From 98a8be0087d74527b3adf4e5746f0de63cfd090d Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Mon, 8 May 2017 15:34:36 +0100 Subject: [PATCH 01/10] pkg: Update packages to new version of the alpine base image Signed-off-by: Rolf Neugebauer --- pkg/binfmt/Dockerfile | 2 +- pkg/ca-certificates/Dockerfile | 2 +- pkg/dhcpcd/Dockerfile | 2 +- pkg/docker-ce/Dockerfile | 2 +- pkg/format/Dockerfile | 2 +- pkg/mount/Dockerfile | 2 +- pkg/openntpd/Dockerfile | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/binfmt/Dockerfile b/pkg/binfmt/Dockerfile index e28b8cb48..3751ba97f 100644 --- a/pkg/binfmt/Dockerfile +++ b/pkg/binfmt/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS qemu +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS qemu RUN apk add \ qemu-aarch64 \ qemu-arm \ diff --git a/pkg/ca-certificates/Dockerfile b/pkg/ca-certificates/Dockerfile index c73858f4d..9010c037b 100644 --- a/pkg/ca-certificates/Dockerfile +++ b/pkg/ca-certificates/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f as alpine +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb as alpine RUN apk add ca-certificates diff --git a/pkg/dhcpcd/Dockerfile b/pkg/dhcpcd/Dockerfile index 7ec4f2963..58e6da307 100644 --- a/pkg/dhcpcd/Dockerfile +++ b/pkg/dhcpcd/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories diff --git a/pkg/docker-ce/Dockerfile b/pkg/docker-ce/Dockerfile index 1fcf50c34..8e3ccb415 100644 --- a/pkg/docker-ce/Dockerfile +++ b/pkg/docker-ce/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories diff --git a/pkg/format/Dockerfile b/pkg/format/Dockerfile index b8d7c96ca..40365f32b 100644 --- a/pkg/format/Dockerfile +++ b/pkg/format/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories diff --git a/pkg/mount/Dockerfile b/pkg/mount/Dockerfile index 91ba6c327..bacf65255 100644 --- a/pkg/mount/Dockerfile +++ b/pkg/mount/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories diff --git a/pkg/openntpd/Dockerfile b/pkg/openntpd/Dockerfile index 350d7948e..951af1b4f 100644 --- a/pkg/openntpd/Dockerfile +++ b/pkg/openntpd/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS mirror FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories From 046afdda48d3c9f200730f1a00411a6139237946 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 5 May 2017 11:01:57 +0100 Subject: [PATCH 02/10] tools: Remove c-compile from tini Use the alpine base image and install the tools to compile tini manually. This removes the dependency on c-compile. Also use the git tree hash for the package hash while at it. Signed-off-by: Rolf Neugebauer --- tools/tini/Dockerfile | 12 +++++++++--- tools/tini/Makefile | 38 ++++++-------------------------------- 2 files changed, 15 insertions(+), 35 deletions(-) diff --git a/tools/tini/Dockerfile b/tools/tini/Dockerfile index 8250d6c7e..e33216be2 100644 --- a/tools/tini/Dockerfile +++ b/tools/tini/Dockerfile @@ -1,5 +1,11 @@ -FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS tini-build -COPY . / +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS build +RUN apk add \ + cmake \ + gcc \ + make \ + musl-dev \ + vim + ENV TINI_VERSION=0.13.0 ADD https://github.com/krallin/tini/archive/v${TINI_VERSION}.tar.gz tini-${TINI_VERSION}.tar.gz @@ -10,4 +16,4 @@ FROM scratch ENTRYPOINT [] CMD [] WORKDIR / -COPY --from=tini-build bin/tini bin/tini +COPY --from=build bin/tini bin/tini diff --git a/tools/tini/Makefile b/tools/tini/Makefile index bdda245b5..a60bdd892 100644 --- a/tools/tini/Makefile +++ b/tools/tini/Makefile @@ -2,39 +2,13 @@ default: push IMAGE=tini -BASE=linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 -DEPS=Dockerfile Makefile +DEPS=Dockerfile -hash: $(DEPS) - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) +tag: $(DEPS) + docker build --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(HASH) From ff45e154e984a690be32ddca065a4fcb0f165499 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 5 May 2017 11:35:43 +0100 Subject: [PATCH 03/10] tools: Remove c-compile from toybox-media Directly install the required packages from the Alpine base image to compile the toybox-media package. Also use the git tree hash for the package hash while at it. Signed-off-by: Rolf Neugebauer --- tools/toybox-media/Dockerfile | 16 ++++++++++----- tools/toybox-media/Makefile | 38 ++++++----------------------------- 2 files changed, 17 insertions(+), 37 deletions(-) diff --git a/tools/toybox-media/Dockerfile b/tools/toybox-media/Dockerfile index 64e9c1564..cc3a3da9d 100644 --- a/tools/toybox-media/Dockerfile +++ b/tools/toybox-media/Dockerfile @@ -1,12 +1,18 @@ -FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS toybox-build -COPY . . +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS build +RUN apk add \ + bash \ + gcc \ + git \ + make \ + musl-dev + ENV FILES="ls tar sh find sha1sum" # 0.7.2 ENV LDFLAGS=--static RUN git clone https://github.com/landley/toybox.git && \ - cd toybox && git checkout b27d5d9ad0c56014d8661d91f69ee498bbbe4cf9 && \ - make defconfig + cd toybox && git checkout b27d5d9ad0c56014d8661d91f69ee498bbbe4cf9 WORKDIR /toybox +RUN make defconfig RUN make ${FILES} RUN mkdir -p /out/bin RUN cp ${FILES} /out/bin @@ -15,4 +21,4 @@ FROM scratch ENTRYPOINT [] CMD [] WORKDIR / -COPY --from=toybox-build out/bin bin/ +COPY --from=build out/bin bin/ diff --git a/tools/toybox-media/Makefile b/tools/toybox-media/Makefile index 115c793bc..5f00a6435 100644 --- a/tools/toybox-media/Makefile +++ b/tools/toybox-media/Makefile @@ -2,39 +2,13 @@ default: push IMAGE=toybox-media -BASE=linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 -DEPS=Dockerfile Makefile +DEPS=Dockerfile -hash: $(DEPS) - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) +tag: $(DEPS) + docker build --no-cache -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(HASH) From 41b7861bac9a4e4d354d3be1a05daadb0b841f31 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 5 May 2017 15:18:47 +0100 Subject: [PATCH 04/10] pkg: Remove c-compile from rgnd Directly install the required packages from the Alpine base image to compile the rngd package. Also use the git tree hash for the package hash while at it. Signed-off-by: Rolf Neugebauer --- pkg/rngd/Dockerfile | 21 +++++++++++++++------ pkg/rngd/Makefile | 39 ++++++--------------------------------- 2 files changed, 21 insertions(+), 39 deletions(-) diff --git a/pkg/rngd/Dockerfile b/pkg/rngd/Dockerfile index 758ff0611..b900f23e4 100644 --- a/pkg/rngd/Dockerfile +++ b/pkg/rngd/Dockerfile @@ -1,9 +1,18 @@ -FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS rng-build +FROM linuxkit/alpine:c5021a113803f7608e3908014d316c3490183d0b@sha256:4c7a80173c71ca5019dc56f40442b3a8345f141dd46593bd1fe6d130294d07cb AS build +RUN apk add \ + argp-standalone \ + automake \ + gcc \ + linux-headers \ + make \ + musl-dev \ + patch COPY . / ENV pkgname=rng-tools pkgver=5 -RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz + +ADD http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz $pkgname-$pkgver.tar.gz RUN sha256sum -c sha256sums RUN zcat $pkgname-$pkgver.tar.gz | tar xf - @@ -25,9 +34,9 @@ RUN mkdir -p /tmp/dev /tmp/proc /tmp/sys FROM linuxkit/tini:6714d66b82b5397f497b2aa05764096ed1ffe7d7@sha256:ba594b96af6195737ce2df702196d7adea2cafde554e18940ee14ad575d27f3b ENTRYPOINT [] WORKDIR / -COPY --from=rng-build usr/sbin/rngd usr/sbin/rngd +COPY --from=build usr/sbin/rngd usr/sbin/rngd # Can't create directories, so copy empty dirs from previous context -COPY --from=rng-build tmp/dev dev -COPY --from=rng-build tmp/proc proc -COPY --from=rng-build tmp/sys sys +COPY --from=build tmp/dev dev +COPY --from=build tmp/proc proc +COPY --from=build tmp/sys sys CMD ["/bin/tini", "/usr/sbin/rngd", "-f"] diff --git a/pkg/rngd/Makefile b/pkg/rngd/Makefile index 8a155f312..abb53426c 100644 --- a/pkg/rngd/Makefile +++ b/pkg/rngd/Makefile @@ -2,40 +2,13 @@ default: push IMAGE=rngd -BASE=linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 -DEPS=Dockerfile Makefile +DEPS=Dockerfile -hash: $(DEPS) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) +tag: $(DEPS) + docker build --no-cache -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(HASH) From 662ed3ad1f013966e91ebc77082ae0a2140469ac Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 5 May 2017 16:47:03 +0100 Subject: [PATCH 05/10] pkg: Remove c-compile from init There is no need for start-stop-daemon since this package is using containerd. Remove it and update the init package to alpine:edge Also use the git tree hash for the package hash while at it. Signed-off-by: Rolf Neugebauer --- pkg/init/Dockerfile | 13 +- pkg/init/Makefile | 41 +- pkg/init/start-stop-daemon.c | 1054 ---------------------------------- 3 files changed, 13 insertions(+), 1095 deletions(-) delete mode 100644 pkg/init/start-stop-daemon.c diff --git a/pkg/init/Dockerfile b/pkg/init/Dockerfile index 92dea3588..5ef49b03f 100644 --- a/pkg/init/Dockerfile +++ b/pkg/init/Dockerfile @@ -1,9 +1,6 @@ -FROM alpine:3.5 - -RUN \ - apk --no-cache update && \ - apk --no-cache upgrade -a && \ - apk --no-cache add \ - && rm -rf /var/cache/apk/* - +# Use sha256 here to get a fixed version +FROM alpine:edge@sha256:99588bc8883c955c157d18fc3eaa4a3c1400c223e6c7cabca5f600a3e9f8d5cd +ENTRYPOINT [] +CMD [] +WORKDIR / COPY . ./ diff --git a/pkg/init/Makefile b/pkg/init/Makefile index 912ae1817..bc5b840d6 100644 --- a/pkg/init/Makefile +++ b/pkg/init/Makefile @@ -1,39 +1,14 @@ -C_COMPILE=linuxkit/c-compile:63b085bbaec1aa7c42a7bd22a4b1c350d900617d -START_STOP_DAEMON=sbin/start-stop-daemon - +.PHONY: tag push default: push -$(START_STOP_DAEMON): start-stop-daemon.c - mkdir -p $(dir $@) - DOCKER_CONTENT_TRUST=1 docker pull $(C_COMPILE) - tar cf - $^ | DOCKER_CONTENT_TRUST=1 docker run --rm --net=none --log-driver=none -i $(C_COMPILE) -o $@ | tar xf - - -.PHONY: tag push - -BASE=alpine:3.5 IMAGE=init +DEPS=Dockerfile init $(wildcard etc/*) $(wildcard etc/init.d/*) -ETC=$(shell find etc -type f) +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -hash: Dockerfile $(ETC) init $(START_STOP_DAEMON) - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm $(IMAGE):build sh -c 'cat $^ /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ +tag: $(DEPS) + docker build --no-cache --network=none -t linuxkit/$(IMAGE):$(HASH) . -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -rf hash sbin usr - -.DELETE_ON_ERROR: +push: tag + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) diff --git a/pkg/init/start-stop-daemon.c b/pkg/init/start-stop-daemon.c deleted file mode 100644 index f27406746..000000000 --- a/pkg/init/start-stop-daemon.c +++ /dev/null @@ -1,1054 +0,0 @@ -/* - * A rewrite of the original Debian's start-stop-daemon Perl script - * in C (faster - it is executed many times during system startup). - * - * Written by Marek Michalkiewicz , - * public domain. Based conceptually on start-stop-daemon.pl, by Ian - * Jackson . May be used and distributed - * freely for any purpose. Changes by Christian Schwarz - * , to make output conform to the Debian - * Console Message Standard, also placed in public domain. Minor - * changes by Klee Dienes , also placed in the Public - * Domain. - * - * Changes by Ben Collins , added --chuid, --background - * and --make-pidfile options, placed in public domain aswell. - * - * Port to OpenBSD by Sontri Tomo Huynh - * and Andreas Schuldei - * - * Changes by Ian Jackson: added --retry (and associated rearrangements). - * - * Modified for Gentoo rc-scripts by Donny Davies : - * I removed the BSD/Hurd/OtherOS stuff, added #include - * and stuck in a #define VERSION "1.9.18". Now it compiles without - * the whole automake/config.h dance. - * - * Modified to compile on Alpine by Justin Cormack - */ - -#include -#define VERSION "1.9.18" - -#define MIN_POLL_INTERVAL 20000 /*us*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static int testmode = 0; -static int quietmode = 0; -static int exitnodo = 1; -static int start = 0; -static int stop = 0; -static int background = 0; -static int mpidfile = 0; -static int signal_nr = 15; -static const char *signal_str = NULL; -static int user_id = -1; -static int runas_uid = -1; -static int runas_gid = -1; -static const char *userspec = NULL; -static char *changeuser = NULL; -static const char *changegroup = NULL; -static char *changeroot = NULL; -static const char *cmdname = NULL; -static char *execname = NULL; -static char *startas = NULL; -static const char *pidfile = NULL; -static char what_stop[1024]; -static const char *schedule_str = NULL; -static const char *progname = ""; -static int nicelevel = 0; - -static struct stat exec_stat; - -struct pid_list { - struct pid_list *next; - pid_t pid; -}; - -static struct pid_list *found = NULL; -static struct pid_list *killed = NULL; - -struct schedule_item { - enum { sched_timeout, sched_signal, sched_goto, sched_forever } type; - int value; /* seconds, signal no., or index into array */ - /* sched_forever is only seen within parse_schedule and callees */ -}; - -static int schedule_length; -static struct schedule_item *schedule = NULL; - -LIST_HEAD(namespace_head, namespace); - -struct namespace { - LIST_ENTRY(namespace) list; - char *path; - int nstype; -}; - -static struct namespace_head namespace_head; - -static void *xmalloc(int size); -static void push(struct pid_list **list, pid_t pid); -static void do_help(void); -static void parse_options(int argc, char * const *argv); -static int pid_is_user(pid_t pid, uid_t uid); -static int pid_is_cmd(pid_t pid, const char *name); -static void check(pid_t pid); -static void do_pidfile(const char *name); -static void do_stop(int signal_nr, int quietmode, - int *n_killed, int *n_notkilled, int retry_nr); -static int pid_is_exec(pid_t pid, const struct stat *esb); - -#ifdef __GNUC__ -static void fatal(const char *format, ...) - __attribute__((noreturn, format(printf, 1, 2))); -static void badusage(const char *msg) - __attribute__((noreturn)); -#else -static void fatal(const char *format, ...); -static void badusage(const char *msg); -#endif - -/* This next part serves only to construct the TVCALC macro, which - * is used for doing arithmetic on struct timeval's. It works like this: - * TVCALC(result, expression); - * where result is a struct timeval (and must be an lvalue) and - * expression is the single expression for both components. In this - * expression you can use the special values TVELEM, which when fed a - * const struct timeval* gives you the relevant component, and - * TVADJUST. TVADJUST is necessary when subtracting timevals, to make - * it easier to renormalise. Whenver you subtract timeval elements, - * you must make sure that TVADJUST is added to the result of the - * subtraction (before any resulting multiplication or what have you). - * TVELEM must be linear in TVADJUST. - */ -typedef long tvselector(const struct timeval*); -static long tvselector_sec(const struct timeval *tv) { return tv->tv_sec; } -static long tvselector_usec(const struct timeval *tv) { return tv->tv_usec; } -#define TVCALC_ELEM(result, expr, sec, adj) \ -{ \ - const long TVADJUST = adj; \ - long (*const TVELEM)(const struct timeval*) = tvselector_##sec; \ - (result).tv_##sec = (expr); \ -} -#define TVCALC(result,expr) \ -do { \ - TVCALC_ELEM(result, expr, sec, (-1)); \ - TVCALC_ELEM(result, expr, usec, (+1000000)); \ - (result).tv_sec += (result).tv_usec / 1000000; \ - (result).tv_usec %= 1000000; \ -} while(0) - - -static void -fatal(const char *format, ...) -{ - va_list arglist; - - fprintf(stderr, "%s: ", progname); - va_start(arglist, format); - vfprintf(stderr, format, arglist); - va_end(arglist); - putc('\n', stderr); - exit(2); -} - - -static void * -xmalloc(int size) -{ - void *ptr; - - ptr = malloc(size); - if (ptr) - return ptr; - fatal("malloc(%d) failed", size); -} - -static void -xgettimeofday(struct timeval *tv) -{ - if (gettimeofday(tv,0) != 0) - fatal("gettimeofday failed: %s", strerror(errno)); -} - -static void -push(struct pid_list **list, pid_t pid) -{ - struct pid_list *p; - - p = xmalloc(sizeof(*p)); - p->next = *list; - p->pid = pid; - *list = p; -} - -static void -clear(struct pid_list **list) -{ - struct pid_list *here, *next; - - for (here = *list; here != NULL; here = next) { - next = here->next; - free(here); - } - - *list = NULL; -} - -static char * -next_dirname(const char *s) -{ - char *cur; - - cur = (char *)s; - - if (*cur != '\0') { - for (; *cur != '/'; ++cur) - if (*cur == '\0') - return cur; - - for (; *cur == '/'; ++cur) - ; - } - - return cur; -} - -static void -add_namespace(const char *path) -{ - int nstype; - char *nsdirname, *nsname, *cur; - struct namespace *namespace; - - cur = (char *)path; - nsdirname = nsname = ""; - - while ((cur = next_dirname(cur))[0] != '\0') { - nsdirname = nsname; - nsname = cur; - } - - if (!memcmp(nsdirname, "ipcns/", strlen("ipcns/"))) - nstype = CLONE_NEWIPC; - else if (!memcmp(nsdirname, "netns/", strlen("netns/"))) - nstype = CLONE_NEWNET; - else if (!memcmp(nsdirname, "utcns/", strlen("utcns/"))) - nstype = CLONE_NEWUTS; - else - badusage("invalid namepspace path"); - - namespace = xmalloc(sizeof(*namespace)); - namespace->path = (char *)path; - namespace->nstype = nstype; - LIST_INSERT_HEAD(&namespace_head, namespace, list); -} - -#ifdef HAVE_LXC -static void -set_namespaces() -{ - struct namespace *namespace; - int fd; - - LIST_FOREACH(namespace, &namespace_head, list) { - if ((fd = open(namespace->path, O_RDONLY)) == -1) - fatal("open namespace %s: %s", namespace->path, strerror(errno)); - if (setns(fd, namespace->nstype) == -1) - fatal("setns %s: %s", namespace->path, strerror(errno)); - } -} -#else -static void -set_namespaces() -{ - if (!LIST_EMPTY(&namespace_head)) - fatal("LCX namespaces not supported"); -} -#endif - -static void -do_help(void) -{ - printf( -"start-stop-daemon " VERSION " for Debian - small and fast C version written by\n" -"Marek Michalkiewicz , public domain.\n" -"\n" -"Usage:\n" -" start-stop-daemon -S|--start options ... -- arguments ...\n" -" start-stop-daemon -K|--stop options ...\n" -" start-stop-daemon -H|--help\n" -" start-stop-daemon -V|--version\n" -"\n" -"Options (at least one of --exec|--pidfile|--user is required):\n" -" -x|--exec program to start/check if it is running\n" -" -p|--pidfile pid file to check\n" -" -c|--chuid \n" -" change to this user/group before starting process\n" -" -u|--user | stop processes owned by this user\n" -" -n|--name stop processes with this name\n" -" -s|--signal signal to send (default TERM)\n" -" -a|--startas program to start (default is )\n" -" -N|--nicelevel add incr to the process's nice level\n" -" -b|--background force the process to detach\n" -" -m|--make-pidfile create the pidfile before starting\n" -" -R|--retry check whether processes die, and retry\n" -" -t|--test test mode, don't do anything\n" -" -o|--oknodo exit status 0 (not 1) if nothing done\n" -" -q|--quiet be more quiet\n" -" -v|--verbose be more verbose\n" -"Retry is |//... where is one of\n" -" -|[-] send that signal\n" -" wait that many seconds\n" -" forever repeat remainder forever\n" -"or may be just , meaning //KILL/\n" -"\n" -"Exit status: 0 = done 1 = nothing done (=> 0 if --oknodo)\n" -" 3 = trouble 2 = with --retry, processes wouldn't die\n"); -} - - -static void -badusage(const char *msg) -{ - if (msg) - fprintf(stderr, "%s: %s\n", progname, msg); - fprintf(stderr, "Try `%s --help' for more information.\n", progname); - exit(3); -} - -struct sigpair { - const char *name; - int signal; -}; - -const struct sigpair siglist[] = { - { "ABRT", SIGABRT }, - { "ALRM", SIGALRM }, - { "FPE", SIGFPE }, - { "HUP", SIGHUP }, - { "ILL", SIGILL }, - { "INT", SIGINT }, - { "KILL", SIGKILL }, - { "PIPE", SIGPIPE }, - { "QUIT", SIGQUIT }, - { "SEGV", SIGSEGV }, - { "TERM", SIGTERM }, - { "USR1", SIGUSR1 }, - { "USR2", SIGUSR2 }, - { "CHLD", SIGCHLD }, - { "CONT", SIGCONT }, - { "STOP", SIGSTOP }, - { "TSTP", SIGTSTP }, - { "TTIN", SIGTTIN }, - { "TTOU", SIGTTOU } -}; - -static int parse_integer (const char *string, int *value_r) { - unsigned long ul; - char *ep; - - if (!string[0]) - return -1; - - ul= strtoul(string,&ep,10); - if (ul > INT_MAX || *ep != '\0') - return -1; - - *value_r= ul; - return 0; -} - -static int parse_signal (const char *signal_str, int *signal_nr) -{ - unsigned int i; - - if (parse_integer(signal_str, signal_nr) == 0) - return 0; - - for (i = 0; i < sizeof (siglist) / sizeof (siglist[0]); i++) { - if (strcmp (signal_str, siglist[i].name) == 0) { - *signal_nr = siglist[i].signal; - return 0; - } - } - return -1; -} - -static void -parse_schedule_item(const char *string, struct schedule_item *item) { - const char *after_hyph; - - if (!strcmp(string,"forever")) { - item->type = sched_forever; - } else if (isdigit(string[0])) { - item->type = sched_timeout; - if (parse_integer(string, &item->value) != 0) - badusage("invalid timeout value in schedule"); - } else if ((after_hyph = string + (string[0] == '-')) && - parse_signal(after_hyph, &item->value) == 0) { - item->type = sched_signal; - } else { - badusage("invalid schedule item (must be [-], " - "-, or `forever'"); - } -} - -static void -parse_schedule(const char *schedule_str) { - char item_buf[20]; - const char *slash; - int count, repeatat; - ptrdiff_t str_len; - - count = 0; - for (slash = schedule_str; *slash; slash++) - if (*slash == '/') - count++; - - schedule_length = (count == 0) ? 