Update YAML files with new packages, config, and trust data

- Update to packages using the Alpine 3.6 base image - Remove config for packages which now supply it - Update/add trust section Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2025-09-13 05:39:23 +00:00 · 2017-05-26 15:37:31 +01:00
parent 157c07be15
commit 9bdfcb5b12
41 changed files with 408 additions and 438 deletions
--- a/examples/docker.yml
+++ b/examples/docker.yml
@@ -2,49 +2,31 @@ kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=ttyS0 console=tty0 page_poison=1"
 init:
-  - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e
-  - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
-  - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
-  - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4
+  - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480
+  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+  - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b
+  - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d
 onboot:
  - name: sysctl
-    image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64"
+    image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1"
  - name: sysfs
-    image: linuxkit/sysfs:1cde5876d44117af61dfea629ad922defcd48808
+    image: linuxkit/sysfs:47367d0ef851e8bf2a9e2f80a05392c17f5c2c88
  - name: binfmt
-    image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d"
+    image: "linuxkit/binfmt:eb3977596d5fc9e847eee1d34cb3beb3f574cac9"
  - name: format
-    image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551"
-    binds:
-     - /dev:/dev
-    capabilities:
-     - CAP_SYS_ADMIN
-     - CAP_MKNOD
+    image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66"
  - name: mount
-    image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752"
-    binds:
-     - /dev:/dev
-     - /var:/var:rshared,rbind
-    capabilities:
-     - CAP_SYS_ADMIN
-    rootfsPropagation: shared
+    image: "linuxkit/mount:15e20f27abe69d276f796e4026531833ec5ff345"
    command: ["/mount.sh", "/var/lib/docker"]
 services:
  - name: rngd
-    image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0"
+    image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14"
  - name: dhcpcd
-    image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
+    image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e"
  - name: ntpd
    image: "linuxkit/openntpd:ad834449a7eaf10dc022b3d8d2ed9faf7ec99d37"
-    capabilities:
-      - CAP_SYS_TIME
-      - CAP_SYS_NICE
-      - CAP_SYS_CHROOT
-      - CAP_SETUID
-      - CAP_SETGID
-    net: host
  - name: docker
-    image: "linuxkit/docker-ce:261f93927d85001c65e5ce0f421eb6062f09c0a5"
+    image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59"
    capabilities:
     - all
    net: host
@@ -60,5 +42,15 @@ files:
 trust:
  image:
    - linuxkit/kernel
+    - linuxkit/init
+    - linuxkit/runc
+    - linuxkit/containerd
+    - linuxkit/ca-certificates
+    - linuxkit/sysctl
+    - linuxkit/sysfs
    - linuxkit/binfmt
+    - linuxkit/format
+    - linuxkit/mount
    - linuxkit/rngd
+    - linuxkit/dhcpcd
+    - linuxkit/openntpd
--- a/examples/gcp.yml
+++ b/examples/gcp.yml
@@ -2,15 +2,15 @@ kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=ttyS0 page_poison=1"
 init:
-  - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e
-  - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
-  - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
-  - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4
+  - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480
+  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+  - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b
+  - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d
 onboot:
  - name: sysctl
-    image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64"
+    image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1"
  - name: dhcpcd
-    image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
+    image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e"
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
  - name: metadata
    image: "linuxkit/metadata:a810b68fec9c9282cf096eed50605ddd6b2f3142"
@@ -23,14 +23,9 @@ onboot:
     - CAP_SYS_ADMIN
 services:
  - name: rngd
-    image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0"
+    image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14"
  - name: sshd
-    image: "linuxkit/sshd:1613253e5def414e0dfd261acd0e191eadb5fedf"
-    capabilities:
-     - all
-    net: host
-    pid: host
-    binds:
+    image: "linuxkit/sshd:ddce15b9fbde068941e31294acdcd22befa4fc20"
     - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys
     - /tmp/etc/resolv.conf:/etc/resolv.conf
  - name: nginx
@@ -45,4 +40,10 @@ services:
 trust:
  image:
    - linuxkit/kernel
+    - linuxkit/init
+    - linuxkit/runc
+    - linuxkit/containerd
+    - linuxkit/ca-certificates
+    - linuxkit/sysctl
+    - linuxkit/dhcpcd
    - linuxkit/rngd
--- a/examples/minimal.yml
+++ b/examples/minimal.yml
@@ -2,13 +2,17 @@ kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=ttyS0 console=tty0 page_poison=1"
 init:
-  - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e
