diff --git a/base/ca-certificates/Dockerfile b/base/ca-certificates/Dockerfile deleted file mode 100644 index 7e2c668ad..000000000 --- a/base/ca-certificates/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM debian:testing - -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update && apt-get -yq upgrade && apt-get install -yq ca-certificates diff --git a/base/containerd/Dockerfile b/base/containerd/Dockerfile deleted file mode 100644 index 27374fd4c..000000000 --- a/base/containerd/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -FROM golang:1.7-alpine3.5 -RUN \ - apk update && apk upgrade -a && \ - apk add --no-cache \ - btrfs-progs-dev \ - gcc \ - git \ - libc-dev \ - linux-headers \ - make \ - && true -ENV CONTAINERD_COMMIT=8353da59c6ae7e1933aac2228df23541ef8b163f -RUN mkdir -p $GOPATH/src/github.com/docker && \ - cd $GOPATH/src/github.com/docker && \ - git clone https://github.com/docker/containerd.git -WORKDIR $GOPATH/src/github.com/docker/containerd -RUN git checkout $CONTAINERD_COMMIT -RUN make binaries GO_GCFLAGS="-buildmode pie --ldflags '-extldflags \"-fno-PIC -static\"'" -RUN cp bin/containerd bin/ctr bin/containerd-shim bin/dist /usr/bin/ -WORKDIR / -COPY . . diff --git a/examples/docker.yml b/examples/docker.yml index b9193bf27..1f1f70110 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -2,7 +2,10 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - "mobylinux/init:7a17035030dca3938947516241f51d28922cebb2" + - mobylinux/init:925c88f42d92d57cd36b656db1f8757b152163a7 + - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 + - mobylinux/containerd:68bb523deea09da293d675cbf88474eced540b8c + - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/examples/gcp.yml b/examples/gcp.yml index eb8889c81..02c6cb9d0 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -2,7 +2,10 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - "mobylinux/init:7a17035030dca3938947516241f51d28922cebb2" + - mobylinux/init:925c88f42d92d57cd36b656db1f8757b152163a7 + - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 + - mobylinux/containerd:68bb523deea09da293d675cbf88474eced540b8c + - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/examples/sshd.yml b/examples/sshd.yml index 308a84d0e..3fa46ae61 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -2,7 +2,10 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - "mobylinux/init:7a17035030dca3938947516241f51d28922cebb2" + - mobylinux/init:925c88f42d92d57cd36b656db1f8757b152163a7 + - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 + - mobylinux/containerd:68bb523deea09da293d675cbf88474eced540b8c + - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/examples/vmware.yml b/examples/vmware.yml index 0a687733a..7f01435de 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -2,7 +2,10 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=tty0 page_poison=1" init: - - "mobylinux/init:7a17035030dca3938947516241f51d28922cebb2" + - mobylinux/init:925c88f42d92d57cd36b656db1f8757b152163a7 + - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 + - mobylinux/containerd:68bb523deea09da293d675cbf88474eced540b8c + - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/moby.yml b/moby.yml index 27d3629b7..b63a5d0b8 100644 --- a/moby.yml +++ b/moby.yml @@ -2,7 +2,10 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - "mobylinux/init:7a17035030dca3938947516241f51d28922cebb2" + - mobylinux/init:925c88f42d92d57cd36b656db1f8757b152163a7 + - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 + - mobylinux/containerd:68bb523deea09da293d675cbf88474eced540b8c + - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/pkg/ca-certificates/Dockerfile b/pkg/ca-certificates/Dockerfile new file mode 100644 index 000000000..cbf55ab87 --- /dev/null +++ b/pkg/ca-certificates/Dockerfile @@ -0,0 +1,7 @@ +FROM debian:testing + +ENV DEBIAN_FRONTEND=noninteractive +RUN apt-get update && apt-get -yq upgrade && apt-get install -yq ca-certificates + +RUN printf "FROM scratch\nCOPY /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/\n" > Dockerfile +CMD ["tar", "cf", "-", "Dockerfile", "etc/ssl/certs/ca-certificates.crt"] diff --git a/base/ca-certificates/Makefile b/pkg/ca-certificates/Makefile similarity index 65% rename from base/ca-certificates/Makefile rename to pkg/ca-certificates/Makefile index ade4a3179..cbb85717b 100644 --- a/base/ca-certificates/Makefile +++ b/pkg/ca-certificates/Makefile @@ -7,8 +7,10 @@ default: push hash: Dockerfile DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'cat /etc/ssl/certs/ca-certificates.crt | sha1sum' | sed 's/ .*//' > hash + tar cf - $^ | docker build --no-cache -t $(IMAGE):build0 - + docker run --rm $(IMAGE):build0 | docker build --no-cache -t $(IMAGE):build - + docker run --rm -i $(IMAGE):build0 sh -c "cat /etc/ssl/certs/ca-certificates.crt /etc/debian_version | sha1sum - | sed 's/ .*//'" > $@ + docker rmi $(IMAGE):build0 push: hash docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ diff --git a/pkg/containerd/Dockerfile b/pkg/containerd/Dockerfile new file mode 100644 index 000000000..882ddeaab --- /dev/null +++ b/pkg/containerd/Dockerfile @@ -0,0 +1,22 @@ +FROM golang:1.7-alpine3.5 +RUN \ + apk update && apk upgrade -a && \ + apk add --no-cache \ + btrfs-progs-dev \ + gcc \ + git \ + libc-dev \ + linux-headers \ + make \ + && true +ENV CONTAINERD_COMMIT=e5c8c5634a1fa82da41c1b707f8a9889bcfca248 +RUN mkdir -p $GOPATH/src/github.com/containerd && \ + cd $GOPATH/src/github.com/containerd && \ + git clone https://github.com/containerd/containerd.git +WORKDIR $GOPATH/src/github.com/containerd/containerd +RUN git checkout $CONTAINERD_COMMIT +RUN make binaries GO_GCFLAGS="-buildmode pie --ldflags '-extldflags \"-fno-PIC -static\"'" +RUN cp bin/containerd bin/ctr bin/containerd-shim bin/dist /usr/bin/ +WORKDIR / +RUN printf "FROM scratch\nCOPY /usr/bin/* /usr/bin/\n" > Dockerfile +CMD ["tar", "cf", "-", "Dockerfile", "usr/bin/containerd", "usr/bin/ctr", "usr/bin/containerd-shim", "usr/bin/dist"] diff --git a/base/containerd/Makefile b/pkg/containerd/Makefile similarity index 61% rename from base/containerd/Makefile rename to pkg/containerd/Makefile index 9dd2c5017..376c9bfee 100644 --- a/base/containerd/Makefile +++ b/pkg/containerd/Makefile @@ -1,3 +1,5 @@ +SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 + .PHONY: tag push BASE=golang:1.7-alpine3.5 @@ -7,8 +9,10 @@ default: push hash: Dockerfile DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ + tar cf - $^ | docker build --no-cache -t $(IMAGE):build0 - + docker run --rm $(IMAGE):build0 | docker build --no-cache -t $(IMAGE):build - + docker rmi $(IMAGE):build0 + find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > $@ push: hash docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ diff --git a/pkg/init/Makefile b/pkg/init/Makefile index d5cf7127a..8b5f30eef 100644 --- a/pkg/init/Makefile +++ b/pkg/init/Makefile @@ -1,22 +1,8 @@ -CONTAINERD_IMAGE=mobylinux/containerd:a688df6aee1e3700eb8d54dbc81070361df397a2@sha256:59ee3da05fe4dad4fbecff582c86fc30ce75e19a225eeeb07e203c9cc36fe34f -CONTAINERD_BINARIES=usr/bin/containerd usr/bin/containerd-shim usr/bin/ctr usr/bin/dist - -RUNC_IMAGE=mobylinux/runc:f225fb93dc3e6dda1cc9004962893015b29dc2d6@sha256:e75c4b274236bd3ad9f4db0a91a6f2174c8c77009c361ab5dd7a4169406675bc -RUNC_BINARY=usr/bin/runc - C_COMPILE=mobylinux/c-compile:81a6bd8ff45d769b60a2ee1acdaccda11ab835c8@sha256:eac250997a3b9784d3285a03c0c8311d4ca6fb63dc75164c987411ba93006487 START_STOP_DAEMON=sbin/start-stop-daemon default: push -$(RUNC_BINARY): Makefile - mkdir -p $(dir $@) - docker run --rm --net=none $(RUNC_IMAGE) tar cf - $@ | tar xf - - -$(CONTAINERD_BINARIES): Makefile - mkdir -p $(dir $@) - docker run --rm --net=none $(CONTAINERD_IMAGE) tar cf - $@ | tar xf - - $(START_STOP_DAEMON): start-stop-daemon.c mkdir -p $(dir $@) tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(C_COMPILE) -o $@ | tar xf - @@ -28,7 +14,7 @@ IMAGE=init ETC=$(shell find etc -type f) -hash: Dockerfile $(ETC) init $(RUNC_BINARY) $(CONTAINERD_BINARIES) $(START_STOP_DAEMON) +hash: Dockerfile $(ETC) init $(START_STOP_DAEMON) DOCKER_CONTENT_TRUST=1 docker pull $(BASE) tar cf - $^ | docker build --no-cache -t $(IMAGE):build - docker run --rm $(IMAGE):build sh -c 'cat $^ /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ diff --git a/base/runc/Dockerfile b/pkg/runc/Dockerfile similarity index 83% rename from base/runc/Dockerfile rename to pkg/runc/Dockerfile index a1b5ff854..15a5f41a7 100644 --- a/base/runc/Dockerfile +++ b/pkg/runc/Dockerfile @@ -20,4 +20,5 @@ RUN git checkout $RUNC_COMMIT RUN make static BUILDTAGS="seccomp" RUN cp runc /usr/bin/ WORKDIR / -COPY . . +RUN printf "FROM scratch\nCOPY /usr/bin/runc /usr/bin/\n" > Dockerfile +CMD ["tar", "cf", "-", "Dockerfile", "usr/bin/runc"] diff --git a/base/runc/Makefile b/pkg/runc/Makefile similarity index 61% rename from base/runc/Makefile rename to pkg/runc/Makefile index 27c740302..ef1fb7ccf 100644 --- a/base/runc/Makefile +++ b/pkg/runc/Makefile @@ -1,3 +1,5 @@ +SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 + .PHONY: tag push BASE=golang:1.7-alpine3.5 @@ -7,8 +9,10 @@ default: push hash: Dockerfile DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ + tar cf - $^ | docker build --no-cache -t $(IMAGE):build0 - + docker run --rm $(IMAGE):build0 | docker build --no-cache -t $(IMAGE):build - + docker rmi $(IMAGE):build0 + find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > $@ push: hash docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ diff --git a/test/ltp/test-ltp.yml b/test/ltp/test-ltp.yml index 4c5efcae2..5d736057d 100644 --- a/test/ltp/test-ltp.yml +++ b/test/ltp/test-ltp.yml @@ -2,7 +2,10 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0" init: - - "mobylinux/init:7a17035030dca3938947516241f51d28922cebb2" + - mobylinux/init:925c88f42d92d57cd36b656db1f8757b152163a7 + - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 + - mobylinux/containerd:68bb523deea09da293d675cbf88474eced540b8c + - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 system: - name: ltp image: "mobylinux/test-ltp-20170116:fdca2d1bb019b1d51e722e6032c82c7933d4b870" diff --git a/test/test.yml b/test/test.yml index 61b2fc920..91f172241 100644 --- a/test/test.yml +++ b/test/test.yml @@ -2,7 +2,10 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0" init: - - "mobylinux/init:7a17035030dca3938947516241f51d28922cebb2" + - mobylinux/init:925c88f42d92d57cd36b656db1f8757b152163a7 + - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 + - mobylinux/containerd:68bb523deea09da293d675cbf88474eced540b8c + - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 system: - name: binfmt image: "mobylinux/binfmt:bdb754f25a5d851b4f5f8d185a43dfcbb3c22d01" diff --git a/test/virtsock/test-virtsock-server.yml b/test/virtsock/test-virtsock-server.yml index dd31a0ffe..a63702b16 100644 --- a/test/virtsock/test-virtsock-server.yml +++ b/test/virtsock/test-virtsock-server.yml @@ -6,7 +6,10 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - "mobylinux/init:7a17035030dca3938947516241f51d28922cebb2" + - mobylinux/init:925c88f42d92d57cd36b656db1f8757b152163a7 + - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 + - mobylinux/containerd:68bb523deea09da293d675cbf88474eced540b8c + - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"