diff --git a/.github/mergify.yml b/.github/mergify.yml index f89772dc..cd5aaa08 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -3,6 +3,8 @@ queue_rules: conditions: # Conditions to get out of the queue (= merged) - check-success=DCO + - check-success~="^Hook .*" + - check-success~="^Kernel .*" pull_request_rules: - name: Automatic merge on approval @@ -12,7 +14,8 @@ pull_request_rules: - "#changes-requested-reviews-by=0" - "#review-requested=0" - check-success=DCO - - check-success~=validation$ + - check-success~="^Hook .*" + - check-success~="^Kernel .*" - label!=do-not-merge - label=ready-to-merge actions: diff --git a/.github/workflows/build-all-matrix.yaml b/.github/workflows/build-all-matrix.yaml index f601d3ff..a4c1c439 100644 --- a/.github/workflows/build-all-matrix.yaml +++ b/.github/workflows/build-all-matrix.yaml @@ -4,6 +4,8 @@ on: # # every day at 5am UTC # - cron: '0 5 * * *' workflow_dispatch: + pull_request: + push: env: # Global environment, passed to all jobs & all steps # Default to quay.io, which is also the default for the CLI. @@ -24,6 +26,12 @@ env: # Global environment, passed to all jobs & all steps # GHA runner configuration. See bash/json-matrix.sh for more details. CI_RUNNER_LK_CONTAINERS_ARM64: "ARM64" # Use a self-hosted runner with the "ARM64" tag for the ARM64 builds of LK containers + CI_RUNNER_LK_CONTAINERS_AMD64: "X64" # Use a self-hosted runner with the "X86" tag for the AMD64 builds of LK containers + CI_RUNNER_LK_ARM64: "ARM64" # Use a self-hosted runner with the "ARM64" tag for the ARM64 linuxkit builds + CI_RUNNER_LK_AMD64: "X64" # Use a self-hosted runner with the "X86" tag for the AMD64 linuxkit builds + CI_RUNNER_KERNEL_AMD64: "X64" # Use a self-hosted runner with the "X86" tag for the AMD64 kernel builds + CI_RUNNER_KERNEL_ARM64: "ARM64" # Use a self-hosted runner with the "ARM64" tag for the ARM64 kernel builds + jobs: @@ -66,7 +74,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Docker Login to quay.io - if: ${{ env.REGISTRY == 'quay.io' }} + if: ${{ env.REGISTRY == 'quay.io' && github.ref == 'refs/heads/main' }} uses: docker/login-action@v3 with: { registry: "quay.io", username: "${{ secrets.QUAY_USERNAME }}", password: "${{ secrets.QUAY_PASSWORD }}" } @@ -78,7 +86,7 @@ jobs: - name: Build and Push LinuxKit containers for ${{matrix.docker_arch}} env: DOCKER_ARCH: "${{ matrix.docker_arch }}" - DO_PUSH: "yes" + DO_PUSH: "${{ github.ref == 'refs/heads/main' && 'yes' || 'no' }}" run: bash build.sh linuxkit-containers build-kernels: @@ -97,7 +105,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Docker Login to quay.io - if: ${{ env.REGISTRY == 'quay.io' }} + if: ${{ env.REGISTRY == 'quay.io' && github.ref == 'refs/heads/main' }} uses: docker/login-action@v3 with: { registry: "quay.io", username: "${{ secrets.QUAY_USERNAME }}", password: "${{ secrets.QUAY_PASSWORD }}" } @@ -108,7 +116,7 @@ jobs: - name: Build and push Kernel ${{matrix.kernel}} (${{ matrix.arch }}) env: - DO_PUSH: "yes" + DO_PUSH: "${{ github.ref == 'refs/heads/main' && 'yes' || 'no' }}" run: bash build.sh build-kernel "${{ matrix.kernel }}" build-hook-ensemble: @@ -127,12 +135,12 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Docker Login to DockerHub # read-only token, required to be able to pull all the linuxkit pkgs without getting rate limited. - if: ${{ env.LOGIN_TO_DOCKERHUB == 'yes' }} + if: ${{ env.LOGIN_TO_DOCKERHUB == 'yes' && github.ref == 'refs/heads/main' }} uses: docker/login-action@v3 with: { registry: "docker.io", username: "${{ secrets.DOCKERHUB_USERNAME }}", password: "${{ secrets.DOCKERHUB_PASSWORD }}" } - name: Docker Login to quay.io - if: ${{ env.REGISTRY == 'quay.io' }} + if: ${{ env.REGISTRY == 'quay.io' && github.ref == 'refs/heads/main' }} uses: docker/login-action@v3 with: { registry: "quay.io", username: "${{ secrets.QUAY_USERNAME }}", password: "${{ secrets.QUAY_PASSWORD }}" } @@ -178,7 +186,6 @@ jobs: with: pattern: "hook-tarball-*" merge-multiple: true - path: out - name: Figure Out Commit Short ID id: commitid @@ -219,7 +226,7 @@ jobs: uses: jmgilman/actions-generate-checksum@v1 with: method: sha512 - patterns: out/*.tar.gz + patterns: "*.tar.gz" - name: Update latest release uses: softprops/action-gh-release@v2 @@ -227,7 +234,7 @@ jobs: name: Hook Latest Development Build body: ${{env.RELEASE_NOTES}} files: | - out/*.tar.gz + *.tar.gz checksum.txt prerelease: true tag_name: latest diff --git a/bash/hook-lk-containers.sh b/bash/hook-lk-containers.sh index 51a5dd1b..7fb2855f 100644 --- a/bash/hook-lk-containers.sh +++ b/bash/hook-lk-containers.sh @@ -4,9 +4,13 @@ function build_all_hook_linuxkit_containers() { log info "Building all LinuxKit containers..." : "${DOCKER_ARCH:?"ERROR: DOCKER_ARCH is not defined"}" - build_hook_linuxkit_container hook-bootkit HOOK_CONTAINER_BOOTKIT_IMAGE - build_hook_linuxkit_container hook-docker HOOK_CONTAINER_DOCKER_IMAGE - build_hook_linuxkit_container hook-mdev HOOK_CONTAINER_MDEV_IMAGE + # when adding new container builds here you'll also want to add them to the + # `linuxkit_build` function in the linuxkit.sh file. + build_hook_linuxkit_container images/hook-bootkit HOOK_CONTAINER_BOOTKIT_IMAGE + build_hook_linuxkit_container images/hook-docker HOOK_CONTAINER_DOCKER_IMAGE + build_hook_linuxkit_container images/hook-mdev HOOK_CONTAINER_MDEV_IMAGE + build_hook_linuxkit_container images/containerd HOOK_CONTAINER_CONTAINERD_IMAGE + build_hook_linuxkit_container images/runc HOOK_CONTAINER_RUNC_IMAGE } function build_hook_linuxkit_container() { diff --git a/bash/json-matrix.sh b/bash/json-matrix.sh index 83da41ac..36433060 100644 --- a/bash/json-matrix.sh +++ b/bash/json-matrix.sh @@ -47,12 +47,12 @@ function output_gha_matrixes() { prepare_json_matrix_lkcontainers "LK_CONTAINERS" # reads all_arches's keys and sets full_json declare lkcontainers_json="${full_json}" - # If under GHA, set a GHA output variable, otherwise just log them - if [[ -z "${GITHUB_OUTPUT}" ]]; then - log info "Would have set GHA output kernels_json to: ${kernels_json}" - log info "Would have set GHA output lk_hooks_json to: ${lk_hooks_json}" - log info "Would have set GHA output lkcontainers_json to: ${lkcontainers_json}" - else + log info "kernels_json to: ${kernels_json}" + log info "lk_hooks_json to: ${lk_hooks_json}" + log info "lkcontainers_json to: ${lkcontainers_json}" + + # If under GHA, set a GHA output variable. + if [[ -n "${GITHUB_OUTPUT}" ]]; then # shellcheck disable=SC2129 # no, thanks, shellcheck. echo "kernels_json=${kernels_json}" >> "${GITHUB_OUTPUT}" echo "lk_hooks_json=${lk_hooks_json}" >> "${GITHUB_OUTPUT}" diff --git a/bash/linuxkit.sh b/bash/linuxkit.sh index 23d559df..32a95ef3 100644 --- a/bash/linuxkit.sh +++ b/bash/linuxkit.sh @@ -50,7 +50,7 @@ function linuxkit_build() { fi # Build the containers in this repo used in the LinuxKit YAML; - build_all_hook_linuxkit_containers # sets HOOK_CONTAINER_BOOTKIT_IMAGE, HOOK_CONTAINER_DOCKER_IMAGE, HOOK_CONTAINER_MDEV_IMAGE + build_all_hook_linuxkit_containers # sets HOOK_CONTAINER_BOOTKIT_IMAGE, HOOK_CONTAINER_DOCKER_IMAGE, HOOK_CONTAINER_MDEV_IMAGE, HOOK_CONTAINER_CONTAINERD_IMAGE # Template the linuxkit configuration file. # - You'd think linuxkit would take --build-args or something by now, but no. @@ -67,7 +67,9 @@ function linuxkit_build() { HOOK_CONTAINER_BOOTKIT_IMAGE="${HOOK_CONTAINER_BOOTKIT_IMAGE}" \ HOOK_CONTAINER_DOCKER_IMAGE="${HOOK_CONTAINER_DOCKER_IMAGE}" \ HOOK_CONTAINER_MDEV_IMAGE="${HOOK_CONTAINER_MDEV_IMAGE}" \ - envsubst '$HOOK_VERSION $HOOK_KERNEL_IMAGE $HOOK_KERNEL_ID $HOOK_KERNEL_VERSION $HOOK_CONTAINER_BOOTKIT_IMAGE $HOOK_CONTAINER_DOCKER_IMAGE $HOOK_CONTAINER_MDEV_IMAGE' \ + HOOK_CONTAINER_CONTAINERD_IMAGE="${HOOK_CONTAINER_CONTAINERD_IMAGE}" \ + HOOK_CONTAINER_RUNC_IMAGE="${HOOK_CONTAINER_RUNC_IMAGE}" \ + envsubst '$HOOK_VERSION $HOOK_KERNEL_IMAGE $HOOK_KERNEL_ID $HOOK_KERNEL_VERSION $HOOK_CONTAINER_BOOTKIT_IMAGE $HOOK_CONTAINER_DOCKER_IMAGE $HOOK_CONTAINER_MDEV_IMAGE $HOOK_CONTAINER_CONTAINERD_IMAGE $HOOK_CONTAINER_RUNC_IMAGE' \ > "hook.${inventory_id}.yaml" declare -g linuxkit_bin="" @@ -139,7 +141,7 @@ function linuxkit_build() { # tar the files into out/hook.tar in such a way that vmlinuz and initramfs are at the root of the tar; pigz it # Those are the artifacts published to the GitHub release - tar -cvf- -C "out/hook" "${output_files[@]}" | pigz > "out/hook-${OUTPUT_ID}.tar.gz" + tar -cvf- -C "out/hook" "${output_files[@]}" | pigz > "out/hook_${OUTPUT_ID}.tar.gz" } function linuxkit_run_qemu() { diff --git a/build.sh b/build.sh index 3fe3ed5c..85f6c9a7 100755 --- a/build.sh +++ b/build.sh @@ -29,7 +29,7 @@ declare -g HOOK_LK_CONTAINERS_OCI_BASE="${HOOK_LK_CONTAINERS_OCI_BASE:-"quay.io/ declare -g SKOPEO_IMAGE="${SKOPEO_IMAGE:-"quay.io/skopeo/stable:latest"}" # See https://github.com/linuxkit/linuxkit/releases -declare -g -r LINUXKIT_VERSION_DEFAULT="1.0.1" # LinuxKit version to use by default; each flavor can set its own too +declare -g -r LINUXKIT_VERSION_DEFAULT="1.2.0" # LinuxKit version to use by default; each flavor can set its own too # Directory to use for storing downloaded artifacts: LinuxKit binary, shellcheck binary, etc. declare -g -r CACHE_DIR="${CACHE_DIR:-"cache"}" diff --git a/images/containerd/Dockerfile b/images/containerd/Dockerfile new file mode 100644 index 00000000..080c5bcc --- /dev/null +++ b/images/containerd/Dockerfile @@ -0,0 +1,46 @@ +FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e as builder + + +# checkout and compile containerd +# Update `FROM` in `pkg/containerd/Dockerfile`, `pkg/init/Dockerfile` and +# `test/pkg/containerd/Dockerfile` when changing this. +ENV CONTAINERD_REPO=https://github.com/containerd/containerd.git + +ENV CONTAINERD_COMMIT=v1.7.15 +ENV GOPATH=/go +RUN apk add go git +RUN mkdir -p $GOPATH/src/github.com/containerd && \ + cd $GOPATH/src/github.com/containerd && \ + git clone