diff --git a/Makefile b/Makefile index b5e32c1e0..5e4e1fd85 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ all: default VERSION="0.0" # dummy for now GIT_COMMIT=$(shell git rev-list -1 HEAD) -GO_COMPILE=linuxkit/go-compile:5bf17af781df44f07906099402680b9a661f999b +GO_COMPILE=linuxkit/go-compile:3ba94f14de51b73551417e769d122815ec917ee7 MOBY?=bin/moby LINUXKIT?=bin/linuxkit diff --git a/examples/docker.yml b/examples/docker.yml index d1fa0ba20..6c8c13baf 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -8,9 +8,9 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: sysfs - image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c + image: linuxkit/sysfs:1cde5876d44117af61dfea629ad922defcd48808 - name: binfmt image: "linuxkit/binfmt:548f7f044f5411a8938913527c5ce55d9876bb07" binds: diff --git a/examples/gcp.yml b/examples/gcp.yml index 73d945d46..6cada4ef5 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: dhcpcd image: "linuxkit/dhcpcd:cb96c09a33c166eca6530f166f0f79927c3e83b0" binds: diff --git a/examples/packet.yml b/examples/packet.yml index a58925f9b..29faa974e 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" services: - name: rngd image: "linuxkit/rngd:c97ef16be340884a985d8b025983505a9bcc51f0" diff --git a/examples/sshd.yml b/examples/sshd.yml index 0a5bc8ecc..0e7dd035e 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" services: - name: rngd image: "linuxkit/rngd:c97ef16be340884a985d8b025983505a9bcc51f0" diff --git a/examples/swap.yml b/examples/swap.yml index 770a92a9e..0075229ea 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: binfmt image: "linuxkit/binfmt:548f7f044f5411a8938913527c5ce55d9876bb07" binds: diff --git a/examples/vmware.yml b/examples/vmware.yml index 151639a56..41f1923ad 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" services: - name: rngd image: "linuxkit/rngd:c97ef16be340884a985d8b025983505a9bcc51f0" diff --git a/linuxkit.yml b/linuxkit.yml index ef160473f..55e294e95 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: binfmt image: "linuxkit/binfmt:548f7f044f5411a8938913527c5ce55d9876bb07" binds: diff --git a/pkg/sysctl/.gitignore b/pkg/sysctl/.gitignore deleted file mode 100644 index db2b4ca32..000000000 --- a/pkg/sysctl/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -dev -proc -sys -usr diff --git a/pkg/sysctl/Dockerfile b/pkg/sysctl/Dockerfile index 31b43ac11..1bc417bb2 100644 --- a/pkg/sysctl/Dockerfile +++ b/pkg/sysctl/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:6fd232518678407a5ce4b31f7e21e07a883b4ba4@sha256:f5084a6b1716dd931749d1308529ee904f87fa74a5a9523f23046c4a1215424e AS mirror +FROM linuxkit/alpine:5f6db26ab7bf6a9c452a612e236cc7495408132b@sha256:d009afc85d0b005daf51c8f3026aa552ab997dc47cab43915e9dc761accae086 AS mirror RUN apk add --no-cache go musl-dev ENV GOPATH=/go PATH=$PATH:/go/bin diff --git a/pkg/sysfs/.gitignore b/pkg/sysfs/.gitignore deleted file mode 100644 index db2b4ca32..000000000 --- a/pkg/sysfs/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -dev -proc -sys -usr diff --git a/pkg/sysfs/Dockerfile b/pkg/sysfs/Dockerfile index fa7e5a86f..42946bc42 100644 --- a/pkg/sysfs/Dockerfile +++ b/pkg/sysfs/Dockerfile @@ -1,3 +1,15 @@ +FROM linuxkit/alpine:5f6db26ab7bf6a9c452a612e236cc7495408132b@sha256:d009afc85d0b005daf51c8f3026aa552ab997dc47cab43915e9dc761accae086 AS mirror + +RUN apk add --no-cache go musl-dev +ENV GOPATH=/go PATH=$PATH:/go/bin + +COPY main.go /go/src/sysfs/ +RUN go-compile.sh /go/src/sysfs + FROM scratch -COPY . ./ +ENTRYPOINT [] +CMD [] +WORKDIR / +COPY --from=mirror /go/bin/sysfs /usr/bin/sysfs +COPY etc/ /etc/ CMD ["/usr/bin/sysfs"] diff --git a/pkg/sysfs/Makefile b/pkg/sysfs/Makefile index d6e3b28c7..cebfb5003 100644 --- a/pkg/sysfs/Makefile +++ b/pkg/sysfs/Makefile @@ -1,45 +1,15 @@ -GO_COMPILE=linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 - -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 - -SYSFS_BINARY=usr/bin/sysfs +.PHONY: tag push +default: push ORG?