From 9bdfcb5b126ac1d9c41391835aff639fb4951b5d Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 26 May 2017 15:37:31 +0100 Subject: [PATCH] Update YAML files with new packages, config, and trust data - Update to packages using the Alpine 3.6 base image - Remove config for packages which now supply it - Update/add trust section Signed-off-by: Rolf Neugebauer --- examples/docker.yml | 52 +++++++--------- examples/gcp.yml | 27 +++++---- examples/minimal.yml | 12 ++-- examples/node_exporter.yml | 24 ++++---- examples/packet.yml | 39 ++++++------ examples/redis-os.yml | 15 +++-- examples/sshd.yml | 38 ++++++------ examples/swap.yml | 49 ++++++--------- examples/vmware.yml | 20 ++++--- linuxkit.yml | 22 ++++--- .../clear-containers/clear-containers.yml | 13 +--- projects/etcd/etcd.yml | 59 ++++++++----------- projects/etcd/prom-us-central1-f.yml | 6 +- projects/ima-namespace/ima-namespace.yml | 35 ++++------- projects/kubernetes/image-cache/Dockerfile | 2 +- projects/kubernetes/kube-master.yml | 42 ++++--------- projects/kubernetes/kube-node.yml | 42 ++++--------- projects/kubernetes/mounts.rb | 2 +- projects/landlock/landlock.yml | 21 ++++--- projects/logging/examples/logging.yml | 26 +++++--- projects/miragesdk/examples/mirage-dhcp.yml | 7 +-- projects/okernel/examples/okernel_simple.yaml | 23 +++----- projects/swarmd/swarmd.yml | 34 +++-------- test/cases/000_build/000_outputs/test.yml | 12 ++-- .../000_qemu/000_run_kernel/test.yml | 10 +++- .../000_qemu/010_run_iso/test.yml | 10 +++- .../000_qemu/020_run_efi/test.yml | 9 ++- .../000_qemu/030_run_qcow/test.yml | 9 ++- .../000_qemu/100_container/test.yml | 9 ++- .../010_hyperkit/000_run_kernel/test.yml | 9 ++- .../000_config_4.4.x/test-kernel-config.yml | 12 +++- .../001_config_4.9.x/test-kernel-config.yml | 12 +++- .../002_config_4.10.x/test-kernel-config.yml | 12 +++- .../003_config_4.11.x/test-kernel-config.yml | 12 +++- test/cases/020_kernel/010_kmod_4.9.x/kmod.yml | 12 +++- .../000_docker-bench/test-docker-bench.yml | 44 +++++++------- .../040_packages/000_sysctl/test-sysctl.yml | 15 ++--- .../040_packages/001_mkimage/mkimage.yml | 13 ++-- test/cases/040_packages/001_mkimage/run.yml | 9 +-- test/hack/test-ltp.yml | 13 ++-- test/hack/test.yml | 14 +++-- 41 files changed, 408 insertions(+), 438 deletions(-) diff --git a/examples/docker.yml b/examples/docker.yml index 8c82e91e3..de4f28f87 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -2,49 +2,31 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: sysfs - image: linuxkit/sysfs:1cde5876d44117af61dfea629ad922defcd48808 + image: linuxkit/sysfs:47367d0ef851e8bf2a9e2f80a05392c17f5c2c88 - name: binfmt - image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d" + image: "linuxkit/binfmt:eb3977596d5fc9e847eee1d34cb3beb3f574cac9" - name: format - image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" - binds: - - /dev:/dev - capabilities: - - CAP_SYS_ADMIN - - CAP_MKNOD + image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66" - name: mount - image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" - binds: - - /dev:/dev - - /var:/var:rshared,rbind - capabilities: - - CAP_SYS_ADMIN - rootfsPropagation: shared + image: "linuxkit/mount:15e20f27abe69d276f796e4026531833ec5ff345" command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" - name: ntpd image: "linuxkit/openntpd:ad834449a7eaf10dc022b3d8d2ed9faf7ec99d37" - capabilities: - - CAP_SYS_TIME - - CAP_SYS_NICE - - CAP_SYS_CHROOT - - CAP_SETUID - - CAP_SETGID - net: host - name: docker - image: "linuxkit/docker-ce:261f93927d85001c65e5ce0f421eb6062f09c0a5" + image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" capabilities: - all net: host @@ -60,5 +42,15 @@ files: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl + - linuxkit/sysfs - linuxkit/binfmt + - linuxkit/format + - linuxkit/mount - linuxkit/rngd + - linuxkit/dhcpcd + - linuxkit/openntpd diff --git a/examples/gcp.yml b/examples/gcp.yml index d238fadc8..b5386bb59 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -2,15 +2,15 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: metadata image: "linuxkit/metadata:a810b68fec9c9282cf096eed50605ddd6b2f3142" @@ -23,14 +23,9 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: sshd - image: "linuxkit/sshd:1613253e5def414e0dfd261acd0e191eadb5fedf" - capabilities: - - all - net: host - pid: host - binds: + image: "linuxkit/sshd:ddce15b9fbde068941e31294acdcd22befa4fc20" - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys - /tmp/etc/resolv.conf:/etc/resolv.conf - name: nginx @@ -45,4 +40,10 @@ services: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl + - linuxkit/dhcpcd - linuxkit/rngd diff --git a/examples/minimal.yml b/examples/minimal.yml index 6fa42fcb8..a281d6ded 100644 --- a/examples/minimal.yml +++ b/examples/minimal.yml @@ -2,13 +2,17 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/dhcpcd diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index 945149d92..8402f9e85 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -2,25 +2,21 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" - name: node_exporter - image: "linuxkit/node_exporter:bdb20b41855d0e2b4edeec44ef569d030ea3cc47" - capabilities: - - all - net: host - pid: host - binds: - - /proc:/host/proc - - /sys:/host/sys - - /:/rootfs + image: "linuxkit/node_exporter:29a85e9c5de1a1bd470a963878194303f6a7bd8c" trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd - linuxkit/rngd + - linuxkit/dhcpcd diff --git a/examples/packet.yml b/examples/packet.yml index 279cb1d80..2f20888b2 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -2,31 +2,32 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS1 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" - name: sshd - image: "linuxkit/sshd:1613253e5def414e0dfd261acd0e191eadb5fedf" - capabilities: - - all - net: host - pid: host - binds: - - /root/.ssh:/root/.ssh - - /etc/resolv.conf:/etc/resolv.conf -trust: - image: - - linuxkit/kernel - - linuxkit/rngd + image: "linuxkit/sshd:ddce15b9fbde068941e31294acdcd22befa4fc20" files: - path: root/.ssh/authorized_keys contents: '#your ssh key here' +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl + - linuxkit/rngd + - linuxkit/dhcpcd + - linuxkit/openntpd + - linuxkit/sshd diff --git a/examples/redis-os.yml b/examples/redis-os.yml index 98cf178f2..eb85550e4 100644 --- a/examples/redis-os.yml +++ b/examples/redis-os.yml @@ -4,12 +4,12 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: redis @@ -21,3 +21,10 @@ services: - CAP_SETGID - CAP_DAC_OVERRIDE net: host +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/dhcpcd diff --git a/examples/sshd.yml b/examples/sshd.yml index 44a501884..db0ad313b 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -2,31 +2,31 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" - name: sshd - image: "linuxkit/sshd:1613253e5def414e0dfd261acd0e191eadb5fedf" - capabilities: - - all - net: host - pid: host - binds: - - /root/.ssh:/root/.ssh - - /etc/resolv.conf:/etc/resolv.conf -trust: - image: - - linuxkit/kernel - - linuxkit/rngd + image: "linuxkit/sshd:ddce15b9fbde068941e31294acdcd22befa4fc20" files: - path: root/.ssh/authorized_keys contents: '#your ssh key here' +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl + - linuxkit/rngd + - linuxkit/dhcpcd + - linuxkit/sshd diff --git a/examples/swap.yml b/examples/swap.yml index d1f974682..9673e640d 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -2,51 +2,29 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:42fe8cb1508b3afed39eb89821906e3cc7a70551 - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b - linuxkit/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - - name: binfmt - image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" - binds: - - /dev:/dev - capabilities: - - CAP_SYS_ADMIN - - CAP_MKNOD + image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66" - name: mount - image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" - binds: - - /dev:/dev - - /var:/var:rshared,rbind - capabilities: - - CAP_SYS_ADMIN - rootfsPropagation: shared + image: "linuxkit/mount:15e20f27abe69d276f796e4026531833ec5ff345" command: ["/mount.sh", "/var/external"] - name: swap - image: "linuxkit/swap:c4c723a3d6678dc49770181bbb231ec99b271c75" - net: host - pid: host - capabilities: - - CAP_SYS_ADMIN - - CAP_MKNOD - readonly: true - binds: - - /var:/var - - /dev:/dev + image: "linuxkit/swap:085f0088dd1ef2f994e707e438218ea4d41bad13" # to use unencrypted swap, use: # command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G"] command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"] services: - name: rngd - image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: nginx image: "nginx:alpine" capabilities: @@ -59,3 +37,12 @@ services: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl + - linuxkit/dhcpcd + - linuxkit/format + - linuxkit/mount + - linuxkit/rngd diff --git a/examples/vmware.yml b/examples/vmware.yml index a692fa368..be0d3db1f 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -2,18 +2,18 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" - name: nginx image: "nginx:alpine" capabilities: @@ -26,4 +26,10 @@ services: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl - linuxkit/rngd + - linuxkit/dhcpcd diff --git a/linuxkit.yml b/linuxkit.yml index cd6b54619..1b63c584f 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -2,21 +2,21 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: binfmt - image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d" + image: "linuxkit/binfmt:eb3977596d5fc9e847eee1d34cb3beb3f574cac9" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: nginx image: "nginx:alpine" capabilities: @@ -32,5 +32,11 @@ files: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl - linuxkit/binfmt + - linuxkit/dhcpcd - linuxkit/rngd diff --git a/projects/clear-containers/clear-containers.yml b/projects/clear-containers/clear-containers.yml index 966051367..40cbb2f5c 100644 --- a/projects/clear-containers/clear-containers.yml +++ b/projects/clear-containers/clear-containers.yml @@ -2,23 +2,12 @@ kernel: image: "linuxkit/kernel-clear-containers:4.9.x" cmdline: "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug iommu=off quiet cryptomgr.notests page_poison=on" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 onboot: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" - net: host - pid: host - ipc: host - capabilities: - - CAP_SYS_ADMIN - readonly: true services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" - capabilities: - - CAP_SYS_ADMIN - oomScoreAdj: -800 - readonly: true files: - path: etc/docker/daemon.json contents: '{"debug": true}' diff --git a/projects/etcd/etcd.yml b/projects/etcd/etcd.yml index 0472c5e18..9b22cda81 100644 --- a/projects/etcd/etcd.yml +++ b/projects/etcd/etcd.yml @@ -2,31 +2,20 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: format - image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" - binds: - - /dev:/dev - capabilities: - - CAP_SYS_ADMIN - - CAP_MKNOD + image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66" - name: mount - image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" - binds: - - /dev:/dev - - /var:/var:rshared,rbind - capabilities: - - CAP_SYS_ADMIN - rootfsPropagation: shared + image: "linuxkit/mount:15e20f27abe69d276f796e4026531833ec5ff345" command: ["/mount.sh", "/var/lib/etcd"] - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: metadata image: "linuxkit/metadata:a810b68fec9c9282cf096eed50605ddd6b2f3142" @@ -39,26 +28,11 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:f5e5be43e730ea819c3293d5c6dcbfa7f4c5c314" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: ntpd image: "linuxkit/openntpd:ad834449a7eaf10dc022b3d8d2ed9faf7ec99d37" - capabilities: - - CAP_SYS_TIME - - CAP_SYS_NICE - - CAP_SYS_CHROOT - - CAP_SETUID - - CAP_SETGID - net: host - name: node_exporter - image: "linuxkit/node_exporter:bdb20b41855d0e2b4edeec44ef569d030ea3cc47" - capabilities: - - all - net: host - pid: host - binds: - - /proc:/host/proc - - /sys:/host/sys - - /:/rootfs + image: "linuxkit/node_exporter:29a85e9c5de1a1bd470a963878194303f6a7bd8c" - name: etcd image: "moby/etcd" capabilities: @@ -72,3 +46,16 @@ services: binds: - /var/lib/etcd:/var/lib/etcd - /var/config/etcd:/etc/etcd +trust: + - images: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl + - linuxkit/format + - linuxkit/mount + - linuxkit/dhcpcd + - linuxkit/rngd + - linuxkit/openntpd diff --git a/projects/etcd/prom-us-central1-f.yml b/projects/etcd/prom-us-central1-f.yml index 12d4694ba..c89fcc349 100644 --- a/projects/etcd/prom-us-central1-f.yml +++ b/projects/etcd/prom-us-central1-f.yml @@ -2,15 +2,15 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - mobylinux/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: metadata image: "linuxkit/metadata:a810b68fec9c9282cf096eed50605ddd6b2f3142" diff --git a/projects/ima-namespace/ima-namespace.yml b/projects/ima-namespace/ima-namespace.yml index 23e4814be..4d2d87513 100644 --- a/projects/ima-namespace/ima-namespace.yml +++ b/projects/ima-namespace/ima-namespace.yml @@ -3,36 +3,21 @@ kernel: cmdline: "console=ttyS0 console=tty0 page_poison=1 ima_appraise=enforce_ns" init: - linuxkit/init:b3740303f3d1e5689a84c87b7dfb48fd2a40a192 - - linuxkit/runc:47b1c38d63468c0f3078f8b1b055d07965a1895d - - linuxkit/containerd:cf2614f5a96c569a0bd4bd54e054a65ba17d167f - - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d - linuxkit/ima-utils:fe119c7dac08884f4144cd106dc279ddd8b37517 onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: binfmt - image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" - binds: - - /proc/sys/fs/binfmt_misc:/binfmt_misc - readonly: true + image: "linuxkit/binfmt:eb3977596d5fc9e847eee1d34cb3beb3f574cac9" - name: dhcpcd - image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" - binds: - - /var:/var - - /tmp/etc:/etc - capabilities: - - CAP_NET_ADMIN - - CAP_NET_BIND_SERVICE - - CAP_NET_RAW - net: host + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: rngd - image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" - capabilities: - - CAP_SYS_ADMIN - oomScoreAdj: -800 - readonly: true + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: nginx image: "nginx:alpine" capabilities: @@ -48,5 +33,11 @@ files: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl - linuxkit/binfmt + - linuxkit/dhcpcd - linuxkit/rngd diff --git a/projects/kubernetes/image-cache/Dockerfile b/projects/kubernetes/image-cache/Dockerfile index a86fee6db..dfbc6eb30 100644 --- a/projects/kubernetes/image-cache/Dockerfile +++ b/projects/kubernetes/image-cache/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/docker-ce:261f93927d85001c65e5ce0f421eb6062f09c0a5 +FROM linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59 ADD . /images ENTRYPOINT [ "/bin/sh", "-c" ] CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ] diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index d3b008057..4f23db7b9 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -2,24 +2,19 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: sysfs - image: linuxkit/sysfs:1cde5876d44117af61dfea629ad922defcd48808 + image: linuxkit/sysfs:47367d0ef851e8bf2a9e2f80a05392c17f5c2c88 - name: binfmt - image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d" + image: "linuxkit/binfmt:eb3977596d5fc9e847eee1d34cb3beb3f574cac9" - name: format - image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" - binds: - - /dev:/dev - capabilities: - - CAP_SYS_ADMIN - - CAP_MKNOD + image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66" - name: mounts image: "linuxkit/kubernetes:latest-mounts" capabilities: @@ -31,28 +26,15 @@ onboot: - /var:/var:rshared,rbind services: - name: rngd - image: "linuxkit/rngd:f5e5be43e730ea819c3293d5c6dcbfa7f4c5c314" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" - name: ntpd image: "linuxkit/openntpd:ad834449a7eaf10dc022b3d8d2ed9faf7ec99d37" - capabilities: - - CAP_SYS_TIME - - CAP_SYS_NICE - - CAP_SYS_CHROOT - - CAP_SETUID - - CAP_SETGID - net: host - name: sshd - image: "linuxkit/sshd:1613253e5def414e0dfd261acd0e191eadb5fedf" - capabilities: - - all - net: host - pid: host - binds: - - /root/.ssh:/root/.ssh + image: "linuxkit/sshd:ddce15b9fbde068941e31294acdcd22befa4fc20" - name: docker - image: "linuxkit/docker-ce:261f93927d85001c65e5ce0f421eb6062f09c0a5" + image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" capabilities: - all net: host diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index 442b9279d..c7a879805 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -2,24 +2,19 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: sysfs - image: linuxkit/sysfs:1cde5876d44117af61dfea629ad922defcd48808 + image: linuxkit/sysfs:47367d0ef851e8bf2a9e2f80a05392c17f5c2c88 - name: binfmt - image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d" + image: "linuxkit/binfmt:eb3977596d5fc9e847eee1d34cb3beb3f574cac9" - name: format - image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" - binds: - - /dev:/dev - capabilities: - - CAP_SYS_ADMIN - - CAP_MKNOD + image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66" - name: mounts image: "linuxkit/kubernetes:latest-mounts" capabilities: @@ -31,28 +26,15 @@ onboot: - /var:/var:rshared,rbind services: - name: rngd - image: "linuxkit/rngd:f5e5be43e730ea819c3293d5c6dcbfa7f4c5c314" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" - name: ntpd image: "linuxkit/openntpd:ad834449a7eaf10dc022b3d8d2ed9faf7ec99d37" - capabilities: - - CAP_SYS_TIME - - CAP_SYS_NICE - - CAP_SYS_CHROOT - - CAP_SETUID - - CAP_SETGID - net: host - name: sshd - image: "linuxkit/sshd:1613253e5def414e0dfd261acd0e191eadb5fedf" - capabilities: - - all - net: host - pid: host - binds: - - /root/.ssh:/root/.ssh + image: "linuxkit/sshd:ddce15b9fbde068941e31294acdcd22befa4fc20" - name: docker - image: "linuxkit/docker-ce:261f93927d85001c65e5ce0f421eb6062f09c0a5" + image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" capabilities: - all net: host diff --git a/projects/kubernetes/mounts.rb b/projects/kubernetes/mounts.rb index 21dd4835c..406d825f8 100644 --- a/projects/kubernetes/mounts.rb +++ b/projects/kubernetes/mounts.rb @@ -1,6 +1,6 @@ import 'common.rb' -from "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" +from "linuxkit/mount:15e20f27abe69d276f796e4026531833ec5ff345" script = [ mount_bind_hostns_self("/etc/cni"), mount_make_hostns_rshared("/etc/cni"), diff --git a/projects/landlock/landlock.yml b/projects/landlock/landlock.yml index 2ec5dc650..32f6d35cb 100644 --- a/projects/landlock/landlock.yml +++ b/projects/landlock/landlock.yml @@ -2,23 +2,22 @@ kernel: image: "mobylinux/kernel-landlock:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - mobylinux/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" - net: host - pid: host - ipc: host - capabilities: - - CAP_SYS_ADMIN - readonly: true services: - name: rngd image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" - capabilities: - - CAP_SYS_ADMIN - oomScoreAdj: -800 - readonly: true +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl + - linuxkit/rngd diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index 801a6452e..848214c56 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -2,22 +2,22 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:062e57b1d1e017e44c6339fc2b4cd41f3f10b2a9 # with runc, logwrite, startmemlogd - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 # with runc, logwrite, startmemlogd + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d - linuxkit/memlogd:9b5834189f598f43c507f6938077113906f51012 onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: binfmt - image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d" + image: "linuxkit/binfmt:eb3977596d5fc9e847eee1d34cb3beb3f574cac9" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: nginx image: "nginx:alpine" capabilities: @@ -32,4 +32,12 @@ files: contents: '{"debug": true}' trust: image: - - mobylinux/kernel + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl + - linuxkit/binfmt + - linuxkit/dhcpcd + - linuxkit/rngd diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 0ed22cba1..0fbc45012 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -8,15 +8,10 @@ init: - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - - name: binfmt + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" services: - name: rngd image: mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9 - capabilities: - - CAP_SYS_ADMIN - oomScoreAdj: -800 - readonly: true - name: dhcp-client image: mobylinux/dhcp-client:a7a6b49b0ff51ffa2f44ac848cd649e29f946e0c net: host diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index eec90e476..ead2385f1 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -2,27 +2,20 @@ kernel: image: "linuxkit/okernel:latest" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" services: - name: rngd - image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" - name: sshd - image: "linuxkit/sshd:1613253e5def414e0dfd261acd0e191eadb5fedf" - capabilities: - - all - net: host - pid: host - binds: - - /root/.ssh:/root/.ssh - - /etc/resolv.conf:/etc/resolv.conf + image: "linuxkit/sshd:ddce15b9fbde068941e31294acdcd22befa4fc20" files: - path: root/.ssh/authorized_keys contents: '#your ssh key here' diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index 89e115529..49899f56b 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -2,31 +2,20 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 - linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" - binds: - - /dev:/dev - capabilities: - - CAP_SYS_ADMIN - - CAP_MKNOD + image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66" - name: mount - image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" - binds: - - /dev:/dev - - /var:/var:rshared,rbind - capabilities: - - CAP_SYS_ADMIN - rootfsPropagation: shared + image: "linuxkit/mount:15e20f27abe69d276f796e4026531833ec5ff345" command: ["/mount.sh", "/var/lib/swarmd"] - name: metadata image: "linuxkit/metadata:a810b68fec9c9282cf096eed50605ddd6b2f3142" @@ -39,16 +28,9 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: ntpd image: "linuxkit/openntpd:ad834449a7eaf10dc022b3d8d2ed9faf7ec99d37" - capabilities: - - CAP_SYS_TIME - - CAP_SYS_NICE - - CAP_SYS_CHROOT - - CAP_SETUID - - CAP_SETGID - net: host - name: swarmd image: "linuxkit/swarmd:a2f57f14f07fb6d7cded7832b2dabe878b28554e" command: ["/usr/bin/swarmd", "--containerd-addr=/run/containerd/containerd.sock", "--log-level=debug", "--state-dir=/var/lib/swarmd"] diff --git a/test/cases/000_build/000_outputs/test.yml b/test/cases/000_build/000_outputs/test.yml index 6fa42fcb8..a281d6ded 100644 --- a/test/cases/000_build/000_outputs/test.yml +++ b/test/cases/000_build/000_outputs/test.yml @@ -2,13 +2,17 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/dhcpcd diff --git a/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml b/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml index 56a5ba4b6..e5aaeef61 100644 --- a/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml +++ b/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f - - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" @@ -12,3 +12,7 @@ onboot: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + diff --git a/test/cases/010_platforms/000_qemu/010_run_iso/test.yml b/test/cases/010_platforms/000_qemu/010_run_iso/test.yml index 56a5ba4b6..e5aaeef61 100644 --- a/test/cases/010_platforms/000_qemu/010_run_iso/test.yml +++ b/test/cases/010_platforms/000_qemu/010_run_iso/test.