diff --git a/alpine/Dockerfile b/alpine/Dockerfile index 439957b0f..2d3364e3d 100644 --- a/alpine/Dockerfile +++ b/alpine/Dockerfile @@ -1,7 +1,5 @@ FROM mobylinux/alpine-base:5837a236153f00bb215642e3e0639252eb49cdf9@sha256:f6f12aebe2af07c9250014ff283485dbdf082bd9cfbd74aad27a3d2dcf13e0b1 -ENV ARCH=x86_64 - RUN \ addgroup -g 50 docker && \ adduser -G docker -u 1001 -s /bin/sh -D -g "Docker" docker && \ @@ -9,7 +7,6 @@ RUN \ adduser -D -H -s /sbin/nologin dockremap COPY . . -RUN rm Dockerfile RUN \ rc-update add sysctl boot && \ @@ -59,5 +56,3 @@ RUN \ rc-update add gcp-hostname default && \ rc-update add gcp-startup default && \ true - -CMD ["/mkinitrd.sh"] diff --git a/alpine/Makefile b/alpine/Makefile index f04011ed9..1c9c20879 100644 --- a/alpine/Makefile +++ b/alpine/Makefile @@ -1,7 +1,5 @@ all: initrd.img initrd-test.img mobylinux-efi.iso mobylinux-bios.iso -ETCFILES=$(shell find etc) - TAG=$(shell git rev-parse HEAD) STATUS=$(shell git status -s) ifeq ($(STATUS),) @@ -25,11 +23,12 @@ TARTAR2INITRD_IMAGE=mobylinux/tartar2initrd:d56cde1558e3080e59a32e3cd7c7141baa60 GCE_IMAGE=mobylinux/mkimage-gce:83158ebe303a970a3131c3d02ef2ba00ca5e4a14@sha256:51c30fbf946ca9967688a411e7bf69769a22987cd47ad03428491dd1556fcf63 -moby.img: Dockerfile mkinitrd.sh init $(ETCFILES) +MKIMAGE_BASE=mobylinux/mkimage-base:870f7512498f2ce5feccebe15fb0d03c5c3ebac2@sha256:47d1ed872b6a44f13b61ea80b3eeab4519dc151c7d684a89a53aa26233b4e087 + +moby.img: Dockerfile etc usr init $(MAKE) -j -C packages printf $(TAG)$(DIRTY) > etc/moby-commit - BUILD=$$( tar cf - \ - Dockerfile etc usr init mkinitrd.sh \ + BUILD=$$( tar cf - $^ \ -C packages/proxy usr sbin etc -C ../.. \ -C packages/transfused sbin etc -C ../.. \ -C packages/tap-vsockd sbin etc -C ../.. \ @@ -55,8 +54,8 @@ moby.img: Dockerfile mkinitrd.sh init $(ETCFILES) | \ docker build -q - ) && [ -n "$$BUILD" ] && echo "Built $$BUILD" && \ echo $$BUILD > mobylinux.tag && \ - docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp --tmpfs /initrd $$BUILD | \ - docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -i $(PAD4_IMAGE) > $@ + docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -v /var/run/docker.sock:/var/run/docker.sock $(MKIMAGE_BASE) $$BUILD | \ + docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -i $(TAR2INITRD_IMAGE) > $@ container.img: $(MAKE) -j -C containers diff --git a/alpine/mkinitrd.sh b/alpine/mkinitrd.sh deleted file mode 100755 index 564c581a2..000000000 --- a/alpine/mkinitrd.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -rm -rf /tmp/* - -for f in $(ls | grep -vE 'dev|sys|proc|tmp|export|mnt') -do - cp -a $f /tmp -done - -mkdir -m 555 /tmp/dev /tmp/proc /tmp/sys /tmp/mnt -mkdir -m 1777 /tmp/tmp - -# these three files are bind mounted in by docker so they are not what we want - -cat << EOF > /tmp/etc/hosts -127.0.0.1 localhost -::1 localhost ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -EOF - -cat << EOF > /tmp/etc/resolv.conf -nameserver 8.8.8.8 -nameserver 8.8.4.4 -nameserver 2001:4860:4860::8888 -nameserver 2001:4860:4860::8844 -EOF - -printf 'moby' > /tmp/etc/hostname - -cd /tmp - -rm mkinitrd.sh - -find . | cpio -H newc -o | gzip -9 diff --git a/tools/mkimage-base/Dockerfile b/tools/mkimage-base/Dockerfile new file mode 100644 index 000000000..ebad7c9c4 --- /dev/null +++ b/tools/mkimage-base/Dockerfile @@ -0,0 +1,12 @@ +FROM alpine:3.5 + +RUN \ + apk update && apk upgrade && \ + apk add \ + docker \ + tar \ + && true + +COPY . . + +ENTRYPOINT ["/mkimage.sh"] diff --git a/tools/mkimage-base/Makefile b/tools/mkimage-base/Makefile new file mode 100644 index 000000000..1c7e43e69 --- /dev/null +++ b/tools/mkimage-base/Makefile @@ -0,0 +1,29 @@ +.PHONY: tag push + +BASE=alpine:3.5 +IMAGE=mkimage-base + +default: push + +hash: Dockerfile mkimage.sh + DOCKER_CONTENT_TRUST=1 docker pull $(BASE) + tar cf - $^ | docker build --no-cache -t $(IMAGE):build - + docker run --entrypoint=/bin/sh --rm $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > $@ + +push: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \ + docker push mobylinux/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build + rm -f hash + +tag: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) + docker rmi $(IMAGE):build + rm -f hash + +clean: + rm -f hash + +.DELETE_ON_ERROR: diff --git a/tools/mkimage-base/mkimage.sh b/tools/mkimage-base/mkimage.sh new file mode 100755 index 000000000..a9ec15c4b --- /dev/null +++ b/tools/mkimage-base/mkimage.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +set -e + +# arguments are image name +# This script will output a tarball, suitable to be turned into a cpio archive +# This is a bit hacky, should be improved later, as it hardcodes config. + +IMAGE="$1"; shift + +cd /tmp + +# extract rootfs +EXCLUDE="--exclude .dockerenv --exclude Dockerfile \ + --exclude dev/console --exclude dev/pts --exclude dev/shm \ + --exclude etc/hostname --exclude etc/hosts --exclude etc/mtab --exclude etc/resolv.conf" + +CONTAINER="$(docker create $IMAGE /dev/null)" +docker export "$CONTAINER" | tar -xf - $EXCLUDE +docker rm "$CONTAINER" > /dev/null + +# these three files are bind mounted in by docker so they are not what we want + +mkdir -p etc + +cat << EOF > etc/hosts +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +EOF + +cat << EOF > etc/resolv.conf +nameserver 8.8.8.8 +nameserver 8.8.4.4 +nameserver 2001:4860:4860::8888 +nameserver 2001:4860:4860::8844 +EOF + +printf 'moby' > etc/hostname + +ln -s /proc/mounts etc/mtab + +tar cf - .