From 1f37025ef2b9b70706d8e11cc3552830e4524758 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 8 Jul 2022 12:08:54 -0700 Subject: [PATCH] Only include the CLI in the CLI variants (finally, as was intended all along) --- 20.10/cli/Dockerfile | 32 ++++++----- 20.10/dind-rootless/Dockerfile | 4 +- 20.10/dind/Dockerfile | 36 +++++++++++++ 22.06-rc/cli/Dockerfile | 32 ++++++----- 22.06-rc/dind-rootless/Dockerfile | 4 +- 22.06-rc/dind/Dockerfile | 36 +++++++++++++ Dockerfile-cli.template | 88 +++++++++---------------------- Dockerfile-dind-rootless.template | 39 ++++---------- Dockerfile-dind.template | 27 ++++++++++ shared.jq | 67 +++++++++++++++++++++++ 10 files changed, 243 insertions(+), 122 deletions(-) create mode 100644 shared.jq diff --git a/20.10/cli/Dockerfile b/20.10/cli/Dockerfile index cae822625c..67aacbcaad 100644 --- a/20.10/cli/Dockerfile +++ b/20.10/cli/Dockerfile @@ -20,9 +20,6 @@ RUN apk add --no-cache \ RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf ENV DOCKER_VERSION 20.10.17 -# TODO ENV DOCKER_SHA256 -# https://github.com/docker/docker-ce/blob/5b073ee2cf564edee5adca05eee574142f7627bb/components/packaging/static/hash_files !! -# (no SHA file artifacts on download.docker.com yet as of 2017-06-07 though) RUN set -eux; \ \ @@ -40,23 +37,25 @@ RUN set -eux; \ 'aarch64') \ url='https://download.docker.com/linux/static/stable/aarch64/docker-20.10.17.tgz'; \ ;; \ - *) echo >&2 "error: unsupported architecture ($apkArch)"; exit 1 ;; \ + *) echo >&2 "error: unsupported 'docker.tgz' architecture ($apkArch)"; exit 1 ;; \ esac; \ \ - wget -O docker.tgz "$url"; \ + wget -O 'docker.tgz' "$url"; \ \ tar --extract \ --file docker.tgz \ --strip-components 1 \ --directory /usr/local/bin/ \ + --no-same-owner \ + 'docker/docker' \ ; \ rm docker.tgz; \ \ - dockerd --version; \ docker --version ENV DOCKER_BUILDX_VERSION 0.8.2 RUN set -eux; \ + \ apkArch="$(apk --print-arch)"; \ case "$apkArch" in \ 'x86_64') \ @@ -87,17 +86,22 @@ RUN set -eux; \ url='https://github.com/docker/buildx/releases/download/v0.8.2/buildx-v0.8.2.linux-s390x'; \ sha256='ec4bb6f271f38dca5a377a70be24ee2108a85f6e6ba511ad3b805c4f1602a0d2'; \ ;; \ - *) echo >&2 "warning: unsupported buildx architecture ($apkArch); skipping"; exit 0 ;; \ + *) echo >&2 "warning: unsupported 'docker-buildx' architecture ($apkArch); skipping"; exit 0 ;; \ esac; \ + \ + wget -O 'docker-buildx' "$url"; \ + echo "$sha256 *"'docker-buildx' | sha256sum -c -; \ + \ plugin='/usr/libexec/docker/cli-plugins/docker-buildx'; \ mkdir -p "$(dirname "$plugin")"; \ - wget -O "$plugin" "$url"; \ - echo "$sha256 *$plugin" | sha256sum -c -; \ + mv -vT 'docker-buildx' "$plugin"; \ chmod +x "$plugin"; \ + \ docker buildx version ENV DOCKER_COMPOSE_VERSION 2.7.0 RUN set -eux; \ + \ apkArch="$(apk --print-arch)"; \ case "$apkArch" in \ 'x86_64') \ @@ -124,13 +128,17 @@ RUN set -eux; \ url='https://github.com/docker/compose/releases/download/v2.7.0/docker-compose-linux-s390x'; \ sha256='429498246e1d4778669e781a70e659ba59fa8bb3cdee45f8ce8e01a716a12aff'; \ ;; \ - *) echo >&2 "warning: unsupported compose architecture ($apkArch); skipping"; exit 0 ;; \ + *) echo >&2 "warning: unsupported 'docker-compose' architecture ($apkArch); skipping"; exit 0 ;; \ esac; \ + \ + wget -O 'docker-compose' "$url"; \ + echo "$sha256 *"'docker-compose' | sha256sum -c -; \ + \ plugin='/usr/libexec/docker/cli-plugins/docker-compose'; \ mkdir -p "$(dirname "$plugin")"; \ - wget -O "$plugin" "$url"; \ - echo "$sha256 *$plugin" | sha256sum -c -; \ + mv -vT 'docker-compose' "$plugin"; \ chmod +x "$plugin"; \ + \ ln -sv "$plugin" /usr/local/bin/; \ docker-compose --version; \ docker compose version diff --git a/20.10/dind-rootless/Dockerfile b/20.10/dind-rootless/Dockerfile index d56c683c30..725ef2f75a 100644 --- a/20.10/dind-rootless/Dockerfile +++ b/20.10/dind-rootless/Dockerfile @@ -29,10 +29,10 @@ RUN set -eux; \ 'aarch64') \ url='https://download.docker.com/linux/static/stable/aarch64/docker-rootless-extras-20.10.17.tgz'; \ ;; \ - *) echo >&2 "error: unsupported architecture ($apkArch)"; exit 1 ;; \ + *) echo >&2 "error: unsupported 'rootless.tgz' architecture ($apkArch)"; exit 1 ;; \ esac; \ \ - wget -O rootless.tgz "$url"; \ + wget -O 'rootless.tgz' "$url"; \ \ tar --extract \ --file rootless.tgz \ diff --git a/20.10/dind/Dockerfile b/20.10/dind/Dockerfile index 8103651d98..ac2295a9ed 100644 --- a/20.10/dind/Dockerfile +++ b/20.10/dind/Dockerfile @@ -37,6 +37,42 @@ RUN set -eux; \ echo 'dockremap:165536:65536' >> /etc/subuid; \ echo 'dockremap:165536:65536' >> /etc/subgid +RUN set -eux; \ + \ + apkArch="$(apk --print-arch)"; \ + case "$apkArch" in \ + 'x86_64') \ + url='https://download.docker.com/linux/static/stable/x86_64/docker-20.10.17.tgz'; \ + ;; \ + 'armhf') \ + url='https://download.docker.com/linux/static/stable/armel/docker-20.10.17.tgz'; \ + ;; \ + 'armv7') \ + url='https://download.docker.com/linux/static/stable/armhf/docker-20.10.17.tgz'; \ + ;; \ + 'aarch64') \ + url='https://download.docker.com/linux/static/stable/aarch64/docker-20.10.17.tgz'; \ + ;; \ + *) echo >&2 "error: unsupported 'docker.tgz' architecture ($apkArch)"; exit 1 ;; \ + esac; \ + \ + wget -O 'docker.tgz' "$url"; \ + \ + tar --extract \ + --file docker.tgz \ + --strip-components 1 \ + --directory /usr/local/bin/ \ + --no-same-owner \ +# we exclude the CLI binary because we already extracted that over in the "docker:20.10-cli" image that we're FROM and we don't want to duplicate those bytes again in this layer + --exclude 'docker/docker' \ + ; \ + rm docker.tgz; \ + \ + dockerd --version; \ + containerd --version; \ + ctr --version; \ + runc --version + # https://github.com/docker/docker/tree/master/hack/dind ENV DIND_COMMIT 42b1175eda071c0e9121e1d64345928384a93df1 diff --git a/22.06-rc/cli/Dockerfile b/22.06-rc/cli/Dockerfile index 3be03030a9..59fac85e43 100644 --- a/22.06-rc/cli/Dockerfile +++ b/22.06-rc/cli/Dockerfile @@ -20,9 +20,6 @@ RUN apk add --no-cache \ RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf ENV DOCKER_VERSION 22.06.0-beta.0 -# TODO ENV DOCKER_SHA256 -# https://github.com/docker/docker-ce/blob/5b073ee2cf564edee5adca05eee574142f7627bb/components/packaging/static/hash_files !! -# (no SHA file artifacts on download.docker.com yet as of 2017-06-07 though) RUN set -eux; \ \ @@ -40,23 +37,25 @@ RUN set -eux; \ 'aarch64') \ url='https://download.docker.com/linux/static/test/aarch64/docker-22.06.0-beta.0.tgz'; \ ;; \ - *) echo >&2 "error: unsupported architecture ($apkArch)"; exit 1 ;; \ + *) echo >&2 "error: unsupported 'docker.tgz' architecture ($apkArch)"; exit 1 ;; \ esac; \ \ - wget -O docker.tgz "$url"; \ + wget -O 'docker.tgz' "$url"; \ \ tar --extract \ --file docker.tgz \ --strip-components 1 \ --directory /usr/local/bin/ \ + --no-same-owner \ + 'docker/docker' \ ; \ rm docker.tgz; \ \ - dockerd --version; \ docker --version ENV DOCKER_BUILDX_VERSION 0.8.2 RUN set -eux; \ + \ apkArch="$(apk --print-arch)"; \ case "$apkArch" in \ 'x86_64') \ @@ -87,17 +86,22 @@ RUN set -eux; \ url='https://github.com/docker/buildx/releases/download/v0.8.2/buildx-v0.8.2.linux-s390x'; \ sha256='ec4bb6f271f38dca5a377a70be24ee2108a85f6e6ba511ad3b805c4f1602a0d2'; \ ;; \ - *) echo >&2 "warning: unsupported buildx architecture ($apkArch); skipping"; exit 0 ;; \ + *) echo >&2 "warning: unsupported 'docker-buildx' architecture ($apkArch); skipping"; exit 0 ;; \ esac; \ + \ + wget -O 'docker-buildx' "$url"; \ + echo "$sha256 *"'docker-buildx' | sha256sum -c -; \ + \ plugin='/usr/libexec/docker/cli-plugins/docker-buildx'; \ mkdir -p "$(dirname "$plugin")"; \ - wget -O "$plugin" "$url"; \ - echo "$sha256 *$plugin" | sha256sum -c -; \ + mv -vT 'docker-buildx' "$plugin"; \ chmod +x "$plugin"; \ + \ docker buildx version ENV DOCKER_COMPOSE_VERSION 2.7.0 RUN set -eux; \ + \ apkArch="$(apk --print-arch)"; \ case "$apkArch" in \ 'x86_64') \ @@ -124,13 +128,17 @@ RUN set -eux; \ url='https://github.com/docker/compose/releases/download/v2.7.0/docker-compose-linux-s390x'; \ sha256='429498246e1d4778669e781a70e659ba59fa8bb3cdee45f8ce8e01a716a12aff'; \ ;; \ - *) echo >&2 "warning: unsupported compose architecture ($apkArch); skipping"; exit 0 ;; \ + *) echo >&2 "warning: unsupported 'docker-compose' architecture ($apkArch); skipping"; exit 0 ;; \ esac; \ + \ + wget -O 'docker-compose' "$url"; \ + echo "$sha256 *"'docker-compose' | sha256sum -c -; \ + \ plugin='/usr/libexec/docker/cli-plugins/docker-compose'; \ mkdir -p "$(dirname "$plugin")"; \ - wget -O "$plugin" "$url"; \ - echo "$sha256 *$plugin" | sha256sum -c -; \ + mv -vT 'docker-compose' "$plugin"; \ chmod +x "$plugin"; \ + \ ln -sv "$plugin" /usr/local/bin/; \ docker-compose --version; \ docker compose version diff --git a/22.06-rc/dind-rootless/Dockerfile b/22.06-rc/dind-rootless/Dockerfile index c867d9bf7f..60f376b436 100644 --- a/22.06-rc/dind-rootless/Dockerfile +++ b/22.06-rc/dind-rootless/Dockerfile @@ -29,10 +29,10 @@ RUN set -eux; \ 'aarch64') \ url='https://download.docker.com/linux/static/test/aarch64/docker-rootless-extras-22.06.0-beta.0.tgz'; \ ;; \ - *) echo >&2 "error: unsupported architecture ($apkArch)"; exit 1 ;; \ + *) echo >&2 "error: unsupported 'rootless.tgz' architecture ($apkArch)"; exit 1 ;; \ esac; \ \ - wget -O rootless.tgz "$url"; \ + wget -O 'rootless.tgz' "$url"; \ \ tar --extract \ --file rootless.tgz \ diff --git a/22.06-rc/dind/Dockerfile b/22.06-rc/dind/Dockerfile index 3af3e8eb18..a3cd746e63 100644 --- a/22.06-rc/dind/Dockerfile +++ b/22.06-rc/dind/Dockerfile @@ -37,6 +37,42 @@ RUN set -eux; \ echo 'dockremap:165536:65536' >> /etc/subuid; \ echo 'dockremap:165536:65536' >> /etc/subgid +RUN set -eux; \ + \ + apkArch="$(apk --print-arch)"; \ + case "$apkArch" in \ + 'x86_64') \ + url='https://download.docker.com/linux/static/test/x86_64/docker-22.06.0-beta.0.tgz'; \ + ;; \ + 'armhf') \ + url='https://download.docker.com/linux/static/test/armel/docker-22.06.0-beta.0.tgz'; \ + ;; \ + 'armv7') \ + url='https://download.docker.com/linux/static/test/armhf/docker-22.06.0-beta.0.tgz'; \ + ;; \ + 'aarch64') \ + url='https://download.docker.com/linux/static/test/aarch64/docker-22.06.0-beta.0.tgz'; \ + ;; \ + *) echo >&2 "error: unsupported 'docker.tgz' architecture ($apkArch)"; exit 1 ;; \ + esac; \ + \ + wget -O 'docker.tgz' "$url"; \ + \ + tar --extract \ + --file docker.tgz \ + --strip-components 1 \ + --directory /usr/local/bin/ \ + --no-same-owner \ +# we exclude the CLI binary because we already extracted that over in the "docker:22.06-rc-cli" image that we're FROM and we don't want to duplicate those bytes again in this layer + --exclude 'docker/docker' \ + ; \ + rm docker.tgz; \ + \ + dockerd --version; \ + containerd --version; \ + ctr --version; \ + runc --version + # https://github.com/docker/docker/tree/master/hack/dind ENV DIND_COMMIT 42b1175eda071c0e9121e1d64345928384a93df1 diff --git a/Dockerfile-cli.template b/Dockerfile-cli.template index c0d8ce3ad2..64d7afd97c 100644 --- a/Dockerfile-cli.template +++ b/Dockerfile-cli.template @@ -1,3 +1,4 @@ +{{ include "shared" -}} FROM alpine:3.16 RUN apk add --no-cache \ @@ -14,59 +15,27 @@ RUN apk add --no-cache \ RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf ENV DOCKER_VERSION {{ .version }} -# TODO ENV DOCKER_SHA256 -# https://github.com/docker/docker-ce/blob/5b073ee2cf564edee5adca05eee574142f7627bb/components/packaging/static/hash_files !! -# (no SHA file artifacts on download.docker.com yet as of 2017-06-07 though) -{{ - def apkArch: - { - # https://dl-cdn.alpinelinux.org/alpine/edge/main/ - # https://wiki.alpinelinux.org/wiki/Architecture#Alpine_Hardware_Architecture_.28.22arch.22.29_Support - # https://pkgs.alpinelinux.org/packages ("Arch" dropdown) - amd64: "x86_64", - arm32v6: "armhf", - arm32v7: "armv7", - arm64v8: "aarch64", - i386: "x86", - ppc64le: "ppc64le", - riscv64: "riscv64", - s390x: "s390x", - }[.] --}} RUN set -eux; \ \ - apkArch="$(apk --print-arch)"; \ - case "$apkArch" in \ -{{ - [ - .arches | to_entries[] - | .key as $bashbrewArch - | ($bashbrewArch | apkArch) as $apkArch - | .value - | select($apkArch and .dockerUrl) - | ( --}} - {{ $apkArch | @sh }}) \ - url={{ .dockerUrl | @sh }}; \ - ;; \ -{{ - ) - ] | add --}} - *) echo >&2 "error: unsupported architecture ($apkArch)"; exit 1 ;; \ - esac; \ - \ - wget -O docker.tgz "$url"; \ + {{ + download({ + arches: .arches, + urlKey: "dockerUrl", + # TODO sha256Key (once Docker publishes them 😭) + target: "docker.tgz", + }) + }}; \ \ tar --extract \ --file docker.tgz \ --strip-components 1 \ --directory /usr/local/bin/ \ + --no-same-owner \ + 'docker/docker' \ ; \ rm docker.tgz; \ \ - dockerd --version; \ docker --version {{ { @@ -79,31 +48,22 @@ RUN set -eux; \ ENV DOCKER_{{ $key | ascii_upcase }}_VERSION {{ .version }} RUN set -eux; \ - apkArch="$(apk --print-arch)"; \ - case "$apkArch" in \ -{{ - .arches | to_entries | map( - .key as $bashbrewArch - | ($bashbrewArch | apkArch) as $apkArch - | .value - | select($apkArch and .url and .sha256) - | ( --}} - {{ $apkArch | @sh }}) \ - url={{ .url | @sh }}; \ - sha256={{ .sha256 | @sh }}; \ - ;; \ -{{ - ) - ) | add --}} - *) echo >&2 "warning: unsupported {{ $key }} architecture ($apkArch); skipping"; exit 0 ;; \ - esac; \ + \ + {{ + download({ + arches: .arches, + urlKey: "url", + sha256Key: "sha256", + target: ("docker-" + $key), + missingArchWarning: true, + }) + }}; \ + \ plugin='/usr/libexec/docker/cli-plugins/docker-{{ $key }}'; \ mkdir -p "$(dirname "$plugin")"; \ - wget -O "$plugin" "$url"; \ - echo "$sha256 *$plugin" | sha256sum -c -; \ + mv -vT {{ "docker-" + $key | @sh }} "$plugin"; \ chmod +x "$plugin"; \ + \ {{ if $key == "compose" then ( -}} ln -sv "$plugin" /usr/local/bin/; \ docker-{{ $key }} --version; \ diff --git a/Dockerfile-dind-rootless.template b/Dockerfile-dind-rootless.template index 896fb8dac1..3d9c76782d 100644 --- a/Dockerfile-dind-rootless.template +++ b/Dockerfile-dind-rootless.template @@ -1,3 +1,4 @@ +{{ include "shared" -}} FROM docker:{{ env.version }}-dind # busybox "ip" is insufficient: @@ -15,36 +16,14 @@ RUN set -eux; \ RUN set -eux; \ \ - apkArch="$(apk --print-arch)"; \ - case "$apkArch" in \ -{{ - [ - .arches | to_entries[] - | select(.value.rootlessExtrasUrl) - | .key as $bashbrewArch - | ( - { - amd64: "x86_64", - arm32v6: "armhf", - arm32v7: "armv7", - arm64v8: "aarch64", - } - | .[$bashbrewArch] // $bashbrewArch - ) as $apkArch - | .value - | ( --}} - {{ $apkArch | @sh }}) \ - url={{ .rootlessExtrasUrl | @sh }}; \ - ;; \ -{{ - ) - ] | add --}} - *) echo >&2 "error: unsupported architecture ($apkArch)"; exit 1 ;; \ - esac; \ - \ - wget -O rootless.tgz "$url"; \ + {{ + download({ + arches: .arches, + urlKey: "rootlessExtrasUrl", + # TODO sha256Key (once Docker publishes them 😭) + target: "rootless.tgz", + }) + }}; \ \ tar --extract \ --file rootless.tgz \ diff --git a/Dockerfile-dind.template b/Dockerfile-dind.template index ba7add2136..f8b5853285 100644 --- a/Dockerfile-dind.template +++ b/Dockerfile-dind.template @@ -1,3 +1,4 @@ +{{ include "shared" -}} FROM docker:{{ env.version }}-cli # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies @@ -31,6 +32,32 @@ RUN set -eux; \ echo 'dockremap:165536:65536' >> /etc/subuid; \ echo 'dockremap:165536:65536' >> /etc/subgid +RUN set -eux; \ + \ + {{ + download({ + arches: .arches, + urlKey: "dockerUrl", + # TODO sha256Key (once Docker publishes them 😭) + target: "docker.tgz", + }) + }}; \ + \ + tar --extract \ + --file docker.tgz \ + --strip-components 1 \ + --directory /usr/local/bin/ \ + --no-same-owner \ +# we exclude the CLI binary because we already extracted that over in the "docker:{{ env.version }}-cli" image that we're FROM and we don't want to duplicate those bytes again in this layer + --exclude 'docker/docker' \ + ; \ + rm docker.tgz; \ + \ + dockerd --version; \ + containerd --version; \ + ctr --version; \ + runc --version + # https://github.com/docker/docker/tree/master/hack/dind ENV DIND_COMMIT {{ .dindCommit }} diff --git a/shared.jq b/shared.jq new file mode 100644 index 0000000000..c3213117e3 --- /dev/null +++ b/shared.jq @@ -0,0 +1,67 @@ +# converts a bashbrew architecture to apk's strings +def apkArch: + { + # https://dl-cdn.alpinelinux.org/alpine/edge/main/ + # https://wiki.alpinelinux.org/wiki/Architecture#Alpine_Hardware_Architecture_.28.22arch.22.29_Support + # https://pkgs.alpinelinux.org/packages ("Arch" dropdown) + amd64: "x86_64", + arm32v6: "armhf", + arm32v7: "armv7", + arm64v8: "aarch64", + i386: "x86", + ppc64le: "ppc64le", + riscv64: "riscv64", + s390x: "s390x", + }[.] + ; + +# RUN set -eux; \ +# ... +# {{ +# download({ +# arches: .arches, +# urlKey: "dockerUrl", +# #sha256Key: "sha256", +# target: "docker.tgz", +# #missingArchWarning: true, +# }) +# }}; \ +# ... +def download(opts): + (opts.sha256Key | not) as $notSha256 + | [ + "apkArch=\"$(apk --print-arch)\"; + case \"$apkArch\" in" + , + ( + opts.arches | to_entries[] + | .key as $bashbrewArch + | ($bashbrewArch | apkArch) as $apkArch + | .value + | .[opts.urlKey] as $url + | (if $notSha256 then "none" else .[opts.sha256Key] end) as $sha256 + | select($apkArch and $url and $sha256) + | (" + \($apkArch | @sh)) + url=\($url | @sh);" + + if $notSha256 then "" else " + sha256=\($sha256 | @sh);" + end + " + ;;" + ) + ) + , + " + *) echo >&2 \"\(if opts.missingArchWarning then "warning" else "error" end): unsupported \(opts.target | @sh) architecture ($apkArch)\(if opts.missingArchWarning then "; skipping" else "" end)\"; exit \(if opts.missingArchWarning then 0 else 1 end) ;; + esac; + + wget -O \(opts.target | @sh) \"$url\";" + , + if $notSha256 then "" else " + echo \"$sha256 *\"\(opts.target | @sh) | sha256sum -c -;" + end + ] | add + | rtrimstr(";") + | gsub("(?<=[^[:space:]])\n"; " \\\n") + | gsub("(?<=[[:space:]])\n"; "\\\n") + ;