Replace mkinitrd.sh with a tool to convert base image to initrd

Better split between content and tools. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-07-19 09:16:29 +00:00 · 2017-02-01 22:32:34 +00:00 · 2017-02-01 22:32:34 +00:00 · 9fe9e95349
commit 9fe9e95349
parent 2e39ad92e2
6 changed files with 93 additions and 51 deletions
--- a/alpine/Dockerfile
+++ b/alpine/Dockerfile
@ -1,7 +1,5 @@
 FROM mobylinux/alpine-base:5837a236153f00bb215642e3e0639252eb49cdf9@sha256:f6f12aebe2af07c9250014ff283485dbdf082bd9cfbd74aad27a3d2dcf13e0b1

-ENV ARCH=x86_64
-
 RUN \
  addgroup -g 50 docker && \
  adduser -G docker -u 1001 -s /bin/sh -D -g "Docker" docker && \
@ -9,7 +7,6 @@ RUN \
  adduser -D -H -s /sbin/nologin dockremap

 COPY . .
-RUN rm Dockerfile

 RUN \
  rc-update add sysctl boot && \
@ -59,5 +56,3 @@ RUN \
  rc-update add gcp-hostname default && \
  rc-update add gcp-startup default && \
  true
-
-CMD ["/mkinitrd.sh"]
--- a/alpine/Makefile
+++ b/alpine/Makefile
@ -1,7 +1,5 @@
 all:	initrd.img initrd-test.img mobylinux-efi.iso mobylinux-bios.iso

-ETCFILES=$(shell find etc)
-
 TAG=$(shell git rev-parse HEAD)
 STATUS=$(shell git status -s)
 ifeq ($(STATUS),)
@ -25,11 +23,12 @@ TARTAR2INITRD_IMAGE=mobylinux/tartar2initrd:d56cde1558e3080e59a32e3cd7c7141baa60

 GCE_IMAGE=mobylinux/mkimage-gce:83158ebe303a970a3131c3d02ef2ba00ca5e4a14@sha256:51c30fbf946ca9967688a411e7bf69769a22987cd47ad03428491dd1556fcf63

-moby.img: Dockerfile mkinitrd.sh init $(ETCFILES)
+MKIMAGE_BASE=mobylinux/mkimage-base:870f7512498f2ce5feccebe15fb0d03c5c3ebac2@sha256:47d1ed872b6a44f13b61ea80b3eeab4519dc151c7d684a89a53aa26233b4e087
+
+moby.img: Dockerfile etc usr init
 	$(MAKE) -j -C packages
 	printf $(TAG)$(DIRTY) > etc/moby-commit
-	BUILD=$$( tar cf - \
-	  Dockerfile etc usr init mkinitrd.sh \
+	BUILD=$$( tar cf - $^ \
 	  -C packages/proxy usr sbin etc -C ../.. \
 	  -C packages/transfused sbin etc -C ../.. \
 	  -C packages/tap-vsockd sbin etc -C ../.. \
@ -55,8 +54,8 @@ moby.img: Dockerfile mkinitrd.sh init $(ETCFILES)
 	  | \
 	  docker build -q - ) && [ -n "$$BUILD" ] && echo "Built $$BUILD" && \
 	echo $$BUILD > mobylinux.tag && \
-	docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp --tmpfs /initrd $$BUILD | \
-		docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -i $(PAD4_IMAGE) > $@
+	docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -v /var/run/docker.sock:/var/run/docker.sock $(MKIMAGE_BASE) $$BUILD | \
+		docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -i $(TAR2INITRD_IMAGE) > $@

 container.img:
 	$(MAKE) -j -C containers
--- a/alpine/mkinitrd.sh
+++ b/alpine/mkinitrd.sh
@ -1,39 +0,0 @@
-#!/bin/sh
-
-set -e
-
-rm -rf /tmp/*
-
-for f in $(ls | grep -vE 'dev|sys|proc|tmp|export|mnt')
-do
-  cp -a $f /tmp
-done
-
-mkdir -m 555 /tmp/dev /tmp/proc /tmp/sys /tmp/mnt
-mkdir -m 1777 /tmp/tmp
-
-# these three files are bind mounted in by docker so they are not what we want
-
-cat << EOF > /tmp/etc/hosts
-127.0.0.1	localhost
-::1	localhost ip6-localhost ip6-loopback
-fe00::0	ip6-localnet
-ff00::0	ip6-mcastprefix
-ff02::1	ip6-allnodes
-ff02::2	ip6-allrouters
-EOF
-
-cat << EOF > /tmp/etc/resolv.conf
-nameserver 8.8.8.8
-nameserver 8.8.4.4
-nameserver 2001:4860:4860::8888
-nameserver 2001:4860:4860::8844
-EOF
-
-printf 'moby' > /tmp/etc/hostname
-
-cd /tmp
-
-rm mkinitrd.sh
-
-find . | cpio -H newc -o | gzip -9
--- a/tools/mkimage-base/Dockerfile
+++ b/tools/mkimage-base/Dockerfile
@ -0,0 +1,12 @@
+FROM alpine:3.5
+
+RUN \
+  apk update && apk upgrade && \
+  apk add \
+  docker \
+  tar \
+  && true
+
+COPY . .
+
+ENTRYPOINT ["/mkimage.sh"]
--- a/tools/mkimage-base/Makefile
+++ b/tools/mkimage-base/Makefile
@ -0,0 +1,29 @@
+.PHONY: tag push
+
+BASE=alpine:3.5
+IMAGE=mkimage-base
+
+default: push
+
+hash: Dockerfile mkimage.sh
+	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
+	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
+	docker run --entrypoint=/bin/sh --rm $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > $@
+
+push: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		 (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
+		  docker push mobylinux/$(IMAGE):$(shell cat hash))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+tag: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+clean:
+	rm -f hash
+
+.DELETE_ON_ERROR:
--- a/tools/mkimage-base/mkimage.sh
+++ b/tools/mkimage-base/mkimage.sh
@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+# arguments are image name
+# This script will output a tarball, suitable to be turned into a cpio archive
+# This is a bit hacky, should be improved later, as it hardcodes config.
+
+IMAGE="$1"; shift
+
+cd /tmp
+
+# extract rootfs
+EXCLUDE="--exclude .dockerenv --exclude Dockerfile \
+        --exclude dev/console --exclude dev/pts --exclude dev/shm \
+        --exclude etc/hostname --exclude etc/hosts --exclude etc/mtab --exclude etc/resolv.conf"
+
+CONTAINER="$(docker create $IMAGE /dev/null)"
+docker export "$CONTAINER" | tar -xf - $EXCLUDE
+docker rm "$CONTAINER" > /dev/null
+
+# these three files are bind mounted in by docker so they are not what we want
+
+mkdir -p etc
+
+cat << EOF > etc/hosts
+127.0.0.1	localhost
+::1	localhost ip6-localhost ip6-loopback
+fe00::0	ip6-localnet
+ff00::0	ip6-mcastprefix
+ff02::1	ip6-allnodes
+ff02::2	ip6-allrouters
+EOF
+
+cat << EOF > etc/resolv.conf
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+nameserver 2001:4860:4860::8888
+nameserver 2001:4860:4860::8844
+EOF
+
+printf 'moby' > etc/hostname
+
+ln -s /proc/mounts etc/mtab
+
+tar cf - .