From 2c4c55859f1acf71416ff49b708628dcb0c0cf1f Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Thu, 27 Apr 2017 10:34:40 -0700 Subject: [PATCH] Add separate sign-tag target, keep tool building offline Signed-off-by: Riyaz Faizullabhoy --- Makefile | 4 +--- pkg/binfmt/Makefile | 8 +++++++- pkg/rngd/Makefile | 8 +++++++- tools/c-compile/Makefile | 8 +++++++- tools/go-compile/Makefile | 8 +++++++- tools/tini/Makefile | 8 +++++++- tools/toybox-media/Makefile | 8 +++++++- 7 files changed, 43 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index fcdc6005a..453ab25d1 100644 --- a/Makefile +++ b/Makefile @@ -18,15 +18,13 @@ endif PREFIX?=/usr/local/ bin/moby: | bin - DOCKER_CONTENT_TRUST=1 docker pull $(GO_COMPILE) - DOCKER_CONTENT_TRUST=1 docker run --rm --log-driver=none $(CROSS) $(GO_COMPILE) --clone-path github.com/moby/tool --clone https://github.com/moby/tool.git --package github.com/moby/tool/cmd/moby --ldflags "-X main.GitCommit=$(GIT_COMMIT) -X main.Version=$(VERSION)" -o $@ > tmp_moby_bin.tar + docker run --rm --log-driver=none $(CROSS) $(GO_COMPILE) --clone-path github.com/moby/tool --clone https://github.com/moby/tool.git --package github.com/moby/tool/cmd/moby --ldflags "-X main.GitCommit=$(GIT_COMMIT) -X main.Version=$(VERSION)" -o $@ > tmp_moby_bin.tar tar xf tmp_moby_bin.tar > $@ rm tmp_moby_bin.tar touch $@ LINUXKIT_DEPS=$(wildcard src/cmd/linuxkit/*.go) Makefile vendor.conf bin/linuxkit: $(LINUXKIT_DEPS) | bin - DOCKER_CONTENT_TRUST=1 docker pull $(GO_COMPILE) tar cf - vendor -C src/cmd/linuxkit . | docker run --rm --net=none --log-driver=none -i $(CROSS) $(GO_COMPILE) --package github.com/linuxkit/linuxkit --ldflags "-X main.GitCommit=$(GIT_COMMIT) -X main.Version=$(VERSION)" -o $@ > tmp_linuxkit_bin.tar tar xf tmp_linuxkit_bin.tar > $@ rm tmp_linuxkit_bin.tar diff --git a/pkg/binfmt/Makefile b/pkg/binfmt/Makefile index 4d40a4371..cc7f9a65c 100644 --- a/pkg/binfmt/Makefile +++ b/pkg/binfmt/Makefile @@ -25,7 +25,13 @@ push: tag rm -f hash docker rmi $(IMAGE):build || true -sign: tag +signed-tag: hash + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ + docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) + +sign: signed-tag DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash diff --git a/pkg/rngd/Makefile b/pkg/rngd/Makefile index b5f47d6d3..8a155f312 100644 --- a/pkg/rngd/Makefile +++ b/pkg/rngd/Makefile @@ -22,7 +22,13 @@ push: tag rm -f hash docker rmi $(IMAGE):build || true -sign: tag +signed-tag: hash + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ + docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) + +sign: signed-tag DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash diff --git a/tools/c-compile/Makefile b/tools/c-compile/Makefile index 979030fbe..864506bd8 100644 --- a/tools/c-compile/Makefile +++ b/tools/c-compile/Makefile @@ -23,7 +23,13 @@ tag: hash docker rmi $(IMAGE):build rm -f hash -sign: tag +signed-tag: hash + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ + docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) + +sign: signed-tag DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash diff --git a/tools/go-compile/Makefile b/tools/go-compile/Makefile index 5d7822285..cdd98dca5 100644 --- a/tools/go-compile/Makefile +++ b/tools/go-compile/Makefile @@ -23,7 +23,13 @@ tag: hash docker rmi $(IMAGE):build rm -f hash -sign: tag +signed-tag: hash + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ + docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) + +sign: signed-tag DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash diff --git a/tools/tini/Makefile b/tools/tini/Makefile index fbf91530e..bdda245b5 100644 --- a/tools/tini/Makefile +++ b/tools/tini/Makefile @@ -21,7 +21,13 @@ push: tag rm -f hash docker rmi $(IMAGE):build || true -sign: tag +signed-tag: hash + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ + docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) + +sign: signed-tag DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash diff --git a/tools/toybox-media/Makefile b/tools/toybox-media/Makefile index 07f8bfa7c..115c793bc 100644 --- a/tools/toybox-media/Makefile +++ b/tools/toybox-media/Makefile @@ -21,7 +21,13 @@ push: tag rm -f hash docker rmi $(IMAGE):build || true -sign: tag +signed-tag: hash + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ + (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ + docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) + +sign: signed-tag DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash