From dca0563a1f50985aeb346bc188a9e114e27cee4d Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Fri, 26 May 2017 13:49:55 -0700 Subject: [PATCH 1/5] trust: use org key in yml Signed-off-by: Riyaz Faizullabhoy --- examples/gcp.yml | 11 +++-------- examples/minimal.yml | 8 ++------ examples/packet.yml | 13 ++----------- examples/redis-os.yml | 8 +++----- examples/sshd.yml | 12 ++---------- examples/vmware.yml | 11 +++-------- linuxkit.yml | 12 +++--------- 7 files changed, 18 insertions(+), 57 deletions(-) diff --git a/examples/gcp.yml b/examples/gcp.yml index b5386bb59..df8be1712 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -38,12 +38,7 @@ services: - CAP_DAC_OVERRIDE net: host trust: + org: + - linuxkit image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/ca-certificates - - linuxkit/sysctl - - linuxkit/dhcpcd - - linuxkit/rngd + - nginx:alpine diff --git a/examples/minimal.yml b/examples/minimal.yml index a281d6ded..01c29f495 100644 --- a/examples/minimal.yml +++ b/examples/minimal.yml @@ -10,9 +10,5 @@ onboot: image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/dhcpcd + org: + - linuxkit diff --git a/examples/packet.yml b/examples/packet.yml index 2f20888b2..ef5e051e1 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -20,14 +20,5 @@ files: - path: root/.ssh/authorized_keys contents: '#your ssh key here' trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/ca-certificates - - linuxkit/sysctl - - linuxkit/rngd - - linuxkit/dhcpcd - - linuxkit/openntpd - - linuxkit/sshd + org: + - linuxkit diff --git a/examples/redis-os.yml b/examples/redis-os.yml index eb85550e4..a3da143df 100644 --- a/examples/redis-os.yml +++ b/examples/redis-os.yml @@ -22,9 +22,7 @@ services: - CAP_DAC_OVERRIDE net: host trust: + org: + - linuxkit image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/dhcpcd + - redis:3.0.7-alpine diff --git a/examples/sshd.yml b/examples/sshd.yml index db0ad313b..02e5c768b 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -20,13 +20,5 @@ files: - path: root/.ssh/authorized_keys contents: '#your ssh key here' trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/ca-certificates - - linuxkit/sysctl - - linuxkit/rngd - - linuxkit/dhcpcd - - linuxkit/sshd + org: + - linuxkit diff --git a/examples/vmware.yml b/examples/vmware.yml index be0d3db1f..50f1e12d0 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -24,12 +24,7 @@ services: - CAP_DAC_OVERRIDE net: host trust: + org: + - linuxkit image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/ca-certificates - - linuxkit/sysctl - - linuxkit/rngd - - linuxkit/dhcpcd + - nginx:alpine diff --git a/linuxkit.yml b/linuxkit.yml index 1b63c584f..b80acf476 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -30,13 +30,7 @@ files: - path: etc/docker/daemon.json contents: '{"debug": true}' trust: + org: + - linuxkit image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/ca-certificates - - linuxkit/sysctl - - linuxkit/binfmt - - linuxkit/dhcpcd - - linuxkit/rngd + - nginx:alpine From cdd27f77589a95e6d58a243924e95b7d38fe8dc4 Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Fri, 26 May 2017 14:50:49 -0700 Subject: [PATCH 2/5] Update other ymls with linuxkit org after signing off on all packages Signed-off-by: Riyaz Faizullabhoy --- examples/docker.yml | 16 ++-------------- examples/node_exporter.yml | 9 ++------- examples/swap.yml | 13 ++----------- pkg/docker-ce/Makefile | 4 ++-- pkg/mkimage/Makefile | 4 ++-- pkg/node_exporter/Makefile | 4 ++-- pkg/open-vm-tools/Makefile | 4 ++-- pkg/swap/Makefile | 4 ++-- 8 files changed, 16 insertions(+), 42 deletions(-) diff --git a/examples/docker.yml b/examples/docker.yml