Add the option to build image and initrd using dracut.
Fixes: #311
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Move some of the functions in rootfs.sh (generate_dockerfile,
detect_go_version) in scripts/lib.sh, to make those functions reusable
outside of rootfs.sh.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Add the use case of provisioning an existing rootfs directory with the
components / configurations needed to generate a Kata compatible images.
This supports use cases such as using a rootfs built outside of
osbuilder, and providing a overlay for dracut built initrds.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
When the rootfs creation is used for PRs there is
not a match with a kata runtime version, in this
case lets clone the runtime repository and checkout
to the kata branch target. If is already cloned
this mean this was set by depens-on script or the user.
Fixes: #326
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We are seeing sporadic failures in the rootfs creation as listed here:
https://github.com/kata-containers/tests/issues/1744
While this cannot be reproduced locally, there is no reason
for the failure to write to $ROOTFS_DIR/etc/chrony.conf unless the upper
directories are missing as this file should be created if it did not
exist earier.
So just create the etc directory to test out if we see these sporadic
failures in the CI.
Fixes#328
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Hypercall to implement virtual PTP was introduced in kernel 4.10
Have chrony run only if the device created by kvm-ptp exists.
Add this as a ConditionExists in the systemd service file.
This service if named as chrony.service in deb based distributions
rather than chronyd.service, although a systemd alias exists.
However it is not possible to come up with a generic `PATH` systemd
unit relying on the alias.
Fixes#308
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
On some distros (Debian, Ubuntu, openSUSE), tmp.mount is not
installed by default in /[etc|usr/lib]/systemd/system, but
just in /usr/shared/systemd, so it needs to be manually copied
there to have /tmp mounted as tmpfs.
Fixes: #317
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
The current chrony service does not step the system clock,
so add the modification to do this if the adjustment is
larger than one second
Fixes: #316
Signed-off-by: Yang, Wei <wei.yang1@linux.alibaba.com>
When building locally (without Docker), the Go version installed on the
system, needed to build the agent, must satisfy the minimum Go version
requirement specified in runtime/versions.yaml.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Detect the Go version required to build the agent from the versions.yaml
file in the runtime repository.
Fixes: #291
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Chrony service is not started because it requires a private temporal directory,
these directories can't be created in read-only filesystems. Create a symlink
to /tmp in /var allowing systemd to create private temporal directories.
fixes#280
Signed-off-by: Julio Montes <julio.montes@intel.com>
Replace "which" with "command", that's a bash built-in and should
not generate any stderr messages. This also fixex the spurious creating
of "1" file in the repo root because of a typo in stderr redirect.
Fixes: #286
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
On some systems the "runc" runtime isn't available or has a different
name. Allow the user to override the Docker runtime.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #268
rootfs.sh fails on machines with SELinux in enforcing mode if the
volumes aren't labelled.
This patch labels volumes so the container is able to access them.
In order to do this rootfs directory creation must be moved before the
Docker container is started. Previously docker-run(1) would create the
rootfs directory in the USE_DOCKER case.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #266
KVM virtual PTP in linux kernel allows guest to sync its
clock to the host clock with high precision. kvm-ptp has been
enabled in our kernel. Add this as a source for `chrony` so that
it can be used to sync the guest system clock.
`chrony` needs to be started in the guest for time sync.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The `arch(1)` command is not available on some systems so use the
`uname(1)` command for the equivalent functionality.
Fixes#150.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
AGENT_SOURCE_BIN is Path to the directory of agent binary.
If set, use the binary as agent but not build agent package.
Its default value is not set.
Fixes: #203
Signed-off-by: Hui Zhu <teawater@hyper.sh>
If the rootfs is built with SECCOMP=yes environment
variable then include libseccomp package inside the
rootfs image. Else do not include it.
Fixes: #155
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
This patch added -x option to curl: -x uses the http_proxy
settings to download golang binary behind the firewall
Fixes: #193
Signed-off-by: Leno Hou <lenohou@gmail.com>
Add the ability to trap a build error inside rootfs.sh, without
returning an error code.
Gating conditions (all of them are needed):
- GRACEFUL_EXIT shall be passed as env variable to rootfs.sh
- BUILD_CAN_FAIL shall be specified in the distro config.sh
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Improve rootfs.sh usage output to have a consistent layout and
documentation of options and environment variables.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Add new options to rootfs.sh: -l prints the list of all distros,
-t retrieves a subset of the distro configuration from config.sh
for testing purpose.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Rework test_images.sh and Makefile to allow building artifacts in
parallel for faster tests execution.
Add new targets to Makefile ({rootfs,image,initrd}-<distro name>).
Fixes: #168
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Fail if we can not check out to the requested agent version.
Dont checkout to any branch by default.
Fixes: #147
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Using docker we always add (ADD) the go tarball. But we can avoid do it
all the time if we install Go using RUN dockerfile instruction.
Use RUN to avoid repeat steps already done in dockerfile.
Fixes: #125
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
proxy server must be specified in configuration file
of the package manager, /etc/yum.conf for yum or
/etc/dnf/dnf.conf for dnf
fixes#123
Signed-off-by: Julio Montes <julio.montes@intel.com>
For now, mirrorlist doesn't support non-x86_64 arch, so we need
create baseurl for arm64. Furthermore, we also need to offer
arm64-specific gpg keys along with the regular key.
Fixes: #111
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If we set env USE_DOCKER true, we will use container as development
environment. After docker run command, this temporary container
would be no use. we could add -rm flag to automatically delete
intermediate container.
Fixes: #115
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
