mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-19 17:26:28 +00:00
Merge pull request #1708 from rneugeba/binfmt
Move binfmt to a multi-stage build
This commit is contained in:
Justin Cormack
GitHub
commit
98159fd13f
@ -1,8 +0,0 @@
|
||||
FROM alpine:edge
|
||||
RUN \
|
||||
apk update && apk upgrade && \
|
||||
apk add \
|
||||
qemu-aarch64 \
|
||||
qemu-arm \
|
||||
qemu-ppc64le \
|
||||
&& true
|
||||
@ -1,29 +0,0 @@
|
||||
.PHONY: tag push
|
||||
|
||||
BASE=alpine:edge
|
||||
IMAGE=qemu-user-static
|
||||
|
||||
default: push
|
||||
|
||||
hash: Dockerfile
|
||||
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
|
||||
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
|
||||
docker run --rm $(IMAGE):build sh -c 'apt list --installed 2>/dev/null | sha1sum' | sed 's/ .*//' > hash
|
||||
|
||||
push: hash
|
||||
docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \
|
||||
docker push linuxkit/$(IMAGE):$(shell cat hash))
|
||||
docker rmi $(IMAGE):build
|
||||
rm -f hash
|
||||
|
||||
tag: hash
|
||||
docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)
|
||||
docker rmi $(IMAGE):build
|
||||
rm -f hash
|
||||
|
||||
clean:
|
||||
rm -f hash
|
||||
|
||||
.DELETE_ON_ERROR:
|
||||
@ -18,7 +18,7 @@ onboot:
|
||||
- name: sysfs
|
||||
image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c
|
||||
- name: binfmt
|
||||
image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692"
|
||||
image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd"
|
||||
binds:
|
||||
- /proc/sys/fs/binfmt_misc:/binfmt_misc
|
||||
readonly: true
|
||||
|
||||
@ -16,7 +16,7 @@ onboot:
|
||||
- CAP_SYS_ADMIN
|
||||
readonly: true
|
||||
- name: binfmt
|
||||
image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692"
|
||||
image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd"
|
||||
binds:
|
||||
- /proc/sys/fs/binfmt_misc:/binfmt_misc
|
||||
readonly: true
|
||||
|
||||
@ -1,3 +1,23 @@
|
||||
FROM alpine:edge AS qemu-build
|
||||
RUN \
|
||||
apk update && apk upgrade && \
|
||||
apk add \
|
||||
qemu-aarch64 \
|
||||
qemu-arm \
|
||||
qemu-ppc64le \
|
||||
&& true
|
||||
|
||||
FROM linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 AS binfmt-build
|
||||
COPY main.go main.go
|
||||
RUN echo "gofmt..." && test -z $(gofmt -s -l main.go) && \
|
||||
echo "go vet..." && test -z $(GOOS=linux go tool vet -printf=false main.go) && \
|
||||
echo "golint..." && test -z $(golint main.go)
|
||||
RUN go build -o usr/bin/binfmt -buildmode pie -ldflags "-s -w -extldflags -static" main.go
|
||||
|
||||
FROM scratch
|
||||
COPY . ./
|
||||
ENTRYPOINT []
|
||||
WORKDIR /
|
||||
COPY --from=qemu-build usr/bin/qemu-* usr/bin/
|
||||
COPY --from=binfmt-build usr/bin/binfmt usr/bin/binfmt
|
||||
COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf
|
||||
CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"]
|
||||
|
||||
@ -1,52 +1,30 @@
|
||||
QEMU_IMAGE=linuxkit/qemu-user-static:da39a3ee5e6b4b0d3255bfef95601890afd80709@sha256:65ee2b44b35c9457d83884c292b46bc3b5558a13af2c8eb187322f09160131a4
|
||||
QEMU_FILES=qemu-arm qemu-aarch64 qemu-ppc64le
|
||||
QEMU_BINARIES=$(addprefix usr/bin/,$(QEMU_FILES))
|
||||
|
||||
GO_COMPILE=linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5
|
||||
|
||||
BINFMT_BINARY=usr/bin/binfmt
|
||||
|
||||
SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
|
||||
|
||||
IMAGE=binfmt
|
||||
|
||||
.PHONY: tag push clean container
|
||||
.PHONY: tag push
|
||||
default: push
|
||||
|
||||
$(QEMU_BINARIES):
|
||||
mkdir -p $(dir $@)
|
||||