4 : count+1; - schedule = xmalloc(sizeof(*schedule) * schedule_length); - - if (count == 0) { - schedule[0].type = sched_signal; - schedule[0].value = signal_nr; - parse_schedule_item(schedule_str, &schedule[1]); - if (schedule[1].type != sched_timeout) { - badusage ("--retry takes timeout, or schedule list" - " of at least two items"); - } - schedule[2].type = sched_signal; - schedule[2].value = SIGKILL; - schedule[3]= schedule[1]; - } else { - count = 0; - repeatat = -1; - while (schedule_str != NULL) { - slash = strchr(schedule_str,'/'); - str_len = slash ? slash - schedule_str : strlen(schedule_str); - if (str_len >= (ptrdiff_t)sizeof(item_buf)) - badusage("invalid schedule item: far too long" - " (you must delimit items with slashes)"); - memcpy(item_buf, schedule_str, str_len); - item_buf[str_len] = 0; - schedule_str = slash ? slash+1 : NULL; - - parse_schedule_item(item_buf, &schedule[count]); - if (schedule[count].type == sched_forever) { - if (repeatat >= 0) - badusage("invalid schedule: `forever'" - " appears more than once"); - repeatat = count; - continue; - } - count++; - } - if (repeatat >= 0) { - schedule[count].type = sched_goto; - schedule[count].value = repeatat; - count++; - } - assert(count == schedule_length); - } -} - -static void -parse_options(int argc, char * const *argv) -{ - static struct option longopts[] = { - { "help", 0, NULL, 'H'}, - { "stop", 0, NULL, 'K'}, - { "start", 0, NULL, 'S'}, - { "version", 0, NULL, 'V'}, - { "startas", 1, NULL, 'a'}, - { "name", 1, NULL, 'n'}, - { "oknodo", 0, NULL, 'o'}, - { "pidfile", 1, NULL, 'p'}, - { "quiet", 0, NULL, 'q'}, - { "signal", 1, NULL, 's'}, - { "test", 0, NULL, 't'}, - { "user", 1, NULL, 'u'}, - { "chroot", 1, NULL, 'r'}, - { "namespace", 1, NULL, 'd'}, - { "verbose", 0, NULL, 'v'}, - { "exec", 1, NULL, 'x'}, - { "chuid", 1, NULL, 'c'}, - { "nicelevel", 1, NULL, 'N'}, - { "background", 0, NULL, 'b'}, - { "make-pidfile", 0, NULL, 'm'}, - { "retry", 1, NULL, 'R'}, - { NULL, 0, NULL, 0} - }; - int c; - - for (;;) { - c = getopt_long(argc, argv, "HKSVa:n:op:qr:d:s:tu:vx:c:N:bmR:", - longopts, (int *) 0); - if (c == -1) - break; - switch (c) { - case 'H': /* --help */ - do_help(); - exit(0); - case 'K': /* --stop */ - stop = 1; - break; - case 'S': /* --start */ - start = 1; - break; - case 'V': /* --version */ - printf("start-stop-daemon " VERSION "\n"); - exit(0); - case 'a': /* --startas */ - startas = optarg; - break; - case 'n': /* --name */ - cmdname = optarg; - break; - case 'o': /* --oknodo */ - exitnodo = 0; - break; - case 'p': /* --pidfile */ - pidfile = optarg; - break; - case 'q': /* --quiet */ - quietmode = 1; - break; - case 's': /* --signal */ - signal_str = optarg; - break; - case 't': /* --test */ - testmode = 1; - break; - case 'u': /* --user | */ - userspec = optarg; - break; - case 'v': /* --verbose */ - quietmode = -1; - break; - case 'x': /* --exec */ - execname = optarg; - break; - case 'c': /* --chuid | */ - /* we copy the string just in case we need the - * argument later. */ - changeuser = strdup(optarg); - changeuser = strtok(changeuser, ":"); - changegroup = strtok(NULL, ":"); - break; - case 'r': /* --chroot /new/root */ - changeroot = optarg; - break; - case 'd': /* --namespace /.../||/name */ - add_namespace(optarg); - break; - case 'N': /* --nice */ - nicelevel = atoi(optarg); - break; - case 'b': /* --background */ - background = 1; - break; - case 'm': /* --make-pidfile */ - mpidfile = 1; - break; - case 'R': /* --retry | */ - schedule_str = optarg; - break; - default: - badusage(NULL); /* message printed by getopt */ - } - } - - if (signal_str != NULL) { - if (parse_signal (signal_str, &signal_nr) != 0) - badusage("signal value must be numeric or name" - " of signal (KILL, INTR, ...)"); - } - - if (schedule_str != NULL) { - parse_schedule(schedule_str); - } - - if (start == stop) - badusage("need one of --start or --stop"); - - if (!execname && !pidfile && !userspec && !cmdname) - badusage("need at least one of --exec, --pidfile, --user or --name"); - - if (!startas) - startas = execname; - - if (start && !startas) - badusage("--start needs --exec or --startas"); - - if (mpidfile && pidfile == NULL) - badusage("--make-pidfile is only relevant with --pidfile"); - - if (background && !start) - badusage("--background is only relevant with --start"); - -} - -static int -pid_is_exec(pid_t pid, const struct stat *esb) -{ - struct stat sb; - char buf[32]; - - sprintf(buf, "/proc/%d/exe", pid); - if (stat(buf, &sb) != 0) - return 0; - return (sb.st_dev == esb->st_dev && sb.st_ino == esb->st_ino); -} - - -static int -pid_is_user(pid_t pid, uid_t uid) -{ - struct stat sb; - char buf[32]; - - sprintf(buf, "/proc/%d", pid); - if (stat(buf, &sb) != 0) - return 0; - return (sb.st_uid == uid); -} - - -static int -pid_is_cmd(pid_t pid, const char *name) -{ - char buf[32]; - FILE *f; - int c; - - sprintf(buf, "/proc/%d/stat", pid); - f = fopen(buf, "r"); - if (!f) - return 0; - while ((c = getc(f)) != EOF && c != '(') - ; - if (c != '(') { - fclose(f); - return 0; - } - /* this hopefully handles command names containing ')' */ - while ((c = getc(f)) != EOF && c == *name) - name++; - fclose(f); - return (c == ')' && *name == '\0'); -} - - -static void -check(pid_t pid) -{ - if (execname && !pid_is_exec(pid, &exec_stat)) - return; - if (userspec && !pid_is_user(pid, user_id)) - return; - if (cmdname && !pid_is_cmd(pid, cmdname)) - return; - push(&found, pid); -} - -static void -do_pidfile(const char *name) -{ - FILE *f; - pid_t pid; - - f = fopen(name, "r"); - if (f) { - if (fscanf(f, "%d", &pid) == 1) - check(pid); - fclose(f); - } else if (errno != ENOENT) - fatal("open pidfile %s: %s", name, strerror(errno)); - -} - -/* WTA: this needs to be an autoconf check for /proc/pid existance. - */ -static void -do_procinit(void) -{ - DIR *procdir; - struct dirent *entry; - int foundany; - pid_t pid; - - procdir = opendir("/proc"); - if (!procdir) - fatal("opendir /proc: %s", strerror(errno)); - - foundany = 0; - while ((entry = readdir(procdir)) != NULL) { - if (sscanf(entry->d_name, "%d", &pid) != 1) - continue; - foundany++; - check(pid); - } - closedir(procdir); - if (!foundany) - fatal("nothing in /proc - not mounted?"); -} - -static void -do_findprocs(void) -{ - clear(&found); - - if (pidfile) - do_pidfile(pidfile); - else - do_procinit(); -} - -/* return 1 on failure */ -static void -do_stop(int signal_nr, int quietmode, int *n_killed, int *n_notkilled, int retry_nr) -{ - struct pid_list *p; - - do_findprocs(); - - *n_killed = 0; - *n_notkilled = 0; - - if (!found) - return; - - clear(&killed); - - for (p = found; p; p = p->next) { - if (testmode) - printf("Would send signal %d to %d.