0
596cdffb9f mount: add BindOptions.NonRecursive (API v1.40)
48620057be builder: fix bugs when pruning buildkit cache with filters
12bba16306 Merge pull request #38029 from lifubang/checkpointrm
dd7799afd4 update containerd client and dependencies to v1.2.0
e80ee5206e Bump Golang to 1.11.2
22d3946d6c Merge pull request #38117 from cpuguy83/volume_docstrings
b092ced7e6 Merge pull request #38122 from mjeromin/38070-go-command-detect
60ec93f7c2 Fix error handling when go command is missing
1124543ca8 seccomp: allow ptrace for 4.8+ kernels
35985ca087 Merge pull request #38133 from thaJeztah/cleanup_volume_tests
be17863fb1 Merge pull request #38136 from dnephin/remove-myself-from-codeowners
60db693e48 Remove myself from codeowners of client/**
3fccc47a09 Merge pull request #38127 from kolyshkin/int-fixes
e81d84971f Fix some doc strings in the volume package
b334198e65 Enable volume tests on Windows
05e18429cf Integration test: use filepath.Join() to make path cross-platform
8e8cac8263 Some improvements to TestVolumesInspect
2ed512c7fa integration-cli/Test*Swarm*: use same args on restart
06afc2d1e6 TestAPISwarmLeaderElection: add some debug
24cbb98971 docker_cli_swarm_test: factor out common code
6016520162 internal/test/daemon: don't leak timers
73baee2dcf integration-cli: fix netns test cleanup
66cb1222d6 docker_cli_swarm_test.go: rm unused arg
be2f7ce3ca Add an op func to override Client.scheme
46652b00ad Merge pull request #38120 from thaJeztah/bump_libnetwork
be3843c8c8 Bump SwarmKit to 8d8689d5a94ac42406883a4cef89b3a5eaec3d11
87558ad4dd update libnetwork to fix iptables compatibility on debian
104cbc0780 Merge pull request #38115 from thaJeztah/fix_double_scheme
1434204647 Fix double "unix://" scheme in TestInfoAPIWarnings
547f11d84c Merge pull request #38103 from tonistiigi/cluster-grpc-limits
99a7a4dcd0 checkpoint rm fail
aea6fdf3d3 Allow to override the Makefile's `DOCKER_MOUNT` variable
4822fb1e24 apparmor: allow receiving of signals from 'docker kill'
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
It depends on virtual/containerd which is provided by
containerd-opencontainers, so set the same COMPATIBLE_HOST as the last one.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Generally, our host gcc version below 8.0, but cross toolchain in yocto
above 8.0, now 8.3, the option "macro-prefix-map" coming from 8.0, so if
the host gcc below 8.0, it can't unrecognized the option "macro-prefix-map".
In criu source code, the HOSTCFLAGS coming from CFLAGS:
https://github.com/checkpoint-restore/criu/blob/criu-dev/Makefile#L17
In yocto project, the CFLAGS coming from the cross toolchain, containing
the "-fmacro-prefix-map" default, so we should use the BUILD_CFLAGS, it
contains the flags that used for host building.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
There are multiple different tools/techniques to generate OCI images.
Many of these techniques are part of more complex workflows, or have
many options that are needed as part of a larger system or are needed
to provide flexibility in the tooling (i.e. they construct the
container as well as build the OCI image, or they can push directly
to a registry, etc).
What we want within the build context of bitbake/oe is to not
duplicate work that is done by bitbake, the other image bbclasses
or the runtime part of the ecosystem. This means only the construction
of an image-spec v1.x image without dependencies on build, or execution
of the container within a tool. We'd also like the tool to not pull
in multiple, unused dependencies that must be built native/native-sdk,
etc, to support the simple use case.
The requirements above exclude (for now) tools such as skopeo, umoci,
buildah, img, orca-build, kaniko, scratchbuild, etc. Leading us to
a from-scratch implementation .. or enter sloci-image.
sloci-image is a simple CLI for packing a rootfs into a single layer
OCI image. It can easily be extended, or ported to other language
implementations in the future. But it brings nearly no native
dependencies and is a pure/clean implementation of the image spec
that integrates nicely in an oe/bitbake environment.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This module is part of the perl package now and is shipped by default.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Use git hash which addresses CVE-2019-5736. Use the same git hash
used in top of Docker 18.09 branch.
Changes in runc since
6635b4f0 merge branch 'cve-2019-5736'
0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
dd023c45 merge branch 'pr-1972'
Fixes: CVE-2019-5736
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The only thing which docker uses /etc/docker for is a TLS key for
connecting with other TLS-enabled services. Make /etc/docker a symlink
to the existing docker volatiles directory so that we can use docker on
a read-only rootfs.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
refreshing the containerd support to 1.2.x. We have to tweak the package
linking and update the go compile patch, but otherwise, the build is
unchanged.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This recipe does not build for mips, so set COMPATIBLE_HOST to avoid that.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This change reduces the length of ${PV} for several recipes and gives us
auto-incrementing version numbers.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If we're building runc-opencontainers it's likely that we're not using
docker.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A very small # of new commits. Most are minor bug fixes, no feature
work. I looked at adding ptests but the tests are mostly in an
unusable state at the moment, for example several require cgm despite
cgmanager being deprecated. So I have opted to continue without them
and only when we can work with upstream to improve their testing can
we seriously consider adding them.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When CRIU is called for a first time and the /run/criu.kdat file does
not exists, the following warning is shown:
Warn (criu/kerndat.c:847): Can't load /run/criu.kdat
This patch is replacing this warning with a more appropriate debug
message.
File /run/criu.kdat does not exist
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Fix numerous docker.init issues such as missing runtime dependency
util-linux-unshare, incomplete handling of start/stop etc. operations
and minor typos.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
docker/k8s and other components have been refreshed to the 18.09 release
tags. So we update runc to keep in sync.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Infrastructure changes triggered updated to supporting parts of the
docker stack, so to make sure that everything stays in sync we update
to the 18.09 release.
There were some minor build differences in this update, but in the
end, things are better since we can use some more of the Make infrastructure
versus calling 'go build' directly.
Also, docker-ce and docker are now virtually the same, except for the
moby based docker pulling in the cli and libnetwork repos independently.
There should be virtually no difference between the results, but we still
keep the two variants for flexibility.
We also drop the unused/legacy 'hi.Dockerfile'.
Tested with both kubernetes and docker unit tests.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Since kubernetes is now on 1.12, we need to sync our cri-o release
to match.
There are some build changes to the utilities, and a patch refresh,
but otherwise, this is very similar to the exiting build of cri-o.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We aren't running any ptests for cri-o (it is hard to test in
isolation), and the update to go 1.11 has broken the build in the
ptest phase.
For now, we remove the task to get the build running again.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The update to go 1.11 exposed some issues with the cross compilation of
kubernetes. The best way to fix those issues is to uprev to 1.12 and to
inhibit the building of the test modules (which query the host for
infrastructure that is not present).
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* Refresh patch to avoid fuzz warnings
* Update to 3.0.2 as lxc-destroy failed when
system boot in nfs rootfs in lxc 3.0.1 as below:
# lxc-destroy -n test9
lxc-destroy: test9: utils.c: _recursive_rmdir: 149 Failed to delete /var/lib/lxc/test9
lxc-destroy: test9: lxccontainer.c: container_destroy: 2946 Failed to destroy directory "/var/lib/lxc/test9" for "test9"
Destroying test9 failed
Update to 3.0.2 to fix the above issue
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
oci-image-tools-0.2.0-dev+gitAUTOINC+4abe1a166f-r0 do_package_qa:
QA Issue: ELF binary 'work/aarch64-poky-linux/oci-image-tools/
0.2.0-dev+gitAUTOINC+4abe1a166f-r0/packages-split/oci-image-tools/
usr/sbin/oci-image-tool' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-oci-image-tools = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-oci-image-tools = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
WARNING: docker-18.03.0+git708b068d3095c6a6be939eb2da78c921d2e945e2-r0
do_package_qa: QA Issue: ELF binary 'work/aarch64-poky-linux/docker/
18.03.0+git708b068d3095c6a6be939eb2da78c921d2e945e2-r0/packages-split/
docker/usr/bin/docker' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-docker = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-docker = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: ELF binary
'work/aarch64-poky-linux/docker-distribution/v2.6.2-r0/packages-split/
docker-registry/usr/sbin/registry' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-docker-distribution = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-docker-distribution = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
when bitbake lib32-docker-distribution, we might met below
warning:
lib32-docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: No GNU_HASH
in the elf binary: 'work/core2-32-wrsmllib32-linux/lib32-docker-distribution
/v2.6.2-r0/packages-split/lib32-docker-registry/usr/sbin/registry' [ldflags]
which caused by "INSANE_SKIP_docker-registry += "ldflags already-stripped"
don't cover case for multilib, so add multilib prefix MLPREFIX
to fix it.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
oci-runtime-tools-0.1.0+gitAUTOINC+6e7da8148f-r0 do_package_qa: QA Issue:
ELF binary 'work/aarch64-poky-linux/oci-runtime-tools/0.1.0+gitAUTOINC+6e7
da8148f-r0/packages-split/oci-runtime-tools/usr/sbin/oci-runtime-tool'
has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-oci-runtime-tools = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-oci-runtime-tools = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This recipe was originally written and included in meta-overc as it
was used by the overc framework so we implemented it there to sort out
the kinks. Since this package is not specific to the OverC framework
and people may be interested in including it in their images without
having any interest in the OverC framework we are moving this recipe
here, alongside lxc and other container related recipes.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
containerd does not support mips since it depends on boltdb which does not
support mips.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When runing:
lxc-create -t download -n test
The system reports that the getopt command can't find. This is because
the lxc-download template depends on getopt command. So add the runtime
depends on util-linux-getopt for lxc.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A fairly straightforward uprev requiring minimal patch refreshing
since a few hunks were failing due to conflicts with upstream updates.
Unfortunately upstream starting using the now overloaded "PYTHON"
variable in their Makefiles, this is not the path to the python
executable but rather the name 'python2' or 'python3' which is used to
determine which local directories to include. Due to this we must
explicitly assign values to 'PYTHON_FULL' and 'PYTHON'. We use
'python2' since we are using 'setuptools' and therefore are explicitly
using python v2, at some point we might want to make this recipe work
with either python v2 or v3 but for now we continue to explicitly use
v2.
Instead of using version specific filename we switch to using _git.bb
which is inline with similar 'git' recipes found in oe-core and other
repos.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We use the systemd service file from within the docker git
repo. Removing the unused recipe space version, since it is
invalid and causes confusion.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Without this, our go build will throw the following QA error during the
build:
ERROR: kubernetes-1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubern
etes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/apiextensions-apiserver'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/deepcopy-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/defaulter-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/genswaggertypedocs'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/linkcheck'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/openapi-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/genyaml'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/conversion-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/gendocs'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/ginkgo' [ldflags]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* Keep variables close to the function they are used in, so R(untime)DEPENDS goes below do_install, PV next to SRCREV, etc.
* Don't use =+ as multiline seperator, it's a *very* heavy bitbake operation.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A previous commit changed do_installed to install everything, not just
kube*, adjust PACKAGES to keep ${PN} empty as it was before.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
'make all' uses 'uname' to select the build target, leading to compile failures like this:
| arm-angstrom-linux-gnueabi-gcc: error: unrecognized command line option '-m64'
After providing the proper arch to the makefile it will try to use a hardcoded compiler:
| # runtime/cgo
| exec: "arm-linux-gnueabihf-gcc": executable file not found in $PATH
Fix that up by removing all hardcoded 'CC' entries in golang.sh
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1) Upgrade criu from 3.4 to 3.9.
2) Delete fix-building-on-newest-glibc-and-kernel.patch for it has been merged in upstream.
3) Add CFLAGS_arm += "-D__WORDSIZE"
add this CFLAGS to solve the compile problem for arm.
The log is as following:
| ....../tmp/work/armv5e-poky-linux-gnueabi/criu/3.9+gitAUTOINC+202b7745bd-r0/recipe-sysroot/usr/include/bits/wordsize.h:36:2: error: #error "__WORDSIZE is not defined"
| #error "__WORDSIZE is not defined"
| ^
| ....../tmp/work/armv5e-poky-linux-gnueabi/criu/3.9+gitAUTOINC+202b7745bd-r0/recipe-sysroot/usr/include/bits/wordsize.h:59:2: error: #
4) Add export C_INCLUDE_PATH="${STAGING_INCDIR}/libnl3"
add C_INCLUDE_PATH to solve the compile problem for arm.
which is libnetlink.c can't find head file.
| In file included from criu/libnetlink.c:5:
| ....../tmp/work/armv5e-p
| oky-linux-gnueabi/criu/3.9+gitAUTOINC+202b7745bd-r0/recipe-sysroot/usr/include/libnl3/netlink/attr.h:15:10: fatal error: netlink/netlink.h: No such file or directory #include <netlink/netlink.h>
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Updating to the 1.11 kubernetes release. This includes the standard
set of features, updates and bug fixes.