docker run --rm --net=none $(QEMU_IMAGE) tar cf - $@ | tar xf -
|
||||
IMAGE=binfmt
|
||||
SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
|
||||
DEPS=Dockerfile Makefile main.go $(wildcard etc/binmft.d/*)
|
||||
|
||||
$(BINFMT_BINARY): main.go
|
||||
mkdir -p $(dir $@)
|
||||
tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(GO_COMPILE) -o $@ | tar xf -
|
||||
|
||||
DIRS=dev proc sys
|
||||
$(DIRS):
|
||||
mkdir -p $@
|
||||
|
||||
DEPS=$(DIRS) $(QEMU_BINARIES) $(BINFMT_BINARY) etc/binfmt.d/00_moby.conf
|
||||
|
||||
container: Dockerfile $(DEPS)
|
||||
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
|
||||
|
||||
hash: Dockerfile $(DEPS)
|
||||
# Note, this isn't quite right as we pull in qemu binaries from
|
||||
# alpine:edge and they may vary over time. BUT: We are going to change
|
||||
# the hashing stuff soon anyway, so there is little point in faffing
|
||||
# about with computing a hash during the build and get it out.
|
||||
hash: $(DEPS)
|
||||
find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
|
||||
|
||||
push: hash container
|
||||
tag: hash
|
||||
docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \
|
||||
docker push linuxkit/$(IMAGE):$(shell cat hash))
|
||||
docker rmi $(IMAGE):build
|
||||
rm -f hash
|
||||
(docker build --no-cache -t $(IMAGE):build . && \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))
|
||||
|
||||
tag: hash container
|
||||
push: tag
|
||||
docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)
|
||||
docker rmi $(IMAGE):build
|
||||
docker push linuxkit/$(IMAGE):$(shell cat hash)
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
clean:
|
||||
rm -rf hash $(DIRS) usr
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
.DELETE_ON_ERROR:
|
||||
|
||||
@ -18,7 +18,7 @@ onboot:
|
||||
- name: sysfs
|
||||
image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c
|
||||
- name: binfmt
|
||||
image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692"
|
||||
image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd"
|
||||
binds:
|
||||
- /proc/sys/fs/binfmt_misc:/binfmt_misc
|
||||
readonly: true
|
||||
|
||||
@ -18,7 +18,7 @@ onboot:
|
||||
- name: sysfs
|
||||
image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c
|
||||
- name: binfmt
|
||||
image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692"
|
||||
image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd"
|
||||
binds:
|
||||
- /proc/sys/fs/binfmt_misc:/binfmt_misc
|
||||
readonly: true
|
||||
|
||||
@ -17,7 +17,7 @@ onboot:
|
||||
- CAP_SYS_ADMIN
|
||||
readonly: true
|
||||
- name: binfmt
|
||||
image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692"
|
||||
image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd"
|
||||
binds:
|
||||
- /proc/sys/fs/binfmt_misc:/binfmt_misc
|
||||
readonly: true
|
||||
|
||||
@ -16,7 +16,7 @@ onboot:
|
||||
- CAP_SYS_ADMIN
|
||||
readonly: true
|
||||
- name: binfmt
|
||||
image: linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692
|
||||
image: linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd
|
||||
binds:
|
||||
- /proc/sys/fs/binfmt_misc:/binfmt_misc
|
||||
readonly: true
|
||||
|
||||
@ -18,7 +18,7 @@ onboot:
|
||||
- name: sysfs
|
||||
image: "linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c"
|
||||
- name: binfmt
|
||||
image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692"
|
||||
image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd"
|
||||
binds:
|
||||
- /proc/sys/fs/binfmt_misc:/binfmt_misc
|
||||
readonly: true
|
||||
|
||||
Loading…
Reference in New Issue
Block a user