-  - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
-  - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
+  - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480
+  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+  - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b
 onboot:
  - name: dhcpcd
-    image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
+    image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e"
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 trust:
  image:
    - linuxkit/kernel
+    - linuxkit/init
+    - linuxkit/runc
+    - linuxkit/containerd
+    - linuxkit/dhcpcd
--- a/examples/node_exporter.yml
+++ b/examples/node_exporter.yml
@@ -2,25 +2,21 @@ kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=ttyS0 page_poison=1"
 init:
-  - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e
-  - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
-  - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
+  - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480
+  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+  - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b
 services:
  - name: rngd
-    image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0"
+    image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14"
  - name: dhcpcd
-    image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
+    image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e"
  - name: node_exporter
-    image: "linuxkit/node_exporter:bdb20b41855d0e2b4edeec44ef569d030ea3cc47"
-    capabilities:
-     - all
-    net: host
-    pid: host
-    binds:
-     - /proc:/host/proc
-     - /sys:/host/sys
-     - /:/rootfs
+    image: "linuxkit/node_exporter:29a85e9c5de1a1bd470a963878194303f6a7bd8c"
 trust:
  image:
    - linuxkit/kernel
+    - linuxkit/init
+    - linuxkit/runc
+    - linuxkit/containerd
    - linuxkit/rngd
+    - linuxkit/dhcpcd
--- a/examples/packet.yml
+++ b/examples/packet.yml
@@ -2,31 +2,32 @@ kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=ttyS1 page_poison=1"
 init:
-  - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e
-  - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
-  - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
-  - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4
+  - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480
+  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+  - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b
+  - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d
 onboot:
  - name: sysctl
-    image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64"
+    image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1"
 services:
  - name: rngd
-    image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0"
+    image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14"
  - name: dhcpcd
-    image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
+    image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e"
  - name: sshd
-    image: "linuxkit/sshd:1613253e5def414e0dfd261acd0e191eadb5fedf"
-    capabilities:
-     - all
-    net: host
-    pid: host
-    binds:
-     - /root/.ssh:/root/.ssh
-     - /etc/resolv.conf:/etc/resolv.conf
-trust:
-  image:
-    - linuxkit/kernel
-    - linuxkit/rngd
+    image: "linuxkit/sshd:ddce15b9fbde068941e31294acdcd22befa4fc20"
 files:
  - path: root/.ssh/authorized_keys
    contents: '#your ssh key here'
+trust:
+  image:
+    - linuxkit/kernel
+    - linuxkit/init
+    - linuxkit/runc
+    - linuxkit/containerd
+    - linuxkit/ca-certificates
+    - linuxkit/sysctl
+    - linuxkit/rngd
+    - linuxkit/dhcpcd
+    - linuxkit/openntpd
+    - linuxkit/sshd
--- a/examples/redis-os.yml
+++ b/examples/redis-os.yml
@@ -4,12 +4,12 @@ kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=ttyS0 console=tty0 page_poison=1"
 init:
-  - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e
-  - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
-  - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
+  - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480
+  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+  - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b
 onboot:
  - name: dhcpcd
-    image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
+    image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e"
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
  - name: redis
@@ -21,3 +21,10 @@ services:
     - CAP_SETGID
     - CAP_DAC_OVERRIDE
    net: host
+trust:
+  image:
+    - linuxkit/kernel
+    - linuxkit/init
+    - linuxkit/runc
+    - linuxkit/containerd
+    - linuxkit/dhcpcd
--- a/examples/sshd.yml
+++ b/examples/sshd.yml
@@ -2,31 +2,31 @@ kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=ttyS0 page_poison=1"
 init:
-  - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e
-  - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
-  - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
-  - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4
+  - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480
+  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+  - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b
+  - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d
 onboot:
  - name: sysctl
-    image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64"
+    image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1"
 services:
  - name: rngd
-    image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0"
+    image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14"
  - name: dhcpcd
-    image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
+    image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e"
  - name: sshd
-    image: "linuxkit/sshd:1613253e5def414e0dfd261acd0e191eadb5fedf"
-    capabilities:
-     - all
-    net: host
-    pid: host
-    binds:
-     - /root/.ssh:/root/.ssh
-     - /etc/resolv.conf:/etc/resolv.conf
-trust:
-  image:
-    - linuxkit/kernel
-    - linuxkit/rngd
+    image: "linuxkit/sshd:ddce15b9fbde068941e31294acdcd22befa4fc20"
 files:
  - path: root/.ssh/authorized_keys
    contents: '#your ssh key here'
+trust:
+  image:
+    - linuxkit/kernel
+    - linuxkit/init
+    - linuxkit/runc
+    - linuxkit/containerd
+    - linuxkit/ca-certificates
+    - linuxkit/sysctl
+    - linuxkit/rngd
+    - linuxkit/dhcpcd
+    - linuxkit/sshd
--- a/examples/swap.yml
+++ b/examples/swap.yml
@@ -2,51 +2,29 @@ kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=ttyS0 console=tty0 page_poison=1"
 init:
-  - linuxkit/init:42fe8cb1508b3afed39eb89821906e3cc7a70551
-  - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
-  - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
+  - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480
+  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+  - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b
  - linuxkit/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
 onboot:
  - name: sysctl
-    image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64"
-  - name: binfmt
-    image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d"
+    image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1"
  - name: dhcpcd
-    image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
+    image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e"
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
  - name: format
-    image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551"
-    binds:
-     - /dev:/dev
-    capabilities:
-     - CAP_SYS_ADMIN
-     - CAP_MKNOD
+    image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66"
  - name: mount
-    image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752"
-    binds:
-     - /dev:/dev
-     - /var:/var:rshared,rbind
-    capabilities:
-     - CAP_SYS_ADMIN
-    rootfsPropagation: shared
+    image: "linuxkit/mount:15e20f27abe69d276f796e4026531833ec5ff345"
    command: ["/mount.sh", "/var/external"]
  - name: swap
-    image: "linuxkit/swap:c4c723a3d6678dc49770181bbb231ec99b271c75"
-    net: host
-    pid: host
-    capabilities:
-     - CAP_SYS_ADMIN
-     - CAP_MKNOD
-    readonly: true
-    binds:
-     - /var:/var
-     - /dev:/dev
+    image: "linuxkit/swap:085f0088dd1ef2f994e707e438218ea4d41bad13"
    # to use unencrypted swap, use:
    # command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G"]
    command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"]
 services:
  - name: rngd
-    image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
+    image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14"
  - name: nginx
    image: "nginx:alpine"
    capabilities:
@@ -59,3 +37,12 @@ services:
 trust:
  image:
    - linuxkit/kernel
+    - linuxkit/init
+    - linuxkit/runc
+    - linuxkit/containerd
+    - linuxkit/ca-certificates
+    - linuxkit/sysctl
+    - linuxkit/dhcpcd
+    - linuxkit/format
+    - linuxkit/mount
+    - linuxkit/rngd
--- a/examples/vmware.yml
+++ b/examples/vmware.yml
@@ -2,18 +2,18 @@ kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=tty0 page_poison=1"
 init:
-  - linuxkit/init:cbd7ae748f0a082516501a3e914fa0c924ee941e
-  - linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
-  - linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
-  - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4
+  - linuxkit/init:4fc8aa82ab34d62d510575c8fbe0c58b7ba9c480
+  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+  - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b
+  - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d
 onboot:
  - name: sysctl
-    image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64"
+    image: "linuxkit/sysctl:b16a483897dd5f71be7e0c04cd090b05f52682e1"
 services:
  - name: rngd
-    image: "linuxkit/rngd:69f951ce2a3a9534dbbc7ba8119e1df4391f06c0"
+    image: "linuxkit/rngd:b67c3151a52b05db50e6207b40876900f2208d14"
  - name: dhcpcd
-    image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
+    image: "linuxkit/dhcpcd:7d2f17a0e5d1ef9a75a527821a9ab0d753b22e7e"
  - name: nginx
    image: "nginx:alpine"
    capabilities:
@@ -26,4 +26,10 @@ services:
 trust:
  image:
    - linuxkit/kernel
+    - linuxkit/init
+    - linuxkit/runc
+    - linuxkit/containerd
+    - linuxkit/ca-certificates
+    - linuxkit/sysctl
    - linuxkit/rngd
+    - linuxkit/dhcpcd