Commit Graph

125 Commits (37ae84ba1959e633fb061ca6a6fdef3865640943)

Author SHA1 Message Date
Sebastiaan van Stijn ac7893837f
hack/binaries: add BUILDKITD_TAGS
This makes setting build-tags more convenient;

    make binaries BUILDKITD_TAGS="$(cat frontend/dockerfile/release/experimental/tags)"

Based-on-patch-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-20 21:22:55 +02:00
Tõnis Tiigi 3cf36fe946
Merge pull request #895 from chendave/mailbox
test: avoid the error message when creating a user
2019-03-30 02:30:49 -07:00
Akihiro Suda 1795cfa25b test.Dockerfile: set BUILDKIT_HOST for rootless image
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-26 21:25:01 +09:00
Dave Chen ed0c226cde test: avoid the error message when creating a user
Run this command:
`docker build --tag davetest -f ./hack/dockerfiles/test.Dockerfile --target integration-tests`
Will throw this error message:
`Executing busybox-1.29.3-r10.trigger
OK: 184 MiB in 43 packages
Creating mailbox file: No such file or directory`

Not impact functionality but a little bit annoying.

Signed-off-by: Dave Chen <dave.chen@arm.com>
2019-03-22 21:03:18 -07:00
Dave Chen 28c9923fc1 Stop using the deprecated flag "--frontend-opt" for build
This patch replace "--frontend-opt" to "--opt" for the place
where it is appliable.

Signed-off-by: Dave Chen <dave.chen@arm.com>
2019-03-20 19:04:14 -07:00
Dave Chen c7ac2f392a Stop using the deprecated way for build
Signed-off-by: Dave Chen <dave.chen@arm.com>
2019-03-19 19:01:31 -07:00
Akihiro Suda cd89a8ce3d go 1.12
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-17 04:38:23 +09:00
Sebastiaan van Stijn a18c3d0dd5
Merge pull request #876 from tonistiigi/fix-latest-tagging
hack: fix tagging latest images on release
2019-03-15 02:10:28 +01:00
Tonis Tiigi a469f28267 hack: fix tagging latest images on release
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-14 16:18:48 -07:00
po3rin 31f565bc8c rm useless spaces
Signed-off-by: HiromuNakamura <abctail30@gmail.com>
2019-03-15 00:08:04 +09:00
Tonis Tiigi 216a54283b hack: fix buildkit detection of sh
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-10 23:48:12 -07:00
Akihiro Suda 340cb430aa Makefile: new target: images
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-02 15:42:10 +09:00
Akihiro Suda 05ccbce8f5 bump up runc (CVE-2019-5736)
0a8e4117e7
https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/Tc1ELm-8oDI

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-02-11 23:41:25 +09:00
Tõnis Tiigi ac64f29f63
Merge pull request #800 from tiborvass/gomod
Migrate to go mod
2019-02-01 11:13:41 -08:00
Tibor Vass 175506ff7f hack: update scripts to be go mod compatible
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-01-31 22:44:47 +00:00
Tonis Tiigi aed586f558 travis: include win/darwin binaries in cross
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-01-30 15:38:06 -08:00
Akihiro Suda b42582793a bump up runc
Including critical security fix for `runc run --no-pivot` (unlikely to
affect BuildKit): https://github.com/opencontainers/runc/pull/1962

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-01-15 16:23:21 +09:00
Patrick Van Stee f6c2487225
Isolate generated files for easier copying
Signed-off-by: Patrick Van Stee <patrick@vanstee.me>
2019-01-06 06:49:52 -05:00
Tõnis Tiigi c471ab81af
Merge pull request #761 from AkihiroSuda/containerd-121
update containerd to v1.2.1, runc to v1.0.0-rc6
2018-12-28 14:46:53 +02:00
Akihiro Suda 6ed72d683f update containerd to v1.2.1, runc to v1.0.0-rc6
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-12-26 19:48:01 +09:00
Tõnis Tiigi d1f5d3a65f
Merge pull request #456 from thaJeztah/add_maintainers
Add MAINTAINERS, AUTHORS files
2018-12-17 14:08:55 +00:00
Tonis Tiigi 3926820e3a update dockerfile repo location
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-12-03 11:06:17 +01:00
Sebastiaan van Stijn 7adf7139e6
Add MAINTAINERS, AUTHORS files
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-02 14:32:28 +01:00
Akihiro Suda 1803138c38 update shadow to 20181125
shadow-maint/shadow@52c081b (20181028) caused a regression that results in
`newuidmap: open of uid_map failed: Permission denied`.

The regression was fixed in shadow-maint/shadow@59c2dab (20181125).

Note that docker.io/moby/buildkit images are not affected by the
regression, because we forgot to update the rootless-base-external
image when we updated the shadow package before.

Related: genuinetools/img#191 genuinetools/img#196

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-11-30 13:38:34 +09:00
Kunal Kushwaha 373dc26a4f replace git: with https:
git ports are restricted by corporate proxies,
whereas https proto is always allowed

Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
2018-11-15 11:50:53 +09:00
Alice Frosi a008ce3ccd Set GOARCH=amd64 for building stage for darwin/windows
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
2018-11-08 12:50:22 +01:00
Akihiro Suda 3a7209cde2 unfork newuidmap/newgidmap
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-29 16:01:04 +09:00
Akihiro Suda d4a617b695 test.buildkit.Dockerfile: fix rootless-base-external
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-17 01:21:16 +09:00
Akihiro Suda 0d80bd17a3
Merge pull request #687 from tonistiigi/dockerfile-testing
dockerfile: add testing external dockerfile features
2018-10-16 15:58:55 +09:00
Akihiro Suda ed64652d71 rootless: use Giuseppe's newuidmap/newgidmap
Apply https://github.com/shadow-maint/shadow/pull/132 so that newuidmap/newgidmap
doesn't require CAP_SYS_ADMIN

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-16 15:11:05 +09:00
Tonis Tiigi 2f8f0194c2 hack: remove musl dependency
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-15 22:27:13 -07:00
Tonis Tiigi b15990f799 hack: add better caching
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-15 22:27:13 -07:00
Tonis Tiigi 1be3e43527 testutil: add testing a random worker
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-15 22:27:13 -07:00
Tonis Tiigi 706fa2556a dockerfile: add testing external dockerfile features
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-15 22:27:07 -07:00
Akihiro Suda 048130d1d0 simplify rootless
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-16 14:05:58 +09:00
Tonis Tiigi fb9e2c1030 vendor: update containerd to v1.2.0-rc.1
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-12 15:27:54 -07:00
Tonis Tiigi fb5324c609 hack: add tarball release
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-11 11:57:27 -07:00
Tonis Tiigi 106834d708 hack: add git to rootless stage
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-11 10:23:15 -07:00
Tonis Tiigi a74027cb41 hack: add release script
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-11 10:23:15 -07:00
Tonis Tiigi ddfb7f77c9 hack: update test dockerfiles to buildkit
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-10 23:26:05 -07:00
Tõnis Tiigi 083d8b6ad9
Merge pull request #662 from AkihiroSuda/update-rootlesskit
update rootlesskit
2018-10-02 23:18:07 -07:00
Akihiro Suda 40c8b4828a update rootlesskit
For fix subgid interpretation (rootless-containers/rootlesskit@7c48b83f9c)

Full changes: https://github.com/rootless-containers/rootlesskit/compare/20b0fc...d843aa

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-03 14:57:25 +09:00
Akihiro Suda fa92effc4b dockerfile: add support for RUN --mount=type=ssh
* Needs to be compiled with `dfrunmount dfssh`
* Implemented options:
 * `type`(required): needs to be `ssh`
 * `target`(optional): the socket path in the container
 * `id`(optional): id

Test script:

	#!/bin/bash
	set -exu -o pipefail
	REF=localhost:5000/dfssh:latest
	ssh-add -l
	sudo buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=frontend/dockerfile/cmd/dockerfile-frontend \
	  --frontend-opt "build-arg:BUILDTAGS=dfrunmount dfssh" \
	  --exporter=image --exporter-opt name=$REF --exporter-opt push=true
	mkdir -p /tmp/foo
	cd /tmp/foo
	cat << EOF > Dockerfile
	# syntax=$REF
	FROM alpine
	RUN apk add --no-cache openssh-client
	RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
	RUN --mount=type=ssh ssh git@gitlab.com
	# "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here
	EOF
	sudo buildctl build --ssh default=$SSH_AUTH_SOCK --progress=plain --frontend=dockerfile.v0 --local context=. --local dockerfile=.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-03 14:53:43 +09:00
Tonis Tiigi d40d557692 dockerfile: fix building dfextall
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-02 10:33:18 -07:00
Tonis Tiigi 0d84f6e163 hack: update buildkit dockerfiles to go1.11
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-09-17 10:41:33 -07:00
Tonis Tiigi 49fdb4c078 hack: prefer buildkit for generated files
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-09-17 10:35:59 -07:00
Tonis Tiigi 1dceb3b060 hack: refactor lint to use buildkit
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-09-17 10:35:59 -07:00
Akihiro Suda bf571a519e update Go to 1.11
For consistency with Moby (moby/moby#37358)

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-09-15 14:25:11 +09:00
Akihiro Suda 2fa4c37854 update containerd (binary: v1.1.3, library: Aug 23, 2018)
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-08-23 16:21:55 +09:00
Ian Campbell 0cf39e59ec hack/test: remove `$iidfile` earlier
We don't need it once we have assigned to `$iid`, so remove it otherwise it can
be leaked if any of the `docker run` lines fails (since we immediately exit due
to `set -e`).

Signed-off-by: Ian Campbell <ijc@docker.com>
2018-07-10 13:59:39 +01:00