From aea6d6c54e9e835d89f5e2ec469aea3b45592c82 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 4 May 2017 12:05:01 +0100 Subject: [PATCH] pkg: Convert binfmt to use the Alpine base image and git tree hash Signed-off-by: Rolf Neugebauer --- pkg/binfmt/Dockerfile | 19 ++++++++----------- pkg/binfmt/Makefile | 40 +++++----------------------------------- 2 files changed, 13 insertions(+), 46 deletions(-) diff --git a/pkg/binfmt/Dockerfile b/pkg/binfmt/Dockerfile index acf2baf7d..e28b8cb48 100644 --- a/pkg/binfmt/Dockerfile +++ b/pkg/binfmt/Dockerfile @@ -1,13 +1,10 @@ -FROM alpine:edge AS qemu-build -RUN \ - apk update && apk upgrade && \ - apk add \ - qemu-aarch64 \ - qemu-arm \ - qemu-ppc64le \ - && true +FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS qemu +RUN apk add \ + qemu-aarch64 \ + qemu-arm \ + qemu-ppc64le -FROM linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 AS binfmt-build +FROM linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 AS build COPY main.go main.go RUN echo "gofmt..." && test -z $(gofmt -s -l main.go) && \ echo "go vet..." && test -z $(GOOS=linux go tool vet -printf=false main.go) && \ @@ -17,7 +14,7 @@ RUN go build -o usr/bin/binfmt -buildmode pie -ldflags "-s -w -extldflags -stati FROM scratch ENTRYPOINT [] WORKDIR / -COPY --from=qemu-build usr/bin/qemu-* usr/bin/ -COPY --from=binfmt-build usr/bin/binfmt usr/bin/binfmt +COPY --from=qemu usr/bin/qemu-* usr/bin/ +COPY --from=build usr/bin/binfmt usr/bin/binfmt COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"] diff --git a/pkg/binfmt/Makefile b/pkg/binfmt/Makefile index cc7f9a65c..9f997c2d0 100644 --- a/pkg/binfmt/Makefile +++ b/pkg/binfmt/Makefile @@ -2,43 +2,13 @@ default: push IMAGE=binfmt -BASE=alpine:edge -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 DEPS=Dockerfile Makefile main.go $(wildcard etc/binmft.d/*) -# Note, this isn't quite right as we pull in qemu binaries from -# alpine:edge and they may vary over time. BUT: We are going to change -# the hashing stuff soon anyway, so there is little point in faffing -# about with computing a hash during the build and get it out. -hash: $(DEPS) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) +tag: $(DEPS) + docker build --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(HASH)