We add the 'ovmf' to the mirror instead of installing
it in the rootfs. This way we record the version we are
using.
We already pull a few images (go, tini) from community
so may as well pull ovmf directly via 'packages.x86_64'.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We should always pull and push linuxkit/alpine with content trust
irrespective of architecture, unless explicitly disabled.
Currently, we have to dance around various other issues on arm64,
which are now documented in the Makefile.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Somewhere between the various updates yesterday the hash in
'versions.x86_64' went wrong and there is no image with hash
available on hub.
This commit updates the alpine base to the latest version and
thus rectifies the issue
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This was added in 17.06 and allows us to avoid using `$(BASE):build` which is
not safe against parallel builds etc.
Having done this restructure the build to not always delete the built container
and to separate out the `hash` and `version` file rules so that they can be
included in both the `tag` and `push` targets.
Signed-off-by: Ian Campbell <ijc@docker.com>
Alpine is the base docker image for the LinuxKit, but currently
it only supports amd64 architecture. This patch is try to unify
the alpine tool docker image build process order to suport other
architectures, such as AArch64, by using '--build-arg' to override
the alpine base image specified by 'FROM' in the Dockerfile.
Also this patch splits the standalone packages into 2 parts:
one is common for all archs, another is arch-specific.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
This is actually containerd#1141 rebased onto v1.0.0-alpha1.
The `dist` command has been integreated into `ctr` and so is removed, including
from the getty and sshd bind mounts and the test which uses it is updated..
There is no change to the version of runc vendored by containerd, so this is
unchanged.
Signed-off-by: Ian Campbell <ijc@docker.com>
Otherwise the only record is if the pusher happens to remember to put it in the
commit message (tollerable) or the github PR (not great).
Also add the same show-tag target as `pkg/package.mk` supports, although with a
very different implementation.
The actual hash is unchanged from the previous commit.
Signed-off-by: Ian Campbell <ijc@docker.com>
If a user of linuxkit/alpine wants to produce an image with apk in it then it
is useful for them to have the original upstream repository list.
The new hash is linuxkit/alpine:3744607156e6b67e3e7d083b15be9e7722215e73
Signed-off-by: Ian Campbell <ijc@docker.com>
We expect this (or something very similar) to be merged soon, it fixes#2131 so
moving ahead now.
The new alpine mirror is linuxkit/alpine:6832775a7e861ee2d7842e157688ece52d007142
Signed-off-by: Ian Campbell <ijc@docker.com>
This will make it simpler to temporarily in PRs which are not yet merged (but
are expected to be soon).
Tools alpine is not rebuilt here since we are going to do just that in the next
commit.
Signed-off-by: Ian Campbell <ijc@docker.com>
We should use this from a container at top level instead; it makes it
much harder to port to other architectures if we have to have this as
it is written in Haskell making a multi arch build much harder.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- iproute2 provides a more complete suite of 'ip' utilities than
the busybox implementation. Useful, for debugging.
- iperf3 for network testing
- tcpdump for network debugging
- expect is used in some tests. Adding it to the base image should
make it easier to create a LinuxKit image to self-host CI.
The new version of the base package is:
linuxkit/alpine:3d57ded3edd54e616210cf0c17e3bc15eed9d03a
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Since we have to push all new packages due to 5a225b9d
("Makefile: Fix bug where network was not disabled") we
may as well update the Alpine base to the latest.
The new tag is: 9bcf61f605ef0ce36cc94d59b8eac307862de6e1
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Commit 4699f80e ("test: add test-containerd") added
the containerd commit hash to the alpine base image.
Unfortunately, setting it as ARG does not work and it
needs to be set with ENV for other builds to pick it up.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We'll use abuild in the next commit for building auditd from source.
Also add these audit deps:
* swig
* python3
* libcap-ng-dev
Signed-off-by: Tycho Andersen <tycho@docker.com>
A subsequent commit will update all packages, so we might as well
update all packages to the latest base.
The new hash is: linuxkit/alpine:c608d404c1cb36cce0c7d9303e30b52c9d81ccf0
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Moved qemu-img to keep list fully alphabetical.
Rebuild pushed as linuxkit/alpine:c96f56ef989ccb31fd115d25c1b90f05b992271d
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
iAdd a bunch of packages which are useful for compiling
some of the tools shipped with the Linux kernel source code.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This ovmf package is part of the community repository. We don't
want to "pollute" the Alpine base with it. Luckily it's juts a single
file which we can install and then copy to the base image.
The package is needed for qemu EFI boot.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
While not used anywhere, adding it to the based makes it easy
to add temporarily add it to init (or elsewhere) for debugging.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The Dockerfile is now an input to the contents of the base image and
needs to be included in the hash calculation.
Also, make the Makefile, Dockerfile and pacakges file a dependency.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We use the "official" Alpine based Docker image and extract
the binary and libraries from it and add to the base. Compiling
it from source would require a Haskell setup...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The added packages are necessary to create a base Alpine
container image and for converting more packages.
Update the versions file to the latest versions
Also make the HUB org/registry build time configurable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This means that we limit to one place where we use network access
in building, and in future all other package builds can be deterministic.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
