rootfs.sh fails on machines with SELinux in enforcing mode if the
volumes aren't labelled.
This patch labels volumes so the container is able to access them.
In order to do this rootfs directory creation must be moved before the
Docker container is started. Previously docker-run(1) would create the
rootfs directory in the USE_DOCKER case.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #266
KVM virtual PTP in linux kernel allows guest to sync its
clock to the host clock with high precision. kvm-ptp has been
enabled in our kernel. Add this as a source for `chrony` so that
it can be used to sync the guest system clock.
`chrony` needs to be started in the guest for time sync.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The `arch(1)` command is not available on some systems so use the
`uname(1)` command for the equivalent functionality.
Fixes#150.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
AGENT_SOURCE_BIN is Path to the directory of agent binary.
If set, use the binary as agent but not build agent package.
Its default value is not set.
Fixes: #203
Signed-off-by: Hui Zhu <teawater@hyper.sh>
If the rootfs is built with SECCOMP=yes environment
variable then include libseccomp package inside the
rootfs image. Else do not include it.
Fixes: #155
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
This patch added -x option to curl: -x uses the http_proxy
settings to download golang binary behind the firewall
Fixes: #193
Signed-off-by: Leno Hou <lenohou@gmail.com>
Add the ability to trap a build error inside rootfs.sh, without
returning an error code.
Gating conditions (all of them are needed):
- GRACEFUL_EXIT shall be passed as env variable to rootfs.sh
- BUILD_CAN_FAIL shall be specified in the distro config.sh
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Improve rootfs.sh usage output to have a consistent layout and
documentation of options and environment variables.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Add new options to rootfs.sh: -l prints the list of all distros,
-t retrieves a subset of the distro configuration from config.sh
for testing purpose.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Rework test_images.sh and Makefile to allow building artifacts in
parallel for faster tests execution.
Add new targets to Makefile ({rootfs,image,initrd}-<distro name>).
Fixes: #168
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Fail if we can not check out to the requested agent version.
Dont checkout to any branch by default.
Fixes: #147
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Using docker we always add (ADD) the go tarball. But we can avoid do it
all the time if we install Go using RUN dockerfile instruction.
Use RUN to avoid repeat steps already done in dockerfile.
Fixes: #125
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
proxy server must be specified in configuration file
of the package manager, /etc/yum.conf for yum or
/etc/dnf/dnf.conf for dnf
fixes#123
Signed-off-by: Julio Montes <julio.montes@intel.com>
For now, mirrorlist doesn't support non-x86_64 arch, so we need
create baseurl for arm64. Furthermore, we also need to offer
arm64-specific gpg keys along with the regular key.
Fixes: #111
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If we set env USE_DOCKER true, we will use container as development
environment. After docker run command, this temporary container
would be no use. we could add -rm flag to automatically delete
intermediate container.
Fixes: #115
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Don't default to a hard-coded Intel architecture - default to the host
architecture.
This requires the `coreutils` package to be installed both inside each
docker image (for `USE_DOCKER=true`) and in the host environments.
Added missing SPDX headers to `Dockerfile` templates to pacify the CI checks.
Fixes#100.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Commit b8f1a68834 ("rootfs: Simplify
code") introduced a variable called destdir but accidentally used
dest_dir with cp(1) instead. This causes kernel modules to be copied to
the wrong location.
Rename the variable to dest_dir to be consistent with module_dir and
rootfs_dir variables used in this function.
Fixes: #94
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The `getopts` call in the rootfs builder was incorrect
meaning the `-a $agent_version` option would never have worked.
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
For now, the flag "-a" or relevant shell variant "${AGENT_VERSION}"
hasn't been used, only defined. Using 'git checkout' command to go
into requested branch.
Fixes: #90
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Current rootfs.sh fails when GOPATH is a set of directories.We
simply choose the first one as the working directory, as go get
only works against the first item in the GOPATH.
Fixes: #87
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Create a YAML metadata file inside the rootfs image
containing information about the environment:
```
/var/lib/osbuilder/osbuilder.yaml
```
Example contents:
```
---
osbuilder:
url: "https://github.com/kata-containers/osbuilder"
version: "unknown"
rootfs-creation-time: "2018-04-19T16:19:30.254610305+0000Z"
description: "osbuilder rootfs"
file-format-version: "0.0.1"
architecture: "x86_64"
base-distro:
name: "Centos"
version: "7"
packages:
- "iptables"
- "systemd"
agent:
url: "https://github.com/kata-containers/agent"
name: "kata-agent"
version: "0.0.1-2ec0b9593845b9a5e0eab5a85b20d74c35a2ca52-dirty"
agent-is-init-daemon: "no"
```
This change adds a new `-o` option to `rootfs.sh` for
specifying the version of osbuilder to the rootfs builder.
Fixes#35.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add some checks to ensure function parameters are set.
This fixes a bug `copy_kernel_modules()` where a test would never
fail due to missing dollars.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
For consistency with the rest of the code, put the opening brace on the
line below the function name.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This patch introduces a bash library (scripts/lib.sh) that concentrates
common functions. This also enhances future additions of other OSes, making
it more simple. Also, new variables were introduced in each distro config.sh
in order to parameterise the creation of package manager config (dnf/yum, in this case).
A fix to the resulting rootfs directory name (include OS name) is also fixed in this
patch.
Fixes#39Fixes#34
Signed-off-by: Erick Cardona <erick.cardona.ruiz@intel.com>
