Merge pull request #6 from microsoft/2.0

bombastictranz/CBL-Mariner
bombastictranz · Jun 22, 2024 · 62956df · 62956df
2 parents 74644c6 + a952e5f
commit 62956df
Show file tree

Hide file tree

Showing 747 changed files with 24,312 additions and 21,933 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,95 +1,2 @@
-# By default all files require a review by at lest one member of the CBL-Mariner developers team.
-* @microsoft/cbl-mariner-devs
-
-# Modification to this file require admin approval.
-/.github/CODEOWNERS @microsoft/cbl-mariner-admins
-
-# Modifications to the build pipelines require admin approval.
-/.pipelines/* @microsoft/cbl-mariner-admins
-
-# Modifications to the CredScan exceptions require admin approval.
-/.config/CredScanSuppressions.json @microsoft/cbl-mariner-admins
-
-# Modification to what is considered "core packages" require admin approval.
-/SPECS/core-packages/* @microsoft/cbl-mariner-admins
-
-# Modification to specific packages go to specific teams
-/SPECS/installkernel/* @microsoft/cbl-mariner-kernel
-/SPECS/kernel/* @microsoft/cbl-mariner-kernel
-/SPECS/kernel-azure/* @microsoft/cbl-mariner-kernel
-/SPECS/kernel-hci/* @microsoft/cbl-mariner-kernel
-/SPECS/kernel-headers/* @microsoft/cbl-mariner-kernel
-/SPECS/kernel-mshv/* @microsoft/cbl-mariner-kata-containers
-/SPECS/kernel-uvm/* @microsoft/cbl-mariner-kata-containers
-/SPECS-SIGNED/kernel-signed/* @microsoft/cbl-mariner-kernel
-/SPECS-SIGNED/kernel-hci-signed/* @microsoft/cbl-mariner-kernel
-/SPECS-SIGNED/kernel-azure-signed/* @microsoft/cbl-mariner-kernel
-/SPECS-SIGNED/kernel-mstflint-signed/* @microsoft/cbl-mariner-kernel
-/SPECS-SIGNED/kernel-mshv-signed/* @microsoft/cbl-mariner-kata-containers
-
-/SPECS/grub2/* @microsoft/cbl-mariner-bootloader
-/SPECS/grubby/* @microsoft/cbl-mariner-bootloader
-/SPECS/shim/* @microsoft/cbl-mariner-bootloader
-/SPECS/shim-unsigned/* @microsoft/cbl-mariner-bootloader
-/SPECS/shim-unsigned-x64/* @microsoft/cbl-mariner-bootloader
-/SPECS/shim-unsigned-aarch64/* @microsoft/cbl-mariner-bootloader
-/SPECS-SIGNED/grub2-efi-binary-signed/* @microsoft/cbl-mariner-bootloader
-
-/SPECS/dracut/* @microsoft/cbl-mariner-dracut
-/SPECS/initramfs/* @microsoft/cbl-mariner-dracut
-/SPECS/verity-read-only-root/* @microsoft/cbl-mariner-dracut
-
-/SPECS/systemd/* @microsoft/cbl-mariner-systemd
-
-/SPECS/bcc/* @microsoft/cbl-mariner-debug-tools
-/SPECS/bpftrace/* @microsoft/cbl-mariner-debug-tools
-/SPECS/crash/* @microsoft/cbl-mariner-debug-tools
-/SPECS/gdb/* @microsoft/cbl-mariner-debug-tools
-/SPECS/kexec-tools/* @microsoft/cbl-mariner-debug-tools
-
-/SPECS/openssl/* @microsoft/cbl-mariner-openssl
-/SPECS/SymCrypt-OpenSSL/* @microsoft/cbl-mariner-openssl
-/SPECS/SymCrypt/* @microsoft/cbl-mariner-openssl
-/SPECS/KeysInUse-OpenSSL/* @microsoft/cbl-mariner-openssl
-
-/SPECS/dnf/* @microsoft/cbl-mariner-package-managers
-/SPECS/dnf-plugins-core/* @microsoft/cbl-mariner-package-managers
-/SPECS/rpm/* @microsoft/cbl-mariner-package-managers
-/SPECS/tdnf/* @microsoft/cbl-mariner-package-managers
-
-/SPECS/moby-buildx/* @microsoft/cbl-mariner-container-runtime
-/SPECS/moby-cli/* @microsoft/cbl-mariner-container-runtime
-/SPECS/moby-containerd/* @microsoft/cbl-mariner-container-runtime
-/SPECS/moby-containerd-cc/* @microsoft/cbl-mariner-kata-containers
-/SPECS/moby-engine/* @microsoft/cbl-mariner-container-runtime
-/SPECS/moby-runc/* @microsoft/cbl-mariner-container-runtime
-/SPECS/kata-containers/* @microsoft/cbl-mariner-kata-containers
-/SPECS/kata-containers-cc/* @microsoft/cbl-mariner-kata-containers
-/SPECS/virtiofsd/* @microsoft/cbl-mariner-kata-containers
-
-/SPECS/cloud-hypervisor/* @microsoft/cbl-mariner-virtualization
-/SPECS/hvloader/* @microsoft/cbl-mariner-kata-containers
-/SPECS-SIGNED/hvloader-signed/* @microsoft/cbl-mariner-kata-containers
-
-/SPECS/cloud-init/* @microsoft/cbl-mariner-provisioning
-/SPECS/walinuxagent/* @microsoft/cbl-mariner-provisioning
-
-# Modifications to the toolkit requires reviews from the toolkit team
-/toolkit/ @microsoft/cbl-mariner-tooling
-
-# Docs to be reviewed by general CBL-Mariner devs
-/toolkit/docs/ @microsoft/cbl-mariner-devs
-
-# Default image configurations to be reviewed by general CBL-Mariner devs
-/toolkit/imageconfigs/ @microsoft/cbl-mariner-devs
-
-# Package and toolchain manifests to be reviewed by general CBL-Mariner devs
-/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @microsoft/cbl-mariner-devs
-/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @microsoft/cbl-mariner-devs
-/toolkit/resources/manifests/package/toolchain_aarch64.txt @microsoft/cbl-mariner-devs
-/toolkit/resources/manifests/package/toolchain_x86_64.txt @microsoft/cbl-mariner-devs
-
-# Modifications to the raw toolchain require admin approval.
-/toolkit/scripts/toolchain/container/* @microsoft/cbl-mariner-admins
-/toolkit/scripts/toolchain/cgmanifest.json @microsoft/cbl-mariner-admins
-/toolkit/scripts/toolchain/create_toolchain_in_container.sh @microsoft/cbl-mariner-admins
+# For stable release branches, ensure stable release maintainers are added as code reviewers
+* @microsoft/cbl-mariner-stable-maintainers
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -17,6 +17,7 @@ Feel free to delete sections of the template which do not apply to your PR, or a
 - [ ] All source files have up-to-date hashes in the `*.signatures.json` files
 - [ ] `sudo make go-tidy-all` and `sudo make go-test-coverage` pass
 - [ ] Documentation has been updated to match any changes to the build system
+- [ ] If you are adding/removing a .spec file that has multiple-versions supported, please add [@microsoft/cbl-mariner-multi-package-reviewers](https://github.com/orgs/microsoft/teams/cbl-mariner-multi-package-reviewers) team as reviewer [(Eg. golang has 2 versions 1.18, 1.21+)](https://github.com/microsoft/azurelinux/tree/2.0/SPECS/golang)
 - [ ] Ready to merge
 
 ---

diff --git a/.github/workflows/check-kernel-config.yml b/.github/workflows/check-kernel-config.yml
diff --git a/.github/workflows/validate-cg-manifest.sh b/.github/workflows/validate-cg-manifest.sh
@@ -23,6 +23,7 @@ ignore_multiple_sources=" \
 
 # List of ignored specs due to no source tarball to scan.
 ignore_no_source_tarball=" \
+  azurelinux-sysinfo \
   ca-certificates \
   check-restart \
   core-packages \
@@ -227,7 +228,7 @@ do
       # Parsing output instead of using error codes because 'wget' returns code 8 for FTP, even if the file exists.
       # Sample HTTP(S) output:  Remote file exists.
       # Sample FTP output:      File ‘time-1.9.tar.gz’ exists.
-      if ! wget --secure-protocol=TLSv1_2 --spider --timeout=2 --tries=10 "${manifesturl}" 2>&1 | grep -qP "^(Remote file|File ‘.*’) exists.*"
+      if ! wget --secure-protocol=TLSv1_2 --spider --timeout=30 --tries=10 "${manifesturl}" 2>&1 | grep -qP "^(Remote file|File ‘.*’) exists.*"
       then
         echo "Registration for $name:$version has invalid URL '$manifesturl' (could not download)"  >> bad_registrations.txt
       fi

diff --git a/.pipelines/CodeQL/CodeQL.yml b/.pipelines/CodeQL/CodeQL.yml
@@ -3,6 +3,8 @@
 
 name: CodeQL CBL-Mariner repository
 
+trigger: none
+
 resources:
   repositories:
     - repository: CBL-Mariner-Pipelines

diff --git a/...urceData/base/Dockerfile-Busybox-Template → ...inerSourceData/busybox/Dockerfile-Busybox b/...urceData/base/Dockerfile-Busybox-Template → ...inerSourceData/busybox/Dockerfile-Busybox
@@ -7,31 +7,28 @@ FROM $BASE_IMAGE AS BASE
 
 ARG AZL_VERSION=2.0
 
-ARG RPMS
-ARG LOCAL_REPO_FILE="local.repo"
-ARG LOCAL_REPO_PATH="/localrepo" 
+ARG RPMS_TO_INSTALL
+ARG RPMS_PATH="/dockerStage/RPMS"
+ARG LOCAL_REPO_FILE="/dockerStage/marinerLocalRepo.repo"
+ARG LOCAL_REPO_PATH="/localrepo"
 
-COPY ${RPMS} /WORKDIR/RPMS
-COPY ${LOCAL_REPO_FILE} /WORKDIR/REPO/local.repo
-
-# Create local repo if RPMS are provided
+# Create local repo with the given RPMS.
 # This will allow the user to install packages from the local repo
 # instead of fetching from PMC
-RUN if [ "${RPMS}" ]; then \
+RUN --mount=type=bind,source=./Stage/,target=/dockerStage/ \
     mkdir -p $LOCAL_REPO_PATH; \
     tdnf install -y --releasever=$AZL_VERSION createrepo; \
-    cp -r /WORKDIR/RPMS ${LOCAL_REPO_PATH}; \
-    cp /WORKDIR/REPO/local.repo /etc/yum.repos.d/local.repo; \
-    createrepo --database ${LOCAL_REPO_PATH} --workers 10; \
+    cp -r ${RPMS_PATH} ${LOCAL_REPO_PATH}; \
+    cp ${LOCAL_REPO_FILE} /etc/yum.repos.d/local.repo; \
+    createrepo --compatibility --database ${LOCAL_REPO_PATH} --workers 10; \
     tdnf makecache; \
-    tdnf autoremove -y createrepo; \
-fi
+    tdnf autoremove -y createrepo;
 
-# Install busybox, glibc, and their dependencies into a staging location.
+# Install packages into a staging location.
 # Staging directory is copied into the final scratch image.
 RUN mkdir /staging \
     && tdnf install -y --releasever=$AZL_VERSION --installroot /staging \
-    busybox glibc \
+    ${RPMS_TO_INSTALL} \
     && tdnf clean all \
     && pushd /staging \
     && rm -rf boot media mnt opt run \

diff --git a/.pipelines/containerSourceData/busybox/busybox.name b/.pipelines/containerSourceData/busybox/busybox.name
@@ -0,0 +1 @@
+busybox
diff --git a/.pipelines/containerSourceData/busybox/busybox.pkg b/.pipelines/containerSourceData/busybox/busybox.pkg
@@ -0,0 +1,3 @@
+busybox
+glibc
+mariner-release
diff --git a/.pipelines/containerSourceData/cdi/api.name b/.pipelines/containerSourceData/cdi/api.name
@@ -0,0 +1 @@
+containerized-data-importer-api
diff --git a/.pipelines/containerSourceData/cdi/cloner.name b/.pipelines/containerSourceData/cdi/cloner.name
@@ -0,0 +1 @@
+containerized-data-importer-cloner
diff --git a/.pipelines/containerSourceData/cdi/controller.name b/.pipelines/containerSourceData/cdi/controller.name
@@ -0,0 +1 @@
+containerized-data-importer-controller
diff --git a/.pipelines/containerSourceData/cdi/importer.name b/.pipelines/containerSourceData/cdi/importer.name
@@ -0,0 +1 @@
+containerized-data-importer-importer
diff --git a/.pipelines/containerSourceData/cdi/operator.name b/.pipelines/containerSourceData/cdi/operator.name
@@ -0,0 +1 @@
+containerized-data-importer-operator
diff --git a/.pipelines/containerSourceData/cdi/uploadproxy.name b/.pipelines/containerSourceData/cdi/uploadproxy.name
@@ -0,0 +1 @@
+containerized-data-importer-uploadproxy
diff --git a/.pipelines/containerSourceData/cdi/uploadserver.name b/.pipelines/containerSourceData/cdi/uploadserver.name
@@ -0,0 +1 @@
+containerized-data-importer-uploadserver
diff --git a/.pipelines/containerSourceData/certmanager/acmesolver.name b/.pipelines/containerSourceData/certmanager/acmesolver.name
@@ -0,0 +1 @@
+cert-manager-acmesolver
diff --git a/.pipelines/containerSourceData/certmanager/cainjector.name b/.pipelines/containerSourceData/certmanager/cainjector.name
@@ -0,0 +1 @@
+cert-manager-cainjector
diff --git a/.pipelines/containerSourceData/certmanager/cmctl.name b/.pipelines/containerSourceData/certmanager/cmctl.name
@@ -0,0 +1 @@
+cert-manager-cmctl
diff --git a/.pipelines/containerSourceData/certmanager/controller.name b/.pipelines/containerSourceData/certmanager/controller.name
@@ -0,0 +1 @@
+cert-manager-controller
diff --git a/.pipelines/containerSourceData/certmanager/webhook.name b/.pipelines/containerSourceData/certmanager/webhook.name
@@ -0,0 +1 @@
+cert-manager-webhook
diff --git a/.pipelines/containerSourceData/influxdb/influxdb.name b/.pipelines/containerSourceData/influxdb/influxdb.name
@@ -0,0 +1 @@
+influxdb
diff --git a/.pipelines/containerSourceData/kubevirt/virt-api.name b/.pipelines/containerSourceData/kubevirt/virt-api.name
@@ -0,0 +1 @@
+kubevirt-virt-api
diff --git a/.pipelines/containerSourceData/kubevirt/virt-controller.name b/.pipelines/containerSourceData/kubevirt/virt-controller.name
@@ -0,0 +1 @@
+kubevirt-virt-controller
diff --git a/.pipelines/containerSourceData/kubevirt/virt-handler.name b/.pipelines/containerSourceData/kubevirt/virt-handler.name
@@ -0,0 +1 @@
+kubevirt-virt-handler
diff --git a/.pipelines/containerSourceData/kubevirt/virt-launcher.name b/.pipelines/containerSourceData/kubevirt/virt-launcher.name
@@ -0,0 +1 @@
+kubevirt-virt-launcher
diff --git a/.pipelines/containerSourceData/kubevirt/virt-operator.name b/.pipelines/containerSourceData/kubevirt/virt-operator.name
@@ -0,0 +1 @@
+kubevirt-virt-operator
diff --git a/.pipelines/containerSourceData/memcached/memcached.name b/.pipelines/containerSourceData/memcached/memcached.name
@@ -0,0 +1 @@
+memcached
diff --git a/.pipelines/containerSourceData/multus/multus.name b/.pipelines/containerSourceData/multus/multus.name
@@ -0,0 +1 @@
+multus
diff --git a/.pipelines/containerSourceData/nginx/nginx.name b/.pipelines/containerSourceData/nginx/nginx.name
@@ -0,0 +1 @@
+nginx
diff --git a/...a/nodejs/distroless/holdback-nodejs18.pkg → ...ata/nodejs/distroless/holdback-nodejs.pkg b/...a/nodejs/distroless/holdback-nodejs18.pkg → ...ata/nodejs/distroless/holdback-nodejs.pkg
diff --git a/...SourceData/nodejs/distroless/nodejs18.pkg → ...erSourceData/nodejs/distroless/nodejs.pkg b/...SourceData/nodejs/distroless/nodejs18.pkg → ...erSourceData/nodejs/distroless/nodejs.pkg
@@ -1,2 +1,3 @@
 distroless-packages-base
 nodejs18
+prebuilt-ca-certificates
diff --git a/.pipelines/containerSourceData/nodejs/nodejs.name b/.pipelines/containerSourceData/nodejs/nodejs.name
@@ -0,0 +1 @@
+nodejs18
diff --git a/.pipelines/containerSourceData/nodejs/nodejs.pkg b/.pipelines/containerSourceData/nodejs/nodejs.pkg
@@ -1,2 +1,2 @@
 ca-certificates
-nodejs
+nodejs18
diff --git a/.pipelines/containerSourceData/nodejs/nodejs18.pkg b/.pipelines/containerSourceData/nodejs/nodejs18.pkg
diff --git a/.pipelines/containerSourceData/openmpi/openmpi.name b/.pipelines/containerSourceData/openmpi/openmpi.name
@@ -0,0 +1 @@
+openmpi
diff --git a/.pipelines/containerSourceData/php/php.name b/.pipelines/containerSourceData/php/php.name
@@ -0,0 +1 @@
+php
diff --git a/.pipelines/containerSourceData/postgres/postgres.name b/.pipelines/containerSourceData/postgres/postgres.name
@@ -0,0 +1 @@
+postgresql
diff --git a/.pipelines/containerSourceData/prometheus/distroless/prometheus.pkg b/.pipelines/containerSourceData/prometheus/distroless/prometheus.pkg
@@ -1,2 +1,3 @@
 distroless-packages-base
 prometheus
+prebuilt-ca-certificates
diff --git a/.pipelines/containerSourceData/prometheus/prometheus.name b/.pipelines/containerSourceData/prometheus/prometheus.name
@@ -0,0 +1 @@
+prometheus
diff --git a/.pipelines/containerSourceData/prometheusadapter/distroless/prometheusadapter.pkg b/.pipelines/containerSourceData/prometheusadapter/distroless/prometheusadapter.pkg
@@ -1,2 +1,3 @@
 distroless-packages-base
 prometheus-adapter
+prebuilt-ca-certificates
diff --git a/.pipelines/containerSourceData/prometheusadapter/prometheusadapter.name b/.pipelines/containerSourceData/prometheusadapter/prometheusadapter.name
@@ -0,0 +1 @@
+prometheus-adapter
diff --git a/.pipelines/containerSourceData/python/distroless/python.pkg b/.pipelines/containerSourceData/python/distroless/python.pkg
@@ -1,2 +1,3 @@
 distroless-packages-base
 python3
+prebuilt-ca-certificates
diff --git a/.pipelines/containerSourceData/python/python.name b/.pipelines/containerSourceData/python/python.name
@@ -0,0 +1 @@
+python
diff --git a/.pipelines/containerSourceData/pytorch/pytorch.name b/.pipelines/containerSourceData/pytorch/pytorch.name
@@ -0,0 +1 @@
+python3-pytorch
diff --git a/.pipelines/containerSourceData/rabbitmqserver/rabbitmqserver.name b/.pipelines/containerSourceData/rabbitmqserver/rabbitmqserver.name
@@ -0,0 +1 @@
+rabbitmq-server
diff --git a/.pipelines/containerSourceData/redis/redis.name b/.pipelines/containerSourceData/redis/redis.name
@@ -0,0 +1 @@
+redis
diff --git a/.pipelines/containerSourceData/ruby/ruby.name b/.pipelines/containerSourceData/ruby/ruby.name
@@ -0,0 +1 @@
+ruby
diff --git a/.pipelines/containerSourceData/rust/rust.name b/.pipelines/containerSourceData/rust/rust.name
@@ -0,0 +1 @@
+rust