JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,511 Commits
7 Branches
72 Tags
27 MiB
Commit Graph

103 Commits (docker-18.09)

Author SHA1 Message Date
Tonis Tiigi 3926820e3a update dockerfile repo location 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-12-03 11:06:17 +01:00
Akihiro Suda 1803138c38 update shadow to 20181125 
shadow-maint/shadow@52c081b (20181028) caused a regression that results in
`newuidmap: open of uid_map failed: Permission denied`.

The regression was fixed in shadow-maint/shadow@59c2dab (20181125).

Note that docker.io/moby/buildkit images are not affected by the
regression, because we forgot to update the rootless-base-external
image when we updated the shadow package before.

Related: genuinetools/img#191 genuinetools/img#196

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-11-30 13:38:34 +09:00
Kunal Kushwaha 373dc26a4f replace git: with https: 
git ports are restricted by corporate proxies,
whereas https proto is always allowed

Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 2018-11-15 11:50:53 +09:00
Alice Frosi a008ce3ccd Set GOARCH=amd64 for building stage for darwin/windows 
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
 2018-11-08 12:50:22 +01:00
Akihiro Suda 3a7209cde2 unfork newuidmap/newgidmap 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-10-29 16:01:04 +09:00
Akihiro Suda d4a617b695 test.buildkit.Dockerfile: fix rootless-base-external 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-10-17 01:21:16 +09:00
Akihiro Suda 0d80bd17a3
Merge pull request #687 from tonistiigi/dockerfile-testing 
dockerfile: add testing external dockerfile features
 2018-10-16 15:58:55 +09:00
Akihiro Suda ed64652d71 rootless: use Giuseppe's newuidmap/newgidmap 
Apply https://github.com/shadow-maint/shadow/pull/132 so that newuidmap/newgidmap
doesn't require CAP_SYS_ADMIN

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-10-16 15:11:05 +09:00
Tonis Tiigi 2f8f0194c2 hack: remove musl dependency 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-15 22:27:13 -07:00
Tonis Tiigi b15990f799 hack: add better caching 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-15 22:27:13 -07:00
Tonis Tiigi 1be3e43527 testutil: add testing a random worker 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-15 22:27:13 -07:00
Tonis Tiigi 706fa2556a dockerfile: add testing external dockerfile features 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-15 22:27:07 -07:00
Akihiro Suda 048130d1d0 simplify rootless 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-10-16 14:05:58 +09:00
Tonis Tiigi fb9e2c1030 vendor: update containerd to v1.2.0-rc.1 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-12 15:27:54 -07:00
Tonis Tiigi fb5324c609 hack: add tarball release 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-11 11:57:27 -07:00
Tonis Tiigi 106834d708 hack: add git to rootless stage 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-11 10:23:15 -07:00
Tonis Tiigi a74027cb41 hack: add release script 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-11 10:23:15 -07:00
Tonis Tiigi ddfb7f77c9 hack: update test dockerfiles to buildkit 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-10 23:26:05 -07:00
Tõnis Tiigi 083d8b6ad9
Merge pull request #662 from AkihiroSuda/update-rootlesskit 
update rootlesskit
 2018-10-02 23:18:07 -07:00
Akihiro Suda 40c8b4828a update rootlesskit 
For fix subgid interpretation (rootless-containers/rootlesskit@7c48b83f9c)

Full changes: https://github.com/rootless-containers/rootlesskit/compare/20b0fc...d843aa

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-10-03 14:57:25 +09:00
Akihiro Suda fa92effc4b dockerfile: add support for RUN --mount=type=ssh 
* Needs to be compiled with `dfrunmount dfssh`
* Implemented options:
 * `type`(required): needs to be `ssh`
 * `target`(optional): the socket path in the container
 * `id`(optional): id

Test script:

	#!/bin/bash
	set -exu -o pipefail
	REF=localhost:5000/dfssh:latest
	ssh-add -l
	sudo buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=frontend/dockerfile/cmd/dockerfile-frontend \
	  --frontend-opt "build-arg:BUILDTAGS=dfrunmount dfssh" \
	  --exporter=image --exporter-opt name=$REF --exporter-opt push=true
	mkdir -p /tmp/foo
	cd /tmp/foo
	cat << EOF > Dockerfile
	# syntax=$REF
	FROM alpine
	RUN apk add --no-cache openssh-client
	RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
	RUN --mount=type=ssh ssh git@gitlab.com
	# "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here
	EOF
	sudo buildctl build --ssh default=$SSH_AUTH_SOCK --progress=plain --frontend=dockerfile.v0 --local context=. --local dockerfile=.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-10-03 14:53:43 +09:00
Tonis Tiigi d40d557692 dockerfile: fix building dfextall 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-02 10:33:18 -07:00
Tonis Tiigi 0d84f6e163 hack: update buildkit dockerfiles to go1.11 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-17 10:41:33 -07:00
Tonis Tiigi 49fdb4c078 hack: prefer buildkit for generated files 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-17 10:35:59 -07:00
Tonis Tiigi 1dceb3b060 hack: refactor lint to use buildkit 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-17 10:35:59 -07:00
Akihiro Suda bf571a519e update Go to 1.11 
For consistency with Moby (moby/moby#37358)

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-09-15 14:25:11 +09:00
Akihiro Suda 2fa4c37854 update containerd (binary: v1.1.3, library: Aug 23, 2018) 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-08-23 16:21:55 +09:00
Ian Campbell 0cf39e59ec hack/test: remove `$iidfile` earlier 
We don't need it once we have assigned to `$iid`, so remove it otherwise it can
be leaked if any of the `docker run` lines fails (since we immediately exit due
to `set -e`).

Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-07-10 13:59:39 +01:00
Akihiro Suda 864fa7465e integration: rename "/opt/containerd-1.0/bin/containerd" worker to "containerd-1.0" 
Having '/' in a worker name is confusing.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-07-06 15:32:02 +09:00
Akihiro Suda 580dbe08b9 rootless: add integration tests 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-07-04 19:27:54 +09:00
Akihiro Suda 7bddb1d268 rootless: update Dockerfile 
* AkihiroSuda/rootlesskit -> rootless-containers/rootlesskit
* /home/user/.local/run -> /run/user/1000

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-07-04 16:11:52 +09:00
Yuichiro Kaneko 9302734deb Fix "cat: can't open '.tmp/ldflags': No such file or directory" errors 
The error appears in

```
RUN go build -ldflags "$(cat .tmp/ldflags)" -o /buildctl.exe ./cmd/buildctl
```

and

```
RUN go build -ldflags "$(cat .tmp/ldflags)" -o /buildkitd.exe ./cmd/buildkitd
```

We ignore ".tmp" by ".dockerignore" file, so `COPY . .`
does not copy ".tmp".
This commit changes the image for "cross-windows" and removes
not needed instructions which are done by "buildkit-base".

This is follow up of https://github.com/moby/buildkit/pull/398

Signed-off-by: Yuichiro Kaneko <spiketeika@gmail.com>
 2018-06-30 18:52:03 +09:00
Akihiro Suda 60344aa592
Merge pull request #442 from tonistiigi/runmount 
dockerfile: add run --mount support
 2018-06-09 02:35:34 +09:00
Akihiro Suda 47a00b84fe update containerd library 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-06-08 21:44:17 +09:00
Tonis Tiigi af03a526e7 dockerfile: run -—mount initial support 
Supports binds from images and context and cache mounts.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-06-07 16:23:40 -07:00
Tonis Tiigi 347b6a3d74 hack: mitigate bug in old docker version 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-06-04 23:54:44 -07:00
Akihiro Suda 18ac6e2d9a test.Dockerfile: new target: "rootless" 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-06-04 23:17:03 +09:00
Akihiro Suda f350cbeb53 hack: embed git revison into binaries 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-05-21 20:00:45 +09:00
Akihiro Suda 72c08b5cb9 update containerd (binary: v1.1.0, library: May 11, 2018) 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-05-11 15:46:15 +09:00
Akihiro Suda 062c2e8432 integration: add containerd v1.1 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-05-10 19:10:16 +09:00
Tõnis Tiigi 89f8bc1c02
Merge pull request #329 from AkihiroSuda/containerd-20180403 
update containerd (binary: v1.0.3, library: Apr 3, 2018)
 2018-04-04 10:05:42 -07:00
Akihiro Suda 126f91dea7 update containerd (binary: v1.0.3, library: Apr 3, 2018) 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-04-04 17:22:20 +09:00
Akihiro Suda aabfa3b84a
Merge pull request #324 from ijc/readonly-rootfs-execop 
Make llb.ReadonlyRootFS usable with common container images
 2018-04-04 11:43:44 +09:00
Ian Campbell 8a51342bd5 Correct instructional message 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-04-03 13:45:50 +01:00
Ian Campbell ec18d4ead1 generate-files: auto sync gogo version to vendor.conf 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-04-03 13:45:50 +01:00
Ian Campbell d9b64588cb Regenerate protobuf go file with gogoproto v0.5 
This matches the version in vendor.conf, the previous version was `v0.5~25`
according to `git describe`.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-04-03 13:45:50 +01:00
Ian Campbell 4bae684e32 Invert tags on runc worker test so they run by default. 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-04-03 11:01:46 +01:00
Tõnis Tiigi 44b843d50d
Merge pull request #323 from ijc/protobuf-regen 
Validation and (controlled) generation for go generate'd files.
 2018-03-28 10:12:14 -07:00
Ian Campbell 17069fe7e4 Validation and (controlled) generation for go generate'd files. 
Modelled after the vendor support provide a validator and an updator for files
produced by `go generate` (which today just means `*.pb.go`).

Main difference from the vendor support is that we are no longer simply nuking
and replacing a single directory, so I ended up hardcoding `*.pb.go` in a bunch
of places which I don't like but cannot see a way around which doesn't risk
nuking people's other local changes.

The generated files are placed in an unpacked form in a `FROM scratch`
container for update. Use a subdirectory and `tar --strip-components` (portable
to MacOS and Linux according to `tar(1)`) since trying to do a `docker export`
of just the root ends up adding `.dockerenv`, `sys`, `proc` and `dev` to the
source tree.

The validate container is not `FROM scratch` because we want `cat`.

The run in `frontend/gateway/pb/generate.go` was missing an include so fix
that.

The versions of `protoc` and the gogo plugins were chosen to regenerate the
existing code as closely as possible. The updates to `*.pg.go` here are all the
result of regenerating with go1.9 which fixed
https://github.com/golang/go/issues/17663 and replaced an invalid timestamp in
the gzip header of the data encoded in `fileDescriptor*`, and adopted a new
standard for marking generated files.

Finally, I noticed that my `docker run`s were missing an `--rm` which I
inherited from `validate-vendor`, so fix all those.

Closes: #322

Signed-off-by: Ian Campbell <ijc@docker.com>
 2018-03-28 10:52:16 +01:00
Jess Frazelle 4158ef3851
add seccomp to binary building 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
 2018-03-23 12:59:15 -04:00