github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-07-01 17:12:32 +00:00
Code Issues Projects Releases Wiki Activity

Update & fix skopeo multiarch image Containerfiles

Browse Source 
These changes substantially mirror similar updates made recently to both
podman and buildah.  Besides renaming `Dockerfile` -> `Containerfile`,
there are much needed updates to docs, and the build instructions.

Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich 2022-06-07 14:08:46 -04:00
parent 774ff9d16f
commit 2024e2e258
No known key found for this signature in database
GPG Key ID: 03EDC70FD578067F
5 changed files with 111 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.cirrus.yml
View File

@ -189,10 +189,10 @@ image_build_task: &image-build
- env: - env:
CTXDIR: contrib/skopeoimage/stable CTXDIR: contrib/skopeoimage/stable
env: env:
BUILDAH_USERNAME: ENCRYPTED[FIXME] SKOPEO_USERNAME: ENCRYPTED[4195884d23b154553f2ddb26a63fc9fbca50ba77b3e447e4da685d8639ed9bc94b9a86a9c77272c8c80d32ead9ca48da]
BUILDAH_PASSWORD: ENCRYPTED[FIXME] SKOPEO_PASSWORD: ENCRYPTED[36e06f9befd17e5da2d60260edb9ef0d40e6312e2bba4cf881d383f1b8b5a18c8e5a553aea2fdebf39cebc6bd3b3f9de]
CONTAINERS_USERNAME: ENCRYPTED[FIXME] CONTAINERS_USERNAME: ENCRYPTED[dd722c734641f103b394a3a834d51ca5415347e378637cf98ee1f99e64aad2ec3dbd4664c0d94cb0e06b83d89e9bbe91]
CONTAINERS_PASSWORD: ENCRYPTED[FIXME] CONTAINERS_PASSWORD: ENCRYPTED[d8b0fac87fe251cedd26c864ba800480f9e0570440b9eb264265b67411b253a626fb69d519e188e6c9a7f525860ddb26]
main_script: main_script:
- source /etc/automation_environment - source /etc/automation_environment
- main.sh $CIRRUS_REPO_CLONE_URL $CTXDIR - main.sh $CIRRUS_REPO_CLONE_URL $CTXDIR

19
contrib/skopeoimage/README.md
View File

@ -6,7 +6,7 @@
## Overview ## Overview
This directory contains the Dockerfiles necessary to create the skopeoimage container This directory contains the Containerfiles necessary to create the skopeoimage container
images that are housed on quay.io under the skopeo account. All repositories where images that are housed on quay.io under the skopeo account. All repositories where
the images live are public and can be pulled without credentials. These container images are secured and the the images live are public and can be pulled without credentials. These container images are secured and the
resulting containers can run safely with privileges within the container. resulting containers can run safely with privileges within the container.
@ -19,21 +19,22 @@ default to `/`.
The container images are: The container images are:
* `quay.io/containers/skopeo:v<version>` and `quay.io/skopeo/stable:v<version>` - * `quay.io/containers/skopeo:v<version>` and `quay.io/skopeo/stable:v<version>` -
These images are built when a new Skopeo version becomes available in These images are built daily. These images are intended contain an unchanging
Fedora. These images are intended to be unchanging and stable, they will and stable version of skopeo. For the most recent `<version>` tags (`vX`,
never be updated by automation once they've been pushed. For build details, `vX.Y`, and `vX.Y.Z`) the image contents will be updated daily to incorporate
please [see the configuration file](stable/Dockerfile). (especially) security updates. For build details, please[see the configuration
file](stable/Containerfile).
* `quay.io/containers/skopeo:latest` and `quay.io/skopeo/stable:latest` - * `quay.io/containers/skopeo:latest` and `quay.io/skopeo/stable:latest` -
Built daily using the same Dockerfile as above. The skopeo version Built daily using the same Containerfile as above. The skopeo version
will remain the "latest" available in Fedora, however the image will remain the "latest" available in Fedora, however the other image
contents may vary compared to the version-tagged images. contents may vary compared to the version-tagged images.
* `quay.io/skopeo/testing:latest` - This image is built daily, using the * `quay.io/skopeo/testing:latest` - This image is built daily, using the
latest version of Skopeo that was in the Fedora `updates-testing` repository. latest version of Skopeo that was in the Fedora `updates-testing` repository.
The image is Built with [the testing Dockerfile](testing/Dockerfile). The image is Built with [the testing Containerfile](testing/Containerfile).
* `quay.io/skopeo/upstream:latest` - This image is built daily using the latest * `quay.io/skopeo/upstream:latest` - This image is built daily using the latest
code found in this GitHub repository. Due to the image changing frequently, code found in this GitHub repository. Due to the image changing frequently,
it's not guaranteed to be stable or even executable. The image is built with it's not guaranteed to be stable or even executable. The image is built with
[the upstream Dockerfile](upstream/Dockerfile). [the upstream Containerfile](upstream/Containerfile).
## Sample Usage ## Sample Usage

38
contrib/skopeoimage/stable/Containerfile
View File

@ -9,22 +9,36 @@
FROM registry.fedoraproject.org/fedora:latest FROM registry.fedoraproject.org/fedora:latest
# Don't include container-selinux and remove # Don't include container-selinux and remove
# directories used by yum that are just taking # directories used by dnf that are just taking
# up space. Also reinstall shadow-utils as without # up space.
# doing so, the setuid/setgid bits on newuidmap # TODO: rpm --setcaps... needed due to Fedora (base) image builds
# and newgidmap are lost in the Fedora images. # being (maybe still?) affected by
RUN useradd skopeo; yum -y update; yum -y reinstall shadow-utils; yum -y install skopeo fuse-overlayfs --exclude container-selinux; yum -y clean all; rm -rf /var/cache/dnf/* /var/log/dnf* /var/log/yum* # https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3
RUN dnf -y update && \
rpm --setcaps shadow-utils 2>/dev/null && \
dnf -y install skopeo fuse-overlayfs \
--exclude container-selinux && \
dnf clean all && \
rm -rf /var/cache /var/log/dnf* /var/log/yum.*
# Adjust storage.conf to enable Fuse storage. RUN useradd skopeo && \
RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf echo skopeo:100000:65536 > /etc/subuid && \
echo skopeo:100000:65536 > /etc/subgid
# Copy & modify the defaults to provide reference if runtime changes needed.
# Changes here are required for running with fuse-overlay storage inside container.
RUN sed -e 's|^#mount_program|mount_program|g' \
-e '/additionalimage.*/a "/var/lib/shared",' \
-e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
/usr/share/containers/storage.conf \
> /etc/containers/storage.conf
# Setup the ability to use additional stores # Setup the ability to use additional stores
# with this container image. # with this container image.
RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock RUN mkdir -p /var/lib/shared/overlay-images \
/var/lib/shared/overlay-layers && \
# Setup skopeo's uid/guid entries touch /var/lib/shared/overlay-images/images.lock && \
RUN echo skopeo:100000:65536 > /etc/subuid touch /var/lib/shared/overlay-layers/layers.lock
RUN echo skopeo:100000:65536 > /etc/subgid
# Point to the Authorization file # Point to the Authorization file
ENV REGISTRY_AUTH_FILE=/tmp/auth.json ENV REGISTRY_AUTH_FILE=/tmp/auth.json

39
contrib/skopeoimage/testing/Containerfile
View File

@ -10,22 +10,37 @@
FROM registry.fedoraproject.org/fedora:latest FROM registry.fedoraproject.org/fedora:latest
# Don't include container-selinux and remove # Don't include container-selinux and remove
# directories used by yum that are just taking # directories used by dnf that are just taking
# up space. Also reinstall shadow-utils as without # up space.
# doing so, the setuid/setgid bits on newuidmap # TODO: rpm --setcaps... needed due to Fedora (base) image builds
# and newgidmap are lost in the Fedora images. # being (maybe still?) affected by
RUN useradd skopeo; yum -y update; yum -y reinstall shadow-utils; yum -y install skopeo fuse-overlayfs --enablerepo updates-testing --exclude container-selinux; yum -y clean all; rm -rf /var/cache/dnf/* /var/log/dnf* /var/log/yum* # https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3
RUN dnf -y update && \
rpm --setcaps shadow-utils 2>/dev/null && \
dnf -y install skopeo fuse-overlayfs \
--exclude container-selinux \
--enablerepo updates-testing && \
dnf clean all && \
rm -rf /var/cache /var/log/dnf* /var/log/yum.*
# Adjust storage.conf to enable Fuse storage. RUN useradd skopeo && \
RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf echo skopeo:100000:65536 > /etc/subuid && \
echo skopeo:100000:65536 > /etc/subgid
# Copy & modify the defaults to provide reference if runtime changes needed.
# Changes here are required for running with fuse-overlay storage inside container.
RUN sed -e 's|^#mount_program|mount_program|g' \
-e '/additionalimage.*/a "/var/lib/shared",' \
-e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
/usr/share/containers/storage.conf \
> /etc/containers/storage.conf
# Setup the ability to use additional stores # Setup the ability to use additional stores
# with this container image. # with this container image.
RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock RUN mkdir -p /var/lib/shared/overlay-images \
/var/lib/shared/overlay-layers && \
# Setup skopeo's uid/guid entries touch /var/lib/shared/overlay-images/images.lock && \
RUN echo skopeo:100000:65536 > /etc/subuid touch /var/lib/shared/overlay-layers/layers.lock
RUN echo skopeo:100000:65536 > /etc/subgid
# Point to the Authorization file # Point to the Authorization file
ENV REGISTRY_AUTH_FILE=/tmp/auth.json ENV REGISTRY_AUTH_FILE=/tmp/auth.json

76
contrib/skopeoimage/upstream/Containerfile
View File

@ -9,43 +9,55 @@
FROM registry.fedoraproject.org/fedora:latest FROM registry.fedoraproject.org/fedora:latest
# Don't include container-selinux and remove # Don't include container-selinux and remove
# directories used by yum that are just taking # directories used by dnf that are just taking
# up space. Also reinstall shadow-utils as without # up space.
# doing so, the setuid/setgid bits on newuidmap # TODO: rpm --setcaps... needed due to Fedora (base) image builds
# and newgidmap are lost in the Fedora images. # being (maybe still?) affected by
RUN useradd skopeo; yum -y update; yum -y reinstall shadow-utils; \ # https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3
yum -y install make \ RUN dnf -y update && \
golang \ rpm --setcaps shadow-utils 2>/dev/null && \
git \ dnf -y --enablerepo updates-testing --exclude container-selinux install \
go-md2man \ make \
fuse-overlayfs \ golang \
fuse3 \ git \
containers-common \ go-md2man \
gpgme-devel \ fuse-overlayfs \
libassuan-devel \ fuse3 \
btrfs-progs-devel \ containers-common \
device-mapper-devel --enablerepo updates-testing --exclude container-selinux; \ gpgme-devel \
mkdir /root/skopeo; \ libassuan-devel \
git clone https://github.com/containers/skopeo /root/skopeo/src/github.com/containers/skopeo; \ btrfs-progs-devel \
export GOPATH=/root/skopeo; \ device-mapper-devel && \
cd /root/skopeo/src/github.com/containers/skopeo; \ mkdir /root/skopeo && \
make bin/skopeo;\ git clone https://github.com/containers/skopeo \
make PREFIX=/usr install;\ /root/skopeo/src/github.com/containers/skopeo && \
rm -rf /root/skopeo/*; \ export GOPATH=/root/skopeo && \
yum -y remove git golang go-md2man make; \ cd /root/skopeo/src/github.com/containers/skopeo && \
yum -y clean all; yum -y clean all; rm -rf /var/cache/dnf/* /var/log/dnf* /var/log/yum* make bin/skopeo && \
make PREFIX=/usr install && \
rm -rf /root/skopeo/* && \
dnf -y remove git golang go-md2man make && \
dnf clean all && \
rm -rf /var/cache /var/log/dnf* /var/log/yum.*
RUN useradd skopeo && \
echo skopeo:100000:65536 > /etc/subuid && \
echo skopeo:100000:65536 > /etc/subgid
# Adjust storage.conf to enable Fuse storage. # Copy & modify the defaults to provide reference if runtime changes needed.
RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf # Changes here are required for running with fuse-overlay storage inside container.
RUN sed -e 's|^#mount_program|mount_program|g' \
-e '/additionalimage.*/a "/var/lib/shared",' \
-e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
/usr/share/containers/storage.conf \
> /etc/containers/storage.conf
# Setup the ability to use additional stores # Setup the ability to use additional stores
# with this container image. # with this container image.
RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock RUN mkdir -p /var/lib/shared/overlay-images \
/var/lib/shared/overlay-layers && \
# Setup skopeo's uid/guid entries touch /var/lib/shared/overlay-images/images.lock && \
RUN echo skopeo:100000:65536 > /etc/subuid touch /var/lib/shared/overlay-layers/layers.lock
RUN echo skopeo:100000:65536 > /etc/subgid
# Point to the Authorization file # Point to the Authorization file
ENV REGISTRY_AUTH_FILE=/tmp/auth.json ENV REGISTRY_AUTH_FILE=/tmp/auth.json