From 8118e8daa8876ba0c72b933c7e1de4fe6eb60897 Mon Sep 17 00:00:00 2001 From: Max Goltzsche Date: Wed, 8 Feb 2023 01:00:18 +0100 Subject: [PATCH] update podman 4.4.0 and dependencies dependency updates: * alpine:3.17 * conmon 2.1.6 * CNI plugins 1.2.0 * libfuse 3.13.1 * fuse-overlayfs 1.10 * crun 1.8 Also, updated bats to 1.8.2 --- Dockerfile | 20 ++++++++++---------- Dockerfile-remote | 8 +++----- Makefile | 2 +- test/remote.bats | 4 ++-- test/rootful.bats | 2 +- test/rootless.bats | 8 ++++---- 6 files changed, 21 insertions(+), 23 deletions(-) diff --git a/Dockerfile b/Dockerfile index ab6d828..7f3be54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ # Download gpg -FROM alpine:3.15 AS gpg +FROM alpine:3.17 AS gpg RUN apk add --no-cache gnupg # runc -FROM golang:1.18-alpine3.15 AS runc +FROM golang:1.18-alpine3.17 AS runc ARG RUNC_VERSION=v1.1.4 RUN set -eux; \ apk add --no-cache --virtual .build-deps gcc musl-dev libseccomp-dev libseccomp-static make git bash; \ @@ -18,7 +18,7 @@ RUN set -eux; \ # podman build base -FROM golang:1.18-alpine3.15 AS podmanbuildbase +FROM golang:1.18-alpine3.17 AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ @@ -29,7 +29,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ # podman (without systemd support) FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -ARG PODMAN_VERSION=v4.3.1 +ARG PODMAN_VERSION=v4.4.0 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman @@ -49,7 +49,7 @@ RUN set -ex; \ # conmon (without systemd support) FROM podmanbuildbase AS conmon -ARG CONMON_VERSION=v2.1.5 +ARG CONMON_VERSION=v2.1.6 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon WORKDIR /conmon RUN set -ex; \ @@ -59,7 +59,7 @@ RUN set -ex; \ # CNI plugins FROM podmanbuildbase AS cniplugins -ARG CNI_PLUGIN_VERSION=v1.1.1 +ARG CNI_PLUGIN_VERSION=v1.2.0 ARG CNI_PLUGINS="ipam/host-local main/loopback main/bridge meta/portmap meta/tuning meta/firewall" RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CNI_PLUGIN_VERSION} https://github.com/containernetworking/plugins /go/src/github.com/containernetworking/plugins WORKDIR /go/src/github.com/containernetworking/plugins @@ -98,7 +98,7 @@ RUN set -ex; \ # fuse-overlayfs (derived from https://github.com/containers/fuse-overlayfs/blob/master/Dockerfile.static) FROM podmanbuildbase AS fuse-overlayfs RUN apk add --update --no-cache autoconf automake meson ninja clang g++ eudev-dev fuse3-dev -ARG LIBFUSE_VERSION=fuse-3.12.0 +ARG LIBFUSE_VERSION=fuse-3.13.1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$LIBFUSE_VERSION https://github.com/libfuse/libfuse /libfuse WORKDIR /libfuse RUN set -ex; \ @@ -109,7 +109,7 @@ RUN set -ex; \ touch /dev/fuse; \ ninja install; \ fusermount3 -V -ARG FUSEOVERLAYFS_VERSION=v1.9 +ARG FUSEOVERLAYFS_VERSION=v1.10 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$FUSEOVERLAYFS_VERSION https://github.com/containers/fuse-overlayfs /fuse-overlayfs WORKDIR /fuse-overlayfs RUN set -ex; \ @@ -121,7 +121,7 @@ RUN set -ex; \ # Build podman base image -FROM alpine:3.15 AS podmanbase +FROM alpine:3.17 AS podmanbase LABEL maintainer="Max Goltzsche " RUN apk add --no-cache tzdata ca-certificates COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon @@ -155,7 +155,7 @@ COPY --from=runc /usr/local/bin/runc /usr/local/bin/runc # Download crun # (switched keyserver from sks to ubuntu since sks is offline now and gpg refuses to import keys from keys.openpgp.org because it does not provide a user ID with the key.) FROM gpg AS crun -ARG CRUN_VERSION=1.6 +ARG CRUN_VERSION=1.8 RUN set -ex; \ wget -O /usr/local/bin/crun https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd; \ wget -O /tmp/crun.asc https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd.asc; \ diff --git a/Dockerfile-remote b/Dockerfile-remote index 42e8655..7504a21 100644 --- a/Dockerfile-remote +++ b/Dockerfile-remote @@ -1,17 +1,15 @@ # podman build base -FROM golang:1.18-alpine3.15 AS podmanbuildbase +FROM golang:1.18-alpine3.17 AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ libseccomp-dev libseccomp-static libselinux-dev ostree-dev openssl iptables \ bash go-md2man -ARG BATS_VERSION=v1.7.0 -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${BATS_VERSION} https://github.com/bats-core/bats-core.git && cd bats-core && ./install.sh /usr/local # podman remote FROM podmanbuildbase AS podman-remote RUN apk add --update --no-cache curl -ARG PODMAN_VERSION=v4.3.1 +ARG PODMAN_VERSION=v4.4.0 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman RUN make install.tools @@ -23,6 +21,6 @@ RUN set -eux; \ podman --help >/dev/null; \ [ "$(ldd /usr/local/bin/podman-remote | wc -l)" -eq 0 ] || (ldd /usr/local/bin/podman-remote; false) -FROM alpine:3.15 +FROM alpine:3.17 COPY --from=podman-remote /usr/local/bin /usr/local/bin RUN adduser -D podman-remote -h /podman -u 1000 diff --git a/Makefile b/Makefile index 362af60..5a8e933 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ GPG_IMAGE = gpg-signer BUILD_DIR = ./build -BATS_VERSION = v1.7.0 +BATS_VERSION = v1.8.2 BATS_DIR := $(BUILD_DIR)/bats-$(BATS_VERSION) BATS = $(BATS_DIR)/bin/bats BATS_TEST ?= test diff --git a/test/remote.bats b/test/remote.bats index 18ac73e..c9d8add 100644 --- a/test/remote.bats +++ b/test/remote.bats @@ -24,7 +24,7 @@ teardown_file() { @test "remote podman - run container" { $DOCKER run --rm --network=host --pull=never "${PODMAN_REMOTE_IMAGE}" \ - podman --url=tcp://$PODMAN_ADDRESS run alpine:3.14 echo hello from remote container + podman --url=tcp://$PODMAN_ADDRESS run alpine:3.17 echo hello from remote container } @test "remote podman - build image from dockerfile" { @@ -33,7 +33,7 @@ teardown_file() { "${PODMAN_REMOTE_IMAGE}" \ sh -c "set -ex; \ mkdir /tmp/testcontext - printf 'FROM alpine:3.14\nRUN echo hello\nCMD [ "/bin/echo", "hello" ]' > /tmp/testcontext/Dockerfile + printf 'FROM alpine:3.17\nRUN echo hello\nCMD [ "/bin/echo", "hello" ]' > /tmp/testcontext/Dockerfile podman --log-level=debug --remote --url=tcp://$PODMAN_ADDRESS build -t testbuild -f /tmp/testcontext/Dockerfile /tmp/testcontext; \ podman --url=tcp://$PODMAN_ADDRESS run testbuild echo hello from remote container" } diff --git a/test/rootful.bats b/test/rootful.bats index ec77d9f..be47bd7 100644 --- a/test/rootful.bats +++ b/test/rootful.bats @@ -18,7 +18,7 @@ skipIfDockerUnavailableAndNotRunAsRoot() { $DOCKER run --rm --privileged --entrypoint /bin/sh -u root:root \ -v "$PODMAN_ROOT_DATA_DIR:/var/lib/containers/storage" \ --pull=never "${PODMAN_IMAGE}" \ - -c 'podman run --rm alpine:3.14 wget -O /dev/null http://example.org' + -c 'podman run --rm alpine:3.17 wget -O /dev/null http://example.org' } @test "rootful podman - build image from dockerfile" { diff --git a/test/rootless.bats b/test/rootless.bats index d52122f..58d619d 100644 --- a/test/rootless.bats +++ b/test/rootless.bats @@ -12,20 +12,20 @@ load test_helper.bash $DOCKER run --rm --privileged -u podman:podman \ -v "$PODMAN_ROOT_DATA_DIR:/podman/.local/share/containers/storage" \ --pull=never "${PODMAN_IMAGE}" \ - docker run --rm alpine:3.14 wget -O /dev/null http://example.org + docker run --rm alpine:3.17 wget -O /dev/null http://example.org } @test "$TEST_PREFIX podman - uid mapping (using fuse-overlayfs) { $DOCKER run --rm --privileged -u podman:podman \ -v "$PODMAN_ROOT_DATA_DIR:/podman/.local/share/containers/storage" \ --pull=never "${PODMAN_IMAGE}" \ - docker run --rm alpine:3.14 /bin/sh -c 'set -ex; touch /file; chown guest /file; [ $(stat -c %U /file) = guest ]' + docker run --rm alpine:3.17 /bin/sh -c 'set -ex; touch /file; chown guest /file; [ $(stat -c %U /file) = guest ]' } @test "$TEST_PREFIX podman - unmapped uid" { $DOCKER run --rm --privileged --user 9000:9000 \ --pull=never "${PODMAN_IMAGE}" \ - docker run --rm alpine:3.14 wget -O /dev/null http://example.org + docker run --rm alpine:3.17 wget -O /dev/null http://example.org } @test "$TEST_PREFIX podman - build image from dockerfile" { @@ -34,7 +34,7 @@ load test_helper.bash --pull=never "${PODMAN_IMAGE}" \ -c 'set -e; podman build -t podmantestimage -f - . <<-EOF - FROM alpine:3.14 + FROM alpine:3.17 RUN echo hello world > /hello CMD ["/bin/cat", "/hello"] EOF'