diff --git a/examples/docker.yml b/examples/docker.yml index 20d900621..5031c19ad 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -18,19 +18,19 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" + image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" binds: - /dev:/dev - /var:/var:rshared,rbind @@ -40,13 +40,13 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: ntpd - image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" + image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE @@ -66,7 +66,7 @@ services: - CAP_SETGID net: host - name: docker - image: "linuxkit/docker-ce:18d9d2719bc99514c5b1883d5c8a36619e5acb4d" + image: "linuxkit/docker-ce:957306b51f2bc03087833eee2625d60514a5079c" capabilities: - all net: host diff --git a/examples/gcp.yml b/examples/gcp.yml index 38e73462d..d740def8e 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -37,7 +37,7 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/examples/minimal.yml b/examples/minimal.yml index 9726dc929..d9501a0d3 100644 --- a/examples/minimal.yml +++ b/examples/minimal.yml @@ -2,12 +2,12 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f + - linuxkit/init:6c9b2dfac4ac446e57ad83e9817db4b5a334301c - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index b84669eb4..d1ac96baa 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -2,17 +2,17 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f + - linuxkit/init:6c9b2dfac4ac446e57ad83e9817db4b5a334301c - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:fe1b7f438a234cb6481c6538295115eac2a0596d services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/examples/packet.yml b/examples/packet.yml index 606ab58f0..a363b88ca 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:e10e2efc1b78ef41d196175cbc07e069391f406e - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/examples/redis-os.yml b/examples/redis-os.yml index c52b62504..0e34cca79 100644 --- a/examples/redis-os.yml +++ b/examples/redis-os.yml @@ -9,7 +9,7 @@ init: - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b services: - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/examples/sshd.yml b/examples/sshd.yml index c5be08d44..7ac6e7703 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/examples/swap.yml b/examples/swap.yml index 169bdf405..4b28eae27 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -32,14 +32,14 @@ onboot: net: host command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" + image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" binds: - /dev:/dev - /var:/var:rshared,rbind diff --git a/examples/vmware.yml b/examples/vmware.yml index 315697375..1a38a74b4 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" @@ -17,13 +17,13 @@ onboot: readonly: true services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/kernel/Dockerfile b/kernel/Dockerfile index da1051f27..57eb00a64 100644 --- a/kernel/Dockerfile +++ b/kernel/Dockerfile @@ -65,7 +65,7 @@ RUN DVER=$(basename $(find /tmp/kernel-modules/lib/modules/ -mindepth 1 -maxdept RUN printf "KERNEL_SOURCE=${KERNEL_SOURCE}\n" > /out/kernel-source-info -FROM linuxkit/toybox-media:eee3dd4d72cd784801e95b1781e6c4f9d8a5e5eb@sha256:7f940e687164ee2676e11c61705c79f7dd2d144ee87ad17a494848a7045f5f53 +FROM linuxkit/toybox-media:b396a375852e5dffc002389d95e0658c8de72914@sha256:a317cc378946ee48cc011cdfc5aa08f0229f5bf10ff70e3690d8f60b36700033 ENTRYPOINT [] CMD [] WORKDIR / diff --git a/linuxkit.yml b/linuxkit.yml index 1d12659bf..d20520d79 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -2,10 +2,10 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f + - linuxkit/init:6c9b2dfac4ac446e57ad83e9817db4b5a334301c - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -33,7 +33,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/pkg/binfmt/Dockerfile b/pkg/binfmt/Dockerfile index e28b8cb48..3751ba97f 100644 --- a/pkg/binfmt/Dockerfile +++ b/pkg/binfmt/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS qemu +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS qemu RUN apk add \ qemu-aarch64 \ qemu-arm \ diff --git a/pkg/ca-certificates/Dockerfile b/pkg/ca-certificates/Dockerfile index c73858f4d..9010c037b 100644 --- a/pkg/ca-certificates/Dockerfile +++ b/pkg/ca-certificates/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f as alpine +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb as alpine RUN apk add ca-certificates diff --git a/pkg/dhcpcd/Dockerfile b/pkg/dhcpcd/Dockerfile index 7ec4f2963..58e6da307 100644 --- a/pkg/dhcpcd/Dockerfile +++ b/pkg/dhcpcd/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories diff --git a/pkg/docker-ce/Dockerfile b/pkg/docker-ce/Dockerfile index 1fcf50c34..8e3ccb415 100644 --- a/pkg/docker-ce/Dockerfile +++ b/pkg/docker-ce/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories diff --git a/pkg/format/Dockerfile b/pkg/format/Dockerfile index b8d7c96ca..40365f32b 100644 --- a/pkg/format/Dockerfile +++ b/pkg/format/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories diff --git a/pkg/init/Dockerfile b/pkg/init/Dockerfile index 92dea3588..5ef49b03f 100644 --- a/pkg/init/Dockerfile +++ b/pkg/init/Dockerfile @@ -1,9 +1,6 @@ -FROM alpine:3.5 - -RUN \ - apk --no-cache update && \ - apk --no-cache upgrade -a && \ - apk --no-cache add \ - && rm -rf /var/cache/apk/* - +# Use sha256 here to get a fixed version +FROM alpine:edge@sha256:99588bc8883c955c157d18fc3eaa4a3c1400c223e6c7cabca5f600a3e9f8d5cd +ENTRYPOINT [] +CMD [] +WORKDIR / COPY . ./ diff --git a/pkg/init/Makefile b/pkg/init/Makefile index 912ae1817..bc5b840d6 100644 --- a/pkg/init/Makefile +++ b/pkg/init/Makefile @@ -1,39 +1,14 @@ -C_COMPILE=linuxkit/c-compile:63b085bbaec1aa7c42a7bd22a4b1c350d900617d -START_STOP_DAEMON=sbin/start-stop-daemon - +.PHONY: tag push default: push -$(START_STOP_DAEMON): start-stop-daemon.c - mkdir -p $(dir $@) - DOCKER_CONTENT_TRUST=1 docker pull $(C_COMPILE) - tar cf - $^ | DOCKER_CONTENT_TRUST=1 docker run --rm --net=none --log-driver=none -i $(C_COMPILE) -o $@ | tar xf - - -.PHONY: tag push - -BASE=alpine:3.5 IMAGE=init +DEPS=Dockerfile init $(wildcard etc/*) $(wildcard etc/init.d/*) -ETC=$(shell find etc -type f) +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -hash: Dockerfile $(ETC) init $(START_STOP_DAEMON) - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'cat $^ /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ +tag: $(DEPS) + docker build --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -rf hash sbin usr - -.DELETE_ON_ERROR: +push: tag + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) diff --git a/pkg/init/start-stop-daemon.c b/pkg/init/start-stop-daemon.c deleted file mode 100644 index f27406746..000000000 --- a/pkg/init/start-stop-daemon.c +++ /dev/null @@ -1,1054 +0,0 @@ -/* - * A rewrite of the original Debian's start-stop-daemon Perl script - * in C (faster - it is executed many times during system startup). - * - * Written by Marek Michalkiewicz , - * public domain. Based conceptually on start-stop-daemon.pl, by Ian - * Jackson . May be used and distributed - * freely for any purpose. Changes by Christian Schwarz - * , to make output conform to the Debian - * Console Message Standard, also placed in public domain. Minor - * changes by Klee Dienes , also placed in the Public - * Domain. - * - * Changes by Ben Collins , added --chuid, --background - * and --make-pidfile options, placed in public domain aswell. - * - * Port to OpenBSD by Sontri Tomo Huynh - * and Andreas Schuldei - * - * Changes by Ian Jackson: added --retry (and associated rearrangements). - * - * Modified for Gentoo rc-scripts by Donny Davies : - * I removed the BSD/Hurd/OtherOS stuff, added #include - * and stuck in a #define VERSION "1.9.18". Now it compiles without - * the whole automake/config.h dance. - * - * Modified to compile on Alpine by Justin Cormack - */ - -#include -#define VERSION "1.9.18" - -#define MIN_POLL_INTERVAL 20000 /*us*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static int testmode = 0; -static int quietmode = 0; -static int exitnodo = 1; -static int start = 0; -static int stop = 0; -static int background = 0; -static int mpidfile = 0; -static int signal_nr = 15; -static const char *signal_str = NULL; -static int user_id = -1; -static int runas_uid = -1; -static int runas_gid = -1; -static const char *userspec = NULL; -static char *changeuser = NULL; -static const char *changegroup = NULL; -static char *changeroot = NULL; -static const char *cmdname = NULL; -static char *execname = NULL; -static char *startas = NULL; -static const char *pidfile = NULL; -static char what_stop[1024]; -static const char *schedule_str = NULL; -static const char *progname = ""; -static int nicelevel = 0; - -static struct stat exec_stat; - -struct pid_list { - struct pid_list *next; - pid_t pid; -}; - -static struct pid_list *found = NULL; -static struct pid_list *killed = NULL; - -struct schedule_item { - enum { sched_timeout, sched_signal, sched_goto, sched_forever } type; - int value; /* seconds, signal no., or index into array */ - /* sched_forever is only seen within parse_schedule and callees */ -}; - -static int schedule_length; -static struct schedule_item *schedule = NULL; - -LIST_HEAD(namespace_head, namespace); - -struct namespace { - LIST_ENTRY(namespace) list; - char *path; - int nstype; -}; - -static struct namespace_head namespace_head; - -static void *xmalloc(int size); -static void push(struct pid_list **list, pid_t pid); -static void do_help(void); -static void parse_options(int argc, char * const *argv); -static int pid_is_user(pid_t pid, uid_t uid); -static int pid_is_cmd(pid_t pid, const char *name); -static void check(pid_t pid); -static void do_pidfile(const char *name); -static void do_stop(int signal_nr, int quietmode, - int *n_killed, int *n_notkilled, int retry_nr); -static int pid_is_exec(pid_t pid, const struct stat *esb); - -#ifdef __GNUC__ -static void fatal(const char *format, ...) - __attribute__((noreturn, format(printf, 1, 2))); -static void badusage(const char *msg) - __attribute__((noreturn)); -#else -static void fatal(const char *format, ...); -static void badusage(const char *msg); -#endif - -/* This next part serves only to construct the TVCALC macro, which - * is used for doing arithmetic on struct timeval's. It works like this: - * TVCALC(result, expression); - * where result is a struct timeval (and must be an lvalue) and - * expression is the single expression for both components. In this - * expression you can use the special values TVELEM, which when fed a - * const struct timeval* gives you the relevant component, and - * TVADJUST. TVADJUST is necessary when subtracting timevals, to make - * it easier to renormalise. Whenver you subtract timeval elements, - * you must make sure that TVADJUST is added to the result of the - * subtraction (before any resulting multiplication or what have you). - * TVELEM must be linear in TVADJUST. - */ -typedef long tvselector(const struct timeval*); -static long tvselector_sec(const struct timeval *tv) { return tv->tv_sec; } -static long tvselector_usec(const struct timeval *tv) { return tv->tv_usec; } -#define TVCALC_ELEM(result, expr, sec, adj) \ -{ \ - const long TVADJUST = adj; \ - long (*const TVELEM)(const struct timeval*) = tvselector_##sec; \ - (result).tv_##sec = (expr); \ -} -#define TVCALC(result,expr) \ -do { \ - TVCALC_ELEM(result, expr, sec, (-1)); \ - TVCALC_ELEM(result, expr, usec, (+1000000)); \ - (result).tv_sec += (result).tv_usec / 1000000; \ - (result).tv_usec %= 1000000; \ -} while(0) - - -static void -fatal(const char *format, ...) -{ - va_list