From aea6d6c54e9e835d89f5e2ec469aea3b45592c82 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 4 May 2017 12:05:01 +0100 Subject: [PATCH 1/8] pkg: Convert binfmt to use the Alpine base image and git tree hash Signed-off-by: Rolf Neugebauer --- pkg/binfmt/Dockerfile | 19 ++++++++----------- pkg/binfmt/Makefile | 40 +++++----------------------------------- 2 files changed, 13 insertions(+), 46 deletions(-) diff --git a/pkg/binfmt/Dockerfile b/pkg/binfmt/Dockerfile index acf2baf7d..e28b8cb48 100644 --- a/pkg/binfmt/Dockerfile +++ b/pkg/binfmt/Dockerfile @@ -1,13 +1,10 @@ -FROM alpine:edge AS qemu-build -RUN \ - apk update && apk upgrade && \ - apk add \ - qemu-aarch64 \ - qemu-arm \ - qemu-ppc64le \ - && true +FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS qemu +RUN apk add \ + qemu-aarch64 \ + qemu-arm \ + qemu-ppc64le -FROM linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 AS binfmt-build +FROM linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 AS build COPY main.go main.go RUN echo "gofmt..." && test -z $(gofmt -s -l main.go) && \ echo "go vet..." && test -z $(GOOS=linux go tool vet -printf=false main.go) && \ @@ -17,7 +14,7 @@ RUN go build -o usr/bin/binfmt -buildmode pie -ldflags "-s -w -extldflags -stati FROM scratch ENTRYPOINT [] WORKDIR / -COPY --from=qemu-build usr/bin/qemu-* usr/bin/ -COPY --from=binfmt-build usr/bin/binfmt usr/bin/binfmt +COPY --from=qemu usr/bin/qemu-* usr/bin/ +COPY --from=build usr/bin/binfmt usr/bin/binfmt COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"] diff --git a/pkg/binfmt/Makefile b/pkg/binfmt/Makefile index cc7f9a65c..9f997c2d0 100644 --- a/pkg/binfmt/Makefile +++ b/pkg/binfmt/Makefile @@ -2,43 +2,13 @@ default: push IMAGE=binfmt -BASE=alpine:edge -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 DEPS=Dockerfile Makefile main.go $(wildcard etc/binmft.d/*) -# Note, this isn't quite right as we pull in qemu binaries from -# alpine:edge and they may vary over time. BUT: We are going to change -# the hashing stuff soon anyway, so there is little point in faffing -# about with computing a hash during the build and get it out. -hash: $(DEPS) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) +tag: $(DEPS) + docker build --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(HASH) From e929205c315fcbd6a8dd9736a591c80ddd354d05 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 4 May 2017 12:25:17 +0100 Subject: [PATCH 2/8] pkg: Convert dhcpcd to use the Alpine base image and git tree hash This builds the dhcpcd package from a fixed Alpine 3.5 base and adds the dhcpcd daemon from the Alpine base image. This should make the build reproducible and allows us to use the git tree hash. Signed-off-by: Rolf Neugebauer --- pkg/dhcpcd/Dockerfile | 17 +++++++++-------- pkg/dhcpcd/Makefile | 36 ++++++++---------------------------- 2 files changed, 17 insertions(+), 36 deletions(-) diff --git a/pkg/dhcpcd/Dockerfile b/pkg/dhcpcd/Dockerfile index b6894bfaa..7ec4f2963 100644 --- a/pkg/dhcpcd/Dockerfile +++ b/pkg/dhcpcd/Dockerfile @@ -1,12 +1,13 @@ -FROM alpine:3.5 +FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror -RUN \ - apk update && apk upgrade -a && \ - apk add --no-cache \ - dhcpcd \ - openrc \ - && true +FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +COPY --from=mirror /etc/apk/repositories /etc/apk/repositories +COPY --from=mirror /etc/apk/keys /etc/apk/keys/ +COPY --from=mirror /mirror /mirror/ + +RUN apk add dhcpcd + +RUN rm -rf /mirror /etc/apk/repositories /etc/apk/keys COPY . . - CMD ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf"] diff --git a/pkg/dhcpcd/Makefile b/pkg/dhcpcd/Makefile index 4f6bcdb07..5988073f8 100644 --- a/pkg/dhcpcd/Makefile +++ b/pkg/dhcpcd/Makefile @@ -1,34 +1,14 @@ -.PHONY: tag push clean container +.PHONY: tag push default: push IMAGE=dhcpcd +DEPS=Dockerfile Makefile dhcpcd.conf usr/lib/dhcpcd/dhcpcd-hooks/10-mtu -BASE=alpine:3.5 +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -DEPS=dhcpcd.conf usr/lib/dhcpcd/dhcpcd-hooks/10-mtu +tag: $(DEPS) + docker build --squash --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . -container: Dockerfile $(DEPS) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - -hash: Dockerfile $(DEPS) - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'cat $^ /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash - -push: hash container - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash container - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -rf hash - -.DELETE_ON_ERROR: +push: tag + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) From 43d97967efcf80f9fa53740ed13e5d05c0f5992a Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 4 May 2017 14:34:59 +0100 Subject: [PATCH 3/8] pkg: Convert docker-ce to use the Alpine base and git tree hash Signed-off-by: Rolf Neugebauer --- pkg/docker-ce/Dockerfile | 26 +++++++++++++++----------- pkg/docker-ce/Makefile | 31 ++++++++----------------------- 2 files changed, 23 insertions(+), 34 deletions(-) diff --git a/pkg/docker-ce/Dockerfile b/pkg/docker-ce/Dockerfile index 7837bd3f0..1fcf50c34 100644 --- a/pkg/docker-ce/Dockerfile +++ b/pkg/docker-ce/Dockerfile @@ -1,15 +1,9 @@ -FROM alpine:3.5 +FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror -# Docker daemon only minimal Alpine install - -# set up Docker group -# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box -RUN set -x \ - && addgroup -S docker \ - && addgroup -S dockremap \ - && adduser -S -G dockremap dockremap \ - && echo 'dockremap:165536:65536' >> /etc/subuid \ - && echo 'dockremap:165536:65536' >> /etc/subgid +FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +COPY --from=mirror /etc/apk/repositories /etc/apk/repositories +COPY --from=mirror /etc/apk/keys /etc/apk/keys/ +COPY --from=mirror /mirror /mirror/ # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies # removed openssl as I do not think server needs it @@ -22,6 +16,16 @@ RUN apk add --no-cache \ iptables \ xfsprogs \ xz +RUN rm -rf /mirror /etc/apk/repositories /etc/apk/keys + +# set up Docker group +# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box +RUN set -x \ + && addgroup -S docker \ + && addgroup -S dockremap \ + && adduser -S -G dockremap dockremap \ + && echo 'dockremap:165536:65536' >> /etc/subuid \ + && echo 'dockremap:165536:65536' >> /etc/subgid ENV DOCKER_BUCKET get.docker.com ENV DOCKER_VERSION 17.04.0-ce diff --git a/pkg/docker-ce/Makefile b/pkg/docker-ce/Makefile index 66c0a7e28..0fb994e43 100644 --- a/pkg/docker-ce/Makefile +++ b/pkg/docker-ce/Makefile @@ -1,29 +1,14 @@ .PHONY: tag push - -BASE=alpine:3.5 -IMAGE=docker-ce - default: push -hash: Dockerfile - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --entrypoint /bin/sh --rm $(IMAGE):build -c 'cat $^ /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ +IMAGE=docker-ce +DEPS=Dockerfile -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + docker build --squash --no-cache -t linuxkit/$(IMAGE):$(HASH) . -clean: - rm -f hash - -.DELETE_ON_ERROR: +push: tag + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) From fce13fb48dfc116cf84ceccb21de17417fe8ef1a Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 4 May 2017 14:41:09 +0100 Subject: [PATCH 4/8] pkg: Convert format to use the Alpine base and git tree hash Signed-off-by: Rolf Neugebauer --- pkg/format/Dockerfile | 23 ++++++++++++++--------- pkg/format/Makefile | 31 ++++++++----------------------- 2 files changed, 22 insertions(+), 32 deletions(-) diff --git a/pkg/format/Dockerfile b/pkg/format/Dockerfile index 124e4daec..b8d7c96ca 100644 --- a/pkg/format/Dockerfile +++ b/pkg/format/Dockerfile @@ -1,13 +1,18 @@ -FROM alpine:3.5 +FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror -RUN \ - apk update && apk upgrade -a && \ - apk add --no-cache \ - e2fsprogs \ - e2fsprogs-extra \ - jq \ - sfdisk \ - && true +FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +COPY --from=mirror /etc/apk/repositories /etc/apk/repositories +COPY --from=mirror /etc/apk/keys /etc/apk/keys/ +COPY --from=mirror /mirror /mirror/ + +RUN apk add \ + e2fsprogs \ + e2fsprogs-extra \ + jq \ + sfdisk \ + && true + +RUN rm -rf /mirror /etc/apk/repositories /etc/apk/keys COPY . ./ CMD ["/bin/sh", "/format.sh"] diff --git a/pkg/format/Makefile b/pkg/format/Makefile index cf6eed82d..8234712cc 100644 --- a/pkg/format/Makefile +++ b/pkg/format/Makefile @@ -1,29 +1,14 @@ .PHONY: tag push - -BASE=alpine:3.5 -IMAGE=format - default: push -hash: Dockerfile format.sh - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint /bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > $@ +IMAGE=format +DEPS=Dockerfile format.sh -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + docker build --squash --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . -clean: - rm -f hash - -.DELETE_ON_ERROR: +push: tag + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) From 1748a69f2ac67e1910c9fbcd60fc24d2db23ae89 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 4 May 2017 14:46:58 +0100 Subject: [PATCH 5/8] pkg: Convert mount to use the Alpine base and git tree hash Signed-off-by: Rolf Neugebauer --- pkg/mount/Dockerfile | 12 ++++++++---- pkg/mount/Makefile | 31 ++++++++----------------------- 2 files changed, 16 insertions(+), 27 deletions(-) diff --git a/pkg/mount/Dockerfile b/pkg/mount/Dockerfile index 8b5098209..91ba6c327 100644 --- a/pkg/mount/Dockerfile +++ b/pkg/mount/Dockerfile @@ -1,11 +1,15 @@ -FROM alpine:3.5 +FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror -RUN \ - apk update && apk upgrade -a && \ - apk add --no-cache \ +FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +COPY --from=mirror /etc/apk/repositories /etc/apk/repositories +COPY --from=mirror /etc/apk/keys /etc/apk/keys/ +COPY --from=mirror /mirror /mirror/ + +RUN apk add --no-cache \ jq \ sfdisk \ && true +RUN rm -rf /mirror /etc/apk/repositories /etc/apk/keys COPY . ./ CMD ["/bin/sh", "/mount.sh"] diff --git a/pkg/mount/Makefile b/pkg/mount/Makefile index 22d02f3c1..ac3a79cd7 100644 --- a/pkg/mount/Makefile +++ b/pkg/mount/Makefile @@ -1,29 +1,14 @@ .PHONY: tag push - -BASE=alpine:3.5 -IMAGE=mount - default: push -hash: Dockerfile mount.sh - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint /bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > $@ +IMAGE=mount +DEPS=Dockerfile mount.sh -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + docker build --squash --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . -clean: - rm -f hash - -.DELETE_ON_ERROR: +push: tag + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) From 41a1d16694be285e90fbe8b37e0dc323a3de2a01 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 4 May 2017 14:51:42 +0100 Subject: [PATCH 6/8] pkg: Use git tree hash for the prometheus node_exporter Signed-off-by: Rolf Neugebauer --- pkg/node_exporter/Dockerfile | 2 +- pkg/node_exporter/Makefile | 31 ++++++++----------------------- 2 files changed, 9 insertions(+), 24 deletions(-) diff --git a/pkg/node_exporter/Dockerfile b/pkg/node_exporter/Dockerfile index cbe9e0590..c5e53a269 100644 --- a/pkg/node_exporter/Dockerfile +++ b/pkg/node_exporter/Dockerfile @@ -1,4 +1,4 @@ -FROM prom/node-exporter:v0.14.0 +FROM prom/node-exporter:v0.14.0@sha256:ea8396dd32be6195ef03438b2f459b2e69a88b8fc798c3fc51559f56d4b158fa ENTRYPOINT ["/bin/node_exporter", "-collector.procfs", "/host/proc", \ "-collector.sysfs", "/host/sys", \ diff --git a/pkg/node_exporter/Makefile b/pkg/node_exporter/Makefile index 81d40ba97..a0d23be2f 100644 --- a/pkg/node_exporter/Makefile +++ b/pkg/node_exporter/Makefile @@ -1,29 +1,14 @@ -.PHONY: tag push clean container +.PHONY: tag push default: push IMAGE=node_exporter -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +DEPS=Dockerfile -container: Dockerfile - docker build --no-cache -t $(IMAGE):build . +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -hash: Dockerfile - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash +tag: $(DEPS) + docker build --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . -push: hash container - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash container - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -rf hash - -.DELETE_ON_ERROR: +push: tag + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) From 17adcefe6cbec1e8c5e195498590edc080fdbfe9 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 4 May 2017 14:56:50 +0100 Subject: [PATCH 7/8] pkg: Convert openntpd to use the Alpine base image and git tree hash Signed-off-by: Rolf Neugebauer --- pkg/openntpd/Dockerfile | 14 ++++++++------ pkg/openntpd/Makefile | 31 ++++++++----------------------- 2 files changed, 16 insertions(+), 29 deletions(-) diff --git a/pkg/openntpd/Dockerfile b/pkg/openntpd/Dockerfile index 53eeeaf65..350d7948e 100644 --- a/pkg/openntpd/Dockerfile +++ b/pkg/openntpd/Dockerfile @@ -1,10 +1,12 @@ -FROM alpine:3.5 +FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror -RUN \ - apk update && apk upgrade -a && \ - apk add --no-cache \ - openntpd \ - && true +FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +COPY --from=mirror /etc/apk/repositories /etc/apk/repositories +COPY --from=mirror /etc/apk/keys /etc/apk/keys/ +COPY --from=mirror /mirror /mirror/ + +RUN apk add --no-cache openntpd && true +RUN rm -rf /mirror /etc/apk/repositories /etc/apk/keys COPY . . diff --git a/pkg/openntpd/Makefile b/pkg/openntpd/Makefile index c8567f47f..83ef89f60 100644 --- a/pkg/openntpd/Makefile +++ b/pkg/openntpd/Makefile @@ -1,29 +1,14 @@ -.PHONY: tag push clean container +.PHONY: tag push default: push IMAGE=openntpd +DEPS=Dockerfile etc/ntpd.conf -BASE=alpine:3.5 +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -hash: Dockerfile etc/ntpd.conf - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'cat $^ /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash +tag: $(DEPS) + docker build --squash --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -rf hash - -.DELETE_ON_ERROR: +push: tag + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) From 21f1646ce2c2fd71ee4b5074c38c13e4872079c4 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Thu, 4 May 2017 22:20:54 +0100 Subject: [PATCH 8/8] Update YAML files with new package hashes Signed-off-by: Rolf Neugebauer --- examples/docker.yml | 12 ++++++------ examples/gcp.yml | 2 +- examples/minimal.yml | 2 +- examples/node_exporter.yml | 2 +- examples/packet.yml | 2 +- examples/redis-os.yml | 2 +- examples/sshd.yml | 2 +- examples/swap.yml | 8 ++++---- examples/vmware.yml | 2 +- linuxkit.yml | 4 ++-- projects/etcd/etcd.yml | 8 ++++---- projects/etcd/prom-us-central1-f.yml | 2 +- projects/kubernetes/kube-master.yml | 8 ++++---- projects/kubernetes/kube-node.yml | 8 ++++---- projects/kubernetes/mounts.rb | 2 +- projects/logging/examples/logging.yml | 4 ++-- projects/miragesdk/examples/mirage-dhcp.yml | 2 +- projects/okernel/examples/okernel_simple.yaml | 2 +- projects/swarmd/swarmd.yml | 2 +- test/docker-bench/test-docker-bench.yml | 8 ++++---- test/test.yml | 2 +- test/virtsock/test-virtsock-server.yml | 2 +- 22 files changed, 44 insertions(+), 44 deletions(-) diff --git a/examples/docker.yml b/examples/docker.yml index 7dbc5fbcb..20d900621 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -18,19 +18,19 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" + image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:53748000acf515549d398e6ae68545c26c0f3a2e" + image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:d2669e7c8ddda99fa0618a414d44261eba6e299a" + image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" binds: - /dev:/dev - /var:/var:rshared,rbind @@ -46,7 +46,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:57a8ef29d3a910645b2b24c124f9ce9ef53ce703" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: ntpd - image: "linuxkit/openntpd:a570316d7fc49ca1daa29bd945499f4963d227af" + image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE @@ -66,7 +66,7 @@ services: - CAP_SETGID net: host - name: docker - image: "linuxkit/docker-ce:a82b61b151f6d6a3606e66f284c927b4c83b50f5" + image: "linuxkit/docker-ce:18d9d2719bc99514c5b1883d5c8a36619e5acb4d" capabilities: - all net: host diff --git a/examples/gcp.yml b/examples/gcp.yml index 8e86d05f2..38e73462d 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc diff --git a/examples/minimal.yml b/examples/minimal.yml index a1d184e99..9726dc929 100644 --- a/examples/minimal.yml +++ b/examples/minimal.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index 43716a747..b84669eb4 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -12,7 +12,7 @@ services: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp:/etc diff --git a/examples/packet.yml b/examples/packet.yml index 74355d4cf..606ab58f0 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -21,7 +21,7 @@ services: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp:/etc diff --git a/examples/redis-os.yml b/examples/redis-os.yml index 6bb8932eb..c52b62504 100644 --- a/examples/redis-os.yml +++ b/examples/redis-os.yml @@ -9,7 +9,7 @@ init: - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b services: - name: dhcpcd - image: "linuxkit/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc diff --git a/examples/sshd.yml b/examples/sshd.yml index de7ce104b..c5be08d44 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -21,7 +21,7 @@ services: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp:/etc diff --git a/examples/swap.yml b/examples/swap.yml index dc67672f2..169bdf405 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:8881283ac627be1542811bd25c85e7782aebc692" + image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc @@ -32,14 +32,14 @@ onboot: net: host command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: "linuxkit/format:53748000acf515549d398e6ae68545c26c0f3a2e" + image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:d2669e7c8ddda99fa0618a414d44261eba6e299a" + image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" binds: - /dev:/dev - /var:/var:rshared,rbind diff --git a/examples/vmware.yml b/examples/vmware.yml index 0dc6770f4..315697375 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -23,7 +23,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp:/etc diff --git a/linuxkit.yml b/linuxkit.yml index 67ec3c602..1d12659bf 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" + image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc diff --git a/projects/etcd/etcd.yml b/projects/etcd/etcd.yml index 396fd4b22..57b595245 100644 --- a/projects/etcd/etcd.yml +++ b/projects/etcd/etcd.yml @@ -16,14 +16,14 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: format - image: "linuxkit/format:53748000acf515549d398e6ae68545c26c0f3a2e" + image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:d2669e7c8ddda99fa0618a414d44261eba6e299a" + image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" binds: - /dev:/dev - /var:/var:rshared,rbind @@ -32,7 +32,7 @@ onboot: rootfsPropagation: shared command: ["/mount.sh", "/var/lib/etcd"] - name: dhcpcd - image: "linuxkit/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc @@ -59,7 +59,7 @@ services: oomScoreAdj: -800 readonly: true - name: ntpd - image: "linuxkit/openntpd:a570316d7fc49ca1daa29bd945499f4963d227af" + image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE diff --git a/projects/etcd/prom-us-central1-f.yml b/projects/etcd/prom-us-central1-f.yml index efa8afe60..a8d70e248 100644 --- a/projects/etcd/prom-us-central1-f.yml +++ b/projects/etcd/prom-us-central1-f.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index 21914c664..d75fef234 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -18,12 +18,12 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" + image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:53748000acf515549d398e6ae68545c26c0f3a2e" + image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" binds: - /dev:/dev capabilities: @@ -46,7 +46,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: ntpd - image: "linuxkit/openntpd:a570316d7fc49ca1daa29bd945499f4963d227af" + image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index 00c5431ac..e58f32338 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -18,12 +18,12 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" + image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:53748000acf515549d398e6ae68545c26c0f3a2e" + image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" binds: - /dev:/dev capabilities: @@ -46,7 +46,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: ntpd - image: "linuxkit/openntpd:a570316d7fc49ca1daa29bd945499f4963d227af" + image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE diff --git a/projects/kubernetes/mounts.rb b/projects/kubernetes/mounts.rb index a0f111086..2e6977fb0 100644 --- a/projects/kubernetes/mounts.rb +++ b/projects/kubernetes/mounts.rb @@ -1,6 +1,6 @@ import 'common.rb' -from "linuxkit/mount:d2669e7c8ddda99fa0618a414d44261eba6e299a" +from "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" script = [ mount_bind_hostns_self("/etc/cni"), mount_make_hostns_rshared("/etc/cni"), diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index f1ba25c0c..7ff5d7401 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -17,12 +17,12 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" + image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 8949813ea..165fe3448 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd + image: linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index 818745bea..1700eee9d 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -21,7 +21,7 @@ services: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp:/etc diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index c45929b01..65c38fe18 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -20,7 +20,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc diff --git a/test/docker-bench/test-docker-bench.yml b/test/docker-bench/test-docker-bench.yml index 92d7f99d3..38fcff037 100644 --- a/test/docker-bench/test-docker-bench.yml +++ b/test/docker-bench/test-docker-bench.yml @@ -18,19 +18,19 @@ onboot: - name: sysfs image: "linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c" - name: binfmt - image: "linuxkit/binfmt:c7e69ebd918a237dd086a5c58dd888df772746bd" + image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:53748000acf515549d398e6ae68545c26c0f3a2e" + image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:d2669e7c8ddda99fa0618a414d44261eba6e299a" + image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" binds: - /dev:/dev - /var:/var:rshared,rbind @@ -46,7 +46,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp/etc:/etc diff --git a/test/test.yml b/test/test.yml index dc7d7502a..4412a9302 100644 --- a/test/test.yml +++ b/test/test.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp:/etc diff --git a/test/virtsock/test-virtsock-server.yml b/test/virtsock/test-virtsock-server.yml index 3f9afcfc4..5c6785a03 100644 --- a/test/virtsock/test-virtsock-server.yml +++ b/test/virtsock/test-virtsock-server.yml @@ -27,7 +27,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" binds: - /var:/var - /tmp:/etc