From d053a0f279546b797f686d1a0a06f0f04afdfde8 Mon Sep 17 00:00:00 2001 From: Avi Deitcher Date: Mon, 3 May 2021 06:37:45 -0400 Subject: [PATCH] tag kernel with builder version; simplify Makefile Signed-off-by: Avi Deitcher --- docs/testing.md | 2 +- kernel/Dockerfile | 7 +- kernel/Dockerfile.bcc | 5 +- kernel/Dockerfile.kconfig | 3 +- kernel/Dockerfile.perf | 3 +- kernel/Dockerfile.zfs | 6 +- kernel/Makefile | 51 +++++++++----- .../020_kernel/111_kmod_5.4.x/Dockerfile | 2 +- .../020_kernel/113_kmod_5.10.x/Dockerfile | 2 +- .../020_kernel/114_kmod_5.11.x/Dockerfile | 2 +- test/cases/020_kernel/211_tags_5.4.x/test.sh | 11 ++++ test/cases/020_kernel/213_tags_5.10.x/test.sh | 11 ++++ test/cases/020_kernel/214_tags_5.11.x/test.sh | 11 ++++ test/cases/020_kernel/tags.sh | 66 +++++++++++++++++++ 14 files changed, 154 insertions(+), 28 deletions(-) create mode 100644 test/cases/020_kernel/211_tags_5.4.x/test.sh create mode 100644 test/cases/020_kernel/213_tags_5.10.x/test.sh create mode 100644 test/cases/020_kernel/214_tags_5.11.x/test.sh create mode 100644 test/cases/020_kernel/tags.sh diff --git a/docs/testing.md b/docs/testing.md index 255f2aab6..840dd2628 100644 --- a/docs/testing.md +++ b/docs/testing.md @@ -50,7 +50,7 @@ You must copy an existing `group.sh` in to this folder and adjust as required or [example](https://github.com/linuxkit/rtf/tree/master/etc/templates/group.sh) To write your test, create a folder within the group using the `000_name` format as described above. -You should then copy an existing `test.sh` in to this directory and amdend it, +You should then copy an existing `test.sh` in to this directory and amend it, or start from an [example](http://github.com/linuxkit/rtf/tree/master/etc/templates/test.sh) If your test can only be run when certain conditions are met, you should consider adding a label to diff --git a/kernel/Dockerfile b/kernel/Dockerfile index 78f05d093..66fcc4647 100644 --- a/kernel/Dockerfile +++ b/kernel/Dockerfile @@ -1,4 +1,6 @@ -FROM linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba AS kernel-build +ARG BUILD_IMAGE +FROM ${BUILD_IMAGE} AS kernel-build +ARG BUILD_IMAGE RUN apk add \ argp-standalone \ automake \ @@ -209,7 +211,8 @@ RUN DVER=$(basename $(find /tmp/kernel-modules/lib/modules/ -mindepth 1 -maxdept ( cd /tmp && tar cf /out/kernel-dev.tar usr/src ) RUN printf "KERNEL_SOURCE=${KERNEL_SOURCE}\n" > /out/kernel-source-info - +RUN printf "${BUILD_IMAGE}" > /out/kernel-builder +LABEL org.mobyproject.linuxkit.kernel.buildimage ${BUILD_IMAGE} FROM scratch ENTRYPOINT [] diff --git a/kernel/Dockerfile.bcc b/kernel/Dockerfile.bcc index e709f10e0..95114f5d4 100644 --- a/kernel/Dockerfile.bcc +++ b/kernel/Dockerfile.bcc @@ -1,7 +1,8 @@ ARG IMAGE FROM ${IMAGE} as ksrc -FROM linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba AS build +ARG BUILD_IMAGE +FROM ${BUILD_IMAGE} AS build RUN apk update && apk upgrade -a && \ apk add --no-cache \ argp-standalone \ @@ -102,7 +103,7 @@ RUN mkdir -p /out/usr/bin && \ RUN mkdir -p /out/usr/local/share/ && \ cp -a /usr/local/share/lua /out/usr/local/share/ -FROM linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba as mirror +FROM ${BUILD_IMAGE} as mirror RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ RUN apk update && apk upgrade -a && \ apk add --no-cache --initdb -p /out \ diff --git a/kernel/Dockerfile.kconfig b/kernel/Dockerfile.kconfig index 47d86f8c4..9a89ccd92 100644 --- a/kernel/Dockerfile.kconfig +++ b/kernel/Dockerfile.kconfig @@ -1,4 +1,5 @@ -FROM linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba AS kernel-build +ARG BUILD_IMAGE +FROM ${BUILD_IMAGE} AS kernel-build RUN apk add \ argp-standalone \ bison \ diff --git a/kernel/Dockerfile.perf b/kernel/Dockerfile.perf index c77bf6843..c6444d5c4 100644 --- a/kernel/Dockerfile.perf +++ b/kernel/Dockerfile.perf @@ -3,7 +3,8 @@ ARG IMAGE FROM ${IMAGE} AS ksrc -FROM linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba AS build +ARG BUILD_IMAGE +FROM ${BUILD_IMAGE} AS build RUN apk add \ argp-standalone \ bash \ diff --git a/kernel/Dockerfile.zfs b/kernel/Dockerfile.zfs index 03b0c0661..8729c54e9 100644 --- a/kernel/Dockerfile.zfs +++ b/kernel/Dockerfile.zfs @@ -1,6 +1,8 @@ ARG IMAGE FROM ${IMAGE} AS ksrc -FROM linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba AS build + +ARG BUILD_IMAGE +FROM ${BUILD_IMAGE} AS build RUN apk add \ attr-dev \ autoconf \ @@ -42,7 +44,7 @@ RUN ./autogen.sh && \ # Run depmod against the new module directory. RUN cd /lib/modules && \ - depmod -ae * + depmod -ae * FROM scratch ENTRYPOINT [] diff --git a/kernel/Makefile b/kernel/Makefile index 1a89c5b3b..54a22cb20 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -18,6 +18,7 @@ IMAGE:=kernel IMAGE_BCC:=kernel-bcc IMAGE_PERF:=kernel-perf IMAGE_ZFS:=zfs-kmod +IMAGE_BUILDER=linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba # You can specify an extra options for the Makefile. This will: # - append a config$(EXTRA) to the kernel config for your kernel/arch @@ -73,6 +74,11 @@ KERNEL_VERSIONS= build: push: +.PHONY: notdirty +notdirty: + @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi + + # A template for defining kernel build # Arguments: # $1: Full kernel version, e.g., 4.9.22 @@ -99,20 +105,22 @@ build_$(2)$(3)$(4): Dockerfile Makefile $(wildcard patches-$(2)/*) $(wildcard co --build-arg KERNEL_SERIES=$(2) \ --build-arg EXTRA=$(3) \ --build-arg DEBUG=$(4) \ + --build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \ $(LABELS) \ --no-cache -t $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) . + forcebuild_$(2)$(3)$(4): Dockerfile Makefile $(wildcard patches-$(2)/*) $(wildcard config-$(2)*) config-dbg docker build \ --build-arg KERNEL_VERSION=$(1) \ --build-arg KERNEL_SERIES=$(2) \ --build-arg EXTRA=$(3) \ --build-arg DEBUG=$(4) \ + --build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \ $(LABELS) \ --no-cache -t $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) . -push_$(2)$(3)$(4): build_$(2)$(3)$(4) - @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi +push_$(2)$(3)$(4): notdirty build_$(2)$(3)$(4) docker pull $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) || \ (docker push $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) && \ docker tag $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) $(ORG)/$(IMAGE):$(1)$(3)$(4)$(SUFFIX) && \ @@ -120,21 +128,30 @@ push_$(2)$(3)$(4): build_$(2)$(3)$(4) $(PUSH_MANIFEST) $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG) $(DOCKER_CONTENT_TRUST) && \ $(PUSH_MANIFEST) $(ORG)/$(IMAGE):$(1)$(3)$(4) $(DOCKER_CONTENT_TRUST)) -forcepush_$(2)$(3)$(4): forcebuild_$(2)$(3)$(4) - @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi +forcepush_$(2)$(3)$(4): notdirty forcebuild_$(2)$(3)$(4) docker push $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) && \ docker tag $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) $(ORG)/$(IMAGE):$(1)$(3)$(4)$(SUFFIX) && \ docker push $(ORG)/$(IMAGE):$(1)$(3)$(4)$(SUFFIX) && \ $(PUSH_MANIFEST) $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG) $(DOCKER_CONTENT_TRUST) && \ $(PUSH_MANIFEST) $(ORG)/$(IMAGE):$(1)$(3)$(4) $(DOCKER_CONTENT_TRUST) +# tag the builder and create the manifest +tagbuilder_$(2)$(3)$(4): notdirty + docker tag $(IMAGE_BUILDER) $(ORG)/$(IMAGE):$(1)$(3)$(4)-builder$(SUFFIX) && \ + docker push $(ORG)/$(IMAGE):$(1)$(3)$(4)-builder$(SUFFIX) && \ + $(PUSH_MANIFEST) $(ORG)/$(IMAGE):$(1)$(3)$(4)-builder $(DOCKER_CONTENT_TRUST) + + show-tag_$(2)$(3)$(4): @echo $(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG) build: build_$(2)$(3)$(4) forcebuild: forcebuild_$(2)$(3)$(4) -push: push_$(2)$(3)$(4) -forcepush: forcepush_$(2)$(3)$(4) +push: push_image tagbuilder +push_image: push_$(2)$(3)$(4) +forcepush: forcepush_image tagbuilder +forcepush_image: forcepush_$(2)$(3)$(4) +tagbuilder: tagbuilder_$(2)$(3)$(4) show-tags: show-tag_$(2)$(3)$(4) # FIXME: We no longer use DOCKER_CONENT_TRUST=1 @@ -152,15 +169,16 @@ build_perf_$(2)$(3)$(4): build_$(2)$(3)$(4) docker pull $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)-$(TAG)$(SUFFIX) || \ DOCKER_CONTENT_TRUST=0 docker build -f Dockerfile.perf \ --build-arg IMAGE=$(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) \ + --build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \ --no-cache --network=none $(LABEL) -t $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)-$(TAG)$(SUFFIX) . forcebuild_perf_$(2)$(3)$(4): build_$(2)$(3)$(4) DOCKER_CONTENT_TRUST=0 docker build -f Dockerfile.perf \ --build-arg IMAGE=$(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) \ + --build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \ --no-cache --network=none $(LABEL) -t $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)-$(TAG)$(SUFFIX) . -push_perf_$(2)$(3)$(4): build_perf_$(2)$(3)$(4) - @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi +push_perf_$(2)$(3)$(4): notdirty build_perf_$(2)$(3)$(4) docker pull $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)-$(TAG)$(SUFFIX) || \ (docker push $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)-$(TAG)$(SUFFIX) && \ docker tag $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)-$(TAG)$(SUFFIX) $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)$(SUFFIX) && \ @@ -168,8 +186,7 @@ push_perf_$(2)$(3)$(4): build_perf_$(2)$(3)$(4) $(PUSH_MANIFEST) $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)-$(TAG) $(DOCKER_CONTENT_TRUST) && \ $(PUSH_MANIFEST) $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4) $(DOCKER_CONTENT_TRUST)) -forcepush_perf_$(2)$(3)$(4): forcebuild_perf_$(2)$(3)$(4) - @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi +forcepush_perf_$(2)$(3)$(4): notdirty forcebuild_perf_$(2)$(3)$(4) docker push $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)-$(TAG)$(SUFFIX) && \ docker tag $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)-$(TAG)$(SUFFIX) $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)$(SUFFIX) && \ docker push $(ORG)/$(IMAGE_PERF):$(1)$(3)$(4)$(SUFFIX) && \ @@ -190,15 +207,16 @@ build_bcc_$(2)$(3)$(4): build_$(2)$(3)$(4) docker pull $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)-$(TAG)$(SUFFIX) || \ DOCKER_CONTENT_TRUST=0 docker build -f Dockerfile.bcc \ --build-arg IMAGE=$(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) \ + --build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \ --no-cache $(LABEL) -t $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)-$(TAG)$(SUFFIX) . forcebuild_bcc_$(2)$(3)$(4): build_$(2)$(3)$(4) DOCKER_CONTENT_TRUST=0 docker build -f Dockerfile.bcc \ --build-arg IMAGE=$(ORG)/$(IMAGE):$(1)$(3)$(4)-$(TAG)$(SUFFIX) \ + --build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \ --no-cache $(LABEL) -t $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)-$(TAG)$(SUFFIX) . -push_bcc_$(2)$(3)$(4): build_bcc_$(2)$(3)$(4) - @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi +push_bcc_$(2)$(3)$(4): notdirty build_bcc_$(2)$(3)$(4) docker pull $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)-$(TAG)$(SUFFIX) || \ (docker push $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)-$(TAG)$(SUFFIX) && \ docker tag $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)-$(TAG)$(SUFFIX) $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)$(SUFFIX) && \ @@ -206,8 +224,7 @@ push_bcc_$(2)$(3)$(4): build_bcc_$(2)$(3)$(4) $(PUSH_MANIFEST) $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)-$(TAG) $(DOCKER_CONTENT_TRUST) && \ $(PUSH_MANIFEST) $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4) $(DOCKER_CONTENT_TRUST)) -forcepush_bcc_$(2)$(3)$(4): forcebuild_bcc_$(2)$(3)$(4) - @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi +forcepush_bcc_$(2)$(3)$(4): notdirty forcebuild_bcc_$(2)$(3)$(4) docker push $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)-$(TAG)$(SUFFIX) && \ docker tag $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)-$(TAG)$(SUFFIX) $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)$(SUFFIX) && \ docker push $(ORG)/$(IMAGE_BCC):$(1)$(3)$(4)$(SUFFIX) && \ @@ -229,10 +246,10 @@ build_zfs_$(2)$(3): build_$(2)$(3) docker pull $(ORG)/$(IMAGE_ZFS):$(1)$(3)-$(TAG)$(SUFFIX) || \ DOCKER_CONTENT_TRUST=0 docker build -f Dockerfile.zfs \ --build-arg IMAGE=$(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) \ + --build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \ --no-cache $(LABEL) -t $(ORG)/$(IMAGE_ZFS):$(1)$(3)-$(TAG)$(SUFFIX) . -push_zfs_$(2)$(3): build_zfs_$(2)$(3) - @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi +push_zfs_$(2)$(3): notdirty build_zfs_$(2)$(3) docker pull $(ORG)/$(IMAGE_ZFS):$(1)$(3)-$(TAG)$(SUFFIX) || \ (docker push $(ORG)/$(IMAGE_ZFS):$(1)$(3)-$(TAG)$(SUFFIX) && \ docker tag $(ORG)/$(IMAGE_ZFS):$(1)$(3)-$(TAG)$(SUFFIX) $(ORG)/$(IMAGE_ZFS):$(1)$(3)$(SUFFIX) && \ @@ -269,9 +286,11 @@ kconfig: ifeq (${KCONFIG_TAG},) docker build --no-cache -f Dockerfile.kconfig \ --build-arg KERNEL_VERSIONS="$(KERNEL_VERSIONS)" \ + --build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \ -t linuxkit/kconfig . else docker build --no-cache -f Dockerfile.kconfig \ --build-arg KERNEL_VERSIONS="$(KERNEL_VERSIONS)" \ + --build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \ -t linuxkit/kconfig:${KCONFIG_TAG} . endif diff --git a/test/cases/020_kernel/111_kmod_5.4.x/Dockerfile b/test/cases/020_kernel/111_kmod_5.4.x/Dockerfile index 29fb4198b..78fbb7584 100644 --- a/test/cases/020_kernel/111_kmod_5.4.x/Dockerfile +++ b/test/cases/020_kernel/111_kmod_5.4.x/Dockerfile @@ -6,7 +6,7 @@ FROM linuxkit/kernel:5.4.116 AS ksrc # Extract headers and compile module -FROM linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba AS build +FROM linuxkit/kernel:5.4.116-builder AS build RUN apk add build-base elfutils-dev COPY --from=ksrc /kernel-dev.tar / diff --git a/test/cases/020_kernel/113_kmod_5.10.x/Dockerfile b/test/cases/020_kernel/113_kmod_5.10.x/Dockerfile index 84eee931a..0d14b1434 100644 --- a/test/cases/020_kernel/113_kmod_5.10.x/Dockerfile +++ b/test/cases/020_kernel/113_kmod_5.10.x/Dockerfile @@ -6,7 +6,7 @@ FROM linuxkit/kernel:5.10.34 AS ksrc # Extract headers and compile module -FROM linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba AS build +FROM linuxkit/kernel:5.10.34-builder AS build RUN apk add build-base elfutils-dev COPY --from=ksrc /kernel-dev.tar / diff --git a/test/cases/020_kernel/114_kmod_5.11.x/Dockerfile b/test/cases/020_kernel/114_kmod_5.11.x/Dockerfile index c34bf955e..cc6dfeac8 100644 --- a/test/cases/020_kernel/114_kmod_5.11.x/Dockerfile +++ b/test/cases/020_kernel/114_kmod_5.11.x/Dockerfile @@ -6,7 +6,7 @@ FROM linuxkit/kernel:5.11.18 AS ksrc # Extract headers and compile module -FROM linuxkit/alpine:2be490394653b7967c250e86fd42cef88de428ba AS build +FROM linuxkit/kernel:5.11.18-builder AS build RUN apk add build-base elfutils-dev COPY --from=ksrc /kernel-dev.tar / diff --git a/test/cases/020_kernel/211_tags_5.4.x/test.sh b/test/cases/020_kernel/211_tags_5.4.x/test.sh new file mode 100644 index 000000000..c1af181c6 --- /dev/null +++ b/test/cases/020_kernel/211_tags_5.4.x/test.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# SUMMARY: Test existence and correctness of kernel builder tag, label and file +# LABELS: +# REPEAT: + +set -e + +KERNEL=linuxkit/kernel:5.4.116 + +# just include the common test +. ../tags.sh diff --git a/test/cases/020_kernel/213_tags_5.10.x/test.sh b/test/cases/020_kernel/213_tags_5.10.x/test.sh new file mode 100644 index 000000000..ce3bc3124 --- /dev/null +++ b/test/cases/020_kernel/213_tags_5.10.x/test.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# SUMMARY: Test existence and correctness of kernel builder tag, label and file +# LABELS: +# REPEAT: + +set -e + +KERNEL=linuxkit/kernel:5.10.34 + +# just include the common test +. ../tags.sh diff --git a/test/cases/020_kernel/214_tags_5.11.x/test.sh b/test/cases/020_kernel/214_tags_5.11.x/test.sh new file mode 100644 index 000000000..5d2d90b61 --- /dev/null +++ b/test/cases/020_kernel/214_tags_5.11.x/test.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# SUMMARY: Test existence and correctness of kernel builder tag, label and file +# LABELS: +# REPEAT: + +set -e + +KERNEL=linuxkit/kernel:5.11.18 + +# just include the common test +. ../tags.sh diff --git a/test/cases/020_kernel/tags.sh b/test/cases/020_kernel/tags.sh new file mode 100644 index 000000000..bf8f69659 --- /dev/null +++ b/test/cases/020_kernel/tags.sh @@ -0,0 +1,66 @@ +#!/bin/sh + +# common tags tests + +#!/bin/sh +# SUMMARY: Test existence and correctness of kernel builder tag, label and file +# LABELS: +# REPEAT: + +set -e + +# Source libraries. Uncomment if needed/defined +#. "${RT_LIB}" +. "${RT_PROJECT_ROOT}/_lib/lib.sh" + +if [ -z "${KERNEL}" ]; then + echo "KERNEL env var must be set" + exit 1 +fi + +NAME=tags + +clean_up() { + docker rm ${ctrid} + /bin/rm -f ${BUILDERFILE} +} +trap clean_up EXIT + +# check the kernel images for tags, labels, files +BUILDER=${KERNEL}-builder +BUILDERFILE=/tmp/kernel-builder-$$ + +docker pull ${KERNEL} +docker pull ${BUILDER} +BUILDERLABEL=$(docker inspect -f '{{index .Config.Labels "org.mobyproject.linuxkit.kernel.buildimage"}}' ${KERNEL}) +# create the container; /bin/sh does not exist, but that does not prevent us from indicating what the command +# *would* be. Indeed, you *must* have a command for `docker create` to work +ctrid=$(docker create $KERNEL /bin/sh) +docker cp ${ctrid}:/etc/kernel-builder ${BUILDERFILE} +FILECONTENTS=$(cat ${BUILDERFILE}) + +# get the manifests for the referenced tag and for the referenced builder. +# these are not guaranated to be identical, since the orders can change. So we need to account for that. +sumtag=$(docker manifest inspect ${BUILDER} | jq -c '.manifests | sort_by(.digest)' | sha256sum | awk '{print $1}') +sumlabel=$(docker manifest inspect ${BUILDERLABEL} | jq -c '.manifests | sort_by(.digest)' | sha256sum | awk '{print $1}') + +# these two files should be identical +echo "builder label: ${BUILDERLABEL}" +echo "builder file: ${FILECONTENTS}" +echo "builder tag: ${BUILDER}" +echo "builder tag sha256: ${sumtag}" +echo "builder label sha256: ${sumlabel}" + +# check that the label and file contents match +if [ "${BUILDERLABEL}" != "${FILECONTENTS}" ]; then + echo "label vs file contents mismatch" + exit 1 +fi +# check that the tag actually points to the manifest +if [ "${sumtag}" != "${sumlabel}" ]; then + echo "tag ${BUILDER} and label ${BUILDERLABEL} have mismatched contents" + exit 1 +fi + + +exit 0