arglist; - - fprintf(stderr, "%s: ", progname); - va_start(arglist, format); - vfprintf(stderr, format, arglist); - va_end(arglist); - putc('\n', stderr); - exit(2); -} - - -static void * -xmalloc(int size) -{ - void *ptr; - - ptr = malloc(size); - if (ptr) - return ptr; - fatal("malloc(%d) failed", size); -} - -static void -xgettimeofday(struct timeval *tv) -{ - if (gettimeofday(tv,0) != 0) - fatal("gettimeofday failed: %s", strerror(errno)); -} - -static void -push(struct pid_list **list, pid_t pid) -{ - struct pid_list *p; - - p = xmalloc(sizeof(*p)); - p->next = *list; - p->pid = pid; - *list = p; -} - -static void -clear(struct pid_list **list) -{ - struct pid_list *here, *next; - - for (here = *list; here != NULL; here = next) { - next = here->next; - free(here); - } - - *list = NULL; -} - -static char * -next_dirname(const char *s) -{ - char *cur; - - cur = (char *)s; - - if (*cur != '\0') { - for (; *cur != '/'; ++cur) - if (*cur == '\0') - return cur; - - for (; *cur == '/'; ++cur) - ; - } - - return cur; -} - -static void -add_namespace(const char *path) -{ - int nstype; - char *nsdirname, *nsname, *cur; - struct namespace *namespace; - - cur = (char *)path; - nsdirname = nsname = ""; - - while ((cur = next_dirname(cur))[0] != '\0') { - nsdirname = nsname; - nsname = cur; - } - - if (!memcmp(nsdirname, "ipcns/", strlen("ipcns/"))) - nstype = CLONE_NEWIPC; - else if (!memcmp(nsdirname, "netns/", strlen("netns/"))) - nstype = CLONE_NEWNET; - else if (!memcmp(nsdirname, "utcns/", strlen("utcns/"))) - nstype = CLONE_NEWUTS; - else - badusage("invalid namepspace path"); - - namespace = xmalloc(sizeof(*namespace)); - namespace->path = (char *)path; - namespace->nstype = nstype; - LIST_INSERT_HEAD(&namespace_head, namespace, list); -} - -#ifdef HAVE_LXC -static void -set_namespaces() -{ - struct namespace *namespace; - int fd; - - LIST_FOREACH(namespace, &namespace_head, list) { - if ((fd = open(namespace->path, O_RDONLY)) == -1) - fatal("open namespace %s: %s", namespace->path, strerror(errno)); - if (setns(fd, namespace->nstype) == -1) - fatal("setns %s: %s", namespace->path, strerror(errno)); - } -} -#else -static void -set_namespaces() -{ - if (!LIST_EMPTY(&namespace_head)) - fatal("LCX namespaces not supported"); -} -#endif - -static void -do_help(void) -{ - printf( -"start-stop-daemon " VERSION " for Debian - small and fast C version written by\n" -"Marek Michalkiewicz , public domain.\n" -"\n" -"Usage:\n" -" start-stop-daemon -S|--start options ... -- arguments ...\n" -" start-stop-daemon -K|--stop options ...\n" -" start-stop-daemon -H|--help\n" -" start-stop-daemon -V|--version\n" -"\n" -"Options (at least one of --exec|--pidfile|--user is required):\n" -" -x|--exec program to start/check if it is running\n" -" -p|--pidfile pid file to check\n" -" -c|--chuid \n" -" change to this user/group before starting process\n" -" -u|--user | stop processes owned by this user\n" -" -n|--name stop processes with this name\n" -" -s|--signal signal to send (default TERM)\n" -" -a|--startas program to start (default is )\n" -" -N|--nicelevel add incr to the process's nice level\n" -" -b|--background force the process to detach\n" -" -m|--make-pidfile create the pidfile before starting\n" -" -R|--retry check whether processes die, and retry\n" -" -t|--test test mode, don't do anything\n" -" -o|--oknodo exit status 0 (not 1) if nothing done\n" -" -q|--quiet be more quiet\n" -" -v|--verbose be more verbose\n" -"Retry is |//... where is one of\n" -" -|[-] send that signal\n" -" wait that many seconds\n" -" forever repeat remainder forever\n" -"or may be just , meaning //KILL/\n" -"\n" -"Exit status: 0 = done 1 = nothing done (=> 0 if --oknodo)\n" -" 3 = trouble 2 = with --retry, processes wouldn't die\n"); -} - - -static void -badusage(const char *msg) -{ - if (msg) - fprintf(stderr, "%s: %s\n", progname, msg); - fprintf(stderr, "Try `%s --help' for more information.\n", progname); - exit(3); -} - -struct sigpair { - const char *name; - int signal; -}; - -const struct sigpair siglist[] = { - { "ABRT", SIGABRT }, - { "ALRM", SIGALRM }, - { "FPE", SIGFPE }, - { "HUP", SIGHUP }, - { "ILL", SIGILL }, - { "INT", SIGINT }, - { "KILL", SIGKILL }, - { "PIPE", SIGPIPE }, - { "QUIT", SIGQUIT }, - { "SEGV", SIGSEGV }, - { "TERM", SIGTERM }, - { "USR1", SIGUSR1 }, - { "USR2", SIGUSR2 }, - { "CHLD", SIGCHLD }, - { "CONT", SIGCONT }, - { "STOP", SIGSTOP }, - { "TSTP", SIGTSTP }, - { "TTIN", SIGTTIN }, - { "TTOU", SIGTTOU } -}; - -static int parse_integer (const char *string, int *value_r) { - unsigned long ul; - char *ep; - - if (!string[0]) - return -1; - - ul= strtoul(string,&ep,10); - if (ul > INT_MAX || *ep != '\0') - return -1; - - *value_r= ul; - return 0; -} - -static int parse_signal (const char *signal_str, int *signal_nr) -{ - unsigned int i; - - if (parse_integer(signal_str, signal_nr) == 0) - return 0; - - for (i = 0; i < sizeof (siglist) / sizeof (siglist[0]); i++) { - if (strcmp (signal_str, siglist[i].name) == 0) { - *signal_nr = siglist[i].signal; - return 0; - } - } - return -1; -} - -static void -parse_schedule_item(const char *string, struct schedule_item *item) { - const char *after_hyph; - - if (!strcmp(string,"forever")) { - item->type = sched_forever; - } else if (isdigit(string[0])) { - item->type = sched_timeout; - if (parse_integer(string, &item->value) != 0) - badusage("invalid timeout value in schedule"); - } else if ((after_hyph = string + (string[0] == '-')) && - parse_signal(after_hyph, &item->value) == 0) { - item->type = sched_signal; - } else { - badusage("invalid schedule item (must be [-], " - "-, or `forever'"); - } -} - -static void -parse_schedule(const char *schedule_str) { - char item_buf[20]; - const char *slash; - int count, repeatat; - ptrdiff_t str_len; - - count = 0; - for (slash = schedule_str; *slash; slash++) - if (*slash == '/') - count++; - - schedule_length = (count == 0) ? 