One build element of note is 1.11+ requires go 1.10.2+, so the following
must be set in your configuration: GOVERSION = "1.10%"
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
tini is licensed under the MIT license instead of Apache-2.0.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
- Bug fix release
- Fixes gcc8 build failures
- Update patch for fuzz issues.
- remove --disable-python and --disable-lua as they have been removed
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The tests are already built when we do_compile so we only need to copy
them to the ptest path and create a wrapper script to run them. This
has the added benefit of reducing the size of the lxc package.
We have to manipulate the test sources some to remove gpg validation
and a few other minor changes, none of which actually change what is
being tested (notes are provided in the associated commit logs).
The following are the ptest results currently acheived:
### Starting LXC ptest ###
./tests/lxc-test-api-reboot FAIL
./tests/lxc-test-apparmor SKIPPED
./tests/lxc-test-attach PASS
./tests/lxc-test-automount PASS
./tests/lxc-test-autostart PASS
./tests/lxc-test-cgpath PASS
./tests/lxc-test-cloneconfig PASS
./tests/lxc-test-clonetest PASS
./tests/lxc-test-concurrent PASS
./tests/lxc-test-config-jump-table PASS
./tests/lxc-test-console PASS
./tests/lxc-test-console-log PASS
./tests/lxc-test-containertests PASS
./tests/lxc-test-createconfig PASS
./tests/lxc-test-createtest PASS
./tests/lxc-test-criu-check-feature PASS
./tests/lxc-test-destroytest PASS
./tests/lxc-test-device-add-remove PASS
./tests/lxc-test-get_item PASS
./tests/lxc-test-getkeys PASS
./tests/lxc-test-list PASS
./tests/lxc-test-locktests PASS
./tests/lxc-test-lxcpath PASS
./tests/lxc-test-may-control PASS
./tests/lxc-test-no-new-privs PASS
./tests/lxc-test-parse-config-file PASS
./tests/lxc-test-raw-clone PASS
./tests/lxc-test-reboot PASS
./tests/lxc-test-rootfs PASS
./tests/lxc-test-saveconfig PASS
./tests/lxc-test-share-ns PASS
./tests/lxc-test-shortlived PASS
./tests/lxc-test-shutdowntest SKIPPED
./tests/lxc-test-snapshot PASS
./tests/lxc-test-startone PASS
./tests/lxc-test-state-server SKIPPED
./tests/lxc-test-utils PASS
Results:
PASSED = 33
FAILED = 1
SKIPPED = 3
(for details check individual test log in ./logs directory)
### LXC ptest complete ###
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We have a new dependency on 'mountpoint' which is now called in the
download template script. We also hit an upstream bug due to improper
use of 'mktemp', so we apply a patch to fix this and sent the fix
upstream as well.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Update to the latest lxc release. This requires some minor patch
updates (fuzz and offset, not content) along with dropping a no longer
needed fix for gcc7 (gcc 7.3 is everywhere and is patched).
The ptests were already busted before the uprev so I was not able to
run them but I will follow up with a fix for this. I did run against
our usual usecases 'lxc-create', 'lxc-console', 'lxc-ls',
'lxc-destroy', 'lxc-start', 'lxc-execute', 'lxc-attach'... and there
were no issues (outcomes matched v2.0.8).
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This removes the warning that docker can't find docker-init
in PATH.
This recipe is based on the recipe from meta-resin.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Adding missing RDEPENDS on iptables, the lxc-net service will fail
without this. Use the new 'pkg_postinst_ontarget_' instead of failing
out to signal runtime postinst scripts, this conforms with the latest
expectation for bitbake. The interfaces file is specific to sysvinit
and unneeded for systemd so block the creation of these files only
when building for sysvinit.
Lastly add a default 'lxc-net' file. Since we have a separate
lxc-networking package we can complete it with this configuration
which is sourced by '/etc/default/lxc' (which is part of the core lxc
package). In doing this we are like Debian when the lxc-networking
package is not installed in the image, and like Ubuntu when it is.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Without this we get:
ERROR: Missing required tool: wget
When attempting to do something like:
lxc-create -n ubu -t download -- --no-validate -d ubuntu -r xenial
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This was renamed back in v1.1.0 but I suppose most folks have been
buiding for systemd or were not using this functionality and it went
unnoticed.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
For some packages we include a -setup package which can be installed
as part of an image to complete a more comprehensive setup of the main
package. This is common for example in meta-cloud-services since many
OpenStack packages have extensive setup.
The -setup package for lxc did at one point do comprehensive setup but
over time this has been moved to the -networking package. Now the
-setup package is only being used as a container for the systemd
service files or sysvinit scripts. This can better be accomplished by
setting appropriate runlevels for the initscripts or disabling or
masking the systemd services (via SYSTEMD_AUTO_ENABLE).
This also fixes some confusion or what might be considered a bug
around -setup and -networking packages as the -setup package was
mopping up the lxc-net.service file, instead of it being included in
the -networking package.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This requires libseccomp from meta-security so it is not enabled by default.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This requires libseccomp from meta-security so it is not enabled by default.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Upgrade and make the recipe more systemd "friendly". For the most part
nobody is going to use this with systemd but in case they do they will
get a masked and empty services file, as they do with Debian or
Ubuntu. Otherwise this is a minor update from v1.11.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
LXC is licensed under LGPLv2.1 not GPLv2. The COPYING file
referenced in the LXC recipe on all branches have the same content,
checksum and all define LICENSE="GPLv2" rather than "LGPLv2.1".
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The upstream Makefile now calls `$(GO)` instead of just `go` so this patch isn't
needed anymore.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
go 1.9.x was triggering linkage errors on some build hosts due to
missing symbols.
| tmp/work/core2-64-poky-linux/runc-docker/1.0.0-rc5+gitAUTOINC+4fc53a81fb-r0/recipe-sysroot/usr/lib/../lib/libc.a(dl-reloc-static-pie.o): In function `elf_mac:
| /usr/src/debug/glibc/2.27-r0/git/sysdeps/x86_64/dl-machine.h:59: undefined reference to `_DYNAMIC'
| tmp/work/core2-64-poky-linux/runc-docker/1.0.0-rc5+gitAUTOINC+4fc53a81fb-r0/recipe-sysroot/usr/lib/../lib/libc.a(dl-reloc-static-pie.o): In function `elf_get:
| /usr/src/debug/glibc/2.27-r0/git/elf/get-dynamic-info.h:48: undefined reference to `_DYNAMIC'
By ensuring that our sysroot provided go binary and build flags make
it into the build enviroment we can build properly with 1.9 and 1.10
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Refresh patches with devtool command to fix do_patch warning.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
With newer glibc(>= 2.26) and kernel(>=4.14), criu would fail to build:
In file included from
/buildarea/build/tmp/work/core2-64-poky-linux/criu/3.4+gitAUTOINC+a31c1854e1-r0/recipe-sysroot/usr/include/linux/aio_abi.h:31:0,
from criu/cr-check.c:24:
/buildarea/build/tmp/work/core2-64-poky-linux/criu/3.4+gitAUTOINC+a31c1854e1-r0/recipe-sysroot/usr/include/sys/mount.h:35:3:
error: expected identifier before numeric constant
MS_RDONLY = 1, /* Mount read-only. */
^
CC criu/parasite-syscall.o
CC criu/pipes.o
CC criu/pie-util.o
CC criu/pie-util-vdso.o
CC criu/plugin.o
/buildarea/build/tmp/work/core2-64-poky-linux/criu/3.4+gitAUTOINC+a31c1854e1-r0/git/scripts/nmk/scripts/build.mk:110:
recipe for target 'criu/cr-check.o' failed
make[2]: *** [criu/cr-check.o] Error 1
Backport a patch to fix it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Rather than invoking go directly to build docker-proxy, we can use
the libnetwork Make infrastructure. This picks up our exported go
enviroment variables, and other sysroot flags.
We also apply one patch to ensure that the cross-go toolchain is
used, and that the proper build flags are used.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The runc makefile now uses $(GO) universally, but sets the variable
as GO := go by default. This means that the host go will be used
instead of our recipe sysroot variant.
A simple export of the variable is not enough in all cases (due
to Make assignments), so both export it AND pass it directly to the
oe_make call.
This fixes docker-runc builds on ARM64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Uprev containerd to v1.0.2 for compatibility with recent docker (18.04+)
builds.
With this uprev we also significantly restructure the build to use more
of the latest oe-core go build infrastructure, but non-standard parts of
the build remain.
We also allow containerd to be build with CGO enabled to avoid linkage
errors with the oe provided go build infrastructure.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This commit introduces a docker-ce reference recipe that is nearly
identical to the docker_git recipe.
