new: images

images/Makefile

@@ -0,0 +1,105 @@
+DRY_RUN := false
+REPOSITORY := falcosecurity/kernel-testing
+ARCH ?= $(shell uname -m)
+YAML_FILE := images.yaml
+
+.PHONY: build-rootfs build-kernel docker-push generate-yaml build-all initrd-builder modernprobe-builder builder
+
+builder:
+	if [ "$(DRY_RUN)" = "true" ]; then \
+		echo "Dry run: Building builder image: docker build -t $(REPOSITORY)/builder:0.0.1-$(ARCH) builder"; \
+	else \
+		echo "Building modernprobe-builder image"; \
+		docker build -t $(REPOSITORY)/builder:0.0.1-$(ARCH) builder; \
+	fi
+
+modernprobe-builder:
+	if [ "$(DRY_RUN)" = "true" ]; then \
+		echo "Dry run: Building modernprobe-builder image: docker build -t $(REPOSITORY)/modernprobe-builder:0.0.1-$(ARCH) modernprobe-builder"; \
+	else \
+		echo "Building modernprobe-builder image"; \
+		docker build -t $(REPOSITORY)/modernprobe-builder:0.0.1-$(ARCH) modernprobe-builder; \
+	fi
+
+initrd-builder:
+	if [ "$(DRY_RUN)" = "true" ]; then \
+		echo "Dry run: Building initrd-builder image: docker build -t initrd-builder:0.0.1 initrd-builder"; \
+	else \
+		echo "Building initrd-builder image"; \
+		docker build -t initrd-builder:0.0.1 initrd-builder; \
+	fi
+
+build-rootfs:
+	@for rootfs_dir in $$(find . -type f -name "Dockerfile" -path "*$(ARCH)/*" -printf '%h\n'); do \
+		version=$$(basename $$rootfs_dir); \
+		distro=$$(basename $$(dirname $$rootfs_dir)); \
+		image=$(REPOSITORY)/$$distro-image:$$version-$(ARCH); \
+		if [ "$(DRY_RUN)" = "true" ]; then \
+			echo "Dry run: Building rootfs image: docker build -t $$image $$rootfs_dir"; \
+		else \
+			echo "Building rootfs image: $$image"; \
+			docker build -t $$image $$rootfs_dir; \
+		fi; \
+	done
+
+build-kernel: initrd-builder
+	@for kernel_dir in $$(find . -type f -name "Dockerfile.kernel" -path "*$(ARCH)/*" -printf '%h\n'); do \
+		version=$$(basename $$kernel_dir); \
+		distro=$$(basename $$(dirname $$kernel_dir)); \
+		image=$(REPOSITORY)/$$distro-kernel:$$version-$(ARCH); \
+		if [ "$(DRY_RUN)" = "true" ]; then \
+			echo "Dry run: Building kernel image: docker build -t $$image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir"; \
+		else \
+			echo "Building kernel image: $$image"; \
+			docker build -t $$image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir; \
+		fi; \
+	done
+
+docker-push:
+	@for image in $$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "$(REPOSITORY)" | grep "$(ARCH)"); do \
+		if [ "$(DRY_RUN)" = "true" ]; then \
+			echo "Dry run: Pushing image: docker push $$image"; \
+		else \
+			echo "Pushing image: $$image"; \
+			docker push $$image; \
+		fi; \
+	done
+
+%: initrd-builder
+	@version=$$(basename $@); \
+		distro=$$(basename $$(dirname $@)); \
+		arch=$(ARCH); \
+		rootfs_dir=$$(find . -type d -path "./$$arch/$$distro/$$version"); \
+		kernel_dir=$$(find . -type d -path "./$$arch/$$distro/$$version"); \
+		rootfs_image=$(REPOSITORY)/$$distro-image:$$version-$$arch; \
+		kernel_image=$(REPOSITORY)/$$distro-kernel:$$version-$$arch; \
+		if [ -n "$$rootfs_dir" ]; then \
+			if [ "$(DRY_RUN)" = "true" ]; then \
+				echo "Dry run: Building rootfs image: docker build -t $$rootfs_image $$rootfs_dir"; \
+			else \
+				echo "Building rootfs image: $$rootfs_image"; \
+				docker build -t $$rootfs_image $$rootfs_dir; \
+			fi; \
+		fi; \
+		if [ -n "$$kernel_dir" ]; then \
+			if [ "$(DRY_RUN)" = "true" ]; then \
+				echo "Dry run: Building kernel image: docker build -t $$kernel_image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir"; \
+			else \
+				echo "Building kernel image: $$kernel_image"; \
+				docker build -t $$kernel_image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir; \
+			fi; \
+		fi;
+
+generate-yaml:
+	@echo "machines:" > $(YAML_FILE)
+	@for rootfs_image in $$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "$(REPOSITORY)" | grep "$(ARCH)" | grep "\-image" | sort); do \
+		version=$$(echo $$rootfs_image | cut -d':' -f2 | cut -d'-' -f1); \
+		distro=$$(echo $$rootfs_image | cut -d'/' -f2 | cut -d'-' -f1); \
+		arch=$(ARCH); \
+		kernel_image=$$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "$(REPOSITORY)/$$distro-kernel:$$version-$$arch"); \
+		if [ -n "$$kernel_image" ]; then \
+			echo "  - {name: \"$$distro-$$version\", kernel: \"$$kernel_image\", rootfs: \"$$rootfs_image\", arch: \"$$arch\"}" >> $(YAML_FILE); \
+		fi; \
+	done
+
+build-all: build-rootfs build-kernel

