diff --git a/tools/alpine/Makefile b/tools/alpine/Makefile index 6254f2efa..675191d98 100644 --- a/tools/alpine/Makefile +++ b/tools/alpine/Makefile @@ -4,26 +4,11 @@ ORG?=linuxkit IMAGE=alpine DEPS=packages -# The logic for content trust is a bit convoluted because: -# - The arm64 base image is currently not signed so we need to pull it -# with content trust disabled. This is controlled by -# DOCKER_CONTENT_PULL. -# - 'docker build' with the FROM image supplied as environment -# variable *and* with DOCKER_CONTENT_TRUST=1 currently does not work -# (https://github.com/moby/moby/issues/34199). We therefor build -# with DOCKER_CONTENT_TRUST explicitly set to 0. However, we pull -# the base image just before with content trust enabled (if -# supported, see above). -# - By default we always pull and push the linuxkit/alpine image with -# content trust, unless explicitly disabled with NOTRUST. Once the -# above issues are resolved, this will be the only mechanism to control -# content trust. -ifdef NOTRUST -DOCKER_CONTENT_PULL=0 -else -DOCKER_CONTENT_PULL=1 +ifeq ($(DOCKER_CONTENT_TRUST),) +ifndef NOTRUST export DOCKER_CONTENT_TRUST=1 endif +endif ARCH := $(shell uname -m) ifeq ($(ARCH), x86_64) @@ -41,7 +26,7 @@ show-tag: @sed -n -e '1s/# \(.*\/.*:[0-9a-f]\{40\}\)/\1/p;q' versions.$(ARCH) iid: Dockerfile Makefile $(DEPS) - DOCKER_CONTENT_TRUST=1 docker build --no-cache --iidfile iid . + docker build --no-cache --iidfile iid . hash: Makefile iid docker run --rm $(shell cat iid) sh -c 'echo Dockerfile /lib/apk/db/installed $$(find /mirror -name '*.apk' -type f) $$(find /go/bin -type f) | xargs cat | sha1sum' | sed 's/ .*//' | sed 's/$$/$(SUFFIX)/'> $@