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f - - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" @@ -12,3 +12,7 @@ onboot: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + diff --git a/test/cases/010_platforms/000_qemu/020_run_efi/test.yml b/test/cases/010_platforms/000_qemu/020_run_efi/test.yml index 56a5ba4b6..354a2f50d 100644 --- a/test/cases/010_platforms/000_qemu/020_run_efi/test.yml +++ b/test/cases/010_platforms/000_qemu/020_run_efi/test.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f - - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" @@ -12,3 +12,6 @@ onboot: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml b/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml index 56a5ba4b6..354a2f50d 100644 --- a/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml +++ b/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f - - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" @@ -12,3 +12,6 @@ onboot: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/010_platforms/000_qemu/100_container/test.yml b/test/cases/010_platforms/000_qemu/100_container/test.yml index 3b0cd9b69..7c0fd1cb0 100644 --- a/test/cases/010_platforms/000_qemu/100_container/test.yml +++ b/test/cases/010_platforms/000_qemu/100_container/test.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" @@ -12,3 +12,6 @@ onboot: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml b/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml index 56a5ba4b6..354a2f50d 100644 --- a/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml +++ b/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f - - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" @@ -12,3 +12,6 @@ onboot: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml index 67985faac..561b46251 100644 --- a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml +++ b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.4.x" cmdline: "console=ttyS0" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: check-kernel-config image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" @@ -12,3 +12,9 @@ onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml index 8102961be..d5ce54d86 100644 --- a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml +++ b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: check-kernel-config image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" @@ -12,3 +12,9 @@ onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/020_kernel/002_config_4.10.x/test-kernel-config.yml b/test/cases/020_kernel/002_config_4.10.x/test-kernel-config.yml index 6b8c96c52..b476bbe83 100644 --- a/test/cases/020_kernel/002_config_4.10.x/test-kernel-config.yml +++ b/test/cases/020_kernel/002_config_4.10.x/test-kernel-config.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.10.x" cmdline: "console=ttyS0" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: check-kernel-config image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" @@ -12,3 +12,9 @@ onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml index 1c3c6d7ee..85843f6eb 100644 --- a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml +++ b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.11.x" cmdline: "console=ttyS0" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: check-kernel-config image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" @@ -12,3 +12,9 @@ onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml b/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml index e4c896e68..1fc3fc0e0 100644 --- a/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml +++ b/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: check image: "kmod-test" @@ -16,3 +16,9 @@ onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml index 4a56fea7a..768cac35c 100644 --- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml +++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml @@ -2,40 +2,29 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b + - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: sysfs - image: "linuxkit/sysfs:1cde5876d44117af61dfea629ad922defcd48808" + image: "linuxkit/sysfs:47367d0ef851e8bf2a9e2f80a05392c17f5c2c88" - name: binfmt - image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d" + image: "linuxkit/binfmt:eb3977596d5fc9e847eee1d34cb3beb3f574cac9" - name: format - image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" - binds: - - /dev:/dev - capabilities: - - CAP_SYS_ADMIN - - CAP_MKNOD + image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66" - name: mount - image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" - binds: - - /dev:/dev - - /var:/var:rshared,rbind - capabilities: - - CAP_SYS_ADMIN - rootfsPropagation: shared + image: "linuxkit/mount:15e20f27abe69d276f796e4026531833ec5ff345" command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0" + image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14" - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" - name: docker - image: "linuxkit/docker-ce:261f93927d85001c65e5ce0f421eb6062f09c0a5" + image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" capabilities: - all net: host @@ -58,5 +47,14 @@ services: trust: image: - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/ca-certificates + - linuxkit/sysctl + - linuxkit/sysfs - linuxkit/binfmt + - linuxkit/format + - linuxkit/mount - linuxkit/rngd + - linuxkit/dhcpcd diff --git a/test/cases/040_packages/000_sysctl/test-sysctl.yml b/test/cases/040_packages/000_sysctl/test-sysctl.yml index 6471deba2..a21bd0782 100644 --- a/test/cases/040_packages/000_sysctl/test-sysctl.yml +++ b/test/cases/040_packages/000_sysctl/test-sysctl.yml @@ -2,13 +2,12 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:1c71f95fa36040ea7e987deb98a7a2a363853f01 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: sysctl - image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" + image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1" - name: test image: "linuxkit/test-sysctl:c4df4c4d692904d6245dcdef1f4a79389bd3d894" - name: poweroff @@ -16,5 +15,7 @@ onboot: trust: image: - linuxkit/kernel - - linuxkit/binfmt - - linuxkit/rngd + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/sysctl diff --git a/test/cases/040_packages/001_mkimage/mkimage.yml b/test/cases/040_packages/001_mkimage/mkimage.yml index bfa8c90c4..8bcced824 100644 --- a/test/cases/040_packages/001_mkimage/mkimage.yml +++ b/test/cases/040_packages/001_mkimage/mkimage.yml @@ -2,12 +2,12 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: mkimage - image: "linuxkit/mkimage:8bb18fe306afaca9ba50fe3148ec12570586c2a6" + image: "linuxkit/mkimage:a3fd615543b84733ac8ba6f7e1927727665ef404" - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" files: @@ -20,5 +20,6 @@ files: trust: image: - linuxkit/kernel - - linuxkit/binfmt - - linuxkit/rngd + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/cases/040_packages/001_mkimage/run.yml b/test/cases/040_packages/001_mkimage/run.yml index e0e14cb47..95f1253c8 100644 --- a/test/cases/040_packages/001_mkimage/run.yml +++ b/test/cases/040_packages/001_mkimage/run.yml @@ -2,15 +2,12 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:1c71f95fa36040ea7e987deb98a7a2a363853f01 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" trust: image: - linuxkit/kernel - - linuxkit/binfmt - - linuxkit/rngd diff --git a/test/hack/test-ltp.yml b/test/hack/test-ltp.yml index f0c793650..06523fdad 100644 --- a/test/hack/test-ltp.yml +++ b/test/hack/test-ltp.yml @@ -2,10 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0" init: - - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e - - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 + - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: ltp image: "linuxkit/test-ltp-20170116:81229df2d25065b06f0a3071faaace8d66c87e67" @@ -20,3 +19,9 @@ onboot: files: - path: /etc/ltp/baseline contents: "100" +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd diff --git a/test/hack/test.yml b/test/hack/test.yml index 44d057164..b2353c484 100644 --- a/test/hack/test.yml +++ b/test/hack/test.yml @@ -4,13 +4,12 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0" init: - - linuxkit/init:deea956a9ab07bf262083e93a86930bdc610cc2f + - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480 - linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38 - - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61 - - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 + - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e" + image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: check-kernel-config image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" @@ -18,3 +17,10 @@ onboot: - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" command: ["/bin/sh", "/poweroff.sh", "3"] +trust: + image: + - linuxkit/kernel + - linuxkit/init + - linuxkit/runc + - linuxkit/containerd + - linuxkit/dhcpcd