From c6416ddecb10851411e848452ce927b75b442dbd Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Tue, 25 Apr 2017 14:54:54 +0100 Subject: [PATCH] pkg: Use multi-stage builds for the binfmt package Signed-off-by: Rolf Neugebauer --- base/qemu-user-static/Dockerfile | 8 --- base/qemu-user-static/Makefile | 29 ---------- pkg/binfmt/Dockerfile | 22 +++++++- pkg/binfmt/Makefile | 56 ++++++------------- .../{00_moby.conf => 00_linuxkit.conf} | 0 5 files changed, 38 insertions(+), 77 deletions(-) delete mode 100644 base/qemu-user-static/Dockerfile delete mode 100644 base/qemu-user-static/Makefile rename pkg/binfmt/etc/binfmt.d/{00_moby.conf => 00_linuxkit.conf} (100%) diff --git a/base/qemu-user-static/Dockerfile b/base/qemu-user-static/Dockerfile deleted file mode 100644 index 5f2160ead..000000000 --- a/base/qemu-user-static/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -FROM alpine:edge -RUN \ - apk update && apk upgrade && \ - apk add \ - qemu-aarch64 \ - qemu-arm \ - qemu-ppc64le \ - && true diff --git a/base/qemu-user-static/Makefile b/base/qemu-user-static/Makefile deleted file mode 100644 index 7b3e098b5..000000000 --- a/base/qemu-user-static/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -.PHONY: tag push - -BASE=alpine:edge -IMAGE=qemu-user-static - -default: push - -hash: Dockerfile - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'apt list --installed 2>/dev/null | sha1sum' | sed 's/ .*//' > hash - -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -f hash - -.DELETE_ON_ERROR: diff --git a/pkg/binfmt/Dockerfile b/pkg/binfmt/Dockerfile index 0b85285e1..acf2baf7d 100644 --- a/pkg/binfmt/Dockerfile +++ b/pkg/binfmt/Dockerfile @@ -1,3 +1,23 @@ +FROM alpine:edge AS qemu-build +RUN \ + apk update && apk upgrade && \ + apk add \ + qemu-aarch64 \ + qemu-arm \ + qemu-ppc64le \ + && true + +FROM linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 AS binfmt-build +COPY main.go main.go +RUN echo "gofmt..." && test -z $(gofmt -s -l main.go) && \ + echo "go vet..." && test -z $(GOOS=linux go tool vet -printf=false main.go) && \ + echo "golint..." && test -z $(golint main.go) +RUN go build -o usr/bin/binfmt -buildmode pie -ldflags "-s -w -extldflags -static" main.go + FROM scratch -COPY . ./ +ENTRYPOINT [] +WORKDIR / +COPY --from=qemu-build usr/bin/qemu-* usr/bin/ +COPY --from=binfmt-build usr/bin/binfmt usr/bin/binfmt +COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"] diff --git a/pkg/binfmt/Makefile b/pkg/binfmt/Makefile index 35483706b..c306d5e93 100644 --- a/pkg/binfmt/Makefile +++ b/pkg/binfmt/Makefile @@ -1,52 +1,30 @@ -QEMU_IMAGE=linuxkit/qemu-user-static:da39a3ee5e6b4b0d3255bfef95601890afd80709@sha256:65ee2b44b35c9457d83884c292b46bc3b5558a13af2c8eb187322f09160131a4 -QEMU_FILES=qemu-arm qemu-aarch64 qemu-ppc64le -QEMU_BINARIES=$(addprefix usr/bin/,$(QEMU_FILES)) - -GO_COMPILE=linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 - -BINFMT_BINARY=usr/bin/binfmt - -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 - -IMAGE=binfmt - -.PHONY: tag push clean container +.PHONY: tag push default: push -$(QEMU_BINARIES): - mkdir -p $(dir $@) - docker run --rm --net=none $(QEMU_IMAGE) tar cf - $@ | tar xf - +IMAGE=binfmt +SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +DEPS=Dockerfile Makefile main.go $(wildcard etc/binmft.d/*) -$(BINFMT_BINARY): main.go - mkdir -p $(dir $@) - tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(GO_COMPILE) -o $@ | tar xf - - -DIRS=dev proc sys -$(DIRS): - mkdir -p $@ - -DEPS=$(DIRS) $(QEMU_BINARIES) $(BINFMT_BINARY) etc/binfmt.d/00_moby.conf - -container: Dockerfile $(DEPS) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - -hash: Dockerfile $(DEPS) +# Note, this isn't quite right as we pull in qemu binaries from +# alpine:edge and they may vary over time. BUT: We are going to change +# the hashing stuff soon anyway, so there is little point in faffing +# about with computing a hash during the build and get it out. +hash: $(DEPS) find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash -push: hash container +tag: hash docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash + (docker build --no-cache -t $(IMAGE):build . && \ + docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) -tag: hash container +push: tag docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build + docker push linuxkit/$(IMAGE):$(shell cat hash) rm -f hash + docker rmi $(IMAGE):build || true clean: - rm -rf hash $(DIRS) usr + rm -f hash + docker rmi $(IMAGE):build || true .DELETE_ON_ERROR: diff --git a/pkg/binfmt/etc/binfmt.d/00_moby.conf b/pkg/binfmt/etc/binfmt.d/00_linuxkit.conf similarity index 100% rename from pkg/binfmt/etc/binfmt.d/00_moby.conf rename to pkg/binfmt/etc/binfmt.d/00_linuxkit.conf