images/README.md

@@ -0,0 +1,82 @@
+# Images
+
+Makefile present in this directory is specifically designed to generate the static Docker images required by Ignite to run tests on different Linux distributions. The workflow provided by this Makefile is designed to be straightforward, consisting of three main commands:
+
+1. `build-all`: This target builds all the necessary Docker images for the different versions and distributions required for testing with Firecracker.
+
+2. `docker-push`: Optionally, you can use this target to push the resulting Docker images to a Docker Hub registry for easier distribution and access.
+
+3. `generate-yaml`: This target allows you to generate a YAML file (`images.yaml`) containing the matrix of new image information. The generated YAML file can be conveniently copied to the variables file of Ansible to keep the test environment up to date.
+
+## Prerequisites
+
+Before using the Makefile, ensure you have the following installed:
+
+- Docker: The containerization platform used for building and pushing images.
+
+## Makefile Targets
+
+The Makefile provides several targets, each serving a specific purpose:
+
+- `initrd-builder`: This target builds the `initrd-builder` image, necessary for creating the initrd for each image.
+
+- `builder`, `modernprobe-builder`: These targets build specific builder images used by the CI system to prepare all the precompiled files for the tests.
+
+- `build-rootfs` and `build-kernel`: These targets build root filesystem and kernel images, respectively. The `build-kernel` target depends on `initrd-builder`, which must be built first.
+
+- `docker-push`: This target pushes the built images to a Docker Hub registry. You can use this step to make the images accessible to other systems.
+
+- `generate-yaml`: This target generates a YAML file named `images.yaml`, which contains information about the built images. The YAML file includes details about the kernel and rootfs images for each version and distribution. This generated YAML file can be conveniently copied to the variables file of Ansible to keep the test environment up to date.
+
+- `build-all`: This target is a convenience target that sequentially builds both root filesystem and kernel images.
+
+## Usage
+
+The typical workflow for using this Makefile is as follows:
+
+1. Build the `initrd-builder` image first, which is required for creating the initrd for each image:
+
+```
+make initrd-builder
+```
+
+2. Build the specific builder images (`builder`, `modernprobe-builder`) used by the CI system:
+
+```
+make builder
+make modernprobe-builder
+```
+
+3. Build all the required images for testing with Firecracker using the following command:
+
+```
+make build-all
+```
+
+4. Optionally, push the built images to a Docker Hub registry with:
+
+```
+make docker-push
+```
+
+5. Generate the YAML file containing the image matrix with:
+
+```
+make generate-yaml
+```
+
+After running these commands, you will have the necessary Docker images for your Firecracker test environment, and the image matrix will be available in the `images.yaml` file. You can then easily integrate this information into your Ansible setup.
+
+## Customization
+
+You can customize the Makefile to suit your specific requirements. The variables you can modify include:
+
+- `DRY_RUN`: Set this variable to `true` for a dry run, where the build commands will be printed but not executed.
+
+- `REPOSITORY`: The Docker repository where the built images will be tagged and pushed.
+
+- `ARCH`: The architecture for which the images will be built. By default, it will use the output of `uname -p`.
+
+- `YAML_FILE`: The name of the YAML file that will be generated by the `generate-yaml` target.
+
+Feel free to adjust these variables to match your desired configuration.

images/aarch64/amazonlinux2/5.4/Dockerfile

@@ -0,0 +1,46 @@
+FROM amazonlinux:2
+
+ARG VERSION=5.4.247-162
+ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.4/latest/aarch64'
+
+RUN yum install -y \
+		binutils-devel \
+		chrony \
+		clang \
+		gcc10 \
+		gcc10-c++ \
+		git \
+		iproute \
+		kmod \
+		libcap-devel \
+		llvm \
+		make \
+		openssh-server \
+		rsync \
+		systemd \
+		tar && \
+	curl -sLO "$URL"/mirror.list && \
+	URL=$(cat mirror.list) && \
+	curl -sLO "${URL}"/repodata/primary.xml.gz && \
+	gunzip primary.xml.gz && \
+    grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\"  -f2 | \
+		xargs -I@ curl -Lo headers.rpm ${URL}/@ && \
+    grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\"  -f2 | \
+		xargs -I@ curl -Lo sources.rpm ${URL}/@ && \
+	yum install -y ./*.rpm && \
+	rm -v ./*.rpm && \
+	sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \
+	echo 'UseDNS no' >> /etc/ssh/sshd_config && \
+	echo "root:root" | chpasswd && \
+	curl -LO https://cmake.org/files/v3.19/cmake-3.19.8-Linux-aarch64.tar.gz && \
+	tar -xaf cmake-3.19.8-Linux-aarch64.tar.gz && \
+	rm -vf cmake-3.19.8-Linux-aarch64.tar.gz && \
+	mv cmake-3.19.8-Linux-aarch64     /opt/cmake-3.19.8 && \
+	ln -sf  /opt/cmake-3.19.8/bin/*    /usr/bin/ && \
+	mkdir -p  /lib/modules/${VERSION}.350.amzn2.aarch64/ && \
+	ln -s /usr/src/kernels/${VERSION}.350.amzn2.aarch64/ /lib/modules/${VERSION}.350.amzn2.aarch64/build && \
+	rm -vf /usr/bin/gcc /usr/bin/g++ && \
+	update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc10-gcc 100 --slave /usr/bin/g++ g++ /usr/bin/gcc10-c++ && \
+	update-alternatives --auto gcc && \
+	yum clean all && \
+	rm -rf /var/cache/yum

images/aarch64/amazonlinux2/5.4/Dockerfile.kernel

@@ -0,0 +1,47 @@
+FROM initrd-builder:0.0.1 AS stage1
+
+ARG VERSION=5.4.247-162
+ARG URL='http://amazonlinux.us-east-1.amazonaws.com/2/extras/kernel-5.4/latest/aarch64'
+
+WORKDIR /home/ubuntu
+
+RUN touch .placeholder && \
+	curl -sLO "$URL"/mirror.list && \
+	URL=$(cat mirror.list) && \
+	curl -sLO "${URL}"/repodata/primary.xml.gz && \
+	gunzip primary.xml.gz && \
+    grep -E 'kernel-5.4.247-162.*.rpm' primary.xml | grep href | cut -d\"  -f2 | \
+		xargs -I@ curl -Lo kernel.rpm ${URL}/@ && \
+    grep -E 'kernel-devel-5.4.247-162.*.rpm' primary.xml | grep href | cut -d\"  -f2 | \
+		xargs -I@ curl -Lo headers.rpm ${URL}/@ && \
+	rpm2cpio kernel.rpm > kernel.cpio && \
+	rpm2cpio headers.rpm > headers.cpio && \
+	mkdir extracted && \
+	cd extracted && \
+	cpio -idmv < ../kernel.cpio  && \
+	cpio -idmv < ../headers.cpio && \
+	cd .. && \
+	find ./extracted/ -name 'vmlinuz-*' -exec cp -v {} extracted/vmlinux \;
+
+FROM amazonlinux:2 as kmod-builder
+
+WORKDIR /home/ubuntu
+COPY --from=stage1 /home/ubuntu/extracted   /home/ubuntu/extracted/
+COPY --from=stage1 /opt/initrd-builder/*    /opt/initrd-builder/
+
+RUN yum groupinstall -y 'Development Tools' && \
+	cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \
+	curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.4/drivers/virtio/virtio_mmio.c' && \
+	KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/5.4.247-162.350.amzn2.aarch64/" make
+
+FROM initrd-builder:0.0.1 AS stage2
+COPY --from=stage1       /home/ubuntu/extracted      /home/ubuntu/extracted/
+COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/
+RUN cd /home/ubuntu/extracted && \
+	/opt/initrd-builder/create.sh
+
+FROM scratch
+
+COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/
+COPY --from=stage2 /home/ubuntu/out/initrd        /boot/
+COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/

