From 370f8e7eb05e02d48ff2b67e7a867319a090417a Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Mon, 24 Apr 2017 15:16:13 +0100 Subject: [PATCH 1/6] tools: Add more utilities to c-compile These utilities are needed to compile tini, rngd, and toybox. Signed-off-by: Rolf Neugebauer --- tools/c-compile/Dockerfile | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/tools/c-compile/Dockerfile b/tools/c-compile/Dockerfile index fe871d742..0ed0cffc9 100644 --- a/tools/c-compile/Dockerfile +++ b/tools/c-compile/Dockerfile @@ -2,13 +2,22 @@ FROM alpine:3.5 RUN \ apk update && apk upgrade && \ apk add \ - bsd-compat-headers \ - curl \ - gcc \ - git \ - libc-dev \ - linux-headers \ - util-linux-dev \ + argp-standalone \ + automake \ + bash \ + bsd-compat-headers \ + build-base \ + cmake \ + curl \ + gcc \ + git \ + libc-dev \ + linux-headers \ + make \ + musl-dev \ + patch \ + util-linux-dev \ + vim \ && true COPY compile.sh /usr/bin/ From 85bcee93ddb76520c9c04d1c865c04b1b955c5db Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 23 Apr 2017 10:12:24 +0100 Subject: [PATCH 2/6] tools: Move tini to ./tools and convert to multi-stage build Previously the "tini" contained the entire build. Using the multi-stage build creates a new "tini" base image, which only contains the "/bin/tini". This image can be used as the base image for packages requiring "tini". Signed-off-by: Rolf Neugebauer --- base/tini/Makefile | 29 ------------------- .../rngd}/fix-textrels-on-PIC-x86.patch | 20 ++++++------- {base/rng-tools => pkg/rngd}/sha256sums | 0 test/virtsock/Dockerfile.build | 11 ------- test/virtsock/Dockerfile.pkg | 3 -- {base => tools}/tini/Dockerfile | 19 +++++------- tools/tini/Makefile | 26 +++++++++++++++++ tools/tini/README.md | 4 +++ 8 files changed, 48 insertions(+), 64 deletions(-) delete mode 100644 base/tini/Makefile rename {base/rng-tools => pkg/rngd}/fix-textrels-on-PIC-x86.patch (90%) rename {base/rng-tools => pkg/rngd}/sha256sums (100%) delete mode 100644 test/virtsock/Dockerfile.build delete mode 100644 test/virtsock/Dockerfile.pkg rename {base => tools}/tini/Dockerfile (52%) create mode 100644 tools/tini/Makefile create mode 100644 tools/tini/README.md diff --git a/base/tini/Makefile b/base/tini/Makefile deleted file mode 100644 index fd54768a4..000000000 --- a/base/tini/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -.PHONY: tag push - -BASE=alpine:3.5 -IMAGE=tini - -default: push - -hash: Dockerfile - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint sh $(IMAGE):build -c 'cat /Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash - -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -f hash - -.DELETE_ON_ERROR: diff --git a/base/rng-tools/fix-textrels-on-PIC-x86.patch b/pkg/rngd/fix-textrels-on-PIC-x86.patch similarity index 90% rename from base/rng-tools/fix-textrels-on-PIC-x86.patch rename to pkg/rngd/fix-textrels-on-PIC-x86.patch index 88d0a7f90..7ea76d6fd 100644 --- a/base/rng-tools/fix-textrels-on-PIC-x86.patch +++ b/pkg/rngd/fix-textrels-on-PIC-x86.patch @@ -1,17 +1,17 @@ --- rng-tools/rdrand_asm.S +++ rng-tools/rdrand_asm.S @@ -49,6 +49,7 @@ - ret + ret ENDPROC(x86_rdrand_nlong) - + +#define INIT_PIC() #define SETPTR(var,ptr) leaq var(%rip),ptr #define PTR0 %rdi #define PTR1 %rsi @@ -84,7 +85,16 @@ - ret + ret ENDPROC(x86_rdrand_nlong) - + +#if defined(__PIC__) +#undef __i686 /* gcc builtin define