Skip to content

[pull] master from linuxkit:master#241

Open
pull[bot] wants to merge 753 commits into
next-stack:masterfrom
linuxkit:master
Open

[pull] master from linuxkit:master#241
pull[bot] wants to merge 753 commits into
next-stack:masterfrom
linuxkit:master

Conversation

@pull

@pull pull Bot commented Nov 5, 2021

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull Bot added the ⤵️ pull label Nov 5, 2021
deitch and others added 29 commits April 16, 2024 19:30
Signed-off-by: Avi Deitcher <avi@deitcher.net>
fix kernel tools build.yml files to reflect correct dockerfiles
Signed-off-by: Avi Deitcher <avi@deitcher.net>
include image reference as source in every tar file header
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
prevent using same file for input tar and output tar
Signed-off-by: largemouth <largemouth@aliyun.com>
chore: fix function name in comment
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
use canonical ref when looking in cache
bump actions to v4 to avoid deprecation
cgroups v2 has been out since 2015. Not having
to set a kernel parameter helps improve the user
experience by not requiring it when it is required
by services in a build. Making this the default was
discussed back in 2021.

Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
Make cgroups v2 the default in the init pkg
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
…ectory

Signed-off-by: Avi Deitcher <avi@deitcher.net>
move moby components that do not have runtime dependencies to own directory
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
bump actions/setup-go to v5 and go-version to 1.22.3
deitch and others added 30 commits October 29, 2025 07:10
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
* separate kernel series hashing

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* fix issues with the update component sha script

- add bsd/gnu cross compatibility for sed
- also replace in */test.sh files
- replace potentially problematic xargs
- remove potentially problematic word boundary \b

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* Move common kernel files to dedicated folder

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* run update-kernel-yamls

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

---------

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* update images.yaml for raw-efi

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* Fix mkimage-raw-efi script

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Co-authored-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Group the four builder-related fields (name, image, config path, restart)
that always travel together into a BuilderConfig struct. This simplifies:

- DockerRunner interface (Build() and Builder() lose 3 params each)
- buildOpts struct (4 fields -> 1)
- buildArch() function signature (3 fewer params)
- DiskUsage() / PruneBuilder() / getClientForPlatform() signatures
- 4 WithBuildBuilder*() option functions -> 1 WithBuildBuilderConfig()

Also rename the confusingly-named "builderName" local variables in
buildArch() and getClientForPlatform() to "dockerContext", which better
reflects their actual purpose (they hold a Docker context name, not the
builder container name).

No behavioral changes.

Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
On shared servers where multiple users build packages against the same
Docker daemon, all users fight over a single hardcoded builder container
named "linuxkit-builder". One user's build can destroy another's
in-flight build when builder lifecycle management detects mismatches.

Make the builder container name configurable:

1. --builder-name CLI flag (highest priority)
2. LINUXKIT_BUILDER_NAME environment variable
3. "linuxkit-builder" default (original behavior, unchanged)

The flag is available on both "linuxkit pkg build" and
"linuxkit pkg builder" (du/prune) commands. Users on shared servers
can set LINUXKIT_BUILDER_NAME or pass --builder-name to get per-user
isolation (e.g. LINUXKIT_BUILDER_NAME=linuxkit-builder-$USER).

Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
The moby/buildkit image declares VOLUME /var/lib/buildkit, which causes
Docker to create an anonymous volume when no explicit mount is given.
These anonymous volumes are orphaned every time the builder container is
recreated (--builder-restart, config change, privilege fix), leaking
disk space.

Switch to a named volume (<builder-name>-state) that is explicitly
mounted on container creation. This:

- Preserves build cache across container restarts, config changes, and
  privilege fixes, making rebuilds faster.
- Eliminates anonymous volume leaks.
- Removes the state volume when the builder image version changes, since
  buildkit state compatibility across versions is not guaranteed.

Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
pkg build: make buildkit builder container name configurable
Introduce environment variables for key CI/CD flags so that self-hosted
runners (e.g. GitHub Actions) can configure registry mirrors and push
targets without modifying calling Makefiles:

- LINUXKIT_MIRROR         - equivalent to --mirror (space/comma-separated);
                            CLI flags take precedence (last SetProxy wins)
- LINUXKIT_PKG_ORG        - equivalent to --org for all pkg subcommands
- LINUXKIT_BUILDER_IMAGE  - equivalent to --builder-image
- LINUXKIT_BUILDER_CONFIG - equivalent to --builder-config

All env var constants are consolidated in pkg_build.go alongside the
existing LINUXKIT_CACHE, LINUXKIT_BUILDER_NAME, LINUXKIT_BUILDERS.

Priority for all: CLI flag > env var > built-in default

Adds a new Environment Variables section to docs/packages.md with a
reference table covering all LINUXKIT_* vars and a note explaining the
two-layer mirror configuration required in CI (linuxkit pulls vs
buildkit Dockerfile pulls).

Signed-off-by: Roman Shaposhnik <rucoder@gmail.com>
Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
pkg build: add env var support for mirror, org, builder image and config
LoadConfigFiles() was only called inside the container-inspect block,
so filesToLoadIntoContainer was never populated when no builder
container existed yet. The subsequent copyFilesToContainer() call
received a nil map, sending an empty tar archive and leaving
/etc/buildkit/ empty inside the newly created container.

Move the LoadConfigFiles() call before the inspect check so the config
and certificate data is always available when creating a fresh builder.

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: Paul Gaiduk <paulg@zededa.com>
pkg build: fix builder config and certs not copied into new containers
…egistry

When an image exists in the registry but not in local cache and a
release tag is requested, FindDescriptor returns nil causing a panic
at build.go:588. This was a regression introduced in 4129cc7 which
removed the early return for missing local cache images.

Fix by pulling the image into local cache when the descriptor is nil
and a release is needed. Also guard the targetDocker block against
nil descriptors, and fix the FindDescriptor mock to return nil,nil
(matching the real implementation) instead of an error.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Paul Gaiduk <paulg@zededa.com>
pkg build: fix nil pointer dereference when releasing image only in registry
Signed-off-by: mickael emirkanian <mickael.emirkanian@docker.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment