* fix(hack): use sudo -E when running Rust binaries
This makes it possible to pass envvars to the Krata runtime
* feat(o11y): add fluent sink to logs
This change adds fluent logging as an opt-in feature. Setting
`KRATA_LOG_FLUENT` with an address:port will start a TCP connection,
sending logs.
A later changes will respect a URI scheme and use structured logging.
The resolv.conf that the stage1 os script generates is fine for actual use,
but our GitHub workflows now uses the Step Security hardened runner action.
This action replaces the nameserver so that all lookups go through that,
but because the chroot calls apk add, it needs to contact the internet.
On the GitHub workflows, the OS build currently fails since the hardened
runner cannot access other nameservers.
Now that we have the kernel build infrastructure at https://github.com/edera-dev/kernels
it makes sense to drop building the kernel and download the kernel images directly.
This change introduces a ./hack/kernel/fetch.sh script which is backed by crates/build
We utilize the OCI infrastructure itself to download the kernel image. The DEV guide
has been updated to include calling the fetch script, and the OS builder now uses this
method instead. Due to the lack of need for the kernel build infra to exist here now,
it has also been removed. This should significantly speed up full builds.
This change will also enable us to turn on os build workflows for all PRs. We should
likely make the OS status checks required once this is merged.
* feat: pci passthrough
* feat: guest device management
* feat: addons mounting and kernel modules support
* feat: more pci work
* fix: kernel build squashfs fixes
* fix: e820entry should be available on all platforms
* feat: oci packer can now use mksquashfs if available
* fix: use nproc in kernel build script for default jobs, and fix DEV.md guide
* feat: working erofs backend
doas sudo shim (as used by Alpine) does not support passing through environment variables
in the same way that sudo does, therefore use `sh -c` instead.
Signed-off-by: Ariadne Conill <ariadne@ariadne.space>