Moby is moving to using pigz instead of the the golang gzip
library (https://github.com/moby/moby/pull/35697)
Include pigz in the base for downstream projects to use.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The iucode_tool is used to convert the Intel CPU microcode
binaries into a cpio archive. There is no alpine package
for it, so compile it from source.
This is for x86_64 only and on other archs we create a empty
file.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Before the alpine base image is multi-arch and signed, the
DOCKER_CONTENT_TRUST=1 doesn't work on AArch64 for 'docker build'.
Now since the alpine base image is already multi-arch and signed,
also we've used 'push_manifest.sh' to push and sign linuxkit/image,
so we can remove this workaround.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
Note that a237b51511 ("Bump alpine base across the board.") inadvertently
corrupted `tools/alpine/versions.aarch64` (by updating it to the amd64 hash),
this commit corrects this as part of the rebuild.
Signed-off-by: Ian Campbell <ijc@docker.com>
By running:
./scripts/update-component-sha.sh --image linuxkit/alpine ad35b6ddbc70faa07e59a9d7dee7707c08122e8d
Signed-off-by: Ian Campbell <ijc@docker.com>
On x86_64, the blkid package gets installed as a dependency, but
not on arm64. Explicitly add it as the new format package depends
on it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Currently projects/kubernetes pulls in the binaries, adding these dependencies
will allow us to build them as part of our packaging process.
Signed-off-by: Ian Campbell <ijc@docker.com>
This makes it easier to add the containerd testing tools like
`containerd-stress` to test packages, for example, and also at
some point move `ctr` out of the base image as it can be installed
from the alpine image.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The first is needed by the okernel project and last two to run
configure on the zfs kernel modules.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
As discussed before, as we use this in three places, cloning in
base makes more sense.
Update base image.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
These are needed by Kubernetes which is currently not using the standard abse image.
Also sort it.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Also adjust the 'linuxkit/alpine' script to follow the
same pattern.
The new version of the script extract username/password from
the credential helper (or docker) and build and 'expect'
script to feed the info to 'notary'.
They can be invoked by:
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="phrase" ./push-manifest.sh ...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- append a architecture specific suffix (-amd64, -arm64) to the
image
- add a script which looks up the hashes from the 'versions' file
and creates a multi-arch manifest
- the manifest is pushed to hub and signed with notary
The new linuxkit/alpine multi-arch image is available with the
x86_64 hash without the '-amd64' suffix.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This should reduce instability due to different people's environment. This
undoes the reordering done by "alpine: Update to containerd v1.0.0-alpha2",
leaving just the hash update (as expected).
Signed-off-by: Ian Campbell <ijc@docker.com>
