Skip to content

Commit

Permalink
Modify environments to install skopeo
Browse files Browse the repository at this point in the history
This is work towards #948

Now that skopeo has become the de-facto tool to download container
images, we will switch our instructions to install skopeo and use
it in our build and development environments.

At this time, skopeo is available on Ubuntu 20.04 through the
Kubic project, hence there may need to be some additional changes
in the future as the upstream package creators improve.

Signed-off-by: Nisha K <[email protected]>
  • Loading branch information
Nisha K committed Dec 15, 2021
1 parent d875db5 commit 4df0850
Show file tree
Hide file tree
Showing 6 changed files with 31 additions and 13 deletions.
27 changes: 18 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ Tern gives you a deeper understanding of your container's bill of materials so y

![Tern quick demo](/docs/img/tern_demo_fast.gif)


# Getting Started<a name="getting-started"/>

## GitHub Action<a name="github-action"/>
Expand All @@ -70,13 +69,16 @@ If you have a Linux OS you will need a distro with a kernel version >= 4.0 (Ubun
- Python 3.6 or newer (sudo apt-get install python3.6(3.7) or sudo dnf install python36(37))
- Pip (sudo apt-get install python3-pip).
- jq (sudo apt-get install jq or sudo dnf install jq)
- skopeo (See [here](https://github.com/containers/skopeo/blob/main/install.md) for installation instructions or building from source)

Some distro versions have all of these except `attr` and/or `jq` preinstalled but both are common utilities and are available via the package manager.
Some distro versions have all of these except `attr`, `jq`, and/or `skopeo` preinstalled. `attr` and `jq` are common utilities and are available via the package manager. `skopeo` has only recently been packaged for common Linux distros. If you don't see your distro in the list, your best bet is building from source, which is reasonably straightforward if you have Go installed.

For Docker containers
For analyzing Dockerfiles and to use the "lock" function
- Docker CE (Installation instructions can be found here: https://docs.docker.com/engine/installation/#server)

Make sure the docker daemon is running.
*NOTE:* We do not provide advice on the usage of [Docker Desktop](https://www.docker.com/blog/updating-product-subscriptions/)

Once installed, make sure the docker daemon is running.

Create a python3 virtual environment:
```
Expand All @@ -103,7 +105,7 @@ $ tern report -o output.txt -i debian:buster
```

## Getting Started with Docker<a name="getting-started-with-docker">
Docker is the most widely used tool to build and run containers. If you already have Docker installed, you can run Tern by building a container with the Dockerfile provided and the `docker_run.sh` script:
Docker is the most widely used tool to build and run containers. If you already have Docker installed, you can run Tern by building a container with the Dockerfile provided.

Clone this repository:
```
Expand Down Expand Up @@ -132,7 +134,13 @@ $ docker build -f ci/Dockerfile -t ternd .
+ENTRYPOINT ["tern", "-q"]
```

Run the script `docker_run.sh`. You may need to use sudo. In the below command `debian` is the docker hub container image name and `buster` is the tag that identifies the version we are interested in analyzing.
Run the ternd container image

```
$ docker run --rm ternd report -i debian:buster
```

If you are using this container to analyze Dockerfiles and to use the "lock" feature, then you must volume mount the docker socket. We have a convenience script which will do that for you.

```
$ ./docker_run.sh ternd "report -i debian:buster" > output.txt
Expand All @@ -143,15 +151,16 @@ To produce a json report run
$ ./docker_run.sh ternd "report -f json -i debian:buster"
```

What the `docker_run.sh` script does is run the built container.

Tern is not distributed as Docker images yet. This is coming soon. Watch the [Project Status](#project-status) for updates.

**WARNING**: If using the `--driver fuse` or `--driver overlay2` storage driver options, then the docker image needs to run as privileged.

```
docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock ternd "--driver fuse report -i debian:buster"
docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock ternd --driver fuse report -i debian:buster
```

You can make this change to the `docker_run.sh` script to make it easier.

## Getting Started with Vagrant<a name="getting-started-with-vagrant">
Vagrant is a tool to setup an isolated virtual software development environment. If you are using Windows or Mac OSes and want to run Tern from the command line (not in a Docker container) this is the best way to get started as Tern does not run natively in a Mac OS or Windows environment at this time.

Expand Down
1 change: 1 addition & 0 deletions ci/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ RUN echo "deb http://deb.debian.org/debian bullseye main" > /etc/apt/sources.lis
fuse3/bullseye \
git \
jq \
skopeo \
&& rm -rf /var/lib/apt/lists/*

COPY --from=builder /install /usr/local
Expand Down
2 changes: 1 addition & 1 deletion ci/test_files_touched.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2019-2020 VMware, Inc. All Rights Reserved.
# Copyright (c) 2019-2021 VMware, Inc. All Rights Reserved.
# SPDX-License-Identifier: BSD-2-Clause

from git import Repo
Expand Down
1 change: 1 addition & 0 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ RUN echo "deb http://deb.debian.org/debian bullseye main" > /etc/apt/sources.lis
fuse3/bullseye \
git \
jq \
skopeo \
&& rm -rf /var/lib/apt/lists/*

COPY --from=builder /install /usr/local
Expand Down
2 changes: 1 addition & 1 deletion vagrant/Vagrantfile
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Vagrant.configure("2") do |config|

# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "generic/ubuntu1804"
config.vm.box = "generic/ubuntu2004"
config.vm.provision :shell, path: "bootstrap.sh"

config.vm.synced_folder '.', '/vagrant', disabled: true
Expand Down
11 changes: 9 additions & 2 deletions vagrant/bootstrap.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
#
# Copyright (c) 2018-2019 VMware, Inc. All Rights Reserved.
# Copyright (c) 2018-2021 VMware, Inc. All Rights Reserved.
# SPDX-License-Identifier: BSD-2-Clause

# Update the Ubuntu repositories
Expand All @@ -10,7 +10,14 @@ sudo apt-get update
sudo apt-get -y upgrade

# Python3 versions and system dependencies
sudo apt-get install -y python3 python3-pip python3-venv attr
sudo apt-get install -y python3 python3-pip python3-venv attr jq

# Install skopeo for Ubuntu 20.04
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/Release.key | sudo apt-key add -
sudo apt-get update
sudo apt-get -y upgrade
sudo apt-get -y install skopeo

# Install Docker
sudo apt-get install -y docker.io
Expand Down

0 comments on commit 4df0850

Please sign in to comment.