diff --git a/blueprints/docker-for-mac/base.yml b/blueprints/docker-for-mac/base.yml index 3a65f31fb..ffb935d4a 100644 --- a/blueprints/docker-for-mac/base.yml +++ b/blueprints/docker-for-mac/base.yml @@ -53,7 +53,7 @@ services: image: linuxkit/acpid:1966310cb75e28ffc668863a6577ee991327f918 # Enable getty for easier debugging - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true # Run ntpd to keep time synchronised in the VM diff --git a/examples/aws.yml b/examples/aws.yml index 2493e7e94..b18f1a66e 100644 --- a/examples/aws.yml +++ b/examples/aws.yml @@ -18,7 +18,7 @@ services: - name: rngd image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b binds: - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys - name: nginx diff --git a/examples/azure.yml b/examples/azure.yml index 8d3e261d7..f234ad813 100644 --- a/examples/azure.yml +++ b/examples/azure.yml @@ -15,7 +15,7 @@ services: - name: dhcpcd image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41 - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b files: - path: root/.ssh/authorized_keys source: ~/.ssh/id_rsa.pub diff --git a/examples/docker.yml b/examples/docker.yml index d151d3cb3..c09521d3a 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -20,7 +20,7 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd diff --git a/examples/gcp.yml b/examples/gcp.yml index 8279974df..da04208b8 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -16,13 +16,13 @@ onboot: image: linuxkit/metadata:428093dd1c4178e8ba1952af44b46c0fd16f8e79 services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b binds: - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys - name: nginx diff --git a/examples/getty.yml b/examples/getty.yml index 2d55744f6..73b3fe526 100644 --- a/examples/getty.yml +++ b/examples/getty.yml @@ -14,7 +14,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a # to make insecure with passwordless root login, uncomment following lines #env: # - INSECURE=true diff --git a/examples/minimal.yml b/examples/minimal.yml index fabcaf14e..512f1cb98 100644 --- a/examples/minimal.yml +++ b/examples/minimal.yml @@ -11,7 +11,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true trust: diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index bed74d916..682026dc8 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd diff --git a/examples/packet.yml b/examples/packet.yml index 561e7f529..2caf01aa7 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -15,7 +15,7 @@ services: - name: dhcpcd image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41 - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b files: - path: root/.ssh/authorized_keys source: ~/.ssh/id_rsa.pub diff --git a/examples/redis-os.yml b/examples/redis-os.yml index 880a14a09..bbccd5612 100644 --- a/examples/redis-os.yml +++ b/examples/redis-os.yml @@ -13,7 +13,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: redis diff --git a/examples/sshd.yml b/examples/sshd.yml index 2907b4039..7bd9a9904 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -11,7 +11,7 @@ onboot: image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd @@ -19,7 +19,7 @@ services: - name: dhcpcd image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41 - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b files: - path: root/.ssh/authorized_keys source: ~/.ssh/id_rsa.pub diff --git a/examples/swap.yml b/examples/swap.yml index 9b3471f04..e265c62c1 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -24,7 +24,7 @@ onboot: command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"] services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd diff --git a/examples/vmware.yml b/examples/vmware.yml index cda63bd90..156664ff6 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -11,7 +11,7 @@ onboot: image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd diff --git a/examples/vpnkit-forwarder.yml b/examples/vpnkit-forwarder.yml index a76eeee79..a5e6871f3 100644 --- a/examples/vpnkit-forwarder.yml +++ b/examples/vpnkit-forwarder.yml @@ -19,7 +19,7 @@ onboot: command: ["sh", "-c", "mkdir /host_var/vpnkit && mount -v -t 9p -o trans=virtio,dfltuid=1001,dfltgid=50,version=9p2000 port /host_var/vpnkit"] services: - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b - name: vpnkit-forwarder image: linuxkit/vpnkit-forwarder:9c1545e7b093d1210118de7661d7346393ec195b binds: diff --git a/examples/vultr.yml b/examples/vultr.yml index 3e2abf3f8..8cf4f699b 100644 --- a/examples/vultr.yml +++ b/examples/vultr.yml @@ -16,13 +16,13 @@ onboot: image: linuxkit/metadata:428093dd1c4178e8ba1952af44b46c0fd16f8e79 services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b binds: - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys - name: nginx diff --git a/linuxkit.yml b/linuxkit.yml index 66c8464ea..c909bdef9 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -20,7 +20,7 @@ onshutdown: command: ["/bin/echo", "so long and thanks for all the fish"] services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd diff --git a/pkg/getty/Dockerfile b/pkg/getty/Dockerfile index 031d172cf..cbcac9821 100644 --- a/pkg/getty/Dockerfile +++ b/pkg/getty/Dockerfile @@ -1,15 +1,17 @@ -FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror +FROM linuxkit/alpine:a39a433162a873519910a07beeb3e8db22529956 AS mirror RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ RUN apk add --no-cache --initdb -p /out \ alpine-baselayout \ + apk-tools \ busybox \ ca-certificates \ musl \ tini \ util-linux \ && true -RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache +RUN mv /out/etc/apk/repositories.upstream /out/etc/apk/repositories + # # We require a version of `setsid(1)` which supports the `-w` # option, which is not available in all implementations (e.g. the @@ -29,4 +31,4 @@ COPY --from=mirror /out/ / COPY usr/ /usr/ COPY etc/ /etc/ CMD ["/usr/bin/rungetty.sh"] -LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}' +LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}' diff --git a/pkg/sshd/Dockerfile b/pkg/sshd/Dockerfile index 44c52d901..2fe70e258 100644 --- a/pkg/sshd/Dockerfile +++ b/pkg/sshd/Dockerfile @@ -1,8 +1,9 @@ -FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror +FROM linuxkit/alpine:a39a433162a873519910a07beeb3e8db22529956 AS mirror RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ RUN apk add --no-cache --initdb -p /out \ alpine-baselayout \ + apk-tools \ busybox \ ca-certificates \ musl \ @@ -10,7 +11,7 @@ RUN apk add --no-cache --initdb -p /out \ tini \ util-linux \ && true -RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache +RUN mv /out/etc/apk/repositories.upstream /out/etc/apk/repositories FROM scratch ENTRYPOINT [] @@ -20,4 +21,4 @@ COPY etc/ /etc/ COPY usr/ /usr/ RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh CMD ["/sbin/tini", "/usr/bin/ssh.sh"] -LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}' +LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}' diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index d05c10d37..ca10c8db0 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -27,7 +27,7 @@ onboot: - /var/lib:/var/lib services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd @@ -37,7 +37,7 @@ services: - name: ntpd image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90 - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b - name: docker image: docker:17.06.0-ce-dind capabilities: diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index be538c8ca..c4d98be23 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -27,7 +27,7 @@ onboot: - /var/lib:/var/lib services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd @@ -37,7 +37,7 @@ services: - name: ntpd image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90 - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b - name: docker image: docker:17.06.0-ce-dind capabilities: diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 6f50e5cdb..fe0d06eb6 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -28,9 +28,9 @@ onboot: - /lib:/lib # for ifconfig services: - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true files: diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index 752bb673b..65f744bfd 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -15,7 +15,7 @@ services: - name: dhcpcd image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41 - name: sshd - image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee + image: linuxkit/sshd:dc98a72c1d1285c30f2db176252f3ce2bf645d5b files: - path: root/.ssh/authorized_keys source: ~/.ssh/id_rsa.pub diff --git a/projects/shiftfs/shiftfs.yml b/projects/shiftfs/shiftfs.yml index e13230fc9..db14e5539 100644 --- a/projects/shiftfs/shiftfs.yml +++ b/projects/shiftfs/shiftfs.yml @@ -16,7 +16,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a env: - INSECURE=true - name: rngd diff --git a/test/cases/040_packages/007_getty-containerd/test-ctr.yml b/test/cases/040_packages/007_getty-containerd/test-ctr.yml index 0072d425a..5f26ce334 100644 --- a/test/cases/040_packages/007_getty-containerd/test-ctr.yml +++ b/test/cases/040_packages/007_getty-containerd/test-ctr.yml @@ -12,7 +12,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05 + image: linuxkit/getty:08b704915af0ce90f8f40df5d41d4c1aa14ef83a files: - path: etc/getty.shadow # sample sets password for root to "abcdefgh" (without quotes)