4 : count+1; - schedule = xmalloc(sizeof(*schedule) * schedule_length); - - if (count == 0) { - schedule[0].type = sched_signal; - schedule[0].value = signal_nr; - parse_schedule_item(schedule_str, &schedule[1]); - if (schedule[1].type != sched_timeout) { - badusage ("--retry takes timeout, or schedule list" - " of at least two items"); - } - schedule[2].type = sched_signal; - schedule[2].value = SIGKILL; - schedule[3]= schedule[1]; - } else { - count = 0; - repeatat = -1; - while (schedule_str != NULL) { - slash = strchr(schedule_str,'/'); - str_len = slash ? slash - schedule_str : strlen(schedule_str); - if (str_len >= (ptrdiff_t)sizeof(item_buf)) - badusage("invalid schedule item: far too long" - " (you must delimit items with slashes)"); - memcpy(item_buf, schedule_str, str_len); - item_buf[str_len] = 0; - schedule_str = slash ? slash+1 : NULL; - - parse_schedule_item(item_buf, &schedule[count]); - if (schedule[count].type == sched_forever) { - if (repeatat >= 0) - badusage("invalid schedule: `forever'" - " appears more than once"); - repeatat = count; - continue; - } - count++; - } - if (repeatat >= 0) { - schedule[count].type = sched_goto; - schedule[count].value = repeatat; - count++; - } - assert(count == schedule_length); - } -} - -static void -parse_options(int argc, char * const *argv) -{ - static struct option longopts[] = { - { "help", 0, NULL, 'H'}, - { "stop", 0, NULL, 'K'}, - { "start", 0, NULL, 'S'}, - { "version", 0, NULL, 'V'}, - { "startas", 1, NULL, 'a'}, - { "name", 1, NULL, 'n'}, - { "oknodo", 0, NULL, 'o'}, - { "pidfile", 1, NULL, 'p'}, - { "quiet", 0, NULL, 'q'}, - { "signal", 1, NULL, 's'}, - { "test", 0, NULL, 't'}, - { "user", 1, NULL, 'u'}, - { "chroot", 1, NULL, 'r'}, - { "namespace", 1, NULL, 'd'}, - { "verbose", 0, NULL, 'v'}, - { "exec", 1, NULL, 'x'}, - { "chuid", 1, NULL, 'c'}, - { "nicelevel", 1, NULL, 'N'}, - { "background", 0, NULL, 'b'}, - { "make-pidfile", 0, NULL, 'm'}, - { "retry", 1, NULL, 'R'}, - { NULL, 0, NULL, 0} - }; - int c; - - for (;;) { - c = getopt_long(argc, argv, "HKSVa:n:op:qr:d:s:tu:vx:c:N:bmR:", - longopts, (int *) 0); - if (c == -1) - break; - switch (c) { - case 'H': /* --help */ - do_help(); - exit(0); - case 'K': /* --stop */ - stop = 1; - break; - case 'S': /* --start */ - start = 1; - break; - case 'V': /* --version */ - printf("start-stop-daemon " VERSION "\n"); - exit(0); - case 'a': /* --startas */ - startas = optarg; - break; - case 'n': /* --name */ - cmdname = optarg; - break; - case 'o': /* --oknodo */ - exitnodo = 0; - break; - case 'p': /* --pidfile */ - pidfile = optarg; - break; - case 'q': /* --quiet */ - quietmode = 1; - break; - case 's': /* --signal */ - signal_str = optarg; - break; - case 't': /* --test */ - testmode = 1; - break; - case 'u': /* --user | */ - userspec = optarg; - break; - case 'v': /* --verbose */ - quietmode = -1; - break; - case 'x': /* --exec */ - execname = optarg; - break; - case 'c': /* --chuid | */ - /* we copy the string just in case we need the - * argument later. */ - changeuser = strdup(optarg); - changeuser = strtok(changeuser, ":"); - changegroup = strtok(NULL, ":"); - break; - case 'r': /* --chroot /new/root */ - changeroot = optarg; - break; - case 'd': /* --namespace /.../||/name */ - add_namespace(optarg); - break; - case 'N': /* --nice */ - nicelevel = atoi(optarg); - break; - case 'b': /* --background */ - background = 1; - break; - case 'm': /* --make-pidfile */ - mpidfile = 1; - break; - case 'R': /* --retry | */ - schedule_str = optarg; - break; - default: - badusage(NULL); /* message printed by getopt */ - } - } - - if (signal_str != NULL) { - if (parse_signal (signal_str, &signal_nr) != 0) - badusage("signal value must be numeric or name" - " of signal (KILL, INTR, ...)"); - } - - if (schedule_str != NULL) { - parse_schedule(schedule_str); - } - - if (start == stop) - badusage("need one of --start or --stop"); - - if (!execname && !pidfile && !userspec && !cmdname) - badusage("need at least one of --exec, --pidfile, --user or --name"); - - if (!startas) - startas = execname; - - if (start && !startas) - badusage("--start needs --exec or --startas"); - - if (mpidfile && pidfile == NULL) - badusage("--make-pidfile is only relevant with --pidfile"); - - if (background && !start) - badusage("--background is only relevant with --start"); - -} - -static int -pid_is_exec(pid_t pid, const struct stat *esb) -{ - struct stat sb; - char buf[32]; - - sprintf(buf, "/proc/%d/exe", pid); - if (stat(buf, &sb) != 0) - return 0; - return (sb.st_dev == esb->st_dev && sb.st_ino == esb->st_ino); -} - - -static int -pid_is_user(pid_t pid, uid_t uid) -{ - struct stat sb; - char buf[32]; - - sprintf(buf, "/proc/%d", pid); - if (stat(buf, &sb) != 0) - return 0; - return (sb.st_uid == uid); -} - - -static int -pid_is_cmd(pid_t pid, const char *name) -{ - char buf[32]; - FILE *f; - int c; - - sprintf(buf, "/proc/%d/stat", pid); - f = fopen(buf, "r"); - if (!f) - return 0; - while ((c = getc(f)) != EOF && c != '(') - ; - if (c != '(') { - fclose(f); - return 0; - } - /* this hopefully handles command names containing ')' */ - while ((c = getc(f)) != EOF && c == *name) - name++; - fclose(f); - return (c == ')' && *name == '\0'); -} - - -static void -check(pid_t pid) -{ - if (execname && !pid_is_exec(pid, &exec_stat)) - return; - if (userspec && !pid_is_user(pid, user_id)) - return; - if (cmdname && !pid_is_cmd(pid, cmdname)) - return; - push(&found, pid); -} - -static void -do_pidfile(const char *name) -{ - FILE *f; - pid_t pid; - - f = fopen(name, "r"); - if (f) { - if (fscanf(f, "%d", &pid) == 1) - check(pid); - fclose(f); - } else if (errno != ENOENT) - fatal("open pidfile %s: %s", name, strerror(errno)); - -} - -/* WTA: this needs to be an autoconf check for /proc/pid existance. - */ -static void -do_procinit(void) -{ - DIR *procdir; - struct dirent *entry; - int foundany; - pid_t pid; - - procdir = opendir("/proc"); - if (!procdir) - fatal("opendir /proc: %s", strerror(errno)); - - foundany = 0; - while ((entry = readdir(procdir)) != NULL) { - if (sscanf(entry->d_name, "%d", &pid) != 1) - continue; - foundany++; - check(pid); - } - closedir(procdir); - if (!foundany) - fatal("nothing in /proc - not mounted?"); -} - -static void -do_findprocs(void) -{ - clear(&found); - - if (pidfile) - do_pidfile(pidfile); - else - do_procinit(); -} - -/* return 1 on failure */ -static void -do_stop(int signal_nr, int quietmode, int *n_killed, int *n_notkilled, int retry_nr) -{ - struct pid_list *p; - - do_findprocs(); - - *n_killed = 0; - *n_notkilled = 0; - - if (!found) - return; - - clear(&killed); - - for (p = found; p; p = p->next) { - if (testmode) - printf("Would send signal %d to %d.\n", - signal_nr, p->pid); - else if (kill(p->pid, signal_nr) == 0) { - push(&killed, p->pid); - (*n_killed)++; - } else { - printf("%s: warning: failed to kill %d: %s\n", - progname, p->pid, strerror(errno)); - (*n_notkilled)++; - } - } - if (quietmode < 0 && killed) { - printf("Stopped %s (pid", what_stop); - for (p = killed; p; p = p->next) - printf(" %d", p->pid); - putchar(')'); - if (retry_nr > 0) - printf(", retry #%d", retry_nr); - printf(".\n"); - } -} - - -static void -set_what_stop(const char *str) -{ - strncpy(what_stop, str, sizeof(what_stop)); - what_stop[sizeof(what_stop)-1] = '\0'; -} - -static int -run_stop_schedule(void) -{ - int r, position, n_killed, n_notkilled, value, ratio, anykilled, retry_nr; - struct timeval stopat, before, after, interval, maxinterval; - - if (testmode) { - if (schedule != NULL) { - printf("Ignoring --retry in test mode\n"); - schedule = NULL; - } - } - - if (cmdname) - set_what_stop(cmdname); - else if (execname) - set_what_stop(execname); - else if (pidfile) - sprintf(what_stop, "process in pidfile `%.200s'", pidfile); - else if (userspec) - sprintf(what_stop, "process(es) owned by `%.200s'", userspec); - else - fatal("internal error, please report"); - - anykilled = 0; - retry_nr = 0; - - if (schedule == NULL) { - do_stop(signal_nr, quietmode, &n_killed, &n_notkilled, 0); - if (n_notkilled > 0 && quietmode <= 0) - printf("%d pids were not killed\n", n_notkilled); - if (n_killed) - anykilled = 1; - goto x_finished; - } - - for (position = 0; position < schedule_length; ) { - value= schedule[position].value; - n_notkilled = 0; - - switch (schedule[position].type) { - - case sched_goto: - position = value; - continue; - - case sched_signal: - do_stop(value, quietmode, &n_killed, &n_notkilled, retry_nr++); - if (!n_killed) - goto x_finished; - else - anykilled = 1; - goto next_item; - - case sched_timeout: - /* We want to keep polling for the processes, to see if they've exited, - * or until the timeout expires. - * - * This is a somewhat complicated algorithm to try to ensure that we - * notice reasonably quickly when all the processes have exited, but - * don't spend too much CPU time polling. In particular, on a fast - * machine with quick-exiting daemons we don't want to delay system - * shutdown too much, whereas on a slow one, or where processes are - * taking some time to exit, we want to increase the polling - * interval. - * - * The algorithm is as follows: we measure the elapsed time it takes - * to do one poll(), and wait a multiple of this time for the next - * poll. However, if that would put us past the end of the timeout - * period we wait only as long as the timeout period, but in any case - * we always wait at least MIN_POLL_INTERVAL (20ms). The multiple - * (`ratio') starts out as 2, and increases by 1 for each poll to a - * maximum of 10; so we use up to between 30% and 10% of the - * machine's resources (assuming a few reasonable things about system - * performance). - */ - xgettimeofday(&stopat); - stopat.tv_sec += value; - ratio = 1; - for (;;) { - xgettimeofday(&before); - if (timercmp(&before,&stopat,>)) - goto next_item; - - do_stop(0, 1, &n_killed, &n_notkilled, 0); - if (!n_killed) - goto x_finished; - - xgettimeofday(&after); - - if (!timercmp(&after,&stopat,<)) - goto next_item; - - if (ratio < 10) - ratio++; - - TVCALC(interval, ratio * (TVELEM(&after) - TVELEM(&before) + TVADJUST)); - TVCALC(maxinterval, TVELEM(&stopat) - TVELEM(&after) + TVADJUST); - - if (timercmp(&interval,&maxinterval,>)) - interval = maxinterval; - - if (interval.tv_sec == 0 && - interval.tv_usec <= MIN_POLL_INTERVAL) - interval.tv_usec = MIN_POLL_INTERVAL; - - r = select(0,0,0,0,&interval); - if (r < 0 && errno != EINTR) - fatal("select() failed for pause: %s", - strerror(errno)); - } - - default: - assert(!"schedule[].type value must be valid"); - - } - - next_item: - position++; - } - - if (quietmode <= 0) - printf("Program %s, %d process(es), refused to die.\n", - what_stop, n_killed); - - return 2; - -x_finished: - if (!anykilled) { - if (quietmode <= 0) - printf("No %s found running; none killed.\n", what_stop); - return exitnodo; - } else { - return 0; - } -} - -/* -int main(int argc, char **argv) NONRETURNING; -*/ - -int -main(int argc, char **argv) -{ - progname = argv[0]; - - LIST_INIT(&namespace_head); - - parse_options(argc, argv); - argc -= optind; - argv += optind; - - if (execname && stat(execname, &exec_stat)) - fatal("stat %s: %s", execname, strerror(errno)); - - if (userspec && sscanf(userspec, "%d", &user_id) != 1) { - struct passwd *pw; - - pw = getpwnam(userspec); - if (!pw) - fatal("user `%s' not found\n", userspec); - - user_id = pw->pw_uid; - } - - if (changegroup && sscanf(changegroup, "%d", &runas_gid) != 1) { - struct group *gr = getgrnam(changegroup); - if (!gr) - fatal("group `%s' not found\n", changegroup); - runas_gid = gr->gr_gid; - } - if (changeuser && sscanf(changeuser, "%d", &runas_uid) != 1) { - struct passwd *pw = getpwnam(changeuser); - if (!pw) - fatal("user `%s' not found\n", changeuser); - runas_uid = pw->pw_uid; - if (changegroup == NULL) { /* pass the default group of this user */ - changegroup = ""; /* just empty */ - runas_gid = pw->pw_gid; - } - } - - if (stop) { - int i = run_stop_schedule(); - exit(i); - } - - do_findprocs(); - - if (found) { - if (quietmode <= 0) - printf("%s already running.\n", execname); - exit(exitnodo); - } - if (testmode) { - printf("Would start %s ", startas); - while (argc-- > 0) - printf("%s ", *argv++); - if (changeuser != NULL) { - printf(" (as user %s[%d]", changeuser, runas_uid); - if (changegroup != NULL) - printf(", and group %s[%d])", changegroup, runas_gid); - else - printf(")"); - } - if (changeroot != NULL) - printf(" in directory %s", changeroot); - if (nicelevel) - printf(", and add %i to the priority", nicelevel); - printf(".\n"); - exit(0); - } - if (quietmode < 0) - printf("Starting %s...\n", startas); - *--argv = startas; - if (changeroot != NULL) { - if (chdir(changeroot) < 0) - fatal("Unable to chdir() to %s", changeroot); - if (chroot(changeroot) < 0) - fatal("Unable to chroot() to %s", changeroot); - } - if (changeuser != NULL) { - if (setgid(runas_gid)) - fatal("Unable to set gid to %d", runas_gid); - if (initgroups(changeuser, runas_gid)) - fatal("Unable to set initgroups() with gid %d", runas_gid); - if (setuid(runas_uid)) - fatal("Unable to set uid to %s", changeuser); - } - - if (background) { /* ok, we need to detach this process */ - int i, fd; - if (quietmode < 0) - printf("Detatching to start %s...", startas); - i = fork(); - if (i<0) { - fatal("Unable to fork.\n"); - } - if (i) { /* parent */ - if (quietmode < 0) - printf("done.\n"); - exit(0); - } - /* child continues here */ - /* now close all extra fds */ - for (i=getdtablesize()-1; i>=0; --i) close(i); - /* change tty */ - fd = open("/dev/tty", O_RDWR); - ioctl(fd, TIOCNOTTY, 0); - close(fd); - chdir("/"); - umask(022); /* set a default for dumb programs */ - setpgid(0,0); /* set the process group */ - fd=open("/dev/null", O_RDWR); /* stdin */ - dup(fd); /* stdout */ - dup(fd); /* stderr */ - } - if (nicelevel) { - errno = 0; - if (nice(nicelevel) < 0 && errno) - fatal("Unable to alter nice level by %i: %s", nicelevel, - strerror(errno)); - } - if (mpidfile && pidfile != NULL) { /* user wants _us_ to make the pidfile :) */ - FILE *pidf = fopen(pidfile, "w"); - pid_t pidt = getpid(); - if (pidf == NULL) - fatal("Unable to open pidfile `%s' for writing: %s", pidfile, - strerror(errno)); - fprintf(pidf, "%d\n", pidt); - fclose(pidf); - } - set_namespaces(); - execv(startas, argv); - fatal("Unable to start %s: %s", startas, strerror(errno)); -} diff --git a/pkg/mount/Dockerfile b/pkg/mount/Dockerfile index 91ba6c327..bacf65255 100644 --- a/pkg/mount/Dockerfile +++ b/pkg/mount/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories diff --git a/pkg/openntpd/Dockerfile b/pkg/openntpd/Dockerfile index 350d7948e..951af1b4f 100644 --- a/pkg/openntpd/Dockerfile +++ b/pkg/openntpd/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories diff --git a/pkg/rngd/Dockerfile b/pkg/rngd/Dockerfile index 758ff0611..09cd1ff5a 100644 --- a/pkg/rngd/Dockerfile +++ b/pkg/rngd/Dockerfile @@ -1,9 +1,18 @@ -FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS rng-build +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS build +RUN apk add \ + argp-standalone \ + automake \ + gcc \ + linux-headers \ + make \ + musl-dev \ + patch COPY . / ENV pkgname=rng-tools pkgver=5 -RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz + +ADD http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz $pkgname-$pkgver.tar.gz RUN sha256sum -c sha256sums RUN zcat $pkgname-$pkgver.tar.gz | tar xf - @@ -22,12 +31,12 @@ RUN cd $pkgname-$pkgver && \ RUN mkdir -p /tmp/dev /tmp/proc /tmp/sys -FROM linuxkit/tini:6714d66b82b5397f497b2aa05764096ed1ffe7d7@sha256:ba594b96af6195737ce2df702196d7adea2cafde554e18940ee14ad575d27f3b +FROM linuxkit/tini:cb32c9b3ceb16505e1d62919cf28c8b52bf6d57e@sha256:1645296b3e155f8cf672f71f8d20b274bf38ee94c39dd1b58f7b18e0163b00b8 ENTRYPOINT [] WORKDIR / -COPY --from=rng-build usr/sbin/rngd usr/sbin/rngd +COPY --from=build usr/sbin/rngd usr/sbin/rngd # Can't create directories, so copy empty dirs from previous context -COPY --from=rng-build tmp/dev dev -COPY --from=rng-build tmp/proc proc -COPY --from=rng-build tmp/sys sys +COPY --from=build tmp/dev dev +COPY --from=build tmp/proc proc +COPY --from=build tmp/sys sys CMD ["/bin/tini", "/usr/sbin/rngd", "-f"] diff --git a/pkg/rngd/Makefile b/pkg/rngd/Makefile index 8a155f312..abb53426c 100644 --- a/pkg/rngd/Makefile +++ b/pkg/rngd/Makefile @@ -2,40 +2,13 @@ default: push IMAGE=rngd -BASE=linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 -DEPS=Dockerfile Makefile +DEPS=Dockerfile -hash: $(DEPS) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) +tag: $(DEPS) + docker build --no-cache -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(HASH) diff --git a/projects/etcd/etcd.yml b/projects/etcd/etcd.yml index 57b595245..a6963249c 100644 --- a/projects/etcd/etcd.yml +++ b/projects/etcd/etcd.yml @@ -2,10 +2,10 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f + - linuxkit/init:6c9b2dfac4ac446e57ad83e9817db4b5a334301c - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:fe1b7f438a234cb6481c6538295115eac2a0596d - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -16,14 +16,14 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" + image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" binds: - /dev:/dev - /var:/var:rshared,rbind @@ -32,7 +32,7 @@ onboot: rootfsPropagation: shared command: ["/mount.sh", "/var/lib/etcd"] - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -59,7 +59,7 @@ services: oomScoreAdj: -800 readonly: true - name: ntpd - image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" + image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE diff --git a/projects/etcd/prom-us-central1-f.yml b/projects/etcd/prom-us-central1-f.yml index a8d70e248..9f639f246 100644 --- a/projects/etcd/prom-us-central1-f.yml +++ b/projects/etcd/prom-us-central1-f.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index d75fef234..6fc6ea530 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -18,12 +18,12 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: @@ -46,7 +46,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: ntpd - image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" + image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index e58f32338..14c82dd08 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -18,12 +18,12 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: @@ -46,7 +46,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: ntpd - image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" + image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE diff --git a/projects/kubernetes/mounts.rb b/projects/kubernetes/mounts.rb index 2e6977fb0..21dd4835c 100644 --- a/projects/kubernetes/mounts.rb +++ b/projects/kubernetes/mounts.rb @@ -1,6 +1,6 @@ import 'common.rb' -from "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" +from "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" script = [ mount_bind_hostns_self("/etc/cni"), mount_make_hostns_rshared("/etc/cni"), diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index 7ff5d7401..db1951b11 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -17,12 +17,12 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 165fe3448..771cf2862 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a + image: linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index 1700eee9d..74d006e24 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" @@ -21,7 +21,7 @@ services: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index 65c38fe18..2302ddb8e 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -20,7 +20,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/scripts/kernels/Dockerfile.deb b/scripts/kernels/Dockerfile.deb index ae03f8c44..9652d1daf 100644 --- a/scripts/kernels/Dockerfile.deb +++ b/scripts/kernels/Dockerfile.deb @@ -20,7 +20,7 @@ RUN cp -a boot/System.map-* /out/System.map RUN tar cf /out/kernel.tar lib RUN tar cf /out/kernel-dev.tar usr || true -FROM linuxkit/toybox-media:d7e82a7d19ccc84c9071fa7a88ecaa58ae958f7c@sha256:4c7d25f2be2429cd08417c36e04161cb924e46f3e419ee33a0aa9ff3a0942e02 +FROM linuxkit/toybox-media:b396a375852e5dffc002389d95e0658c8de72914@sha256:a317cc378946ee48cc011cdfc5aa08f0229f5bf10ff70e3690d8f60b36700033 WORKDIR / ENTRYPOINT [] CMD [] diff --git a/scripts/kernels/Dockerfile.rpm b/scripts/kernels/Dockerfile.rpm index 343aad7f1..332a90996 100644 --- a/scripts/kernels/Dockerfile.rpm +++ b/scripts/kernels/Dockerfile.rpm @@ -21,7 +21,7 @@ RUN cp -a boot/System.map-* /out/System.map || mv lib/modules/*/System.map /out/ RUN tar cf /out/kernel.tar lib RUN tar cf /out/kernel-dev.tar usr || true -FROM linuxkit/toybox-media:d7e82a7d19ccc84c9071fa7a88ecaa58ae958f7c@sha256:4c7d25f2be2429cd08417c36e04161cb924e46f3e419ee33a0aa9ff3a0942e02 +FROM linuxkit/toybox-media:b396a375852e5dffc002389d95e0658c8de72914@sha256:a317cc378946ee48cc011cdfc5aa08f0229f5bf10ff70e3690d8f60b36700033 WORKDIR / ENTRYPOINT [] CMD [] diff --git a/test/cases/test-docker-bench.yml b/test/cases/test-docker-bench.yml index 38fcff037..dc3201b59 100644 --- a/test/cases/test-docker-bench.yml +++ b/test/cases/test-docker-bench.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -18,19 +18,19 @@ onboot: - name: sysfs image: "linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c" - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" + image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" binds: - /dev:/dev - /var:/var:rshared,rbind @@ -40,13 +40,13 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: docker - image: "linuxkit/docker-ce:741bf21513328f674e0cdcaa55492b0b75974e08" + image: "linuxkit/docker-ce:957306b51f2bc03087833eee2625d60514a5079c" capabilities: - all net: host diff --git a/test/cases/test-kernel-config.yml b/test/cases/test-kernel-config.yml index a3337cad8..31703a774 100644 --- a/test/cases/test-kernel-config.yml +++ b/test/cases/test-kernel-config.yml @@ -5,10 +5,10 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/test/cases/test-ltp.yml b/test/cases/test-ltp.yml index 842c2618a..21eb58d85 100644 --- a/test/cases/test-ltp.yml +++ b/test/cases/test-ltp.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: ltp image: "linuxkit/test-ltp-20170116:81229df2d25065b06f0a3071faaace8d66c87e67" diff --git a/test/cases/test-virtsock-server.yml b/test/cases/test-virtsock-server.yml index 5c6785a03..51950010e 100644 --- a/test/cases/test-virtsock-server.yml +++ b/test/cases/test-virtsock-server.yml @@ -9,7 +9,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -21,13 +21,13 @@ onboot: readonly: true services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc @@ -38,7 +38,7 @@ services: net: host oomScoreAdj: -800 - name: virtsock-server - image: "linuxkit/test-virtsock:89133a5081b44dcda66e57502bcbc783e0a654be" + image: "linuxkit/test-virtsock:bac78d3bffa55b9ab00eb023c32512e260d7fed0" readonly: true trust: image: diff --git a/test/pkg/virtsock/Dockerfile b/test/pkg/virtsock/Dockerfile index 6ba3cf281..c38b721c0 100644 --- a/test/pkg/virtsock/Dockerfile +++ b/test/pkg/virtsock/Dockerfile @@ -9,6 +9,6 @@ RUN git checkout $VIRTSOCK_COMMIT RUN make build/virtsock_stress.linux RUN cp -a build/virtsock_stress.linux /virtsock_stress -FROM linuxkit/tini:6714d66b82b5397f497b2aa05764096ed1ffe7d7@sha256:ba594b96af6195737ce2df702196d7adea2cafde554e18940ee14ad575d27f3b +FROM linuxkit/tini:cb32c9b3ceb16505e1d62919cf28c8b52bf6d57e@sha256:1645296b3e155f8cf672f71f8d20b274bf38ee94c39dd1b58f7b18e0163b00b8 COPY --from=virtsock-build virtsock_stress bin/virtsock_stress CMD ["/bin/tini", "/bin/virtsock_stress", "-s", "-v", "1"] diff --git a/test/pkg/virtsock/Makefile b/test/pkg/virtsock/Makefile index a88497657..69278eba1 100644 --- a/test/pkg/virtsock/Makefile +++ b/test/pkg/virtsock/Makefile @@ -1,26 +1,14 @@ .PHONY: tag push -IMAGE=test-virtsock - default: push +IMAGE=test-virtsock DEPS=Dockerfile Makefile -SHASUM=alpine:3.5 -hash: $(DEPS) - find $^ -type f | xargs cat | DOCKER_CONTENT_TRUST=1 docker run --rm -i $(SHASUM) sha1sum | sed 's/ .*//' > $@ -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build || true +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') + +tag: $(DEPS) + docker build --no-cache -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - -clean: - rm -rf hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) diff --git a/tools/c-compile/Dockerfile b/tools/c-compile/Dockerfile deleted file mode 100644 index 0ed0cffc9..000000000 --- a/tools/c-compile/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM alpine:3.5 -RUN \ - apk update && apk upgrade && \ - apk add \ - argp-standalone \ - automake \ - bash \ - bsd-compat-headers \ - build-base \ - cmake \ - curl \ - gcc \ - git \ - libc-dev \ - linux-headers \ - make \ - musl-dev \ - patch \ - util-linux-dev \ - vim \ - && true - -COPY compile.sh /usr/bin/ - -ENTRYPOINT ["/usr/bin/compile.sh"] diff --git a/tools/c-compile/Makefile b/tools/c-compile/Makefile deleted file mode 100644 index 864506bd8..000000000 --- a/tools/c-compile/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -.PHONY: tag push - -BASE=alpine:3.5 -IMAGE=c-compile - -default: push - -hash: Dockerfile compile.sh - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat /lib/apk/db/installed /usr/bin/compile.sh | sha1sum' | sed 's/ .*//' > hash - -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - -.DELETE_ON_ERROR: diff --git a/tools/c-compile/compile.sh b/tools/c-compile/compile.sh deleted file mode 100755 index 333cf2449..000000000 --- a/tools/c-compile/compile.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh - -# This is designed to compile a single package to a single binary -# so it makes some assumptions about things to simplify config -# to output a single binary (in a tarball) just use -o file -# use --docker to output a tarball for input to docker build - - -set -e - -usage() { - echo "Usage: -o file" - exit 1 -} - -[ $# = 0 ] && usage - -while [ $# -gt 0 ] -do - flag="$1" - case "$flag" in - -o) - [ $# -eq 1 ] && usage - out="$2" - mkdir -p "$(dirname $2)" - shift - ;; - -l*) - LIBS="$LIBS $1" - shift - ;; - *) - echo "Unknown option $1" - exit 1 - esac - shift -done - -[ -z "$out" ] && usage - -package=$(basename "$out") - -dir="/src/$package" - -mkdir -p $dir - -# untar input -tar xf - -C $dir - -( - cd $dir - CFILES=$(find . -name '*.c') - cc -static -O2 -Wall -Werror -o ../../$out $CFILES $LIBS -) - -tar cf - $out -exit 0 diff --git a/tools/tini/Dockerfile b/tools/tini/Dockerfile index 8250d6c7e..e33216be2 100644 --- a/tools/tini/Dockerfile +++ b/tools/tini/Dockerfile @@ -1,5 +1,11 @@ -FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS tini-build -COPY . / +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS build +RUN apk add \ + cmake \ + gcc \ + make \ + musl-dev \ + vim + ENV TINI_VERSION=0.13.0 ADD https://github.com/krallin/tini/archive/v${TINI_VERSION}.tar.gz tini-${TINI_VERSION}.tar.gz @@ -10,4 +16,4 @@ FROM scratch ENTRYPOINT [] CMD [] WORKDIR / -COPY --from=tini-build bin/tini bin/tini +COPY --from=build bin/tini bin/tini diff --git a/tools/tini/Makefile b/tools/tini/Makefile index bdda245b5..a60bdd892 100644 --- a/tools/tini/Makefile +++ b/tools/tini/Makefile @@ -2,39 +2,13 @@ default: push IMAGE=tini -BASE=linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 -DEPS=Dockerfile Makefile +DEPS=Dockerfile -hash: $(DEPS) - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) +tag: $(DEPS) + docker build --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(HASH) diff --git a/tools/toybox-media/Dockerfile b/tools/toybox-media/Dockerfile index 64e9c1564..cc3a3da9d 100644 --- a/tools/toybox-media/Dockerfile +++ b/tools/toybox-media/Dockerfile @@ -1,12 +1,18 @@ -FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS toybox-build -COPY . . +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS build +RUN apk add \ + bash \ + gcc \ + git \ + make \ + musl-dev + ENV FILES="ls tar sh find sha1sum" # 0.7.2 ENV LDFLAGS=--static RUN git clone https://github.com/landley/toybox.git && \ - cd toybox && git checkout b27d5d9ad0c56014d8661d91f69ee498bbbe4cf9 && \ - make defconfig + cd toybox && git checkout b27d5d9ad0c56014d8661d91f69ee498bbbe4cf9 WORKDIR /toybox +RUN make defconfig RUN make ${FILES} RUN mkdir -p /out/bin RUN cp ${FILES} /out/bin @@ -15,4 +21,4 @@ FROM scratch ENTRYPOINT [] CMD [] WORKDIR / -COPY --from=toybox-build out/bin bin/ +COPY --from=build out/bin bin/ diff --git a/tools/toybox-media/Makefile b/tools/toybox-media/Makefile index 115c793bc..5f00a6435 100644 --- a/tools/toybox-media/Makefile +++ b/tools/toybox-media/Makefile @@ -2,39 +2,13 @@ default: push IMAGE=toybox-media -BASE=linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 -DEPS=Dockerfile Makefile +DEPS=Dockerfile -hash: $(DEPS) - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) +tag: $(DEPS) + docker build --no-cache -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(HASH)