images/aarch64/amazonlinux2022/5.15/Dockerfile

@@ -0,0 +1,37 @@
+FROM amazonlinux:2022
+
+ARG VERSION=5.15.73-45
+ARG URL='https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors/latest/aarch64'
+
+
+RUN dnf groupinstall -y 'Development Tools' && \
+	dnf install -y \
+		binutils-devel \
+		chrony \
+		clang \
+		cmake \
+		iproute \
+		kmod \
+		libcap-devel \
+		llvm \
+		make \
+		openssh-server \
+		rsync \
+		systemd && \
+	curl -sLO "$URL"/mirror.list && \
+	URL=$(cat mirror.list) && \
+	curl -sLO "${URL}"repodata/primary.xml.gz && \
+	gunzip primary.xml.gz && \
+    grep -E 'kernel-headers-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\"  -f2 | \
+		xargs -I@ curl -Lo headers.rpm ${URL}@ && \
+    grep -E 'kernel-devel-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\"  -f2 | \
+		xargs -I@ curl -Lo sources.rpm ${URL}@ && \
+    grep -E 'bpftool-'${VERSION}'.*.rpm' primary.xml | grep href | cut -d\"  -f2 | \
+		xargs -I@ curl -Lo bpftool.rpm ${URL}@ && \
+	dnf install -y ./*.rpm && \
+	rm -f ./*.rpm && \
+	mkdir -p /lib/modules/5.15.73-45.135.amzn2022.aarch64/ && \
+	ln -s /usr/src/kernels/5.15.73-45.135.amzn2022.aarch64/ /lib/modules/5.15.73-45.135.amzn2022.aarch64/build && \
+	sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config && \
+	echo 'UseDNS no' >> /etc/ssh/sshd_config && \
+	echo "root:root" | chpasswd

images/aarch64/amazonlinux2022/5.15/Dockerfile.kernel

@@ -0,0 +1,48 @@
+FROM initrd-builder:0.0.1 AS stage1
+
+ARG VERSION=5.15.73-45
+ARG URL='https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors/latest/aarch64'
+
+WORKDIR /home/ubuntu
+
+RUN touch .placeholder && \
+	curl -sLO "$URL"/mirror.list && \
+	URL=$(cat mirror.list) && \
+	curl -sLO "${URL}"repodata/primary.xml.gz && \
+	gunzip primary.xml.gz && \
+    grep -E 'kernel-5.15.73-45.*.rpm' primary.xml | grep href | cut -d\"  -f2 | \
+		xargs -I@ curl -Lo kernel.rpm ${URL}@ && \
+    grep -E 'kernel-devel-5.15.73-45.*.rpm' primary.xml | grep href | cut -d\"  -f2 | \
+		xargs -I@ curl -Lo headers.rpm ${URL}@ && \
+	rpm2cpio kernel.rpm > kernel.cpio && \
+	rpm2cpio headers.rpm > headers.cpio && \
+	mkdir extracted && \
+	cd extracted && \
+	cpio -idmv < ../kernel.cpio  && \
+	cpio -idmv < ../headers.cpio && \
+	cd .. && \
+	find ./extracted/lib/modules -name vmlinuz -exec cp -v {} extracted/vmlinux.gz \; && \
+	gunzip extracted/vmlinux.gz
+
+FROM amazonlinux:2023 as kmod-builder
+
+WORKDIR /home/ubuntu
+COPY --from=stage1 /home/ubuntu/extracted   /home/ubuntu/extracted/
+COPY --from=stage1 /opt/initrd-builder/*    /opt/initrd-builder/
+
+RUN dnf groupinstall -y 'Development Tools' && \
+	cp -v /opt/initrd-builder/Makefile.virtio_mmio Makefile && \
+	curl -LO 'https://raw.githubusercontent.com/torvalds/linux/v5.15/drivers/virtio/virtio_mmio.c' && \
+	KERNEL_DIR="/home/ubuntu/extracted/usr/src/kernels/5.15.73-45.135.amzn2022.aarch64/" make
+
+FROM initrd-builder:0.0.1 AS stage2
+COPY --from=stage1       /home/ubuntu/extracted      /home/ubuntu/extracted/
+COPY --from=kmod-builder /home/ubuntu/virtio_mmio.ko /home/ubuntu/
+RUN cd /home/ubuntu/extracted && \
+	/opt/initrd-builder/create.sh
+
+FROM scratch
+
+COPY --from=stage1 /home/ubuntu/extracted/vmlinux /boot/
+COPY --from=stage2 /home/ubuntu/out/initrd        /boot/
+COPY --from=stage1 /home/ubuntu/.placeholder /lib/modules/