diff --git a/base/qemu-user-static/Dockerfile b/base/qemu-user-static/Dockerfile deleted file mode 100644 index 5f2160ead..000000000 --- a/base/qemu-user-static/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -FROM alpine:edge -RUN \ - apk update && apk upgrade && \ - apk add \ - qemu-aarch64 \ - qemu-arm \ - qemu-ppc64le \ - && true diff --git a/base/qemu-user-static/Makefile b/base/qemu-user-static/Makefile deleted file mode 100644 index 7b3e098b5..000000000 --- a/base/qemu-user-static/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -.PHONY: tag push - -BASE=alpine:edge -IMAGE=qemu-user-static - -default: push - -hash: Dockerfile - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'apt list --installed 2>/dev/null | sha1sum' | sed 's/ .*//' > hash - -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -f hash - -.DELETE_ON_ERROR: diff --git a/examples/docker.yml b/examples/docker.yml index 803828304..fa584a4dd 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -18,7 +18,7 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692" + image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true diff --git a/linuxkit.yml b/linuxkit.yml index f10ead771..30feb8eb8 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692" + image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true diff --git a/pkg/binfmt/Dockerfile b/pkg/binfmt/Dockerfile index 0b85285e1..acf2baf7d 100644 --- a/pkg/binfmt/Dockerfile +++ b/pkg/binfmt/Dockerfile @@ -1,3 +1,23 @@ +FROM alpine:edge AS qemu-build +RUN \ + apk update && apk upgrade && \ + apk add \ + qemu-aarch64 \ + qemu-arm \ + qemu-ppc64le \ + && true + +FROM linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 AS binfmt-build +COPY main.go main.go +RUN echo "gofmt..." && test -z $(gofmt -s -l main.go) && \ + echo "go vet..." && test -z $(GOOS=linux go tool vet -printf=false main.go) && \ + echo "golint..." && test -z $(golint main.go) +RUN go build -o usr/bin/binfmt -buildmode pie -ldflags "-s -w -extldflags -static" main.go + FROM scratch -COPY . ./ +ENTRYPOINT [] +WORKDIR / +COPY --from=qemu-build usr/bin/qemu-* usr/bin/ +COPY --from=binfmt-build usr/bin/binfmt usr/bin/binfmt +COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"] diff --git a/pkg/binfmt/Makefile b/pkg/binfmt/Makefile index 35483706b..c306d5e93 100644 --- a/pkg/binfmt/Makefile +++ b/pkg/binfmt/Makefile @@ -1,52 +1,30 @@ -QEMU_IMAGE=linuxkit/qemu-user-static:da39a3ee5e6b4b0d3255bfef95601890afd80709@sha256:65ee2b44b35c9457d83884c292b46bc3b5558a13af2c8eb187322f09160131a4 -QEMU_FILES=qemu-arm qemu-aarch64 qemu-ppc64le -QEMU_BINARIES=$(addprefix usr/bin/,$(QEMU_FILES)) - -GO_COMPILE=linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 - -BINFMT_BINARY=usr/bin/binfmt - -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 - -IMAGE=binfmt - -.PHONY: tag push clean container +.PHONY: tag push default: push -$(QEMU_BINARIES): - mkdir -p $(dir $@) - docker run --rm --net=none $(QEMU_IMAGE) tar cf - $@ | tar xf - +IMAGE=binfmt +SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +DEPS=Dockerfile Makefile main.go $(wildcard etc/binmft.d/*) -$(BINFMT_BINARY): main.go - mkdir -p $(dir $@) - tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(GO_COMPILE) -o $@ | tar xf - - -DIRS=dev proc sys -$(DIRS): - mkdir -p $@ - -DEPS=$(DIRS) $(QEMU_BINARIES) $(BINFMT_BINARY) etc/binfmt.d/00_moby.conf - -container: Dockerfile $(DEPS) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - -hash: Dockerfile $(DEPS) +# Note, this isn't quite right as we pull in qemu binaries from +# alpine:edge and they may vary over time. BUT: We are going to change +# the hashing stuff soon anyway, so there is little point in faffing +# about with computing a hash during the build and get it out. +hash: $(DEPS) find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash -push: hash container +tag: hash docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash + (docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) -tag: hash container +push: tag docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build + docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash + docker rmi $(IMAGE):build || true clean: - rm -rf hash $(DIRS) usr + rm -f hash + docker rmi $(IMAGE):build || true .DELETE_ON_ERROR: diff --git a/pkg/binfmt/etc/binfmt.d/00_moby.conf b/pkg/binfmt/etc/binfmt.d/00_linuxkit.conf similarity index 100% rename from pkg/binfmt/etc/binfmt.d/00_moby.conf rename to pkg/binfmt/etc/binfmt.d/00_linuxkit.conf diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index dfc99896e..f68e7ff7d 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -18,7 +18,7 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692" + image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index e8367257a..611f813f1 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -18,7 +18,7 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692" + image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index 6a42c00c4..f1ba25c0c 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -17,7 +17,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692" + image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 727b5144c..8949813ea 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692 + image: linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true diff --git a/test/docker-bench/test-docker-bench.yml b/test/docker-bench/test-docker-bench.yml index 159dbb115..19df9a6b7 100644 --- a/test/docker-bench/test-docker-bench.yml +++ b/test/docker-bench/test-docker-bench.yml @@ -18,7 +18,7 @@ onboot: - name: sysfs image: "linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c" - name: binfmt - image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692" + image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true