Skip to content

[pull] master from linuxkit:master#241

Open
pull[bot] wants to merge 752 commits intonext-stack:masterfrom
linuxkit:master
Open

[pull] master from linuxkit:master#241
pull[bot] wants to merge 752 commits intonext-stack:masterfrom
linuxkit:master

Conversation

@pull
Copy link
Copy Markdown

@pull pull bot commented Nov 5, 2021
edited
Loading

See Commits and Changes for more details.

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull bot added the ⤵️ pull label Nov 5, 2021
deitch and others added 29 commits April 16, 2024 15:14
@deitch
Merge pull request #4023 from deitch/commit-tag-arg
9e18c92 
add tag to args passed for package builds
@deitch
fix kernel tools build.yml files to reflect correct dockerfiles
4d21200 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4024 from deitch/fix-kernel-tools-build
47d02ec 
fix kernel tools build.yml files to reflect correct dockerfiles
@deitch
include image reference as source in every tar file header
1fe8cba 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4025 from deitch/tag-sources-in-tar
a610332 
include image reference as source in every tar file header
@deitch
add support for input-tar
632b406 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4026 from deitch/increment-tar-output
dd1ae90 
add support for input-tar
@deitch
prevent using same file for input tar and output tar
dc12b9b 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4027 from deitch/not-same-file
cea4c0d 
prevent using same file for input tar and output tar
@largemouth
chore: fix function name in comment
4ce1364 
Signed-off-by: largemouth <largemouth@aliyun.com>
@deitch
Merge pull request #4028 from largemouth/master
bc5d08d 
chore: fix function name in comment
@deitch
use canonical ref when looking in cache
c836e54 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
bump actions to v4 to avoid deprecation
04792e0 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4030 from deitch/canonicalize-pull
e6b0ae0 
use canonical ref when looking in cache
@deitch
Merge pull request #4031 from deitch/update-actions
8afecd5 
bump actions to v4 to avoid deprecation
@jacobweinstock
Make cgroups v2 the default:
803747f 
cgroups v2 has been out since 2015. Not having
to set a kernel parameter helps improve the user
experience by not requiring it when it is required
by services in a build. Making this the default was
discussed back in 2021.

Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
@jacobweinstock
Update dependencies
2fe19f7 
Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
@deitch
Merge pull request #4033 from jacobweinstock/cgroupsv2-as-default
38e62bb 
Make cgroups v2 the default in the init pkg
@deitch
explicitly use GITHUB_TOKEN for actions script
2578ae2 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4034 from deitch/token-for-actions
d3257af
@deitch
github script v7
c32c74b 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4035 from deitch/action-script-v7
e171750
@deitch
use proper path for github-script properties
5299f94 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4036 from deitch/fix-action-script-v7
b49e32a
@deitch
move moby components that do not have runtime dependencies to own dir…
379617c 
…ectory

Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4039 from deitch/split-moby
6d37353 
move moby components that do not have runtime dependencies to own directory
@deitch
add cache export format OCI
f5dcefc 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
Merge pull request #4040 from deitch/export-formats
9e06024 
add cache export format OCI
@deitch
bump actions/setup-go to v5 and go-version to 1.22.3
4c3d189 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
deitch and others added 30 commits October 29, 2025 07:10
@deitch
fix missing containerd-dev
e9114d6 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
more package hash updates
238449c 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@ChrisIgel @deitch
Switch to systemd-boot for raw-efi builds
804d523 
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
@ChrisIgel @deitch
Add raw-efi test + documentation
56e37a8 
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
@deitch
bump containerd v2.2.0
2dd1217 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
bump runc v3.3.0
478807b 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
remove unnecessary apk package info from sysctl package
cde1277 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
remove unnecessary apkdb from final package for memlogd and runc
a2753b8 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
update qemu to solve slow builds using qemu binfmt
c4e3043 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@ChrisIgel @deitch
enable kernel vmware vmci support
2ffdb93 
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
@ChrisIgel @deitch
bump kernel to 6.12.59
f935f6b 
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
@ChrisIgel @deitch
update kernel yamls
5fd23cf 
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
@ChrisIgel @deitch
update 6.6.71 kernel hashes after manual image registry fix
fe86d9c 
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
@ChrisIgel @deitch
fix remaining two files for 6.6.71 kernel hash update
a066b29 
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
@ChrisIgel @deitch
fix remaining two files for 6.12.59 kernel update
62c4fdb 
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
@ChrisIgel
separate kernel series hashing (#4194)
50025b8 
* separate kernel series hashing

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* fix issues with the update component sha script

- add bsd/gnu cross compatibility for sed
- also replace in */test.sh files
- replace potentially problematic xargs
- remove potentially problematic word boundary \b

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* Move common kernel files to dedicated folder

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

* run update-kernel-yamls

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>

---------

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
@deitch
runc enable GO111MODULE (#4195)
7c7ac4e 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch @ChrisIgel
update images.yaml for raw-efi (#4198)
367e1f8 
* update images.yaml for raw-efi

Signed-off-by: Avi Deitcher <avi@deitcher.net>

* Fix mkimage-raw-efi script

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Signed-off-by: Avi Deitcher <avi@deitcher.net>

---------

Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
Co-authored-by: Chris Irrgang <chris.irrgang@gmx.de>
@deitch
push release tags even when digest tag already is there (#4201)
4129cc7 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@deitch
bump buildkit version and deps (#4202)
e015138 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
@rucoder
pkg build: refactor builder parameters into BuilderConfig struct
ccb0787 
Group the four builder-related fields (name, image, config path, restart)
that always travel together into a BuilderConfig struct. This simplifies:

- DockerRunner interface (Build() and Builder() lose 3 params each)
- buildOpts struct (4 fields -> 1)
- buildArch() function signature (3 fewer params)
- DiskUsage() / PruneBuilder() / getClientForPlatform() signatures
- 4 WithBuildBuilder*() option functions -> 1 WithBuildBuilderConfig()

Also rename the confusingly-named "builderName" local variables in
buildArch() and getClientForPlatform() to "dockerContext", which better
reflects their actual purpose (they hold a Docker context name, not the
builder container name).

No behavioral changes.

Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
@rucoder
pkg build: make buildkit builder container name configurable
a85160e 
On shared servers where multiple users build packages against the same
Docker daemon, all users fight over a single hardcoded builder container
named "linuxkit-builder". One user's build can destroy another's
in-flight build when builder lifecycle management detects mismatches.

Make the builder container name configurable:

1. --builder-name CLI flag (highest priority)
2. LINUXKIT_BUILDER_NAME environment variable
3. "linuxkit-builder" default (original behavior, unchanged)

The flag is available on both "linuxkit pkg build" and
"linuxkit pkg builder" (du/prune) commands. Users on shared servers
can set LINUXKIT_BUILDER_NAME or pass --builder-name to get per-user
isolation (e.g. LINUXKIT_BUILDER_NAME=linuxkit-builder-$USER).

Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
@rucoder
pkg build: use named volume to persist buildkit cache across restarts
72a76e5 
The moby/buildkit image declares VOLUME /var/lib/buildkit, which causes
Docker to create an anonymous volume when no explicit mount is given.
These anonymous volumes are orphaned every time the builder container is
recreated (--builder-restart, config change, privilege fix), leaking
disk space.

Switch to a named volume (<builder-name>-state) that is explicitly
mounted on container creation. This:

- Preserves build cache across container restarts, config changes, and
  privilege fixes, making rebuilds faster.
- Eliminates anonymous volume leaks.
- Removes the state volume when the builder image version changes, since
  buildkit state compatibility across versions is not guaranteed.

Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
@justincormack
Merge pull request #4204 from rucoder/rucoder/per-user-builder-name
c766f57 
pkg build: make buildkit builder container name configurable
@rucoder
pkg build: add env var support for mirror, org, builder image and config
666bbfd 
Introduce environment variables for key CI/CD flags so that self-hosted
runners (e.g. GitHub Actions) can configure registry mirrors and push
targets without modifying calling Makefiles:

- LINUXKIT_MIRROR         - equivalent to --mirror (space/comma-separated);
                            CLI flags take precedence (last SetProxy wins)
- LINUXKIT_PKG_ORG        - equivalent to --org for all pkg subcommands
- LINUXKIT_BUILDER_IMAGE  - equivalent to --builder-image
- LINUXKIT_BUILDER_CONFIG - equivalent to --builder-config

All env var constants are consolidated in pkg_build.go alongside the
existing LINUXKIT_CACHE, LINUXKIT_BUILDER_NAME, LINUXKIT_BUILDERS.

Priority for all: CLI flag > env var > built-in default

Adds a new Environment Variables section to docs/packages.md with a
reference table covering all LINUXKIT_* vars and a note explaining the
two-layer mirror configuration required in CI (linuxkit pulls vs
buildkit Dockerfile pulls).

Signed-off-by: Roman Shaposhnik <rucoder@gmail.com>
Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
@justincormack
Merge pull request #4205 from rucoder/rucoder/env-vars-for-ci
bdef7e8 
pkg build: add env var support for mirror, org, builder image and config
@europaul
pkg build: fix builder config and certs not copied into new containers
3751bb6 
LoadConfigFiles() was only called inside the container-inspect block,
so filesToLoadIntoContainer was never populated when no builder
container existed yet. The subsequent copyFilesToContainer() call
received a nil map, sending an empty tar archive and leaving
/etc/buildkit/ empty inside the newly created container.

Move the LoadConfigFiles() call before the inspect check so the config
and certificate data is always available when creating a fresh builder.

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: Paul Gaiduk <paulg@zededa.com>
@justincormack
Merge pull request #4207 from europaul/fix/load-files-into-container
4cfb70d 
pkg build: fix builder config and certs not copied into new containers
@europaul @claude
pkg build: fix nil pointer dereference when releasing image only in r…
420d550 
…egistry

When an image exists in the registry but not in local cache and a
release tag is requested, FindDescriptor returns nil causing a panic
at build.go:588. This was a regression introduced in 4129cc7 which
removed the early return for missing local cache images.

Fix by pulling the image into local cache when the descriptor is nil
and a release is needed. Also guard the targetDocker block against
nil descriptors, and fix the FindDescriptor mock to return nil,nil
(matching the real implementation) instead of an error.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Paul Gaiduk <paulg@zededa.com>
@justincormack
Merge pull request #4212 from europaul/fix/nil-deref-release-tag
3bf33c3 
pkg build: fix nil pointer dereference when releasing image only in registry
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.