\n", - signal_nr, p->pid); - else if (kill(p->pid, signal_nr) == 0) { - push(&killed, p->pid); - (*n_killed)++; - } else { - printf("%s: warning: failed to kill %d: %s\n", - progname, p->pid, strerror(errno)); - (*n_notkilled)++; - } - } - if (quietmode < 0 && killed) { - printf("Stopped %s (pid", what_stop); - for (p = killed; p; p = p->next) - printf(" %d", p->pid); - putchar(')'); - if (retry_nr > 0) - printf(", retry #%d", retry_nr); - printf(".\n"); - } -} - - -static void -set_what_stop(const char *str) -{ - strncpy(what_stop, str, sizeof(what_stop)); - what_stop[sizeof(what_stop)-1] = '\0'; -} - -static int -run_stop_schedule(void) -{ - int r, position, n_killed, n_notkilled, value, ratio, anykilled, retry_nr; - struct timeval stopat, before, after, interval, maxinterval; - - if (testmode) { - if (schedule != NULL) { - printf("Ignoring --retry in test mode\n"); - schedule = NULL; - } - } - - if (cmdname) - set_what_stop(cmdname); - else if (execname) - set_what_stop(execname); - else if (pidfile) - sprintf(what_stop, "process in pidfile `%.200s'", pidfile); - else if (userspec) - sprintf(what_stop, "process(es) owned by `%.200s'", userspec); - else - fatal("internal error, please report"); - - anykilled = 0; - retry_nr = 0; - - if (schedule == NULL) { - do_stop(signal_nr, quietmode, &n_killed, &n_notkilled, 0); - if (n_notkilled > 0 && quietmode <= 0) - printf("%d pids were not killed\n", n_notkilled); - if (n_killed) - anykilled = 1; - goto x_finished; - } - - for (position = 0; position < schedule_length; ) { - value= schedule[position].value; - n_notkilled = 0; - - switch (schedule[position].type) { - - case sched_goto: - position = value; - continue; - - case sched_signal: - do_stop(value, quietmode, &n_killed, &n_notkilled, retry_nr++); - if (!n_killed) - goto x_finished; - else - anykilled = 1; - goto next_item; - - case sched_timeout: - /* We want to keep polling for the processes, to see if they've exited, - * or until the timeout expires. - * - * This is a somewhat complicated algorithm to try to ensure that we - * notice reasonably quickly when all the processes have exited, but - * don't spend too much CPU time polling. In particular, on a fast - * machine with quick-exiting daemons we don't want to delay system - * shutdown too much, whereas on a slow one, or where processes are - * taking some time to exit, we want to increase the polling - * interval. - * - * The algorithm is as follows: we measure the elapsed time it takes - * to do one poll(), and wait a multiple of this time for the next - * poll. However, if that would put us past the end of the timeout - * period we wait only as long as the timeout period, but in any case - * we always wait at least MIN_POLL_INTERVAL (20ms). The multiple - * (`ratio') starts out as 2, and increases by 1 for each poll to a - * maximum of 10; so we use up to between 30% and 10% of the - * machine's resources (assuming a few reasonable things about system - * performance). - */ - xgettimeofday(&stopat); - stopat.tv_sec += value; - ratio = 1; - for (;;) { - xgettimeofday(&before); - if (timercmp(&before,&stopat,>)) - goto next_item; - - do_stop(0, 1, &n_killed, &n_notkilled, 0); - if (!n_killed) - goto x_finished; - - xgettimeofday(&after); - - if (!timercmp(&after,&stopat,<)) - goto next_item; - - if (ratio < 10) - ratio++; - - TVCALC(interval, ratio * (TVELEM(&after) - TVELEM(&before) + TVADJUST)); - TVCALC(maxinterval, TVELEM(&stopat) - TVELEM(&after) + TVADJUST); - - if (timercmp(&interval,&maxinterval,>)) - interval = maxinterval; - - if (interval.tv_sec == 0 && - interval.tv_usec <= MIN_POLL_INTERVAL) - interval.tv_usec = MIN_POLL_INTERVAL; - - r = select(0,0,0,0,&interval); - if (r < 0 && errno != EINTR) - fatal("select() failed for pause: %s", - strerror(errno)); - } - - default: - assert(!"schedule[].type value must be valid"); - - } - - next_item: - position++; - } - - if (quietmode <= 0) - printf("Program %s, %d process(es), refused to die.\n", - what_stop, n_killed); - - return 2; - -x_finished: - if (!anykilled) { - if (quietmode <= 0) - printf("No %s found running; none killed.\n", what_stop); - return exitnodo; - } else { - return 0; - } -} - -/* -int main(int argc, char **argv) NONRETURNING; -*/ - -int -main(int argc, char **argv) -{ - progname = argv[0]; - - LIST_INIT(&namespace_head); - - parse_options(argc, argv); - argc -= optind; - argv += optind; - - if (execname && stat(execname, &exec_stat)) - fatal("stat %s: %s", execname, strerror(errno)); - - if (userspec && sscanf(userspec, "%d", &user_id) != 1) { - struct passwd *pw; - - pw = getpwnam(userspec); - if (!pw) - fatal("user `%s' not found\n", userspec); - - user_id = pw->pw_uid; - } - - if (changegroup && sscanf(changegroup, "%d", &runas_gid) != 1) { - struct group *gr = getgrnam(changegroup); - if (!gr) - fatal("group `%s' not found\n", changegroup); - runas_gid = gr->gr_gid; - } - if (changeuser && sscanf(changeuser, "%d", &runas_uid) != 1) { - struct passwd *pw = getpwnam(changeuser); - if (!pw) - fatal("user `%s' not found\n", changeuser); - runas_uid = pw->pw_uid; - if (changegroup == NULL) { /* pass the default group of this user */ - changegroup = ""; /* just empty */ - runas_gid = pw->pw_gid; - } - } - - if (stop) { - int i = run_stop_schedule(); - exit(i); - } - - do_findprocs(); - - if (found) { - if (quietmode <= 0) - printf("%s already running.\n", execname); - exit(exitnodo); - } - if (testmode) { - printf("Would start %s ", startas); - while (argc-- > 0) - printf("%s ", *argv++); - if (changeuser != NULL) { - printf(" (as user %s[%d]", changeuser, runas_uid); - if (changegroup != NULL) - printf(", and group %s[%d])", changegroup, runas_gid); - else - printf(")"); - } - if (changeroot != NULL) - printf(" in directory %s", changeroot); - if (nicelevel) - printf(", and add %i to the priority", nicelevel); - printf(".\n"); - exit(0); - } - if (quietmode < 0) - printf("Starting %s...