feat(rhcos): enterprise evidence matrix — 3 OpenShift releases × 3 artifacts#53
Merged
Conversation
…tifacts
Expands the single RHCOS proof into a real multi-version, multi-artifact matrix.
Booted real RHCOS bootimages from the public OpenShift mirror for OpenShift
4.14 (RHEL 9.2, 5.14.0-284), 4.16 and 4.18 (both RHEL 9.4, 5.14.0-427) and ran
three artifacts in each:
- simple-pass → load pass on all three
- ringbuf-modern → load + attach pass on all three (ring buffer is upstream
since 5.8; passes on backported 5.14 = backport proof)
- core-relocation-fail → rejected on all three (errno -22,
CORE_RELOCATION_FAILURE) = the verdict discriminates
Adds profiles rhcos-4.14-5.14 and rhcos-4.18-5.14, expands matrices/rhcos.yaml
to all three, and parameterises `make rhcos-image` with RHCOS_VERSION to stage
per-version images. Full recorded matrix, in-guest validator output, serial
excerpt, image provenance (sha256s) and reproduce steps in docs/evidence-rhcos.md.
Honest limits documented: x86_64 only (no aarch64 host here), operator-supplied
images so not in public CI, bootimage rather than a live cluster. RHCOS stays
out of the README "Distributions covered" table; opt-in via BPFCOMPAT_ENABLE_RHCOS.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Turns the single RHCOS proof (#52) into a real multi-version, multi-artifact evidence matrix — the step from "proven path" toward enterprise-grade coverage, run for real against public OpenShift RHCOS bootimages.
Matrix (real boots, x86_64)
-284)-427)-427)simple-passringbuf-moderncore-relocation-failProves two things at once:
core-relocation-failis rejected on every release (errno -22,CORE_RELOCATION_FAILURE), so the passes are real acceptances.Nice honest detail surfaced: OCP minor ≠ kernel — 4.16 and 4.18 share the RHEL 9.4
-427kernel while 4.14 is RHEL 9.2-284(the RHCOS version string encodes the RHEL base:416.94/418.94/414.92).Changes
rhcos-4.14-5.14,rhcos-4.18-5.14;matrices/rhcos.yaml→ 3 versions.make rhcos-image RHCOS_VERSION=…stages per-version images.docs/evidence-rhcos.md: full matrix, in-guest validator JSON (pass + rejection), serial excerpt, per-version sha256 provenance, reproduce steps.Honest limits (documented, not faked)
BPFCOMPAT_ENABLE_RHCOS=1.🤖 Generated with Claude Code