From bc71dd5812dbda6f2dbb919716de1732040c9496 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:09:49 -0500 Subject: [PATCH 1/7] packaging: delint static-build dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- .../packaging/static-build/kernel/Dockerfile | 13 ++--- tools/packaging/static-build/qemu/Dockerfile | 51 +++++++++---------- .../packaging/static-build/shim-v2/Dockerfile | 11 ++-- 3 files changed, 38 insertions(+), 37 deletions(-) diff --git a/tools/packaging/static-build/kernel/Dockerfile b/tools/packaging/static-build/kernel/Dockerfile index 40f3228f02..cd1a59f2d9 100644 --- a/tools/packaging/static-build/kernel/Dockerfile +++ b/tools/packaging/static-build/kernel/Dockerfile @@ -2,19 +2,20 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM ubuntu +FROM ubuntu:20.04 ENV DEBIAN_FRONTEND=noninteractive # kernel deps -RUN apt update -RUN apt install -y \ +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ bc \ bison \ build-essential \ + ca-certificates \ curl \ flex \ git \ iptables \ - libelf-dev - -RUN [ "$(uname -m)" = "s390x" ] && apt-get install -y libssl-dev || true + libelf-dev && \ + if [ "$(uname -m)" = "s390x" ]; then apt-get install -y --no-install-recommends libssl-dev; fi && \ + apt-get clean && rm -rf /var/lib/lists/ diff --git a/tools/packaging/static-build/qemu/Dockerfile b/tools/packaging/static-build/qemu/Dockerfile index 33e7e2fc62..f32644fec8 100644 --- a/tools/packaging/static-build/qemu/Dockerfile +++ b/tools/packaging/static-build/qemu/Dockerfile @@ -12,8 +12,8 @@ WORKDIR /root/qemu ARG CACHE_TIMEOUT RUN echo "$CACHE_TIMEOUT" -RUN apt-get update && apt-get upgrade -y -RUN apt-get --no-install-recommends install -y \ +RUN apt-get update && apt-get upgrade -y && \ + apt-get --no-install-recommends install -y \ apt-utils \ autoconf \ automake \ @@ -46,36 +46,33 @@ RUN apt-get --no-install-recommends install -y \ python \ python-dev \ rsync \ - zlib1g-dev - -RUN [ "$(uname -m)" != "s390x" ] && apt-get install -y libpmem-dev || true + zlib1g-dev && \ + if [ "$(uname -m)" != "s390x" ]; then apt-get install -y --no-install-recommends libpmem-dev; fi && \ + apt-get clean && rm -rf /var/lib/apt/lists/ ARG QEMU_REPO - -RUN cd .. && git clone --depth=1 "${QEMU_REPO}" qemu - # commit/tag/branch ARG QEMU_VERSION - -RUN git fetch --depth=1 origin "${QEMU_VERSION}" && git checkout FETCH_HEAD -RUN scripts/git-submodule.sh update meson capstone - -ADD scripts/configure-hypervisor.sh /root/configure-hypervisor.sh -ADD qemu /root/kata_qemu -ADD scripts/apply_patches.sh /root/apply_patches.sh -ADD scripts/patch_qemu.sh /root/patch_qemu.sh - -RUN /root/patch_qemu.sh "${QEMU_VERSION}" "/root/kata_qemu/patches" - ARG PREFIX ARG BUILD_SUFFIX -RUN PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "kata-qemu${BUILD_SUFFIX}" | xargs ./configure \ - --with-pkgversion="kata-static${BUILD_SUFFIX}" - -RUN make -j$(nproc) ARG QEMU_DESTDIR -RUN make install DESTDIR="${QEMU_DESTDIR}" ARG QEMU_TARBALL -ADD static-build/scripts/qemu-build-post.sh /root/static-build/scripts/qemu-build-post.sh -ADD static-build/qemu.blacklist /root/static-build/qemu.blacklist -RUN /root/static-build/scripts/qemu-build-post.sh + +COPY scripts/configure-hypervisor.sh /root/configure-hypervisor.sh +COPY qemu /root/kata_qemu +COPY scripts/apply_patches.sh /root/apply_patches.sh +COPY scripts/patch_qemu.sh /root/patch_qemu.sh +COPY static-build/scripts/qemu-build-post.sh /root/static-build/scripts/qemu-build-post.sh +COPY static-build/qemu.blacklist /root/static-build/qemu.blacklist + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN git clone --depth=1 "${QEMU_REPO}" qemu && \ + cd qemu && \ + git fetch --depth=1 origin "${QEMU_VERSION}" && git checkout FETCH_HEAD && \ + scripts/git-submodule.sh update meson capstone && \ + /root/patch_qemu.sh "${QEMU_VERSION}" "/root/kata_qemu/patches" && \ + (PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "kata-qemu${BUILD_SUFFIX}" | xargs ./configure \ + --with-pkgversion="kata-static${BUILD_SUFFIX}") && \ + make -j"$(nproc)" && \ + make install DESTDIR="${QEMU_DESTDIR}" && \ + /root/static-build/scripts/qemu-build-post.sh diff --git a/tools/packaging/static-build/shim-v2/Dockerfile b/tools/packaging/static-build/shim-v2/Dockerfile index 66393694f7..49d0572bff 100644 --- a/tools/packaging/static-build/shim-v2/Dockerfile +++ b/tools/packaging/static-build/shim-v2/Dockerfile @@ -2,18 +2,21 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM ubuntu +FROM ubuntu:20.04 ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ + build-essential \ + ca-certificates \ curl \ gcc \ git \ make \ - sudo + sudo && \ + apt-get clean && rm -rf /var/lib/apt/lists/ -ADD install_go.sh /usr/bin/install_go.sh +COPY install_go.sh /usr/bin/install_go.sh ARG GO_VERSION RUN install_go.sh "${GO_VERSION}" ENV PATH=/usr/local/go/bin:${PATH} From bc120289ec9e838099e96ae2cc078e90bcc8630f Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:30:23 -0500 Subject: [PATCH 2/7] packaging: delint kata-monitor dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/kata-monitor/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/packaging/kata-monitor/Dockerfile b/tools/packaging/kata-monitor/Dockerfile index 425f455722..9b964891f9 100644 --- a/tools/packaging/kata-monitor/Dockerfile +++ b/tools/packaging/kata-monitor/Dockerfile @@ -1,13 +1,13 @@ # SPDX-License-Identifier: Apache-2.0 -FROM golang:1.15-alpine +FROM golang:1.15-alpine AS builder -RUN apk add bash curl git make +RUN apk add --no-cache bash curl git make WORKDIR /go/src/github.com/kata-containers/kata-containers/src/runtime COPY . /go/src/github.com/kata-containers/kata-containers RUN SKIP_GO_VERSION_CHECK=true make monitor -FROM alpine:latest -COPY --from=0 /go/src/github.com/kata-containers/kata-containers/src/runtime/kata-monitor /usr/bin/kata-monitor +FROM alpine:3.14 +COPY --from=builder /go/src/github.com/kata-containers/kata-containers/src/runtime/kata-monitor /usr/bin/kata-monitor CMD ["-h"] ENTRYPOINT ["/usr/bin/kata-monitor"] From aeb2b673b31103509d2e992ebb1f88836f54e39e Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:31:53 -0500 Subject: [PATCH 3/7] osbuilder: delint dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- tools/osbuilder/dockerfiles/QAT/Dockerfile | 3 ++- tools/osbuilder/dracut/Dockerfile.in | 5 +++++ tools/osbuilder/image-builder/Dockerfile | 14 +++++++++++--- .../osbuilder/rootfs-builder/centos/Dockerfile.in | 3 ++- .../rootfs-builder/clearlinux/Dockerfile.in | 3 ++- .../osbuilder/rootfs-builder/fedora/Dockerfile.in | 3 ++- .../osbuilder/rootfs-builder/gentoo/Dockerfile.in | 2 ++ tools/osbuilder/rootfs-builder/suse/Dockerfile.in | 2 +- .../rootfs-builder/ubuntu/Dockerfile-aarch64.in | 4 +++- 9 files changed, 30 insertions(+), 9 deletions(-) diff --git a/tools/osbuilder/dockerfiles/QAT/Dockerfile b/tools/osbuilder/dockerfiles/QAT/Dockerfile index c2e37f97d8..c0113569a7 100644 --- a/tools/osbuilder/dockerfiles/QAT/Dockerfile +++ b/tools/osbuilder/dockerfiles/QAT/Dockerfile @@ -42,7 +42,8 @@ RUN dnf install -y \ systemd-devel \ sudo \ xz \ - yasm + yasm && \ + dnf clean all # Add in non-privileged user RUN useradd qatbuilder -p "" && \ diff --git a/tools/osbuilder/dracut/Dockerfile.in b/tools/osbuilder/dracut/Dockerfile.in index 49702d9e91..f84838bc3d 100644 --- a/tools/osbuilder/dracut/Dockerfile.in +++ b/tools/osbuilder/dracut/Dockerfile.in @@ -3,8 +3,13 @@ # # SPDX-License-Identifier: Apache-2.0 +# openSUSE Tumbleweed image has only 'latest' tag so ignore DL3006 rule. +# hadolint ignore=DL3006 from opensuse/tumbleweed +# zypper -y or --non-interactive can be used interchangeably here so ignore +# DL3034 rule. +# hadolint ignore=DL3034 RUN zypper --non-interactive refresh; \ zypper --non-interactive install --no-recommends --force-resolution \ autoconf \ diff --git a/tools/osbuilder/image-builder/Dockerfile b/tools/osbuilder/image-builder/Dockerfile index 2242807ea4..02f93475fd 100644 --- a/tools/osbuilder/image-builder/Dockerfile +++ b/tools/osbuilder/image-builder/Dockerfile @@ -5,6 +5,14 @@ ARG IMAGE_REGISTRY=registry.fedoraproject.org FROM ${IMAGE_REGISTRY}/fedora:34 -RUN [ -n "$http_proxy" ] && sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true - -RUN dnf install -y qemu-img parted gdisk e2fsprogs gcc xfsprogs findutils +RUN ([ -n "$http_proxy" ] && \ + sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true) && \ + dnf install -y \ + e2fsprogs \ + findutils \ + gcc \ + gdisk \ + parted \ + qemu-img \ + xfsprogs && \ + dnf clean all diff --git a/tools/osbuilder/rootfs-builder/centos/Dockerfile.in b/tools/osbuilder/rootfs-builder/centos/Dockerfile.in index 529bd7ba97..d05436e2a9 100644 --- a/tools/osbuilder/rootfs-builder/centos/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/centos/Dockerfile.in @@ -32,7 +32,8 @@ RUN yum -y update && yum install -y \ sed \ tar \ vim \ - which + which && \ + yum clean all # This will install the proper packages to build Kata components @INSTALL_MUSL@ diff --git a/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in b/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in index abbc413474..422a12747c 100644 --- a/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in @@ -35,7 +35,8 @@ RUN dnf -y update && dnf install -y \ systemd \ tar \ vim \ - which + which && \ + dnf clean all # This will install the proper packages to build Kata components @INSTALL_MUSL@ diff --git a/tools/osbuilder/rootfs-builder/fedora/Dockerfile.in b/tools/osbuilder/rootfs-builder/fedora/Dockerfile.in index dac32f5050..e566823ea7 100644 --- a/tools/osbuilder/rootfs-builder/fedora/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/fedora/Dockerfile.in @@ -35,7 +35,8 @@ RUN dnf -y update && dnf install -y \ systemd \ tar \ vim \ - which + which && \ + dnf clean all # This will install the proper packages to build Kata components @INSTALL_MUSL@ diff --git a/tools/osbuilder/rootfs-builder/gentoo/Dockerfile.in b/tools/osbuilder/rootfs-builder/gentoo/Dockerfile.in index 8a06ff921f..e817d2ac83 100644 --- a/tools/osbuilder/rootfs-builder/gentoo/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/gentoo/Dockerfile.in @@ -4,6 +4,8 @@ # SPDX-License-Identifier: Apache-2.0 ARG IMAGE_REGISTRY=docker.io +# stage3-amd64 image has only 'latest' tag so ignore DL3006 rule. +# hadolint ignore=DL3007 FROM ${IMAGE_REGISTRY}/gentoo/stage3-amd64:latest # This dockerfile needs to provide all the componets need to build a rootfs diff --git a/tools/osbuilder/rootfs-builder/suse/Dockerfile.in b/tools/osbuilder/rootfs-builder/suse/Dockerfile.in index 70948a4b13..b86086a7df 100644 --- a/tools/osbuilder/rootfs-builder/suse/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/suse/Dockerfile.in @@ -6,7 +6,7 @@ ARG IMAGE_REGISTRY=docker.io #suse: docker image to be used to create a rootfs #@OS_VERSION@: Docker image version to build this dockerfile -FROM ${IMAGE_REGISTRY}/opensuse/leap +FROM ${IMAGE_REGISTRY}/opensuse/leap:15.0 # This dockerfile needs to provide all the componets need to build a rootfs # Install any package need to create a rootfs (package manager, extra tools) diff --git a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in index cc0fed0190..bad7006458 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in +++ b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in @@ -35,7 +35,9 @@ RUN apt-get update && apt-get install -y \ sed \ systemd \ tar \ - vim + vim && \ + apt-get clean && rm -rf /var/lib/apt/lists/ + # This will install the proper packages to build Kata components @INSTALL_MUSL@ @INSTALL_RUST@ From 3669e1b6d9879703a328587a5242ee60665d1d2e Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:32:16 -0500 Subject: [PATCH 4/7] ci/openshift-ci: delint dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- ci/openshift-ci/images/Dockerfile.buildroot | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ci/openshift-ci/images/Dockerfile.buildroot b/ci/openshift-ci/images/Dockerfile.buildroot index 47ebbb956f..712c39ad9f 100644 --- a/ci/openshift-ci/images/Dockerfile.buildroot +++ b/ci/openshift-ci/images/Dockerfile.buildroot @@ -6,4 +6,9 @@ # FROM registry.centos.org/centos:8 -RUN yum -y update && yum -y install git sudo wget +RUN yum -y update && \ + yum -y install \ + git \ + sudo \ + wget && \ + yum clean all From 1ea9b703830d4f618c3f4ab628d5f371f3043058 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:29:09 -0500 Subject: [PATCH 5/7] packaging: delint kata-deploy dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/kata-deploy/Dockerfile | 6 ++-- tools/packaging/kata-deploy/action/Dockerfile | 12 +++---- .../local-build/dockerbuild/Dockerfile | 34 +++++++++++-------- 3 files changed, 28 insertions(+), 24 deletions(-) diff --git a/tools/packaging/kata-deploy/Dockerfile b/tools/packaging/kata-deploy/Dockerfile index 36d30ef3a5..e89d242923 100644 --- a/tools/packaging/kata-deploy/Dockerfile +++ b/tools/packaging/kata-deploy/Dockerfile @@ -6,7 +6,7 @@ FROM registry.centos.org/centos:7 AS base ENV container docker -RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +RUN (cd /lib/systemd/system/sysinit.target.wants/ && for i in *; do [ "$i" = systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ @@ -25,7 +25,7 @@ ARG KUBE_ARCH=amd64 ARG KATA_ARTIFACTS=./kata-static.tar.xz ARG DESTINATION=/opt/kata-artifacts -COPY ${KATA_ARTIFACTS} . +COPY ${KATA_ARTIFACTS} ${WORKDIR} RUN \ yum -y update && \ @@ -37,7 +37,7 @@ tar xvf ${KATA_ARTIFACTS} -C ${DESTINATION}/ && \ chown -R root:root ${DESTINATION}/ RUN \ -curl -Lso /bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${KUBE_ARCH}/kubectl && \ +curl -Lso /bin/kubectl "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${KUBE_ARCH}/kubectl" && \ chmod +x /bin/kubectl COPY scripts ${DESTINATION}/scripts diff --git a/tools/packaging/kata-deploy/action/Dockerfile b/tools/packaging/kata-deploy/action/Dockerfile index a8cb23ebe5..c665a92cc8 100644 --- a/tools/packaging/kata-deploy/action/Dockerfile +++ b/tools/packaging/kata-deploy/action/Dockerfile @@ -1,7 +1,7 @@ # Copyright (c) 2019 Intel Corporation # # SPDX-License-Identifier: Apache-2.0 -FROM mcr.microsoft.com/azure-cli:latest +FROM mcr.microsoft.com/azure-cli:2.9.1 LABEL com.github.actions.name="Test kata-deploy in an AKS cluster" LABEL com.github.actions.description="Test kata-deploy in an AKS cluster" @@ -16,14 +16,14 @@ ENV GITHUB_ACTION_NAME="Test kata-deploy in an AKS cluster" # PKG_SHA environment variable ENV PKG_SHA=HEAD -RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${ARCH}/kubectl \ +RUN curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${ARCH}/kubectl" \ && chmod +x ./kubectl \ && mv ./kubectl /usr/local/bin/kubectl -RUN curl -LO https://github.com/Azure/aks-engine/releases/download/${AKS_ENGINE_VER}/aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz \ - && tar xvf aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz \ - && mv aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}/aks-engine /usr/local/bin/aks-engine \ - && rm aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz +RUN curl -LO "https://github.com/Azure/aks-engine/releases/download/${AKS_ENGINE_VER}/aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" \ + && tar "xvf aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" \ + && mv "aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}/aks-engine" /usr/local/bin/aks-engine \ + && rm "aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" COPY kubernetes-containerd.json / COPY setup-aks.sh test-kata.sh entrypoint.sh / diff --git a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile index 89b1f04474..be4c0e8160 100644 --- a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile +++ b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile @@ -6,17 +6,19 @@ FROM ubuntu:20.04 ENV DEBIAN_FRONTEND=noninteractive ENV INSTALL_IN_GOPATH=false -ADD install_yq.sh /usr/bin/install_yq.sh +COPY install_yq.sh /usr/bin/install_yq.sh -# yq installer deps -RUN apt update && apt-get install -y curl sudo - -# Install yq -RUN install_yq.sh - -RUN curl -fsSL https://get.docker.com -o get-docker.sh -RUN sh get-docker.sh +# Install yq and docker +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + sudo && \ + apt-get clean && rm -rf /var/lib/apt/lists/ && \ + install_yq.sh && \ + curl -fsSL https://get.docker.com -o get-docker.sh && \ + sh get-docker.sh ARG IMG_USER=kata-builder ARG UID=1000 @@ -27,12 +29,14 @@ RUN sh -c "echo '${IMG_USER} ALL=NOPASSWD: ALL' >> /etc/sudoers" #FIXME: gcc is required as agent is build out of a container build. RUN apt-get update && \ - apt install --no-install-recommends -y \ - cpio \ - gcc \ - git \ - make \ - xz-utils + apt-get install --no-install-recommends -y \ + build-essential \ + cpio \ + gcc \ + git \ + make \ + xz-utils && \ + apt-get clean && rm -rf /var/lib/apt/lists ENV USER ${IMG_USER} USER ${UID}:${GID} From 428cf0a685865d53c4a65f3f69d275644bec09df Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Tue, 23 Nov 2021 08:24:56 -0500 Subject: [PATCH 6/7] packaging: delint tests dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- .../tests/Dockerfile/FedoraDockerfile.in | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/tools/packaging/tests/Dockerfile/FedoraDockerfile.in b/tools/packaging/tests/Dockerfile/FedoraDockerfile.in index 4023f36aa2..e050ca971b 100644 --- a/tools/packaging/tests/Dockerfile/FedoraDockerfile.in +++ b/tools/packaging/tests/Dockerfile/FedoraDockerfile.in @@ -14,15 +14,14 @@ ENV GOPATH=/home/go ENV TESTS_REPOSITORY_PATH="${GOPATH}/src/${TESTS_REPO}" ENV AGENT_INIT=yes TEST_INITRD=yes OSBUILDER_DISTRO=alpine -# Install packages -RUN sudo dnf -y install kata-proxy kata-ksm-throttler kata-osbuilder kata-runtime kata-shim -RUN sudo mkdir "${GOPATH}" -RUN sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo -RUN sudo dnf makecache -RUN sudo dnf -y install docker-ce -RUN go get -d "${TESTS_REPO}" -RUN cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_image.sh -RUN cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_kernel.sh -RUN kata-runtime kata-env +# Install packages and build and install Kata Containers +RUN dnf -y install kata-proxy kata-ksm-throttler kata-osbuilder kata-runtime kata-shim && \ + mkdir "${GOPATH}" && \ + dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo && \ + dnf makecache && dnf -y install docker-ce && dnf clean all && \ + go get -d "${TESTS_REPO}" && \ + cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_image.sh && \ + cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_kernel.sh && \ + kata-runtime kata-env CMD ["/bin/bash"] From d79268ac6519088b21011772a61337bcc9930699 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Tue, 21 Dec 2021 09:59:18 -0500 Subject: [PATCH 7/7] tools/packaging: add copyright to kata-monitor's Dockerfile The kata-monitor's Dockerfile was added by Eric Ernst on commit 2f1cb7995ffe8089ea3c01 but for some reason the static checker did not catch the file misses the copyright statement at the time it was added. But it is now complaining about it. So this assign the copyright to him to make the static-checker happy. Fixes #3329 Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/kata-monitor/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/packaging/kata-monitor/Dockerfile b/tools/packaging/kata-monitor/Dockerfile index 9b964891f9..513f666bb8 100644 --- a/tools/packaging/kata-monitor/Dockerfile +++ b/tools/packaging/kata-monitor/Dockerfile @@ -1,3 +1,4 @@ +# Copyright (c) 2020 Eric Ernst # SPDX-License-Identifier: Apache-2.0 FROM golang:1.15-alpine AS builder