\n", startas); - *--argv = startas; - if (changeroot != NULL) { - if (chdir(changeroot) < 0) - fatal("Unable to chdir() to %s", changeroot); - if (chroot(changeroot) < 0) - fatal("Unable to chroot() to %s", changeroot); - } - if (changeuser != NULL) { - if (setgid(runas_gid)) - fatal("Unable to set gid to %d", runas_gid); - if (initgroups(changeuser, runas_gid)) - fatal("Unable to set initgroups() with gid %d", runas_gid); - if (setuid(runas_uid)) - fatal("Unable to set uid to %s", changeuser); - } - - if (background) { /* ok, we need to detach this process */ - int i, fd; - if (quietmode < 0) - printf("Detatching to start %s...", startas); - i = fork(); - if (i<0) { - fatal("Unable to fork.\n"); - } - if (i) { /* parent */ - if (quietmode < 0) - printf("done.\n"); - exit(0); - } - /* child continues here */ - /* now close all extra fds */ - for (i=getdtablesize()-1; i>=0; --i) close(i); - /* change tty */ - fd = open("/dev/tty", O_RDWR); - ioctl(fd, TIOCNOTTY, 0); - close(fd); - chdir("/"); - umask(022); /* set a default for dumb programs */ - setpgid(0,0); /* set the process group */ - fd=open("/dev/null", O_RDWR); /* stdin */ - dup(fd); /* stdout */ - dup(fd); /* stderr */ - } - if (nicelevel) { - errno = 0; - if (nice(nicelevel) < 0 && errno) - fatal("Unable to alter nice level by %i: %s", nicelevel, - strerror(errno)); - } - if (mpidfile && pidfile != NULL) { /* user wants _us_ to make the pidfile :) */ - FILE *pidf = fopen(pidfile, "w"); - pid_t pidt = getpid(); - if (pidf == NULL) - fatal("Unable to open pidfile `%s' for writing: %s", pidfile, - strerror(errno)); - fprintf(pidf, "%d\n", pidt); - fclose(pidf); - } - set_namespaces(); - execv(startas, argv); - fatal("Unable to start %s: %s", startas, strerror(errno)); -} From 2273a1c9a8b88b5923c66dfe23ee3e0a54a85801 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 5 May 2017 16:50:39 +0100 Subject: [PATCH 06/10] tools: Remove c-compile It is not longer used by any package. Some projects still use it and I haven't updated their builds but they should continue to work. Signed-off-by: Rolf Neugebauer --- tools/c-compile/Dockerfile | 25 ----------------- tools/c-compile/Makefile | 41 ---------------------------- tools/c-compile/compile.sh | 56 -------------------------------------- 3 files changed, 122 deletions(-) delete mode 100644 tools/c-compile/Dockerfile delete mode 100644 tools/c-compile/Makefile delete mode 100755 tools/c-compile/compile.sh diff --git a/tools/c-compile/Dockerfile b/tools/c-compile/Dockerfile deleted file mode 100644 index 0ed0cffc9..000000000 --- a/tools/c-compile/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM alpine:3.5 -RUN \ - apk update && apk upgrade && \ - apk add \ - argp-standalone \ - automake \ - bash \ - bsd-compat-headers \ - build-base \ - cmake \ - curl \ - gcc \ - git \ - libc-dev \ - linux-headers \ - make \ - musl-dev \ - patch \ - util-linux-dev \ - vim \ - && true - -COPY compile.sh /usr/bin/ - -ENTRYPOINT ["/usr/bin/compile.sh"] diff --git a/tools/c-compile/Makefile b/tools/c-compile/Makefile deleted file mode 100644 index 864506bd8..000000000 --- a/tools/c-compile/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -.PHONY: tag push - -BASE=alpine:3.5 -IMAGE=c-compile - -default: push - -hash: Dockerfile compile.sh - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat /lib/apk/db/installed /usr/bin/compile.sh | sha1sum' | sed 's/ .*//' > hash - -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -signed-tag: hash - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \ - docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - -sign: signed-tag - DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - docker rmi $(IMAGE):build || true - -clean: - rm -f hash - -.DELETE_ON_ERROR: diff --git a/tools/c-compile/compile.sh b/tools/c-compile/compile.sh deleted file mode 100755 index 333cf2449..000000000 --- a/tools/c-compile/compile.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh - -# This is designed to compile a single package to a single binary -# so it makes some assumptions about things to simplify config -# to output a single binary (in a tarball) just use -o file -# use --docker to output a tarball for input to docker build - - -set -e - -usage() { - echo "Usage: -o file" - exit 1 -} - -[ $# = 0 ] && usage - -while [ $# -gt 0 ] -do - flag="$1" - case "$flag" in - -o) - [ $# -eq 1 ] && usage - out="$2" - mkdir -p "$(dirname $2)" - shift - ;; - -l*) - LIBS="$LIBS $1" - shift - ;; - *) - echo "Unknown option $1" - exit 1 - esac - shift -done - -[ -z "$out" ] && usage - -package=$(basename "$out") - -dir="/src/$package" - -mkdir -p $dir - -# untar input -tar xf - -C $dir - -( - cd $dir - CFILES=$(find . -name '*.c') - cc -static -O2 -Wall -Werror -o ../../$out $CFILES $LIBS -) - -tar cf - $out -exit 0 From 725853f11dfac6d92e7e8319980b08f70dfbbd3c Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 5 May 2017 16:57:17 +0100 Subject: [PATCH 07/10] Update packages/tests to use the new tini package Signed-off-by: Rolf Neugebauer --- pkg/rngd/Dockerfile | 2 +- test/pkg/virtsock/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/rngd/Dockerfile b/pkg/rngd/Dockerfile index b900f23e4..09cd1ff5a 100644 --- a/pkg/rngd/Dockerfile +++ b/pkg/rngd/Dockerfile @@ -31,7 +31,7 @@ RUN cd $pkgname-$pkgver && \ RUN mkdir -p /tmp/dev /tmp/proc /tmp/sys -FROM linuxkit/tini:6714d66b82b5397f497b2aa05764096ed1ffe7d7@sha256:ba594b96af6195737ce2df702196d7adea2cafde554e18940ee14ad575d27f3b +FROM linuxkit/tini:cb32c9b3ceb16505e1d62919cf28c8b52bf6d57e@sha256:1645296b3e155f8cf672f71f8d20b274bf38ee94c39dd1b58f7b18e0163b00b8 ENTRYPOINT [] WORKDIR / COPY --from=build usr/sbin/rngd usr/sbin/rngd diff --git a/test/pkg/virtsock/Dockerfile b/test/pkg/virtsock/Dockerfile index 6ba3cf281..c38b721c0 100644 --- a/test/pkg/virtsock/Dockerfile +++ b/test/pkg/virtsock/Dockerfile @@ -9,6 +9,6 @@ RUN git checkout $VIRTSOCK_COMMIT RUN make build/virtsock_stress.linux RUN cp -a build/virtsock_stress.linux /virtsock_stress -FROM linuxkit/tini:6714d66b82b5397f497b2aa05764096ed1ffe7d7@sha256:ba594b96af6195737ce2df702196d7adea2cafde554e18940ee14ad575d27f3b +FROM linuxkit/tini:cb32c9b3ceb16505e1d62919cf28c8b52bf6d57e@sha256:1645296b3e155f8cf672f71f8d20b274bf38ee94c39dd1b58f7b18e0163b00b8 COPY --from=virtsock-build virtsock_stress bin/virtsock_stress CMD ["/bin/tini", "/bin/virtsock_stress", "-s", "-v", "1"] From 9cb3c53b8f68f18fbcd796a908897e8155ca5895 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 5 May 2017 16:59:12 +0100 Subject: [PATCH 08/10] tests: Use git tree hash for virtsock package Signed-off-by: Rolf Neugebauer --- test/pkg/virtsock/Makefile | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/test/pkg/virtsock/Makefile b/test/pkg/virtsock/Makefile index a88497657..69278eba1 100644 --- a/test/pkg/virtsock/Makefile +++ b/test/pkg/virtsock/Makefile @@ -1,26 +1,14 @@ .PHONY: tag push -IMAGE=test-virtsock - default: push +IMAGE=test-virtsock DEPS=Dockerfile Makefile -SHASUM=alpine:3.5 -hash: $(DEPS) - find $^ -type f | xargs cat | DOCKER_CONTENT_TRUST=1 docker run --rm -i $(SHASUM) sha1sum | sed 's/ .*//' > $@ -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker build --no-cache -t $(IMAGE):build . && \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build || true +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') + +tag: $(DEPS) + docker build --no-cache -t linuxkit/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker push linuxkit/$(IMAGE):$(shell cat hash) - rm -f hash - -clean: - rm -rf hash - docker rmi $(IMAGE):build || true - -.DELETE_ON_ERROR: + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH) From f0e289439f06a948c84dbd1165f0ebfeb635d198 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 5 May 2017 17:11:48 +0100 Subject: [PATCH 09/10] kernel: Update to use new toybox image Signed-off-by: Rolf Neugebauer --- kernel/Dockerfile | 2 +- scripts/kernels/Dockerfile.deb | 2 +- scripts/kernels/Dockerfile.rpm | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/Dockerfile b/kernel/Dockerfile index da1051f27..57eb00a64 100644 --- a/kernel/Dockerfile +++ b/kernel/Dockerfile @@ -65,7 +65,7 @@ RUN DVER=$(basename $(find /tmp/kernel-modules/lib/modules/ -mindepth 1 -maxdept RUN printf "KERNEL_SOURCE=${KERNEL_SOURCE}\n" > /out/kernel-source-info -FROM linuxkit/toybox-media:eee3dd4d72cd784801e95b1781e6c4f9d8a5e5eb@sha256:7f940e687164ee2676e11c61705c79f7dd2d144ee87ad17a494848a7045f5f53 +FROM linuxkit/toybox-media:b396a375852e5dffc002389d95e0658c8de72914@sha256:a317cc378946ee48cc011cdfc5aa08f0229f5bf10ff70e3690d8f60b36700033 ENTRYPOINT [] CMD [] WORKDIR / diff --git a/scripts/kernels/Dockerfile.deb b/scripts/kernels/Dockerfile.deb index ae03f8c44..9652d1daf 100644 --- a/scripts/kernels/Dockerfile.deb +++ b/scripts/kernels/Dockerfile.deb @@ -20,7 +20,7 @@ RUN cp -a boot/System.map-* /out/System.map RUN tar cf /out/kernel.tar lib RUN tar cf /out/kernel-dev.tar usr || true -FROM linuxkit/toybox-media:d7e82a7d19ccc84c9071fa7a88ecaa58ae958f7c@sha256:4c7d25f2be2429cd08417c36e04161cb924e46f3e419ee33a0aa9ff3a0942e02 +FROM linuxkit/toybox-media:b396a375852e5dffc002389d95e0658c8de72914@sha256:a317cc378946ee48cc011cdfc5aa08f0229f5bf10ff70e3690d8f60b36700033 WORKDIR / ENTRYPOINT [] CMD [] diff --git a/scripts/kernels/Dockerfile.rpm b/scripts/kernels/Dockerfile.rpm index 343aad7f1..332a90996 100644 --- a/scripts/kernels/Dockerfile.rpm +++ b/scripts/kernels/Dockerfile.rpm @@ -21,7 +21,7 @@ RUN cp -a boot/System.map-* /out/System.map || mv lib/modules/*/System.map /out/ RUN tar cf /out/kernel.tar lib RUN tar cf /out/kernel-dev.tar usr || true -FROM linuxkit/toybox-media:d7e82a7d19ccc84c9071fa7a88ecaa58ae958f7c@sha256:4c7d25f2be2429cd08417c36e04161cb924e46f3e419ee33a0aa9ff3a0942e02 +FROM linuxkit/toybox-media:b396a375852e5dffc002389d95e0658c8de72914@sha256:a317cc378946ee48cc011cdfc5aa08f0229f5bf10ff70e3690d8f60b36700033 WORKDIR / ENTRYPOINT [] CMD [] From 423957cfefa3d4c017c895f9df4195704ed6118b Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 5 May 2017 17:34:02 +0100 Subject: [PATCH 10/10] Update YAML files to new packages Signed-off-by: Rolf Neugebauer --- examples/docker.yml | 16 ++++++++-------- examples/gcp.yml | 6 +++--- examples/minimal.yml | 4 ++-- examples/node_exporter.yml | 6 +++--- examples/packet.yml | 6 +++--- examples/redis-os.yml | 2 +- examples/sshd.yml | 6 +++--- examples/swap.yml | 8 ++++---- examples/vmware.yml | 6 +++--- linuxkit.yml | 10 +++++----- projects/etcd/etcd.yml | 12 ++++++------ projects/etcd/prom-us-central1-f.yml | 2 +- projects/kubernetes/kube-master.yml | 10 +++++----- projects/kubernetes/kube-node.yml | 10 +++++----- projects/kubernetes/mounts.rb | 2 +- projects/logging/examples/logging.yml | 4 ++-- projects/miragesdk/examples/mirage-dhcp.yml | 2 +- projects/okernel/examples/okernel_simple.yaml | 4 ++-- projects/swarmd/swarmd.yml | 2 +- test/cases/test-docker-bench.yml | 14 +++++++------- test/cases/test-kernel-config.yml | 4 ++-- test/cases/test-ltp.yml | 2 +- test/cases/test-virtsock-server.yml | 8 ++++---- 23 files changed, 73 insertions(+), 73 deletions(-) diff --git a/examples/docker.yml b/examples/docker.yml index 20d900621..5031c19ad 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -18,19 +18,19 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" + image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" binds: - /dev:/dev - /var:/var:rshared,rbind @@ -40,13 +40,13 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: ntpd - image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" + image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE @@ -66,7 +66,7 @@ services: - CAP_SETGID net: host - name: docker - image: "linuxkit/docker-ce:18d9d2719bc99514c5b1883d5c8a36619e5acb4d" + image: "linuxkit/docker-ce:957306b51f2bc03087833eee2625d60514a5079c" capabilities: - all net: host diff --git a/examples/gcp.yml b/examples/gcp.yml index 38e73462d..d740def8e 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -37,7 +37,7 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/examples/minimal.yml b/examples/minimal.yml index 9726dc929..d9501a0d3 100644 --- a/examples/minimal.yml +++ b/examples/minimal.yml @@ -2,12 +2,12 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f + - linuxkit/init:6c9b2dfac4ac446e57ad83e9817db4b5a334301c - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index b84669eb4..d1ac96baa 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -2,17 +2,17 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f + - linuxkit/init:6c9b2dfac4ac446e57ad83e9817db4b5a334301c - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:fe1b7f438a234cb6481c6538295115eac2a0596d services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/examples/packet.yml b/examples/packet.yml index 606ab58f0..a363b88ca 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:e10e2efc1b78ef41d196175cbc07e069391f406e - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/examples/redis-os.yml b/examples/redis-os.yml index c52b62504..0e34cca79 100644 --- a/examples/redis-os.yml +++ b/examples/redis-os.yml @@ -9,7 +9,7 @@ init: - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b services: - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/examples/sshd.yml b/examples/sshd.yml index c5be08d44..7ac6e7703 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/examples/swap.yml b/examples/swap.yml index 169bdf405..4b28eae27 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -32,14 +32,14 @@ onboot: net: host command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" + image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" binds: - /dev:/dev - /var:/var:rshared,rbind diff --git a/examples/vmware.yml b/examples/vmware.yml index 315697375..1a38a74b4 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" @@ -17,13 +17,13 @@ onboot: readonly: true services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/linuxkit.yml b/linuxkit.yml index 1d12659bf..d20520d79 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -2,10 +2,10 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f + - linuxkit/init:6c9b2dfac4ac446e57ad83e9817db4b5a334301c - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:60e2486a74c665ba4df57e561729aec20758daed - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" @@ -16,12 +16,12 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -33,7 +33,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/projects/etcd/etcd.yml b/projects/etcd/etcd.yml index 57b595245..a6963249c 100644 --- a/projects/etcd/etcd.yml +++ b/projects/etcd/etcd.yml @@ -2,10 +2,10 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:f71c3b30ac1ba4ef16c160c89610fa4976f9752f + - linuxkit/init:6c9b2dfac4ac446e57ad83e9817db4b5a334301c - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:fe1b7f438a234cb6481c6538295115eac2a0596d - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -16,14 +16,14 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" + image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" binds: - /dev:/dev - /var:/var:rshared,rbind @@ -32,7 +32,7 @@ onboot: rootfsPropagation: shared command: ["/mount.sh", "/var/lib/etcd"] - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -59,7 +59,7 @@ services: oomScoreAdj: -800 readonly: true - name: ntpd - image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" + image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE diff --git a/projects/etcd/prom-us-central1-f.yml b/projects/etcd/prom-us-central1-f.yml index a8d70e248..9f639f246 100644 --- a/projects/etcd/prom-us-central1-f.yml +++ b/projects/etcd/prom-us-central1-f.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index d75fef234..6fc6ea530 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -18,12 +18,12 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: @@ -46,7 +46,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: ntpd - image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" + image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index e58f32338..14c82dd08 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -18,12 +18,12 @@ onboot: - name: sysfs image: linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: @@ -46,7 +46,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: ntpd - image: "linuxkit/openntpd:1eb0c05499500c8e44df6160524b79b776bbaa9e" + image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE diff --git a/projects/kubernetes/mounts.rb b/projects/kubernetes/mounts.rb index 2e6977fb0..21dd4835c 100644 --- a/projects/kubernetes/mounts.rb +++ b/projects/kubernetes/mounts.rb @@ -1,6 +1,6 @@ import 'common.rb' -from "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" +from "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" script = [ mount_bind_hostns_self("/etc/cni"), mount_make_hostns_rshared("/etc/cni"), diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index 7ff5d7401..db1951b11 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -17,12 +17,12 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 165fe3448..771cf2862 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN readonly: true - name: binfmt - image: linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a + image: linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index 1700eee9d..74d006e24 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" @@ -21,7 +21,7 @@ services: - CAP_SYS_ADMIN oomScoreAdj: -800 - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index 65c38fe18..2302ddb8e 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -20,7 +20,7 @@ services: oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc diff --git a/test/cases/test-docker-bench.yml b/test/cases/test-docker-bench.yml index 38fcff037..dc3201b59 100644 --- a/test/cases/test-docker-bench.yml +++ b/test/cases/test-docker-bench.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -18,19 +18,19 @@ onboot: - name: sysfs image: "linuxkit/sysfs:6c1d06f28ddd9681799d3950cddf044b930b221c" - name: binfmt - image: "linuxkit/binfmt:aebd6ed6cc29921371ca78314697881086f4577a" + image: "linuxkit/binfmt:131026c0cf6084467316395fed3b358f64bda00c" binds: - /proc/sys/fs/binfmt_misc:/binfmt_misc readonly: true - name: format - image: "linuxkit/format:a16f2bd94a83dd0cea4d490f710567a0cc60be33" + image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551" binds: - /dev:/dev capabilities: - CAP_SYS_ADMIN - CAP_MKNOD - name: mount - image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9" + image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752" binds: - /dev:/dev - /var:/var:rshared,rbind @@ -40,13 +40,13 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp/etc:/etc @@ -57,7 +57,7 @@ services: net: host oomScoreAdj: -800 - name: docker - image: "linuxkit/docker-ce:741bf21513328f674e0cdcaa55492b0b75974e08" + image: "linuxkit/docker-ce:957306b51f2bc03087833eee2625d60514a5079c" capabilities: - all net: host diff --git a/test/cases/test-kernel-config.yml b/test/cases/test-kernel-config.yml index a3337cad8..31703a774 100644 --- a/test/cases/test-kernel-config.yml +++ b/test/cases/test-kernel-config.yml @@ -5,10 +5,10 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc diff --git a/test/cases/test-ltp.yml b/test/cases/test-ltp.yml index 842c2618a..21eb58d85 100644 --- a/test/cases/test-ltp.yml +++ b/test/cases/test-ltp.yml @@ -5,7 +5,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: ltp image: "linuxkit/test-ltp-20170116:81229df2d25065b06f0a3071faaace8d66c87e67" diff --git a/test/cases/test-virtsock-server.yml b/test/cases/test-virtsock-server.yml index 5c6785a03..51950010e 100644 --- a/test/cases/test-virtsock-server.yml +++ b/test/cases/test-virtsock-server.yml @@ -9,7 +9,7 @@ init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - - linuxkit/ca-certificates:5fc6ba7f91534ddbfef975404c33e44581e6ed7a + - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" @@ -21,13 +21,13 @@ onboot: readonly: true services: - name: rngd - image: "linuxkit/rngd:c42fd499690b2cb6e4e6cb99e41dfafca1cf5b14" + image: "linuxkit/rngd:61a07ced77a9747708223ca16a4aec621eacf518" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true - name: dhcpcd - image: "linuxkit/dhcpcd:8837289b78ecd80f59524883085424e115dd0b3a" + image: "linuxkit/dhcpcd:2def74ab3f9233b4c09ebb196ba47c27c08b0ed8" binds: - /var:/var - /tmp:/etc @@ -38,7 +38,7 @@ services: net: host oomScoreAdj: -800 - name: virtsock-server - image: "linuxkit/test-virtsock:89133a5081b44dcda66e57502bcbc783e0a654be" + image: "linuxkit/test-virtsock:bac78d3bffa55b9ab00eb023c32512e260d7fed0" readonly: true trust: image: