From d9c2c366e4ca839d58d74e3a73b4f19059053f11 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Mon, 29 May 2017 19:34:56 +0100 Subject: [PATCH 01/11] tests: Convert docker-bench to use multi-stage builds Also update to docker 17.05.0-ce and only install the docker CLI, not the rest. Signed-off-by: Rolf Neugebauer --- test/pkg/docker-bench/Dockerfile | 39 ++++++++++++++++++++------------ test/pkg/docker-bench/Makefile | 32 ++++++++------------------ 2 files changed, 33 insertions(+), 38 deletions(-) diff --git a/test/pkg/docker-bench/Dockerfile b/test/pkg/docker-bench/Dockerfile index 60a36727f..a03c90c2a 100644 --- a/test/pkg/docker-bench/Dockerfile +++ b/test/pkg/docker-bench/Dockerfile @@ -1,22 +1,31 @@ -FROM alpine:3.5 -RUN apk update && apk upgrade && apk add --no-cache bash curl -ADD . ./ +FROM linuxkit/alpine:451603daf499e3a40308dbf5571dcffed2343ffa AS mirror +RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ +RUN apk add --no-cache --initdb -p /out \ + alpine-baselayout \ + busybox \ + bash \ + curl +RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache -# Also add docker +FROM scratch +WORKDIR / +COPY --from=mirror /out/ / + +# Add docker ENV DOCKER_BUCKET get.docker.com -ENV DOCKER_VERSION 17.04.0-ce -ENV DOCKER_SHA256 c52cff62c4368a978b52e3d03819054d87bcd00d15514934ce2e0e09b99dd100 +ENV DOCKER_VERSION 17.05.0-ce +ENV DOCKER_SHA256 340e0b5a009ba70e1b644136b94d13824db0aeb52e09071410f35a95d94316d9 -# Downloads docker but only installs the client +# Install just the client RUN set -x \ - && curl -fSL "https://${DOCKER_BUCKET}/builds/$(uname -s)/$(uname -m)/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ - && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ - && tar -xzvf docker.tgz \ - && mv docker/docker /usr/bin/ \ - && rm -rf docker \ - && rm docker.tgz \ - && docker -v + && curl -fSL "https://${DOCKER_BUCKET}/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ + && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ + && tar -xzvf docker.tgz \ + && mv docker/docker /usr/bin/ \ + && rm -rf docker \ + && rm docker.tgz \ + && docker -v -COPY . ./ +COPY bench_runner.sh ./bench_runner.sh ENTRYPOINT ["/bin/sh", "/bench_runner.sh"] diff --git a/test/pkg/docker-bench/Makefile b/test/pkg/docker-bench/Makefile index be0f5be11..4e2524dda 100644 --- a/test/pkg/docker-bench/Makefile +++ b/test/pkg/docker-bench/Makefile @@ -1,29 +1,15 @@ .PHONY: tag push - -BASE=alpine:3.5 -IMAGE=test-docker-bench - default: push -hash: Dockerfile bench_runner.sh - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash +ORG?=linuxkit +IMAGE=test-docker-bench +DEPS=Dockerfile Makefile bench_runner.sh -push: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + docker build --squash --no-cache -t $(ORG)/$(IMAGE):$(HASH) . -clean: - rm -f hash - -.DELETE_ON_ERROR: +push: tag + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) From 3d745c378b9dcbf96a850bb4ea77f8caf5e6539b Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Mon, 29 May 2017 19:36:32 +0100 Subject: [PATCH 02/11] tests: Update unfinished docker-bench test Signed-off-by: Rolf Neugebauer --- test/cases/030_security/000_docker-bench/test-docker-bench.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml index 6a5173cf4..dcd080c9e 100644 --- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml +++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml @@ -36,7 +36,7 @@ services: - /lib/modules:/lib/modules - /run:/var/run - name: test-docker-bench - image: "linuxkit/test-docker-bench:2f941429d874c5dcf05e38005affb4f10192e1a8" + image: "linuxkit/test-docker-bench:5264fdfd098d2bfbacd88159e92bc59a9d2be6cc" ipc: host pid: host net: host From 4423d1943ad4539f1bc90a0191a6792e4cddd4fc Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 30 May 2017 11:06:47 +0100 Subject: [PATCH 03/11] tests: Use multi-stage builds for LTP Signed-off-by: Rolf Neugebauer --- test/pkg/ltp/{Dockerfile.build => Dockerfile} | 12 +++-- test/pkg/ltp/Dockerfile.pkg | 4 -- test/pkg/ltp/Makefile | 49 ++++--------------- 3 files changed, 19 insertions(+), 46 deletions(-) rename test/pkg/ltp/{Dockerfile.build => Dockerfile} (57%) delete mode 100644 test/pkg/ltp/Dockerfile.pkg diff --git a/test/pkg/ltp/Dockerfile.build b/test/pkg/ltp/Dockerfile similarity index 57% rename from test/pkg/ltp/Dockerfile.build rename to test/pkg/ltp/Dockerfile index c9dd6b6e8..77e181195 100644 --- a/test/pkg/ltp/Dockerfile.build +++ b/test/pkg/ltp/Dockerfile @@ -1,7 +1,6 @@ -FROM debian:jessie - -ARG LTP_VERSION +FROM debian:jessie@sha256:476959f29a17423a24a17716e058352ff6fbf13d8389e4a561c8ccc758245937 AS build +ENV LTP_VERSION=20170116 ENV LTP_SOURCE=https://github.com/linux-test-project/ltp/releases/download/${LTP_VERSION}/ltp-full-${LTP_VERSION}.tar.xz ENV DEBIAN_FRONTEND=noninteractive @@ -17,3 +16,10 @@ RUN cd /ltp \ && ./configure \ && make -j "$(getconf _NPROCESSORS_ONLN)" all \ && make install + +FROM debian:jessie-slim@sha256:12d31a3d5a1f7cb272708be35031ba068dec46fa84af6aeb38aef5c8a83e8974 +COPY --from=build /opt/ltp/ /opt/ltp/ +ADD check.sh ./check.sh +WORKDIR /opt/ltp +ENTRYPOINT ["/bin/sh", "/check.sh"] +LABEL org.mobyproject.config='{"pid": "host", "capabilities": ["all"]}' diff --git a/test/pkg/ltp/Dockerfile.pkg b/test/pkg/ltp/Dockerfile.pkg deleted file mode 100644 index a4118d9dd..000000000 --- a/test/pkg/ltp/Dockerfile.pkg +++ /dev/null @@ -1,4 +0,0 @@ -FROM debian:jessie-slim@sha256:fb22c1cef74071a6cd0145c1f91ca85ba9bd3f8b4d6db8560fe69eb36a175ca3 -ADD . / -WORKDIR /opt/ltp -ENTRYPOINT ["/bin/sh", "/check.sh"] diff --git a/test/pkg/ltp/Makefile b/test/pkg/ltp/Makefile index b9c05f8e8..8b7dba55d 100644 --- a/test/pkg/ltp/Makefile +++ b/test/pkg/ltp/Makefile @@ -1,44 +1,15 @@ -LTP_VERSION=20170116 +.PHONY: tag push +default: push -all: ltp.tar push - -# Build LTP and get the result as a tarball -DEPS=Dockerfile.build Makefile -ltp.tag: $(DEPS) - BUILD=$$(docker build -f $< -q . --build-arg LTP_VERSION=$(LTP_VERSION)) && [ -n "$$BUILD" ] && echo "Built $$BUILD" && echo "$$BUILD" > $@ - -ltp.tar: ltp.tag - docker run --rm --net=none --log-driver=none $(shell cat ltp.tag) tar cf - opt/ltp > $@ - -SHASUM=alpine:3.5 +ORG?=linuxkit IMAGE=test-ltp +DEPS=Dockerfile Makefile check.sh -# Note: We do not compute the hash from all the dependencies here -# because the ltp binaries will change everytime we build. Ideally, we -# would calculate the hash from the source and the apt-get cache, but -# it's not that critical. -hash: Dockerfile.pkg ltp.tar check.sh $(DEPS) - tar xf ltp.tar - tar cf - Dockerfile.pkg opt check.sh | docker build --no-cache -t $(IMAGE):build -f Dockerfile.pkg - - cat Dockerfile.pkg check.sh $(DEPS) | DOCKER_CONTENT_TRUST=1 docker run --rm -i $(SHASUM) sha1sum | sed 's/ .*//' > $@ +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -push: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(LTP_VERSION) && \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) && \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(LTP_VERSION)) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + docker build --no-cache -t $(ORG)/$(IMAGE):$(HASH) . -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -.PHONY: clean -clean: - rm -rf opt ltp.tar ltp.tag hash - -.DELETE_ON_ERROR: +push: tag + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) From 551d3dcf3af74c9ad68396503ca2f37c6fc2b277 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 30 May 2017 11:33:05 +0100 Subject: [PATCH 04/11] tests: Update ltp test YAML file Signed-off-by: Rolf Neugebauer --- test/hack/test-ltp.