├── .gitignore ├── images ├── CMAKE_VERSION ├── builder │ ├── Dockerfile.kernel │ ├── dhclient.service │ └── Dockerfile ├── modernprobe-builder │ ├── Dockerfile.kernel │ ├── dhclient.service │ └── Dockerfile ├── x86_64 │ ├── oraclelinux │ │ ├── 3.10 │ │ │ ├── dev.repo │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ │ ├── 4.14 │ │ │ ├── dev.repo │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ │ ├── 5.4 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ │ └── 5.15 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ ├── ubuntu │ │ ├── 5.8 │ │ │ ├── Dockerfile.kernel │ │ │ └── Dockerfile │ │ ├── 6.2 │ │ │ ├── Dockerfile.kernel │ │ │ └── Dockerfile │ │ ├── 6.5 │ │ │ ├── Dockerfile.kernel │ │ │ └── Dockerfile │ │ └── 4.15 │ │ │ ├── Dockerfile.kernel │ │ │ └── Dockerfile │ ├── archlinux │ │ ├── 6.0 │ │ │ ├── Dockerfile.kernel │ │ │ └── Dockerfile │ │ ├── 6.7 │ │ │ ├── Dockerfile.kernel │ │ │ └── Dockerfile │ │ └── 5.18 │ │ │ ├── Dockerfile.kernel │ │ │ └── Dockerfile │ ├── centos │ │ ├── 5.14 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ │ ├── 3.10 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ │ └── 4.18 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ ├── fedora │ │ ├── 5.8 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ │ ├── 6.2 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ │ └── 5.17 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ ├── amazonlinux2022 │ │ └── 5.15 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ ├── amazonlinux2023 │ │ └── 6.1 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ └── amazonlinux2 │ │ ├── 4.19 │ │ ├── Dockerfile │ │ └── Dockerfile.kernel │ │ ├── 5.10 │ │ ├── Dockerfile │ │ └── Dockerfile.kernel │ │ ├── 5.15 │ │ ├── Dockerfile │ │ └── Dockerfile.kernel │ │ └── 5.4 │ │ ├── Dockerfile │ │ └── Dockerfile.kernel ├── aarch64 │ ├── oraclelinux │ │ ├── 4.14 │ │ │ ├── dev.repo │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ │ └── 5.15 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ ├── archlinux │ │ └── 4.14 │ │ │ ├── Dockerfile.kernel │ │ │ └── Dockerfile │ ├── ubuntu │ │ └── 6.5 │ │ │ ├── Dockerfile.kernel │ │ │ └── Dockerfile │ ├── fedora │ │ └── 6.2 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ ├── amazonlinux2022 │ │ └── 5.15 │ │ │ ├── Dockerfile │ │ │ └── Dockerfile.kernel │ └── amazonlinux2 │ │ └── 5.4 │ │ ├── Dockerfile │ │ └── Dockerfile.kernel ├── initrd-builder │ ├── Makefile.virtio_mmio │ ├── Dockerfile │ └── create.sh ├── README.md └── Makefile ├── ansible-playbooks ├── .gitignore ├── roles │ ├── bootstrap │ │ ├── handlers │ │ │ └── main.yml │ │ ├── files │ │ │ ├── dnsmasq-tap@.service │ │ │ └── check_net_conflicts.sh │ │ ├── templates │ │ │ ├── vmconfig.json.j2 │ │ │ └── inventory.ini.j2 │ │ └── tasks │ │ │ └── main.yml │ ├── scap_open │ │ ├── vars │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── common │ │ ├── tasks │ │ │ └── compute_tap_dev_map.yml │ │ └── files │ │ │ └── compute_tap_dev_map.sh │ ├── git_repos │ │ └── tasks │ │ │ └── main.yml │ └── clean_up │ │ └── tasks │ │ └── main.yml ├── ansible.cfg ├── bootstrap.yml ├── clean-up.yml ├── common.yml ├── git-repos.yml ├── main-playbook.yml ├── .ansible-lint ├── scap-open.yml └── group_vars │ └── all │ └── vars.yml ├── matrix_gen ├── .gitignore ├── go.mod ├── go.sum ├── README.md ├── main.go └── pkg │ └── matrix │ ├── error.go │ └── output.go ├── OWNERS ├── requirements.yml ├── .github ├── dependabot.yml └── workflows │ ├── matrix-gen-ci.yml │ ├── release.yml │ ├── main.yml │ ├── pr.yml │ ├── ansible-lint.yml │ └── reusable_build_images.yml ├── release.md ├── architecture.md ├── config_example_amd64.sh ├── action.yml ├── README.md └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /images/CMAKE_VERSION: -------------------------------------------------------------------------------- 1 | 3.24.4 -------------------------------------------------------------------------------- /ansible-playbooks/.gitignore: -------------------------------------------------------------------------------- 1 | runtime/ 2 | -------------------------------------------------------------------------------- /matrix_gen/.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | matrix_gen 3 | -------------------------------------------------------------------------------- /images/builder/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | FROM weaveworks/ubuntu-kernel:5.14.16 2 | -------------------------------------------------------------------------------- /images/modernprobe-builder/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | FROM weaveworks/ubuntu-kernel:5.14.16 2 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - fededp 3 | - Andreagit97 4 | - alacuku 5 | - therealbobo 6 | - ekoops 7 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/bootstrap/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: Reload systemd 2 | ansible.builtin.systemd: 3 | daemon_reload: true 4 | -------------------------------------------------------------------------------- /ansible-playbooks/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = inventory.ini 3 | host_key_checking = False 4 | become = False 5 | 6 | [ssh_connection] 7 | retries=10 -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: community.docker 4 | version: 4.8.2 5 | - name: community.crypto 6 | version: 2.26.1 7 | - name: ansible.posix 8 | version: 2.1.0 9 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/scap_open/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | scap_open_modern_bpf_supported: true 3 | scap_open_bpf_supported: false 4 | scap_open_bpf_minimum_kver: 5 | aarch64: '4.17' 6 | x86_64: '4.14' 7 | -------------------------------------------------------------------------------- /matrix_gen/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/falcosecurity/kernel-testing/matrix_gen 2 | 3 | go 1.18 4 | 5 | require github.com/olekukonko/tablewriter v0.0.5 6 | 7 | require github.com/mattn/go-runewidth v0.0.9 // indirect 8 | -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/3.10/dev.repo: -------------------------------------------------------------------------------- 1 | [developer] 2 | name=Packages for test and development - Oracle Linux 7 3 | baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer/$basearch 4 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle 5 | gpgcheck=1 6 | enabled=1 7 | -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/4.14/dev.repo: -------------------------------------------------------------------------------- 1 | [developer] 2 | name=Packages for test and development - Oracle Linux 7 3 | baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer/$basearch 4 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle 5 | gpgcheck=1 6 | enabled=1 7 | -------------------------------------------------------------------------------- /images/aarch64/oraclelinux/4.14/dev.repo: -------------------------------------------------------------------------------- 1 | [developer] 2 | name=Packages for test and development - Oracle Linux 7 3 | baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer/$basearch 4 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle 5 | gpgcheck=1 6 | enabled=1 7 | -------------------------------------------------------------------------------- /images/builder/dhclient.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=DHCP Client 3 | Wants=network.target 4 | Before=network.target 5 | 6 | [Service] 7 | Type=forking 8 | PIDFile=/run/dhclient.pid 9 | ExecStart=/usr/sbin/dhclient 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /ansible-playbooks/bootstrap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Playbook used to generate the vm configuration files and start them using firecracker. 3 | # Check the role for more information 4 | - name: Play for creating virtual machines 5 | hosts: localhost 6 | become: false 7 | roles: 8 | - bootstrap 9 | -------------------------------------------------------------------------------- /images/modernprobe-builder/dhclient.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=DHCP Client 3 | Wants=network.target 4 | Before=network.target 5 | 6 | [Service] 7 | Type=forking 8 | PIDFile=/run/dhclient.pid 9 | ExecStart=/usr/sbin/dhclient 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /ansible-playbooks/clean-up.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Playbook used to remove the cluster and clean up generated files. 3 | # Check the role for more information 4 | - name: Play that removes the vms and other files created by the other playbooks 5 | hosts: localhost 6 | become: false 7 | roles: 8 | - clean_up 9 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | interval: "weekly" 7 | open-pull-requests-limit: 10 8 | groups: 9 | actions: 10 | update-types: 11 | - "minor" 12 | - "patch" 13 | -------------------------------------------------------------------------------- /ansible-playbooks/common.yml: -------------------------------------------------------------------------------- 1 | - name: Run common tasks to all hosts 2 | hosts: all 3 | remote_user: "{{ user }}" 4 | gather_facts: false 5 | 6 | tasks: 7 | - name: Fix the dns issues 8 | ansible.builtin.shell: | 9 | echo 'nameserver 1.1.1.1' > /etc/resolv.conf 10 | changed_when: false 11 | -------------------------------------------------------------------------------- /matrix_gen/go.sum: -------------------------------------------------------------------------------- 1 | github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= 2 | github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= 3 | github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= 4 | github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= 5 | -------------------------------------------------------------------------------- /.github/workflows/matrix-gen-ci.yml: -------------------------------------------------------------------------------- 1 | name: Matrix-gen CI 2 | on: 3 | pull_request: 4 | paths: 5 | - 'matrix_gen/**' 6 | 7 | jobs: 8 | build-matrix-gen: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout repo ⤵️ 12 | uses: actions/checkout@v6 13 | 14 | - name: Build matrix_gen 15 | working-directory: ./matrix_gen 16 | run: go build . 17 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release CI 2 | on: 3 | release: 4 | types: [published] 5 | 6 | concurrency: 7 | group: release_push_images 8 | cancel-in-progress: true 9 | 10 | jobs: 11 | release-images: 12 | uses: ./.github/workflows/reusable_build_images.yml 13 | with: 14 | push: true 15 | is_latest: true 16 | version: ${{ github.event.release.tag_name }} 17 | secrets: inherit 18 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | name: Main CI 2 | on: 3 | push: 4 | branches: 5 | - main 6 | paths: 7 | - 'images/**' 8 | 9 | concurrency: 10 | group: main_push_images 11 | cancel-in-progress: true 12 | 13 | jobs: 14 | push-images: 15 | uses: ./.github/workflows/reusable_build_images.yml 16 | with: 17 | push: true 18 | is_latest: false 19 | version: 'main' 20 | secrets: inherit 21 | -------------------------------------------------------------------------------- /ansible-playbooks/git-repos.yml: -------------------------------------------------------------------------------- 1 | # Playbook used to clone git repositories that will be used on the 2 | # target nodes. We want to avoid downloading the same repos on multiple 3 | # target nodes. 4 | # Check the role for more information 5 | - name: Play that clones git repositories and pushes them to VMs 6 | hosts: all 7 | gather_facts: false 8 | remote_user: "{{ user }}" 9 | become: false 10 | serial: 30 11 | roles: 12 | - git_repos 13 | -------------------------------------------------------------------------------- /ansible-playbooks/main-playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook to run once the whole configuration. 3 | # Check the specific playbooks and roles to have more information. 4 | - name: Include bootstrap playbook 5 | import_playbook: bootstrap.yml 6 | - name: Include common playbook 7 | import_playbook: common.yml 8 | - name: Include git-repos playbook 9 | import_playbook: git-repos.yml 10 | - name: Include scap-open playbook 11 | import_playbook: scap-open.yml 12 | -------------------------------------------------------------------------------- /.github/workflows/pr.yml: -------------------------------------------------------------------------------- 1 | name: PR CI 2 | on: 3 | pull_request: 4 | branches: 5 | - main 6 | paths: 7 | - 'images/**' 8 | 9 | concurrency: 10 | group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} 11 | cancel-in-progress: true 12 | 13 | jobs: 14 | build-images: 15 | uses: ./.github/workflows/reusable_build_images.yml 16 | with: 17 | push: false 18 | is_latest: false 19 | version: '${{ github.run_id }}' 20 | secrets: inherit 21 | -------------------------------------------------------------------------------- /ansible-playbooks/.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | # .ansible-lint 3 | 4 | profile: production # min, basic, moderate,safety, shared, production 5 | 6 | # exclude_paths included in this file are parsed relative to this file's location 7 | # and not relative to the CWD of execution. CLI arguments passed to the --exclude 8 | # option are parsed relative to the CWD of execution. 9 | exclude_paths: 10 | - .ansible-lint 11 | - requirements.yml 12 | 13 | # Offline mode disables installation of requirements.yml and schema refreshing 14 | # needed by the community collection 15 | offline: false 16 | -------------------------------------------------------------------------------- /matrix_gen/README.md: -------------------------------------------------------------------------------- 1 | # Matrix-gen 2 | 3 | This is a small tool used in CI to generate a kernel compatibility matrix for each task given the ansible output folder. 4 | 5 | Example: 6 | 7 | ``` 8 | ./matrix_gen --root-folder ~/ansible_output --output-file matrix_x86_64.md 9 | ``` 10 | 11 | Available options: 12 | ``` 13 | ./matrix_gen -h 14 | Usage of ./matrix_gen: 15 | -output-file string 16 | output file where the generated matrix is stored (default "matrix.md") 17 | -root-folder string 18 | ansible output root folder (default "~/ansible_output") 19 | ``` 20 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/common/tasks/compute_tap_dev_map.yml: -------------------------------------------------------------------------------- 1 | - name: Compute tap device map 2 | ansible.builtin.command: > 3 | "{{ role_path }}/files/compute_tap_dev_map.sh" 4 | "{{ run_id }}" 5 | "{{ ((machines + builders) 6 | | selectattr('arch', 'equalto', ansible_facts['architecture']) 7 | | map(attribute='name') 8 | | join(' ')) }}" 9 | register: common_tap_dev_map_raw 10 | changed_when: false 11 | 12 | - name: Set tap device map 13 | ansible.builtin.set_fact: 14 | common_tap_dev_map: "{{ common_tap_dev_map_raw.stdout | from_json }}" 15 | -------------------------------------------------------------------------------- /.github/workflows/ansible-lint.yml: -------------------------------------------------------------------------------- 1 | name: ansible-lint 2 | on: 3 | pull_request: 4 | 5 | 6 | jobs: 7 | build: 8 | name: Ansible Lint 9 | runs-on: ubuntu-latest 10 | steps: 11 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 12 | with: 13 | fetch-depth: 0 14 | 15 | - name: Run ansible-lint 16 | uses: ansible/ansible-lint@40f24c2d511c6662ba96b53a35f386cf8b0c11ad # v25.12.1 17 | with: 18 | working_directory: "${{ github.workspace }}/ansible-playbooks" 19 | requirements_file: "${{ github.workspace }}/requirements.yml" 20 | -------------------------------------------------------------------------------- /images/initrd-builder/Makefile.virtio_mmio: -------------------------------------------------------------------------------- 1 | obj-m +=virtio_mmio.o 2 | 3 | # Compiler flags 4 | EXTRA_CFLAGS := -DCONFIG_VIRTIO_MMIO_CMDLINE_DEVICES 5 | 6 | # Name of the kernel module 7 | MODULE_NAME := virtio_mmio 8 | 9 | KERNEL_DIR ?= /lib/modules/$(shell uname -r)/build 10 | 11 | # Default target 12 | all: $(MODULE_NAME).ko 13 | 14 | # Rule to build the kernel module 15 | $(MODULE_NAME).ko: $(MODULE_PATH) 16 | $(MAKE) -C $(KERNEL_DIR) EXTRA_CFLAGS="$(EXTRA_CFLAGS)" M=$(PWD) modules 17 | 18 | # Rule to clean the kernel module 19 | clean: 20 | rm -rf *.o *.ko *.mod.* *.symvers *.order *.mod .* 21 | 22 | .PHONY: all clean 23 | 24 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/bootstrap/files/dnsmasq-tap@.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Per-tap dnsmasq instance for %i (expected instance format: DEV:HOST_IP:GUEST_IP) 3 | After=network.target 4 | Requires=network.target 5 | 6 | [Service] 7 | Type=exec 8 | Environment="ARGS=%i" 9 | ExecStart=/bin/bash -c 'IFS=: read DEV HOST_IP GUEST_IP <<< $ARGS; exec /usr/sbin/dnsmasq --keep-in-foreground --interface=$DEV --bind-dynamic --port=0 --dhcp-range=$GUEST_IP,$GUEST_IP,255.255.255.252,1h --dhcp-option=3,$HOST_IP --dhcp-option=6,1.1.1.1 --dhcp-leasefile=/run/dnsmasq-tap-$DEV.leases' 10 | Restart=always 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/bootstrap/templates/vmconfig.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "boot-source": { 3 | "kernel_image_path": "{{ vmlinux_path }}", 4 | "initrd_path": "{{ initrd_path }}", 5 | "boot_args": "rw console=ttyS0" 6 | }, 7 | "drives": [ 8 | { 9 | "drive_id": "rootfs", 10 | "path_on_host": "{{ rootfs_disk_path }}", 11 | "is_root_device": true, 12 | "is_read_only": false 13 | } 14 | ], 15 | "machine-config": { 16 | "vcpu_count": {{ cpus }}, 17 | "mem_size_mib": {{ memory }}, 18 | "smt": false 19 | }, 20 | "network-interfaces": [ 21 | { 22 | "iface_id": "eth0", 23 | "host_dev_name": "{{ tap_dev_name }}" 24 | } 25 | ] 26 | } 27 | -------------------------------------------------------------------------------- /release.md: -------------------------------------------------------------------------------- 1 | # Release Process 2 | 3 | When we release we do the following process: 4 | 5 | 1. We decide together (usually in the #falco channel in [slack](https://kubernetes.slack.com/messages/falco)) what's the next version to tag 6 | 2. A person with repository rights does the tag 7 | 3. The same person runs commands in their machine following the "Release commands" section below 8 | 4. Once the CI has done its job, the tag is live on [Github](https://github.com/falcosecurity/kernel-testing/releases) 9 | 10 | ## Release commands 11 | 12 | Tag the version, keep the `v` and replace `x.y.z` with the version number. e.g: `0.2.0` 13 | 14 | ```bash 15 | git pull 16 | git checkout master 17 | git tag vx.y.z 18 | git push origin vx.y.z 19 | ``` 20 | > N.B.: do NOT use an annotated tag 21 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/bootstrap/templates/inventory.ini.j2: -------------------------------------------------------------------------------- 1 | #this file is autogenerated by the bootstrap role 2 | [machines] 3 | {% for item in machines %} 4 | {% if item.arch == ansible_facts["architecture"] %} 5 | {{ item.name }} ansible_host={{ common_tap_dev_map[item.name].guest_ip }} ansible_ssh_common_args='-o BindInterface={{ common_tap_dev_map[item.name].name }}' ansible_ssh_private_key_file={{ prv_key_path }} 6 | {% endif %} 7 | {% endfor %} 8 | 9 | [builders] 10 | {% for item in builders %} 11 | {% if item.arch == ansible_facts["architecture"] %} 12 | {{ item.name }} ansible_host={{ common_tap_dev_map[item.name].guest_ip }} ansible_ssh_common_args='-o BindInterface={{ common_tap_dev_map[item.name].name }}' ansible_ssh_private_key_file={{ prv_key_path }} 13 | {% endif %} 14 | {% endfor %} 15 | -------------------------------------------------------------------------------- /images/initrd-builder/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM busybox:stable AS initrd-base 2 | 3 | FROM ubuntu:22.04 4 | 5 | WORKDIR /home/ubuntu/ 6 | 7 | RUN mkdir -p /home/ubuntu/out/ 8 | 9 | COPY --from=initrd-base / /home/ubuntu/out/ 10 | 11 | ADD create.sh Makefile.virtio_mmio /opt/initrd-builder/ 12 | 13 | RUN apt update && \ 14 | apt install -y \ 15 | build-essential \ 16 | libelf-dev \ 17 | gcc \ 18 | kmod \ 19 | xz-utils \ 20 | p7zip-full \ 21 | rpm2cpio \ 22 | curl \ 23 | cpio \ 24 | binutils \ 25 | bzip2 \ 26 | gzip \ 27 | lzop \ 28 | lz4 \ 29 | zstd && \ 30 | apt-get clean && \ 31 | rm -rf /var/lib/apt/lists/* && \ 32 | curl -Lo /usr/bin/extract-vmlinux https://raw.githubusercontent.com/torvalds/linux/master/scripts/extract-vmlinux && \ 33 | chmod +x /usr/bin/extract-vmlinux 34 | -------------------------------------------------------------------------------- /images/x86_64/ubuntu/5.8/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | FROM initrd-builder:0.0.1 AS builder 2 | 3 | ARG VERSION=5.8.0-1041-aws 4 | ARG URL='http://security.ubuntu.com/ubuntu/pool/main/l/linux-aws-5.8/' 5 | 6 | WORKDIR /home/ubuntu 7 | 8 | RUN touch .placeholder && \ 9 | curl ${URL} | \ 10 | grep -E "linux-image-${VERSION}|linux-modules-${VERSION}" | \ 11 | cut -d\" -f8 | \ 12 | xargs -I@ curl -LO ${URL}@ && \ 13 | mkdir extracted && \ 14 | ls *deb | \ 15 | xargs -I@ dpkg -x @ extracted && \ 16 | extract-vmlinux extracted/boot/vmlinuz-${VERSION} > extracted/vmlinux && \ 17 | cd extracted && \ 18 | /opt/initrd-builder/create.sh 19 | 20 | FROM scratch 21 | 22 | COPY --from=builder /home/ubuntu/extracted/vmlinux /boot/ 23 | COPY --from=builder /home/ubuntu//out/initrd /boot/ 24 | COPY --from=builder /home/ubuntu/.placeholder /lib/modules/ 25 | -------------------------------------------------------------------------------- /images/x86_64/ubuntu/6.2/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | FROM initrd-builder:0.0.1 AS builder 2 | 3 | ARG VERSION=6.2.0-1018-aws 4 | ARG URL='https://archive.ubuntu.com/ubuntu/pool/main/l/linux-aws-6.2/' 5 | 6 | WORKDIR /home/ubuntu 7 | 8 | RUN touch .placeholder && \ 9 | curl ${URL} | \ 10 | grep -E "linux-image-unsigned-${VERSION}|linux-modules-${VERSION}" | \ 11 | cut -d\" -f8 | \ 12 | xargs -I@ curl -LO ${URL}@ && \ 13 | mkdir extracted && \ 14 | ls *deb | \ 15 | xargs -I@ dpkg -x @ extracted && \ 16 | extract-vmlinux extracted/boot/vmlinuz-${VERSION} > extracted/vmlinux && \ 17 | cd extracted && \ 18 | /opt/initrd-builder/create.sh 19 | 20 | FROM scratch 21 | 22 | COPY --from=builder /home/ubuntu/extracted/vmlinux /boot/ 23 | COPY --from=builder /home/ubuntu//out/initrd /boot/ 24 | COPY --from=builder /home/ubuntu/.placeholder /lib/modules/ 25 | -------------------------------------------------------------------------------- /images/x86_64/ubuntu/6.5/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | FROM initrd-builder:0.0.1 AS builder 2 | 3 | ARG VERSION=6.5.0-1024-aws 4 | ARG URL='https://archive.ubuntu.com/ubuntu/pool/main/l/linux-aws-6.5/' 5 | 6 | WORKDIR /home/ubuntu 7 | 8 | RUN touch .placeholder && \ 9 | curl ${URL} | \ 10 | grep -E "linux-image-unsigned-${VERSION}|linux-modules-${VERSION}" | \ 11 | cut -d\" -f8 | \ 12 | xargs -I@ curl -LO ${URL}@ && \ 13 | mkdir extracted && \ 14 | ls *deb | \ 15 | xargs -I@ dpkg -x @ extracted && \ 16 | extract-vmlinux extracted/boot/vmlinuz-${VERSION} > extracted/vmlinux && \ 17 | cd extracted && \ 18 | /opt/initrd-builder/create.sh 19 | 20 | FROM scratch 21 | 22 | COPY --from=builder /home/ubuntu/extracted/vmlinux /boot/ 23 | COPY --from=builder /home/ubuntu//out/initrd /boot/ 24 | COPY --from=builder /home/ubuntu/.placeholder /lib/modules/ 25 | -------------------------------------------------------------------------------- /images/x86_64/ubuntu/4.15/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | FROM initrd-builder:0.0.1 AS builder 2 | 3 | ARG VERSION=4.15.0-1118-aws 4 | ARG URL='https://archive.ubuntu.com/ubuntu/pool/main/l/linux-aws/' 5 | 6 | WORKDIR /home/ubuntu 7 | 8 | RUN touch .placeholder && \ 9 | curl ${URL} | \ 10 | grep -E "linux-image-${VERSION}|linux-modules-${VERSION}" | \ 11 | grep -E "amd64" | \ 12 | cut -d\" -f8 | \ 13 | xargs -I@ curl -LO ${URL}@ && \ 14 | mkdir extracted && \ 15 | ls *deb | \ 16 | xargs -I@ dpkg -x @ extracted && \ 17 | extract-vmlinux extracted/boot/vmlinuz-${VERSION} > out/vmlinux && \ 18 | cd extracted && \ 19 | /opt/initrd-builder/create.sh 20 | 21 | FROM scratch 22 | 23 | COPY --from=builder /home/ubuntu/out/vmlinux /boot/ 24 | COPY --from=builder /home/ubuntu/out/initrd /boot/ 25 | COPY --from=builder /home/ubuntu/.placeholder /lib/modules/ 26 | -------------------------------------------------------------------------------- /images/aarch64/archlinux/4.14/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | FROM initrd-builder:0.0.1 AS builder 2 | 3 | ARG VERSION=4.14.15-1 4 | ARG URL='http://tardis.tiny-vps.com/aarm/packages' 5 | 6 | WORKDIR /home/ubuntu 7 | 8 | RUN touch .placeholder && \ 9 | apt update && apt install -y file && \ 10 | curl -Lo kernel.pkg.tar.xz ${URL}/l/linux-aarch64/linux-aarch64-${VERSION}-aarch64.pkg.tar.xz && \ 11 | mkdir extracted && \ 12 | cd extracted && \ 13 | ls ../*.tar.xz | \ 14 | xargs -I@ tar -xaf @ && \ 15 | find . -name '*.gz' -exec gunzip {} \; && \ 16 | find . -name '*ko*' && \ 17 | mv ./usr/lib . && \ 18 | cp -v boot/Image vmlinux && \ 19 | /opt/initrd-builder/create.sh 20 | 21 | FROM scratch 22 | 23 | COPY --from=builder /home/ubuntu/extracted/vmlinux /boot/ 24 | COPY --from=builder /home/ubuntu/out/initrd /boot/ 25 | COPY --from=builder /home/ubuntu/.placeholder /lib/modules/ 26 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/git_repos/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for git-repos 3 | 4 | - name: Cloning git repositories on local machine 5 | ansible.builtin.git: 6 | repo: "{{ item.value.repo | mandatory }}" 7 | version: "{{ item.value.version | default(omit) }}" 8 | refspec: "{{ item.value.refspec | default(omit) }}" 9 | dest: "{{ local_repos_folder }}/{{ item.value.name | mandatory }}" 10 | accept_newhostkey: true 11 | with_dict: "{{ repos }}" 12 | delegate_to: localhost 13 | run_once: true 14 | 15 | - name: Copy all git repositories to the VMs 16 | ansible.posix.synchronize: 17 | src: repos 18 | dest: "{{ remote_repos_folder }}" 19 | private_key: "{{ prv_key_path }}" 20 | 21 | - name: Remove repositories from localhost 22 | ansible.builtin.file: 23 | path: "{{ local_repos_folder }}/{{ item.value.name | mandatory }}" 24 | state: absent 25 | with_dict: "{{ repos }}" 26 | delegate_to: localhost 27 | run_once: true 28 | -------------------------------------------------------------------------------- /images/x86_64/archlinux/6.0/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION 2 | ARG URL 3 | ARG ARCHITECTURE 4 | 5 | FROM initrd-builder:0.0.1 AS builder 6 | 7 | ARG VERSION=6.0.12.arch1-1 8 | ARG URL='https://archive.archlinux.org/packages/l' 9 | ARG ARCHITECTURE=x86_64 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -Lo kernel.pkg.tar.zst ${URL}/linux/linux-${VERSION}-${ARCHITECTURE}.pkg.tar.zst && \ 15 | curl -Lo headers.pkg.tar.zst ${URL}/linux-headers/linux-headers-${VERSION}-${ARCHITECTURE}.pkg.tar.zst && \ 16 | mkdir extracted && \ 17 | cd extracted && \ 18 | ls ../*.tar.zst | \ 19 | xargs -I@ tar -xaf @ && \ 20 | find . -name '*.zst' -exec zstd -d --rm -f {} \; && \ 21 | mv ./usr/lib . && \ 22 | extract-vmlinux $(find . -name 'vmlinux') > vmlinux && \ 23 | /opt/initrd-builder/create.sh 24 | 25 | FROM scratch 26 | 27 | COPY --from=builder /home/ubuntu/extracted/vmlinux /boot/ 28 | COPY --from=builder /home/ubuntu/out/initrd /boot/ 29 | COPY --from=builder /home/ubuntu/.placeholder /lib/modules/ 30 | -------------------------------------------------------------------------------- /images/x86_64/archlinux/6.7/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION 2 | ARG URL 3 | ARG ARCHITECTURE 4 | 5 | FROM initrd-builder:0.0.1 AS builder 6 | 7 | ARG VERSION=6.7.1.arch1-1 8 | ARG URL='https://archive.archlinux.org/packages/l' 9 | ARG ARCHITECTURE=x86_64 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -Lo kernel.pkg.tar.zst ${URL}/linux/linux-${VERSION}-${ARCHITECTURE}.pkg.tar.zst && \ 15 | curl -Lo headers.pkg.tar.zst ${URL}/linux-headers/linux-headers-${VERSION}-${ARCHITECTURE}.pkg.tar.zst && \ 16 | mkdir extracted && \ 17 | cd extracted && \ 18 | ls ../*.tar.zst | \ 19 | xargs -I@ tar -xaf @ && \ 20 | find . -name '*.zst' -exec zstd -d --rm -f {} \; && \ 21 | mv ./usr/lib . && \ 22 | extract-vmlinux $(find . -name 'vmlinux') > vmlinux && \ 23 | /opt/initrd-builder/create.sh 24 | 25 | FROM scratch 26 | 27 | COPY --from=builder /home/ubuntu/extracted/vmlinux /boot/ 28 | COPY --from=builder /home/ubuntu/out/initrd /boot/ 29 | COPY --from=builder /home/ubuntu/.placeholder /lib/modules/ 30 | -------------------------------------------------------------------------------- /images/x86_64/archlinux/5.18/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION 2 | ARG URL 3 | ARG ARCHITECTURE 4 | 5 | FROM initrd-builder:0.0.1 AS builder 6 | 7 | ARG VERSION=5.18.16.arch1-1 8 | ARG URL='https://archive.archlinux.org/packages/l' 9 | ARG ARCHITECTURE=x86_64 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -Lo kernel.pkg.tar.zst ${URL}/linux/linux-${VERSION}-${ARCHITECTURE}.pkg.tar.zst && \ 15 | curl -Lo headers.pkg.tar.zst ${URL}/linux-headers/linux-headers-${VERSION}-${ARCHITECTURE}.pkg.tar.zst && \ 16 | mkdir extracted && \ 17 | cd extracted && \ 18 | ls ../*.tar.zst | \ 19 | xargs -I@ tar -xaf @ && \ 20 | find . -name '*.zst' -exec zstd -d --rm -f {} \; && \ 21 | mv ./usr/lib . && \ 22 | extract-vmlinux $(find . -name 'vmlinux') > vmlinux && \ 23 | /opt/initrd-builder/create.sh 24 | 25 | FROM scratch 26 | 27 | COPY --from=builder /home/ubuntu/extracted/vmlinux /boot/ 28 | COPY --from=builder /home/ubuntu/out/initrd /boot/ 29 | COPY --from=builder /home/ubuntu/.placeholder /lib/modules/ 30 | -------------------------------------------------------------------------------- /images/aarch64/ubuntu/6.5/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | FROM initrd-builder:0.0.1 AS builder 2 | 3 | ARG VERSION=6.5.0-1024-aws 4 | ARG URL='https://ports.ubuntu.com/ubuntu-ports/pool/main/l/linux-aws-6.5/' 5 | 6 | WORKDIR /home/ubuntu 7 | 8 | RUN touch .placeholder && \ 9 | curl ${URL} | \ 10 | grep 'arm64' | \ 11 | grep -oE "linux-image-unsigned-${VERSION}.*deb\"|linux-modules-${VERSION}.*deb\"" | \ 12 | tr -d '"' | \ 13 | xargs -I@ curl -LO ${URL}@ && \ 14 | ls -lah && \ 15 | mkdir extracted && \ 16 | ls *deb | \ 17 | xargs -I@ dpkg -x @ extracted && \ 18 | find extracted -name 'vmlinuz*' | \ 19 | xargs -I@ mv @ extracted/vmlinux.gz && \ 20 | gunzip extracted/vmlinux.gz && \ 21 | cd extracted && \ 22 | /opt/initrd-builder/create.sh 23 | 24 | FROM scratch 25 | 26 | COPY --from=builder /home/ubuntu/extracted/vmlinux /boot/ 27 | COPY --from=builder /home/ubuntu//out/initrd /boot/ 28 | COPY --from=builder /home/ubuntu/.placeholder /lib/modules/ 29 | 30 | -------------------------------------------------------------------------------- /images/modernprobe-builder/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM fedora:39 2 | 3 | ARG CMAKE_VERSION 4 | 5 | # Use bash for all RUN steps with some safety options enabled. 6 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 7 | 8 | COPY /dhclient.service /usr/lib/systemd/system/ 9 | 10 | RUN dnf install -y \ 11 | autoconf \ 12 | automake \ 13 | automake \ 14 | bpftool \ 15 | ca-certificates \ 16 | clang \ 17 | dhclient \ 18 | gcc \ 19 | gcc-c++ \ 20 | git \ 21 | iproute \ 22 | libbpf-devel \ 23 | make \ 24 | openssh-server \ 25 | pkg-config \ 26 | rsync \ 27 | systemd && \ 28 | dnf clean all && \ 29 | rm -rf /var/cache/yum && \ 30 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-$(uname -m)" && \ 31 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 32 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 33 | systemctl enable dhclient && \ 34 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 35 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 36 | echo "root:root" | chpasswd 37 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/bootstrap/files/check_net_conflicts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | check_duplicates() { 5 | FIELD="$1" 6 | DUPLICATES="" 7 | 8 | DUPLICATES=$(jq -r " 9 | group_by(.${FIELD}) 10 | | map(select(length > 1)) 11 | | map(.[0].${FIELD}) 12 | | .[] 13 | " <<< "$TAP_DEV_MAP" || true) 14 | 15 | if [[ -n "$DUPLICATES" ]]; then 16 | echo "Error: Duplicate ${FIELD} values detected: $DUPLICATES" >&2 17 | exit 1 18 | fi 19 | } 20 | 21 | TAP_DEV_MAP="$1" 22 | 23 | # Iterate over JSON objects one by one and check for any external conflict. 24 | jq -r '.[] | "\(.name) \(.host_ip)"' <<<"$TAP_DEV_MAP" | while read -r TAP_NAME HOST_IP; do 25 | 26 | # Check tap name conflict. 27 | if ip link show "$TAP_NAME" >/dev/null 2>&1; then 28 | echo "Error: TAP device '$TAP_NAME' already exists" >&2 29 | exit 1 30 | fi 31 | 32 | # Check host IP address conflict. 33 | if ! ip -o addr show to "$HOST_IP" >/dev/null 2>&1; then 34 | echo "Error: Host already has an IP $HOST_IP" >&2 35 | exit 1 36 | fi 37 | done 38 | 39 | # Check for any internal conflict in names and host IPs, separately. 40 | check_duplicates "name" 41 | check_duplicates "host_ip" -------------------------------------------------------------------------------- /images/x86_64/ubuntu/6.2/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | ARG VERSION=6.2.0-1018-aws 4 | ARG CMAKE_VERSION 5 | 6 | # Use bash for all RUN steps with some safety options enabled. 7 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 8 | 9 | WORKDIR /home/ubuntu 10 | 11 | RUN apt-get update && apt-get install -y \ 12 | build-essential \ 13 | clang \ 14 | curl \ 15 | dbus \ 16 | git \ 17 | iproute2 \ 18 | iputils-ping \ 19 | kmod \ 20 | libcap-dev \ 21 | libelf-dev \ 22 | linux-headers-${VERSION} \ 23 | linux-tools-${VERSION} \ 24 | llvm \ 25 | net-tools \ 26 | openssh-server \ 27 | rng-tools \ 28 | rsync \ 29 | sudo \ 30 | systemd \ 31 | udev \ 32 | wget && \ 33 | apt-get clean && \ 34 | rm -rf /var/lib/apt/lists/* && \ 35 | CMAKE_ARCH="x86_64" && \ 36 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 37 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 38 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 39 | echo "" > /etc/machine-id && echo "" > /var/lib/dbus/machine-id && \ 40 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 41 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 42 | echo "root:root" | chpasswd 43 | -------------------------------------------------------------------------------- /images/x86_64/ubuntu/6.5/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | ARG VERSION=6.5.0-1024-aws 4 | ARG CMAKE_VERSION 5 | 6 | # Use bash for all RUN steps with some safety options enabled. 7 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 8 | 9 | WORKDIR /home/ubuntu 10 | 11 | RUN apt-get update && apt-get install -y \ 12 | build-essential \ 13 | clang \ 14 | curl \ 15 | dbus \ 16 | git \ 17 | iproute2 \ 18 | iputils-ping \ 19 | kmod \ 20 | libcap-dev \ 21 | libelf-dev \ 22 | linux-headers-${VERSION} \ 23 | linux-tools-${VERSION} \ 24 | llvm \ 25 | net-tools \ 26 | openssh-server \ 27 | rng-tools \ 28 | rsync \ 29 | sudo \ 30 | systemd \ 31 | udev \ 32 | wget && \ 33 | apt-get clean && \ 34 | rm -rf /var/lib/apt/lists/* && \ 35 | CMAKE_ARCH="x86_64" && \ 36 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 37 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 38 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 39 | echo "" > /etc/machine-id && echo "" > /var/lib/dbus/machine-id && \ 40 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 41 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 42 | echo "root:root" | chpasswd 43 | -------------------------------------------------------------------------------- /images/x86_64/ubuntu/4.15/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | ARG VERSION=4.15.0-1118-aws 4 | ARG CMAKE_VERSION 5 | 6 | # Use bash for all RUN steps with some safety options enabled. 7 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 8 | 9 | WORKDIR /home/ubuntu 10 | 11 | RUN apt-get update && apt-get install -y \ 12 | build-essential \ 13 | clang \ 14 | curl \ 15 | dbus \ 16 | git \ 17 | iproute2 \ 18 | iputils-ping \ 19 | kmod \ 20 | libcap-dev \ 21 | libelf-dev \ 22 | linux-headers-${VERSION} \ 23 | linux-tools-${VERSION} \ 24 | llvm \ 25 | net-tools \ 26 | openssh-server \ 27 | rng-tools \ 28 | rsync \ 29 | sudo \ 30 | systemd \ 31 | udev \ 32 | wget && \ 33 | apt-get clean && \ 34 | rm -rf /var/lib/apt/lists/* && \ 35 | CMAKE_ARCH="x86_64" && \ 36 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 37 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 38 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 39 | echo "" > /etc/machine-id && echo "" > /var/lib/dbus/machine-id && \ 40 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 41 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 42 | echo "root:root" | chpasswd \ 43 | -------------------------------------------------------------------------------- /images/x86_64/ubuntu/5.8/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | ARG VERSION=5.8.0-1041-aws 4 | ARG CMAKE_VERSION 5 | 6 | # Use bash for all RUN steps with some safety options enabled. 7 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 8 | 9 | WORKDIR /home/ubuntu 10 | 11 | RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 12 | build-essential \ 13 | clang-7 \ 14 | curl \ 15 | dbus \ 16 | git \ 17 | iproute2 \ 18 | iputils-ping \ 19 | kmod \ 20 | libcap-dev \ 21 | libelf-dev \ 22 | linux-headers-${VERSION} \ 23 | linux-tools-${VERSION} \ 24 | llvm \ 25 | net-tools \ 26 | openssh-server \ 27 | rng-tools \ 28 | rsync \ 29 | sudo \ 30 | systemd \ 31 | udev \ 32 | wget && \ 33 | apt-get clean && \ 34 | rm -rf /var/lib/apt/lists/* && \ 35 | CMAKE_ARCH="x86_64" && \ 36 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 37 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 38 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 39 | echo "" > /etc/machine-id && echo "" > /var/lib/dbus/machine-id && \ 40 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 41 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 42 | echo "root:root" | chpasswd && \ 43 | ln -s /usr/bin/clang-7 /usr/bin/clang 44 | -------------------------------------------------------------------------------- /matrix_gen/main.go: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 2 | /* 3 | Copyright (C) 2023 The Falco Authors. 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this file except in compliance with the License. 7 | You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | 17 | */ 18 | 19 | package main 20 | 21 | import ( 22 | "flag" 23 | matrix "github.com/falcosecurity/kernel-testing/matrix_gen/pkg/matrix" 24 | "log" 25 | ) 26 | 27 | var ( 28 | rootFolder *string 29 | outputFile *string 30 | ) 31 | 32 | func init() { 33 | rootFolder = flag.String("root-folder", "~/ansible_output", "ansible output root folder") 34 | outputFile = flag.String("output-file", "matrix.md", "output file where the generated matrix is stored") 35 | } 36 | 37 | func main() { 38 | flag.Parse() 39 | 40 | outputMatrix := matrix.NewOutput() 41 | err := outputMatrix.Loop(*rootFolder) 42 | if err != nil { 43 | log.Fatalf("failed to loop directory %s: %s", *rootFolder, err) 44 | } 45 | outputMatrix.Store(*outputFile) 46 | } 47 | -------------------------------------------------------------------------------- /images/aarch64/ubuntu/6.5/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | ARG VERSION=6.5.0-1024-aws 4 | ARG CMAKE_VERSION 5 | 6 | # Use bash for all RUN steps with some safety options enabled. 7 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 8 | 9 | WORKDIR /home/ubuntu 10 | 11 | RUN apt-get update && apt-get install -y \ 12 | build-essential \ 13 | clang \ 14 | curl \ 15 | dbus \ 16 | git \ 17 | iproute2 \ 18 | iputils-ping \ 19 | kmod \ 20 | libcap-dev \ 21 | libelf-dev \ 22 | linux-headers-${VERSION} \ 23 | linux-tools-${VERSION} \ 24 | llvm \ 25 | net-tools \ 26 | openssh-server \ 27 | rng-tools \ 28 | rsync \ 29 | sudo \ 30 | systemd \ 31 | udev \ 32 | wget && \ 33 | apt-get clean && \ 34 | rm -rf /var/lib/apt/lists/* && \ 35 | CMAKE_ARCH="aarch64" && \ 36 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 37 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 38 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 39 | sed -ie '/^ConditionVirtualization.*/d' /lib/systemd/system/systemd-timesyncd.service && \ 40 | echo "" > /etc/machine-id && echo "" > /var/lib/dbus/machine-id && \ 41 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 42 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 43 | echo "root:root" | chpasswd 44 | -------------------------------------------------------------------------------- /images/x86_64/archlinux/5.18/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM archlinux/archlinux:base-20220807.0.72894 2 | 3 | ARG CMAKE_VERSION 4 | 5 | # Use bash for all RUN steps with some safety options enabled. 6 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 7 | 8 | WORKDIR /home/ubuntu 9 | 10 | RUN printf 'SigLevel = Never\nServer=https://archive.archlinux.org/repos/2022/08/04/$repo/os/$arch' > /etc/pacman.d/mirrorlist && \ 11 | pacman -Syyu --noconfirm && \ 12 | pacman -S --noconfirm \ 13 | clang \ 14 | gcc \ 15 | git \ 16 | libcap \ 17 | linux-headers \ 18 | llvm \ 19 | make \ 20 | openssh \ 21 | python \ 22 | rsync \ 23 | wget && \ 24 | pacman -Scc --noconfirm && \ 25 | CMAKE_ARCH="x86_64" && \ 26 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 27 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 28 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 29 | ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime && \ 30 | echo 'LANG=en_US.UTF-8' > /etc/locale.gen && \ 31 | locale-gen && \ 32 | echo 'LANG=en_US.UTF-8' > /etc/locale.conf && \ 33 | echo 'archlinux' > /etc/hostname && \ 34 | systemctl enable sshd && \ 35 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 36 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 37 | echo "root:root" | chpasswd 38 | -------------------------------------------------------------------------------- /images/x86_64/archlinux/6.0/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM archlinux/archlinux:base-20221211.0.109768 2 | 3 | ARG CMAKE_VERSION 4 | 5 | # Use bash for all RUN steps with some safety options enabled. 6 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 7 | 8 | WORKDIR /home/ubuntu 9 | 10 | RUN printf 'SigLevel = Never\nServer=https://archive.archlinux.org/repos/2022/12/11/$repo/os/$arch' > /etc/pacman.d/mirrorlist && \ 11 | pacman -Syyu --noconfirm && \ 12 | pacman -S --noconfirm \ 13 | clang \ 14 | gcc \ 15 | git \ 16 | libcap \ 17 | linux-headers \ 18 | llvm \ 19 | make \ 20 | openssh \ 21 | python \ 22 | rsync \ 23 | wget && \ 24 | pacman -Scc --noconfirm && \ 25 | CMAKE_ARCH="x86_64" && \ 26 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 27 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 28 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 29 | ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime && \ 30 | echo 'LANG=en_US.UTF-8' > /etc/locale.gen && \ 31 | locale-gen && \ 32 | echo 'LANG=en_US.UTF-8' > /etc/locale.conf && \ 33 | echo 'archlinux' > /etc/hostname && \ 34 | systemctl enable sshd && \ 35 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 36 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 37 | echo "root:root" | chpasswd 38 | -------------------------------------------------------------------------------- /images/x86_64/archlinux/6.7/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM archlinux/archlinux:base-20240124.0.209208 2 | 3 | ARG CMAKE_VERSION 4 | 5 | # Use bash for all RUN steps with some safety options enabled. 6 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 7 | 8 | WORKDIR /home/ubuntu 9 | 10 | RUN printf 'SigLevel = Never\nServer=https://archive.archlinux.org/repos/2024/01/24/$repo/os/$arch' > /etc/pacman.d/mirrorlist && \ 11 | pacman -Syyu --noconfirm && \ 12 | pacman -S --noconfirm \ 13 | clang \ 14 | gcc \ 15 | git \ 16 | libcap \ 17 | linux-headers \ 18 | llvm \ 19 | make \ 20 | openssh \ 21 | python \ 22 | rsync \ 23 | wget && \ 24 | pacman -Scc --noconfirm && \ 25 | CMAKE_ARCH="x86_64" && \ 26 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 27 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 28 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 29 | ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime && \ 30 | echo 'LANG=en_US.UTF-8' > /etc/locale.gen && \ 31 | locale-gen && \ 32 | echo 'LANG=en_US.UTF-8' > /etc/locale.conf && \ 33 | echo 'archlinux' > /etc/hostname && \ 34 | systemctl enable sshd && \ 35 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 36 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 37 | echo "root:root" | chpasswd 38 | -------------------------------------------------------------------------------- /images/x86_64/centos/5.14/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM quay.io/centos/centos:stream9 2 | 3 | ARG VERSION=5.14.0-648 4 | ARG APPSTR_URL='http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN dnf groupinstall -y 'Development Tools' && \ 11 | dnf install -y --allowerasing \ 12 | clang \ 13 | curl \ 14 | git \ 15 | iproute \ 16 | libcap-devel \ 17 | llvm \ 18 | openssh-server \ 19 | rsync \ 20 | systemd && \ 21 | curl -Lo headers.rpm ${APPSTR_URL}/kernel-devel-${VERSION}.el9.x86_64.rpm && \ 22 | dnf install -y ./*.rpm && \ 23 | rm -v ./*.rpm && \ 24 | CMAKE_ARCH="x86_64" && \ 25 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 26 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 27 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 28 | mkdir -p /lib/modules/${VERSION}.el9.x86_64/ && \ 29 | ln -s /usr/src/kernels/${VERSION}.el9.x86_64/ /lib/modules/${VERSION}.el9.x86_64/build && \ 30 | dnf clean all && \ 31 | rm -rf /var/cache/yum && \ 32 | mkdir -p /lib/modules/${VERSION}.fc38.x86_64 && \ 33 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 34 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 35 | echo "root:root" | chpasswd 36 | -------------------------------------------------------------------------------- /images/x86_64/fedora/5.8/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM fedora:33 2 | 3 | ARG VERSION=5.8.15-301 4 | ARG HVERSION=5.8.11-300 5 | ARG URL='https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/33/Everything/x86_64/os/Packages' 6 | ARG CMAKE_VERSION 7 | 8 | # Use bash for all RUN steps with some safety options enabled. 9 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 10 | 11 | RUN dnf groupinstall -y 'Development Tools' && \ 12 | dnf install -y \ 13 | clang \ 14 | iproute \ 15 | libcap-devel \ 16 | llvm \ 17 | openssh-server \ 18 | rsync \ 19 | systemd && \ 20 | curl -Lo sources.rpm ${URL}/k/kernel-devel-${VERSION}.fc33.x86_64.rpm && \ 21 | curl -Lo headers.rpm ${URL}/k/kernel-headers-${HVERSION}.fc33.x86_64.rpm && \ 22 | dnf install -y ./*.rpm && \ 23 | rm -v ./*.rpm && \ 24 | dnf clean all && \ 25 | rm -rf /var/cache/yum && \ 26 | CMAKE_ARCH="x86_64" && \ 27 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 28 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 29 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 30 | mkdir -p /lib/modules/${VERSION}.fc33.x86_64 && \ 31 | ln -s /usr/src/kernels/${VERSION}.fc33.x86_64/ /lib/modules/${VERSION}.fc33.x86_64/build && \ 32 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 33 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 34 | echo "root:root" | chpasswd 35 | -------------------------------------------------------------------------------- /images/x86_64/fedora/6.2/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM fedora:38 2 | 3 | ARG VERSION=6.2.9-300 4 | ARG HVERSION=6.2.6-300 5 | ARG URL='https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/38/Everything/x86_64/os/Packages' 6 | ARG CMAKE_VERSION 7 | 8 | # Use bash for all RUN steps with some safety options enabled. 9 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 10 | 11 | RUN dnf groupinstall -y 'Development Tools' && \ 12 | dnf install -y \ 13 | clang \ 14 | iproute \ 15 | libcap-devel \ 16 | llvm \ 17 | openssh-server \ 18 | rsync \ 19 | systemd && \ 20 | curl -Lo sources.rpm ${URL}/k/kernel-devel-${VERSION}.fc38.x86_64.rpm && \ 21 | curl -Lo headers.rpm ${URL}/k/kernel-headers-${HVERSION}.fc38.x86_64.rpm && \ 22 | dnf install -y ./*.rpm && \ 23 | rm -v ./*.rpm && \ 24 | dnf clean all && \ 25 | rm -rf /var/cache/yum && \ 26 | CMAKE_ARCH="x86_64" && \ 27 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 28 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 29 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 30 | mkdir -p /lib/modules/${VERSION}.fc38.x86_64 && \ 31 | ln -s /usr/src/kernels/${VERSION}.fc38.x86_64/ /lib/modules/${VERSION}.fc38.x86_64/build && \ 32 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 33 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 34 | echo "root:root" | chpasswd 35 | -------------------------------------------------------------------------------- /images/x86_64/fedora/5.17/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM fedora:36 2 | 3 | ARG VERSION=5.17.5-300 4 | ARG HVERSION=5.17.0-300 5 | ARG URL='https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/36/Everything/x86_64/os/Packages' 6 | ARG CMAKE_VERSION 7 | 8 | # Use bash for all RUN steps with some safety options enabled. 9 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 10 | 11 | RUN dnf groupinstall -y 'Development Tools' && \ 12 | dnf install -y \ 13 | clang \ 14 | iproute \ 15 | libcap-devel \ 16 | llvm \ 17 | openssh-server \ 18 | rsync \ 19 | systemd && \ 20 | curl -Lo sources.rpm ${URL}/k/kernel-devel-${VERSION}.fc36.x86_64.rpm && \ 21 | curl -Lo headers.rpm ${URL}/k/kernel-headers-${HVERSION}.fc36.x86_64.rpm && \ 22 | dnf install -y ./*.rpm && \ 23 | rm -v ./*.rpm && \ 24 | dnf clean all && \ 25 | rm -rf /var/cache/yum && \ 26 | CMAKE_ARCH="x86_64" && \ 27 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 28 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 29 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 30 | mkdir -p /lib/modules/${VERSION}.fc36.x86_64 && \ 31 | ln -s /usr/src/kernels/${VERSION}.fc36.x86_64/ /lib/modules/${VERSION}.fc36.x86_64/build && \ 32 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 33 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 34 | echo "root:root" | chpasswd 35 | -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/5.4/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM oraclelinux:8 2 | 3 | ARG VERSION=5.4.17-2136.320.7.1 4 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL8/UEKR6/x86_64/' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN yum install -y \ 11 | binutils-devel \ 12 | clang \ 13 | gcc \ 14 | git \ 15 | iproute \ 16 | kmod \ 17 | libcap-devel \ 18 | llvm \ 19 | make \ 20 | openssh-server \ 21 | rsync \ 22 | systemd \ 23 | tar && \ 24 | curl -Lo kernel.rpm ${URL}/getPackage/kernel-uek-${VERSION}.el8uek.x86_64.rpm && \ 25 | curl -Lo devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el8uek.x86_64.rpm && \ 26 | yum install -y ./*.rpm && \ 27 | rm -vf ./*.rpm && \ 28 | CMAKE_ARCH="x86_64" && \ 29 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 30 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 31 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 32 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 33 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 34 | echo "root:root" | chpasswd && \ 35 | mkdir -p /lib/modules/${VERSION}.el8uek.x86_64/ && \ 36 | ln -s /usr/src/kernels/${VERSION}.el8uek.x86_64/ /lib/modules/${VERSION}.el8uek.x86_64/build && \ 37 | yum clean all && \ 38 | rm -rf /var/cache/yum 39 | -------------------------------------------------------------------------------- /images/aarch64/fedora/6.2/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM fedora:38 2 | 3 | ARG VERSION=6.2.9-300 4 | ARG HVERSION=6.2.6-300 5 | ARG ARCHITECTURE=aarch64 6 | ARG URL='https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/38/Everything/aarch64/os/Packages' 7 | ARG CMAKE_VERSION 8 | 9 | # Use bash for all RUN steps with some safety options enabled. 10 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 11 | 12 | RUN dnf groupinstall -y 'Development Tools' && \ 13 | dnf install -y \ 14 | clang \ 15 | iproute \ 16 | libcap-devel \ 17 | llvm \ 18 | openssh-server \ 19 | rsync \ 20 | systemd && \ 21 | curl -Lo sources.rpm ${URL}/k/kernel-devel-${VERSION}.fc38.${ARCHITECTURE}.rpm && \ 22 | curl -Lo headers.rpm ${URL}/k/kernel-headers-${HVERSION}.fc38.${ARCHITECTURE}.rpm && \ 23 | dnf install -y ./*.rpm && \ 24 | rm -v ./*.rpm && \ 25 | dnf clean all && \ 26 | CMAKE_ARCH="aarch64" && \ 27 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 28 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 29 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 30 | mkdir -p /lib/modules/${VERSION}.fc38.${ARCHITECTURE} && \ 31 | ln -s /usr/src/kernels/${VERSION}.fc38.${ARCHITECTURE}/ /lib/modules/${VERSION}.fc38.${ARCHITECTURE}/build && \ 32 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 33 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 34 | echo "root:root" | chpasswd 35 | -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/5.15/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM oraclelinux:9 2 | 3 | ARG VERSION=5.15.0-8.91.4.1 4 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL9/UEKR7/x86_64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN yum install -y \ 11 | binutils-devel \ 12 | clang \ 13 | gcc \ 14 | git \ 15 | iproute \ 16 | kmod \ 17 | libcap-devel \ 18 | llvm \ 19 | make \ 20 | openssh-server \ 21 | rsync \ 22 | systemd \ 23 | tar && \ 24 | curl -Lo kernel.rpm ${URL}/getPackage/kernel-uek-core-${VERSION}.el9uek.x86_64.rpm && \ 25 | curl -Lo devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el9uek.x86_64.rpm && \ 26 | curl -Lo modules.rpm ${URL}/getPackage/kernel-uek-modules-${VERSION}.el9uek.x86_64.rpm && \ 27 | yum install -y ./*.rpm && \ 28 | rm -f ./*.rpm && \ 29 | CMAKE_ARCH="x86_64" && \ 30 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 31 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 32 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 33 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 34 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 35 | echo "root:root" | chpasswd && \ 36 | mkdir -p /lib/modules/${VERSION}.el9uek.x86_64/ && \ 37 | ln -s /usr/src/kernels/${VERSION}.el9uek.x86_64/ /lib/modules/${VERSION}.el9uek.x86_64/build && \ 38 | yum clean all && \ 39 | rm -rf /var/cache/yum 40 | -------------------------------------------------------------------------------- /images/aarch64/archlinux/4.14/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM lopsided/archlinux:latest 2 | 3 | ARG VERSION=4.14.15-1 4 | ARG URL='http://tardis.tiny-vps.com/aarm/packages' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | WORKDIR /home/ubuntu 11 | 12 | RUN pacman -Syyu --noconfirm && \ 13 | pacman -S --noconfirm \ 14 | clang \ 15 | gcc \ 16 | git \ 17 | libcap \ 18 | llvm \ 19 | make \ 20 | openssh \ 21 | python \ 22 | rsync \ 23 | systemd \ 24 | wget && \ 25 | CMAKE_ARCH="aarch64" && \ 26 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 27 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 28 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 29 | ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime && \ 30 | echo 'LANG=en_US.UTF-8' > /etc/locale.gen && \ 31 | locale-gen && \ 32 | echo 'LANG=en_US.UTF-8' > /etc/locale.conf && \ 33 | echo 'archlinux' > /etc/hostname && \ 34 | systemctl enable sshd && \ 35 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 36 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 37 | echo "root:root" | chpasswd && \ 38 | curl -Lo headers.tar.xz ${URL}/l/linux-aarch64-headers/linux-aarch64-headers-${VERSION}-aarch64.pkg.tar.xz && \ 39 | pacman -U --noconfirm ./headers.tar.xz && \ 40 | rm -v ./headers.tar.xz && \ 41 | ln -s /usr/lib/systemd/systemd /sbin/init && \ 42 | pacman -Scc --noconfirm || exit 0 43 | -------------------------------------------------------------------------------- /images/aarch64/oraclelinux/5.15/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM oraclelinux:9 2 | 3 | ARG VERSION=5.15.0-8.91.4.1 4 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL9/baseos/latest/aarch64' 5 | ARG ARCHITECTURE='aarch64' 6 | ARG CMAKE_VERSION 7 | 8 | # Use bash for all RUN steps with some safety options enabled. 9 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 10 | 11 | RUN yum install -y \ 12 | binutils-devel \ 13 | clang \ 14 | gcc \ 15 | git \ 16 | iproute \ 17 | kmod \ 18 | libcap-devel \ 19 | llvm \ 20 | make \ 21 | openssh-server \ 22 | rsync \ 23 | systemd \ 24 | tar && \ 25 | curl -L -o kernel.rpm ${URL}/getPackage/kernel-uek-core-${VERSION}.el9uek.${ARCHITECTURE}.rpm && \ 26 | curl -L -o devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el9uek.${ARCHITECTURE}.rpm && \ 27 | curl -L -o modules.rpm ${URL}/getPackage/kernel-uek-modules-${VERSION}.el9uek.${ARCHITECTURE}.rpm && \ 28 | yum install -y ./kernel.rpm ./devel.rpm ./modules.rpm && \ 29 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 30 | echo "root:root" | chpasswd && \ 31 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 32 | CMAKE_ARCH="aarch64" && \ 33 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 34 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 35 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 36 | mkdir -p /lib/modules/5.15.0-8.91.4.1.el9uek.${ARCHITECTURE}/ && \ 37 | ln -s /usr/src/kernels/5.15.0-8.91.4.1.el9uek.${ARCHITECTURE}/ /lib/modules/5.15.0-8.91.4.1.el9uek.${ARCHITECTURE}/build 38 | -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/3.10/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM oraclelinux:7 2 | 3 | ARG VERSION=3.10.0-1160.92.1.0.2 4 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL7/MODRHCK/x86_64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | COPY /dev.repo /etc/yum.repos.d/ 11 | 12 | RUN yum install -y \ 13 | binutils-devel \ 14 | gcc \ 15 | git \ 16 | iproute \ 17 | kmod \ 18 | libcap-devel \ 19 | make \ 20 | openssh-server \ 21 | rsync \ 22 | systemd \ 23 | tar && \ 24 | curl -Lo kernel.rpm ${URL}/getPackage/kernel-${VERSION}.el7.x86_64.rpm && \ 25 | curl -Lo devel.rpm ${URL}/getPackage/kernel-devel-${VERSION}.el7.x86_64.rpm && \ 26 | yum install -y ./*.rpm && \ 27 | rm -f ./*.rpm && \ 28 | CMAKE_ARCH="x86_64" && \ 29 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 30 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 31 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 32 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 33 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 34 | echo "root:root" | chpasswd && \ 35 | mkdir -p /lib/modules/${VERSION}.el7.x86_64/ && \ 36 | ln -s /usr/src/kernels/${VERSION}.el7.x86_64/ /lib/modules/${VERSION}.el7.x86_64/build && \ 37 | yum install -y oracle-softwarecollection-release-el7 && \ 38 | yum install -y llvm-toolset-7 && \ 39 | find /opt/rh/llvm-toolset-7/root/usr/bin/ ! -type d -exec ln -s {} /usr/bin \; && \ 40 | yum clean all && \ 41 | rm -rf /var/cache/yum 42 | -------------------------------------------------------------------------------- /images/x86_64/centos/3.10/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:centos7.9.2009 2 | 3 | ARG VERSION=3.10.0-1160 4 | ARG BASEOS_URL='https://vault.centos.org/centos/7.9.2009/os/x86_64/Packages' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | # Fix broken mirrors. 11 | RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \ 12 | sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \ 13 | sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo 14 | 15 | RUN yum group install -y "Development Tools" && \ 16 | yum install -y \ 17 | curl \ 18 | gcc \ 19 | git \ 20 | iproute \ 21 | libcap-devel \ 22 | libstdc++ \ 23 | make \ 24 | openssh-server \ 25 | rsync \ 26 | systemd \ 27 | tar && \ 28 | curl -Lo headers.rpm ${BASEOS_URL}/kernel-devel-${VERSION}.el7.x86_64.rpm && \ 29 | yum install -y ./headers.rpm && \ 30 | rm -f ./headers.rpm && \ 31 | CMAKE_ARCH="x86_64" && \ 32 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 33 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 34 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 35 | mkdir -p /lib/modules/${VERSION}.el7.x86_64/ && \ 36 | ln -s /usr/src/kernels/${VERSION}.el7.x86_64/ /lib/modules/${VERSION}.el7.x86_64/build && \ 37 | yum clean all && \ 38 | rm -rf /var/cache/yum && \ 39 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 40 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 41 | echo "root:root" | chpasswd 42 | -------------------------------------------------------------------------------- /images/aarch64/amazonlinux2022/5.15/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2022 2 | 3 | ARG VERSION=5.15.73-45.135 4 | ARG URL='https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors/latest/aarch64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN dnf groupinstall -y 'Development Tools' && \ 11 | dnf install -y \ 12 | binutils-devel \ 13 | chrony \ 14 | clang \ 15 | iproute \ 16 | kmod \ 17 | libcap-devel \ 18 | llvm \ 19 | make \ 20 | openssh-server \ 21 | rsync \ 22 | systemd && \ 23 | curl -sLO "$URL"/mirror.list && \ 24 | URL=$(cat mirror.list) && \ 25 | curl -sLO "${URL}"repodata/primary.xml.gz && \ 26 | gunzip primary.xml.gz && \ 27 | grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 28 | xargs -I@ curl -Lo headers.rpm ${URL}@ && \ 29 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 30 | xargs -I@ curl -Lo sources.rpm ${URL}@ && \ 31 | dnf install -y ./*.rpm && \ 32 | rm -f ./*.rpm && \ 33 | CMAKE_ARCH="aarch64" && \ 34 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 35 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 36 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 37 | mkdir -p /lib/modules/${VERSION}.amzn2022.aarch64/ && \ 38 | ln -s /usr/src/kernels/${VERSION}.amzn2022.aarch64/ /lib/modules/${VERSION}.amzn2022.aarch64/build && \ 39 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 40 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 41 | echo "root:root" | chpasswd 42 | -------------------------------------------------------------------------------- /images/x86_64/centos/4.18/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM quay.io/centos/centos:stream8 2 | 3 | ARG VERSION=4.18.0-552 4 | ARG BASEOS_URL='https://vault.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | # Fix broken mirrors. 11 | RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \ 12 | sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \ 13 | sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo 14 | 15 | RUN dnf groupinstall -y 'Development Tools' && \ 16 | dnf install -y --allowerasing \ 17 | clang \ 18 | curl \ 19 | git \ 20 | iproute \ 21 | libcap-devel \ 22 | llvm \ 23 | openssh-server \ 24 | rsync \ 25 | systemd && \ 26 | curl -Lo headers.rpm ${BASEOS_URL}/kernel-devel-${VERSION}.el8.x86_64.rpm && \ 27 | curl -Lo bpftool.rpm ${BASEOS_URL}/bpftool-${VERSION}.el8.x86_64.rpm && \ 28 | dnf install -y ./*.rpm && \ 29 | rm -v ./*.rpm && \ 30 | CMAKE_ARCH="x86_64" && \ 31 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 32 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 33 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 34 | mkdir -p /lib/modules/${VERSION}.el8.x86_64/ && \ 35 | ln -s /usr/src/kernels/${VERSION}.el8.x86_64/ /lib/modules/${VERSION}.el8.x86_64/build && \ 36 | dnf clean all && \ 37 | rm -rf /var/cache/yum && \ 38 | mkdir -p /lib/modules/${VERSION}.fc38.x86_64 && \ 39 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 40 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 41 | echo "root:root" | chpasswd 42 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2022/5.15/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2022 2 | 3 | ARG VERSION=5.15.73-45 4 | ARG URL='https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors/latest/x86_64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN dnf groupinstall -y 'Development Tools' && \ 11 | dnf install -y \ 12 | binutils-devel \ 13 | clang \ 14 | iproute \ 15 | kmod \ 16 | libcap-devel \ 17 | llvm \ 18 | make \ 19 | openssh-server \ 20 | rsync \ 21 | systemd && \ 22 | curl -sLO "$URL"/mirror.list && \ 23 | URL=$(cat mirror.list) && \ 24 | curl -sLO "${URL}"repodata/primary.xml.gz && \ 25 | gunzip primary.xml.gz && \ 26 | grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 27 | xargs -I@ curl -Lo headers.rpm ${URL}@ && \ 28 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 29 | xargs -I@ curl -Lo sources.rpm ${URL}@ && \ 30 | dnf install -y ./*.rpm && \ 31 | rm -vf ./*.rpm && \ 32 | dnf clean all && \ 33 | rm -rf /var/cache/yum && \ 34 | CMAKE_ARCH="x86_64" && \ 35 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 36 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 37 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 38 | mkdir -p /lib/modules/${VERSION}.135.amzn2022.x86_64/ && \ 39 | ln -s /usr/src/kernels/${VERSION}.135.amzn2022.x86_64/ /lib/modules/${VERSION}.135.amzn2022.x86_64/build && \ 40 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 41 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 42 | echo "root:root" | chpasswd 43 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2023/6.1/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2023 2 | 3 | ARG VERSION=6.1.34-58 4 | ARG URL='https://cdn.amazonlinux.com/al2023/core/mirrors/latest/x86_64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN dnf groupinstall -y 'Development Tools' && \ 11 | dnf install -y \ 12 | binutils-devel \ 13 | clang \ 14 | iproute \ 15 | kmod \ 16 | libcap-devel \ 17 | llvm \ 18 | make \ 19 | openssh-server \ 20 | rsync \ 21 | systemd && \ 22 | curl -sLO "$URL"/mirror.list && \ 23 | URL=$(cat mirror.list) && \ 24 | curl -sLO "${URL}"repodata/primary.xml.gz && \ 25 | gunzip primary.xml.gz && \ 26 | grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 27 | xargs -I@ curl -Lo headers.rpm ${URL}@ && \ 28 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 29 | xargs -I@ curl -Lo sources.rpm ${URL}@ && \ 30 | rpm -ivh --force --nodeps ./headers.rpm ./sources.rpm && \ 31 | rm -vf ./headers.rpm ./sources.rpm && \ 32 | dnf clean all && \ 33 | rm -rf /var/cache/yum && \ 34 | CMAKE_ARCH="x86_64" && \ 35 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 36 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 37 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 38 | mkdir -p /lib/modules/${VERSION}.102.amzn2023.x86_64/ && \ 39 | ln -s /usr/src/kernels/${VERSION}.102.amzn2023.x86_64/ /lib/modules/${VERSION}.102.amzn2023.x86_64/build && \ 40 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 41 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 42 | echo "root:root" | chpasswd 43 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/common/files/compute_tap_dev_map.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | calc_md5_hash() { 5 | RUN_ID="$1" 6 | VM_ID="$2" 7 | 8 | printf "%s" "${RUN_ID}-${VM_ID}" | md5sum | cut -d ' ' -f1 9 | } 10 | 11 | compute_tap() { 12 | RUN_ID="$1" 13 | VM_ID="$2" 14 | 15 | # Compute hash and get the first 12 characters. 16 | ID=$(calc_md5_hash "$RUN_ID" "$VM_ID" | cut -c1-12) 17 | 18 | # Add "tap" prefix. 19 | echo "tap$ID" 20 | } 21 | 22 | compute_addresses() { 23 | RUN_ID="$1" 24 | VM_ID="$2" 25 | 26 | hash=$(calc_md5_hash "$RUN_ID" "$VM_ID") 27 | 28 | # Convert last 4 hex chars to integer and mask to 14 bits. 29 | subnet_idx=$(( 0x${hash:28:4} & 0x3FFF )) 30 | 31 | # Compute the third and fourth octet (each /30 advances by 4 in the last octet). 32 | THIRD_OCTET=$(( subnet_idx / 64 )) 33 | FORTH_OCTET=$(( (subnet_idx % 64) * 4 )) 34 | HOST_IP="172.16.$THIRD_OCTET.$(( FORTH_OCTET + 1 ))" 35 | GUEST_IP="172.16.$THIRD_OCTET.$(( FORTH_OCTET + 2 ))" 36 | echo "$HOST_IP $GUEST_IP" 37 | } 38 | 39 | RUN_ID="$1" 40 | VM_IDS="$2" 41 | 42 | # Create arrays to pass to jq later. 43 | JQ_ARGS=() 44 | JQ_CODE="{}" 45 | 46 | for VM_ID in $VM_IDS; do 47 | read -r HOST_IP GUEST_IP <<< "$(compute_addresses "$RUN_ID" "$VM_ID")" 48 | TAP=$(compute_tap "$RUN_ID" "$VM_ID") 49 | 50 | SAFE_VM_ID="${VM_ID//[^a-zA-Z0-9_]/_}" 51 | 52 | # Prepare named jq args. 53 | JQ_ARGS+=( --arg "name_$SAFE_VM_ID" "$TAP" ) 54 | JQ_ARGS+=( --arg "host_ip_$SAFE_VM_ID" "$HOST_IP" ) 55 | JQ_ARGS+=( --arg "guest_ip_$SAFE_VM_ID" "$GUEST_IP" ) 56 | 57 | # Extend jq program. E.g.: .["1"] = {name: $name_1, host_ip: $host_ip_1, guest_ip: $guest_ip_1}. 58 | JQ_CODE+=" | .[\"$VM_ID\"] = {name: \$name_$SAFE_VM_ID, host_ip: \$host_ip_$SAFE_VM_ID, guest_ip: \$guest_ip_$SAFE_VM_ID}" 59 | done 60 | 61 | # Build the final JSON result. 62 | jq -n "${JQ_ARGS[@]}" "$JQ_CODE" -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/4.14/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM oraclelinux:7 2 | 3 | ARG VERSION=4.14.35-2047.526.2 4 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL7/UEKR5/x86_64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | COPY /dev.repo /etc/yum.repos.d/ 11 | 12 | RUN yum groupinstall -y 'Development Tools' && \ 13 | yum install -y \ 14 | binutils-devel \ 15 | elfutils-libelf-devel \ 16 | gcc \ 17 | git \ 18 | iproute \ 19 | kmod \ 20 | libcap-devel \ 21 | make \ 22 | openssh-server \ 23 | rsync \ 24 | systemd \ 25 | tar && \ 26 | curl -Lo kernel.rpm ${URL}/getPackage/kernel-uek-${VERSION}.el7uek.x86_64.rpm && \ 27 | curl -Lo devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el7uek.x86_64.rpm && \ 28 | curl -Lo libdtrace-devel.rpm ${URL}/getPackage/libdtrace-ctf-devel-1.1.0-2.el7.x86_64.rpm && \ 29 | curl -Lo libdtrace.rpm ${URL}/getPackage/libdtrace-ctf-1.1.0-2.el7.x86_64.rpm && \ 30 | yum install -y --skip-broken ./*.rpm && \ 31 | rm -vf ./*.rpm && \ 32 | CMAKE_ARCH="x86_64" && \ 33 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 34 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 35 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 36 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 37 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 38 | echo "root:root" | chpasswd && \ 39 | mkdir -p /lib/modules/${VERSION}.el7uek.x86_64/ && \ 40 | ln -s /usr/src/kernels/${VERSION}.el7uek.x86_64/ /lib/modules/${VERSION}.el7uek.x86_64/build && \ 41 | yum install -y oracle-softwarecollection-release-el7 && \ 42 | yum install -y llvm-toolset-7 && \ 43 | find /opt/rh/llvm-toolset-7/root/usr/bin/ ! -type d -exec ln -s {} /usr/bin \; && \ 44 | yum clean all && \ 45 | rm -rf /var/cache/yum 46 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2/4.19/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2 2 | 3 | ARG VERSION=4.19.84-33.70 4 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-ng/latest/x86_64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN yum install -y \ 11 | binutils-devel \ 12 | clang \ 13 | gcc10 \ 14 | gcc10-c++ \ 15 | git \ 16 | iproute \ 17 | kmod \ 18 | libcap-devel \ 19 | llvm \ 20 | make \ 21 | openssh-server \ 22 | rsync \ 23 | systemd \ 24 | tar && \ 25 | curl -sLO "$URL"/mirror.list && \ 26 | URL=$(cat mirror.list) && \ 27 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 28 | gunzip primary.xml.gz && \ 29 | grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 30 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 31 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 32 | xargs -I@ curl -Lo sources.rpm ${URL}/@ && \ 33 | yum install -y ./*.rpm && \ 34 | rm -v ./*.rpm && \ 35 | CMAKE_ARCH="x86_64" && \ 36 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 37 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 38 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 39 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 40 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 41 | echo "root:root" | chpasswd && \ 42 | mkdir -p /lib/modules/${VERSION}.amzn2.x86_64/ && \ 43 | ln -s /usr/src/kernels/${VERSION}.amzn2.x86_64/ /lib/modules/${VERSION}.amzn2.x86_64/build && \ 44 | rm -vf /usr/bin/gcc /usr/bin/g++ && \ 45 | update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc10-gcc 100 --slave /usr/bin/g++ g++ /usr/bin/gcc10-c++ && \ 46 | update-alternatives --auto gcc && \ 47 | yum clean all && \ 48 | rm -rf /var/cache/yum 49 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2/5.10/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2 2 | 3 | ARG VERSION=5.10.184-175.749 4 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.10/latest/x86_64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN yum install -y \ 11 | binutils-devel \ 12 | clang \ 13 | gcc10 \ 14 | gcc10-c++ \ 15 | git \ 16 | iproute \ 17 | kmod \ 18 | libcap-devel \ 19 | llvm \ 20 | make \ 21 | openssh-server \ 22 | rsync \ 23 | systemd \ 24 | tar && \ 25 | curl -sLO "$URL"/mirror.list && \ 26 | URL=$(cat mirror.list) && \ 27 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 28 | gunzip primary.xml.gz && \ 29 | grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 30 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 31 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 32 | xargs -I@ curl -Lo sources.rpm ${URL}/@ && \ 33 | yum install -y ./*.rpm && \ 34 | rm -v ./*.rpm && \ 35 | CMAKE_ARCH="x86_64" && \ 36 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 37 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 38 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 39 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 40 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 41 | echo "root:root" | chpasswd && \ 42 | mkdir -p /lib/modules/${VERSION}.amzn2.x86_64/ && \ 43 | ln -s /usr/src/kernels/${VERSION}.amzn2.x86_64/ /lib/modules/${VERSION}.amzn2.x86_64/build && \ 44 | rm -vf /usr/bin/gcc /usr/bin/g++ && \ 45 | update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc10-gcc 100 --slave /usr/bin/g++ g++ /usr/bin/gcc10-c++ && \ 46 | update-alternatives --auto gcc && \ 47 | yum clean all && \ 48 | rm -rf /var/cache/yum 49 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2/5.15/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2 2 | 3 | ARG VERSION=5.15.117-73.143 4 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.15/latest/x86_64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN yum install -y \ 11 | binutils-devel \ 12 | clang \ 13 | gcc10 \ 14 | gcc10-c++ \ 15 | git \ 16 | iproute \ 17 | kmod \ 18 | libcap-devel \ 19 | llvm \ 20 | make \ 21 | openssh-server \ 22 | rsync \ 23 | systemd \ 24 | tar && \ 25 | curl -sLO "$URL"/mirror.list && \ 26 | URL=$(cat mirror.list) && \ 27 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 28 | gunzip primary.xml.gz && \ 29 | grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 30 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 31 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 32 | xargs -I@ curl -Lo sources.rpm ${URL}/@ && \ 33 | yum install -y ./*.rpm && \ 34 | rm -v ./*.rpm && \ 35 | CMAKE_ARCH="x86_64" && \ 36 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 37 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 38 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 39 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 40 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 41 | echo "root:root" | chpasswd && \ 42 | mkdir -p /lib/modules/${VERSION}.amzn2.x86_64/ && \ 43 | ln -s /usr/src/kernels/${VERSION}.amzn2.x86_64/ /lib/modules/${VERSION}.amzn2.x86_64/build && \ 44 | rm -vf /usr/bin/gcc /usr/bin/g++ && \ 45 | update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc10-gcc 100 --slave /usr/bin/g++ g++ /usr/bin/gcc10-c++ && \ 46 | update-alternatives --auto gcc && \ 47 | yum clean all && \ 48 | rm -rf /var/cache/yum 49 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2/5.4/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2 2 | 3 | ARG VERSION=5.4.247-162.350 4 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.4/latest/x86_64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN yum install -y \ 11 | binutils-devel \ 12 | clang \ 13 | gcc10 \ 14 | gcc10-c++ \ 15 | git \ 16 | iproute \ 17 | kmod \ 18 | libcap-devel \ 19 | llvm \ 20 | make \ 21 | openssh-server \ 22 | rsync \ 23 | systemd \ 24 | tar && \ 25 | curl -sLO "$URL"/mirror.list && \ 26 | URL=$(cat mirror.list) && \ 27 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 28 | gunzip primary.xml.gz && \ 29 | grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 30 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 31 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 32 | xargs -I@ curl -Lo sources.rpm ${URL}/@ && \ 33 | yum install -y ./*.rpm && \ 34 | rm -v ./*.rpm && \ 35 | CMAKE_ARCH="x86_64" && \ 36 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 37 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 38 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 39 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 40 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 41 | echo "root:root" | chpasswd && \ 42 | mkdir -p /lib/modules/${VERSION}.amzn2.x86_64/ && \ 43 | ln -s /usr/src/kernels/${VERSION}.amzn2.x86_64/ /lib/modules/${VERSION}.amzn2.x86_64/build && \ 44 | rm -vf /usr/bin/gcc /usr/bin/g++ && \ 45 | update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc10-gcc 100 --slave /usr/bin/g++ g++ /usr/bin/gcc10-c++ && \ 46 | update-alternatives --auto gcc && \ 47 | yum clean all && \ 48 | rm -rf /var/cache/yum 49 | -------------------------------------------------------------------------------- /images/aarch64/amazonlinux2/5.4/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2 2 | 3 | ARG VERSION=5.4.247-162.350 4 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.4/latest/aarch64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | RUN yum install -y \ 11 | binutils-devel \ 12 | chrony \ 13 | clang \ 14 | gcc10 \ 15 | gcc10-c++ \ 16 | git \ 17 | iproute \ 18 | kmod \ 19 | libcap-devel \ 20 | llvm \ 21 | make \ 22 | openssh-server \ 23 | rsync \ 24 | systemd \ 25 | tar && \ 26 | curl -sLO "$URL"/mirror.list && \ 27 | URL=$(cat mirror.list) && \ 28 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 29 | gunzip primary.xml.gz && \ 30 | grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 31 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 32 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 33 | xargs -I@ curl -Lo sources.rpm ${URL}/@ && \ 34 | yum install -y ./*.rpm && \ 35 | rm -v ./*.rpm && \ 36 | CMAKE_ARCH="aarch64" && \ 37 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 38 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 39 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 40 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 41 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 42 | echo "root:root" | chpasswd && \ 43 | mkdir -p /lib/modules/${VERSION}.amzn2.aarch64/ && \ 44 | ln -s /usr/src/kernels/${VERSION}.amzn2.aarch64/ /lib/modules/${VERSION}.amzn2.aarch64/build && \ 45 | rm -vf /usr/bin/gcc /usr/bin/g++ && \ 46 | update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc10-gcc 100 --slave /usr/bin/g++ g++ /usr/bin/gcc10-c++ && \ 47 | update-alternatives --auto gcc && \ 48 | yum clean all && \ 49 | rm -rf /var/cache/yum 50 | -------------------------------------------------------------------------------- /images/builder/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | # TARGETARCH is automatically set by BuildKit (arm64 or amd64) 4 | ARG TARGETARCH 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | COPY /dhclient.service /usr/lib/systemd/system/ 11 | 12 | # Fix broken mirrors - centos:7 eol 13 | RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \ 14 | sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \ 15 | sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo 16 | 17 | RUN yum -y install centos-release-scl 18 | 19 | # fix broken mirrors (again) 20 | RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \ 21 | sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \ 22 | sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo && \ 23 | if [ "$TARGETARCH" != "amd64" ]; then \ 24 | sed -i 's|vault.centos.org/centos/7/sclo|vault.centos.org/altarch/7/sclo|g' /etc/yum.repos.d/CentOS-SCLo-scl*.repo; \ 25 | fi 26 | 27 | RUN yum install -y \ 28 | curl \ 29 | dhclient \ 30 | gcc \ 31 | git \ 32 | iproute \ 33 | libcap-devel \ 34 | libstdc++ \ 35 | m4 \ 36 | make \ 37 | openssh-server \ 38 | rpm-build \ 39 | rsync \ 40 | systemd \ 41 | tar \ 42 | wget \ 43 | sed \ 44 | devtoolset-9-gcc \ 45 | devtoolset-9-gcc-c++ 46 | 47 | RUN CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-$(uname -m)" && \ 48 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 49 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 50 | yum clean all && \ 51 | rm -rf /var/cache/yum /usr/man /usr/doc && \ 52 | systemctl enable dhclient && \ 53 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 54 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 55 | echo "root:root" | chpasswd 56 | -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/5.4/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.4.17-2136.320.7.1 2 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL8/UEKR6/x86_64/' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -L -o kernel.rpm ${URL}/getPackage/kernel-uek-${VERSION}.el8uek.${ARCHITECTURE}.rpm && \ 15 | curl -L -o devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el8uek.${ARCHITECTURE}.rpm && \ 16 | rpm2cpio kernel.rpm > kernel.cpio && \ 17 | rpm2cpio devel.rpm > devel.cpio && \ 18 | mkdir extracted && \ 19 | cd extracted && \ 20 | cpio -idmv < ../kernel.cpio && \ 21 | cpio -idmv < ../devel.cpio && \ 22 | find . -name '*.xz' -exec xz -d {} \; && \ 23 | cd .. && \ 24 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz') > extracted/vmlinux 25 | 26 | FROM oraclelinux:8 AS kmod-builder 27 | 28 | ARG VERSION 29 | ARG URL 30 | ARG ARCHITECTURE 31 | 32 | WORKDIR /home/ubuntu 33 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 34 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 35 | 36 | RUN yum groupinstall -y 'Development Tools' && \ 37 | yum install -y gcc && \ 38 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 39 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.4/drivers/virtio/virtio_mmio.c' && \ 40 | sed -ie 's/virtio-mmio/my-virtio-mmio/g' virtio_mmio.c && \ 41 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.el8uek.${ARCHITECTURE}/" make 42 | 43 | FROM initrd-builder:0.0.1 AS stage2 44 | 45 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 46 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 47 | RUN cd /home/ubuntu/extracted && \ 48 | /opt/initrd-builder/create.sh 49 | 50 | FROM scratch 51 | 52 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 53 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 54 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 55 | -------------------------------------------------------------------------------- /images/aarch64/amazonlinux2/5.4/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.4.247-162.350 2 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.4/latest/aarch64' 3 | 4 | FROM initrd-builder:0.0.1 AS stage1 5 | 6 | ARG VERSION 7 | ARG URL 8 | 9 | WORKDIR /home/ubuntu 10 | 11 | RUN touch .placeholder && \ 12 | curl -sLO "$URL"/mirror.list && \ 13 | URL=$(cat mirror.list) && \ 14 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 15 | gunzip primary.xml.gz && \ 16 | grep -E 'kernel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 17 | xargs -I@ curl -Lo kernel.rpm ${URL}/@ && \ 18 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 19 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 20 | rpm2cpio kernel.rpm > kernel.cpio && \ 21 | rpm2cpio headers.rpm > headers.cpio && \ 22 | mkdir extracted && \ 23 | cd extracted && \ 24 | cpio -idmv < ../kernel.cpio && \ 25 | cpio -idmv < ../headers.cpio && \ 26 | cd .. && \ 27 | find ./extracted/ -name 'vmlinuz-*' -exec cp -v {} extracted/vmlinux \; 28 | 29 | FROM amazonlinux:2 AS kmod-builder 30 | 31 | ARG VERSION 32 | ARG URL 33 | 34 | WORKDIR /home/ubuntu 35 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 36 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 37 | 38 | RUN yum groupinstall -y 'Development Tools' && \ 39 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 40 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.4/drivers/virtio/virtio_mmio.c' && \ 41 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.amzn2.aarch64/" make 42 | 43 | FROM initrd-builder:0.0.1 AS stage2 44 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 45 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 46 | RUN cd /home/ubuntu/extracted && \ 47 | /opt/initrd-builder/create.sh 48 | 49 | FROM scratch 50 | 51 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 52 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 53 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 54 | -------------------------------------------------------------------------------- /images/aarch64/oraclelinux/4.14/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM oraclelinux:7 2 | 3 | ARG VERSION=4.14.35-2047.527.2 4 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL7/latest/aarch64' 5 | ARG CMAKE_VERSION 6 | 7 | # Use bash for all RUN steps with some safety options enabled. 8 | SHELL ["/bin/bash", "-euo", "pipefail", "-c"] 9 | 10 | COPY /dev.repo /etc/yum.repos.d/ 11 | 12 | RUN yum groupinstall -y 'Development Tools' && \ 13 | yum install -y \ 14 | binutils-devel \ 15 | elfutils-libelf-devel \ 16 | git \ 17 | iproute \ 18 | kmod \ 19 | libcap-devel \ 20 | make \ 21 | openssh-server \ 22 | oracle-softwarecollection-release-el7 \ 23 | rsync \ 24 | systemd \ 25 | tar && \ 26 | yum install -y oracle-armtoolset-1 && \ 27 | curl -L -o kernel.rpm ${URL}/getPackage/kernel-uek-${VERSION}.el7uek.aarch64.rpm && \ 28 | curl -L -o devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el7uek.aarch64.rpm && \ 29 | curl -Lo libdtrace-devel.rpm ${URL}/getPackage/libdtrace-ctf-devel-1.1.0-2.el7.aarch64.rpm && \ 30 | curl -Lo libdtrace.rpm ${URL}/getPackage/libdtrace-ctf-1.1.0-2.el7.aarch64.rpm && \ 31 | yum install -y --skip-broken ./kernel.rpm ./devel.rpm ./libdtrace.rpm ./libdtrace-devel.rpm && \ 32 | echo 'source /opt/oracle/oracle-armtoolset-1/enable' >> /root/.bashrc && \ 33 | sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \ 34 | echo "root:root" | chpasswd && \ 35 | echo 'UseDNS no' >> /etc/ssh/sshd_config && \ 36 | CMAKE_ARCH="aarch64" && \ 37 | CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ 38 | curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ 39 | tar -C /usr --strip-components 1 "${CMAKE_RELEASE_NAME}/bin" "${CMAKE_RELEASE_NAME}/share" -xzpvf - && \ 40 | mkdir -p /lib/modules/${VERSION}.el7uek.aarch64/ && \ 41 | ln -s /usr/src/kernels/${VERSION}.el7uek.aarch64/ /lib/modules/${VERSION}.el7uek.aarch64/build && \ 42 | yum clean all && \ 43 | rm -rf /var/cache/yum 44 | -------------------------------------------------------------------------------- /images/aarch64/amazonlinux2022/5.15/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.15.73-45.135 2 | ARG URL='https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors/latest/aarch64' 3 | 4 | FROM initrd-builder:0.0.1 AS stage1 5 | 6 | ARG VERSION 7 | ARG URL 8 | 9 | WORKDIR /home/ubuntu 10 | 11 | RUN touch .placeholder && \ 12 | curl -sLO "$URL"/mirror.list && \ 13 | URL=$(cat mirror.list) && \ 14 | curl -sLO "${URL}"repodata/primary.xml.gz && \ 15 | gunzip primary.xml.gz && \ 16 | grep -E 'kernel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 17 | xargs -I@ curl -Lo kernel.rpm ${URL}@ && \ 18 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 19 | xargs -I@ curl -Lo headers.rpm ${URL}@ && \ 20 | rpm2cpio kernel.rpm > kernel.cpio && \ 21 | rpm2cpio headers.rpm > headers.cpio && \ 22 | mkdir extracted && \ 23 | cd extracted && \ 24 | cpio -idmv < ../kernel.cpio && \ 25 | cpio -idmv < ../headers.cpio && \ 26 | cd .. && \ 27 | find ./extracted/lib/modules -name vmlinuz -exec cp -v {} extracted/vmlinux.gz \; && \ 28 | gunzip extracted/vmlinux.gz 29 | 30 | FROM amazonlinux:2023 AS kmod-builder 31 | 32 | ARG VERSION 33 | ARG URL 34 | 35 | WORKDIR /home/ubuntu 36 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 37 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 38 | 39 | RUN dnf groupinstall -y 'Development Tools' && \ 40 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 41 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.15/drivers/virtio/virtio_mmio.c' && \ 42 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.amzn2022.aarch64/" make 43 | 44 | FROM initrd-builder:0.0.1 AS stage2 45 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 46 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 47 | RUN cd /home/ubuntu/extracted && \ 48 | /opt/initrd-builder/create.sh 49 | 50 | FROM scratch 51 | 52 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 53 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 54 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 55 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2/4.19/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=4.19.84-33.70 2 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-ng/latest/x86_64' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -sLO "$URL"/mirror.list && \ 15 | URL=$(cat mirror.list) && \ 16 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 17 | gunzip primary.xml.gz && \ 18 | grep -E 'kernel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 19 | xargs -I@ curl -Lo kernel.rpm ${URL}/@ && \ 20 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 21 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 22 | rpm2cpio kernel.rpm > kernel.cpio && \ 23 | rpm2cpio headers.rpm > headers.cpio && \ 24 | mkdir extracted && \ 25 | cd extracted && \ 26 | cpio -idmv < ../kernel.cpio && \ 27 | cpio -idmv < ../headers.cpio && \ 28 | cd .. && \ 29 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux 30 | 31 | FROM amazonlinux:2 AS kmod-builder 32 | 33 | ARG VERSION 34 | ARG URL 35 | ARG ARCHITECTURE 36 | 37 | WORKDIR /home/ubuntu 38 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 39 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 40 | 41 | RUN yum groupinstall -y 'Development Tools' && \ 42 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 43 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v4.19/drivers/virtio/virtio_mmio.c' && \ 44 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.amzn2.${ARCHITECTURE}/" make 45 | 46 | FROM initrd-builder:0.0.1 AS stage2 47 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 48 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 49 | RUN cd /home/ubuntu/extracted && \ 50 | /opt/initrd-builder/create.sh 51 | 52 | FROM scratch 53 | 54 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 55 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 56 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 57 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2/5.4/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.4.247-162.350 2 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.4/latest/x86_64' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -sLO "$URL"/mirror.list && \ 15 | URL=$(cat mirror.list) && \ 16 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 17 | gunzip primary.xml.gz && \ 18 | grep -E 'kernel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 19 | xargs -I@ curl -Lo kernel.rpm ${URL}/@ && \ 20 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 21 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 22 | rpm2cpio kernel.rpm > kernel.cpio && \ 23 | rpm2cpio headers.rpm > headers.cpio && \ 24 | mkdir extracted && \ 25 | cd extracted && \ 26 | cpio -idmv < ../kernel.cpio && \ 27 | cpio -idmv < ../headers.cpio && \ 28 | cd .. && \ 29 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux 30 | 31 | FROM amazonlinux:2 AS kmod-builder 32 | 33 | ARG VERSION 34 | ARG URL 35 | ARG ARCHITECTURE 36 | 37 | WORKDIR /home/ubuntu 38 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 39 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 40 | 41 | RUN yum groupinstall -y 'Development Tools' && \ 42 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 43 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.4/drivers/virtio/virtio_mmio.c' && \ 44 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.amzn2.${ARCHITECTURE}/" make 45 | 46 | FROM initrd-builder:0.0.1 AS stage2 47 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 48 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 49 | RUN cd /home/ubuntu/extracted && \ 50 | /opt/initrd-builder/create.sh 51 | 52 | FROM scratch 53 | 54 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 55 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 56 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 57 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2023/6.1/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=6.1.34-58.102 2 | ARG URL='https://cdn.amazonlinux.com/al2023/core/mirrors/latest/x86_64' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -sLO "$URL"/mirror.list && \ 15 | URL=$(cat mirror.list) && \ 16 | curl -sLO "${URL}"repodata/primary.xml.gz && \ 17 | gunzip primary.xml.gz && \ 18 | grep -E 'kernel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 19 | xargs -I@ curl -Lo kernel.rpm ${URL}@ && \ 20 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 21 | xargs -I@ curl -Lo headers.rpm "${URL}@" && \ 22 | rpm2cpio kernel.rpm > kernel.cpio && \ 23 | rpm2cpio headers.rpm > headers.cpio && \ 24 | mkdir extracted && \ 25 | cd extracted && \ 26 | cpio -idmv < ../kernel.cpio && \ 27 | cpio -idmv < ../headers.cpio && \ 28 | cd .. && \ 29 | extract-vmlinux $(find ./extracted/lib/modules -name vmlinuz) > extracted/vmlinux 30 | 31 | FROM amazonlinux:2023 AS kmod-builder 32 | 33 | ARG VERSION 34 | ARG URL 35 | ARG ARCHITECTURE 36 | 37 | WORKDIR /home/ubuntu 38 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 39 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 40 | 41 | RUN dnf groupinstall -y 'Development Tools' && \ 42 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 43 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v6.1/drivers/virtio/virtio_mmio.c' && \ 44 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.amzn2023.${ARCHITECTURE}/" make 45 | 46 | FROM initrd-builder:0.0.1 AS stage2 47 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 48 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 49 | RUN cd /home/ubuntu/extracted && \ 50 | /opt/initrd-builder/create.sh 51 | 52 | FROM scratch 53 | 54 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 55 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 56 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 57 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2/5.10/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.10.184-175.749 2 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.10/latest/x86_64' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -sLO "$URL"/mirror.list && \ 15 | URL=$(cat mirror.list) && \ 16 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 17 | gunzip primary.xml.gz && \ 18 | grep -E 'kernel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 19 | xargs -I@ curl -Lo kernel.rpm ${URL}/@ && \ 20 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 21 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 22 | rpm2cpio kernel.rpm > kernel.cpio && \ 23 | rpm2cpio headers.rpm > headers.cpio && \ 24 | mkdir extracted && \ 25 | cd extracted && \ 26 | cpio -idmv < ../kernel.cpio && \ 27 | cpio -idmv < ../headers.cpio && \ 28 | cd .. && \ 29 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux 30 | 31 | FROM amazonlinux:2 AS kmod-builder 32 | 33 | ARG VERSION 34 | ARG URL 35 | ARG ARCHITECTURE 36 | 37 | WORKDIR /home/ubuntu 38 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 39 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 40 | 41 | RUN yum groupinstall -y 'Development Tools' && \ 42 | yum install -y gcc10 && \ 43 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 44 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.10/drivers/virtio/virtio_mmio.c' && \ 45 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.amzn2.${ARCHITECTURE}/" make 46 | 47 | FROM initrd-builder:0.0.1 AS stage2 48 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 49 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 50 | RUN cd /home/ubuntu/extracted && \ 51 | /opt/initrd-builder/create.sh 52 | 53 | FROM scratch 54 | 55 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 56 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 57 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 58 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2/5.15/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.15.117-73.143 2 | ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.15/latest/x86_64' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -sLO "$URL"/mirror.list && \ 15 | URL=$(cat mirror.list) && \ 16 | curl -sLO "${URL}"/repodata/primary.xml.gz && \ 17 | gunzip primary.xml.gz && \ 18 | grep -E 'kernel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 19 | xargs -I@ curl -Lo kernel.rpm ${URL}/@ && \ 20 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 21 | xargs -I@ curl -Lo headers.rpm ${URL}/@ && \ 22 | rpm2cpio kernel.rpm > kernel.cpio && \ 23 | rpm2cpio headers.rpm > headers.cpio && \ 24 | mkdir extracted && \ 25 | cd extracted && \ 26 | cpio -idmv < ../kernel.cpio && \ 27 | cpio -idmv < ../headers.cpio && \ 28 | cd .. && \ 29 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux 30 | 31 | FROM amazonlinux:2 AS kmod-builder 32 | 33 | ARG VERSION 34 | ARG URL 35 | ARG ARCHITECTURE 36 | 37 | WORKDIR /home/ubuntu 38 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 39 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 40 | 41 | RUN yum groupinstall -y 'Development Tools' && \ 42 | yum install -y gcc10 && \ 43 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 44 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.15/drivers/virtio/virtio_mmio.c' && \ 45 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.amzn2.${ARCHITECTURE}/" make 46 | 47 | FROM initrd-builder:0.0.1 AS stage2 48 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 49 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 50 | RUN cd /home/ubuntu/extracted && \ 51 | /opt/initrd-builder/create.sh 52 | 53 | FROM scratch 54 | 55 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 56 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 57 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 58 | -------------------------------------------------------------------------------- /images/x86_64/amazonlinux2022/5.15/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.15.73-45.135 2 | ARG URL='https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors/latest/x86_64' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -sLO "$URL"/mirror.list && \ 15 | URL=$(cat mirror.list) && \ 16 | curl -sLO "${URL}"repodata/primary.xml.gz && \ 17 | gunzip primary.xml.gz && \ 18 | grep -E 'kernel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 19 | xargs -I@ curl -Lo kernel.rpm ${URL}@ && \ 20 | grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\" -f2 | \ 21 | xargs -I@ curl -Lo headers.rpm "${URL}@" && \ 22 | rpm2cpio kernel.rpm > kernel.cpio && \ 23 | rpm2cpio headers.rpm > headers.cpio && \ 24 | mkdir extracted && \ 25 | cd extracted && \ 26 | cpio -idmv < ../kernel.cpio && \ 27 | cpio -idmv < ../headers.cpio && \ 28 | cd .. && \ 29 | extract-vmlinux $(find ./extracted/lib/modules -name vmlinuz) > extracted/vmlinux 30 | 31 | FROM amazonlinux:2023 AS kmod-builder 32 | 33 | ARG VERSION 34 | ARG URL 35 | ARG ARCHITECTURE 36 | 37 | WORKDIR /home/ubuntu 38 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 39 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 40 | 41 | RUN dnf groupinstall -y 'Development Tools' && \ 42 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 43 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.15/drivers/virtio/virtio_mmio.c' && \ 44 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.amzn2022.${ARCHITECTURE}/" make 45 | 46 | FROM initrd-builder:0.0.1 AS stage2 47 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 48 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 49 | RUN cd /home/ubuntu/extracted && \ 50 | /opt/initrd-builder/create.sh 51 | 52 | FROM scratch 53 | 54 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 55 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 56 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 57 | -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/5.15/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.15.0-8.91.4.1 2 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL9/UEKR7/x86_64' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -L -o kernel.rpm ${URL}/getPackage/kernel-uek-core-${VERSION}.el9uek.${ARCHITECTURE}.rpm && \ 15 | curl -L -o devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el9uek.${ARCHITECTURE}.rpm && \ 16 | curl -L -o modules.rpm ${URL}/getPackage/kernel-uek-modules-${VERSION}.el9uek.${ARCHITECTURE}.rpm && \ 17 | rpm2cpio kernel.rpm > kernel.cpio && \ 18 | rpm2cpio devel.rpm > devel.cpio && \ 19 | rpm2cpio modules.rpm > modules.cpio && \ 20 | mkdir extracted && \ 21 | cd extracted && \ 22 | cpio -idmv < ../kernel.cpio && \ 23 | cpio -idmv < ../devel.cpio && \ 24 | cpio -idmv < ../modules.cpio && \ 25 | find . -name '*.xz' -exec xz -d {} \; && \ 26 | cd .. && \ 27 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz') > extracted/vmlinux 28 | 29 | FROM oraclelinux:9 AS kmod-builder 30 | 31 | ARG VERSION 32 | ARG URL 33 | ARG ARCHITECTURE 34 | 35 | WORKDIR /home/ubuntu 36 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 37 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 38 | 39 | RUN yum groupinstall -y 'Development Tools' && \ 40 | yum install -y gcc && \ 41 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 42 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.15/drivers/virtio/virtio_mmio.c' && \ 43 | sed -ie 's/virtio-mmio/my-virtio-mmio/g' virtio_mmio.c && \ 44 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.el9uek.${ARCHITECTURE}/" make 45 | 46 | FROM initrd-builder:0.0.1 AS stage2 47 | 48 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 49 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 50 | RUN cd /home/ubuntu/extracted && \ 51 | /opt/initrd-builder/create.sh 52 | 53 | FROM scratch 54 | 55 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 56 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 57 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 58 | -------------------------------------------------------------------------------- /.github/workflows/reusable_build_images.yml: -------------------------------------------------------------------------------- 1 | name: Build and Push docker images 2 | on: 3 | workflow_call: 4 | inputs: 5 | version: 6 | description: 'docker images version to be built/tagged' 7 | type: string 8 | required: false 9 | default: 'main' 10 | push: 11 | description: 'whether to push images or build only' 12 | type: boolean 13 | required: false 14 | default: false 15 | is_latest: 16 | description: 'whether we need to also push latest images' 17 | type: boolean 18 | required: false 19 | default: false 20 | 21 | jobs: 22 | # Job responsible to test the build of the images and, only on main CI, to push them too. 23 | build-images: 24 | strategy: 25 | fail-fast: false 26 | matrix: 27 | arch: [amd64, arm64] 28 | runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }} 29 | steps: 30 | - name: Checkout repo 31 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 32 | 33 | - name: Login to Github Packages 34 | if: inputs.push 35 | uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 36 | with: 37 | registry: ghcr.io 38 | username: ${{ github.actor }} 39 | password: ${{ secrets.GITHUB_TOKEN }} 40 | 41 | - name: Set PUSH env var 42 | if: inputs.push 43 | run: | 44 | echo "PUSH=true" >> $GITHUB_ENV 45 | 46 | - name: Set LATEST env var 47 | if: inputs.is_latest 48 | run: | 49 | echo "LATEST=true" >> $GITHUB_ENV 50 | 51 | - name: Set TAG env var 52 | run: | 53 | echo "TAG=${{ inputs.version }}" >> $GITHUB_ENV 54 | 55 | - name: Set CLEANUP env var (CI only, because of limited disk space) 56 | run: | 57 | echo "CLEANUP=true" >> $GITHUB_ENV 58 | 59 | - name: Build images 60 | working-directory: ./images 61 | run: | 62 | touch failed.txt 63 | make build-all 64 | 65 | - name: Check failures 66 | working-directory: ./images 67 | run: | 68 | if [ -s failed.txt ]; then 69 | cat failed.txt 70 | exit 1; 71 | fi 72 | -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/3.10/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=3.10.0-1160.92.1.0.2 2 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL7/MODRHCK/x86_64' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -L -o kernel.rpm ${URL}/getPackage/kernel-${VERSION}.el7.${ARCHITECTURE}.rpm && \ 15 | curl -L -o devel.rpm ${URL}/getPackage/kernel-devel-${VERSION}.el7.${ARCHITECTURE}.rpm && \ 16 | rpm2cpio kernel.rpm > kernel.cpio && \ 17 | rpm2cpio devel.rpm > devel.cpio && \ 18 | mkdir extracted && \ 19 | cd extracted && \ 20 | cpio -idmv < ../kernel.cpio && \ 21 | cpio -idmv < ../devel.cpio && \ 22 | find . -name '*.xz' -exec xz -d {} \; && \ 23 | cd .. && \ 24 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux 25 | 26 | FROM oraclelinux:7 AS kmod-builder 27 | 28 | ARG VERSION 29 | ARG URL 30 | ARG ARCHITECTURE 31 | 32 | WORKDIR /home/ubuntu 33 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 34 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 35 | 36 | RUN yum groupinstall -y 'Development Tools' && \ 37 | yum install -y gcc elfutils-libelf-devel && \ 38 | mkdir src && \ 39 | cd src && \ 40 | curl -Lo source.rpm 'https://oss.oracle.com/ol7/SRPMS-updates/kernel-'${VERSION}'.el7.src.rpm' && \ 41 | rpm2cpio source.rpm > source.cpio && \ 42 | cpio -idmv < ./source.cpio && \ 43 | tar -xaf linux-3.10.*.tar.xz && \ 44 | cd .. && \ 45 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 46 | find src -name virtio_mmio.c -exec cp -v {} . \; && \ 47 | sed -ie 's/virtio-mmio/my-virtio-mmio/g' virtio_mmio.c && \ 48 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.el7.${ARCHITECTURE}/" make 49 | 50 | FROM initrd-builder:0.0.1 AS stage2 51 | 52 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 53 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 54 | RUN cd /home/ubuntu/extracted && \ 55 | /opt/initrd-builder/create.sh 56 | 57 | FROM scratch 58 | 59 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 60 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 61 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 62 | -------------------------------------------------------------------------------- /images/x86_64/fedora/5.17/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.17.5-300 2 | ARG HVERSION=5.17.0-300 3 | ARG URL='https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/36/Everything/x86_64/os/Packages/k/' 4 | ARG ARCHITECTURE=x86_64 5 | 6 | FROM initrd-builder:0.0.1 AS stage1 7 | 8 | ARG VERSION 9 | ARG HVERSION 10 | ARG URL 11 | ARG ARCHITECTURE 12 | 13 | WORKDIR /home/ubuntu 14 | 15 | RUN touch .placeholder && \ 16 | curl -Lo kernel.rpm ${URL}kernel-core-${VERSION}.fc36.${ARCHITECTURE}.rpm && \ 17 | curl -Lo headers.rpm ${URL}kernel-headers-${HVERSION}.fc36.${ARCHITECTURE}.rpm && \ 18 | curl -Lo modules.rpm ${URL}kernel-modules-${VERSION}.fc36.${ARCHITECTURE}.rpm && \ 19 | curl -Lo sources.rpm ${URL}kernel-devel-${VERSION}.fc36.${ARCHITECTURE}.rpm && \ 20 | rpm2cpio kernel.rpm > kernel.cpio && \ 21 | rpm2cpio headers.rpm > headers.cpio && \ 22 | rpm2cpio modules.rpm > modules.cpio && \ 23 | rpm2cpio sources.rpm > sources.cpio && \ 24 | mkdir extracted && \ 25 | cd extracted && \ 26 | cpio -idmv < ../kernel.cpio && \ 27 | cpio -idmv < ../headers.cpio && \ 28 | cpio -idmv < ../modules.cpio && \ 29 | cpio -idmv < ../sources.cpio && \ 30 | find . -name '*.xz' -exec xz -d {} \; && \ 31 | extract-vmlinux $(find lib/modules -name vmlinuz) > /home/ubuntu/extracted/vmlinux 32 | 33 | FROM fedora:36 AS kmod-builder 34 | 35 | ARG VERSION 36 | ARG HVERSION 37 | ARG URL 38 | ARG ARCHITECTURE 39 | 40 | WORKDIR /home/ubuntu 41 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 42 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 43 | 44 | RUN dnf groupinstall -y 'Development Tools' && \ 45 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 46 | curl -LO 'https://gitlab.com/cki-project/kernel-ark/-/raw/fedora-5.17/drivers/virtio/virtio_mmio.c' && \ 47 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.fc36.${ARCHITECTURE}/" make 48 | 49 | 50 | FROM initrd-builder:0.0.1 AS stage2 51 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 52 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 53 | RUN cd /home/ubuntu/extracted && \ 54 | /opt/initrd-builder/create.sh 55 | 56 | FROM scratch 57 | 58 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 59 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 60 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 61 | -------------------------------------------------------------------------------- /images/aarch64/oraclelinux/5.15/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.15.0-8.91.4.1 2 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL9/baseos/latest/aarch64' 3 | ARG ARCHITECTURE='aarch64' 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG ARCHITECTURE 9 | ARG URL 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -L -o kernel.rpm ${URL}/getPackage/kernel-uek-core-${VERSION}.el9uek.${ARCHITECTURE}.rpm && \ 15 | curl -L -o devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el9uek.${ARCHITECTURE}.rpm && \ 16 | curl -L -o modules.rpm ${URL}/getPackage/kernel-uek-modules-${VERSION}.el9uek.${ARCHITECTURE}.rpm && \ 17 | rpm2cpio kernel.rpm > kernel.cpio && \ 18 | rpm2cpio devel.rpm > devel.cpio && \ 19 | rpm2cpio modules.rpm > modules.cpio && \ 20 | mkdir extracted && \ 21 | cd extracted && \ 22 | cpio -idmv < ../kernel.cpio && \ 23 | cpio -idmv < ../devel.cpio && \ 24 | cpio -idmv < ../modules.cpio && \ 25 | find . -name '*.xz' -exec xz -d {} \; && \ 26 | cd .. && \ 27 | find ./extracted/ -name 'vmlinuz*' -exec cp -v {} extracted/vmlinux \; 28 | 29 | FROM oraclelinux:9 AS kmod-builder 30 | 31 | ARG VERSION 32 | ARG ARCHITECTURE 33 | 34 | WORKDIR /home/ubuntu 35 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 36 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 37 | 38 | RUN yum groupinstall -y 'Development Tools' && \ 39 | yum install -y gcc && \ 40 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 41 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.15/drivers/virtio/virtio_mmio.c' && \ 42 | sed -ie 's/virtio-mmio/my-virtio-mmio/g' virtio_mmio.c && \ 43 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.el9uek.${ARCHITECTURE}/" make 44 | 45 | FROM initrd-builder:0.0.1 AS stage2 46 | 47 | #RUN mkdir -p /home/ubuntu/out 48 | 49 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 50 | #COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/out/test.ko 51 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 52 | RUN cd /home/ubuntu/extracted && \ 53 | /opt/initrd-builder/create.sh 54 | 55 | FROM scratch 56 | 57 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 58 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 59 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 60 | -------------------------------------------------------------------------------- /images/x86_64/oraclelinux/4.14/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=4.14.35-2047.526.2 2 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL7/UEKR5/x86_64' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -L -o kernel.rpm ${URL}/getPackage/kernel-uek-${VERSION}.el7uek.${ARCHITECTURE}.rpm && \ 15 | curl -L -o devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el7uek.${ARCHITECTURE}.rpm && \ 16 | rpm2cpio kernel.rpm > kernel.cpio && \ 17 | rpm2cpio devel.rpm > devel.cpio && \ 18 | mkdir extracted && \ 19 | cd extracted && \ 20 | cpio -idmv < ../kernel.cpio && \ 21 | cpio -idmv < ../devel.cpio && \ 22 | find . -name '*.xz' -exec xz -d {} \; && \ 23 | cd .. && \ 24 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux 25 | 26 | FROM oraclelinux:7 AS kmod-builder 27 | 28 | ARG VERSION 29 | ARG URL 30 | ARG ARCHITECTURE 31 | 32 | WORKDIR /home/ubuntu 33 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 34 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 35 | 36 | RUN yum groupinstall -y 'Development Tools' && \ 37 | yum install -y gcc elfutils-libelf-devel && \ 38 | curl -Lo libdtrace-devel.rpm ${URL}/getPackage/libdtrace-ctf-devel-1.1.0-2.el7.${ARCHITECTURE}.rpm && \ 39 | curl -Lo libdtrace.rpm ${URL}/getPackage/libdtrace-ctf-1.1.0-2.el7.${ARCHITECTURE}.rpm && \ 40 | yum install -y --skip-broken ./libdtrace.rpm ./libdtrace-devel.rpm && \ 41 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 42 | curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v4.14/drivers/virtio/virtio_mmio.c' && \ 43 | sed -ie 's/virtio-mmio/my-virtio-mmio/g' virtio_mmio.c && \ 44 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.el7uek.${ARCHITECTURE}/" make 45 | 46 | FROM initrd-builder:0.0.1 AS stage2 47 | 48 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 49 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 50 | RUN cd /home/ubuntu/extracted && \ 51 | /opt/initrd-builder/create.sh 52 | 53 | FROM scratch 54 | 55 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 56 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 57 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 58 | -------------------------------------------------------------------------------- /images/x86_64/fedora/5.8/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.8.15-301 2 | ARG HVERSION=5.8.11-300 3 | ARG URL='https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/33/Everything/x86_64/os/Packages/k/' 4 | ARG ARCHITECTURE=x86_64 5 | 6 | FROM initrd-builder:0.0.1 AS stage1 7 | 8 | ARG VERSION 9 | ARG HVERSION 10 | ARG URL 11 | ARG ARCHITECTURE 12 | 13 | WORKDIR /home/ubuntu 14 | 15 | RUN touch .placeholder && \ 16 | curl -Lo kernel.rpm ${URL}kernel-core-${VERSION}.fc33.${ARCHITECTURE}.rpm && \ 17 | curl -Lo headers.rpm ${URL}kernel-headers-${HVERSION}.fc33.${ARCHITECTURE}.rpm && \ 18 | curl -Lo modules.rpm ${URL}kernel-modules-${VERSION}.fc33.${ARCHITECTURE}.rpm && \ 19 | curl -Lo sources.rpm ${URL}kernel-devel-${VERSION}.fc33.${ARCHITECTURE}.rpm && \ 20 | rpm2cpio kernel.rpm > kernel.cpio && \ 21 | rpm2cpio headers.rpm > headers.cpio && \ 22 | rpm2cpio modules.rpm > modules.cpio && \ 23 | rpm2cpio sources.rpm > sources.cpio && \ 24 | mkdir extracted && \ 25 | cd extracted && \ 26 | cpio -idmv < ../kernel.cpio && \ 27 | cpio -idmv < ../headers.cpio && \ 28 | cpio -idmv < ../modules.cpio && \ 29 | cpio -idmv < ../sources.cpio && \ 30 | find . -name '*.xz' -exec xz -d {} \; && \ 31 | extract-vmlinux $(find lib/modules -name vmlinuz) > /home/ubuntu/extracted/vmlinux 32 | 33 | FROM fedora:33 AS kmod-builder 34 | 35 | ARG VERSION 36 | ARG HVERSION 37 | ARG URL 38 | ARG ARCHITECTURE 39 | 40 | WORKDIR /home/ubuntu 41 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 42 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 43 | 44 | RUN dnf groupinstall -y 'Development Tools' && \ 45 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 46 | curl -LO 'https://gitlab.com/cki-project/kernel-ark/-/raw/linux-5.8.y/drivers/virtio/virtio_mmio.c' && \ 47 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.fc33.${ARCHITECTURE}/" make && ls -alh /home/ubuntu/extracted/lib/modules/ 48 | 49 | 50 | FROM initrd-builder:0.0.1 AS stage2 51 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 52 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 53 | RUN cd /home/ubuntu/extracted && \ 54 | /opt/initrd-builder/create.sh 55 | 56 | FROM scratch 57 | 58 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 59 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 60 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 61 | -------------------------------------------------------------------------------- /matrix_gen/pkg/matrix/error.go: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 2 | /* 3 | Copyright (C) 2023 The Falco Authors. 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this file except in compliance with the License. 7 | You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | 17 | */ 18 | 19 | package matrix 20 | 21 | import ( 22 | "fmt" 23 | "io" 24 | "strings" 25 | ) 26 | 27 | type ErrorReportKey struct { 28 | Kernel string 29 | Test string 30 | Res Result 31 | } 32 | 33 | func writeMDCodeBlock(w io.StringWriter, block string) { 34 | w.WriteString("```\n") 35 | w.WriteString(block + "\n") 36 | w.WriteString("```\n") 37 | } 38 | 39 | // ToMDSection example: archlinux-5.18 build-kernel-module will become 40 | // "# archlinux-5.18 build-kernel-module" 41 | func (m ErrorReportKey) ToMDSection() string { 42 | return "# " + m.Kernel + " " + m.Test + "\n\n" 43 | } 44 | 45 | // ToMDSectionLink example: archlinux-5.18 build-kernel-module will become 46 | // "#archlinux-518-build-kernel-module" 47 | func (m ErrorReportKey) ToMDSectionLink() string { 48 | key := fmt.Sprint("#" + m.Kernel + "-" + m.Test) 49 | // "." is not available, ie: 50 | // #archlinux-5.18-build-kernel-module should become 51 | // #archlinux-518-build-kernel-module 52 | return strings.Replace(key, ".", "", -1) 53 | } 54 | 55 | func (m ErrorReportKey) Dump(fW io.StringWriter) { 56 | fW.WriteString(m.ToMDSection()) 57 | if m.Res.Skipped { 58 | fW.WriteString("Skipped Condition:\n") 59 | writeMDCodeBlock(fW, m.Res.FalseCondition) 60 | } else { 61 | fW.WriteString("Msg:\n") 62 | writeMDCodeBlock(fW, m.Res.Msg) 63 | fW.WriteString("Err:\n") 64 | if m.Res.StdErr != "" { 65 | writeMDCodeBlock(fW, m.Res.StdErr) 66 | } else { 67 | writeMDCodeBlock(fW, fmt.Sprintf("Exit Code: %d", m.Res.Rc)) 68 | } 69 | } 70 | fW.WriteString("\n") 71 | } 72 | 73 | func newErrorReportKey(kernel, testName string, testRes Result) ErrorReportKey { 74 | return ErrorReportKey{ 75 | Kernel: kernel, 76 | Test: testName, 77 | Res: testRes, 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /images/x86_64/centos/5.14/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=5.14.0-648 2 | ARG BASEOS_URL='https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/Packages' 3 | ARG APPSTR_URL='http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages' 4 | ARG ARCHITECTURE=x86_64 5 | 6 | FROM initrd-builder:0.0.1 AS stage1 7 | 8 | ARG VERSION 9 | ARG BASEOS_URL 10 | ARG APPSTR_URL 11 | ARG ARCHITECTURE 12 | 13 | WORKDIR /home/ubuntu 14 | 15 | RUN touch .placeholder && \ 16 | curl -Lo kernel.rpm ${BASEOS_URL}/kernel-${VERSION}.el9.${ARCHITECTURE}.rpm && \ 17 | curl -Lo modules.rpm ${BASEOS_URL}/kernel-modules-core-${VERSION}.el9.${ARCHITECTURE}.rpm && \ 18 | curl -Lo core.rpm ${BASEOS_URL}/kernel-core-${VERSION}.el9.${ARCHITECTURE}.rpm && \ 19 | curl -Lo headers.rpm ${APPSTR_URL}/kernel-devel-${VERSION}.el9.${ARCHITECTURE}.rpm && \ 20 | rpm2cpio kernel.rpm > kernel.cpio && \ 21 | rpm2cpio modules.rpm > modules.cpio && \ 22 | rpm2cpio core.rpm > core.cpio && \ 23 | rpm2cpio headers.rpm > headers.cpio && \ 24 | mkdir extracted && \ 25 | cd extracted && \ 26 | cpio -idmv < ../kernel.cpio && \ 27 | cpio -idmv < ../modules.cpio && \ 28 | cpio -idmv < ../core.cpio && \ 29 | cpio -idmv < ../headers.cpio && \ 30 | find . -name '*.xz' -exec xz -d {} \; && \ 31 | cd .. && \ 32 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz*') > extracted/vmlinux 33 | 34 | FROM quay.io/centos/centos:stream9 AS kmod-builder 35 | 36 | ARG VERSION 37 | ARG BASEOS_URL 38 | ARG APPSTR_URL 39 | ARG ARCHITECTURE 40 | 41 | WORKDIR /home/ubuntu 42 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 43 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 44 | 45 | RUN dnf groupinstall -y 'Development Tools' && \ 46 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 47 | curl -LO 'https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/raw/main/drivers/virtio/virtio_mmio.c' && \ 48 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.el9.${ARCHITECTURE}" make 49 | 50 | FROM initrd-builder:0.0.1 AS stage2 51 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 52 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 53 | RUN cd /home/ubuntu/extracted && \ 54 | /opt/initrd-builder/create.sh 55 | 56 | FROM scratch 57 | 58 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 59 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 60 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 61 | -------------------------------------------------------------------------------- /images/x86_64/centos/3.10/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=3.10.0-1160 2 | ARG BASEOS_URL='https://vault.centos.org/centos/7.9.2009/os/x86_64/Packages' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG BASEOS_URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -Lo kernel.rpm ${BASEOS_URL}/kernel-${VERSION}.el7.x86_64.rpm && \ 15 | curl -Lo headers.rpm ${BASEOS_URL}/kernel-devel-${VERSION}.el7.x86_64.rpm && \ 16 | rpm2cpio kernel.rpm > kernel.cpio && \ 17 | rpm2cpio headers.rpm > headers.cpio && \ 18 | mkdir extracted && \ 19 | cd extracted && \ 20 | cpio -idmv < ../kernel.cpio && \ 21 | cpio -idmv < ../headers.cpio && \ 22 | find . -name '*.xz' -exec xz -d {} \; && \ 23 | cd .. && \ 24 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz*') > extracted/vmlinux 25 | 26 | FROM centos:centos7.9.2009 AS kmod-builder 27 | 28 | ARG VERSION 29 | ARG BASEOS_URL 30 | ARG ARCHITECTURE 31 | 32 | WORKDIR /home/ubuntu 33 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 34 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 35 | 36 | # Fix broken mirrors. 37 | RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \ 38 | sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \ 39 | sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo 40 | 41 | RUN yum groupinstall -y 'Development Tools' && \ 42 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 43 | mkdir src && \ 44 | cd src && \ 45 | curl -Lo source.rpm 'https://archive.kernel.org/centos-vault/7.9.2009/os/Source/SPackages/kernel-'${VERSION}'.el7.src.rpm' && \ 46 | rpm2cpio source.rpm > source.cpio && \ 47 | cpio -idmv < source.cpio && \ 48 | tar -xaf 'linux-'${VERSION}'.el7.tar.xz' && \ 49 | cd .. && \ 50 | find src -name 'virtio_mmio.c' -exec cp -v {} . \; && \ 51 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.el7.${ARCHITECTURE}/" make 52 | 53 | FROM initrd-builder:0.0.1 AS stage2 54 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 55 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 56 | RUN cd /home/ubuntu/extracted && \ 57 | ls -lah /home/ubuntu/ && \ 58 | /opt/initrd-builder/create.sh 59 | 60 | FROM scratch 61 | 62 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 63 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 64 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 65 | -------------------------------------------------------------------------------- /architecture.md: -------------------------------------------------------------------------------- 1 | # Architecture 2 | 3 | This document describes requirements and implementation details of the solution. 4 | 5 | ## VM spawning 6 | 7 | ### Requirements 8 | 9 | Each VM requires 3 elements to be spawned: 10 | 11 | 1) a kernel binary (`vmlinux` file) 12 | 2) an initramfs (`initrd` file) 13 | 3) a `rootfs` ext4 raw disk image 14 | 15 | ### Implementation 16 | 17 | `vmlinux` and `initrd` are extracted from the same corresponding `*-kernel*` docker image, while the `rootfs` is shipped 18 | in a separate `*-image*` docker image. Extraction happens at runtime, and extracted artifacts are cached and reused for 19 | later runs. On each run, a single `rootfs` ext4 disk image is CoW-cloned (shallow copy), and the ephemeral clone is 20 | patched to enable SSHing from the host. 21 | 22 | ## Networking 23 | 24 | ### Requirements 25 | 26 | - the host must be able to SSH into VMs 27 | - each VM must be able to connect to Internet, to download needed dependencies 28 | 29 | ### Implementation 30 | 31 | Each VM is connected to the host through a TAP interface. For each VM, a `/30` subnet, taken from the `172.16.0.0/16` 32 | range, is allocated. 33 | The subnet is uniquely identified by the `run_id` and the machine name (as specified in 34 | [vars.yml](./ansible-playbooks/group_vars/all/vars.yml)). 35 | For each VM, the first address of the corresponding subnet is assigned to the TAP interface, while the second one is 36 | assigned to the guest OS interface. 37 | Each VM receives its networking configuration through DHCP. The networking configuration includes: 38 | 39 | - the guest interface IP address 40 | - the default route (i.e.: the TAP interface IP address) 41 | - DNS configuration (i.e.: `1.1.1.1`) 42 | 43 | A dedicated DHCP server (`dnsmasq` instance) is spawned for each TAP interface, specifically configured to offer the 44 | above configuration. 45 | The `dnsmsq` instances are spawned through `systemd`. Given an interface `tapX`, and the corresponding assigned subnet 46 | `172.16.Y.Z/30`, the corresponding `systemd` service instance exposing the DHCP service will be named as follows: 47 | 48 | ``` 49 | `dnsmasq-tap@tapX:172.16.Y.{ Z + 1 }:172.16.Y.{ Z + 2 }.service` 50 | ``` 51 | 52 | Given the aforementioned requirements, on the host: 53 | 54 | - IP forwarding must be enabled for IPv4 55 | - reverse path filtering must be disabled on all interfaces 56 | - traffic sourced from `172.16.0.0/16` and exiting the host external interface must be NATted 57 | - the FORWARD chain must allow both incoming and outgoing traffic for `172.16.0.0/16` 58 | - the INPUT chain must allow incoming traffic on `tap+` interfaces` 59 | -------------------------------------------------------------------------------- /images/x86_64/fedora/6.2/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=6.2.9-300 2 | ARG HVERSION=6.2.6-300 3 | ARG URL='https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/38/Everything/x86_64/os/Packages' 4 | ARG ARCHITECTURE=x86_64 5 | 6 | FROM initrd-builder:0.0.1 AS stage1 7 | 8 | ARG VERSION 9 | ARG HVERSION 10 | ARG URL 11 | ARG ARCHITECTURE 12 | 13 | WORKDIR /home/ubuntu 14 | 15 | RUN touch .placeholder && \ 16 | curl -Lo kernel.rpm ${URL}/k/kernel-core-${VERSION}.fc38.${ARCHITECTURE}.rpm && \ 17 | curl -Lo headers.rpm ${URL}/k/kernel-headers-${HVERSION}.fc38.${ARCHITECTURE}.rpm && \ 18 | curl -Lo modules.rpm ${URL}/k/kernel-modules-${VERSION}.fc38.${ARCHITECTURE}.rpm && \ 19 | curl -Lo sources.rpm ${URL}/k/kernel-devel-${VERSION}.fc38.${ARCHITECTURE}.rpm && \ 20 | curl -Lo modules-core.rpm ${URL}/k/kernel-modules-core-${VERSION}.fc38.${ARCHITECTURE}.rpm && \ 21 | rpm2cpio kernel.rpm > kernel.cpio && \ 22 | rpm2cpio headers.rpm > headers.cpio && \ 23 | rpm2cpio modules.rpm > modules.cpio && \ 24 | rpm2cpio sources.rpm > sources.cpio && \ 25 | rpm2cpio modules-core.rpm > modules-core.cpio && \ 26 | mkdir extracted && \ 27 | cd extracted && \ 28 | cpio -idmv < ../kernel.cpio && \ 29 | cpio -idmv < ../headers.cpio && \ 30 | cpio -idmv < ../modules.cpio && \ 31 | cpio -idmv < ../sources.cpio && \ 32 | cpio -idmv < ../modules-core.cpio && \ 33 | find . -name '*.xz' -exec xz -d {} \; && \ 34 | extract-vmlinux $(find lib/modules -name vmlinuz) > /home/ubuntu/extracted/vmlinux 35 | 36 | FROM fedora:38 AS kmod-builder 37 | 38 | ARG VERSION 39 | ARG HVERSION 40 | ARG URL 41 | ARG ARCHITECTURE 42 | 43 | WORKDIR /home/ubuntu 44 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 45 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 46 | 47 | 48 | RUN dnf groupinstall -y 'Development Tools' && \ 49 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 50 | curl -LO 'https://gitlab.com/cki-project/kernel-ark/-/raw/fedora-6.2/drivers/virtio/virtio_mmio.c' && \ 51 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.fc38.${ARCHITECTURE}/" make && \ 52 | find /home/ubuntu/extracted/lib/modules/ -name '*.ko' 53 | 54 | 55 | FROM initrd-builder:0.0.1 AS stage2 56 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 57 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 58 | RUN cd /home/ubuntu/extracted && \ 59 | /opt/initrd-builder/create.sh 60 | 61 | FROM scratch 62 | 63 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 64 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 65 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 66 | -------------------------------------------------------------------------------- /images/x86_64/centos/4.18/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=4.18.0-552 2 | ARG BASEOS_URL='https://vault.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages' 3 | ARG ARCHITECTURE=x86_64 4 | 5 | FROM initrd-builder:0.0.1 AS stage1 6 | 7 | ARG VERSION 8 | ARG BASEOS_URL 9 | ARG ARCHITECTURE 10 | 11 | WORKDIR /home/ubuntu 12 | 13 | RUN touch .placeholder && \ 14 | curl -Lo kernel.rpm ${BASEOS_URL}/kernel-${VERSION}.el8.${ARCHITECTURE}.rpm && \ 15 | curl -Lo modules.rpm ${BASEOS_URL}/kernel-modules-${VERSION}.el8.${ARCHITECTURE}.rpm && \ 16 | curl -Lo core.rpm ${BASEOS_URL}/kernel-core-${VERSION}.el8.${ARCHITECTURE}.rpm && \ 17 | curl -Lo headers.rpm ${BASEOS_URL}/kernel-devel-${VERSION}.el8.${ARCHITECTURE}.rpm && \ 18 | rpm2cpio kernel.rpm > kernel.cpio && \ 19 | rpm2cpio modules.rpm > modules.cpio && \ 20 | rpm2cpio core.rpm > core.cpio && \ 21 | rpm2cpio headers.rpm > headers.cpio && \ 22 | mkdir extracted && \ 23 | cd extracted && \ 24 | cpio -idmv < ../kernel.cpio && \ 25 | cpio -idmv < ../modules.cpio && \ 26 | cpio -idmv < ../core.cpio && \ 27 | cpio -idmv < ../headers.cpio && \ 28 | find . -name '*.xz' -exec xz -d {} \; && \ 29 | cd .. && \ 30 | extract-vmlinux $(find ./extracted/ -name 'vmlinuz*') > extracted/vmlinux 31 | 32 | FROM quay.io/centos/centos:stream8 AS kmod-builder 33 | 34 | ARG VERSION 35 | ARG BASEOS_URL 36 | ARG ARCHITECTURE 37 | 38 | WORKDIR /home/ubuntu 39 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 40 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 41 | 42 | # Fix broken mirrors. 43 | RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \ 44 | sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \ 45 | sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo 46 | 47 | RUN dnf groupinstall -y 'Development Tools' && \ 48 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 49 | curl -LO 'https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-8/-/raw/c8s/drivers/virtio/virtio_mmio.c' && \ 50 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.el8.${ARCHITECTURE}" make 51 | 52 | FROM initrd-builder:0.0.1 AS stage2 53 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 54 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 55 | RUN cd /home/ubuntu/extracted && \ 56 | ls -lah /home/ubuntu/ && \ 57 | /opt/initrd-builder/create.sh 58 | 59 | FROM scratch 60 | 61 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 62 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 63 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 64 | -------------------------------------------------------------------------------- /images/aarch64/fedora/6.2/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=6.2.9-300 2 | ARG HVERSION=6.2.6-300 3 | ARG ARCHITECTURE=aarch64 4 | ARG URL='https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/38/Everything/aarch64/os/Packages/k/' 5 | 6 | FROM initrd-builder:0.0.1 AS stage1 7 | 8 | ARG VERSION 9 | ARG HVERSION 10 | ARG ARCHITECTURE 11 | ARG URL 12 | 13 | WORKDIR /home/ubuntu 14 | 15 | RUN touch .placeholder && \ 16 | curl -Lo kernel.rpm ${URL}kernel-core-${VERSION}.fc38.${ARCHITECTURE}.rpm && \ 17 | curl -Lo headers.rpm ${URL}kernel-headers-${HVERSION}.fc38.${ARCHITECTURE}.rpm && \ 18 | curl -Lo modules.rpm ${URL}kernel-modules-${VERSION}.fc38.${ARCHITECTURE}.rpm && \ 19 | curl -Lo sources.rpm ${URL}kernel-devel-${VERSION}.fc38.${ARCHITECTURE}.rpm && \ 20 | curl -Lo modules-core.rpm ${URL}kernel-modules-core-${VERSION}.fc38.${ARCHITECTURE}.rpm && \ 21 | rpm2cpio kernel.rpm > kernel.cpio && \ 22 | rpm2cpio headers.rpm > headers.cpio && \ 23 | rpm2cpio modules.rpm > modules.cpio && \ 24 | rpm2cpio sources.rpm > sources.cpio && \ 25 | rpm2cpio modules-core.rpm > modules-core.cpio && \ 26 | mkdir extracted && \ 27 | cd extracted && \ 28 | cpio -idmv < ../kernel.cpio && \ 29 | cpio -idmv < ../headers.cpio && \ 30 | cpio -idmv < ../modules.cpio && \ 31 | cpio -idmv < ../sources.cpio && \ 32 | cpio -idmv < ../modules-core.cpio && \ 33 | find . -name '*.xz' -exec xz -d {} \; && \ 34 | VMLINUX=$(find lib/modules -name vmlinuz) ; \ 35 | SKIP=$(objdump -EL -b binary -D -m ${ARCHITECTURE} $VMLINUX | \ 36 | grep '00088b1f' | awk '{print $1}' | cut -d: -f1 | \ 37 | tr '[:lower:]' '[:upper:]' | xargs -I@ printf "%d" 0x@ ) ; \ 38 | dd if=$VMLINUX of=/home/ubuntu/extracted/vmlinux.gz bs=1 skip=$SKIP && \ 39 | gunzip /home/ubuntu/extracted/vmlinux.gz || exit 0 40 | 41 | #extract-vmlinux $(find lib/modules -name vmlinuz) > /home/ubuntu/extracted/vmlinux 42 | 43 | FROM fedora:38 AS kmod-builder 44 | 45 | ARG VERSION 46 | ARG ARCHITECTURE 47 | 48 | WORKDIR /home/ubuntu 49 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 50 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 51 | 52 | 53 | RUN dnf groupinstall -y 'Development Tools' && \ 54 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 55 | curl -LO 'https://gitlab.com/cki-project/kernel-ark/-/raw/fedora-6.2/drivers/virtio/virtio_mmio.c' && \ 56 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.fc38.${ARCHITECTURE}/" make 57 | 58 | 59 | FROM initrd-builder:0.0.1 AS stage2 60 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 61 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 62 | RUN cd /home/ubuntu/extracted && \ 63 | /opt/initrd-builder/create.sh 64 | 65 | FROM scratch 66 | 67 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 68 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 69 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 70 | -------------------------------------------------------------------------------- /images/initrd-builder/create.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | LIBPATH=${1:-.} 4 | OUTDIR=/home/ubuntu/out 5 | 6 | MODULES=( virtio_mmio virtio_blk virtio_net ext4 crc32c ) 7 | UNAMER=$(ls ${LIBPATH}/lib/modules/ | head -n1) 8 | 9 | NEWMOD='../virtio_mmio.ko' 10 | OLDMOD=$(find ${LIBPATH} -name virtio_mmio.ko) 11 | 12 | if [[ -f ${NEWMOD} ]]; then 13 | >&2 echo 'Copying virtio_mmio new module' 14 | cp -vf ${NEWMOD} ${OLDMOD} || { 15 | mkdir -p ${OUTDIR}/lib/modules/${UNAMER}/kernel/drivers/virtio/ 16 | cp -vf ${NEWMOD} ${OUTDIR}/lib/modules/${UNAMER}/kernel/drivers/virtio/ 17 | } 18 | fi 19 | 20 | >&2 echo LIBPATH=$LIBPATH 21 | >&2 echo UNAMER=$UNAMER 22 | depmod -b ${LIBPATH} ${UNAMER} 23 | 24 | mkdir -p ${OUTDIR}/lib/modules/${UNAMER} 25 | #cp -a ${LIBPATH}/lib/modules/${UNAMER}/* ${OUTDIR}/lib/modules/${UNAMER}/ 26 | 27 | cd $LIBPATH 28 | 29 | readarray MODULES_PATH < <( 30 | for MODULE in ${MODULES[@]}; do 31 | >&2 echo listing deps of module $MODULE 32 | modprobe -d . -S ${UNAMER} -n --show-depends ${MODULE} | grep -Ev '^builtin' | cut -d. -f2- 33 | done 34 | ) 35 | for MODULE_PATH in ${MODULES_PATH[@]}; do 36 | mkdir -p ${OUTDIR}/$(dirname ${MODULE_PATH}) 37 | echo cp ./$MODULE_PATH ${OUTDIR}/$(dirname ${MODULE_PATH}) 38 | cp ./$MODULE_PATH ${OUTDIR}/$(dirname ${MODULE_PATH}) 39 | done 40 | 41 | mkdir -p ${OUTDIR}/{bin,dev,etc,lib,lib64,mnt,proc,root,sbin,sys} 42 | cp -a /dev/{null,console,tty} ${OUTDIR}/dev/ 43 | 44 | cat < ${OUTDIR}/init 45 | #!/bin/busybox sh 46 | 47 | mount -t proc none /proc 48 | mount -t sysfs none /sys 49 | mount -t devtmpfs dev /dev 50 | 51 | # Load essential modules 52 | depmod 53 | 54 | if grep -q NOMODULES /proc/cmdline ; then 55 | echo "skipping kmods" 56 | else 57 | 58 | EOF 59 | 60 | for MODULE in ${MODULES[@]}; do 61 | if [[ $MODULE == 'virtio_mmio' ]]; then 62 | echo -e "\tmodprobe $MODULE"' $(cat /proc/cmdline | grep -o "device=[^\ ]*" | paste -s)' 63 | else 64 | echo -e "\tmodprobe $MODULE" 65 | fi 66 | done >> ${OUTDIR}/init 67 | 68 | cat <> ${OUTDIR}/init 69 | 70 | fi 71 | 72 | # Mount the root filesystem. 73 | mount /dev/vda /mnt/ 74 | 75 | # TODO: add support for static ip from cmdline 76 | # e.g.: ifconfig eth0 10.0.2.15 77 | ifconfig eth0 up 78 | udhcpc -t 5 -q -s /bin/simple.script 79 | 80 | if [ -L /mnt/etc/resolv.conf ]; then 81 | unlink /mnt/etc/resolv.conf 82 | cat /etc/resolv.conf > /mnt/etc/resolv.conf 83 | fi 84 | 85 | if grep -q DEBUG /proc/cmdline ; then 86 | exec /bin/sh 87 | else 88 | # Clean up. 89 | umount /proc 90 | umount /sys 91 | 92 | # Boot the real thing. 93 | exec switch_root /mnt/ /sbin/init 94 | fi 95 | EOF 96 | 97 | chmod +x ${OUTDIR}/init 98 | 99 | curl -L -o ${OUTDIR}/bin/simple.script https://git.busybox.net/busybox/plain/examples/udhcp/simple.script 100 | chmod +x ${OUTDIR}/bin/simple.script 101 | 102 | cd ${OUTDIR} 103 | 104 | find . -print0 | cpio --null --create --verbose --format=newc > initrd 105 | cd - 106 | 107 | -------------------------------------------------------------------------------- /images/aarch64/oraclelinux/4.14/Dockerfile.kernel: -------------------------------------------------------------------------------- 1 | ARG VERSION=4.14.35-2047.527.2 2 | ARG URL='https://yum.oracle.com/repo/OracleLinux/OL7/latest/aarch64' 3 | 4 | FROM initrd-builder:0.0.1 AS stage1 5 | 6 | ARG VERSION 7 | ARG URL 8 | 9 | WORKDIR /home/ubuntu 10 | 11 | RUN touch .placeholder && \ 12 | curl -L -o kernel.rpm ${URL}/getPackage/kernel-uek-${VERSION}.el7uek.aarch64.rpm && \ 13 | curl -L -o devel.rpm ${URL}/getPackage/kernel-uek-devel-${VERSION}.el7uek.aarch64.rpm && \ 14 | rpm2cpio kernel.rpm > kernel.cpio && \ 15 | rpm2cpio devel.rpm > devel.cpio && \ 16 | mkdir extracted && \ 17 | cd extracted && \ 18 | cpio -idmv < ../kernel.cpio && \ 19 | cpio -idmv < ../devel.cpio && \ 20 | find . -name '*.xz' -exec xz -d {} \; && \ 21 | cd .. && \ 22 | find ./extracted/ -name 'vmlinuz-*' -exec cp -v {} extracted/vmlinux \; 23 | 24 | FROM amazonlinux:2 AS kmod-builder 25 | 26 | ARG VERSION 27 | ARG URL 28 | 29 | WORKDIR /home/ubuntu 30 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 31 | COPY --from=stage1 /opt/initrd-builder/* /opt/initrd-builder/ 32 | 33 | RUN yum groupinstall -y 'Development Tools' && \ 34 | yum install -y gcc elfutils-libelf-devel gcc && \ 35 | curl -Lo libdtrace-devel.rpm https://yum.oracle.com/repo/OracleLinux/OL7/latest/aarch64/getPackage/libdtrace-ctf-devel-1.1.0-2.el7.aarch64.rpm && \ 36 | curl -Lo libdtrace.rpm https://yum.oracle.com/repo/OracleLinux/OL7/latest/aarch64/getPackage/libdtrace-ctf-1.1.0-2.el7.aarch64.rpm && \ 37 | yum install -y --skip-broken ./libdtrace.rpm ./libdtrace-devel.rpm && \ 38 | curl -Lo source.rpm https://yum.oracle.com/repo/OracleLinux/OL7/latest/aarch64/getPackageSource/kernel-uek-${VERSION}.el7uek.src.rpm && \ 39 | mkdir src && \ 40 | cd src && \ 41 | rpm2cpio ../source.rpm > source.cpio && \ 42 | cpio -idmv < ./source.cpio && \ 43 | tar -xaf linux-4.14.35.tar.bz2 && \ 44 | cd .. && \ 45 | find src -name 'virtio_mmio.c' -exec cp -v {} . \; && \ 46 | cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \ 47 | sed -ie 's/virtio-mmio/my-virtio-mmio/g' virtio_mmio.c && \ 48 | mkdir -p /opt/oracle/oracle-armtoolset-1/root/bin/ && \ 49 | ln -s /usr/bin/gcc /opt/oracle/oracle-armtoolset-1/root/bin/gcc && \ 50 | ln -s /usr/bin/ld /opt/oracle/oracle-armtoolset-1/root/bin/ld && \ 51 | ln -s /usr/bin/nm /opt/oracle/oracle-armtoolset-1/root/bin/nm && \ 52 | ln -s /usr/bin/objdump /opt/oracle/oracle-armtoolset-1/root/bin/objdump && \ 53 | ln -s /usr/bin/objcopy /opt/oracle/oracle-armtoolset-1/root/bin/objcopy && \ 54 | KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/${VERSION}.el7uek.aarch64/" make 55 | 56 | FROM initrd-builder:0.0.1 AS stage2 57 | 58 | COPY --from=stage1 /home/ubuntu/extracted /home/ubuntu/extracted/ 59 | COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/ 60 | RUN cd /home/ubuntu/extracted && \ 61 | /opt/initrd-builder/create.sh 62 | 63 | FROM scratch 64 | 65 | COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/ 66 | COPY --from=stage2 /home/ubuntu/out/initrd /boot/ 67 | COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/ 68 | -------------------------------------------------------------------------------- /config_example_amd64.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # NOTICE: This script is not intended to be run as is: it is just demonstrative, and is required for the user to go 4 | # through it and adapt the different parts to the specific environment. 5 | 6 | ### Install miscellaneous dependencies 7 | 8 | sudo apt update -y 9 | sudo apt install -y git iproute2 dnsmasq e2tools e2fsprogs ca-certificates curl nano iputils-ping rsync 10 | 11 | ### Install ansible ### 12 | sudo apt update -y 13 | sudo apt install -y software-properties-common 14 | sudo add-apt-repository --yes --update ppa:ansible/ansible 15 | sudo apt install -y ansible-core=2.16.3-0ubuntu2 16 | 17 | ### Install ansible requirements globally ### 18 | git clone https://github.com/kernel-testing/kernel-testing.git 19 | sudo mkdir -p /usr/share/ansible/collections 20 | sudo chmod 755 /usr/share/ansible/collections 21 | sudo ansible-galaxy collection install -r kernel-testing/requirements.yml -p /usr/share/ansible/collections 22 | echo 'ANSIBLE_COLLECTIONS_PATHS=/usr/share/ansible/collections:$ANSIBLE_COLLECTIONS_PATHS' | sudo tee -a /etc/environment 23 | 24 | ansible-galaxy install -r kernel-testing/requirements.yml 25 | sudo ansible-galaxy install -r kernel-testing/requirements.yml 26 | 27 | ### Install firecracker ### 28 | curl -LO https://github.com/firecracker-microvm/firecracker/releases/download/v1.13.1/firecracker-v1.13.1-x86_64.tgz 29 | tar -xzf firecracker-v1.13.1-x86_64.tgz 30 | sudo mv release-v1.13.1-x86_64/firecracker-v1.13.1-x86_64 /usr/local/bin/firecracker 31 | sudo chmod +x /usr/local/bin/firecracker 32 | 33 | ### Install docker ### 34 | sudo apt install -y ca-certificates curl 35 | sudo install -m 0755 -d /etc/apt/keyrings 36 | sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc 37 | sudo chmod a+r /etc/apt/keyrings/docker.asc 38 | echo \ 39 | "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ 40 | $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ 41 | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 42 | sudo apt update -y 43 | sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin 44 | 45 | ### Install go globally ### 46 | curl -LO https://go.dev/dl/go1.25.4.linux-amd64.tar.gz 47 | sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.25.4.linux-amd64.tar.gz 48 | echo 'PATH="/usr/local/go/bin:$PATH"' | sudo tee /etc/environment 49 | 50 | ### Configure networking ### 51 | 52 | ## Enable IP forwarding 53 | sudo sysctl -w net.ipv4.ip_forward=1 54 | echo "net.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.d/99-firecracker.conf 55 | 56 | ## Disable reverse path filtering 57 | CONFIG_FILE="/etc/sysctl.d/99-rp_filter.conf" 58 | sudo bash -c "cat > $CONFIG_FILE" <<'EOF' 59 | net.ipv4.conf.all.rp_filter = 0 60 | net.ipv4.conf.default.rp_filter = 0 61 | EOF 62 | sudo sysctl --system 63 | # just to be super sure that reverse path filtering is disabled for the current interfaces 64 | for f in /proc/sys/net/ipv4/conf/*/rp_filter; do # 65 | echo 0 | sudo tee "$f" 66 | done 67 | 68 | ## Configure iptables 69 | # note: pay attention to use the right interface (in place of eth0) 70 | sudo iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -o eth0 -j MASQUERADE 71 | sudo iptables -I FORWARD 1 -s 172.16.0.0/16 -j ACCEPT 72 | sudo iptables -I FORWARD 2 -d 172.16.0.0/16 -j ACCEPT 73 | sudo iptables -I INPUT 1 -i tap+ -j ACCEPT 74 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: 'kernel-testing' 2 | description: 'Ansible playbooks to provision firecracker VMs and run Falco kernel tests.' 3 | 4 | inputs: 5 | libsversion: 6 | description: 'libs version to be tested, eg: master' 7 | required: false 8 | default: 'master' 9 | libsrepo: 10 | description: 'libs repo to be tested, eg: falcosecurity/libs' 11 | required: false 12 | default: 'falcosecurity/libs' 13 | build_matrix: 14 | description: 'Whether to generate matrixes as matrix artifact' 15 | required: false 16 | default: 'false' 17 | images_tag: 18 | description: 'Images tag to be used, in the form vX.Y.Z' 19 | required: true 20 | 21 | outputs: 22 | ansible_output: 23 | description: "Uploaded ansible output artifact name" 24 | value: ${{ steps.store-outputs.outputs.ansible }} 25 | matrix_output: 26 | description: "Uploaded matrix artifact name" 27 | value: ${{ steps.store-outputs.outputs.matrix }} 28 | 29 | runs: 30 | using: "composite" 31 | steps: 32 | - name: Generate vars yaml 33 | working-directory: ${{ github.action_path }}/ansible-playbooks 34 | shell: bash 35 | run: | 36 | cat > vars.yml <> $GITHUB_OUTPUT 87 | echo "matrix=${{ github.action_path }}/matrix_gen/matrix.md" >> $GITHUB_OUTPUT 88 | 89 | - name: Cleanup 90 | if: always() 91 | working-directory: ${{ github.action_path }}/ansible-playbooks 92 | shell: bash 93 | run: | 94 | ansible-playbook clean-up.yml --extra-vars "@vars.yml" || : 95 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/clean_up/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for clean-up 3 | # this role removes the cluster and the files created by the bootstrap role 4 | 5 | # We search all the machines created for this run_id. 6 | # We make sure that all machines are stopped and then delete them. 7 | - name: Stop running machines and delete them 8 | become: true 9 | block: 10 | - name: Stop running machines run_id={{ run_id }} 11 | vars: 12 | vm_socket: "/tmp/{{ run_id }}-{{ item.name }}.sock" 13 | ansible.builtin.uri: 14 | url: "http://localhost/actions" 15 | method: PUT 16 | body: '{"action_type":"SendCtrlAltDel"}' 17 | body_format: json 18 | headers: 19 | Content-Type: "application/json" 20 | unix_socket: "{{ vm_socket }}" 21 | loop: "{{ machines | union(builders) }}" 22 | when: item.arch == ansible_facts["architecture"] 23 | changed_when: true 24 | failed_when: false 25 | 26 | - name: Wait for all machines to stop run_id={{ run_id }} 27 | ansible.builtin.command: pgrep -f "firecracker.*--id .*{{ run_id }}" 28 | register: clean_up_pgrep_result 29 | failed_when: false 30 | changed_when: false 31 | until: clean_up_pgrep_result.rc != 0 32 | retries: 10 33 | delay: 1 34 | 35 | - name: Force-kill remaining machines run_id={{ run_id }} 36 | ansible.builtin.command: pkill -KILL -f "firecracker.*--id .*{{ run_id }}" 37 | register: clean_up_pkill_result 38 | failed_when: false 39 | changed_when: clean_up_pkill_result.rc == 0 40 | when: clean_up_pgrep_result.rc == 0 41 | 42 | - name: Delete unix socket files created by machines run_id={{ run_id }} 43 | ansible.builtin.file: 44 | path: "/tmp/{{ run_id }}-{{ item.name }}.sock" 45 | state: absent 46 | loop: "{{ machines | union(builders) }}" 47 | when: item.arch == ansible_facts["architecture"] 48 | 49 | - name: Remove the run files directory 50 | ansible.builtin.file: 51 | path: "{{ runtime_root }}/{{ run_id }}" 52 | state: absent 53 | 54 | - name: Remove the inventory.ini file 55 | ansible.builtin.file: 56 | path: "./inventory.ini" 57 | state: absent 58 | 59 | - name: Remove ansible output folder 60 | ansible.builtin.file: 61 | path: "{{ output_dir }}" 62 | state: absent 63 | 64 | - name: Run common/tasks/compute_tap_dev_map.yml 65 | ansible.builtin.import_role: 66 | name: common 67 | tasks_from: compute_tap_dev_map 68 | 69 | - name: Stop all running dnsmasq-tap systemd services 70 | become: true 71 | block: 72 | - name: Stop dnsmasq-tap systemd services 73 | ansible.builtin.systemd: 74 | name: "dnsmasq-tap@{{ item.name }}:{{ item.host_ip }}:{{ item.guest_ip }}" 75 | state: stopped 76 | loop: "{{ common_tap_dev_map.values() }}" 77 | 78 | - name: Remove all dnsmasq-tap DHCP lease files 79 | ansible.builtin.file: 80 | path: "/run/dnsmasq-tap-{{ item.name }}.leases" 81 | state: absent 82 | loop: "{{ common_tap_dev_map.values() }}" 83 | 84 | - name: Remove tap interfaces 85 | ansible.builtin.command: ip link del "{{ item.name }}" 86 | loop: "{{ common_tap_dev_map.values() }}" 87 | failed_when: false 88 | changed_when: false 89 | become: true 90 | 91 | - name: Remove machines from known_hosts 92 | ansible.builtin.known_hosts: 93 | path: "{{ ssh_key_path }}/known_hosts" 94 | name: "{{ item.host_ip }}" 95 | state: absent 96 | loop: "{{ common_tap_dev_map.values() }}" 97 | become: true 98 | -------------------------------------------------------------------------------- /ansible-playbooks/scap-open.yml: -------------------------------------------------------------------------------- 1 | # Playbook used to run scap-open-test role. 2 | # Check the role for more information 3 | 4 | - name: Build bpf skeleton on designated builder VM 5 | hosts: "fedora-builder" 6 | remote_user: "{{ user }}" 7 | gather_facts: false 8 | tasks: 9 | - name: Create cmake output dir 10 | ansible.builtin.file: 11 | path: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build" 12 | state: directory 13 | mode: "0755" 14 | register: cmake_result 15 | 16 | - name: Prepare cmake for repository 17 | ansible.builtin.command: 18 | cmd: > 19 | cmake 20 | -DUSE_BUNDLED_DEPS=ON 21 | -DBUILD_LIBSCAP_MODERN_BPF=ON 22 | -DBUILD_LIBSCAP_GVISOR=OFF 23 | -DCREATE_TEST_TARGETS=OFF 24 | .. 25 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build" 26 | changed_when: false 27 | register: cmake_result 28 | 29 | - name: Build skeleton 30 | ansible.builtin.command: 31 | cmd: cmake --build . --target ProbeSkeleton --parallel {{ cpus }} 32 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build" 33 | changed_when: false 34 | register: cmake_result 35 | 36 | - name: Fetch the skeleton file 37 | ansible.builtin.fetch: 38 | src: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build/skel_dir/bpf_probe.skel.h" 39 | dest: /tmp/ 40 | flat: true 41 | 42 | - name: Build scap-open on designated builder 43 | hosts: "centos-builder" 44 | remote_user: "{{ user }}" 45 | gather_facts: false 46 | tasks: 47 | - name: Copy bpf skeleton to centos builder 48 | ansible.builtin.copy: 49 | src: "/tmp/bpf_probe.skel.h" 50 | dest: "/tmp" 51 | mode: '0755' 52 | 53 | - name: Create cmake output dir 54 | ansible.builtin.file: 55 | path: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 56 | state: directory 57 | mode: "0755" 58 | register: cmake_result 59 | 60 | - name: Prepare cmake for repository 61 | ansible.builtin.shell: 62 | cmd: | 63 | source /opt/rh/devtoolset-9/enable && 64 | cmake \ 65 | -DCMAKE_BUILD_TYPE=Release \ 66 | -DBUILD_LIBSCAP_MODERN_BPF=ON \ 67 | -DMODERN_BPF_SKEL_DIR=/tmp \ 68 | -DBUILD_DRIVER=Off \ 69 | -DBUILD_BPF=Off \ 70 | -DBUILD_LIBSCAP_GVISOR=OFF \ 71 | -DCREATE_TEST_TARGETS=Off \ 72 | .. 73 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 74 | changed_when: false 75 | register: cmake_result 76 | 77 | - name: Build scap-open with modern probe 78 | ansible.builtin.shell: 79 | cmd: source /opt/rh/devtoolset-9/enable && cmake --build . --target scap-open --parallel {{ cpus }} 80 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 81 | changed_when: false 82 | register: cmake_result 83 | 84 | - name: Fetch the scap-open binary 85 | ansible.builtin.fetch: 86 | src: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build/libscap/examples/01-open/scap-open" 87 | dest: "/tmp/" 88 | flat: true 89 | 90 | - name: Play that distributes scap-open binary to VMs 91 | hosts: "machines" 92 | remote_user: "{{ user }}" 93 | gather_facts: false 94 | tasks: 95 | - name: Copy scap-open binary to all VMs 96 | ansible.builtin.copy: 97 | src: "/tmp/scap-open" 98 | dest: "/tmp" 99 | mode: '0755' 100 | become: false 101 | 102 | - name: Play that runs probes tests using scap-open binary 103 | hosts: "machines" 104 | gather_facts: true 105 | remote_user: "{{ user }}" 106 | become: true 107 | serial: 30 108 | roles: 109 | - scap_open 110 | 111 | - name: Remove artifacts from localhost 112 | hosts: localhost 113 | gather_facts: false 114 | tasks: 115 | - name: Remove artifacs 116 | ansible.builtin.file: 117 | path: "./roles/scap_open/files/" 118 | state: absent 119 | with_items: 120 | - "/tmp/scap-open" 121 | - "/tmp/bpf_probe.skel.h" 122 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Falco kernel tests Repository](https://github.com/falcosecurity/evolution/blob/main/repos/badges/falco-infra-blue.svg)](https://github.com/falcosecurity/evolution/blob/main/REPOSITORIES.md#infra-scope) 2 | [![Incubating](https://img.shields.io/badge/status-incubating-orange?style=for-the-badge)](https://github.com/falcosecurity/evolution/blob/main/REPOSITORIES.md#incubating) 3 | ![Architectures](https://img.shields.io/badge/ARCHS-x86__64%7Caarch64-blueviolet?style=for-the-badge) 4 | [![Latest release](https://img.shields.io/github/v/release/falcosecurity/kernel-testing?style=for-the-badge)](https://github.com/falcosecurity/kernel-testing/releases/latest) 5 | 6 | # Falco drivers tests 7 | 8 | This repository automatically runs 9 | Falco [scap-open](https://github.com/falcosecurity/libs/tree/master/userspace/libscap/examples/01-open) binary on all 10 | supported drivers through Ansible, spawning Firecracker microVMs to test Falco drivers against multiple kernels. 11 | You can find list of machines being used [here](./ansible-playbooks/group_vars/all/vars.yml#L19). 12 | You can find a document explaining the architecture of the solution [here](./architecture.md). Please read it carefully 13 | before deploying it. 14 | 15 | ## Prerequisites 16 | 17 | The following is the list of main prerequisites, each one annotated with a suggested (tested) version: 18 | 19 | * Ansible -> `2.16.3-0ubuntu2` 20 | * Firecracker -> `1.13.1` 21 | * Docker -> whatever is available 22 | * Golang -> `1.25.4` 23 | 24 | Exemplary instructions, installing and configuring all needed dependencies, and configuring host networking, can be 25 | found in [config_example_amd64.sh](./config_example_amd64.sh). The script is not intended to be run as is: it is just 26 | demonstrative, and is required for the user to go through it and adapt the different parts to the specific environment. 27 | 28 | ## Configure 29 | 30 | It is advised to avoid directly modifying [`vars.yml`](ansible-playbooks/group_vars/all/vars.yml) file; 31 | instead one can create a local vars.yml file to override keys from the default vars. 32 | 33 | The only mandatory thing to be configured is an ssh key pair: 34 | 35 | ```yml 36 | #Path to the generated SSH private key file 37 | ssh_key_path: "" # <-- Replace here with the key path 38 | ssh_key_name: "" # <-- Replace here with the key name 39 | ``` 40 | 41 | ## Run 42 | 43 | From the `ansible-playbooks` directory you can run tests on all machines by typing: 44 | 45 | ```bash 46 | ansible-playbook main-playbook.yml --ask-become --extra-vars "@/path/to/local/vars.yaml" 47 | ``` 48 | 49 | To rerun tests: 50 | 51 | ```bash 52 | ansible-playbook scap-open.yml --ask-become --extra-vars "@/path/to/local/vars.yaml" 53 | ``` 54 | 55 | To clean up all machines 56 | 57 | ```bash 58 | ansible-playbook clean-up.yml --ask-become --extra-vars "@/path/to/local/vars.yaml" 59 | ``` 60 | 61 | ## CI Usage 62 | 63 | To better suit the CI usage, 64 | a [GitHub composite action](https://docs.github.com/en/actions/creating-actions/creating-a-composite-action) has been 65 | developed. 66 | Therefore, running kernel-testing in your GitHub workflow is as easy as adding this step: 67 | 68 | ``` 69 | - uses: falcosecurity/kernel-testing@main 70 | # Give it an id to be able to later use its outputs 71 | id: kernel_tests 72 | with: 73 | # libs version to be tested, eg: master. 74 | # Default: 'master' 75 | libsversion: master 76 | 77 | # libs repo to be tested, eg: falcosecurity/libs. 78 | # Default: 'falcosecurity/libs' 79 | libsrepo: falcosecurity/libs 80 | 81 | # Whether to generate matrixes as matrix artifact. 82 | # Default: false 83 | build_matrix: 'true' 84 | 85 | # Images tag to be used, in the form vX.Y.Z 86 | # Required. 87 | images_tag: 'v0.3.2' 88 | ``` 89 | 90 | Then you can use action outputs to retrieve artifacts: 91 | 92 | ``` 93 | - uses: actions/upload-artifact@latest 94 | with: 95 | name: ansible_output 96 | path: ${{ steps.kernel_tests.outputs.ansible_output }} 97 | 98 | - uses: actions/upload-artifact@latest 99 | with: 100 | name: matrix 101 | path: ${{ steps.kernel_tests.outputs.matrix_output }} 102 | ``` 103 | 104 | As an example, 105 | see [libs reusable workflow](https://github.com/falcosecurity/libs/blob/master/.github/workflows/reusable_kernel_tests.yaml). 106 | 107 | > __NOTE:__ Since we don't use annotated tags, one cannot use eg: falcosecurity/kernel-testing@v0, but only either exact 108 | > tag name or master. 109 | 110 | > __NOTE:__ Of course, you'll need to run your tests on virtualization-enabled nodes. 111 | -------------------------------------------------------------------------------- /images/README.md: -------------------------------------------------------------------------------- 1 | # Images 2 | 3 | Makefile present in this directory is specifically designed to generate the static Docker images required by Ignite to run tests on different Linux distributions. The workflow provided by this Makefile is designed to be straightforward, consisting of three main commands: 4 | 5 | 1. `build-all`: This target builds all the necessary Docker images for the different versions and distributions required for testing with Firecracker. 6 | Optionally, you can set `PUSH=true` env variable to push the resulting Docker images to a Docker Hub registry for easier distribution and access. 7 | 8 | 2. `generate-yaml`: This target allows you to generate a YAML file (`images.yaml`) containing the matrix of new image information. The generated YAML file can be conveniently copied to the variables file of Ansible to keep the test environment up to date. 9 | 10 | ## Prerequisites 11 | 12 | Before using the Makefile, ensure you have the following installed: 13 | 14 | - Docker: The containerization platform used for building and pushing images. 15 | 16 | ## Makefile Targets 17 | 18 | The Makefile provides several targets, each serving a specific purpose: 19 | 20 | - `initrd-builder`: This target builds the `initrd-builder` image, necessary for creating the initrd for each image. 21 | 22 | - `builder`, `modernprobe-builder`: These targets build specific builder images used by the CI system to prepare all the precompiled files for the tests. 23 | 24 | - `build-rootfs` and `build-kernel`: These targets build root filesystem and kernel images, respectively. The `build-kernel` target depends on `initrd-builder`, which must be built first. 25 | 26 | - `generate-yaml`: This target generates a YAML file named `images.yaml`, which contains information about the built images. The YAML file includes details about the kernel and rootfs images for each version and distribution. This generated YAML file can be conveniently copied to the variables file of Ansible to keep the test environment up to date. 27 | 28 | - `build-all`: This target is a convenience target that sequentially builds both root filesystem and kernel images. 29 | 30 | - `//`: This target builds both the root filesystem and kernel images for the given architecture, distribution and kernel version. 31 | 32 | By default, no images will be pushed. You need to set the `PUSH` variable to `true` to enable images push to remote registry. 33 | Also, the default images tag will be `main` and the images name will be built as: 34 | ``` 35 | {{ repo }} /{{ distro }}-kernel:{{ kernelversion }}-{{ arch }}-{{ tag }} 36 | ``` 37 | for kernel images, or 38 | ``` 39 | {{ repo }} /{{ distro }}-image:{{ kernelversion }}-{{ arch }}-{{ tag }} 40 | ``` 41 | for rootfs images. 42 | Eg: `ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-kernel:5.15-x86_64-main`. 43 | 44 | ## Usage 45 | 46 | The typical workflow for using this Makefile is as follows: 47 | 48 | 1. Build the `initrd-builder` image first, which is required for creating the initrd for each image: 49 | 50 | ``` 51 | make initrd-builder 52 | ``` 53 | 54 | 2. Build the specific builder images (`builder`, `modernprobe-builder`) used by the CI system: 55 | 56 | ``` 57 | make builder 58 | make modernprobe-builder 59 | ``` 60 | 61 | 3. Build all the required images for testing with Firecracker using the following command: 62 | 63 | ``` 64 | make build-all 65 | ``` 66 | 67 | 4. Optionally, push the built images to a Docker Hub registry with: 68 | 69 | ``` 70 | make docker-push 71 | ``` 72 | 73 | 5. Generate the YAML file containing the image matrix with: 74 | 75 | ``` 76 | make generate-yaml 77 | ``` 78 | 79 | After running these commands, you will have the necessary Docker images for your Firecracker test environment, and the image matrix will be available in the `images.yaml` file. You can then easily integrate this information into your Ansible setup. 80 | 81 | ## Customization 82 | 83 | You can customize the Makefile to suit your specific requirements. The variables you can modify include: 84 | 85 | - `DRY_RUN`: Set this variable to `true` for a dry run, where the build commands will be printed but not executed. 86 | 87 | - `PUSH`: Set this variable to `true` to also push built images to remote registry. Disabled by default. 88 | 89 | - `LATEST`: Set this variable to `true` to also push built images as latest tag. Disabled by default. 90 | 91 | - `TAG`: Set this variable to the images tag name. Defaults to `main`. 92 | 93 | - `CLEANUP`: Set this variable to `true` to cleanup images right after they get built. This is useful to test images build in CI, where disk space might be limited. 94 | 95 | - `REPOSITORY`: The Docker repository where the built images will be tagged and pushed. 96 | 97 | - `ARCH`: The architecture for which the images will be built. By default, it will use the output of `uname -p`. 98 | 99 | - `YAML_FILE`: The name of the YAML file that will be generated by the `generate-yaml` target. 100 | 101 | - `CMAKE_VERSION`: The specific cmake version to install inside the images. This affects rootfs and builder images 102 | build. By default, it is set to the content of the [CMAKE_VERSION](./CMAKE_VERSION) file. 103 | 104 | Feel free to adjust these variables to match your desired configuration. 105 | -------------------------------------------------------------------------------- /matrix_gen/pkg/matrix/output.go: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 2 | /* 3 | Copyright (C) 2023 The Falco Authors. 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this file except in compliance with the License. 7 | You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | 17 | */ 18 | 19 | package matrix 20 | 21 | import ( 22 | "encoding/json" 23 | "fmt" 24 | "github.com/olekukonko/tablewriter" 25 | "io/fs" 26 | "log" 27 | "os" 28 | "path/filepath" 29 | "sort" 30 | "strings" 31 | "time" 32 | ) 33 | 34 | type Result struct { 35 | Rc int `json:"rc"` 36 | Skipped bool `json:"skipped"` 37 | StdErr string `json:"stderr"` 38 | Msg string `json:"msg"` 39 | FalseCondition string `json:"false_condition"` 40 | } 41 | 42 | type Entry map[string]Result 43 | 44 | type Output struct { 45 | entries map[string]Entry 46 | testList map[string]time.Time 47 | } 48 | 49 | func loadTestResult(path string) Result { 50 | file, _ := os.ReadFile(path) 51 | res := Result{} 52 | err := json.Unmarshal(file, &res) 53 | if err != nil { 54 | log.Fatal(err) 55 | } 56 | return res 57 | } 58 | 59 | func (m *Output) addTestResult(path string) { 60 | subPaths := strings.Split(path, "/") 61 | testName := strings.TrimSuffix(subPaths[len(subPaths)-1], ".json") 62 | machineName := subPaths[len(subPaths)-2] 63 | 64 | if _, ok := m.entries[machineName]; !ok { 65 | m.entries[machineName] = make(map[string]Result) 66 | } 67 | matrixentry := m.entries[machineName] 68 | matrixentry[testName] = loadTestResult(path) 69 | m.entries[machineName] = matrixentry 70 | } 71 | 72 | func (m *Output) loadSortTestByModTime() []string { 73 | type kv struct { 74 | Key string 75 | Value time.Time 76 | } 77 | 78 | ss := make([]kv, 0, len(m.testList)) 79 | for k, v := range m.testList { 80 | ss = append(ss, kv{k, v}) 81 | } 82 | 83 | sort.Slice(ss, func(i, j int) bool { 84 | return ss[i].Value.Before(ss[j].Value) 85 | }) 86 | 87 | testList := make([]string, 0, len(m.testList)) 88 | for _, val := range ss { 89 | testList = append(testList, val.Key) 90 | } 91 | return testList 92 | } 93 | 94 | func (m *Output) Store(outputFile string) { 95 | fW, err := os.Create(outputFile) 96 | if err != nil { 97 | log.Fatal(err) 98 | } 99 | defer fW.Close() 100 | 101 | // Load sorted by mod time test list, so that they appear 102 | // in correct order 103 | testList := m.loadSortTestByModTime() 104 | 105 | headers := []string{"Kernel"} 106 | for _, testName := range testList { 107 | headers = append(headers, testName) 108 | } 109 | 110 | table := tablewriter.NewWriter(fW) 111 | table.SetHeader(headers) 112 | table.SetBorders(tablewriter.Border{Left: true, Top: false, Right: true, Bottom: false}) 113 | table.SetCenterSeparator("|") 114 | 115 | // Sort by kernel 116 | kernels := make([]string, 0, len(m.entries)) 117 | for k := range m.entries { 118 | kernels = append(kernels, k) 119 | } 120 | sort.Strings(kernels) 121 | 122 | // list of tests that need to be reported to user 123 | // because either failed or skipped 124 | toBeReported := make([]ErrorReportKey, 0) 125 | 126 | for _, kernel := range kernels { 127 | tests := m.entries[kernel] 128 | data := make([]string, len(headers)) 129 | for idx, testName := range headers { 130 | if idx == 0 { 131 | data[idx] = kernel 132 | continue 133 | } 134 | testRes := tests[testName] 135 | mErrKey := newErrorReportKey(kernel, testName, testRes) 136 | if testRes.Skipped { 137 | data[idx] = fmt.Sprintf("[🟡](%s)", mErrKey.ToMDSectionLink()) 138 | toBeReported = append(toBeReported, mErrKey) 139 | } else if testRes.Rc != 0 { 140 | data[idx] = fmt.Sprintf("[❌](%s)", mErrKey.ToMDSectionLink()) 141 | toBeReported = append(toBeReported, mErrKey) 142 | } else { 143 | data[idx] = "🟢" 144 | } 145 | idx++ 146 | } 147 | table.Append(data) 148 | } 149 | table.Render() // Send output 150 | 151 | // After the table, append all the failed/skipped tests 152 | // outputs, each as a separate section, 153 | // to allow users to quickly heck them. 154 | fW.WriteString("\n\n") 155 | for _, mErrReport := range toBeReported { 156 | mErrReport.Dump(fW) 157 | } 158 | } 159 | 160 | func NewOutput() *Output { 161 | return &Output{ 162 | entries: make(map[string]Entry), 163 | testList: make(map[string]time.Time), 164 | } 165 | } 166 | 167 | func (m *Output) Loop(rootFolder string) error { 168 | err := filepath.WalkDir(rootFolder, func(path string, d fs.DirEntry, err error) error { 169 | if d.Type() == 0 { // regular file 170 | m.addTestResult(path) 171 | 172 | testName := strings.TrimSuffix(d.Name(), ".json") 173 | if _, ok := m.testList[testName]; !ok { 174 | info, _ := d.Info() 175 | m.testList[testName] = info.ModTime() 176 | } 177 | } 178 | return nil 179 | }) 180 | return err 181 | } 182 | -------------------------------------------------------------------------------- /images/Makefile: -------------------------------------------------------------------------------- 1 | DRY_RUN ?= false 2 | PUSH ?= false 3 | LATEST ?= false 4 | TAG ?= main 5 | CLEANUP ?= false 6 | REPOSITORY ?= ghcr.io/falcosecurity/kernel-testing 7 | ARCH ?= $(shell uname -m) 8 | YAML_FILE ?= images.yaml 9 | CMAKE_VERSION ?= $(shell cat CMAKE_VERSION) 10 | 11 | .PHONY: build-rootfs build-kernel generate-yaml build-all initrd-builder modernprobe-builder builder 12 | 13 | builder: 14 | if [ "$(DRY_RUN)" = "true" ]; then \ 15 | echo "Dry run: Building builder image: docker build -t $(REPOSITORY)/builder:$(ARCH)-$(TAG) --build-arg CMAKE_VERSION=\"$(CMAKE_VERSION)\" builder"; \ 16 | else \ 17 | echo "Building builder image"; \ 18 | image=$(REPOSITORY)/builder:$(ARCH); \ 19 | docker build \ 20 | -t $$image-$(TAG) \ 21 | --build-arg CMAKE_VERSION="$(CMAKE_VERSION)" \ 22 | builder || echo "FAIL: $$image-$(TAG)" >> failed.txt; \ 23 | if [ "$(PUSH)" = "true" ]; then \ 24 | echo "Pushing image: $$image-$(TAG)"; \ 25 | docker push $$image-$(TAG); \ 26 | if [ "$(LATEST)" = "true" ]; then \ 27 | echo "Pushing image: $$image-latest"; \ 28 | docker tag $$image-$(TAG) $$image-latest; \ 29 | docker push $$image-latest; \ 30 | fi; \ 31 | fi; \ 32 | fi 33 | 34 | modernprobe-builder: 35 | if [ "$(DRY_RUN)" = "true" ]; then \ 36 | echo "Dry run: Building modernprobe-builder image: docker build -t $(REPOSITORY)/modernprobe-builder:$(ARCH)-$(TAG) --build-arg CMAKE_VERSION=\"$(CMAKE_VERSION)\" modernprobe-builder"; \ 37 | else \ 38 | echo "Building modernprobe-builder image"; \ 39 | image=$(REPOSITORY)/modernprobe-builder:$(ARCH); \ 40 | docker build \ 41 | -t $$image-$(TAG) \ 42 | --build-arg CMAKE_VERSION="$(CMAKE_VERSION)" \ 43 | modernprobe-builder || echo "FAIL: $$image-$(TAG)" >> failed.txt; \ 44 | if [ "$(PUSH)" = "true" ]; then \ 45 | echo "Pushing image: $$image-$(TAG)"; \ 46 | docker push $$image-$(TAG); \ 47 | if [ "$(LATEST)" = "true" ]; then \ 48 | echo "Pushing image: $$image-latest"; \ 49 | docker tag $$image-$(TAG) $$image-latest; \ 50 | docker push $$image-latest; \ 51 | fi; \ 52 | fi; \ 53 | fi 54 | 55 | # No need to push intrd-builder image; it is just used locally as base to other images. 56 | initrd-builder: 57 | if [ "$(DRY_RUN)" = "true" ]; then \ 58 | echo "Dry run: Building initrd-builder image: docker build -t initrd-builder:0.0.1 initrd-builder"; \ 59 | else \ 60 | echo "Building initrd-builder image"; \ 61 | docker build -t initrd-builder:0.0.1 initrd-builder || echo "FAIL: initrd-builder" >> failed.txt; \ 62 | fi 63 | 64 | build-rootfs: 65 | @for rootfs_dir in $$(find . -type f -name "Dockerfile" -path "*$(ARCH)/*" -printf '%h\n'); do \ 66 | version=$$(basename $$rootfs_dir); \ 67 | distro=$$(basename $$(dirname $$rootfs_dir)); \ 68 | image=$(REPOSITORY)/$$distro-image:$$version-$(ARCH); \ 69 | if [ "$(DRY_RUN)" = "true" ]; then \ 70 | echo "Dry run: Building rootfs image: docker build -t $$image-$(TAG) --build-arg CMAKE_VERSION=\"$(CMAKE_VERSION)\" $$rootfs_dir"; \ 71 | else \ 72 | echo "Building rootfs image: $$image-$(TAG)"; \ 73 | docker build \ 74 | -t $$image-$(TAG) \ 75 | --build-arg CMAKE_VERSION="$(CMAKE_VERSION)" \ 76 | $$rootfs_dir || echo "FAIL: $$image-$(TAG)" >> failed.txt; \ 77 | if [ "$(PUSH)" = "true" ]; then \ 78 | echo "Pushing image: $$image-$(TAG)"; \ 79 | docker push $$image-$(TAG); \ 80 | if [ "$(LATEST)" = "true" ]; then \ 81 | echo "Pushing image: $$image-latest"; \ 82 | docker tag $$image-$(TAG) $$image-latest; \ 83 | docker push $$image-latest; \ 84 | fi; \ 85 | fi; \ 86 | if [ "$(CLEANUP)" = "true" ]; then \ 87 | echo "Cleaning image: $$image-$(TAG)"; \ 88 | docker image rm -f $$image-$(TAG); \ 89 | docker image rm -f $$image-latest; \ 90 | docker system prune -f; \ 91 | fi; \ 92 | fi; \ 93 | done 94 | 95 | build-kernel: initrd-builder 96 | @for kernel_dir in $$(find . -type f -name "Dockerfile.kernel" -path "*$(ARCH)/*" -printf '%h\n'); do \ 97 | version=$$(basename $$kernel_dir); \ 98 | distro=$$(basename $$(dirname $$kernel_dir)); \ 99 | image=$(REPOSITORY)/$$distro-kernel:$$version-$(ARCH); \ 100 | if [ "$(DRY_RUN)" = "true" ]; then \ 101 | echo "Dry run: Building kernel image: docker build -t $$image-$(TAG) -f $$kernel_dir/Dockerfile.kernel $$kernel_dir"; \ 102 | else \ 103 | echo "Building kernel image: $$image-$(TAG)"; \ 104 | docker build -t $$image-$(TAG) -f $$kernel_dir/Dockerfile.kernel $$kernel_dir || echo "FAIL: $$image-$(TAG)" >> failed.txt; \ 105 | if [ "$(PUSH)" = "true" ]; then \ 106 | echo "Pushing image: $$image-$(TAG)"; \ 107 | docker push $$image-$(TAG); \ 108 | if [ "$(LATEST)" = "true" ]; then \ 109 | echo "Pushing image: $$image-latest"; \ 110 | docker tag $$image-$(TAG) $$image-latest; \ 111 | docker push $$image-latest; \ 112 | fi; \ 113 | fi; \ 114 | if [ "$(CLEANUP)" = "true" ]; then \ 115 | echo "Cleaning image: $$image-$(TAG)"; \ 116 | docker image rm -f $$image-$(TAG); \ 117 | docker image rm -f $$image-latest; \ 118 | docker system prune -f; \ 119 | fi; \ 120 | fi; \ 121 | done 122 | 123 | %: initrd-builder 124 | @version=$$(basename $@); \ 125 | distro=$$(basename $$(dirname $@)); \ 126 | arch=$(ARCH); \ 127 | rootfs_dir=$$(find . -type d -path "./$$arch/$$distro/$$version"); \ 128 | kernel_dir=$$(find . -type d -path "./$$arch/$$distro/$$version"); \ 129 | rootfs_image=$(REPOSITORY)/$$distro-image:$$version-$$arch-$(TAG); \ 130 | kernel_image=$(REPOSITORY)/$$distro-kernel:$$version-$$arch-$(TAG); \ 131 | if [ -n "$$rootfs_dir" ]; then \ 132 | if [ "$(DRY_RUN)" = "true" ]; then \ 133 | echo "Dry run: Building rootfs image: docker build -t $$rootfs_image --build-arg CMAKE_VERSION=\"$(CMAKE_VERSION)\" $$rootfs_dir"; \ 134 | else \ 135 | echo "Building rootfs image: $$rootfs_image"; \ 136 | docker build \ 137 | -t $$rootfs_image \ 138 | --build-arg CMAKE_VERSION="$(CMAKE_VERSION)" \ 139 | $$rootfs_dir; \ 140 | if [ "$(PUSH)" = "true" ]; then \ 141 | echo "Pushing image: $$rootfs_image"; \ 142 | docker push $$rootfs_image; \ 143 | fi; \ 144 | fi; \ 145 | fi; \ 146 | if [ -n "$$kernel_dir" ]; then \ 147 | if [ "$(DRY_RUN)" = "true" ]; then \ 148 | echo "Dry run: Building kernel image: docker build -t $$kernel_image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir"; \ 149 | else \ 150 | echo "Building kernel image: $$kernel_image"; \ 151 | docker build \ 152 | -t $$kernel_image \ 153 | -f $$kernel_dir/Dockerfile.kernel \ 154 | $$kernel_dir; \ 155 | if [ "$(PUSH)" = "true" ]; then \ 156 | echo "Pushing image: $$kernel_image"; \ 157 | docker push $$kernel_image; \ 158 | fi; \ 159 | fi; \ 160 | fi; 161 | 162 | generate-yaml: 163 | @echo "machines:" > $(YAML_FILE) 164 | @for rootfs_image in $$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "$(REPOSITORY)" | grep "$(ARCH)" | grep "\-image" | sort); do \ 165 | version=$$(echo $$rootfs_image | cut -d':' -f2 | cut -d'-' -f1); \ 166 | distro=$$(echo $$rootfs_image | cut -d'/' -f2 | cut -d'-' -f1); \ 167 | arch=$(ARCH); \ 168 | kernel_image=$$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "$(REPOSITORY)/$$distro-kernel:$$version-$$arch"); \ 169 | if [ -n "$$kernel_image" ]; then \ 170 | echo " - {name: \"$$distro-$$version\", kernel: \"$$kernel_image\", rootfs: \"$$rootfs_image\", arch: \"$$arch\"}" >> $(YAML_FILE); \ 171 | fi; \ 172 | done 173 | 174 | build-all: build-kernel build-rootfs modernprobe-builder builder 175 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/scap_open/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for scap_open 3 | - name: Setting output directory for results 4 | ansible.builtin.set_fact: 5 | scap_open_output_dest_dir: "{{ output_dir }}/scap-open-test/{{ inventory_hostname }}" 6 | 7 | - name: Create output directory on localhost 8 | become: false 9 | delegate_to: localhost 10 | block: 11 | - name: Create output directory if it does not exist ({{ output_dir }}) 12 | ansible.builtin.file: 13 | path: "{{ scap_open_output_dest_dir }}" 14 | state: directory 15 | mode: '0755' 16 | 17 | - name: Check Modern Bpf Support 18 | block: 19 | - name: Check modern-bpf support 20 | ansible.builtin.command: 21 | cmd: /tmp/scap-open --num_events 0 --modern_bpf 22 | register: scap_open_result 23 | changed_when: false 24 | rescue: 25 | - name: Disable Modern Bpf support 26 | ansible.builtin.set_fact: 27 | scap_open_modern_bpf_supported: false 28 | when: scap_open_result.rc == 95 29 | 30 | - name: Check Old Bpf Support 31 | block: 32 | - name: Enable old Bpf support 33 | ansible.builtin.set_fact: 34 | scap_open_bpf_supported: true 35 | # Enable legacy BPF support if the minimum kernel version requirement is met and the user didn't explicitly decide 36 | # to skip legacy BPF tests. 37 | when: 38 | - ansible_kernel is version(scap_open_bpf_minimum_kver[ansible_architecture],'>=') 39 | - machines 40 | | selectattr('name', 'equalto', inventory_hostname) 41 | | selectattr('arch', 'equalto', ansible_architecture) 42 | | map(attribute='skip_legacy_bpf_tests') 43 | | map('default', false) 44 | | select('equalto', true) 45 | | list 46 | | length == 0 47 | 48 | - name: Prepare the build directory 49 | block: 50 | - name: Create cmake output dir 51 | ansible.builtin.file: 52 | path: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 53 | state: directory 54 | mode: "0766" 55 | register: scap_open_cmake_result 56 | 57 | - name: Prepare cmake for repository 58 | ansible.builtin.command: 59 | cmd: > 60 | cmake 61 | -DUSE_BUNDLED_DEPS=ON 62 | -DBUILD_LIBSCAP_MODERN_BPF=OFF 63 | -DBUILD_LIBSCAP_GVISOR=OFF 64 | -DBUILD_BPF={{ scap_open_bpf_supported }} 65 | -DCREATE_TEST_TARGETS=OFF 66 | .. 67 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 68 | changed_when: false 69 | register: scap_open_cmake_result 70 | rescue: 71 | - name: Print error message to stdout --- build directory 72 | ansible.builtin.debug: 73 | var: scap_open_cmake_result 74 | always: 75 | - name: Dump error message to file 76 | ansible.builtin.copy: 77 | content: "{{ scap_open_cmake_result | to_nice_json }}" 78 | dest: "{{ scap_open_output_dest_dir }}/cmake-configure.json" 79 | mode: '0755' 80 | delegate_to: localhost 81 | become: false 82 | 83 | - name: Build and load the kernel module 84 | block: 85 | - name: Unload the kernel module 86 | ansible.builtin.command: 87 | cmd: rmmod driver/scap.ko 88 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 89 | failed_when: false 90 | changed_when: false 91 | 92 | - name: Build kmod 93 | ansible.builtin.command: 94 | cmd: cmake --build . --target driver --parallel {{ cpus }} 95 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 96 | register: scap_open_km_result 97 | changed_when: false 98 | 99 | - name: Load the kernel module 100 | ansible.builtin.command: 101 | cmd: insmod driver/scap.ko 102 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 103 | register: scap_open_km_result 104 | changed_when: false 105 | rescue: 106 | - name: Print error message to stdout --- kernel module 107 | ansible.builtin.debug: 108 | var: scap_open_km_result 109 | always: 110 | - name: Dump error message to file 111 | ansible.builtin.copy: 112 | content: "{{ scap_open_km_result | to_nice_json }}" 113 | dest: "{{ scap_open_output_dest_dir }}/kmod_build.json" 114 | mode: '0755' 115 | delegate_to: localhost 116 | become: false 117 | 118 | - name: Scap-open + kernel module 119 | block: 120 | - name: Run scap-open with kernel module 121 | ansible.builtin.command: 122 | cmd: /tmp/scap-open --num_events 50 --kmod 123 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 124 | register: scap_open_result 125 | changed_when: false 126 | 127 | - name: Unload the kernel module 128 | ansible.builtin.command: 129 | cmd: rmmod driver/scap.ko 130 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 131 | register: scap_open_result 132 | changed_when: false 133 | rescue: 134 | - name: Print error message to stdout -- scap-open + kernel module 135 | ansible.builtin.debug: 136 | var: scap_open_result 137 | always: 138 | - name: Dump error message to file 139 | ansible.builtin.copy: 140 | content: "{{ scap_open_result | to_nice_json }}" 141 | dest: "{{ scap_open_output_dest_dir }}/kmod_scap-open.json" 142 | mode: '0755' 143 | delegate_to: localhost 144 | become: false 145 | 146 | - name: Build bpf probe 147 | block: 148 | - name: Build bpf probe 149 | ansible.builtin.command: 150 | cmd: cmake --build . --target bpf --parallel {{ cpus }} 151 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 152 | register: scap_open_bpf_probe_result 153 | when: scap_open_bpf_supported 154 | changed_when: false 155 | rescue: 156 | - name: Print error message to stdout --- build bpf probe 157 | ansible.builtin.debug: 158 | var: scap_open_bpf_probe_result 159 | always: 160 | - name: Dump error message to file 161 | ansible.builtin.copy: 162 | content: "{{ scap_open_bpf_probe_result | to_nice_json }}" 163 | dest: "{{ scap_open_output_dest_dir }}/bpf-probe_build.json" 164 | mode: '0755' 165 | delegate_to: localhost 166 | become: false 167 | 168 | - name: Scap-open + bpf probe 169 | block: 170 | - name: Run scap-open with bpf probe 171 | ansible.builtin.command: 172 | cmd: /tmp/scap-open --num_events 50 --bpf driver/bpf/probe.o 173 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 174 | register: scap_open_result 175 | when: scap_open_bpf_supported 176 | changed_when: false 177 | rescue: 178 | - name: Print error message to stdout --- scap-open + bpf probe 179 | ansible.builtin.debug: 180 | var: scap_open_result 181 | always: 182 | - name: Dump error message to file 183 | ansible.builtin.copy: 184 | content: "{{ scap_open_result | to_nice_json }}" 185 | dest: "{{ scap_open_output_dest_dir }}/bpf-probe_scap-open.json" 186 | mode: '0755' 187 | delegate_to: localhost 188 | become: false 189 | 190 | - name: Scap-open + modern probe 191 | block: 192 | - name: Run scap-open with modern-probe 193 | ansible.builtin.command: 194 | cmd: /tmp/scap-open --num_events 50 --modern_bpf 195 | chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" 196 | register: scap_open_result 197 | when: scap_open_modern_bpf_supported 198 | changed_when: false 199 | rescue: 200 | - name: Print error message to stdout --- scap-open + modern probe 201 | ansible.builtin.debug: 202 | var: scap_open_result 203 | always: 204 | - name: Dump error message to file 205 | ansible.builtin.copy: 206 | content: "{{ scap_open_result | to_nice_json }}" 207 | dest: "{{ scap_open_output_dest_dir }}/modern-bpf_scap-open.json" 208 | mode: '0755' 209 | delegate_to: localhost 210 | become: false 211 | -------------------------------------------------------------------------------- /ansible-playbooks/group_vars/all/vars.yml: -------------------------------------------------------------------------------- 1 | # These variables are shared among all roles. 2 | 3 | # Time in seconds to wait for the hosts to be available after the virtual machines are newly created. 4 | time_out: 600 5 | 6 | # User used to log in to virtual machine and used to administer the cluster through cli tools 7 | user: root 8 | 9 | ######################### 10 | # Machine Configuration # 11 | ######################### 12 | 13 | # Images tag to be used. 14 | tag: main 15 | 16 | # Image repository to be used. 17 | repo: "ghcr.io/falcosecurity/kernel-testing" 18 | 19 | # Each machine entry requires the following fields 20 | # name: the name given to the vm; 21 | # kernel: reference to an OCI image containing a kernel; 22 | # rootfs: reference to an OCI image used as base rootfs for the vm. 23 | # arch: architecture of the kernel and base images. (x86_64/aarch64). 24 | machines: 25 | - {name: "amazonlinux2022-5.15", kernel: "{{ repo }}/amazonlinux2022-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2022-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 26 | - {name: "amazonlinux2023-6.1", kernel: "{{ repo }}/amazonlinux2023-kernel:6.1-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2023-image:6.1-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 27 | - {name: "amazonlinux2-5.10", kernel: "{{ repo }}/amazonlinux2-kernel:5.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 28 | - {name: "amazonlinux2-5.15", kernel: "{{ repo }}/amazonlinux2-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 29 | - {name: "amazonlinux2-5.4", kernel: "{{ repo }}/amazonlinux2-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 30 | - {name: "archlinux-6.0", kernel: "{{ repo }}/archlinux-kernel:6.0-x86_64-{{ tag }}", rootfs: "{{ repo }}/archlinux-image:6.0-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 31 | - {name: "archlinux-6.7", kernel: "{{ repo }}/archlinux-kernel:6.7-x86_64-{{ tag }}", rootfs: "{{ repo }}/archlinux-image:6.7-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 32 | - {name: "centos-3.10", kernel: "{{ repo }}/centos-kernel:3.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 33 | - {name: "centos-4.18", kernel: "{{ repo }}/centos-kernel:4.18-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:4.18-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 34 | - {name: "centos-5.14", kernel: "{{ repo }}/centos-kernel:5.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:5.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 35 | - {name: "fedora-5.17", kernel: "{{ repo }}/fedora-kernel:5.17-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.17-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 36 | - {name: "fedora-5.8", kernel: "{{ repo }}/fedora-kernel:5.8-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.8-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 37 | - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 38 | - {name: "oraclelinux-3.10", kernel: "{{ repo }}/oraclelinux-kernel:3.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 39 | - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 40 | - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 41 | - {name: "oraclelinux-5.4", kernel: "{{ repo }}/oraclelinux-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.4-x86_64-{{ tag }}", arch: "x86_64", skip_legacy_bpf_tests: true} # noqa: yaml[line-length] 42 | - {name: "ubuntu-5.8", kernel: "{{ repo }}/ubuntu-kernel:5.8-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:5.8-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 43 | - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 44 | - {name: "amazonlinux2022-5.15", kernel: "{{ repo }}/amazonlinux2022-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2022-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] 45 | - {name: "amazonlinux2-5.4", kernel: "{{ repo }}/amazonlinux2-kernel:5.4-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.4-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] 46 | - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-aarch64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] 47 | - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] 48 | - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-aarch64-{{ tag }}", arch: "aarch64", skip_legacy_bpf_tests: true} # noqa: yaml[line-length] 49 | - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-aarch64-v0.3.2", rootfs: "{{ repo }}/ubuntu-image:6.5-aarch64-v0.3.2", arch: "aarch64"} # noqa: yaml[line-length] 50 | 51 | builders: 52 | - {name: "centos-builder", kernel: "{{ repo }}/ubuntu-kernel:6.5-x86_64-{{ tag }}", rootfs: "{{ repo }}/builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 53 | - {name: "fedora-builder", kernel: "{{ repo }}/fedora-kernel:6.2-x86_64-{{ tag }}", rootfs: "{{ repo }}/modernprobe-builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] 54 | - {name: "centos-builder", kernel: "{{ repo }}/ubuntu-kernel:6.5-aarch64-{{ tag }}", rootfs: "{{ repo }}/builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] 55 | - {name: "fedora-builder", kernel: "{{ repo }}/fedora-kernel:6.2-aarch64-{{ tag }}", rootfs: "{{ repo }}/modernprobe-builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] 56 | 57 | output_dir: "~/ansible_output" 58 | # Number of cpus. 59 | cpus: 2 60 | # Memory size in mebibytes. 61 | memory: 2048 62 | 63 | # run_id is used to identify all the machines generated by a given run of the playbook. 64 | run_id: "here-goes-the-id" 65 | 66 | ##################### 67 | # SSH configuration # 68 | ##################### 69 | 70 | # Path to the generated SSH private key file 71 | ssh_key_path: "/root/.ssh" 72 | ssh_key_name: firecracker_machines 73 | 74 | # Path to the private key 75 | prv_key_path: "{{ ssh_key_path }}/{{ ssh_key_name }}" 76 | 77 | # Path to the public key used to ssh to the machines, if this key does not exist then a new one is generated with the same name 78 | pub_key_path: "{{ ssh_key_path }}/{{ ssh_key_name }}.pub" 79 | 80 | 81 | # Repositories to be cloned on the local machine and copied to the VMs 82 | # Each repos entry requires the following fields: 83 | # name: the folder name where the repo will be cloned. Root folder under ./roles/git-repos/files/repos 84 | # repo: git, SSH, or HTTP(S) protocol address of the git repository; 85 | # version: What version of the repository to check out. This can be the literal string HEAD, 86 | # a branch name, a tag name. It can also be a SHA-1 hash, in which case refspec needs to be 87 | # specified if the given revision is not already available. If not set the default value is "HEAD". 88 | # refspec: Add an additional refspec to be fetched. If version is set to a SHA-1 not reachable 89 | # from any branch or tag, this option may be necessary to specify the ref containing the SHA-1. 90 | # Uses the same syntax as the git fetch command. An example value could be “refs/meta/config”. 91 | # Docs ref: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/git_module.html 92 | repos: 93 | libs: {name: "falcosecurity-libs", repo: "https://github.com/falcosecurity/libs.git", version: "master"} 94 | 95 | local_repos_folder: "./roles/git_repos/files/repos" 96 | remote_repos_folder: "/root" 97 | 98 | # Directory where files that must persistent among different runs are stored. 99 | cached_files_path: "/root/kernel_testing_ci_cache" 100 | 101 | # Directory where ephemeral, run-specific files are stored. 102 | runtime_root: "{{ playbook_dir }}/runtime" 103 | -------------------------------------------------------------------------------- /ansible-playbooks/roles/bootstrap/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for bootstrap 3 | 4 | - name: "Assert mandatory variables are defined" 5 | ansible.builtin.assert: 6 | that: 7 | - machines is defined 8 | - ssh_key_path != "" 9 | - runtime_root != "" 10 | - run_id != "" 11 | 12 | - name: Check if the ~/.ssh directory exists, if not create it 13 | ansible.builtin.file: 14 | path: "{{ ssh_key_path }}" 15 | state: directory 16 | mode: '0755' 17 | 18 | - name: Checking if ssh key exists and if not generate a new one 19 | community.crypto.openssh_keypair: 20 | path: "{{ prv_key_path }}" 21 | 22 | - name: Create the cached files directory 23 | ansible.builtin.file: 24 | path: "{{ cached_files_path }}" 25 | state: directory 26 | mode: '0755' 27 | 28 | - name: Set run files directory for the current run run_id={{ run_id }} 29 | ansible.builtin.set_fact: 30 | bootstrap_run_files_path: "{{ runtime_root }}/{{ run_id }}" 31 | 32 | - name: Create the run files directory run_id={{ run_id }} 33 | ansible.builtin.file: 34 | path: "{{ bootstrap_run_files_path }}" 35 | state: directory 36 | mode: '0755' 37 | 38 | - name: Pull kernel and rootfs OCI images 39 | block: 40 | - name: Pull kernel OCI images 41 | community.docker.docker_image: 42 | name: "{{ item.kernel }}" 43 | source: pull 44 | force_source: true 45 | loop: "{{ machines | union(builders) }}" 46 | when: item.arch == ansible_facts["architecture"] 47 | 48 | - name: Pull rootfs OCI images 49 | community.docker.docker_image: 50 | name: "{{ item.rootfs }}" 51 | source: pull 52 | force_source: true 53 | loop: "{{ machines | union(builders) }}" 54 | when: item.arch == ansible_facts["architecture"] 55 | 56 | - name: Extract vmlinux and initrd from kernel OCI images # noqa: risky-shell-pipe 57 | vars: 58 | kernel_basename: "{{ item.kernel | basename | regex_replace(':', '.') }}" 59 | args: 60 | creates: "{{ cached_files_path }}/{{ kernel_basename }}.initrd" 61 | loop: "{{ machines | union(builders) }}" 62 | when: item.arch == ansible_facts['architecture'] 63 | become: true 64 | ansible.builtin.shell: | 65 | # Enable Bash safety only if running under Bash 66 | [ -n "$BASH_VERSION" ] && eval "set -eo pipefail" 67 | 68 | CID="" 69 | TMP_DIR="" 70 | 71 | cleanup() { 72 | [ -n "$CID" ] && docker rm "$CID" >/dev/null 2>&1 || : 73 | [ -n "$TMP_DIR" ] && rm -rf "$TMP_DIR" || : 74 | } 75 | 76 | # Trigger cleanup at exit. 77 | trap cleanup EXIT 78 | 79 | # Create container. 80 | CID=$(docker create "{{ item.kernel }}" /bin/sh) || exit 1 81 | 82 | # Create a temporary directory. 83 | TMP_DIR=$(mktemp -d) || exit 1 84 | 85 | # Export and extract vmlinux and initrd while preserving permissions. 86 | # note: --same-owner and --preserve-permissions requires this task to be run as root. 87 | docker export "$CID" | tar -x \ 88 | --same-owner \ 89 | --preserve-permissions \ 90 | -C "$TMP_DIR" \ 91 | --strip-components=1 \ 92 | boot/vmlinux \ 93 | boot/initrd 94 | 95 | # Move extracted vmlinux and initrd to destination. 96 | mv "$TMP_DIR/vmlinux" "{{ cached_files_path }}/{{ kernel_basename }}.vmlinux" 97 | mv "$TMP_DIR/initrd" "{{ cached_files_path }}/{{ kernel_basename }}.initrd" 98 | 99 | - name: Create raw disk images containing ext4 filesystem from rootfs OCI images # noqa: risky-shell-pipe 100 | vars: 101 | rootfs_basename: "{{ item.rootfs | basename | regex_replace(':', '.') }}" 102 | disk_image: "{{ cached_files_path }}/{{ rootfs_basename }}.ext4" 103 | args: 104 | creates: "{{ disk_image }}" 105 | loop: "{{ machines | union(builders) }}" 106 | when: item.arch == ansible_facts['architecture'] 107 | become: true 108 | ansible.builtin.shell: | 109 | # Enable Bash safety only if running under Bash. 110 | [ -n "$BASH_VERSION" ] && eval "set -eo pipefail" 111 | 112 | CID="" 113 | TMP_DIR="" 114 | LOOPDEV="" 115 | 116 | cleanup() { 117 | EXIT_STATUS=$? 118 | [ "$EXIT_STATUS" -ne 0 ] && rm -rf "{{ disk_image }}" || : 119 | [ -n "$CID" ] && docker rm "$CID" >/dev/null 2>&1 || : 120 | [ -n "$LOOPDEV" ] && losetup -d "$LOOPDEV" >/dev/null 2>&1 || : 121 | if [ -n "$TMP_DIR" ]; then 122 | mountpoint -q "$TMP_DIR" && umount "$TMP_DIR" || : 123 | rm -rf "$TMP_DIR" || : 124 | fi 125 | } 126 | 127 | # Trigger cleanup at exit. 128 | trap cleanup EXIT 129 | 130 | # Create an initial empty disk image. 131 | truncate -s 5G "{{ disk_image }}" 132 | mkfs.ext4 -F "{{ disk_image }}" 133 | 134 | # Create container. 135 | CID=$(docker create "{{ item.rootfs }}" /bin/sh) || exit 1 136 | 137 | # Create a temporary directory. 138 | TMP_DIR=$(mktemp -d) || exit 1 139 | 140 | # Attach loop device explicitly 141 | LOOPDEV=$(losetup -f --show "{{ disk_image }}") 142 | 143 | # Mount disk on a loop device and copy the image content into the disk. 144 | mount -o loop "{{ disk_image }}" "$TMP_DIR" 145 | docker export "$CID" | tar -C "$TMP_DIR" -xf - 146 | 147 | # Finalize and check disk integrity. 148 | sync 149 | umount "$TMP_DIR" 150 | losetup -d "$LOOPDEV" 151 | LOOPDEV="" 152 | e2fsck -fy "{{ disk_image }}" 153 | 154 | - name: Clone raw disk images for the current run run_id={{ run_id }} 155 | vars: 156 | rootfs_basename: "{{ item.rootfs | basename | regex_replace(':', '.') }}" 157 | original_image: "{{ cached_files_path }}/{{ rootfs_basename }}.ext4" 158 | working_image: "{{ bootstrap_run_files_path }}/{{ rootfs_basename }}.ext4" 159 | # Create a lightweight CoW clone (if fs supports reflinks) and preserve raw disk sparseness. 160 | ansible.builtin.command: > 161 | cp --sparse=always --reflink=auto "{{ original_image }}" "{{ working_image }}" 162 | args: 163 | creates: "{{ working_image }}" 164 | loop: "{{ machines | union(builders) }}" 165 | when: item.arch == ansible_facts['architecture'] 166 | become: true 167 | 168 | - name: Setup ssh inside rootfs ext4 image clones 169 | vars: 170 | rootfs_basename: "{{ item.rootfs | basename | regex_replace(':', '.') }}" 171 | disk_image: "{{ bootstrap_run_files_path }}/{{ rootfs_basename }}.ext4" 172 | become: true 173 | block: 174 | - name: Ensure filesystem is clean before modifying rootfs ext4 image clones 175 | ansible.builtin.command: e2fsck -fy "{{ disk_image }}" 176 | changed_when: false 177 | loop: "{{ machines | union(builders) }}" 178 | when: item.arch == ansible_facts['architecture'] 179 | 180 | - name: Ensure /root/.ssh exists inside rootfs ext4 image clones 181 | ansible.builtin.shell: | 182 | e2mkdir -P 700 "{{ disk_image }}:/root/.ssh" || : 183 | changed_when: false 184 | loop: "{{ machines | union(builders) }}" 185 | when: item.arch == ansible_facts['architecture'] 186 | 187 | - name: Copy public key inside rootfs ext4 image clones 188 | ansible.builtin.shell: | 189 | e2cp -P 600 "{{ pub_key_path }}" "{{ disk_image }}":/root/.ssh/authorized_keys 190 | changed_when: false 191 | loop: "{{ machines | union(builders) }}" 192 | when: item.arch == ansible_facts['architecture'] 193 | 194 | - name: Run common/tasks/compute_tap_dev_map.yml 195 | ansible.builtin.import_role: 196 | name: common 197 | tasks_from: compute_tap_dev_map 198 | 199 | - name: Verify any conflict in tap device map 200 | ansible.builtin.command: > 201 | "{{ role_path }}/files/check_net_conflicts.sh" {{ common_tap_dev_map | to_json | quote }} 202 | changed_when: false 203 | 204 | - name: Create and configure tap devices for VMs 205 | become: true 206 | block: 207 | - name: Create tap devices 208 | vars: 209 | tap_dev_name: "{{ common_tap_dev_map[item.name].name }}" 210 | ansible.builtin.command: ip tuntap add dev "{{ tap_dev_name }}" mode tap 211 | args: 212 | creates: "/sys/class/net/{{ tap_dev_name }}/ifindex" 213 | loop: "{{ machines | union(builders) }}" 214 | when: item.arch == ansible_facts["architecture"] 215 | 216 | - name: Set tap devices up 217 | vars: 218 | tap_dev_name: "{{ common_tap_dev_map[item.name].name }}" 219 | ansible.builtin.command: ip link set "{{ tap_dev_name }}" up 220 | loop: "{{ machines | union(builders) }}" 221 | when: item.arch == ansible_facts["architecture"] 222 | changed_when: false 223 | 224 | - name: Set IP addresses on tap devices 225 | vars: 226 | tap_dev_name: "{{ common_tap_dev_map[item.name].name }}" 227 | ip_addr: "{{ common_tap_dev_map[item.name].host_ip }}/30" 228 | ansible.builtin.command: ip addr add "{{ ip_addr }}" dev "{{ tap_dev_name }}" 229 | loop: "{{ machines | union(builders) }}" 230 | when: 231 | - item.arch == ansible_facts["architecture"] 232 | - ip_addr not in lookup('pipe', 'ip -o addr show dev ' ~ tap_dev_name) 233 | changed_when: true 234 | 235 | - name: Start dnsmasq services 236 | become: true 237 | block: 238 | - name: Install dnsmasq-tap@.service 239 | ansible.builtin.copy: 240 | src: dnsmasq-tap@.service 241 | dest: /etc/systemd/system/dnsmasq-tap@.service 242 | owner: root 243 | group: root 244 | mode: "0644" 245 | notify: Reload systemd 246 | 247 | - name: Execute notified systemd reloading handler 248 | ansible.builtin.meta: flush_handlers 249 | 250 | - name: Start dnsmasq service on each tap device 251 | vars: 252 | tap_dev_name: "{{ common_tap_dev_map[item.name].name }}" 253 | host_ip: "{{ common_tap_dev_map[item.name].host_ip }}" 254 | guest_ip: "{{ common_tap_dev_map[item.name].guest_ip }}" 255 | ansible.builtin.systemd: 256 | name: "dnsmasq-tap@{{ tap_dev_name }}:{{ host_ip }}:{{ guest_ip }}" 257 | state: started 258 | loop: "{{ machines | union(builders) }}" 259 | when: item.arch == ansible_facts['architecture'] 260 | 261 | - name: Template the vmconfig.json.j2 configuration file for machine and builders 262 | vars: 263 | kernel_basename: "{{ item.kernel | basename | regex_replace(':', '.') }}" 264 | rootfs_basename: "{{ item.rootfs | basename | regex_replace(':', '.') }}" 265 | vmlinux_path: "{{ cached_files_path }}/{{ kernel_basename }}.vmlinux" 266 | initrd_path: "{{ cached_files_path }}/{{ kernel_basename }}.initrd" 267 | rootfs_disk_path: "{{ bootstrap_run_files_path }}/{{ rootfs_basename }}.ext4" 268 | tap_dev_name: "{{ common_tap_dev_map[item.name].name }}" 269 | ansible.builtin.template: 270 | src: vmconfig.json.j2 271 | dest: "{{ bootstrap_run_files_path }}/{{ item.name }}.json" 272 | mode: '0755' 273 | loop: "{{ machines | union(builders) }}" 274 | when: item.arch == ansible_facts["architecture"] 275 | 276 | - name: Create virtual machines run_id={{ run_id }} 277 | vars: 278 | vm_name: "{{ item.name | regex_replace('[.]', '-') }}-{{ run_id }}" 279 | vm_config_path: "{{ bootstrap_run_files_path }}/{{ item.name }}.json" 280 | vm_socket_path: "/tmp/{{ run_id }}-{{ item.name }}.sock" 281 | vm_logs_path: "{{ bootstrap_run_files_path }}/{{ item.name }}.log" 282 | ansible.builtin.shell: > 283 | RUST_LOG=debug nohup firecracker \ 284 | --no-seccomp \ 285 | --id "{{ vm_name }}" \ 286 | --config-file "{{ vm_config_path }}" \ 287 | --api-sock "{{ vm_socket_path }}" \ 288 | > "{{ vm_logs_path }}" 2>&1 < /dev/null & 289 | args: 290 | executable: /bin/bash 291 | changed_when: true 292 | loop: "{{ machines | union(builders) }}" 293 | when: item.arch == ansible_facts["architecture"] 294 | become: true 295 | 296 | - name: Template the inventory.ini.j2 configuration file to inventory.ini 297 | ansible.builtin.template: 298 | src: inventory.ini.j2 299 | dest: inventory.ini 300 | mode: '0755' 301 | 302 | - name: Refresh inventory to ensure that the new generated one is used 303 | ansible.builtin.meta: refresh_inventory 304 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------