The file which is exported back to source via `make generate` is using
short tag (vX.Y.Z), while the one generated for the actual build comes
with full version tag.
Fixes#8898
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Create a dummy SELinux file_contexts file to mitigate the warning. We do not rely on libselinux for labeling, so empty file suffices.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
This fixes the rather irksome warning when using buildkit to build
images.
This should not break anything since the defaults are set to `scratch`
and if the `build-arg` is not passed the copy stage will fail.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#9607
Use docker CLI syntax, support any kind of mounts supported by docker
CLI.
Also drop modules from `talos` container image, as it's useless to
provide modules in container mode.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Part of: #9127
Label executables and processes, build, load and manage SELinux policy, enable audit support.
Labeling filesystems, devices and runtime files will be done in further changes, see the full PR.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Bring in new tools, pkgs, update Go dependencies and others.
In preparation for Talos 1.9.0-alpha.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Instead of relying on cmdline (which will not work in case it's TinK on Talos, for example), add a file to container rootfs to signal the platform to machined.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Eudev has seen less development effort recently with Gentoo and others moving towards using systemd-udevd which can now be built independently
Update pkgs, include more libraries, change udevd executable name
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
The new command `talosctl cgroups` fetches cgroups snapshot from the
machine, parses it fully, enhances with additional information (e.g.
resolves pod names), and presents a customizable view of cgroups
configuration (e.g. limits) and current consumption.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We do it for Talos itself to minimize the memory footprint and binary
size for the `dashboard` when part of Talos, while for `talosctl` we
want to have better support of various terminals.
Fixes#9377
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
`protoc-gen-doc` was using `pseudomuto/protoc-gen-doc` image which was
running go 1.17. Update to use `go install` from source like other
tools.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes https://github.com/siderolabs/extensions/issues/448
Bundle some CNI standard plugins plus Flannel CNI plugin (as Flannel is
the default CNI in Talos) in the Talos `initramfs`.
With this change, no plugin install is required, so the `install-cni`
step is dropped from the Flannel default manifest.
The bundled plugins:
```
$ talosctl -n 172.20.0.2 ls -lH /opt/cni/bin/
NODE MODE UID GID SIZE(B) LASTMOD NAME
172.20.0.2 drwxr-xr-x 0 0 109 B 7 hours ago .
172.20.0.2 -rwxr-xr-x 0 0 3.2 MB 7 hours ago bridge
172.20.0.2 -rwxr-xr-x 0 0 3.3 MB 7 hours ago firewall
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago flannel
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago host-local
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago loopback
172.20.0.2 -rwxr-xr-x 0 0 2.8 MB 7 hours ago portmap
```
The `initramfs` for amd64 grows 67 -> 73 MiB with this change.
The path `/opt/cni/bin` is still an overlay mount, so extra plugins can
be dropped to this directory (no change here).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This patch adds a flag to `secureboot.database.Generate` to append the
Microsoft UEFI secure boot DB and KEK certificates to the appropriate
ESLs, in addition to complimentary command line flags.
This patch also includes a copy of said Microsoft certificates. The
certificates are downloaded from an official Microsoft repo.
Signed-off-by: Jean-Francois Roy <jf@devklog.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Bring in AppArmor pkg from `pkgs` which would add
`/sbin/apparmor_parser` which would get picked by containerd.
Signed-off-by: Noel Georgi <git@frezbo.dev>
This is minor, as it's lint-markdown, but seems to be
slightly faster on installing dependencies, but mostly same time on
running the actual tools.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Initramfs and kernel are compressed with zstd.
Extensions are compressed with zstd for Talos 1.8+.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8361
Talos requires v2 (circa 2008), but VMs are often configured to limit
the exposed features to the baseline (v1).
```
[ 0.779218] [talos] [initramfs] booting Talos v1.7.0-alpha.1-35-gef5bbe728-dirty
[ 0.779806] [talos] [initramfs] CPU: QEMU Virtual CPU version 2.5+, 4 core(s), 1 thread(s) per core
[ 0.780529] [talos] [initramfs] x86_64 microarchitecture level: 1
[ 0.781018] [talos] [initramfs] it might be that the VM is configured with an older CPU model, please check the VM configuration
[ 0.782346] [talos] [initramfs] x86_64 microarchitecture level 2 or higher is required, halting
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Implement `Install` for imager overlays.
Also add support for generating installers.
Depends on: #8377Fixes: #8350Fixes: #8351Fixes: #8350
Signed-off-by: Noel Georgi <git@frezbo.dev>
Allow to override each package reference.
Signed-off-by: Louis SCHNEIDER <louis.schneider@bedrockstreaming.com>
Signed-off-by: Louis SCHNEIDER <louis@schne.id>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Don't ask me why this weird syntax for flags.
Don't ask me why it fails with exit code zero (success) on invalid
flags.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
