From e2b4bacfd6be846c5a52897e9b6b4c2ff8e675e2 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Sun, 15 Jan 2017 22:50:21 +0000 Subject: [PATCH] Build containerd containers from Docker containers Simplifies the build process, and makes testing easier as there is a Docker container you can run to test things. Replaces #994 Signed-off-by: Justin Cormack --- alpine/base/binfmt/.gitignore | 4 ++ alpine/base/binfmt/Dockerfile | 3 ++ alpine/base/binfmt/Makefile | 54 +++++++++++++++++++ .../binfmt/etc/binfmt.d}/00_moby.conf | 0 alpine/{containers => base}/binfmt/main.go | 0 alpine/base/rng-tools/Dockerfile | 33 ++++++++++++ alpine/base/rng-tools/Makefile | 29 ++++++++++ .../rng-tools/fix-textrels-on-PIC-x86.patch | 0 .../{containers => base}/rng-tools/sha256sums | 0 alpine/base/rngd/.gitignore | 5 ++ alpine/base/rngd/Dockerfile | 3 ++ alpine/base/rngd/Makefile | 53 ++++++++++++++++++ alpine/base/tini/Dockerfile | 4 +- alpine/containers/{rng-tools => }/.gitignore | 1 - alpine/containers/binfmt/.gitignore | 3 -- alpine/containers/binfmt/Dockerfile | 20 ------- alpine/containers/binfmt/Makefile | 22 +++----- alpine/containers/rng-tools/Dockerfile | 34 ------------ alpine/containers/rng-tools/Makefile | 22 +++----- 19 files changed, 197 insertions(+), 93 deletions(-) create mode 100644 alpine/base/binfmt/.gitignore create mode 100644 alpine/base/binfmt/Dockerfile create mode 100644 alpine/base/binfmt/Makefile rename alpine/{containers/binfmt => base/binfmt/etc/binfmt.d}/00_moby.conf (100%) rename alpine/{containers => base}/binfmt/main.go (100%) create mode 100644 alpine/base/rng-tools/Dockerfile create mode 100644 alpine/base/rng-tools/Makefile rename alpine/{containers => base}/rng-tools/fix-textrels-on-PIC-x86.patch (100%) rename alpine/{containers => base}/rng-tools/sha256sums (100%) create mode 100644 alpine/base/rngd/.gitignore create mode 100644 alpine/base/rngd/Dockerfile create mode 100644 alpine/base/rngd/Makefile rename alpine/containers/{rng-tools => }/.gitignore (79%) delete mode 100644 alpine/containers/binfmt/.gitignore delete mode 100644 alpine/containers/binfmt/Dockerfile delete mode 100644 alpine/containers/rng-tools/Dockerfile diff --git a/alpine/base/binfmt/.gitignore b/alpine/base/binfmt/.gitignore new file mode 100644 index 000000000..db2b4ca32 --- /dev/null +++ b/alpine/base/binfmt/.gitignore @@ -0,0 +1,4 @@ +dev +proc +sys +usr diff --git a/alpine/base/binfmt/Dockerfile b/alpine/base/binfmt/Dockerfile new file mode 100644 index 000000000..0b85285e1 --- /dev/null +++ b/alpine/base/binfmt/Dockerfile @@ -0,0 +1,3 @@ +FROM scratch +COPY . ./ +CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"] diff --git a/alpine/base/binfmt/Makefile b/alpine/base/binfmt/Makefile new file mode 100644 index 000000000..7cb9e5dfb --- /dev/null +++ b/alpine/base/binfmt/Makefile @@ -0,0 +1,54 @@ +# Tag 7a07de557d7f6ae3d72873c32bfb4c51c7687d03 +QEMU_IMAGE=mobylinux/qemu-user-static@sha256:cbeba25809c7c3feebc9e20522145e33d8abe5956674afa52814fc57c6644497 +QEMU_FILES=qemu-arm-static qemu-aarch64-static qemu-ppc64le-static +QEMU_BINARIES=$(addprefix usr/bin/,$(QEMU_FILES)) + +# Tag: 6075d4b9c5fe30e19581f1b7ef1813f3041cca32 +GO_COMPILE=mobylinux/go-compile@sha256:badfd8a1730ab6e640682d0f95a8f9c51f3cd4b2e8db261fe1a1fd8c6f60bd6e +BINFMT_BINARY=usr/bin/binfmt + +SHA_IMAGE=alpine:3.5 + +IMAGE=binfmt + +.PHONY: tag push clean container +default: push + +$(QEMU_BINARIES): + mkdir -p $(dir $@) + docker run --rm --net=none $(QEMU_IMAGE) tar cf - $@ | tar xf - + +$(BINFMT_BINARY): main.go + mkdir -p $(dir $@) + tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(GO_COMPILE) -o $@ | tar xf - + +DIRS=dev proc sys +$(DIRS): + mkdir -p $@ + +DEPS=$(DIRS) $(QEMU_BINARIES) $(BINFMT_BINARY) etc/binfmt.d/00_moby.conf + +container: Dockerfile $(DEPS) + tar cf - $^ | docker build --no-cache -t $(IMAGE):build - + +hash: Dockerfile $(DEPS) + DOCKER_CONTENT_TRUST=1 docker pull $(SHA_IMAGE) + tar cf - $^ | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash + +push: hash container + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \ + docker push mobylinux/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build + rm -f hash + +tag: hash container + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) + docker rmi $(IMAGE):build + rm -f hash + +clean: + rm -rf hash $(DIRS) usr + +.DELETE_ON_ERROR: diff --git a/alpine/containers/binfmt/00_moby.conf b/alpine/base/binfmt/etc/binfmt.d/00_moby.conf similarity index 100% rename from alpine/containers/binfmt/00_moby.conf rename to alpine/base/binfmt/etc/binfmt.d/00_moby.conf diff --git a/alpine/containers/binfmt/main.go b/alpine/base/binfmt/main.go similarity index 100% rename from alpine/containers/binfmt/main.go rename to alpine/base/binfmt/main.go diff --git a/alpine/base/rng-tools/Dockerfile b/alpine/base/rng-tools/Dockerfile new file mode 100644 index 000000000..49f1d5491 --- /dev/null +++ b/alpine/base/rng-tools/Dockerfile @@ -0,0 +1,33 @@ +FROM alpine:3.5 +RUN \ + apk update && apk upgrade && \ + apk add \ + argp-standalone \ + curl \ + gcc \ + linux-headers \ + make \ + musl-dev \ + patch \ + && true + +COPY . / + +ENV pkgname=rng-tools pkgver=5 + +RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz +RUN sha256sum -c sha256sums +RUN zcat $pkgname-$pkgver.tar.gz | tar xf - + +RUN cd $pkgname-$pkgver && for p in ../*.patch; do cat $p | patch -p1; done + +RUN cd $pkgname-$pkgver && \ + export LIBS="-largp" && \ + LDFLAGS=-static ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/rng-tools \ + --sysconfdir=/etc \ + --disable-silent-rules && \ + make && \ + make DESTDIR=/ install && \ + strip /usr/sbin/rngd diff --git a/alpine/base/rng-tools/Makefile b/alpine/base/rng-tools/Makefile new file mode 100644 index 000000000..3eb052172 --- /dev/null +++ b/alpine/base/rng-tools/Makefile @@ -0,0 +1,29 @@ +.PHONY: tag push + +BASE=alpine:3.5 +IMAGE=rng-tools + +default: push + +hash: Dockerfile fix-textrels-on-PIC-x86.patch sha256sums + DOCKER_CONTENT_TRUST=1 docker pull $(BASE) + tar cf - $^ | docker build --no-cache -t $(IMAGE):build - + docker run --rm $(IMAGE):build sh -c 'cat /Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash + +push: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \ + docker push mobylinux/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build + rm -f hash + +tag: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) + docker rmi $(IMAGE):build + rm -f hash + +clean: + rm -f hash + +.DELETE_ON_ERROR: diff --git a/alpine/containers/rng-tools/fix-textrels-on-PIC-x86.patch b/alpine/base/rng-tools/fix-textrels-on-PIC-x86.patch similarity index 100% rename from alpine/containers/rng-tools/fix-textrels-on-PIC-x86.patch rename to alpine/base/rng-tools/fix-textrels-on-PIC-x86.patch diff --git a/alpine/containers/rng-tools/sha256sums b/alpine/base/rng-tools/sha256sums similarity index 100% rename from alpine/containers/rng-tools/sha256sums rename to alpine/base/rng-tools/sha256sums diff --git a/alpine/base/rngd/.gitignore b/alpine/base/rngd/.gitignore new file mode 100644 index 000000000..41e3a19d3 --- /dev/null +++ b/alpine/base/rngd/.gitignore @@ -0,0 +1,5 @@ +bin +dev +proc +sys +usr diff --git a/alpine/base/rngd/Dockerfile b/alpine/base/rngd/Dockerfile new file mode 100644 index 000000000..148553180 --- /dev/null +++ b/alpine/base/rngd/Dockerfile @@ -0,0 +1,3 @@ +FROM scratch +COPY . ./ +CMD ["/bin/tini", "/usr/sbin/rngd", "-f"] diff --git a/alpine/base/rngd/Makefile b/alpine/base/rngd/Makefile new file mode 100644 index 000000000..e28873cfb --- /dev/null +++ b/alpine/base/rngd/Makefile @@ -0,0 +1,53 @@ +# Tag: b6aed437bad8f1f4471b11f1affe3420eaf5d42f +RNG_TOOLS_IMAGE=mobylinux/rng-tools@sha256:8e74e6a39b072ebee65ee4b83ebf224787afb473ea250c897dd24fa43b387d06 +RNGD_BINARY=usr/sbin/rngd + +# Tag 6b25b62f4d893de8721fd2581411039b17e8a253 +TINI_IMAGE=mobylinux/tini@sha256:39b4a459018ffc155a9fcbbf952fa625c77f5a8d7599b326eade529d3dc723fc +TINI_BINARY=bin/tini + +.PHONY: tag push clean container +default: push + +$(TINI_BINARY): + mkdir -p $(dir $@) + docker run --rm --net=none $(TINI_IMAGE) tar cf - $@ | tar xf - + +$(RNGD_BINARY): + mkdir -p $(dir $@) + docker run --rm --net=none $(RNG_TOOLS_IMAGE) tar cf - $@ | tar xf - + +SHA_IMAGE=alpine:3.5 + +IMAGE=rngd + +DIRS=dev proc sys +$(DIRS): + mkdir -p $@ + +DEPS=$(DIRS) $(TINI_BINARY) $(RNGD_BINARY) + +container: Dockerfile $(DEPS) + tar cf - $^ | docker build --no-cache -t $(IMAGE):build - + +hash: Dockerfile $(DEPS) + DOCKER_CONTENT_TRUST=1 docker pull $(SHA_IMAGE) + tar cf - $^ | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash + +push: hash container + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \ + docker push mobylinux/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build + rm -f hash + +tag: hash container + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) + docker rmi $(IMAGE):build + rm -f hash + +clean: + rm -rf hash $(DIRS) usr bin + +.DELETE_ON_ERROR: diff --git a/alpine/base/tini/Dockerfile b/alpine/base/tini/Dockerfile index 06de4355f..3d520b1d5 100644 --- a/alpine/base/tini/Dockerfile +++ b/alpine/base/tini/Dockerfile @@ -13,6 +13,4 @@ COPY . / ENV TINI_VERSION=0.13.0 ADD https://github.com/krallin/tini/archive/v${TINI_VERSION}.tar.gz tini-${TINI_VERSION}.tar.gz RUN zcat tini-${TINI_VERSION}.tar.gz | tar xvf - -WORKDIR tini-${TINI_VERSION} -RUN cmake . && make -RUN cp -a tini-static /bin/tini +RUN cd tini-${TINI_VERSION} && cmake . && make && cp -a tini-static /bin/tini diff --git a/alpine/containers/rng-tools/.gitignore b/alpine/containers/.gitignore similarity index 79% rename from alpine/containers/rng-tools/.gitignore rename to alpine/containers/.gitignore index 9dc1aea6a..a5731bdba 100644 --- a/alpine/containers/rng-tools/.gitignore +++ b/alpine/containers/.gitignore @@ -1,3 +1,2 @@ rootfs config.json -tini diff --git a/alpine/containers/binfmt/.gitignore b/alpine/containers/binfmt/.gitignore deleted file mode 100644 index 343ba0fed..000000000 --- a/alpine/containers/binfmt/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -rootfs -config.json -qemu-* diff --git a/alpine/containers/binfmt/Dockerfile b/alpine/containers/binfmt/Dockerfile deleted file mode 100644 index 0c5503ea5..000000000 --- a/alpine/containers/binfmt/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Tag: 2c9434f1c4ff70b102f34a97d2df1a8363a11a65 -FROM mobylinux/alpine-build-go@sha256:d528bbf7102e4209bd59ef030d41de9003ab8e42c303956f62b2df47f3e17849 - -COPY *.go /go/src/binfmt/ - -WORKDIR /go/src/binfmt - -RUN go install --ldflags '-extldflags "-fno-PIC"' - -WORKDIR /rootfs - -RUN mkdir -p usr/bin binfmt_misc dev etc/binfmt.d proc sys - -RUN cp /go/bin/binfmt usr/bin -COPY qemu* usr/bin/ -COPY 00_moby.conf etc/binfmt.d/ - -RUN printf 'FROM scratch\nCOPY . ./\nCMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"]\n' > Dockerfile - -CMD ["tar", "cf", "-", "."] diff --git a/alpine/containers/binfmt/Makefile b/alpine/containers/binfmt/Makefile index 0a2556bb2..126b8115e 100644 --- a/alpine/containers/binfmt/Makefile +++ b/alpine/containers/binfmt/Makefile @@ -1,30 +1,20 @@ -# Tag 7a07de557d7f6ae3d72873c32bfb4c51c7687d03 -QEMU_IMAGE=mobylinux/qemu-user-static@sha256:cbeba25809c7c3feebc9e20522145e33d8abe5956674afa52814fc57c6644497 -QEMU_BINARIES=qemu-arm-static qemu-aarch64-static qemu-ppc64le-static +# Tag: 6571d9d0c5c2592848f4f0202d1cd2c4466d9979 +BINFMT_IMAGE=mobylinux/binfmt@sha256:6810b978316198cf4c507b901cfb676acd655955c380d2c98f23f7232ea6381f default: config.json -$(QEMU_BINARIES): - docker run --rm --net=none $(QEMU_IMAGE) tar cf - -C /usr/bin $@ | tar xf - - EXCLUDE=--exclude .dockerenv --exclude Dockerfile \ --exclude dev/console --exclude dev/pts --exclude dev/shm \ --exclude etc/hostname --exclude etc/hosts --exclude etc/mtab --exclude etc/resolv.conf -config.json: Dockerfile main.go 00_moby.conf $(QEMU_BINARIES) +config.json: mkdir -p rootfs - BUILD=$$( tar cf - $^ | docker build -q - ) && \ - [ -n "$$BUILD" ] && \ - echo "Built $$BUILD" && \ - IMAGE=$$( docker run --rm --net=none $$BUILD | docker build -q - ) && \ - [ -n "$$IMAGE" ] && \ - echo "Built $$IMAGE" && \ - CONTAINER=$$( docker create $$IMAGE /dev/null ) && \ + CONTAINER=$$( docker create $(BINFMT_IMAGE) /dev/null ) && \ docker export $$CONTAINER | tar -xf - -C rootfs $(EXCLUDE) && \ docker rm $$CONTAINER && \ - ../riddler.sh --cap-drop all --read-only -v /proc/sys/fs/binfmt_misc:/binfmt_misc $$IMAGE /usr/bin/binfmt -dir /etc/binfmt.d/ -mount /binfmt_misc >$@ + ../riddler.sh --cap-drop all --read-only -v /proc/sys/fs/binfmt_misc:/binfmt_misc $(BINFMT_IMAGE) /usr/bin/binfmt -dir /etc/binfmt.d/ -mount /binfmt_misc >$@ clean: - rm -rf rootfs config.json $(QEMU_BINARIES) + rm -rf rootfs config.json .DELETE_ON_ERROR: diff --git a/alpine/containers/rng-tools/Dockerfile b/alpine/containers/rng-tools/Dockerfile deleted file mode 100644 index 847d6e7a4..000000000 --- a/alpine/containers/rng-tools/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -# Tag: b77cfc4ad0033d4366df830ed697afc7bab458a2 -FROM mobylinux/alpine-build-c@sha256:53739ea6042cb0ac39cf6e262012c1c4224206b2c9b719569fe7efa3a381348c - -ENV pkgname=rng-tools pkgver=5 - -COPY . . - -RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz -RUN sha256sum -c sha256sums -RUN zcat $pkgname-$pkgver.tar.gz | tar xf - - -WORKDIR $pkgname-$pkgver -RUN for p in ../*.patch; do cat $p | patch -p1; done - -RUN export LIBS="-largp" && \ - LDFLAGS=-static ./configure \ - --prefix=/usr \ - --libexecdir=/usr/lib/rng-tools \ - --sysconfdir=/etc \ - --disable-silent-rules && \ - make && \ - make DESTDIR=/ install && \ - strip /usr/sbin/rngd - -WORKDIR /rootfs - -RUN mkdir -p dev proc sys usr/sbin bin - -RUN cp -a /usr/sbin/rngd usr/sbin/ -RUN cp -a /tini bin/ - -RUN printf 'FROM scratch\nCOPY . ./\nCMD ["/bin/tini", "/usr/sbin/rngd", "-f"]\n' > Dockerfile - -CMD ["tar", "cf", "-", "."] diff --git a/alpine/containers/rng-tools/Makefile b/alpine/containers/rng-tools/Makefile index 17cfcbaae..faf7d7a6c 100644 --- a/alpine/containers/rng-tools/Makefile +++ b/alpine/containers/rng-tools/Makefile @@ -1,30 +1,20 @@ -# Tag 7cb780fd6b60c089964e81efd6553853c491d59f -TINI_IMAGE=mobylinux/tini@sha256:7da8c5b371e0d7d3fb1778e96c0bc634e39ace7bf1e7a73bffbf1f8360127fdb -TINI_BINARY=tini +# Tag: 6fb2e0bd1844349222ad57af92b5c627fd73375a +RNGD_IMAGE=mobylinux/rngd@sha256:8370ecd6f5d2092b27b40c2dabe25a2cbeb6469dd6e973c27a5152af6ab8d12a default: config.json -$(TINI_BINARY): Dockerfile - docker run --rm --net=none $(TINI_IMAGE) tar cf - -C /bin $@ | tar xf - - EXCLUDE=--exclude .dockerenv --exclude Dockerfile \ --exclude dev/console --exclude dev/pts --exclude dev/shm \ --exclude etc/hostname --exclude etc/hosts --exclude etc/mtab --exclude etc/resolv.conf -config.json: Dockerfile fix-textrels-on-PIC-x86.patch sha256sums $(TINI_BINARY) +config.json: mkdir -p rootfs - BUILD=$$( tar cf - $^ | docker build -q - ) && \ - [ -n "$$BUILD" ] && \ - echo "Built $$BUILD" && \ - IMAGE=$$( docker run --rm --net=none $$BUILD | docker build -q - ) && \ - [ -n "$$IMAGE" ] && \ - echo "Built $$IMAGE" && \ - CONTAINER=$$( docker create $$IMAGE /dev/null ) && \ + CONTAINER=$$( docker create $(RNGD_IMAGE) /dev/null ) && \ docker export $$CONTAINER | tar -xf - -C rootfs $(EXCLUDE) && \ docker rm $$CONTAINER && \ - ../riddler.sh --cap-drop all --cap-add SYS_ADMIN --read-only $$IMAGE /bin/tini /usr/sbin/rngd -f >$@ + ../riddler.sh --cap-drop all --cap-add SYS_ADMIN --read-only $(RNGD_IMAGE) /bin/tini /usr/sbin/rngd -f >$@ clean: - rm -rf rootfs config.json $(TINI_BINARY) + rm -rf rootfs config.json .DELETE_ON_ERROR: