From bdd47895981f7d4479f6bdf722d590790c824f78 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Wed, 30 Aug 2017 19:12:51 +0100 Subject: [PATCH] kernel: Fix docker content trust for perf builds Due to https://github.com/moby/moby/issues/34199 we can't supply the FROM image via --build-arg and use DOCKER_CONTENT_TRUST=1 for build. So we pull the image with DCT and then explicitly build it without. This regression was introduced with 8b84baf2 ("kernel: Allow disabling content trust") Signed-off-by: Rolf Neugebauer --- kernel/Makefile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/kernel/Makefile b/kernel/Makefile index 90a0e1a4f..95d75780c 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -119,11 +119,16 @@ show-tags: show-tag_$(2)$(3) fetch: sources/linux-$(1).tar.xz ifneq ($(2), 4.4.x) +# 'docker build' with the FROM image supplied as --build-arg +# *and* with DOCKER_CONTENT_TRUST=1 currently does not work +# (https://github.com/moby/moby/issues/34199). So, we pull the image +# with DCT and then build with DOCKER_CONTENT_TRUST explicitly set to 0. build_perf_$(2)$(3): build_$(2)$(3) docker pull $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) || \ - docker build -f Dockerfile.perf \ + (docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) && \ + DOCKER_CONTENT_TRUST=0 docker build -f Dockerfile.perf \ --build-arg IMAGE=$(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) \ - --no-cache --network=none $(LABEL) -t $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) . + --no-cache --network=none $(LABEL) -t $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) .) push_perf_$(2)$(3): build_perf_$(2)$(3) @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi