mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Merge pull request #67222 from ixdy/qemu-ARCH-static-permissions-fixes
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix permissions of qemu-ARCH-static in debian-base and other images **What this PR does / why we need it**: proper fix for the issue I found in #67215. Some machines (like apparently workstations at Google) have a restrictive umask, so the `qemu-ARCH-static` binaries were getting installed in images without world read/execute permissions, causing utilities like `apt-get` to fail. There was also a duplicate download/install of these binaries for `debian-iptables`, which further confused the issue. I've since removed that duplicate installation. Many thanks to @BenTheElder for asking the right question to get me to look at the permissions again. I haven't pushed any images yet. After merge, I'll build/promote `debian-base:0.3.2`, then update everything to use it, then push some more images, write some more PRs, ... **Release note**: ```release-note NONE ``` /assign @tallclair
This commit is contained in:
commit
35e3c78251
@ -18,7 +18,7 @@ REGISTRY ?= staging-k8s.gcr.io
|
||||
IMAGE ?= debian-base
|
||||
BUILD_IMAGE ?= debian-build
|
||||
|
||||
TAG ?= 0.3.1
|
||||
TAG ?= 0.3.2
|
||||
|
||||
TAR_FILE ?= rootfs.tar
|
||||
ARCH?=amd64
|
||||
@ -57,9 +57,11 @@ ifeq ($(ARCH),amd64)
|
||||
sed "/CROSS_BUILD_/d" $(TEMP_DIR)/Dockerfile.build > $(TEMP_DIR)/Dockerfile.build.tmp
|
||||
else
|
||||
# When cross-building, only the placeholder "CROSS_BUILD_" should be removed
|
||||
# Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel
|
||||
# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
|
||||
docker run --rm --privileged multiarch/qemu-user-static:register --reset
|
||||
curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR)
|
||||
# Ensure we don't get surprised by umask settings
|
||||
chmod 0755 qemu-$(QEMUARCH)-static
|
||||
sed "s/CROSS_BUILD_//g" $(TEMP_DIR)/Dockerfile.build > $(TEMP_DIR)/Dockerfile.build.tmp
|
||||
endif
|
||||
mv $(TEMP_DIR)/Dockerfile.build.tmp $(TEMP_DIR)/Dockerfile.build
|
||||
|
@ -51,8 +51,10 @@ endif
|
||||
mkdir -p ${TEMP_DIR}/cni-bin/bin
|
||||
tar -xz -C ${TEMP_DIR}/cni-bin/bin -f "cni-tars/${CNI_TARBALL}"
|
||||
|
||||
ifneq ($(ARCH),amd64)
|
||||
# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
|
||||
docker run --rm --privileged multiarch/qemu-user-static:register --reset
|
||||
endif
|
||||
docker build --pull -t $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
|
||||
rm -rf $(TEMP_DIR)
|
||||
|
||||
|
@ -14,10 +14,6 @@
|
||||
|
||||
FROM BASEIMAGE
|
||||
|
||||
# If we're building for another architecture than amd64, the CROSS_BUILD_ placeholder is removed so e.g. CROSS_BUILD_COPY turns into COPY
|
||||
# If we're building normally, for amd64, CROSS_BUILD lines are removed
|
||||
CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/
|
||||
|
||||
RUN clean-install \
|
||||
conntrack \
|
||||
ebtables \
|
||||
|
@ -19,37 +19,16 @@ IMAGE=debian-iptables
|
||||
TAG=v10.1
|
||||
ARCH?=amd64
|
||||
TEMP_DIR:=$(shell mktemp -d)
|
||||
QEMUVERSION=v2.9.1
|
||||
|
||||
ifeq ($(ARCH),arm)
|
||||
QEMUARCH=arm
|
||||
endif
|
||||
ifeq ($(ARCH),arm64)
|
||||
QEMUARCH=aarch64
|
||||
endif
|
||||
ifeq ($(ARCH),ppc64le)
|
||||
QEMUARCH=ppc64le
|
||||
endif
|
||||
ifeq ($(ARCH),s390x)
|
||||
QEMUARCH=s390x
|
||||
endif
|
||||
|
||||
BASEIMAGE=k8s.gcr.io/debian-base-$(ARCH):0.3.1
|
||||
|
||||
build:
|
||||
cp ./* $(TEMP_DIR)
|
||||
cd $(TEMP_DIR) && sed -i "s|BASEIMAGE|$(BASEIMAGE)|g" Dockerfile
|
||||
cd $(TEMP_DIR) && sed -i "s|ARCH|$(QEMUARCH)|g" Dockerfile
|
||||
|
||||
ifeq ($(ARCH),amd64)
|
||||
# When building "normally" for amd64, remove the whole line, it has no part in the amd64 image
|
||||
cd $(TEMP_DIR) && sed -i "/CROSS_BUILD_/d" Dockerfile
|
||||
else
|
||||
# When cross-building, only the placeholder "CROSS_BUILD_" should be removed
|
||||
# Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel
|
||||
ifneq ($(ARCH),amd64)
|
||||
# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
|
||||
docker run --rm --privileged multiarch/qemu-user-static:register --reset
|
||||
curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR)
|
||||
cd $(TEMP_DIR) && sed -i "s/CROSS_BUILD_//g" Dockerfile
|
||||
endif
|
||||
|
||||
docker build --pull -t $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
|
||||
|
@ -39,8 +39,10 @@ endif
|
||||
|
||||
cd ${TEMP_DIR} && sed -i.back "s|BASEIMAGE|${BASEIMAGE}|g" Dockerfile
|
||||
|
||||
ifneq ($(ARCH),amd64)
|
||||
# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
|
||||
docker run --rm --privileged multiarch/qemu-user-static:register --reset
|
||||
endif
|
||||
docker build --pull -t ${REGISTRY}/hyperkube-${ARCH}:${VERSION} ${TEMP_DIR}
|
||||
rm -rf "${TEMP_DIR}"
|
||||
|
||||
|
@ -82,6 +82,8 @@ build() {
|
||||
# Register qemu-*-static for all supported processors except the current one
|
||||
docker run --rm --privileged multiarch/qemu-user-static:register --reset
|
||||
curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/${QEMUVERSION}/x86_64_qemu-${QEMUARCHS[$arch]}-static.tar.gz | tar -xz -C ${temp_dir}
|
||||
# Ensure we don't get surprised by umask settings
|
||||
chmod 0755 "${temp_dir}/qemu-${QEMUARCHS[$arch]}-static"
|
||||
${SED} -i "s/CROSS_BUILD_//g" Dockerfile
|
||||
fi
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user