kernel: Fix docker content trust for perf builds

Due to https://github.com/moby/moby/issues/34199 we can't supply the FROM image via --build-arg and use DOCKER_CONTENT_TRUST=1 for build. So we pull the image with DCT and then explicitly build it without. This regression was introduced with 8b84baf2 ("kernel: Allow disabling content trust") Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2025-07-21 01:59:07 +00:00 · 2017-08-30 19:12:51 +01:00 · 2017-08-30 19:12:51 +01:00 · bdd4789598
commit bdd4789598
parent 584acd9fd8
1 changed files with 7 additions and 2 deletions
--- a/kernel/Makefile
+++ b/kernel/Makefile
@ -119,11 +119,16 @@ show-tags: show-tag_$(2)$(3)
 fetch: sources/linux-$(1).tar.xz

 ifneq ($(2), 4.4.x)
+# 'docker build' with the FROM image supplied as --build-arg
+# *and* with DOCKER_CONTENT_TRUST=1 currently does not work
+# (https://github.com/moby/moby/issues/34199). So, we pull the image
+# with DCT and then build with DOCKER_CONTENT_TRUST explicitly set to 0.
 build_perf_$(2)$(3): build_$(2)$(3)
 	docker pull $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) || \
-		docker build -f Dockerfile.perf \
+		(docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) && \
+		 DOCKER_CONTENT_TRUST=0 docker build -f Dockerfile.perf \
 			--build-arg IMAGE=$(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) \
-			--no-cache --network=none $(LABEL) -t $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) .
+			--no-cache --network=none $(LABEL) -t $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) .)

 push_perf_$(2)$(3): build_perf_$(2)$(3)
 	@if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi