diff --git a/alpine/base/mksh/Dockerfile b/alpine/base/mksh/Dockerfile index 6ed35ee56..de21db43e 100644 --- a/alpine/base/mksh/Dockerfile +++ b/alpine/base/mksh/Dockerfile @@ -16,10 +16,6 @@ ENV VERSION=mksh-R54 RUN curl -O -sSL https://github.com/MirBSD/mksh/archive/$VERSION.tar.gz RUN zcat $VERSION.tar.gz | tar xvf - -WORKDIR mksh-$VERSION - ENV LDFLAGS=-static -RUN sh ./Build.sh -RUN strip mksh -RUN install -c -s -o root -g bin -m 555 mksh /bin/mksh +RUN cd mksh-$VERSION && sh ./Build.sh && strip mksh && install -c -s -o root -g bin -m 555 mksh /bin/mksh diff --git a/alpine/base/test/.gitignore b/alpine/base/test/.gitignore new file mode 100644 index 000000000..474150492 --- /dev/null +++ b/alpine/base/test/.gitignore @@ -0,0 +1,3 @@ +etc/ssl +bin/mksh +bin/sh diff --git a/alpine/base/test/Dockerfile b/alpine/base/test/Dockerfile new file mode 100644 index 000000000..9f654f60d --- /dev/null +++ b/alpine/base/test/Dockerfile @@ -0,0 +1,3 @@ +FROM scratch +COPY . ./ +CMD ["/bin/sh", "/bin/test.sh"] diff --git a/alpine/base/test/Makefile b/alpine/base/test/Makefile new file mode 100644 index 000000000..c0d611577 --- /dev/null +++ b/alpine/base/test/Makefile @@ -0,0 +1,60 @@ +# Tag b784b685b2c39b9bed4d58a989d06d8f0281b87c +MKSH_IMAGE=mobylinux/mksh@sha256:b3ca9febef294d002894b91e0ce0f794235db73a3024be3cae16d34022913de3 +MKSH_BINARY=bin/mksh +SH_BINARY=bin/sh + +# Tag: 41e4b91c9a619e46f76ce2d024067c09b62f07b4 +CACERT_IMAGE=mobylinux/ca-certificates@sha256:6ca2dca9cfb8534a55f3a17f8797943527db5bbac08c98a5c9a4836250f4c548 +CACERT_FILE=etc/ssl/certs/ca-certificates.crt + +TEST_SCRIPT=bin/test.sh +MOBY_WHALE=etc/moby + +.PHONY: tag push clean container +default: push + +$(MKSH_BINARY): + mkdir -p $(dir $@) + docker run --rm --net=none $(MKSH_IMAGE) tar cf - $@ | tar xf - + +$(SH_BINARY): $(MKSH_BINARY) + mv $(MKSH_BINARY) $(SH_BINARY) + +$(CACERT_FILE): + mkdir -p $(dir $@) + docker run --rm --net=none $(CACERT_IMAGE) tar cf - $@ | tar xf - + +# Tag: alpine:3.5 +SHA_IMAGE=alpine@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 + +IMAGE=test + +DIRS=dev proc sys +$(DIRS): + mkdir -p $@ + +DEPS=$(DIRS) $(SH_BINARY) $(CACERT_FILE) $(TEST_SCRIPT) $(MOBY_WHALE) + +container: Dockerfile $(DEPS) + tar cf - $^ | docker build --no-cache -t $(IMAGE):build - + +hash: Dockerfile $(DEPS) + find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash + +push: hash container + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \ + docker push mobylinux/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build + rm -f hash + +tag: hash container + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) + docker rmi $(IMAGE):build + rm -f hash + +clean: + rm -rf hash $(DIRS) $(MKSH_BINARY) etc/ssl + +.DELETE_ON_ERROR: diff --git a/alpine/test/test.sh b/alpine/base/test/bin/test.sh similarity index 100% rename from alpine/test/test.sh rename to alpine/base/test/bin/test.sh diff --git a/alpine/test/moby b/alpine/base/test/etc/moby similarity index 100% rename from alpine/test/moby rename to alpine/base/test/etc/moby diff --git a/alpine/test/.gitignore b/alpine/test/.gitignore index efa4bddde..a5731bdba 100644 --- a/alpine/test/.gitignore +++ b/alpine/test/.gitignore @@ -1,4 +1,2 @@ -ca-certificates.crt -mksh rootfs config.json diff --git a/alpine/test/Dockerfile b/alpine/test/Dockerfile deleted file mode 100644 index 30fca3a3e..000000000 --- a/alpine/test/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM alpine:3.5 - -COPY test.sh mksh /tmp/bin/ -COPY ca-certificates.crt /tmp/etc/ssl/certs/ca-certificates.crt -COPY moby /tmp/etc/ - -WORKDIR /tmp - -RUN printf 'FROM scratch\nCOPY . ./\nENTRYPOINT ["/bin/sh", "-c"]\nCMD ["/bin/test.sh"]' > Dockerfile - -RUN mv bin/mksh bin/sh - -CMD ["tar", "cf", "-", "."] diff --git a/alpine/test/Makefile b/alpine/test/Makefile index 3988f6a60..1090e1976 100644 --- a/alpine/test/Makefile +++ b/alpine/test/Makefile @@ -1,38 +1,20 @@ -# Tag 48a34c44de78a7607b8b03e54efffc8ede461342 -MKSH_IMAGE=mobylinux/mksh@sha256:b9ca6f8ec3d7855db91162555128429030e0ebc950881c1f09015c40d9e875d2 -MKSH_FILE=mksh -MKSH_PATH=/bin - -# Tag: 41e4b91c9a619e46f76ce2d024067c09b62f07b4 -CACERT_IMAGE=mobylinux/ca-certificates@sha256:6ca2dca9cfb8534a55f3a17f8797943527db5bbac08c98a5c9a4836250f4c548 -CACERT_FILE=ca-certificates.crt -CACERT_PATH=/etc/ssl/certs +# Tag: 6479aea36e0c3d177297cc936db5cbf93ece467c +TEST_IMAGE=mobylinux/test@sha256:5425a613bfbb9563d122c21a4a5377cc4cf836a5b201accfecf596a13c8dc607 default: config.json -BASE=alpine:3.5 +EXCLUDE=--exclude .dockerenv --exclude Dockerfile \ + --exclude dev/console --exclude dev/pts --exclude dev/shm \ + --exclude etc/hostname --exclude etc/hosts --exclude etc/mtab --exclude etc/resolv.conf -$(MKSH_FILE): - docker run --rm --net=none $(MKSH_IMAGE) tar cf - -C $(MKSH_PATH) $(MKSH_FILE) | tar xf - - -$(CACERT_FILE): - docker run --rm --net=none $(CACERT_IMAGE) tar cf - -C $(CACERT_PATH) $(CACERT_FILE) | tar xf - - -config.json: Dockerfile test.sh moby $(MKSH_FILE) $(CACERT_FILE) +config.json: mkdir -p rootfs - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - BUILD=$$( tar cf - $^ | docker build -q - ) && \ - [ -n "$$BUILD" ] && \ - echo "Built $$BUILD" && \ - IMAGE=$$( docker run --rm --net=none $$BUILD | docker build -q - ) && \ - [ -n "$$IMAGE" ] && \ - echo "Built $$IMAGE" && \ - CONTAINER=$$( docker create $$IMAGE /dev/null ) && \ + CONTAINER=$$( docker create $(TEST_IMAGE) /dev/null ) && \ docker export $$CONTAINER | tar -xf - -C rootfs $(EXCLUDE) && \ docker rm $$CONTAINER && \ - ../containers/riddler.sh --cap-drop all --cap-add SYS_ADMIN -e HOME=/tmp -u 0:0 -v /var/tmp:/tmp -v /var/run/docker.sock:/var/run/docker.sock:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /etc/resolv.conf:/etc/resolv.conf:ro --net host --read-only $$IMAGE /bin/test.sh >$@ + ../containers/riddler.sh --cap-drop all --cap-add SYS_ADMIN -e HOME=/tmp -v /tmp:/tmp -v /var/run/docker.sock:/var/run/docker.sock:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /etc/resolv.conf:/etc/resolv.conf:ro --net host --read-only $(TEST_IMAGE) /bin/sh /bin/test.sh >$@ clean: - rm -rf rootfs config.json $(MKSH_FILE) $(CACERT_FILE) + rm -rf rootfs config.json .DELETE_ON_ERROR: