Build containerd containers from Docker containers

Simplifies the build process, and makes testing easier as there is a Docker container you can run to test things. Replaces #994 Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-07-21 10:09:07 +00:00 · 2017-01-15 22:50:21 +00:00 · 2017-01-15 22:50:21 +00:00 · e2b4bacfd6
commit e2b4bacfd6
parent d3fcfb7ed7
19 changed files with 197 additions and 93 deletions
--- a/alpine/base/binfmt/.gitignore
+++ b/alpine/base/binfmt/.gitignore
@ -0,0 +1,4 @@
+dev
+proc
+sys
+usr
--- a/alpine/base/binfmt/Dockerfile
+++ b/alpine/base/binfmt/Dockerfile
@ -0,0 +1,3 @@
+FROM scratch
+COPY . ./
+CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"]
--- a/alpine/base/binfmt/Makefile
+++ b/alpine/base/binfmt/Makefile
@ -0,0 +1,54 @@
+# Tag 7a07de557d7f6ae3d72873c32bfb4c51c7687d03
+QEMU_IMAGE=mobylinux/qemu-user-static@sha256:cbeba25809c7c3feebc9e20522145e33d8abe5956674afa52814fc57c6644497
+QEMU_FILES=qemu-arm-static qemu-aarch64-static qemu-ppc64le-static
+QEMU_BINARIES=$(addprefix usr/bin/,$(QEMU_FILES))
+
+# Tag: 6075d4b9c5fe30e19581f1b7ef1813f3041cca32
+GO_COMPILE=mobylinux/go-compile@sha256:badfd8a1730ab6e640682d0f95a8f9c51f3cd4b2e8db261fe1a1fd8c6f60bd6e
+BINFMT_BINARY=usr/bin/binfmt
+
+SHA_IMAGE=alpine:3.5
+
+IMAGE=binfmt
+
+.PHONY: tag push clean container
+default: push
+
+$(QEMU_BINARIES):
+	mkdir -p $(dir $@)
+	docker run --rm --net=none $(QEMU_IMAGE) tar cf - $@ | tar xf -
+
+$(BINFMT_BINARY): main.go
+	mkdir -p $(dir $@)
+	tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(GO_COMPILE) -o $@ | tar xf -
+	
+DIRS=dev proc sys
+$(DIRS):
+	mkdir -p $@
+
+DEPS=$(DIRS) $(QEMU_BINARIES) $(BINFMT_BINARY) etc/binfmt.d/00_moby.conf
+
+container: Dockerfile $(DEPS)
+	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
+
+hash: Dockerfile $(DEPS)
+	DOCKER_CONTENT_TRUST=1 docker pull $(SHA_IMAGE)
+	tar cf - $^ | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
+
+push: hash container
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
+		 docker push mobylinux/$(IMAGE):$(shell cat hash))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+tag: hash container
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+clean:
+	rm -rf hash $(DIRS) usr
+
+.DELETE_ON_ERROR:
--- a/alpine/base/binfmt/etc/binfmt.d/00_moby.conf
+++ b/alpine/base/binfmt/etc/binfmt.d/00_moby.conf
--- a/alpine/containers/binfmt/main.go
+++ b/alpine/containers/binfmt/main.go
--- a/alpine/base/rng-tools/Dockerfile
+++ b/alpine/base/rng-tools/Dockerfile
@ -0,0 +1,33 @@
+FROM alpine:3.5
+RUN \
+  apk update && apk upgrade && \
+  apk add \
+  argp-standalone \
+  curl \
+  gcc \
+  linux-headers \
+  make \
+  musl-dev \
+  patch \
+  && true
+
+COPY . /
+
+ENV pkgname=rng-tools pkgver=5
+
+RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz
+RUN sha256sum -c sha256sums
+RUN zcat $pkgname-$pkgver.tar.gz | tar xf -
+
+RUN cd $pkgname-$pkgver && for p in ../*.patch; do cat $p | patch -p1; done
+
+RUN cd $pkgname-$pkgver && \
+  export LIBS="-largp" && \
+  LDFLAGS=-static ./configure \
+    --prefix=/usr \
+    --libexecdir=/usr/lib/rng-tools \
+    --sysconfdir=/etc \
+    --disable-silent-rules && \
+  make && \
+  make DESTDIR=/ install && \
+  strip /usr/sbin/rngd
--- a/alpine/base/rng-tools/Makefile
+++ b/alpine/base/rng-tools/Makefile
@ -0,0 +1,29 @@
+.PHONY: tag push
+
+BASE=alpine:3.5
+IMAGE=rng-tools
+
+default: push
+
+hash: Dockerfile fix-textrels-on-PIC-x86.patch sha256sums
+	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
+	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
+	docker run --rm $(IMAGE):build sh -c 'cat /Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
+
+push: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
+		 docker push mobylinux/$(IMAGE):$(shell cat hash))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+tag: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+clean:
+	rm -f hash
+
+.DELETE_ON_ERROR:
--- a/alpine/containers/rng-tools/fix-textrels-on-PIC-x86.patch
+++ b/alpine/containers/rng-tools/fix-textrels-on-PIC-x86.patch
--- a/alpine/containers/rng-tools/sha256sums
+++ b/alpine/containers/rng-tools/sha256sums
--- a/alpine/base/rngd/.gitignore
+++ b/alpine/base/rngd/.gitignore
@ -0,0 +1,5 @@
+bin
+dev
+proc
+sys
+usr
--- a/alpine/base/rngd/Dockerfile
+++ b/alpine/base/rngd/Dockerfile
@ -0,0 +1,3 @@
+FROM scratch
+COPY . ./
+CMD ["/bin/tini", "/usr/sbin/rngd", "-f"]
--- a/alpine/base/rngd/Makefile
+++ b/alpine/base/rngd/Makefile
@ -0,0 +1,53 @@
+# Tag: b6aed437bad8f1f4471b11f1affe3420eaf5d42f
+RNG_TOOLS_IMAGE=mobylinux/rng-tools@sha256:8e74e6a39b072ebee65ee4b83ebf224787afb473ea250c897dd24fa43b387d06
+RNGD_BINARY=usr/sbin/rngd
+
+# Tag 6b25b62f4d893de8721fd2581411039b17e8a253
+TINI_IMAGE=mobylinux/tini@sha256:39b4a459018ffc155a9fcbbf952fa625c77f5a8d7599b326eade529d3dc723fc
+TINI_BINARY=bin/tini
+
+.PHONY: tag push clean container
+default: push
+
+$(TINI_BINARY):
+	mkdir -p $(dir $@)
+	docker run --rm --net=none $(TINI_IMAGE) tar cf - $@ | tar xf -
+
+$(RNGD_BINARY):
+	mkdir -p $(dir $@)
+	docker run --rm --net=none $(RNG_TOOLS_IMAGE) tar cf - $@ | tar xf -
+
+SHA_IMAGE=alpine:3.5
+
+IMAGE=rngd
+
+DIRS=dev proc sys
+$(DIRS):
+	mkdir -p $@
+
+DEPS=$(DIRS) $(TINI_BINARY) $(RNGD_BINARY)
+
+container: Dockerfile $(DEPS)
+	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
+
+hash: Dockerfile $(DEPS)
+	DOCKER_CONTENT_TRUST=1 docker pull $(SHA_IMAGE)
+	tar cf - $^ | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
+
+push: hash container
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
+		 docker push mobylinux/$(IMAGE):$(shell cat hash))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+tag: hash container
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+clean:
+	rm -rf hash $(DIRS) usr bin
+
+.DELETE_ON_ERROR:
--- a/alpine/base/tini/Dockerfile
+++ b/alpine/base/tini/Dockerfile
@ -13,6 +13,4 @@ COPY . /
 ENV TINI_VERSION=0.13.0
 ADD https://github.com/krallin/tini/archive/v${TINI_VERSION}.tar.gz tini-${TINI_VERSION}.tar.gz
 RUN zcat tini-${TINI_VERSION}.tar.gz | tar xvf -
-WORKDIR tini-${TINI_VERSION}
-RUN cmake . && make
-RUN cp -a tini-static /bin/tini
+RUN cd tini-${TINI_VERSION} && cmake . && make && cp -a tini-static /bin/tini
--- a/alpine/containers/rng-tools/.gitignore
+++ b/alpine/containers/rng-tools/.gitignore
@ -1,3 +1,2 @@
 rootfs
 config.json
-tini
--- a/alpine/containers/binfmt/.gitignore
+++ b/alpine/containers/binfmt/.gitignore
@ -1,3 +0,0 @@
-rootfs
-config.json
-qemu-*
--- a/alpine/containers/binfmt/Dockerfile
+++ b/alpine/containers/binfmt/Dockerfile
@ -1,20 +0,0 @@
-# Tag: 2c9434f1c4ff70b102f34a97d2df1a8363a11a65
-FROM mobylinux/alpine-build-go@sha256:d528bbf7102e4209bd59ef030d41de9003ab8e42c303956f62b2df47f3e17849
-
-COPY *.go /go/src/binfmt/
-
-WORKDIR /go/src/binfmt
-
-RUN go install --ldflags '-extldflags "-fno-PIC"'
-
-WORKDIR /rootfs
-
-RUN mkdir -p usr/bin binfmt_misc dev etc/binfmt.d proc sys
-
-RUN cp /go/bin/binfmt usr/bin
-COPY qemu* usr/bin/
-COPY 00_moby.conf etc/binfmt.d/
-
-RUN printf 'FROM scratch\nCOPY . ./\nCMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"]\n' > Dockerfile
-
-CMD ["tar", "cf", "-", "."]
--- a/alpine/containers/binfmt/Makefile
+++ b/alpine/containers/binfmt/Makefile
@ -1,30 +1,20 @@
-# Tag 7a07de557d7f6ae3d72873c32bfb4c51c7687d03
-QEMU_IMAGE=mobylinux/qemu-user-static@sha256:cbeba25809c7c3feebc9e20522145e33d8abe5956674afa52814fc57c6644497
-QEMU_BINARIES=qemu-arm-static qemu-aarch64-static qemu-ppc64le-static
+# Tag: 6571d9d0c5c2592848f4f0202d1cd2c4466d9979
+BINFMT_IMAGE=mobylinux/binfmt@sha256:6810b978316198cf4c507b901cfb676acd655955c380d2c98f23f7232ea6381f