The main difference between these two recipes is that one builds from
moby and this one from the docker-ce repository itself. The different
repositories mean that a different selection of commits are used and
that the build locations change slightly.
Although both docker_git and this recipe share nearly all their code,
they will vary more in the future, and prematurely factoring them
into a .inc file is not practical (until this proves useful).
Future work: remove the individual libnetwork and cli repository
fetches and build the components directly from the docker-ce repo.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Uprev the docker daemon, proxy and cli to 18.03.0.
The SRCREVs for these updates come from the versions logged in the
docker-ce 18.03.0 release. The docker-ce recipe has a pure docker-ce
single repository build, but here, we continue to assemble the individual
parts for maximum flexibility.
Along with the uprev, we add new dependencies required to build the new
version; libtool and pkcconfig (although unused by the recipe itself).
Finally we switch to a Makefile based build of the cli to allow the
commit and docker version to be properly captured in the docker executable.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Uprev both variants of runc to v1.0.0-rc5.
We drop patches that have made it into the upstream runc, and we also
refresh the context of of two others.
The docker and opencontainers variants are virtually identical, but
we keep the two variants for now to protect against any future forks
in the support.
The runc-docker SRCREV comes from the docker-ce 18.04 logged commit,
while runc-opencontainers is updated to the tip of the master branch.
Runtime tested with docker on x86-64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Only include aufs-utils if the corresponding distro feature is enabled.
Without that the aufs kernel driver is not included too.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The python3-enum package was removed and it is now part of core.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
systemd unit dir can be customized by the distro (e.g. usrmerge), so
make sure the correct unit dir path is set on configure.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
kube-proxy is required on all kubernetes nodes. Rather than it being
in the catch-all package, we put it in an explicit package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Rebuilding criu would cause the following error.
| make: .gitid: Command not found
| make: *** [Makefile:260: clean-top] Error 127
Fix this problem by setting CLEANBROKEN to "1".
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When attempting to create a container using
lxc-create -t download -n test -- no-validate --dist ubuntu --release \
xenial --arch amd64
the container creation will fail due to missing 'xz' and in the case
of 'tar' due to invalid options if the busybox version of 'tar' is
used.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A while ago changes were merged to meta-openembedded to make
/etc/dnsmasq.d (and specifically the files it contains) referenced
when the main instance of dnsmasq is run (see dnsmasq.service and
commit ba665493a0dd [dnsmasq: allow for dnsmasq instances to reuse
default dnsmasq.conf]).
We, however, continued to modify the global configuration
(/etc/dnsmasq.conf) to keep the main instance of dnsmasq from
attaching to virbr0 and lxcbr0, by using 'bind-dynamic'. This approach
is problematic, since it is common that other instances of dnsmasq
will make use of the global configuration file and may have
incompatible options. We see this for example when attempting to start
lxc-net which will attempt to use 'bind-interface' which is
incompatible with 'bind-dynamic' that we were adding to the global
configuration.
Here we remove our change to the global configuration (leaving it
mostly empty as it should be) and instead have lxc and libvirt
packages instruct the global instance not to bind to virbr0 and lxcbr0
by adding configuration files to /etc/dnsmasq.d (setting
except-interface).
The added benefit to this approach is that if lxc or libvirt are not
part of an image the global configuration will not be modified in such
a way as to expect that they are present.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The runc-docker has all the code in it to properly run a stop hook if
you use it in the foreground. It doesn't work in the back ground
because there is no way for a golang application to fork a child exit
out of the parent process because all the golang threads stay with the
parent.
This patch has three parts that happen ONLY when $SIGUSR1_PARENT_PID
is set.
1) At the point where runc start would normally exit, it closes
stdin/stdout/stderr so it would be possible to daemonize "runc start ...".
2) The code to send a SIGUSR1 to the parent process was added. The
idea being that a parent process would simply exit at that point
because it was blocking until runc performed everything it was
required to perform.
3) The code was copied which performs the normal the signal handling
block which is used for the foreground operation of runc.
-- More information --
When you use "runc run " it is running in the "foreground", in the
sense it takes over your existing terminal.
The runc-docker doesn't have a way to start it with "runc run&" where
you can send it to the background and have everything work. With this
commit, it does allow you to do that and have all the stop hooks fire
at the time what ever runc started exits.
