Run cpio in a container

This way it runs as root so files always owned by root.

Fix #887

This is the simplest fix for 1.13, we can also use this for
creating the main system initrd, but that needs more changes
so leaving for 1.14.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2016-12-14 17:56:57 -08:00
parent 75b0814221
commit ade4d6cc4b
4 changed files with 76 additions and 8 deletions

View File

@ -16,6 +16,9 @@ BIOS_IMAGE=mobylinux/mkimage-iso-bios@sha256:7e28f7745fd62284142dce59a137c3331f7
# Tag: 95d4fef1a9555b640b4f94a4a3968533714059fe
PAD4_IMAGE=mobylinux/pad4@sha256:a26e02f16bdafa241a55e05fa09b9bb260e69a3a8c90418bb40b4ae936437d17
# Tag: 74b6ce93033430a58826d90b0b88513e0dcfcb5a
TAR2INITRD_IMAGE=mobylinux/tar2initrd@sha256:42e242f5bf8dc7971c1f0e6e7b156008d930d5b3129136e72c4b867f2ff15e98
# Tag: df1b8ef666d66694e84f23772937ff45c46fa6c1
GCE_IMAGE=mobylinux/mkimage-gce@sha256:b19ba24184ed5602df5b666ed475d5d7211fa67bee51d3e6380cf0380c63f65b
@ -54,17 +57,13 @@ moby.img: Dockerfile mkinitrd.sh init $(ETCFILES)
container.img:
$(MAKE) -j -C containers
(find containers -type d -maxdepth 1 && \
find containers/*/rootfs containers/*/config.json) | \
cpio -H newc -o | gzip -9 | \
docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -i $(PAD4_IMAGE) > $@
tar cf - containers/*/rootfs containers/*/config.json | \
docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -i $(TAR2INITRD_IMAGE) > $@
test.img:
$(MAKE) -j -C test
(find test -maxdepth 0 && \
find test/rootfs test/config.json) | \
cpio -H newc -o | gzip -9 | \
docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -i $(PAD4_IMAGE) > $@
tar cf - test/rootfs test/config.json | \
docker run --rm --read-only --net=none --log-driver=none --tmpfs /tmp -i $(TAR2INITRD_IMAGE) > $@
initrd.img: moby.img container.img
cat $^ > $@

View File

@ -0,0 +1,6 @@
FROM alpine:3.4
COPY . /
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["/tar2initrd.sh"]

View File

@ -0,0 +1,31 @@
.PHONY: tag push
BASE=alpine:3.4
IMAGE=tar2initrd
default: push
hash: Dockerfile tar2initrd.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat Dockerfile pad4.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker tag $(IMAGE):build mobylinux/$(IMAGE):latest && \
docker push mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):latest)
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

View File

@ -0,0 +1,32 @@
#!/bin/sh
mkdir -p /tmp/input
cd /tmp/input
tar xf -
find . | cpio -H newc -o | gzip -9 > ../initrd.img
cd /tmp
SIZE=$(stat -c "%s" initrd.img)
SIZE4=$(( $SIZE / 4 \* 4 ))
DIFF=$(( $SIZE - $SIZE4 ))
[ $DIFF -ne 0 ] && DIFF=$(( 4 - $DIFF ))
dd if=/dev/zero bs=1 count=$DIFF of=zeropad
cat zeropad >> initrd.img
SIZE=$(stat -c "%s" initrd.img)
SIZE4=$(( $SIZE / 4 \* 4 ))
DIFF=$(( $SIZE - $SIZE4 ))
if [ $DIFF -ne 0 ]
then
echo "Bad alignment" >2
exit 1
fi
cat initrd.img