Allow both /etc/ld.so.conf and /etc/ld.so.cache files in /etc since tools expect these to be standard.
See: https://github.com/siderolabs/extensions/pull/1031
Replaces changes for Dockerfile from #12909
Signed-off-by: Noel Georgi <git@frezbo.dev>
(cherry picked from commit 414f78a298fc1a196fe310b17b89d3aadc15e1b4)
The gpu-operator device plugin generates CDI specs with hooks pointing
to /usr/bin/nvidia-ctk and /usr/bin/nvidia-cdi-hook (hardcoded defaults
in NVIDIA/k8s-device-plugin and NVIDIA/nvidia-container-toolkit). Talos
extensions install these binaries under /usr/local/bin/, so pods
requesting nvidia.com/gpu resource limits fail with "no such file".
Add /usr/bin/nvidia-ctk and /usr/bin/nvidia-cdi-hook to the rootfs as
symlinks.
Fixes: #13021
Fixes: https://github.com/siderolabs/extensions/issues/1017
Signed-off-by: David Orman <ormandj@corenode.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 9597714f625ac07bf74de32a24c3e6dad5abdc91)
Add symlinks that are expected by nvidia-gpu-operator.
These symlinks point to empty files when nvidia-container-toolkit extension is not added.
Signed-off-by: Noel Georgi <git@frezbo.dev>
The previous fix (3bd3dd7ca92401312079e37584bfbf7942eab93a) was bad, as
it actually leads to more memory usage by diskfs library.
So drop the library altogether, and populate the filesystem using
`mcopy`. This is also same way as done by `systemd` mkosi script.
Co-authored-by: Noel Georgi <git@frezbo.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This type is used in Image Factory schematic, so move it into machinery
so that it can be imported into IF without pulling Talos core.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
CoreDNS 1.13.0
Linux 6.17.4
Other go.mod dependencies, tools, Helm charts used in tests, etc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See 4b840414be for more information.
Talos versions prior to 1.12 locked to PCR 7 state and PCR 11 for signed policies.
In-order for backwards compatibility newer installs will still default to PCR 7 state. Locking to PCR 7 can be disabled by passing an empty list.
Fixes: #10677
Signed-off-by: Noel Georgi <git@frezbo.dev>
Update xz to v0.5.15 which has a fix for 32-bit build.
This reverts commit cfef3ad4544498a47de17f6b05fb8374c35e3dd8.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Move stuff into `tools/go.mod`.
Also fix linting issues on the way (updating golangci-lint).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add a CI job to build the current VEX file and scan SBOM.
This should enable automatic detection of new vulnerabilities once
information on them becomes available.
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Include all core packages into SBOM, make sure Talos is built with the
same Go versions as pkgs.
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Removing:
* `-v` to suppress successful test output
* `-count 1` to enable Go caching of test results per-package
* `-failfast` to see all failures
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Also generate multiple SBOMs for variants including different
sets of packages and different architectures.
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Drop using the fork https://github.com/siderolabs/wireguard-go which had
a single change to the variable.
Instead, patch the variable using Go linker flags and only for
`machined`.
This fixes the issue with `wg` utility not working for `talosctl cluster
create --with-siderolink` clsuters, as it was using incompatible path.
We do need to override the path for Talos only, as in Talos `/var/run`
is not always available, but outside of Talos itself we never need this
change at all.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
There were missing util-linux libraries for e2fsprogs.
While at it, clean up static libraries from installer/imager containers
to make them even smaller.
Fixes#10814
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Brings in Linux 6.12.21, go 1.24.2.
Also updates Go dependencies, golangci-lint, etc.
The configuration was migrated, fix new linting errors.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Remove some files we don't need, remove some tools, move tools around.
E.g. we don't need grub foreign architecture for the installer, as it
only runs for a specific arch.
Move kmod to imager.
Drop `ctr` from containerd, as it was added to pkgs.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
