From e950d6e2ac07b617ed1a848ceeb2f100b1e68453 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 18 May 2017 15:02:10 +0100 Subject: [PATCH] pkg: Roll the sshd package from linuxkit/alpine Also convert it to a multi-stage build and make the HUB org/registry build time configurable. Signed-off-by: Rolf Neugebauer --- pkg/sshd/Dockerfile | 28 +++++++++++++++++----------- pkg/sshd/Makefile | 32 +++++++++----------------------- 2 files changed, 26 insertions(+), 34 deletions(-) diff --git a/pkg/sshd/Dockerfile b/pkg/sshd/Dockerfile index 2c5efdcd8..c2f98322a 100644 --- a/pkg/sshd/Dockerfile +++ b/pkg/sshd/Dockerfile @@ -1,15 +1,21 @@ -FROM alpine:edge +FROM linuxkit/alpine:6336329f15b4166514782eaa555cf0ffd35c519c@sha256:f6c2ce92910b1d6e4e5557850a554f4a3ae9f66c1e89ad86a24d6c6e550f165e AS mirror -RUN \ - apk update && apk upgrade && \ - apk add --no-cache \ - openssh-server \ - tini \ - util-linux \ - && true - -COPY . . +RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ +RUN apk add --no-cache --initdb -p /out \ + alpine-baselayout \ + busybox \ + musl \ + openssh-server \ + tini \ + util-linux \ + && true +RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache +FROM scratch +ENTRYPOINT [] +WORKDIR / +COPY --from=mirror /out/ / +COPY etc/ /etc/ +COPY usr/ /usr/ RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh - CMD ["/sbin/tini", "/usr/bin/ssh.sh"] diff --git a/pkg/sshd/Makefile b/pkg/sshd/Makefile index e6cf44f24..60d62ef2d 100644 --- a/pkg/sshd/Makefile +++ b/pkg/sshd/Makefile @@ -1,29 +1,15 @@ .PHONY: tag push - -BASE=alpine:edge -IMAGE=sshd - default: push -hash: Dockerfile etc/ssh/sshd_config usr/bin/ssh.sh etc/motd - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > $@ +ORG?=linuxkit +IMAGE=sshd +DEPS=Dockerfile etc/motd etc/ssh/sshd_config usr/bin/ssh.sh -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + docker build --squash --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . -clean: - rm -f hash - -.DELETE_ON_ERROR: +push: tag + docker pull $(ORG)/$(IMAGE):$(HASH) || \ + docker push $(ORG)/$(IMAGE):$(HASH)