https://github.com/containerd/containerd.git && \ + cd $GOPATH/src/github.com/containerd/containerd && \ + git checkout $CONTAINERD_COMMIT +RUN apk add --no-cache btrfs-progs-dev gcc libc-dev linux-headers make libseccomp-dev +WORKDIR $GOPATH/src/github.com/containerd/containerd +RUN make binaries EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"' BUILDTAGS="static_build no_devmapper" + +RUN cp bin/containerd bin/ctr bin/containerd-shim bin/containerd-shim-runc-v2 /usr/bin/ +RUN strip /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /usr/bin/containerd-shim-runc-v2 + +FROM scratch as containerd-dev +ENTRYPOINT [] +WORKDIR / +COPY --from=builder /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /usr/bin/containerd-shim-runc-v2 /usr/bin/ +COPY --from=builder /go/src/github.com/containerd/containerd /go/src/github.com/containerd/containerd + +# Dockerfile to build linuxkit/containerd for linuxkit +FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e as alpine + +RUN apk add tzdata binutils +RUN mkdir -p /etc/init.d && ln -s /usr/bin/service /etc/init.d/020-containerd + +FROM containerd-dev + +FROM scratch +ENTRYPOINT [] +WORKDIR / +COPY --from=containerd-dev /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /usr/bin/containerd-shim-runc-v2 /usr/bin/ +COPY --from=alpine /usr/share/zoneinfo/UTC /etc/localtime +COPY --from=alpine /etc/init.d/ /etc/init.d/ +COPY etc etc/ +COPY --from=alpine /etc/apk /etc/apk/ +COPY --from=alpine /lib/apk /lib/apk/ \ No newline at end of file diff --git a/images/containerd/etc/containerd/config.toml b/images/containerd/etc/containerd/config.toml new file mode 100644 index 00000000..fc6df22e --- /dev/null +++ b/images/containerd/etc/containerd/config.toml @@ -0,0 +1,15 @@ +state = "/run/containerd" +root = "/var/lib/containerd" +disabled_plugins = ["cri"] + +[grpc] + address = "/run/containerd/containerd.sock" + uid = 0 + gid = 0 + +[debug] + address = "/run/containerd/debug.sock" + level = "info" + +[metrics] + address = "" diff --git a/hook-bootkit/Dockerfile b/images/hook-bootkit/Dockerfile similarity index 85% rename from hook-bootkit/Dockerfile rename to images/hook-bootkit/Dockerfile index 185d281d..45fd8791 100644 --- a/hook-bootkit/Dockerfile +++ b/images/hook-bootkit/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.20-alpine as dev +FROM golang:1.21-alpine as dev COPY . /src/ WORKDIR /src RUN go mod download diff --git a/hook-bootkit/go.mod b/images/hook-bootkit/go.mod similarity index 50% rename from hook-bootkit/go.mod rename to images/hook-bootkit/go.mod index 0cd8b57e..76a259a7 100644 --- a/hook-bootkit/go.mod +++ b/images/hook-bootkit/go.mod @@ -3,30 +3,39 @@ module github.com/tinkerbell/hook/hook-bootkit go 1.17 require ( - github.com/cenkalti/backoff/v4 v4.2.1 - github.com/docker/docker v24.0.4+incompatible - github.com/go-logr/logr v1.2.4 + github.com/cenkalti/backoff/v4 v4.3.0 + github.com/docker/docker v26.1.0+incompatible + github.com/go-logr/logr v1.4.1 github.com/go-logr/zerologr v1.2.3 github.com/rs/zerolog v1.30.0 ) require ( github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect + github.com/containerd/log v0.1.0 // indirect + github.com/distribution/reference v0.6.0 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.14 // indirect + github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/term v0.5.0 // indirect github.com/morikuni/aec v1.0.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/stretchr/testify v1.8.4 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect + go.opentelemetry.io/otel v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/sdk v1.26.0 // indirect + go.opentelemetry.io/otel/trace v1.26.0 // indirect golang.org/x/mod v0.8.0 // indirect - golang.org/x/net v0.12.0 // indirect - golang.org/x/sys v0.10.0 // indirect + golang.org/x/net v0.23.0 // indirect + golang.org/x/sys v0.19.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.6.0 // indirect gotest.tools/v3 v3.5.0 // indirect diff --git a/hook-bootkit/go.sum b/images/hook-bootkit/go.sum similarity index 56% rename from hook-bootkit/go.sum rename to images/hook-bootkit/go.sum index 4b0f5be1..f490a52d 100644 --- a/hook-bootkit/go.sum +++ b/images/hook-bootkit/go.sum @@ -2,38 +2,45 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v24.0.4+incompatible h1:s/LVDftw9hjblvqIeTiGYXBCD95nOEEl7qRsRrIOuQI= -github.com/docker/docker v24.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/docker/docker v26.1.0+incompatible h1:W1G9MPNbskA6VZWL7b3ZljTh0pXI68FpINx0GKaOdaM= +github.com/docker/docker v26.1.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zerologr v1.2.3 h1:up5N9vcH9Xck3jJkXzgyOxozT14R47IyDODz8LM1KSs= github.com/go-logr/zerologr v1.2.3/go.mod h1:BxwGo7y5zgSHYR1BjbnHPyF/5ZjVKfKxAZANVu6E8Ho= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1/go.mod h1:5SN9VR2LTsRFsrEC6FHgRbTWrTHu6tqPeKxEQv15giM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= +github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= @@ -46,97 +53,80 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= -github.com/rs/zerolog v1.29.0/go.mod h1:NILgTygv/Uej1ra5XxGf82ZFSLk58MFGAUS2o6usyD0= github.com/rs/zerolog v1.30.0 h1:SymVODrcRsaRaSInD9yQtKbtWqwsfoPcRff/oRXLj4c= github.com/rs/zerolog v1.30.0/go.mod h1:/tk+P47gFdPXq4QYjvCmT5/Gsug2nagsFWBWhAiSi1w= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 h1:1u/AyyOqAWzy+SkPxDpahCNZParHV8Vid1RnI2clyDE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0/go.mod h1:z46paqbJ9l7c9fIPCXTqTGwhQZ5XoTIsfeFYWboizjs= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 h1:1wp/gyxsuYtuE/JFxsQRtcCDtMrO2qMvlfXALU5wkzI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0/go.mod h1:gbTHmghkGgqxMomVQQMur1Nba4M0MQ8AYThXDUjsJ38= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= +go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de h1:jFNzHPIeuzhdRwVhbZdiym9q0ory/xY3sA+v2wPg8I0= +google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda h1:LI5DOvAxUPMv/50agcLLoo+AdWc1irS9Rzz4vPuD1V4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= diff --git a/images/hook-bootkit/hook-bootkit b/images/hook-bootkit/hook-bootkit new file mode 100755 index 00000000..11a107a1 Binary files /dev/null and b/images/hook-bootkit/hook-bootkit differ diff --git a/hook-bootkit/main.go b/images/hook-bootkit/main.go similarity index 96% rename from hook-bootkit/main.go rename to images/hook-bootkit/main.go index 19582712..75d211ba 100644 --- a/hook-bootkit/main.go +++ b/images/hook-bootkit/main.go @@ -199,7 +199,7 @@ func run(ctx context.Context, log logr.Logger) error { } log.Info("Starting tink-worker container") - if err := cli.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{}); err != nil { + if err := cli.ContainerStart(ctx, resp.ID, container.StartOptions{}); err != nil { return fmt.Errorf("starting tink-worker container failed: %w", err) } @@ -226,14 +226,14 @@ func checkContainerRunning(ctx context.Context, cli *client.Client, containerID // removeTinkWorkerContainer removes the tink-worker container if it exists. func removeTinkWorkerContainer(ctx context.Context, cli *client.Client) error { - cs, err := cli.ContainerList(ctx, types.ContainerListOptions{All: true}) + cs, err := cli.ContainerList(ctx, container.ListOptions{All: true}) if err != nil { return fmt.Errorf("listing containers, in order to find an existing tink-worker container, failed: %w", err) } for _, c := range cs { for _, n := range c.Names { if n == "/tink-worker" { - if err := cli.ContainerRemove(ctx, c.ID, types.ContainerRemoveOptions{Force: true}); err != nil { + if err := cli.ContainerRemove(ctx, c.ID, container.RemoveOptions{Force: true}); err != nil { return fmt.Errorf("removing existing tink-worker container failed: %w", err) } } diff --git a/hook-docker/Dockerfile b/images/hook-docker/Dockerfile similarity index 93% rename from hook-docker/Dockerfile rename to images/hook-docker/Dockerfile index 0d98a492..778db306 100644 --- a/hook-docker/Dockerfile +++ b/images/hook-docker/Dockerfile @@ -3,7 +3,7 @@ COPY . /src/ WORKDIR /src RUN CGO_ENABLED=0 go build -a -ldflags '-w -extldflags "-static"' -o /hook-docker -FROM docker:24.0.4-dind +FROM docker:26.1.0-dind RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories RUN apk update; apk add kexec-tools COPY --from=dev /hook-docker . diff --git a/hook-docker/go.mod b/images/hook-docker/go.mod similarity index 100% rename from hook-docker/go.mod rename to images/hook-docker/go.mod diff --git a/hook-docker/go.sum b/images/hook-docker/go.sum similarity index 100% rename from hook-docker/go.sum rename to images/hook-docker/go.sum diff --git a/hook-docker/main.go b/images/hook-docker/main.go similarity index 95% rename from hook-docker/main.go rename to images/hook-docker/main.go index 68220b99..9257f42b 100644 --- a/hook-docker/main.go +++ b/images/hook-docker/main.go @@ -54,7 +54,8 @@ func run() error { return fmt.Errorf("failed to write docker config: %w", err) } // Build the command, and execute - cmd := exec.Command("/usr/local/bin/docker-init", "/usr/local/bin/dockerd") + // cmd := exec.Command("/usr/local/bin/docker-init", "/usr/local/bin/dockerd") + cmd := exec.Command("sh", "-c", "/usr/local/bin/dockerd-entrypoint.sh") cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr diff --git a/hook-docker/main_test.go b/images/hook-docker/main_test.go similarity index 100% rename from hook-docker/main_test.go rename to images/hook-docker/main_test.go diff --git a/hook-mdev/Dockerfile b/images/hook-mdev/Dockerfile similarity index 100% rename from hook-mdev/Dockerfile rename to images/hook-mdev/Dockerfile diff --git a/images/runc/Dockerfile b/images/runc/Dockerfile new file mode 100644 index 00000000..8101a91c --- /dev/null +++ b/images/runc/Dockerfile @@ -0,0 +1,35 @@ +# Dockerfile to build linuxkit/runc for linuxkit +FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e as alpine +RUN \ + apk add \ + bash \ + gcc \ + git \ + go \ + libc-dev \ + libseccomp-dev \ + libseccomp-static \ + linux-headers \ + make \ + && true +ENV GOPATH=/go PATH=$PATH:/go/bin GO111MODULE=off +ENV RUNC_COMMIT=v1.1.12 +RUN mkdir -p $GOPATH/src/github.com/opencontainers && \ + cd $GOPATH/src/github.com/opencontainers && \ + git clone https://github.com/opencontainers/runc.git +WORKDIR $GOPATH/src/github.com/opencontainers/runc +RUN git checkout $RUNC_COMMIT +RUN make static BUILDTAGS="seccomp" EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS="-extldflags \\\"-fno-PIC -static\\\"" +RUN cp runc /usr/bin/ + +RUN mkdir -p /etc/init.d && ln -s /usr/bin/service /etc/init.d/010-onboot +RUN mkdir -p /etc/shutdown.d && ln -s /usr/bin/service /etc/shutdown.d/010-onshutdown + +FROM scratch +WORKDIR / +ENTRYPOINT [] +COPY --from=alpine /usr/bin/runc /usr/bin/ +COPY --from=alpine /etc/init.d/ /etc/init.d/ +COPY --from=alpine /etc/shutdown.d/ /etc/shutdown.d/ +COPY --from=alpine /etc/apk /etc/apk/ +COPY --from=alpine /lib/apk /lib/apk/ \ No newline at end of file diff --git a/kernel/Dockerfile b/kernel/Dockerfile index d595b937..34903b6f 100644 --- a/kernel/Dockerfile +++ b/kernel/Dockerfile @@ -64,6 +64,8 @@ ARG KERNEL_OUTPUT_IMAGE RUN mkdir /out +RUN sed -i 's/#define COMMAND_LINE_SIZE 2048/#define COMMAND_LINE_SIZE 4096/' arch/x86/include/asm/setup.h + # Kernel build. ENVs in previous stages are inherited; thus ARCH, CROSS_COMPILE, KCFLAGS, KBUILD_BUILD_USER, KBUILD_BUILD_HOST are available RUN set -x && \ echo "Cross compiler: ${CROSS_COMPILE}" && \ diff --git a/linuxkit-templates/hook.template.yaml b/linuxkit-templates/hook.template.yaml index e03c14d2..315c958d 100644 --- a/linuxkit-templates/hook.template.yaml +++ b/linuxkit-templates/hook.template.yaml @@ -6,6 +6,8 @@ # - HOOK_CONTAINER_BOOTKIT_IMAGE: ${HOOK_CONTAINER_BOOTKIT_IMAGE} # - HOOK_CONTAINER_DOCKER_IMAGE: ${HOOK_CONTAINER_DOCKER_IMAGE} # - HOOK_CONTAINER_MDEV_IMAGE: ${HOOK_CONTAINER_MDEV_IMAGE} +# - HOOK_CONTAINER_CONTAINERD_IMAGE: ${HOOK_CONTAINER_CONTAINERD_IMAGE} +# - HOOK_CONTAINER_RUNC_IMAGE: ${HOOK_CONTAINER_RUNC_IMAGE} # - Other variables are not replaced: for example this is a literal dollarsign-SOMETHING: $SOMETHING and with braces: ${SOMETHING} kernel: @@ -13,38 +15,38 @@ kernel: cmdline: "this_is_not_used=at_at_all_in_hook command_line_is_determined_by=ipxe" init: - - linuxkit/init:144c9cee8aed9e30a16940f2bf1d3813883aceda - # can't use the latest version of runc because it has a bug that prevents docker from starting containers properly. - - linuxkit/runc:v0.8 - - linuxkit/containerd:d445de33c7f08470187b068d247b1c0dea240f0a - - linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4 - - linuxkit/firmware:8def159583422181ddee3704f7024ecb9c02d348 # "Some" firmware from Linuxkit pkg; see https://github.com/linuxkit/linuxkit/blob/master/pkg/firmware/Dockerfile + # this sha is the first with cgroups v2 as the default + - linuxkit/init:8a7b6cdb89197dc94eb6db69ef9dc90b750db598 + - "${HOOK_CONTAINER_RUNC_IMAGE}" + - "${HOOK_CONTAINER_CONTAINERD_IMAGE}" + - linuxkit/ca-certificates:v1.0.0 + - linuxkit/firmware:24402a25359c7bc290f7fc3cd23b6b5f0feb32a5 # "Some" firmware from Linuxkit pkg; see https://github.com/linuxkit/linuxkit/blob/master/pkg/firmware/Dockerfile onboot: - name: rngd1 - image: linuxkit/rngd:cdb919e4aee49fed0bf6075f0a104037cba83c39 + image: linuxkit/rngd:v1.0.0 command: [ "/sbin/rngd", "-1" ] - name: sysctl - image: linuxkit/sysctl:a88a50c104d538b58da5e1441f6f0b4b738f76a6 + image: linuxkit/sysctl:v1.0.0 - name: sysfs - image: linuxkit/sysfs:5fd982d39ff7bec8e480c67a110acb2d3794c291 + image: linuxkit/sysfs:v1.0.0 - name: modprobe - image: linuxkit/modprobe:ab5ac4d5e7e7a5f2d103764850f7846b69230676 + image: linuxkit/modprobe:v1.0.0 command: [ "modprobe", "cdc_ncm" ] # for usb ethernet dongles - name: vlan - image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf + image: linuxkit/ip:v1.0.0 capabilities: - all binds.add: - /etc/ip/vlan.sh:/etc/ip/vlan.sh command: [ "/etc/ip/vlan.sh" ] - - name: dhcpcd - image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450 + - name: dhcpcd-once + image: linuxkit/dhcpcd:v1.0.0 command: [ "/etc/ip/dhcp.sh", "true" ] # 2nd paramter is one-shot true/false: true for onboot, false for services #capabilities.add: # - CAP_SYS_TIME # for ntp one-shot no-max-offset after ntpd, for hardware missing RTC's that boot in 1970 @@ -60,12 +62,11 @@ onboot: - /var/lib/dhcpcd services: - - name: rngd - image: linuxkit/rngd:310c16ec5315bd07d4b8f5332cfa7dc5cbc7d368 + image: linuxkit/rngd:v1.0.0 - name: ntpd - image: linuxkit/openntpd:c90c6dd90f5dfb0ca71a73aac2dad69c8d956af3 + image: linuxkit/openntpd:v1.0.0 - name: mdev image: "${HOOK_CONTAINER_MDEV_IMAGE}" @@ -81,7 +82,7 @@ services: type: b - name: getty - image: linuxkit/getty:76951a596aa5e0867a38e28f0b94d620e948e3e8 + image: linuxkit/getty:v1.0.0 capabilities: - all binds.add: @@ -100,10 +101,11 @@ services: net: host pid: host mounts: - - type: cgroup + - type: cgroup2 options: [ "rw", "nosuid", "noexec", "nodev", "relatime" ] - binds: - - /dev/console:/dev/console + destination: /sys/fs/cgroup + binds.add: + #- /dev/console:/dev/console - /dev:/dev - /etc/resolv.conf:/etc/resolv.conf - /lib/modules:/lib/modules @@ -122,26 +124,43 @@ services: - all net: host mounts: - - type: cgroup + - type: cgroup2 options: [ "rw", "nosuid", "noexec", "nodev", "relatime" ] + destination: /sys/fs/cgroup binds: - /var/run/docker:/var/run runtime: mkdir: - /var/run/docker + + - name: dhcpcd-daemon + image: linuxkit/dhcpcd:v1.0.0 + command: [ "/etc/ip/dhcp.sh", "false" ] # 2nd paramter is one-shot true/false: true for onboot, false for services + #capabilities.add: + # - CAP_SYS_TIME # for ntp one-shot no-max-offset after ntpd, for hardware missing RTC's that boot in 1970 + capabilities: + - all + binds.add: + - /var/lib/dhcpcd:/var/lib/dhcpcd + - /run:/run + - /etc/ip/dhcp.sh:/etc/ip/dhcp.sh + - /dhcpcd.conf:/dhcpcd.conf + runtime: + mkdir: + - /var/lib/dhcpcd #dbg - name: sshd -#dbg image: linuxkit/sshd:666b4a1a323140aa1f332826164afba506abf597 +#dbg image: linuxkit/sshd:v1.0.0 files: - path: etc/profile.d/local.sh contents: | alias docker='ctr -n services.linuxkit tasks exec --tty --exec-id cmd hook-docker docker' alias docker-shell='ctr -n services.linuxkit tasks exec --tty --exec-id shell hook-docker sh' - name_version=$(grep PRETTY_NAME= /etc/os-release | cut -d'=' -f2 | tr -d '"') - export PS1='${name_version}:\w\$ ' + export PS1='HookOS ${HOOK_VERSION}:\w\$ ' # only print WARNING or higher kernel messages to console echo 4 > /proc/sys/kernel/printk + resize mode: "0644" - path: etc/motd