Lets take a quick look at what "runc run" does today:
* Starts a whole pile of threads
* Sets up all name spaces
* Starts child process for container and leaves it paused at image activation
* runs start hooks
* executes "continue" for container process
* waits for container app to exit
* executes stop hooks
Now lets look at "runc create/start" does today:
runc create
* Starts a whole pile of threads
* Sets up all name spaces
* Starts child process for container and leaves it paused at image activation
* exits -- [ NOTE: this is our problem! ]
runc start
* runs start hooks
* executes "continue" for continue process
At this point when the container app exits nothing is waiting for it
to run any kind of hooks.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The rdepends on glibc-utils was removed without reason
in the following commit:
"""
e73608d56e
lxc: 2.0.0 -> 2.0.8
"""
And it causes failure:
/usr/libexec/lxc/lxc-net: line 125: getent: command not found
So add the dependency back.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Rather than throwing an error if we can't map a user to a uid,
output a warning. We aren't actually running the code, but are
just extracting it .. so the user not existing isn't an issue.
With this, we avoid the not-so-useful traces like this:
config.User: unsupported format
github.com/opencontainers/image-tools/image.(*config).runtimeSpec
oci-image-tools/0.2.0-dev+gitAUTOINC+4abe1a166f-r0/oci-image-tools-0.2.0-dev+gitAUTOINC+4abe1a16 6f/src/import/vendor/src/github.com/opencontainers/image-tools/image/config.go:109
<...>
src/import/cmd/oci-image-tool/main.go:57
runtime.main /usr/lib64/go/src/runtime/proc.go:185
runtime.goexit /usr/lib64/go/src/runtime/asm_amd64.s:2337
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If the root name space has additional cgroup mounts, pass them to the
container.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Ricardo Salveti <ricardo@opensourcefoundries.com> pointed out that
runc-docker was not getting a proper PV due to the use of SRCREV
in the variable.
By switching to SRCPV, we get the right PV for both variants of
runc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The go bbclass already inherits goarch.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This variable isn't picked up by the runc Makefile anyway as it isn't exported.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The "vendor/src" symlink is already created in do_compile in runc.inc.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The recvtty demo/reference application has cross compilation issues when
targeting aarch64 platforms. As it is just a demo application and is not usually
used, we can just patch the Makefile to disable building this application.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If the GOARCH isn't set CGO took the ARCH from the host and tries
to use -m64 flag that isn't available in aarch64 compiler.
...
| # github.com/opencontainers/runc/libcontainer/system
| aarch64-linaro-linux-gcc: error: unrecognized command line option
'-m64'
| # github.com/containerd/console
| aarch64-linaro-linux-gcc: error: unrecognized command line option
'-m64'
| Makefile:60: recipe for target 'shim-static' failed
...
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Introducing the kubernets components for container orchestration.
The packaging introduced here creates the framework for more
advanced kubernetes configurations. By itself, it doesn't do much
but it makes the components available to be configured and deployed
as master/worker nodes.
It integrates with the previously introduced cni and cri-o
components available in meta-virt.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
These variables are now set correctly by go.bbclass in oe-core. Changing them to
point at the native sysroot just leads to build errors in some cases, for
example when the target and host have matching GOARCH but not matching c
libraries.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The makefiles for both providers of runc need to be patched in similar ways to
ensure that we use the binaries from go-cross and not go-native.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This patch hasn't been used in a long time.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
These fixes are needed due to updates to go.bbclass in oe-core. See commit
01a8d45370 for more information.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
To prepare for native kubernetes support without docker on a target,
we integrate the cri-o incubator project.
cri-o is meant to provide an integration path between OCI conformant
runtimes and the kubelet. Specifically, it implements the Kubelet
Container Runtime Interface (CRI) using OCI conformant runtimes.
The scope of cri-o is tied to the scope of the CRI.
This initial introduction is build + packaging only. It is expected
that configuration and deployment tweaks are done at the distro
level.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The following commit:
commit df3a46feb971386f922c7c2c2822b88301f87cb0
Author: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Date: Tue Aug 1 17:39:39 2017 +0800
implement add/set function for hooks items
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Breaks the ability to specify multiple hooks with the same path
(i.e. a shell script that does different things based on arguments).
The author's intent with the change is unclear, so rather than fix
it, we revert it for now.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This requires some packages as well as the pypi.bbclass from meta-python.
It uses Python 3 as I don't think it makes sense to use Python 2 anymore.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