 default: config.json

-$(QEMU_BINARIES):
-	docker run --rm --net=none $(QEMU_IMAGE) tar cf - -C /usr/bin $@ | tar xf -
-
 EXCLUDE=--exclude .dockerenv --exclude Dockerfile \
 	--exclude dev/console --exclude dev/pts --exclude dev/shm \
 	--exclude etc/hostname --exclude etc/hosts --exclude etc/mtab --exclude etc/resolv.conf

-config.json: Dockerfile main.go 00_moby.conf $(QEMU_BINARIES)
+config.json:
 	mkdir -p rootfs
-	BUILD=$$( tar cf - $^ | docker build -q - ) && \
-	[ -n "$$BUILD" ] && \
-	echo "Built $$BUILD" && \
-	IMAGE=$$( docker run --rm --net=none $$BUILD | docker build -q - ) && \
-	[ -n "$$IMAGE" ] && \
-	echo "Built $$IMAGE" && \
-	CONTAINER=$$( docker create $$IMAGE /dev/null ) && \
+	CONTAINER=$$( docker create $(BINFMT_IMAGE) /dev/null ) && \
 	docker export $$CONTAINER | tar -xf - -C rootfs $(EXCLUDE) && \
 	docker rm $$CONTAINER && \
-	../riddler.sh --cap-drop all --read-only -v /proc/sys/fs/binfmt_misc:/binfmt_misc $$IMAGE /usr/bin/binfmt -dir /etc/binfmt.d/ -mount /binfmt_misc >$@
+	../riddler.sh --cap-drop all --read-only -v /proc/sys/fs/binfmt_misc:/binfmt_misc $(BINFMT_IMAGE) /usr/bin/binfmt -dir /etc/binfmt.d/ -mount /binfmt_misc >$@

 clean:
-	rm -rf rootfs config.json $(QEMU_BINARIES)
+	rm -rf rootfs config.json

 .DELETE_ON_ERROR:
--- a/alpine/containers/rng-tools/Dockerfile
+++ b/alpine/containers/rng-tools/Dockerfile
@ -1,34 +0,0 @@
-# Tag: b77cfc4ad0033d4366df830ed697afc7bab458a2
-FROM mobylinux/alpine-build-c@sha256:53739ea6042cb0ac39cf6e262012c1c4224206b2c9b719569fe7efa3a381348c
-
-ENV pkgname=rng-tools pkgver=5
-
-COPY . .
-
-RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz
-RUN sha256sum -c sha256sums
-RUN zcat $pkgname-$pkgver.tar.gz | tar xf -
-
-WORKDIR $pkgname-$pkgver
-RUN for p in ../*.patch; do cat $p | patch -p1; done
-
-RUN export LIBS="-largp" && \
-  LDFLAGS=-static ./configure \
-    --prefix=/usr \
-    --libexecdir=/usr/lib/rng-tools \
-    --sysconfdir=/etc \
-    --disable-silent-rules && \
-  make && \
-  make DESTDIR=/ install && \
-  strip /usr/sbin/rngd
-
-WORKDIR /rootfs
-
-RUN mkdir -p dev proc sys usr/sbin bin
-
-RUN cp -a /usr/sbin/rngd usr/sbin/
-RUN cp -a /tini bin/
-
-RUN printf 'FROM scratch\nCOPY . ./\nCMD ["/bin/tini", "/usr/sbin/rngd", "-f"]\n' > Dockerfile
-
-CMD ["tar", "cf", "-", "."]
--- a/alpine/containers/rng-tools/Makefile
+++ b/alpine/containers/rng-tools/Makefile
@ -1,30 +1,20 @@
-# Tag 7cb780fd6b60c089964e81efd6553853c491d59f
-TINI_IMAGE=mobylinux/tini@sha256:7da8c5b371e0d7d3fb1778e96c0bc634e39ace7bf1e7a73bffbf1f8360127fdb
-TINI_BINARY=tini
+# Tag: 6fb2e0bd1844349222ad57af92b5c627fd73375a
+RNGD_IMAGE=mobylinux/rngd@sha256:8370ecd6f5d2092b27b40c2dabe25a2cbeb6469dd6e973c27a5152af6ab8d12a

 default: config.json

-$(TINI_BINARY): Dockerfile
-	docker run --rm --net=none $(TINI_IMAGE) tar cf - -C /bin $@ | tar xf -
-
 EXCLUDE=--exclude .dockerenv --exclude Dockerfile \
 	--exclude dev/console --exclude dev/pts --exclude dev/shm \
 	--exclude etc/hostname --exclude etc/hosts --exclude etc/mtab --exclude etc/resolv.conf

-config.json: Dockerfile fix-textrels-on-PIC-x86.patch sha256sums $(TINI_BINARY)
+config.json:
 	mkdir -p rootfs
-	BUILD=$$( tar cf - $^ | docker build -q - ) && \
-	[ -n "$$BUILD" ] && \
-	echo "Built $$BUILD" && \
-	IMAGE=$$( docker run --rm --net=none $$BUILD | docker build -q - ) && \
-	[ -n "$$IMAGE" ] && \
-	echo "Built $$IMAGE" && \
-	CONTAINER=$$( docker create $$IMAGE /dev/null ) && \
+	CONTAINER=$$( docker create $(RNGD_IMAGE) /dev/null ) && \
 	docker export $$CONTAINER | tar -xf - -C rootfs $(EXCLUDE) && \
 	docker rm $$CONTAINER && \
-	../riddler.sh --cap-drop all --cap-add SYS_ADMIN --read-only $$IMAGE /bin/tini /usr/sbin/rngd -f >$@
+	../riddler.sh --cap-drop all --cap-add SYS_ADMIN --read-only $(RNGD_IMAGE) /bin/tini /usr/sbin/rngd -f >$@

 clean:
-	rm -rf rootfs config.json $(TINI_BINARY)
+	rm -rf rootfs config.json

 .DELETE_ON_ERROR: