`prestart` hook is marked as deprecated in the OCI runtime spec:
https://github.com/opencontainers/runtime-spec/blob/main/config.md#posix-platform-hooks
Renamed `prestart` to the `createRuntime` as suggested in the spec.
Replaced `CDI hook` with `OCI hook` to be more clear. CDI is just a
way to update OCI config and theoretically there is no such thing as
CDI hook.
The Toybox images had two issues:
1. Distroless does not support /bin -> /usr/bin so we needed to
create it manually to get /bin/bash for Toybox. However, with this
Openshift image validation complains that we are touching the "base"
image.
2. We could not use buildkit since it fails with /bin symlink
copied over /bin directory from Distroless.
The simple fix is just to move away from all /bin/sh and /bin/bash
and use "/usr/bin/env bash" to resolve the path instead. This allows
to keep /bin untouched.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Our *.Dockefile's allow builders to specify FINAL_BASE base image
to which static binaries are copied for the final image.
Initcontainers install toybox with a minimum set of "coreutils"
needed but with some final base images the minimum set can be
even smaller since they may already have /bin/sh, ls etc. installed.
Make initcontainers to have base image specific toybox-config.
For now, "static" for distroles/static and "ubi8-micro" for
UBI base image configs are created.
At the same time, move the toybox build to "usrmerge" based
setup where everything is installed to /usr/bin and /bin is
a symlink to /usr/bin. buildkit does not seem to like it so
disable buildkit usage for now.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
As a build optimization, allow usage of pre-created licenses.
Together with usage of go mod vendor, the container build
times are significantly shorter.
Dockerfiles are generated from include-snippets on the fly.
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
Added LABELs (name, vendor, version, release, summary, description) to all plugins and updated
scripts/set-version.sh script to include the LABEL version='<image-tag>' by passing TAG parameter
to make set-version TAG=<image-tag>
Signed-off-by: chaitanya1731 <chaitanya.kulkarni@intel.com>
go mod tidy adds more requirements because of the changes in 1.17:
"Go versions 1.17 and higher retain more requirements in order to
support lazy module loading."
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Add checksum checks for toybox and qat driver
Use toybox version 0.8.5 instead of 0.8.4
Update toybox-config
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
This is the part 2 of the work to move our published container images
to new base images. The initcontainers will be based on
distroless/static and the VPU plugin is based on Debian.
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This reverts commit 6c02ff51fc.
crun fails to build the images [1] but when setting BUILDAH_RUNTIME
to runc the workaround is no longer needed.
[1] https://github.com/containers/podman/issues/9378
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
swupd os-install fails (clearlinux/swupd-client/issues/1369) if
"--bundles=os-core" is used. It was confirmed that os-core is
always installed first regardless of what other --bundles are
specified.
To get the builds working, we move to rely on that implicit os-core
install.
Fixes: #330
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This commit adds a script that is (primarily) used in Dockerfiles
to install runtime Go dependencies' LICENSE/NOTICE files into the
image and modifies the Dockerfiles to use the script.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
- used ENTRYPOINT instead of CMD in plugin and admission webhook
Dockerfiles to avoid duplicating commands in the pod yamls
- fixed path to deploy.sh script in fpga initcontainer Dockerfile
- Migrate to OPAE 1.3.2
- Build all the tools from the source
- ignore files in workspace
- minimal fpga_tool utility to check gbs/aocx file parsing and flashing
- implemented kernel IOCTL based flashing of bitstreams
- add PCI and sysfs functions