=linuxkit IMAGE=sysfs +DEPS=Dockerfile Makefile main.go -.PHONY: tag push clean container -default: push +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -$(SYSFS_BINARY): main.go - mkdir -p $(dir $@) - tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(GO_COMPILE) -o $@ | tar xf - +tag: $(DEPS) + docker build --squash --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . -DIRS=dev proc sys -$(DIRS): - mkdir -p $@ - -DEPS=$(DIRS) $(SYSFS_BINARY) etc/sysfs.d/00-moby.conf - -container: Dockerfile $(DEPS) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - -hash: Dockerfile $(DEPS) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash - -push: hash container - docker pull $(ORG)/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build $(ORG)/$(IMAGE):$(shell cat hash) && \ - docker push $(ORG)/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash container - docker pull $(ORG)/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build $(ORG)/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -rf hash $(DIRS) usr - -.DELETE_ON_ERROR: +push: tag + docker pull $(ORG)/$(IMAGE):$(HASH) || \ + docker push $(ORG)/$(IMAGE):$(HASH) diff --git a/projects/etcd/etcd.yml b/projects/etcd/etcd.yml index 4341f55b5..023ef2ed7 100644 --- a/projects/etcd/etcd.yml +++ b/projects/etcd/etcd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: format image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: diff --git a/projects/etcd/prom-us-central1-f.yml b/projects/etcd/prom-us-central1-f.yml index 7df7b10f5..c4219d40f 100644 --- a/projects/etcd/prom-us-central1-f.yml +++ b/projects/etcd/prom-us-central1-f.yml @@ -8,7 +8,7 @@ init: - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: dhcpcd image: "linuxkit/dhcpcd:cb96c09a33c166eca6530f166f0f79927c3e83b0" binds: diff --git a/projects/ima-namespace/ima-namespace.yml b/projects/ima-namespace/ima-namespace.yml index 30e8f9d52..5da7a46b2 100644 --- a/projects/ima-namespace/ima-namespace.yml +++ b/projects/ima-namespace/ima-namespace.yml @@ -9,7 +9,7 @@ init: - linuxkit/ima-utils:fe119c7dac08884f4144cd106dc279ddd8b37517 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: binfmt image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index ebe5fd8d6..df803bea1 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -8,9 +8,9 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: sysfs - image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c + image: linuxkit/sysfs:1cde5876d44117af61dfea629ad922defcd48808 - name: binfmt image: "linuxkit/binfmt:548f7f044f5411a8938913527c5ce55d9876bb07" binds: diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index 25c458148..ae09ec6fd 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -8,9 +8,9 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: sysfs - image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c + image: linuxkit/sysfs:1cde5876d44117af61dfea629ad922defcd48808 - name: binfmt image: "linuxkit/binfmt:548f7f044f5411a8938913527c5ce55d9876bb07" binds: diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index e3c5a0bde..a9264531f 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -9,7 +9,7 @@ init: - linuxkit/memlogd:9b5834189f598f43c507f6938077113906f51012 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: binfmt image: "linuxkit/binfmt:548f7f044f5411a8938913527c5ce55d9876bb07" binds: diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index f21ae92d1..0db590b70 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -8,7 +8,7 @@ init: - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: binfmt image: linuxkit/binfmt:548f7f044f5411a8938913527c5ce55d9876bb07 binds: diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index 8e601eab2..68293dd99 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" services: - name: rngd image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index 2c1cee035..32677c4e9 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: dhcpcd image: "linuxkit/dhcpcd:cb96c09a33c166eca6530f166f0f79927c3e83b0" binds: diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml index 2944f8c1f..85b4d0444 100644 --- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml +++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml @@ -8,9 +8,9 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: sysfs - image: "linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c" + image: "linuxkit/sysfs:1cde5876d44117af61dfea629ad922defcd48808" - name: binfmt image: "linuxkit/binfmt:548f7f044f5411a8938913527c5ce55d9876bb07" binds: diff --git a/test/cases/040_packages/000_sysctl/test-sysctl.yml b/test/cases/040_packages/000_sysctl/test-sysctl.yml index f6bceee6e..3edd4dd78 100644 --- a/test/cases/040_packages/000_sysctl/test-sysctl.yml +++ b/test/cases/040_packages/000_sysctl/test-sysctl.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4 onboot: - name: sysctl - image: "linuxkit/sysctl:13a37b8d38fbec34d8c7d3bd4dadb57c9f92c94c" + image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64" - name: test image: "linuxkit/test-sysctl:c4df4c4d692904d6245dcdef1f4a79389bd3d894" - name: poweroff diff --git a/tools/alpine/Dockerfile b/tools/alpine/Dockerfile index b4f947728..80d6a6fdb 100644 --- a/tools/alpine/Dockerfile +++ b/tools/alpine/Dockerfile @@ -27,7 +27,7 @@ RUN echo "/mirror" > /etc/apk/repositories && apk update # add Go validation tools COPY go-compile.sh /go/bin/ -RUN apk add --no-cache build-base git go +RUN apk add --no-cache git go musl-dev ENV GOPATH=/go PATH=$PATH:/go/bin RUN go get -u github.com/golang/lint/golint RUN go get -u github.com/gordonklaus/ineffassign diff --git a/tools/alpine/go-compile.sh b/tools/alpine/go-compile.sh index abe1f2909..2f538e56c 100755 --- a/tools/alpine/go-compile.sh +++ b/tools/alpine/go-compile.sh @@ -33,14 +33,4 @@ go test export CGO_ENABLED=0 -if [ "$GOOS" = "darwin" -o "$GOOS" = "windows" ] -then - if [ -z "$ldflags" ] - then - go install - else - go install -ldflags "${ldflags}" - fi -else - go install -buildmode pie -ldflags "-s -w ${ldflags} -extldflags \"-fno-PIC -static\"" -fi +go install -buildmode pie -ldflags "-s -w ${ldflags} -extldflags \"-fno-PIC -static\"" diff --git a/tools/alpine/versions b/tools/alpine/versions index f7037ab5a..9d3ea799a 100644 --- a/tools/alpine/versions +++ b/tools/alpine/versions @@ -113,7 +113,7 @@ lzo-2.10-r0 m4-1.4.18-r0 make-4.2.1-r0 mesa-gbm-17.0.3-r1 -mkinitfs-3.0.9-r1 +mkinitfs-3.1.0_rc1-r0 mpc1-1.0.3-r0 mpfr3-3.1.5-r0 mtools-4.0.18-r1 @@ -136,7 +136,7 @@ patch-2.7.5-r1 pcre-8.40-r2 perl-5.24.1-r2 pixman-0.34.0-r0 -pkgconf-1.3.6-r0 +pkgconf-1.3.7-r0 popt-1.16-r6 qemu-2.8.1-r1 qemu-aarch64-2.8.1-r1 diff --git a/tools/go-compile/compile.sh b/tools/go-compile/compile.sh index 5374e5660..05f48be22 100755 --- a/tools/go-compile/compile.sh +++ b/tools/go-compile/compile.sh @@ -88,7 +88,7 @@ test -z $(find . -type f -name "*.go" -not -path "*/vendor/*" -not -name "*.pb.* >&2 echo "go build..." -if [ "$GOOS" = "darwin" ] +if [ "$GOOS" = "darwin" -o "$GOOS" = "windows" ] then if [ -z "$ldflags" ] then