PIE (position-independent executables) does good to security.
For some historical reason(compliation failure), it was disabled. But it
can be supported now on aarch64.
Fixes#926
Signed-off-by: Jia He <justin.he@arm.com>
Currently arm64 kata uses 3.0 qemu version. Hence aarch64 can't use some
--disable configure options between [3.1, 4.0].
Besides, due to upstream qemu bug about --disable-replication, still
enable the replication on aarch64 for qemu 3.0. Please refer to the
commit 3ebb9c4f52 ("migration/colo.c: Fix compilation issue when disable
replication")
Fixes#926
Signed-off-by: Jia He <justin.he@arm.com>
Qemu commit 315d318 uses built-in UUID implementation, hence we can't
disable uuid. This option is for generic arch, not only for aarch64.
Otherwise there is a warning during configure:
configure: --disable-uuid is obsolete, UUID support is always built
Fixes#926
Signed-off-by: Jia He <justin.he@arm.com>
Previously, it misses to add the --disable-xen for reducing qemu size
on aarch64. This patch add disable-xen on all arches, hence the case
switch is removed.
Fixes#926
Signed-off-by: Jia He <justin.he@arm.com>
Enable libpmem to support PMEM when running under Kubernetes.
see https://github.com/kata-containers/runtime/issues/2262
According to QEMU's nvdimm documentation: When 'pmem' is 'on' and QEMU is
built with libpmem support, QEMU will take necessary operations to guarantee
the persistence of its own writes to the vNVDIMM backend.
fixes#958
Signed-off-by: Julio Montes <julio.montes@intel.com>
Removes two (similar) functions that install `yq`. Instead of
having different functions, use the one that we have in the
tests repository.
In addition, removes the `.ci/lib.sh` which only had an additional
`clone_tests_repo` function which was not being used.
Fixes: #939.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
yq is not exploding anchors anymore and requiere an extra flag.
Add flag to fix CI.
Fixes: #934
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
- Run depends-on for packaging CI.
- Change were yq is installed
Depends-on: github.com/kata-containers/runtime#1996
Fixes: #683
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
- OBS packages are build based on kata head
- The OBS kata branch is created on demand
- TODO: Delete branch when is not needed anymore
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Add `--head` option to use the head of the branch instead of the kata
version to generated the hashes for the packages. With this new option
kata packages can be generated using the latest commit on master.
fixes#566
Signed-off-by: Julio Montes <julio.montes@intel.com>
Recent change to always build tools from the local repository if the
script is run in a CI environment fails during a release build as the
variable ${CI} is not initialized. This fix addresses that issue.
Fixes: #537
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Disable PAM authentication for QEMU 4+: it's a feature used together with VNC
access that's not used in Kata.
See QEMU commit 8953caf for more details on PAM auth.
Fixes: #550
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Creating Kata packages fails
due to "Makefile:58: *** target pattern
contains no '%'. Stop" error. Fix it.
Fixes: #539
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
the versions.yaml file in runtime carries the information on all the
components we use and ship with kata. It would be nice to have the CI
test the newer versions when the file is changed and CI is triggered.
The current code always fetches from the master tree from github and
that does not help to validate version changes before it lands in the
tree.
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
If branch is provided not use master.
When buiding packages the master repository is used
this is bad for stable releases. Use the BRANCH variable
exported in releases.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Reduce pipeline time by not installing golang.
golang is not needed to use osc, it makes slower the image creation.
- remove go dependency from pacakge lib
Remove calls to golang, this will be not not installed in
the docker image.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Change weird condition to check qemu >=3.1
Add comment explaining the malloc-trim option.
fixes#462
Signed-off-by: Julio Montes <julio.montes@intel.com>
modify configure-hypervisor.sh to support Qemu 4 and enable `malloc-trim`
for memory optimization.
fixes#459
Signed-off-by: Julio Montes <julio.montes@intel.com>
All instances of the deprecated `arch` command are now replaced with `uname -m`.
Bumps kernel/kata_config_version to 34.
Fixes: #423
Signed-off-by: Rasmus Moorats <me@neonsea.uk>
We do releases based on kata branches lets get a fresh
versions file as the one in the host may be not updated.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
If the runtime repository is already cloned get version from it,
else keep getting from github.
Fixes: #299
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Fix image generation.
Instead of use agent code from the host checkout to the
agent source code in a clean GOPATH env.
Make sure that the agent `commit id` is the correct before
push to github or OBS.
Fixes: #166
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We were using an static prefix let allow the user choose where will be installed.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We want to create pacakges based in different branches modify
function to get the yaml version needed to to that.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Build image with agent and osbuilder with master by default.
If want to build a release tag just use -v <version> and
will use that osbuilder and agent tag.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
a few qemu options generated by configure-hypervisor.sh were only
suitable for amd64, leading compilation err in aarch64.
Fixes: #92
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Wei Chen <Wei.Chen@arm.com>
Add functions to be used across the repository.
- get kata version deps
- die
- info
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
