This fixes issue #2635 related to no network being passed during an
image upload as no network is required. However a hostname is still
required due to vCenter handing the upload to a vSphere server and it’s
DataStore.
Signed-off-by: Dan Finneran <daniel.finneran@gmail.com>
Pulling the arch suffixed version does not provide any assurance that a
previous build was actually completed.
Signed-off-by: Ian Campbell <ijc@docker.com>
There is more to do on these, but clean up some unused variables,
missing args, stray `\n` etc.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Detect if this is the case by checking if the given path is not in git and
conditionalising anything which would touch git.
Images built from outside git will, in the absence of options to force
otherwise, get tagged "latest".
Fixes: #2613
Signed-off-by: Ian Campbell <ijc@docker.com>
Currently all forward it to os.Stderr, but in my next patch I will want to
direct to /dev/null for one command.
Signed-off-by: Ian Campbell <ijc@docker.com>
Ensure that all git commands are run as if from the package directory using the
`-C` option. Otherwise the various attempts to use git fail if `linuxkit pkg`
is invoked from outside the git repo.
Signed-off-by: Ian Campbell <ijc@docker.com>
Looks like a6b89f1137 ("Update linuxkit/mkimage-*") updated to a
non-existing tag.
linuxkit pkg show-tag tools/mkimage-iso-bios
linuxkit/mkimage-iso-bios:165b051322578cb0c2a4f16253b20f7d2797a502
and docker pull of that image works.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Could be e.g.:
```
pkg:
content-trust-passphrase-command: "lpass show <key> --password"
```
or
```
pkg:
content-trust-passphrase-command: "gpg -d ~/.notary/passphrase.gpg"
```
Signed-off-by: Ian Campbell <ijc@docker.com>
These versions were created by https://github.com/linuxkit/linuxkit/pull/2607
which enables content trust, so drop the sha256 from all of them and ensure
DOCKER_CONTENT_TRUST is unconditionally set when running, since these
references are hardcoded we know they must be signed.
Signed-off-by: Ian Campbell <ijc@docker.com>
AFAICT none of the callers (which all involve one of `linuxkit/mkimage-*`) have
any reason to hit the network.
Signed-off-by: Ian Campbell <ijc@docker.com>
With the old package.mk arrangements we would only append -dirty and -$arch to
the hash if the user didn't specify a HASH= directly. So the following would
work
make ORG=ijc HASH=dev tag
and produce an image `ijc/«image»:dev`.
However the new equivalent:
linuxkit pkg build -org=ijc --hash-=dev
instead produces an image `ijc/«image»:dev-dirty-$arch`. Which is undesirable.
This commit refactors the code in two main ways:
Firstly directly append `-dirty` to the hash as we extract it from git (rather
than on use in the `Tag()` method), and only do this if the user has not
specified an explicit tag. Note that we still track dirtiness in the `Pkg`
object and so will not allow a push (or release) from a dirty tree (the
makefile version would have tried this with unpredictable results), nor will we
apply the `org.opencontainers.image.revision` label to a dirty build.
Secondly if we are not pushing the image+manifest then we retag the -$arch
suffixed image without the the -$arch. This differs from the Makefile version
which would simply have built without the -$arch in the first place, I think
this is an improvement. If we are pushing the manifest-tool remains responsible
for creating the non -$arch image.
Signed-off-by: Ian Campbell <ijc@docker.com>
Previously there would be a make "entering directory" hint in the logs, but
with the switch to `linuxkit pkg` that no longer occurs.
Signed-off-by: Ian Campbell <ijc@docker.com>
Done as follows:
find -name build.yml | xargs dirname | while read d ; do
t=$(linuxkit pkg show-tag $d)
./scripts/update-component-sha.sh --image ${t%:*} ${t#*:}
done
git commit -s test pkg tools blueprints examples projects/kubernetes projects/swarmd docs linuxkit.yml Makefile src
This explicitly excludes projects/* which I did not know whether to update.
Then:
git reset --hard
for i in init runc containerd ca-certificates sysctl dhcpcd getty rngd ; do
o=$(git grep -h "\(image:\|-\) *linuxkit/$i:[0-9a-f]\{40\}" origin/master:linuxkit.yml | awk '// { print $2 }')
n=$(linuxkit pkg show-tag pkg/$i)
./scripts/update-component-sha.sh "$o" "$n"
done
git commit --amend projects
This updates any projects which were using components with the same hash as the
top-level linuxkit.yml.
Signed-off-by: Ian Campbell <ijc@docker.com>
Rather than a hard fail. This allows batch builds of a set of packages without
the surrounding loop needing to be away of the possibility.
Signed-off-by: Ian Campbell <ijc@docker.com>
