With the old package.mk arrangements we would only append -dirty and -$arch to
the hash if the user didn't specify a HASH= directly. So the following would
work
make ORG=ijc HASH=dev tag
and produce an image `ijc/«image»:dev`.
However the new equivalent:
linuxkit pkg build -org=ijc --hash-=dev
instead produces an image `ijc/«image»:dev-dirty-$arch`. Which is undesirable.
This commit refactors the code in two main ways:
Firstly directly append `-dirty` to the hash as we extract it from git (rather
than on use in the `Tag()` method), and only do this if the user has not
specified an explicit tag. Note that we still track dirtiness in the `Pkg`
object and so will not allow a push (or release) from a dirty tree (the
makefile version would have tried this with unpredictable results), nor will we
apply the `org.opencontainers.image.revision` label to a dirty build.
Secondly if we are not pushing the image+manifest then we retag the -$arch
suffixed image without the the -$arch. This differs from the Makefile version
which would simply have built without the -$arch in the first place, I think
this is an improvement. If we are pushing the manifest-tool remains responsible
for creating the non -$arch image.
Signed-off-by: Ian Campbell <ijc@docker.com>
'make firmware_install' adds the firmware blobs creating
during the build to '/lib/firmware' in the result tarball.
This should be installed along with the kernel modules.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Previously there would be a make "entering directory" hint in the logs, but
with the switch to `linuxkit pkg` that no longer occurs.
Signed-off-by: Ian Campbell <ijc@docker.com>
Done as follows:
find -name build.yml | xargs dirname | while read d ; do
t=$(linuxkit pkg show-tag $d)
./scripts/update-component-sha.sh --image ${t%:*} ${t#*:}
done
git commit -s test pkg tools blueprints examples projects/kubernetes projects/swarmd docs linuxkit.yml Makefile src
This explicitly excludes projects/* which I did not know whether to update.
Then:
git reset --hard
for i in init runc containerd ca-certificates sysctl dhcpcd getty rngd ; do
o=$(git grep -h "\(image:\|-\) *linuxkit/$i:[0-9a-f]\{40\}" origin/master:linuxkit.yml | awk '// { print $2 }')
n=$(linuxkit pkg show-tag pkg/$i)
./scripts/update-component-sha.sh "$o" "$n"
done
git commit --amend projects
This updates any projects which were using components with the same hash as the
top-level linuxkit.yml.
Signed-off-by: Ian Campbell <ijc@docker.com>
Signing is not setup for this repositories. It seems it hasn't been updated
since before trust was added since the previous Makefile metadata (which was
translated in build.yml) did not contain `NOTRUST=1`.
Signed-off-by: Ian Campbell <ijc@docker.com>
Rather than a hard fail. This allows batch builds of a set of packages without
the surrounding loop needing to be away of the possibility.
Signed-off-by: Ian Campbell <ijc@docker.com>
Signing is not setup for these repositories. It seems they haven't been updated
since before trust was added since their previous Makefile metadata (which was
translated in build.yml) did not contain `NOTRUST=1`.
Signed-off-by: Ian Campbell <ijc@docker.com>
By running:
./scripts/update-component-sha.sh --image linuxkit/alpine ad35b6ddbc70faa07e59a9d7dee7707c08122e8d
Signed-off-by: Ian Campbell <ijc@docker.com>
This was done with the following "script":
git rm pkg/{auditd,binfmt,init}/Makefile
sed -e 's/IMAGE=/image: /g' -i pkg/*/Makefile
sed -e 's/NETWORK=1/network: true/g' -i pkg/*/Makefile
sed -e 's/ARCHES=x86_64/arches:\n - amd64/g' -i pkg/*/Makefile
sed -e '/DEPS:\?=/d' -i pkg/*/Makefile
sed -e '/ARCHES=SKIP/d' -i pkg/node_exporter/Makefile
sed -e 's/include \.\.\/package.mk//g' -i pkg/*/Makefile
sed -e '/^$/d' -i pkg/*/Makefile
git mv pkg/node_exporter/Makefile pkg/node_exporter/build.yml-skip
for i in pkg/*/Makefile ; do git mv $i ${i%Makefile}build.yml ; done
and manual update of pkg/Makefile.
Signed-off-by: Ian Campbell <ijc@docker.com>
tools/alpine and tools/guestfs are omitted since they do not currently use
pkg/package.mk and do their own thing. Slightly hacky arrangements are made for
these. Note that previously they were only recursed into for their default
target (push) and that behaviour is retained.
Signed-off-by: Ian Campbell <ijc@docker.com>
Current versions of Docker complain:
Sending build context to Docker daemon 5.12kB
Step 1/4 : FROM linuxkit/guestfs@sha256:62e810869e83dabe04af7ac8fcd81d9f177d986a3424dcb9c4eb5439993c962f
...
Successfully tagged linuxkit/mkimage-gcp:736880776838c8f41c081276d9c017ae6adbf1bb-amd64
Tagging linuxkit/guestfs@sha256:62e810869e83dabe04af7ac8fcd81d9f177d986a3424dcb9c4eb5439993c962f as linuxkit/guestfs:aecc40bf84ce4f4238e06934c46d7cc570a39eed@sha256:62e810869e83dabe04af7ac8fcd81d9f177d986a3424dcb9c4eb5439993c962f
refusing to create a tag with a digest reference
../../pkg/package.mk:82: recipe for target 'tag-y' failed
Just use the digest for now. Perhaps someone will have time to fixup this build
properly at some point.
Make the same change to test/pkg/ltp.
Signed-off-by: Ian Campbell <ijc@docker.com>
Using explicit targets is cleaner and easier to follow.
Also add `forcepush` to pkg and test/pkg and make `push` explicit.
The `dirs` phony was non-existent in all three cases. Likewise `$(DIR)` wasn't
used in that way in pkg or test/pkg and is nolonger used in that way in tools.
Finally, `clean` was bogus in all cases (tools cleaned a thing which never
exists and pkg and test/pkg were a syntax error).
Signed-off-by: Ian Campbell <ijc@docker.com>