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/test/hack/test-ltp.yml b/test/hack/test-ltp.yml index 811a66ce7..e371c24c9 100644 --- a/test/hack/test-ltp.yml +++ b/test/hack/test-ltp.yml @@ -7,13 +7,9 @@ init: - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: ltp - image: "linuxkit/test-ltp:20170116" - net: host - pid: host + image: "linuxkit/test-ltp:6df23ac196332cafb9c0f8e32f328e22d612267d" binds: - /etc/ltp/baseline:/etc/ltp/baseline - capabilities: - - all - name: poweroff image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" files: From 95b13501f20e79b277ecb8d679fbaec739bc0136 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 30 May 2017 11:46:53 +0100 Subject: [PATCH 05/11] tests: Use the Alpine base image for the poweroff package Also convert it to use the git tree hash Signed-off-by: Rolf Neugebauer --- test/pkg/poweroff/Dockerfile | 12 ++++++++++-- test/pkg/poweroff/Makefile | 32 +++++++++----------------------- 2 files changed, 19 insertions(+), 25 deletions(-) diff --git a/test/pkg/poweroff/Dockerfile b/test/pkg/poweroff/Dockerfile index 597989a64..2c0e005ac 100644 --- a/test/pkg/poweroff/Dockerfile +++ b/test/pkg/poweroff/Dockerfile @@ -1,4 +1,12 @@ -FROM alpine:3.5 -ADD . ./ +FROM linuxkit/alpine:451603daf499e3a40308dbf5571dcffed2343ffa AS mirror +RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ +RUN apk add --no-cache --initdb -p /out alpine-baselayout busybox musl +RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache + +FROM scratch +CMD [] +WORKDIR / +COPY --from=mirror /out/ / +COPY /poweroff.sh /poweroff.sh ENTRYPOINT ["/bin/sh", "/poweroff.sh"] LABEL org.mobyproject.config='{"pid": "host", "readonly": true, "capabilities": ["CAP_SYS_BOOT"]}' diff --git a/test/pkg/poweroff/Makefile b/test/pkg/poweroff/Makefile index b6637911b..05e38c2ab 100644 --- a/test/pkg/poweroff/Makefile +++ b/test/pkg/poweroff/Makefile @@ -1,29 +1,15 @@ .PHONY: tag push - -BASE=alpine:3.5 -IMAGE=poweroff - default: push -hash: Dockerfile poweroff.sh - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash +ORG?=linuxkit +IMAGE=poweroff +DEPS=Dockerfile Makefile poweroff.sh -push: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + docker build --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . -clean: - rm -f hash - -.DELETE_ON_ERROR: +push: tag + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) From 71735292530547fd8514c3abe9221c9233c10a4a Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 30 May 2017 11:49:18 +0100 Subject: [PATCH 06/11] tests: Update YAML files with new poweroff package Signed-off-by: Rolf Neugebauer --- test/cases/010_platforms/000_qemu/000_run_kernel/test.yml | 2 +- test/cases/010_platforms/000_qemu/010_run_iso/test.yml | 2 +- test/cases/010_platforms/000_qemu/020_run_efi/test.yml | 2 +- test/cases/010_platforms/000_qemu/030_run_qcow/test.yml | 2 +- test/cases/010_platforms/000_qemu/100_container/test.yml | 2 +- test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml | 2 +- test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml | 2 +- test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml | 2 +- test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml | 2 +- test/cases/020_kernel/010_kmod_4.9.x/kmod.yml | 2 +- test/cases/040_packages/002_binfmt/test-binfmt.yml | 2 +- .../040_packages/003_ca-certificates/test-ca-certificates.yml | 2 +- test/cases/040_packages/004_dhcpcd/test-dhcpcd.yml | 2 +- test/cases/040_packages/013_mkimage/mkimage.yml | 2 +- test/cases/040_packages/013_mkimage/run.yml | 2 +- test/cases/040_packages/019_sysctl/test-sysctl.yml | 2 +- test/hack/test-ltp.yml | 2 +- test/hack/test.yml | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml b/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml index d68bb91a5..eb9b3a999 100644 --- a/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml +++ b/test/cases/010_platforms/000_qemu/000_run_kernel/test.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "10"] trust: org: diff --git a/test/cases/010_platforms/000_qemu/010_run_iso/test.yml b/test/cases/010_platforms/000_qemu/010_run_iso/test.yml index 29b431782..21cf7b5fe 100644 --- a/test/cases/010_platforms/000_qemu/010_run_iso/test.yml +++ b/test/cases/010_platforms/000_qemu/010_run_iso/test.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "10"] trust: org: diff --git a/test/cases/010_platforms/000_qemu/020_run_efi/test.yml b/test/cases/010_platforms/000_qemu/020_run_efi/test.yml index d68bb91a5..eb9b3a999 100644 --- a/test/cases/010_platforms/000_qemu/020_run_efi/test.yml +++ b/test/cases/010_platforms/000_qemu/020_run_efi/test.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "10"] trust: org: diff --git a/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml b/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml index d68bb91a5..eb9b3a999 100644 --- a/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml +++ b/test/cases/010_platforms/000_qemu/030_run_qcow/test.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "10"] trust: org: diff --git a/test/cases/010_platforms/000_qemu/100_container/test.yml b/test/cases/010_platforms/000_qemu/100_container/test.yml index 2581e8d39..f3182b127 100644 --- a/test/cases/010_platforms/000_qemu/100_container/test.yml +++ b/test/cases/010_platforms/000_qemu/100_container/test.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "3"] trust: org: diff --git a/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml b/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml index d68bb91a5..eb9b3a999 100644 --- a/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml +++ b/test/cases/010_platforms/010_hyperkit/000_run_kernel/test.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "10"] trust: org: diff --git a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml index 146f012d4..69bf09d63 100644 --- a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml +++ b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml @@ -10,7 +10,7 @@ onboot: image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" readonly: true - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "3"] trust: org: diff --git a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml index 5eabc08c3..9db91c61d 100644 --- a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml +++ b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml @@ -10,7 +10,7 @@ onboot: image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" readonly: true - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "3"] trust: org: diff --git a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml index 9c13a8f8b..abbc2b353 100644 --- a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml +++ b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml @@ -10,7 +10,7 @@ onboot: image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" readonly: true - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "3"] trust: org: diff --git a/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml b/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml index 492f8fd28..0518b85cd 100644 --- a/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml +++ b/test/cases/020_kernel/010_kmod_4.9.x/kmod.yml @@ -14,7 +14,7 @@ onboot: capabilities: - all - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "3"] trust: org: diff --git a/test/cases/040_packages/002_binfmt/test-binfmt.yml b/test/cases/040_packages/002_binfmt/test-binfmt.yml index 7ce937b15..618e26cd4 100644 --- a/test/cases/040_packages/002_binfmt/test-binfmt.yml +++ b/test/cases/040_packages/002_binfmt/test-binfmt.yml @@ -16,7 +16,7 @@ onboot: - /proc/sys/fs/binfmt_misc:/binfmt_misc command: ["sh", "./check.sh"] - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "10"] files: - path: check.sh diff --git a/test/cases/040_packages/003_ca-certificates/test-ca-certificates.yml b/test/cases/040_packages/003_ca-certificates/test-ca-certificates.yml index bd5bfcc9f..880245eb0 100644 --- a/test/cases/040_packages/003_ca-certificates/test-ca-certificates.yml +++ b/test/cases/040_packages/003_ca-certificates/test-ca-certificates.yml @@ -15,7 +15,7 @@ onboot: - /etc:/host-etc command: ["sh", "./check.sh"] - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "10"] files: - path: check.sh diff --git a/test/cases/040_packages/004_dhcpcd/test-dhcpcd.yml b/test/cases/040_packages/004_dhcpcd/test-dhcpcd.yml index 794f2b62a..f2d61f8dd 100644 --- a/test/cases/040_packages/004_dhcpcd/test-dhcpcd.yml +++ b/test/cases/040_packages/004_dhcpcd/test-dhcpcd.yml @@ -17,7 +17,7 @@ onboot: - /check.sh:/check.sh command: ["sh", "./check.sh"] - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "10"] files: - path: check.sh diff --git a/test/cases/040_packages/013_mkimage/mkimage.yml b/test/cases/040_packages/013_mkimage/mkimage.yml index a94e3370f..11376288d 100644 --- a/test/cases/040_packages/013_mkimage/mkimage.yml +++ b/test/cases/040_packages/013_mkimage/mkimage.yml @@ -9,7 +9,7 @@ onboot: - name: mkimage image: "linuxkit/mkimage:a3fd615543b84733ac8ba6f7e1927727665ef404" - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" files: - path: data/kernel source: run-kernel diff --git a/test/cases/040_packages/013_mkimage/run.yml b/test/cases/040_packages/013_mkimage/run.yml index 6ab168599..afcb9e7a0 100644 --- a/test/cases/040_packages/013_mkimage/run.yml +++ b/test/cases/040_packages/013_mkimage/run.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b onboot: - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" trust: org: - linuxkit diff --git a/test/cases/040_packages/019_sysctl/test-sysctl.yml b/test/cases/040_packages/019_sysctl/test-sysctl.yml index 9210c7728..6700f25aa 100644 --- a/test/cases/040_packages/019_sysctl/test-sysctl.yml +++ b/test/cases/040_packages/019_sysctl/test-sysctl.yml @@ -18,7 +18,7 @@ onboot: - /check.sh:/check.sh command: ["sh", "./check.sh"] - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "10"] files: - path: check.sh diff --git a/test/hack/test-ltp.yml b/test/hack/test-ltp.yml index e371c24c9..bdd7c7584 100644 --- a/test/hack/test-ltp.yml +++ b/test/hack/test-ltp.yml @@ -11,7 +11,7 @@ onboot: binds: - /etc/ltp/baseline:/etc/ltp/baseline - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" files: - path: /etc/ltp/baseline contents: "100" diff --git a/test/hack/test.yml b/test/hack/test.yml index e37cc0144..179aa543c 100644 --- a/test/hack/test.yml +++ b/test/hack/test.yml @@ -15,7 +15,7 @@ onboot: image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" readonly: true - name: poweroff - image: "linuxkit/poweroff:a8f1e4ad8d459f1fdaad9e4b007512cb3b504ae8" + image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" command: ["/bin/sh", "/poweroff.sh", "3"] trust: image: From 0d718fed4026e825b05da816d9ae488b5a06ddda Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 30 May 2017 12:50:45 +0100 Subject: [PATCH 07/11] tools: Use the Alpine base to build the go-compile image Also, convert to use a git tree hash. Signed-off-by: Rolf Neugebauer --- tools/go-compile/Dockerfile | 22 ++++++++++++------- tools/go-compile/Makefile | 44 ++++++++----------------------------- 2 files changed, 23 insertions(+), 43 deletions(-) diff --git a/tools/go-compile/Dockerfile b/tools/go-compile/Dockerfile index d743063e8..5ee504062 100644 --- a/tools/go-compile/Dockerfile +++ b/tools/go-compile/Dockerfile @@ -1,10 +1,16 @@ -FROM alpine:3.5 -RUN apk update && apk add --no-cache build-base git go +FROM linuxkit/alpine:451603daf499e3a40308dbf5571dcffed2343ffa AS mirror +RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ +RUN apk add --no-cache --initdb -p /out \ + alpine-baselayout \ + busybox \ + git \ + go \ + musl-dev +RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache + +FROM scratch ENV GOPATH=/go PATH=$PATH:/go/bin -RUN go get -u github.com/golang/lint/golint && \ - go get -u github.com/gordonklaus/ineffassign && \ - go get -u github.com/LK4D4/vndr - -COPY . ./ - +COPY --from=mirror /out/ / +COPY --from=mirror /go/bin/ /go/bin/ +COPY /compile.sh /compile.sh ENTRYPOINT ["/compile.sh"] diff --git a/tools/go-compile/Makefile b/tools/go-compile/Makefile index cdd98dca5..1f0995e2a 100644 --- a/tools/go-compile/Makefile +++ b/tools/go-compile/Makefile @@ -1,41 +1,15 @@ .PHONY: tag push - -BASE=alpine:3.5 -IMAGE=go-compile - default: push -hash: Dockerfile compile.sh - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed /go/bin/golint | sha1sum" | sed 's/ .*//' > hash +ORG?=linuxkit +IMAGE=go-compile +DEPS=Dockerfile Makefile compile.sh -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + docker build --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - -.DELETE_ON_ERROR: +push: tag + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) From 677edf8e1596604fbee36278ca2ae2a0eb456669 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 30 May 2017 12:53:14 +0100 Subject: [PATCH 08/11] Update uses of go-compile to latest Signed-off-by: Rolf Neugebauer --- Makefile | 2 +- docs/vendoring.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 327320263..1144d3105 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ all: default VERSION="0.0" # dummy for now GIT_COMMIT=$(shell git rev-list -1 HEAD) -GO_COMPILE=linuxkit/go-compile:3ba94f14de51b73551417e769d122815ec917ee7 +GO_COMPILE=linuxkit/go-compile:6579a00b44686d0e504d513fc4860094769fe7df MOBY?=bin/moby LINUXKIT?=bin/linuxkit diff --git a/docs/vendoring.md b/docs/vendoring.md index 3add45957..ec725a4dc 100644 --- a/docs/vendoring.md +++ b/docs/vendoring.md @@ -22,7 +22,7 @@ docker run -it --rm \ -v $(PWD):/go/src/github.com/docker/moby \ -w /go/src/github.com/docker/moby \ --entrypoint /go/bin/vndr \ -linuxkit/go-compile:90607983001c2789911afabf420394d51f78ced8 +linuxkit/go-compile:6579a00b44686d0e504d513fc4860094769fe7df ``` To update a single dependency: @@ -32,7 +32,7 @@ docker run -it --rm \ -v $(PWD):/go/src/github.com/docker/moby \ -w /go/src/github.com/docker/moby \ --entrypoint /go/bin/vndr \ -linuxkit/go-compile:90607983001c2789911afabf420394d51f78ced8 \ +linuxkit/go-compile:6579a00b44686d0e504d513fc4860094769fe7df \ github.com/docker/docker ``` From 63d50310353cc398d76f73fee2934ae8ed044bba Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 30 May 2017 14:06:08 +0100 Subject: [PATCH 09/11] tools: Add OVMF BIOS firmware to the Alpine base This ovmf package is part of the community repository. We don't want to "pollute" the Alpine base with it. Luckily it's juts a single file which we can install and then copy to the base image. The package is needed for qemu EFI boot. Signed-off-by: Rolf Neugebauer --- tools/alpine/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/alpine/Dockerfile b/tools/alpine/Dockerfile index c6ce018fa..6c543ed4e 100644 --- a/tools/alpine/Dockerfile +++ b/tools/alpine/Dockerfile @@ -24,6 +24,9 @@ RUN apk index --rewrite-arch $(uname -m) -o /mirror/$(uname -m)/APKINDEX.unsigne RUN cp /mirror/$(uname -m)/APKINDEX.unsigned.tar.gz /mirror/$(uname -m)/APKINDEX.tar.gz RUN abuild-sign /mirror/$(uname -m)/APKINDEX.tar.gz +# fetch OVMF for qemu EFI boot (this is not added as a package) +RUN apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/community ovmf + # set this as our repo RUN echo "/mirror" > /etc/apk/repositories && apk update @@ -44,6 +47,7 @@ COPY --from=mirror /etc/apk/repositories /etc/apk/repositories COPY --from=mirror /etc/apk/keys /etc/apk/keys/ COPY --from=mirror /mirror /mirror/ COPY --from=mirror /go/bin /go/bin/ +COPY --from=mirror /usr/share/ovmf/bios.bin /usr/share/ovmf/bios.bin COPY --from=mirror /Dockerfile /Dockerfile COPY --from=shellcheck /usr/local/bin/shellcheck /usr/local/bin/shellcheck From fa9151cc00ae19f6895c28b7b6f939f2aaa3b6fd Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 30 May 2017 15:16:42 +0100 Subject: [PATCH 10/11] tools: Build qemu package from the Alpine base Also use the git tree hash as the hash. Signed-off-by: Rolf Neugebauer --- tools/qemu/Dockerfile | 28 ++++++++++++++++------------ tools/qemu/Makefile | 32 +++++++++----------------------- tools/qemu/repositories | 2 -- 3 files changed, 25 insertions(+), 37 deletions(-) delete mode 100644 tools/qemu/repositories diff --git a/tools/qemu/Dockerfile b/tools/qemu/Dockerfile index fdf734836..5b8324b88 100644 --- a/tools/qemu/Dockerfile +++ b/tools/qemu/Dockerfile @@ -1,15 +1,19 @@ -FROM alpine:edge +FROM linuxkit/alpine:5240cbd9cf371c8211c8f1968e57c51a32098c8f AS mirror +RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ +RUN apk add --no-cache --initdb -p /out \ + alpine-baselayout \ + busybox \ + libarchive-tools \ + qemu-img \ + qemu-system-x86_64 -COPY repositories /etc/apk/ +RUN mkdir -p /out/usr/share/ovmf \ + && cp /usr/share/ovmf/bios.bin /out/usr/share/ovmf/bios.bin +RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache -RUN \ - apk update && apk upgrade && \ - apk add --no-cache \ - libarchive-tools \ - qemu-img \ - qemu-system-arm \ - qemu-system-x86_64 \ - ovmf@testing \ - && true +FROM scratch +ENTRYPOINT [] +CMD [] +WORKDIR / +COPY --from=mirror /out/ / -COPY . . diff --git a/tools/qemu/Makefile b/tools/qemu/Makefile index 081ab654f..0496d8d0e 100644 --- a/tools/qemu/Makefile +++ b/tools/qemu/Makefile @@ -1,29 +1,15 @@ .PHONY: tag push - -BASE=alpine:3.5 -IMAGE=qemu - default: push -hash: Dockerfile repositories - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint /bin/sh $(IMAGE):build -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ +ORG?=linuxkit +IMAGE=qemu +DEPS=Dockerfile Makefile -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + DOCKER_CONTENT_TRUST=1 docker build --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . -clean: - rm -f hash - -.DELETE_ON_ERROR: +push: tag + docker pull $(ORG)/$(IMAGE):$(HASH) || \ + docker push $(ORG)/$(IMAGE):$(HASH) diff --git a/tools/qemu/repositories b/tools/qemu/repositories deleted file mode 100644 index a276cf86e..000000000 --- a/tools/qemu/repositories +++ /dev/null @@ -1,2 +0,0 @@ -http://dl-cdn.alpinelinux.org/alpine/edge/main -@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing From cbecd19c5165a5d4dcb11356ca4b6731a83be411 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 30 May 2017 16:23:35 +0100 Subject: [PATCH 11/11] cli: Update qemu runner to use the new qemu image Signed-off-by: Rolf Neugebauer --- src/cmd/linuxkit/run_qemu.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmd/linuxkit/run_qemu.go b/src/cmd/linuxkit/run_qemu.go index 5bd144fbe..44394556c 100644 --- a/src/cmd/linuxkit/run_qemu.go +++ b/src/cmd/linuxkit/run_qemu.go @@ -15,7 +15,7 @@ import ( ) // QemuImg is the version of qemu container -const QemuImg = "linuxkit/qemu:17f052263d63c8a2b641ad91c589edcbb8a18c82" +const QemuImg = "linuxkit/qemu:c9691f5c50dd191e62b77eaa2f3dfd05ed2ed77c" // QemuConfig contains the config for Qemu type QemuConfig struct {