Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
136 lines (115 sloc) 8.19 KB

Weekly LinuxKit dev report for 2017-07-03 to 2017-07-09 (week 27)

This report covers weekly developments in the linuxkit, linuxkit-ci, rtf and virtsock repositories.

Security SIG on Memorizer: This week's security SIG featured @ndauten explaining his ops+memorizer project that provides infrastructure for fine-grained security policy enforcement in Linux. There are meeting notes and slides available (#2153 #2160 @ndauten @riyazdf), as well as work-in-progress PR to add a memorizer project to LinuxKit (#2171 #2170 @ndauten @justincormack).

Kernel: The kernel images were updated to 4.11.9/4.9.36/4.4.76 from upstream (#2167 @rn).

Content trust: This was updated to make it easier to develop against. An option was added to disable content trust, for the use of (e.g.) projects which are pushing to the linuxkitprojects org (which has no trust setup) rather than the main linuxkit org. Secondly, when trust is enabled then enable it globally, in particular it is now active for the docker build and hence containers referenced in Dockerfiles via FROM will be checked. (#2161 @ijc @riyazdf)

ARM64: linuxkit run no longer hardcodes x86_64 as the architecture, thus letting ARM64 run more easily (#2162 @arm64b). Work is also ongoing to fix Golang ARM binaries running under emulation (#1348 @justincormack @rogaha @ncopa) and multiarch manifest generation for base images used by LinuxKit (#1377 @arm64b @mor1 @justincormack).

Example and build cleanups: The build now works from behind an HTTP proxy (#2144 @kunalkushwaha @justincormack @rn) and cleaning build outputs now covers raw files as well (#2176 @justincormack). The example yaml files are also simpler now by moving ttyS0 after tty0 as it is more common (#2177 @justincormack), and we also consistently don't use quotes around image names (#2178 @justincormack)

Virtsock: The virtsock library for HyperV integration had various improvements to build stress tests using it:

Packages

The Docker for Mac blueprint integration continues, and this week the time sync and ACPI infrastructure (#1773 @ijc) was added to LinuxKit:

Projects

  • The MirageSDK project updated the example unikernels to the latest Capnp-based API. There is a lot of integration work ongoing to publish the reference interface for building privilege separate, unikernel-friendly server applications that can be directly deployed on LinuxKit (#2163 @talex5 @avsm [@samoht]).

  • There is a work-in-progress PR to add a Memorizer project to LinuxKit (#2170 @ndauten @justincormack).

  • The swarmd project is also being refreshed and networking supported added (#2126 @ijc).

Docs and Testing

Other reports in this series can be browsed directly in the repository at linuxkit:/reports.

You can’t perform that action at this time.