index de4f28f87..52b686d2e 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -40,17 +40,5 @@ files: - path: etc/docker/daemon.json contents: '{"debug": true}' trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/ca-certificates - - linuxkit/sysctl - - linuxkit/sysfs - - linuxkit/binfmt - - linuxkit/format - - linuxkit/mount - - linuxkit/rngd - - linuxkit/dhcpcd - - linuxkit/openntpd + org: + - linuxkit diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index 8402f9e85..7d2e06c55 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -13,10 +13,5 @@ services: - name: node_exporter image: "linuxkit/node_exporter:29a85e9c5de1a1bd470a963878194303f6a7bd8c" trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/rngd - - linuxkit/dhcpcd + org: + - linuxkit diff --git a/examples/swap.yml b/examples/swap.yml index 9673e640d..8fab3b666 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -35,14 +35,5 @@ services: - CAP_DAC_OVERRIDE net: host trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/ca-certificates - - linuxkit/sysctl - - linuxkit/dhcpcd - - linuxkit/format - - linuxkit/mount - - linuxkit/rngd + org: + - linuxkit diff --git a/pkg/docker-ce/Makefile b/pkg/docker-ce/Makefile index 02c9c272e..84499a10f 100644 --- a/pkg/docker-ce/Makefile +++ b/pkg/docker-ce/Makefile @@ -11,5 +11,5 @@ tag: $(DEPS) docker build --squash --no-cache -t $(ORG)/$(IMAGE):$(HASH) . push: tag - docker pull $(ORG)/$(IMAGE):$(HASH) || \ - docker push $(ORG)/$(IMAGE):$(HASH) + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) diff --git a/pkg/mkimage/Makefile b/pkg/mkimage/Makefile index 26931a984..c6be6905c 100644 --- a/pkg/mkimage/Makefile +++ b/pkg/mkimage/Makefile @@ -11,5 +11,5 @@ tag: $(DEPS) docker build --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . push: tag - docker pull $(ORG)/$(IMAGE):$(HASH) || \ - docker push $(ORG)/$(IMAGE):$(HASH) + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) diff --git a/pkg/node_exporter/Makefile b/pkg/node_exporter/Makefile index 467d7dc0d..137c58fb7 100644 --- a/pkg/node_exporter/Makefile +++ b/pkg/node_exporter/Makefile @@ -11,5 +11,5 @@ tag: $(DEPS) docker build --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . push: tag - docker pull $(ORG)/$(IMAGE):$(HASH) || \ - docker push $(ORG)/$(IMAGE):$(HASH) + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) diff --git a/pkg/open-vm-tools/Makefile b/pkg/open-vm-tools/Makefile index b3ba37448..d0108b63e 100644 --- a/pkg/open-vm-tools/Makefile +++ b/pkg/open-vm-tools/Makefile @@ -11,5 +11,5 @@ tag: $(DEPS) docker build --squash --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . push: tag - docker pull $(ORG)/$(IMAGE):$(HASH) || \ - docker push $(ORG)/$(IMAGE):$(HASH) + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) diff --git a/pkg/swap/Makefile b/pkg/swap/Makefile index 1e9783a81..558acbf9d 100644 --- a/pkg/swap/Makefile +++ b/pkg/swap/Makefile @@ -11,5 +11,5 @@ tag: $(DEPS) docker build --squash --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . push: tag - docker pull $(ORG)/$(IMAGE):$(HASH) || \ - docker push $(ORG)/$(IMAGE):$(HASH) + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) From cea9a7c8c692d64c0cbdb1a2e6b4da019cb10169 Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Fri, 26 May 2017 15:01:10 -0700 Subject: [PATCH 3/5] Also sign all test packages and update relevant test cases to use org key Signed-off-by: Riyaz Faizullabhoy --- test/cases/000_build/000_outputs/test.yml | 8 ++------ .../000_qemu/000_run_kernel/test.yml | 8 ++------ .../010_platforms/000_qemu/010_run_iso/test.yml | 7 ++----- .../010_platforms/000_qemu/020_run_efi/test.yml | 7 ++----- .../010_platforms/000_qemu/030_run_qcow/test.yml | 7 ++----- .../010_platforms/000_qemu/100_container/test.yml | 7 ++----- .../010_hyperkit/000_run_kernel/test.yml | 7 ++----- .../000_config_4.4.x/test-kernel-config.yml | 7 ++----- .../001_config_4.9.x/test-kernel-config.yml | 7 ++----- .../002_config_4.10.x/test-kernel-config.yml | 7 ++----- .../003_config_4.11.x/test-kernel-config.yml | 7 ++----- test/cases/020_kernel/010_kmod_4.9.x/kmod.yml | 7 ++----- .../000_docker-bench/test-docker-bench.yml | 15 ++------------- .../cases/040_packages/000_sysctl/test-sysctl.yml | 8 ++------ test/cases/040_packages/001_mkimage/mkimage.yml | 7 ++----- test/cases/040_packages/001_mkimage/run.yml | 4 ++-- test/pkg/docker-bench/Makefile | 4 ++-- test/pkg/kernel-config/Makefile | 4 ++-- test/pkg/ltp/Makefile | 4 ++-- test/pkg/poweroff/Makefile | 4 ++-- test/pkg/sysctl/Makefile | 4 ++-- test/pkg/virtsock/Makefile | 4 ++-- 22 files changed, 44 insertions(+), 100 deletions(-) diff --git a/test/cases/000_build/000_outputs/test.yml b/test/cases/000_build/000_outputs/test.yml index a281d6ded..01c29f495 100644 --- a/test/cases/000_build/000_outputs/test.yml +++ b/test/cases/000_build/000_outputs/test.yml @@ -10,9 +10,5 @@ onboot: image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/dhcpcd + org: + - linuxkit diff --git a/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml b/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml index e5aaeef61..f6389b462 100644 --- a/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml +++ b/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml @@ -10,9 +10,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "10"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - + org: + - linuxkit diff --git a/test/cases/010_platforms/000_qemu/010_run_iso/test.yml b/test/cases/010_platforms/000_qemu/010_run_iso/test.yml index e5aaeef61..932a99585 100644 --- a/test/cases/010_platforms/000_qemu/010_run_iso/test.yml +++ b/test/cases/010_platforms/000_qemu/010_run_iso/test.yml @@ -10,9 +10,6 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "10"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/010_platforms/000_qemu/020_run_efi/test.yml b/test/cases/010_platforms/000_qemu/020_run_efi/test.yml index 354a2f50d..f6389b462 100644 --- a/test/cases/010_platforms/000_qemu/020_run_efi/test.yml +++ b/test/cases/010_platforms/000_qemu/020_run_efi/test.yml @@ -10,8 +10,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "10"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml b/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml index 354a2f50d..f6389b462 100644 --- a/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml +++ b/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml @@ -10,8 +10,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "10"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/010_platforms/000_qemu/100_container/test.yml b/test/cases/010_platforms/000_qemu/100_container/test.yml index 7c0fd1cb0..207a3792d 100644 --- a/test/cases/010_platforms/000_qemu/100_container/test.yml +++ b/test/cases/010_platforms/000_qemu/100_container/test.yml @@ -10,8 +10,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml b/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml index 354a2f50d..f6389b462 100644 --- a/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml +++ b/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml @@ -10,8 +10,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "10"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml index 561b46251..4548eb07a 100644 --- a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml +++ b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml @@ -13,8 +13,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml index d5ce54d86..aa89c9345 100644 --- a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml +++ b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml @@ -13,8 +13,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/020_kernel/002_config_4.10.x/test-kernel-config.yml b/test/cases/020_kernel/002_config_4.10.x/test-kernel-config.yml index b476bbe83..53c0b948d 100644 --- a/test/cases/020_kernel/002_config_4.10.x/test-kernel-config.yml +++ b/test/cases/020_kernel/002_config_4.10.x/test-kernel-config.yml @@ -13,8 +13,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml index 85843f6eb..3ea94cd6d 100644 --- a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml +++ b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml @@ -13,8 +13,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml b/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml index 1fc3fc0e0..dd21c6100 100644 --- a/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml +++ b/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml @@ -17,8 +17,5 @@ onboot: image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml index 768cac35c..9e2cd08a5 100644 --- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml +++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml @@ -45,16 +45,5 @@ services: capabilities: - all trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/ca-certificates - - linuxkit/sysctl - - linuxkit/sysfs - - linuxkit/binfmt - - linuxkit/format - - linuxkit/mount - - linuxkit/rngd - - linuxkit/dhcpcd + org: + - linuxkit diff --git a/test/cases/040_packages/000_sysctl/test-sysctl.yml b/test/cases/040_packages/000_sysctl/test-sysctl.yml index a21bd0782..3dea8667d 100644 --- a/test/cases/040_packages/000_sysctl/test-sysctl.yml +++ b/test/cases/040_packages/000_sysctl/test-sysctl.yml @@ -13,9 +13,5 @@ onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd - - linuxkit/sysctl + org: + - linuxkit diff --git a/test/cases/040_packages/001_mkimage/mkimage.yml b/test/cases/040_packages/001_mkimage/mkimage.yml index 8bcced824..93377745d 100644 --- a/test/cases/040_packages/001_mkimage/mkimage.yml +++ b/test/cases/040_packages/001_mkimage/mkimage.yml @@ -18,8 +18,5 @@ files: - path: data/cmdline source: run-cmdline trust: - image: - - linuxkit/kernel - - linuxkit/init - - linuxkit/runc - - linuxkit/containerd + org: + - linuxkit diff --git a/test/cases/040_packages/001_mkimage/run.yml b/test/cases/040_packages/001_mkimage/run.yml index 95f1253c8..2aadd392b 100644 --- a/test/cases/040_packages/001_mkimage/run.yml +++ b/test/cases/040_packages/001_mkimage/run.yml @@ -9,5 +9,5 @@ onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" trust: - image: - - linuxkit/kernel + org: + - linuxkit diff --git a/test/pkg/docker-bench/Makefile b/test/pkg/docker-bench/Makefile index 8388678d9..be0f5be11 100644 --- a/test/pkg/docker-bench/Makefile +++ b/test/pkg/docker-bench/Makefile @@ -11,9 +11,9 @@ hash: Dockerfile bench_runner.sh docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)) docker rmi $(IMAGE):build rm -f hash diff --git a/test/pkg/kernel-config/Makefile b/test/pkg/kernel-config/Makefile index 6aa8831a0..0c8e9c30d 100644 --- a/test/pkg/kernel-config/Makefile +++ b/test/pkg/kernel-config/Makefile @@ -11,9 +11,9 @@ hash: Dockerfile check.sh check-kernel-config.sh etc/linuxkit docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)) docker rmi $(IMAGE):build rm -f hash diff --git a/test/pkg/ltp/Makefile b/test/pkg/ltp/Makefile index 53fcbeab0..862f71049 100644 --- a/test/pkg/ltp/Makefile +++ b/test/pkg/ltp/Makefile @@ -23,9 +23,9 @@ hash: Dockerfile.pkg ltp.tar check.sh $(DEPS) cat Dockerfile.pkg check.sh $(DEPS) | DOCKER_CONTENT_TRUST=1 docker run --rm -i $(SHASUM) sha1sum | sed 's/ .*//' > $@ push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)) docker rmi $(IMAGE):build rm -f hash diff --git a/test/pkg/poweroff/Makefile b/test/pkg/poweroff/Makefile index 9f254bf8d..b6637911b 100644 --- a/test/pkg/poweroff/Makefile +++ b/test/pkg/poweroff/Makefile @@ -11,9 +11,9 @@ hash: Dockerfile poweroff.sh docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)) docker rmi $(IMAGE):build rm -f hash diff --git a/test/pkg/sysctl/Makefile b/test/pkg/sysctl/Makefile index aa7e8aa90..be9319aa9 100644 --- a/test/pkg/sysctl/Makefile +++ b/test/pkg/sysctl/Makefile @@ -11,9 +11,9 @@ hash: Dockerfile check.sh docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)) docker rmi $(IMAGE):build rm -f hash diff --git a/test/pkg/virtsock/Makefile b/test/pkg/virtsock/Makefile index 18d54480b..8e5d71545 100644 --- a/test/pkg/virtsock/Makefile +++ b/test/pkg/virtsock/Makefile @@ -11,5 +11,5 @@ tag: $(DEPS) docker build --squash --no-cache -t $(ORG)/$(IMAGE):$(HASH) . push: tag - docker pull $(ORG)/$(IMAGE):$(HASH) || \ - docker push $(ORG)/$(IMAGE):$(HASH) + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) From b2655c1bbe8bf1268d5dd031988d06a95d7ec27b Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Fri, 26 May 2017 15:34:27 -0700 Subject: [PATCH 4/5] Rename and sign linuxkit/test-ltp Signed-off-by: Riyaz Faizullabhoy --- test/hack/test-ltp.yml | 2 +- test/pkg/ltp/Makefile | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/test/hack/test-ltp.yml b/test/hack/test-ltp.yml index 06523fdad..cf334606b 100644 --- a/test/hack/test-ltp.yml +++ b/test/hack/test-ltp.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: ltp - image: "linuxkit/test-ltp-20170116:81229df2d25065b06f0a3071faaace8d66c87e67" + image: "linuxkit/test-ltp:20170116" net: host pid: host binds: diff --git a/test/pkg/ltp/Makefile b/test/pkg/ltp/Makefile index 862f71049..b9c05f8e8 100644 --- a/test/pkg/ltp/Makefile +++ b/test/pkg/ltp/Makefile @@ -11,7 +11,7 @@ ltp.tar: ltp.tag docker run --rm --net=none --log-driver=none $(shell cat ltp.tag) tar cf - opt/ltp > $@ SHASUM=alpine:3.5 -IMAGE=test-ltp-$(LTP_VERSION) +IMAGE=test-ltp # Note: We do not compute the hash from all the dependencies here # because the ltp binaries will change everytime we build. Ideally, we @@ -25,7 +25,9 @@ hash: Dockerfile.pkg ltp.tar check.sh $(DEPS) push: hash DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)) + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(LTP_VERSION) && \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) && \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(LTP_VERSION)) docker rmi $(IMAGE):build rm -f hash From 5fd53a697e26ee2f4d88a5d6925078548bc5e4b5 Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Fri, 26 May 2017 16:19:29 -0700 Subject: [PATCH 5/5] Bump moby tool to include tempdir tuf dir and tag fixes Signed-off-by: Riyaz Faizullabhoy --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index aa8ce5091..3702e925a 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ endif PREFIX?=/usr/local/ -MOBY_COMMIT=1cb9fab3e13c8d3931c6f989c5d36087382e8710 +MOBY_COMMIT=101fa30ef335b2fa70ef4fc322821a12bd368c26 bin/moby: Makefile | bin docker run --rm --log-driver=none $(CROSS) $(GO_COMPILE) --clone-path github.com/moby/tool --clone https://github.com/moby/tool.git --commit $(MOBY_COMMIT) --package github.com/moby/tool/cmd/moby --ldflags "-X main.GitCommit=$(GIT_COMMIT) -X main.Version=$(VERSION)" -o $@ > tmp_moby_bin.tar tar xf tmp_moby_bin.tar > $@