Skip to content

Commit

Permalink
update podman 4.4.0 and dependencies
Browse files Browse the repository at this point in the history
dependency updates:
* alpine:3.17
* conmon 2.1.6
* CNI plugins 1.2.0
* libfuse 3.13.1
* fuse-overlayfs 1.10
* crun 1.8

Also, updated bats to 1.8.2
  • Loading branch information
mgoltzsche committed Feb 9, 2023
1 parent 9f86c70 commit 8118e8d
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 23 deletions.
20 changes: 10 additions & 10 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# Download gpg
FROM alpine:3.15 AS gpg
FROM alpine:3.17 AS gpg
RUN apk add --no-cache gnupg


# runc
FROM golang:1.18-alpine3.15 AS runc
FROM golang:1.18-alpine3.17 AS runc
ARG RUNC_VERSION=v1.1.4
RUN set -eux; \
apk add --no-cache --virtual .build-deps gcc musl-dev libseccomp-dev libseccomp-static make git bash; \
Expand All @@ -18,7 +18,7 @@ RUN set -eux; \


# podman build base
FROM golang:1.18-alpine3.15 AS podmanbuildbase
FROM golang:1.18-alpine3.17 AS podmanbuildbase
RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \
glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \
Expand All @@ -29,7 +29,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
# podman (without systemd support)
FROM podmanbuildbase AS podman
RUN apk add --update --no-cache tzdata curl
ARG PODMAN_VERSION=v4.3.1
ARG PODMAN_VERSION=v4.4.0
ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp'
ARG PODMAN_CGO=1
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman
Expand All @@ -49,7 +49,7 @@ RUN set -ex; \

# conmon (without systemd support)
FROM podmanbuildbase AS conmon
ARG CONMON_VERSION=v2.1.5
ARG CONMON_VERSION=v2.1.6
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon
WORKDIR /conmon
RUN set -ex; \
Expand All @@ -59,7 +59,7 @@ RUN set -ex; \

# CNI plugins
FROM podmanbuildbase AS cniplugins
ARG CNI_PLUGIN_VERSION=v1.1.1
ARG CNI_PLUGIN_VERSION=v1.2.0
ARG CNI_PLUGINS="ipam/host-local main/loopback main/bridge meta/portmap meta/tuning meta/firewall"
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CNI_PLUGIN_VERSION} https://github.com/containernetworking/plugins /go/src/github.com/containernetworking/plugins
WORKDIR /go/src/github.com/containernetworking/plugins
Expand Down Expand Up @@ -98,7 +98,7 @@ RUN set -ex; \
# fuse-overlayfs (derived from https://github.com/containers/fuse-overlayfs/blob/master/Dockerfile.static)
FROM podmanbuildbase AS fuse-overlayfs
RUN apk add --update --no-cache autoconf automake meson ninja clang g++ eudev-dev fuse3-dev
ARG LIBFUSE_VERSION=fuse-3.12.0
ARG LIBFUSE_VERSION=fuse-3.13.1
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$LIBFUSE_VERSION https://github.com/libfuse/libfuse /libfuse
WORKDIR /libfuse
RUN set -ex; \
Expand All @@ -109,7 +109,7 @@ RUN set -ex; \
touch /dev/fuse; \
ninja install; \
fusermount3 -V
ARG FUSEOVERLAYFS_VERSION=v1.9
ARG FUSEOVERLAYFS_VERSION=v1.10
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$FUSEOVERLAYFS_VERSION https://github.com/containers/fuse-overlayfs /fuse-overlayfs
WORKDIR /fuse-overlayfs
RUN set -ex; \
Expand All @@ -121,7 +121,7 @@ RUN set -ex; \


# Build podman base image
FROM alpine:3.15 AS podmanbase
FROM alpine:3.17 AS podmanbase
LABEL maintainer="Max Goltzsche <[email protected]>"
RUN apk add --no-cache tzdata ca-certificates
COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon
Expand Down Expand Up @@ -155,7 +155,7 @@ COPY --from=runc /usr/local/bin/runc /usr/local/bin/runc
# Download crun
# (switched keyserver from sks to ubuntu since sks is offline now and gpg refuses to import keys from keys.openpgp.org because it does not provide a user ID with the key.)
FROM gpg AS crun
ARG CRUN_VERSION=1.6
ARG CRUN_VERSION=1.8
RUN set -ex; \
wget -O /usr/local/bin/crun https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd; \
wget -O /tmp/crun.asc https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd.asc; \
Expand Down
8 changes: 3 additions & 5 deletions Dockerfile-remote
Original file line number Diff line number Diff line change
@@ -1,17 +1,15 @@
# podman build base
FROM golang:1.18-alpine3.15 AS podmanbuildbase
FROM golang:1.18-alpine3.17 AS podmanbuildbase
RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \
glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \
libseccomp-dev libseccomp-static libselinux-dev ostree-dev openssl iptables \
bash go-md2man
ARG BATS_VERSION=v1.7.0
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${BATS_VERSION} https://github.com/bats-core/bats-core.git && cd bats-core && ./install.sh /usr/local

# podman remote
FROM podmanbuildbase AS podman-remote
RUN apk add --update --no-cache curl
ARG PODMAN_VERSION=v4.3.1
ARG PODMAN_VERSION=v4.4.0
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman
WORKDIR $GOPATH/src/github.com/containers/podman
RUN make install.tools
Expand All @@ -23,6 +21,6 @@ RUN set -eux; \
podman --help >/dev/null; \
[ "$(ldd /usr/local/bin/podman-remote | wc -l)" -eq 0 ] || (ldd /usr/local/bin/podman-remote; false)

FROM alpine:3.15
FROM alpine:3.17
COPY --from=podman-remote /usr/local/bin /usr/local/bin
RUN adduser -D podman-remote -h /podman -u 1000
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ GPG_IMAGE = gpg-signer

BUILD_DIR = ./build

BATS_VERSION = v1.7.0
BATS_VERSION = v1.8.2
BATS_DIR := $(BUILD_DIR)/bats-$(BATS_VERSION)
BATS = $(BATS_DIR)/bin/bats
BATS_TEST ?= test
Expand Down
4 changes: 2 additions & 2 deletions test/remote.bats
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ teardown_file() {

@test "remote podman - run container" {
$DOCKER run --rm --network=host --pull=never "${PODMAN_REMOTE_IMAGE}" \
podman --url=tcp://$PODMAN_ADDRESS run alpine:3.14 echo hello from remote container
podman --url=tcp://$PODMAN_ADDRESS run alpine:3.17 echo hello from remote container
}

@test "remote podman - build image from dockerfile" {
Expand All @@ -33,7 +33,7 @@ teardown_file() {
"${PODMAN_REMOTE_IMAGE}" \
sh -c "set -ex; \
mkdir /tmp/testcontext
printf 'FROM alpine:3.14\nRUN echo hello\nCMD [ "/bin/echo", "hello" ]' > /tmp/testcontext/Dockerfile
printf 'FROM alpine:3.17\nRUN echo hello\nCMD [ "/bin/echo", "hello" ]' > /tmp/testcontext/Dockerfile
podman --log-level=debug --remote --url=tcp://$PODMAN_ADDRESS build -t testbuild -f /tmp/testcontext/Dockerfile /tmp/testcontext; \
podman --url=tcp://$PODMAN_ADDRESS run testbuild echo hello from remote container"
}
2 changes: 1 addition & 1 deletion test/rootful.bats
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ skipIfDockerUnavailableAndNotRunAsRoot() {
$DOCKER run --rm --privileged --entrypoint /bin/sh -u root:root \
-v "$PODMAN_ROOT_DATA_DIR:/var/lib/containers/storage" \
--pull=never "${PODMAN_IMAGE}" \
-c 'podman run --rm alpine:3.14 wget -O /dev/null http://example.org'
-c 'podman run --rm alpine:3.17 wget -O /dev/null http://example.org'
}

@test "rootful podman - build image from dockerfile" {
Expand Down
8 changes: 4 additions & 4 deletions test/rootless.bats
Original file line number Diff line number Diff line change
Expand Up @@ -12,20 +12,20 @@ load test_helper.bash
$DOCKER run --rm --privileged -u podman:podman \
-v "$PODMAN_ROOT_DATA_DIR:/podman/.local/share/containers/storage" \
--pull=never "${PODMAN_IMAGE}" \
docker run --rm alpine:3.14 wget -O /dev/null http://example.org
docker run --rm alpine:3.17 wget -O /dev/null http://example.org
}

@test "$TEST_PREFIX podman - uid mapping (using fuse-overlayfs) {
$DOCKER run --rm --privileged -u podman:podman \
-v "$PODMAN_ROOT_DATA_DIR:/podman/.local/share/containers/storage" \
--pull=never "${PODMAN_IMAGE}" \
docker run --rm alpine:3.14 /bin/sh -c 'set -ex; touch /file; chown guest /file; [ $(stat -c %U /file) = guest ]'
docker run --rm alpine:3.17 /bin/sh -c 'set -ex; touch /file; chown guest /file; [ $(stat -c %U /file) = guest ]'
}
@test "$TEST_PREFIX podman - unmapped uid" {
$DOCKER run --rm --privileged --user 9000:9000 \
--pull=never "${PODMAN_IMAGE}" \
docker run --rm alpine:3.14 wget -O /dev/null http://example.org
docker run --rm alpine:3.17 wget -O /dev/null http://example.org
}
@test "$TEST_PREFIX podman - build image from dockerfile" {
Expand All @@ -34,7 +34,7 @@ load test_helper.bash
--pull=never "${PODMAN_IMAGE}" \
-c 'set -e;
podman build -t podmantestimage -f - . <<-EOF
FROM alpine:3.14
FROM alpine:3.17
RUN echo hello world > /hello
CMD ["/bin/cat", "/hello"]
EOF'
Expand Down

0 comments on commit 8118e8d

Please sign in to comment.