gets in our way */ +#define INIT_PIC() \ @@ -26,16 +26,16 @@ #define PTR1 %edx #define PTR2 %ecx @@ -101,6 +111,7 @@ - movl 8(%ebp), %eax - movl 12(%ebp), %edx + movl 8(%ebp), %eax + movl 12(%ebp), %edx #endif + INIT_PIC() - - SETPTR(aes_round_keys, PTR2) - + + SETPTR(aes_round_keys, PTR2) + @@ -166,6 +177,17 @@ #endif - ret + ret ENDPROC(x86_aes_mangle) + +#if defined(__i386__) && defined(__PIC__) diff --git a/base/rng-tools/sha256sums b/pkg/rngd/sha256sums similarity index 100% rename from base/rng-tools/sha256sums rename to pkg/rngd/sha256sums diff --git a/test/virtsock/Dockerfile.build b/test/virtsock/Dockerfile.build deleted file mode 100644 index 463221e89..000000000 --- a/test/virtsock/Dockerfile.build +++ /dev/null @@ -1,11 +0,0 @@ -FROM linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 - -ENV VIRTSOCK_COMMIT=6b4dec728264e07c41e108caebd6bc2b72559a5f -RUN mkdir -p $GOPATH/src/github.com/rneugeba && \ - cd $GOPATH/src/github.com/rneugeba && \ - git clone https://github.com/rneugeba/virtsock.git -WORKDIR $GOPATH/src/github.com/rneugeba/virtsock -RUN git checkout $VIRTSOCK_COMMIT -RUN make build/virtsock_stress.linux - -ENTRYPOINT ["cat", "build/virtsock_stress.linux"] diff --git a/test/virtsock/Dockerfile.pkg b/test/virtsock/Dockerfile.pkg deleted file mode 100644 index 2f25a302a..000000000 --- a/test/virtsock/Dockerfile.pkg +++ /dev/null @@ -1,3 +0,0 @@ -FROM scratch -COPY . ./ -CMD ["/bin/tini", "/bin/virtsock_stress", "-s", "-v", "1"] diff --git a/base/tini/Dockerfile b/tools/tini/Dockerfile similarity index 52% rename from base/tini/Dockerfile rename to tools/tini/Dockerfile index 3d520b1d5..8250d6c7e 100644 --- a/base/tini/Dockerfile +++ b/tools/tini/Dockerfile @@ -1,16 +1,13 @@ -FROM alpine:3.5 -RUN \ - apk update && apk upgrade && \ - apk add \ - cmake \ - gcc \ - make \ - musl-dev \ - vim \ - && true - +FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS tini-build COPY . / ENV TINI_VERSION=0.13.0 ADD https://github.com/krallin/tini/archive/v${TINI_VERSION}.tar.gz tini-${TINI_VERSION}.tar.gz + RUN zcat tini-${TINI_VERSION}.tar.gz | tar xvf - RUN cd tini-${TINI_VERSION} && cmake . && make && cp -a tini-static /bin/tini + +FROM scratch +ENTRYPOINT [] +CMD [] +WORKDIR / +COPY --from=tini-build bin/tini bin/tini diff --git a/tools/tini/Makefile b/tools/tini/Makefile new file mode 100644 index 000000000..adacde647 --- /dev/null +++ b/tools/tini/Makefile @@ -0,0 +1,26 @@ +.PHONY: tag push +default: push + +IMAGE=tini +SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +DEPS=Dockerfile Makefile + +hash: $(DEPS) + find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash + +tag: hash + docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + (docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) + +push: tag + docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + docker push linuxkit/$(IMAGE):$(shell cat hash) + rm -f hash + docker rmi $(IMAGE):build || true + +clean: + rm -f hash + docker rmi $(IMAGE):build || true + +.DELETE_ON_ERROR: diff --git a/tools/tini/README.md b/tools/tini/README.md new file mode 100644 index 000000000..fc3425e95 --- /dev/null +++ b/tools/tini/README.md @@ -0,0 +1,4 @@ +[tini](https://github.com/krallin/tini) is a tiny program which can be +used as a minimal `init` process for container images. + +The `linuxkit/tini` image just contains `/bin/tini` and can be used as the base image by packages, requiring `tini`. From 60a12f1c52bce5e91d62f360b65ff75bdcbfb5c6 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 23 Apr 2017 14:55:51 +0100 Subject: [PATCH 3/6] tools: Move toybox to ./tools and use a multi-stage build Also use c-compile to compile it Signed-off-by: Rolf Neugebauer --- base/alpine-build-toybox/Dockerfile | 17 ----------------- base/alpine-build-toybox/Makefile | 29 ----------------------------- base/alpine-build-toybox/build.sh | 11 ----------- base/toybox-media/Makefile | 28 ---------------------------- tools/toybox-media/Dockerfile | 18 ++++++++++++++++++ tools/toybox-media/Makefile | 26 ++++++++++++++++++++++++++ tools/toybox-media/README.md | 3 +++ 7 files changed, 47 insertions(+), 85 deletions(-) delete mode 100644 base/alpine-build-toybox/Dockerfile delete mode 100644 base/alpine-build-toybox/Makefile delete mode 100755 base/alpine-build-toybox/build.sh delete mode 100644 base/toybox-media/Makefile create mode 100644 tools/toybox-media/Dockerfile create mode 100644 tools/toybox-media/Makefile create mode 100644 tools/toybox-media/README.md diff --git a/base/alpine-build-toybox/Dockerfile b/base/alpine-build-toybox/Dockerfile deleted file mode 100644 index e9a72831c..000000000 --- a/base/alpine-build-toybox/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM alpine:3.5 -RUN \ - apk update && apk upgrade && \ - apk add \ - automake \ - bash \ - build-base \ - git \ - && true -COPY . . -# 0.7.2 -ENV LDFLAGS=--static -RUN git clone https://github.com/landley/toybox.git && \ - cd toybox && git checkout b27d5d9ad0c56014d8661d91f69ee498bbbe4cf9 && \ - make defconfig -WORKDIR /toybox -ENTRYPOINT ["/build.sh"] diff --git a/base/alpine-build-toybox/Makefile b/base/alpine-build-toybox/Makefile deleted file mode 100644 index 03382e927..000000000 --- a/base/alpine-build-toybox/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -.PHONY: tag push - -BASE=alpine:3.5 -IMAGE=alpine-build-toybox - -default: push - -hash: Dockerfile build.sh - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint sh $(IMAGE):build -c 'cat /Dockerfile /build.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash - -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -f hash - -.DELETE_ON_ERROR: diff --git a/base/alpine-build-toybox/build.sh b/base/alpine-build-toybox/build.sh deleted file mode 100755 index d6b16fd58..000000000 --- a/base/alpine-build-toybox/build.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -FILES=$@ -make $FILES > /dev/null -[ $# -eq 0 ] && FILES=toybox -# TODO symlinks if just use toybox -mkdir -p /out/bin -mv $FILES /out/bin -printf "FROM scratch\nCOPY bin/ bin/\n" > /out/Dockerfile -cd /out -tar cf - . diff --git a/base/toybox-media/Makefile b/base/toybox-media/Makefile deleted file mode 100644 index 1206d6056..000000000 --- a/base/toybox-media/Makefile +++ /dev/null @@ -1,28 +0,0 @@ -.PHONY: tag push -BASE=linuxkit/alpine-build-toybox:1855c262e3b2b252540bab17dc09f0bb292b0633@sha256:ef748ed99678ac0a72ccccb975c45bc1c7b706fe9047c3ac62b2b80025b33d3f -IMAGE=toybox-media - -default: push - -hash: - docker run --rm $(BASE) ls tar sh find sha1sum | \ - docker build -q -t $(IMAGE):build - - docker run --rm $(IMAGE):build tar cf - bin | docker run -i $(IMAGE):build sha1sum -b - > hash - -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -f hash - -.DELETE_ON_ERROR: diff --git a/tools/toybox-media/Dockerfile b/tools/toybox-media/Dockerfile new file mode 100644 index 000000000..64e9c1564 --- /dev/null +++ b/tools/toybox-media/Dockerfile @@ -0,0 +1,18 @@ +FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS toybox-build +COPY . . +ENV FILES="ls tar sh find sha1sum" +# 0.7.2 +ENV LDFLAGS=--static +RUN git clone https://github.com/landley/toybox.git && \ + cd toybox && git checkout b27d5d9ad0c56014d8661d91f69ee498bbbe4cf9 && \ + make defconfig +WORKDIR /toybox +RUN make ${FILES} +RUN mkdir -p /out/bin +RUN cp ${FILES} /out/bin + +FROM scratch +ENTRYPOINT [] +CMD [] +WORKDIR / +COPY --from=toybox-build out/bin bin/ diff --git a/tools/toybox-media/Makefile b/tools/toybox-media/Makefile new file mode 100644 index 000000000..c50f62ee4 --- /dev/null +++ b/tools/toybox-media/Makefile @@ -0,0 +1,26 @@ +.PHONY: tag push +default: push + +IMAGE=toybox-media +SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +DEPS=Dockerfile Makefile + +hash: $(DEPS) + find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash + +tag: hash + docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + (docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) + +push: tag + docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + docker push linuxkit/$(IMAGE):$(shell cat hash) + rm -f hash + docker rmi $(IMAGE):build || true + +clean: + rm -f hash + docker rmi $(IMAGE):build || true + +.DELETE_ON_ERROR: diff --git a/tools/toybox-media/README.md b/tools/toybox-media/README.md new file mode 100644 index 000000000..93b1db435 --- /dev/null +++ b/tools/toybox-media/README.md @@ -0,0 +1,3 @@ +`linuxkit/toybox-media` is a small container image, which can be use +to distribute other files in. It contains a basic shell, `tar`, `ls`, +`find`, and `sha1sum`. It's compiled from [toybox](https://github.com/landley/toybox.git). From 8d1eb49fa76db60b930158c6afc18012c11d65d6 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 23 Apr 2017 14:06:55 +0100 Subject: [PATCH 4/6] pkg: Convert rngd to a multi-stage build This allows us to get rid of the ./base/rng-tools Use c-compile to compile it Signed-off-by: Rolf Neugebauer --- base/rng-tools/Dockerfile | 33 --------------------------- base/rng-tools/Makefile | 29 ----------------------- pkg/rngd/Dockerfile | 34 +++++++++++++++++++++++++-- pkg/rngd/Makefile | 48 ++++++++++----------------------------- 4 files changed, 44 insertions(+), 100 deletions(-) delete mode 100644 base/rng-tools/Dockerfile delete mode 100644 base/rng-tools/Makefile diff --git a/base/rng-tools/Dockerfile b/base/rng-tools/Dockerfile deleted file mode 100644 index 49f1d5491..000000000 --- a/base/rng-tools/Dockerfile +++ /dev/null @@ -1,33 +0,0 @@ -FROM alpine:3.5 -RUN \ - apk update && apk upgrade && \ - apk add \ - argp-standalone \ - curl \ - gcc \ - linux-headers \ - make \ - musl-dev \ - patch \ - && true - -COPY . / - -ENV pkgname=rng-tools pkgver=5 - -RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz -RUN sha256sum -c sha256sums -RUN zcat $pkgname-$pkgver.tar.gz | tar xf - - -RUN cd $pkgname-$pkgver && for p in ../*.patch; do cat $p | patch -p1; done - -RUN cd $pkgname-$pkgver && \ - export LIBS="-largp" && \ - LDFLAGS=-static ./configure \ - --prefix=/usr \ - --libexecdir=/usr/lib/rng-tools \ - --sysconfdir=/etc \ - --disable-silent-rules && \ - make && \ - make DESTDIR=/ install && \ - strip /usr/sbin/rngd diff --git a/base/rng-tools/Makefile b/base/rng-tools/Makefile deleted file mode 100644 index 0ad744ef6..000000000 --- a/base/rng-tools/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -.PHONY: tag push - -BASE=alpine:3.5 -IMAGE=rng-tools - -default: push - -hash: Dockerfile fix-textrels-on-PIC-x86.patch sha256sums - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'cat /Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash - -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -f hash - -.DELETE_ON_ERROR: diff --git a/pkg/rngd/Dockerfile b/pkg/rngd/Dockerfile index 148553180..758ff0611 100644 --- a/pkg/rngd/Dockerfile +++ b/pkg/rngd/Dockerfile @@ -1,3 +1,33 @@ -FROM scratch -COPY . ./ +FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS rng-build + +COPY . / + +ENV pkgname=rng-tools pkgver=5 +RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz +RUN sha256sum -c sha256sums +RUN zcat $pkgname-$pkgver.tar.gz | tar xf - + +RUN cd $pkgname-$pkgver && for p in ../*.patch; do cat $p | patch -p1; done + +RUN cd $pkgname-$pkgver && \ + export LIBS="-largp" && \ + LDFLAGS=-static ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/rng-tools \ + --sysconfdir=/etc \ + --disable-silent-rules && \ + make && \ + make DESTDIR=/ install && \ + strip /usr/sbin/rngd +RUN mkdir -p /tmp/dev /tmp/proc /tmp/sys + + +FROM linuxkit/tini:6714d66b82b5397f497b2aa05764096ed1ffe7d7@sha256:ba594b96af6195737ce2df702196d7adea2cafde554e18940ee14ad575d27f3b +ENTRYPOINT [] +WORKDIR / +COPY --from=rng-build usr/sbin/rngd usr/sbin/rngd +# Can't create directories, so copy empty dirs from previous context +COPY --from=rng-build tmp/dev dev +COPY --from=rng-build tmp/proc proc +COPY --from=rng-build tmp/sys sys CMD ["/bin/tini", "/usr/sbin/rngd", "-f"] diff --git a/pkg/rngd/Makefile b/pkg/rngd/Makefile index b4f293104..f6d908d83 100644 --- a/pkg/rngd/Makefile +++ b/pkg/rngd/Makefile @@ -1,50 +1,26 @@ -RNG_TOOLS_IMAGE=linuxkit/rng-tools:d77676ea6ae229b779868e5eff4600f59b0eb0d8@sha256:61cafe4075e1223a110d8569961bbf9ec0ab64abd4abb04c1677d7ecd7078383 -RNGD_BINARY=usr/sbin/rngd - -TINI_IMAGE=linuxkit/tini:da0e068f8b537b81f817439a52f63e8f6d91cca3@sha256:bdca5e6703c9553d890c79a4a094e2f05df87f09f6bd5bef26c06d6cba56c112 -TINI_BINARY=bin/tini - -.PHONY: tag push clean container +.PHONY: tag push default: push -$(TINI_BINARY): - mkdir -p $(dir $@) - docker run --rm --net=none $(TINI_IMAGE) tar cf - $@ | tar xf - - -$(RNGD_BINARY): - mkdir -p $(dir $@) - docker run --rm --net=none $(RNG_TOOLS_IMAGE) tar cf - $@ | tar xf - - -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 - IMAGE=rngd +SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +DEPS=Dockerfile Makefile -DIRS=dev proc sys -$(DIRS): - mkdir -p $@ - -DEPS=$(DIRS) $(TINI_BINARY) $(RNGD_BINARY) - -container: Dockerfile $(DEPS) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - -hash: Dockerfile $(DEPS) +hash: $(DEPS) find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash -push: hash container +tag: hash docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash + (docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) -tag: hash container +push: tag docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build + docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash + docker rmi $(IMAGE):build || true clean: - rm -rf hash $(DIRS) usr bin + rm -f hash + docker rmi $(IMAGE):build || true .DELETE_ON_ERROR: From 91dcb402c77b60ef9001ddd1932204bfd2fd6a48 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 23 Apr 2017 12:54:09 +0100 Subject: [PATCH 5/6] test: Convert virtsock to use multi-stage build Signed-off-by: Rolf Neugebauer --- test/virtsock/Dockerfile | 14 ++++++++ test/virtsock/Makefile | 48 ++++++++------------------ test/virtsock/test-virtsock-server.yml | 5 ++- 3 files changed, 32 insertions(+), 35 deletions(-) create mode 100644 test/virtsock/Dockerfile diff --git a/test/virtsock/Dockerfile b/test/virtsock/Dockerfile new file mode 100644 index 000000000..6ba3cf281 --- /dev/null +++ b/test/virtsock/Dockerfile @@ -0,0 +1,14 @@ +FROM linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 AS virtsock-build + +ENV VIRTSOCK_COMMIT=6b4dec728264e07c41e108caebd6bc2b72559a5f +RUN mkdir -p $GOPATH/src/github.com/rneugeba && \ + cd $GOPATH/src/github.com/rneugeba && \ + git clone https://github.com/rneugeba/virtsock.git +WORKDIR $GOPATH/src/github.com/rneugeba/virtsock +RUN git checkout $VIRTSOCK_COMMIT +RUN make build/virtsock_stress.linux +RUN cp -a build/virtsock_stress.linux /virtsock_stress + +FROM linuxkit/tini:6714d66b82b5397f497b2aa05764096ed1ffe7d7@sha256:ba594b96af6195737ce2df702196d7adea2cafde554e18940ee14ad575d27f3b +COPY --from=virtsock-build virtsock_stress bin/virtsock_stress +CMD ["/bin/tini", "/bin/virtsock_stress", "-s", "-v", "1"] diff --git a/test/virtsock/Makefile b/test/virtsock/Makefile index ea29d83cb..a88497657 100644 --- a/test/virtsock/Makefile +++ b/test/virtsock/Makefile @@ -1,46 +1,26 @@ -.PHONY: tag push clean container -all: push - -# Build the virtsock stress server -VIRTSOCK_BINARY=bin/virtsock_stress -DEPS=Dockerfile.build Makefile -virtsock.tag: $(DEPS) - BUILD=$$(docker build -f $< -q .) && [ -n "$$BUILD" ] && echo "Built $$BUILD" && echo "$$BUILD" > $@ - -$(VIRTSOCK_BINARY): virtsock.tag - mkdir -p $(dir $@) - docker run --rm --net=none --log-driver=none $(shell cat virtsock.tag) > $@ - chmod ugo+x $@ - -TINI_IMAGE=linuxkit/tini:da0e068f8b537b81f817439a52f63e8f6d91cca3@sha256:bdca5e6703c9553d890c79a4a094e2f05df87f09f6bd5bef26c06d6cba56c112 -TINI_BINARY=bin/tini - -$(TINI_BINARY): - mkdir -p $(dir $@) - docker run --rm --net=none $(TINI_IMAGE) tar cf - $@ | tar xf - - -SHASUM=alpine:3.5 +.PHONY: tag push IMAGE=test-virtsock -container: Dockerfile.pkg $(DEPS) $(VIRTSOCK_BINARY) $(TINI_BINARY) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build -f $< - -hash: Dockerfile.pkg $(DEPS) +default: push + +DEPS=Dockerfile Makefile +SHASUM=alpine:3.5 +hash: $(DEPS) find $^ -type f | xargs cat | DOCKER_CONTENT_TRUST=1 docker run --rm -i $(SHASUM) sha1sum | sed 's/ .*//' > $@ -push: hash container +tag: hash docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash + (docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build || true -tag: hash container +push: tag docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build + docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash clean: - rm -rf $(VIRTSOCK_BINARY) $(TINI_BINARY) virtsock.tag hash + rm -rf hash + docker rmi $(IMAGE):build || true .DELETE_ON_ERROR: diff --git a/test/virtsock/test-virtsock-server.yml b/test/virtsock/test-virtsock-server.yml index 481392b65..5872e57c7 100644 --- a/test/virtsock/test-virtsock-server.yml +++ b/test/virtsock/test-virtsock-server.yml @@ -38,8 +38,11 @@ services: net: host oomScoreAdj: -800 - name: virtsock-server - image: "linuxkit/test-virtsock:cd2135acdc225f3bd0503678bb50bbd3e0b194b2" + image: "linuxkit/test-virtsock:89133a5081b44dcda66e57502bcbc783e0a654be" readonly: true +trust: + image: + - linuxkit/kernel outputs: - format: kernel+initrd - format: iso-bios From 3ba9d8064b45027f8a5d04bfe2db05707f5203d4 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 23 Apr 2017 14:26:45 +0100 Subject: [PATCH 6/6] YAML: Update standard yml files to use the new rngd image Signed-off-by: Rolf Neugebauer --- examples/docker.yml | 2 +- examples/gcp.yml | 2 +- examples/node_exporter.yml | 2 +- examples/packet.yml | 2 +- examples/sshd.yml | 2 +- examples/vmware.yml | 2 +- linuxkit.yml | 2 +- test/docker-bench/test-docker-bench.yml | 2 +- test/virtsock/test-virtsock-server.yml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/examples/docker.yml b/examples/docker.yml index 57bdb28ca..803828304 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -40,7 +40,7 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" + image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/examples/gcp.yml b/examples/gcp.yml index 64f139531..7cf5c2c6c 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -37,7 +37,7 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" + image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index d10bab344..49c99c61d 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -8,7 +8,7 @@ init: - linuxkit/containerd:fe1b7f438a234cb6481c6538295115eac2a0596d services: - name: rngd - image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" + image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/examples/packet.yml b/examples/packet.yml index 5615c7bcd..88aed2102 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/examples/sshd.yml b/examples/sshd.yml index 9f0ff26b0..5f6f0a27a 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" + image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/examples/vmware.yml b/examples/vmware.yml index 2b933c82c..3ef706d4e 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -17,7 +17,7 @@ onboot: readonly: true services: - name: rngd - image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" + image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/linuxkit.yml b/linuxkit.yml index 4c98478bb..61de49b8f 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -33,7 +33,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: rngd - image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" + image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/test/docker-bench/test-docker-bench.yml b/test/docker-bench/test-docker-bench.yml index 0bc8b60f7..159dbb115 100644 --- a/test/docker-bench/test-docker-bench.yml +++ b/test/docker-bench/test-docker-bench.yml @@ -40,7 +40,7 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "linuxkit/rngd:f5e5be43e730ea819c3293d5c6dcbfa7f4c5c314" + image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/test/virtsock/test-virtsock-server.yml b/test/virtsock/test-virtsock-server.yml index 5872e57c7..07ae20d9c 100644 --- a/test/virtsock/test-virtsock-server.yml +++ b/test/virtsock/test-virtsock-server.yml @@ -21,7 +21,7 @@ onboot: readonly: true services: - name: rngd - image: "linuxkit/rngd:f5e5be43e730ea819c3293d5c6dcbfa7f4c5c314" + image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800