diff --git a/Dockerfile b/Dockerfile index c03a283b144..baa73fd2b8f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,7 +32,7 @@ ARG IMGCRYPT_VERSION=1.1.0 ARG ROOTLESSKIT_VERSION=0.14.1 ARG SLIRP4NETNS_VERSION=1.1.9 # Extra deps: FUSE-OverlayFS -ARG FUSE_OVERLAYFS_VERSION=1.4.0 +ARG FUSE_OVERLAYFS_VERSION=1.5.0 ARG CONTAINERD_FUSE_OVERLAYFS_VERSION=1.0.2 # Test deps @@ -48,7 +48,9 @@ RUN BINDIR=/out/bin make binaries install # We do not set CMD to `go test` here, because it requires systemd FROM build-minimal AS build-full +WORKDIR /nowhere RUN apk add --no-cache curl +COPY ./Dockerfile.d/SHA256SUMS.d/ /SHA256SUMS.d COPY README.md /out/share/doc/nerdctl/ COPY docs /out/share/doc/nerdctl/docs RUN mkdir -p /out/share/doc/nerdctl-full && \ @@ -56,25 +58,44 @@ RUN mkdir -p /out/share/doc/nerdctl-full && \ echo "- nerdctl: $(cd /go/src/github.com/containerd/nerdctl && git describe --tags)" >> /out/share/doc/nerdctl-full/README.md ARG TARGETARCH ARG CONTAINERD_VERSION -RUN curl -L https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /out && \ - rm -f /out/bin/containerd-shim /out/bin/containerd-shim-runc-v1 && \ +RUN fname="containerd-${CONTAINERD_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ + curl -o "${fname}" -fsSL "https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/${fname}" && \ + curl -o "containerd.service" -fsSL "https://raw.githubusercontent.com/containerd/containerd/v${CONTAINERD_VERSION}/containerd.service" && \ + grep "${fname}" "/SHA256SUMS.d/containerd-${CONTAINERD_VERSION}" | sha256sum -c - && \ + grep "containerd.service" "/SHA256SUMS.d/containerd-${CONTAINERD_VERSION}" | sha256sum -c - && \ + tar xzf "${fname}" -C /out && \ + rm -f "${fname}" /out/bin/containerd-shim /out/bin/containerd-shim-runc-v1 && \ mkdir -p /out/lib/systemd/system && \ - curl -L -o /out/lib/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/v${CONTAINERD_VERSION}/containerd.service && \ + mv containerd.service /out/lib/systemd/system/containerd.service && \ echo "- containerd: v${CONTAINERD_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG RUNC_VERSION -RUN curl -L -o /out/bin/runc https://github.com/opencontainers/runc/releases/download/v${RUNC_VERSION}/runc.${TARGETARCH:-amd64} && \ +RUN fname="runc.${TARGETARCH:-amd64}" && \ + curl -o "${fname}" -fsSL "https://github.com/opencontainers/runc/releases/download/v${RUNC_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/runc-${RUNC_VERSION}" | sha256sum -c && \ + mv "${fname}" /out/bin/runc && \ chmod +x /out/bin/runc && \ echo "- runc: v${RUNC_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG CNI_PLUGINS_VERSION -RUN mkdir -p /out/libexec/cni && \ - curl -L https://github.com/containernetworking/plugins/releases/download/v${CNI_PLUGINS_VERSION}/cni-plugins-linux-${TARGETARCH:-amd64}-v${CNI_PLUGINS_VERSION}.tgz | tar xzvC /out/libexec/cni && \ +RUN fname="cni-plugins-${TARGETOS:-linux}-${TARGETARCH:-amd64}-v${CNI_PLUGINS_VERSION}.tgz" && \ + curl -o "${fname}" -fsSL "https://github.com/containernetworking/plugins/releases/download/v${CNI_PLUGINS_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/cni-plugins-${CNI_PLUGINS_VERSION}" | sha256sum -c && \ + mkdir -p /out/libexec/cni && \ + tar xzf "${fname}" -C /out/libexec/cni && \ + rm -f "${fname}" && \ echo "- CNI plugins: v${CNI_PLUGINS_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG CNI_ISOLATION_VERSION -RUN curl -L https://github.com/AkihiroSuda/cni-isolation/releases/download/v${CNI_ISOLATION_VERSION}/cni-isolation-${TARGETARCH:-amd64}.tgz | tar xzvC /out/libexec/cni && \ +RUN fname="cni-isolation-${TARGETARCH:-amd64}.tgz" && \ + curl -o "${fname}" -fsSL "https://github.com/AkihiroSuda/cni-isolation/releases/download/v${CNI_ISOLATION_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/cni-isolation-${CNI_ISOLATION_VERSION}" | sha256sum -c && \ + tar xzf "${fname}" -C /out/libexec/cni && \ + rm -f "${fname}" && \ echo "- CNI isolation plugin: v${CNI_ISOLATION_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG BUILDKIT_VERSION -RUN curl -L https://github.com/moby/buildkit/releases/download/v${BUILDKIT_VERSION}/buildkit-v${BUILDKIT_VERSION}.linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /out && \ - rm -f /out/bin/buildkit-qemu-* /out/bin/buildkit-runc && \ +RUN fname="buildkit-v${BUILDKIT_VERSION}.${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ + curl -o "${fname}" -fsSL "https://github.com/moby/buildkit/releases/download/v${BUILDKIT_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/buildkit-${BUILDKIT_VERSION}" | sha256sum -c && \ + tar xzf "${fname}" -C /out && \ + rm -f "${fname}" /out/bin/buildkit-qemu-* /out/bin/buildkit-runc && \ echo "- BuildKit: v${BUILDKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md # NOTE: github.com/moby/buildkit/examples/systemd is not included in BuildKit v0.8.x, will be included in v0.9.x RUN cd /out/lib/systemd/system && \ @@ -83,8 +104,14 @@ RUN cd /out/lib/systemd/system && \ echo "" >> buildkit.service && \ echo "# This file was converted from containerd.service, with \`sed -E '${sedcomm}'\`" >> buildkit.service ARG STARGZ_SNAPSHOTTER_VERSION -RUN curl -L https://github.com/containerd/stargz-snapshotter/releases/download/v${STARGZ_SNAPSHOTTER_VERSION}/stargz-snapshotter-v${STARGZ_SNAPSHOTTER_VERSION}-linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /out/bin && \ - curl -L -o /out/lib/systemd/system/stargz-snapshotter.service https://raw.githubusercontent.com/containerd/stargz-snapshotter/v${STARGZ_SNAPSHOTTER_VERSION}/script/config/etc/systemd/system/stargz-snapshotter.service && \ +RUN fname="stargz-snapshotter-v${STARGZ_SNAPSHOTTER_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ + curl -o "${fname}" -fsSL "https://github.com/containerd/stargz-snapshotter/releases/download/v${STARGZ_SNAPSHOTTER_VERSION}/${fname}" && \ + curl -o "stargz-snapshotter.service" -fsSL "https://raw.githubusercontent.com/containerd/stargz-snapshotter/v${STARGZ_SNAPSHOTTER_VERSION}/script/config/etc/systemd/system/stargz-snapshotter.service" && \ + grep "${fname}" "/SHA256SUMS.d/stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}" | sha256sum -c - && \ + grep "stargz-snapshotter.service" "/SHA256SUMS.d/stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}" | sha256sum -c - && \ + tar xzf "${fname}" -C /out/bin && \ + rm -f "${fname}" && \ + mv stargz-snapshotter.service /out/lib/systemd/system/stargz-snapshotter.service && \ echo "- Stargz Snapshotter: v${STARGZ_SNAPSHOTTER_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG IMGCRYPT_VERSION RUN git clone https://github.com/containerd/imgcrypt.git /go/src/github.com/containerd/imgcrypt && \ @@ -92,19 +119,32 @@ RUN git clone https://github.com/containerd/imgcrypt.git /go/src/github.com/cont CGO_ENABLED=0 make && DESTDIR=/out make install && \ echo "- imgcrypt: v${IMGCRYPT_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG ROOTLESSKIT_VERSION -RUN curl -L https://github.com/rootless-containers/rootlesskit/releases/download/v${ROOTLESSKIT_VERSION}/rootlesskit-$(uname -m).tar.gz | tar xzvC /out/bin && \ - rm -f /out/bin/rootlesskit-docker-proxy && \ +RUN fname="rootlesskit-$(uname -m).tar.gz" && \ + curl -o "${fname}" -fsSL "https://github.com/rootless-containers/rootlesskit/releases/download/v${ROOTLESSKIT_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/rootlesskit-${ROOTLESSKIT_VERSION}" | sha256sum -c && \ + tar xzf "${fname}" -C /out/bin && \ + rm -f "${fname}" /out/bin/rootlesskit-docker-proxy && \ echo "- RootlessKit: v${ROOTLESSKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG SLIRP4NETNS_VERSION -RUN curl -L -o /out/bin/slirp4netns https://github.com/rootless-containers/slirp4netns/releases/download/v${SLIRP4NETNS_VERSION}/slirp4netns-$(uname -m) && \ +RUN fname="slirp4netns-$(uname -m)" && \ + curl -o "${fname}" -fsSL "https://github.com/rootless-containers/slirp4netns/releases/download/v${SLIRP4NETNS_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/slirp4netns-${SLIRP4NETNS_VERSION}" | sha256sum -c && \ + mv "${fname}" /out/bin/slirp4netns && \ chmod +x /out/bin/slirp4netns && \ echo "- slirp4netns: v${SLIRP4NETNS_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG FUSE_OVERLAYFS_VERSION -RUN curl -L -o /out/bin/fuse-overlayfs https://github.com/containers/fuse-overlayfs/releases/download/v${FUSE_OVERLAYFS_VERSION}/fuse-overlayfs-$(uname -m) && \ +RUN fname="fuse-overlayfs-$(uname -m)" && \ + curl -o "${fname}" -fsSL "https://github.com/containers/fuse-overlayfs/releases/download/v${FUSE_OVERLAYFS_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/fuse-overlayfs-${FUSE_OVERLAYFS_VERSION}" | sha256sum -c && \ + mv "${fname}" /out/bin/fuse-overlayfs && \ chmod +x /out/bin/fuse-overlayfs && \ echo "- fuse-overlayfs: v${FUSE_OVERLAYFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG CONTAINERD_FUSE_OVERLAYFS_VERSION -RUN curl -L https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/v${CONTAINERD_FUSE_OVERLAYFS_VERSION}/containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}-linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /out/bin && \ +RUN fname="containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ + curl -o "${fname}" -fsSL "https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/v${CONTAINERD_FUSE_OVERLAYFS_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}" | sha256sum -c && \ + tar xzf "${fname}" -C /out/bin && \ + rm -f "${fname}" && \ echo "- containerd-fuse-overlayfs: v${CONTAINERD_FUSE_OVERLAYFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \ echo "## License" >> /out/share/doc/nerdctl-full/README.md && \ diff --git a/Dockerfile.d/SHA256SUMS.d/buildkit-0.8.2 b/Dockerfile.d/SHA256SUMS.d/buildkit-0.8.2 new file mode 100644 index 00000000000..dfc5cc87426 --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/buildkit-0.8.2 @@ -0,0 +1 @@ +d6d1ebc68806e626f31dd4ea17a406a93dcff14763971cd91b28cbaf3bfffcd4 buildkit-v0.8.2.linux-amd64.tar.gz diff --git a/Dockerfile.d/SHA256SUMS.d/cni-isolation-0.0.3 b/Dockerfile.d/SHA256SUMS.d/cni-isolation-0.0.3 new file mode 100644 index 00000000000..57afcaa28a9 --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/cni-isolation-0.0.3 @@ -0,0 +1,6 @@ +9f130b6c6d9fbcb8b962fe54f8c562efeb1b14686eb240125a1ab87e11ea5f21 cni-isolation-amd64.tgz +9364977a91fffb086bdfd24de4a999c38eacf0bfa0a82e7d136d8c2341333619 cni-isolation-arm.tgz +0fbc711e7338d0e7d195ed7cd52120a517182e4c2e9b9205db04ef36a145dc42 cni-isolation-arm64.tgz +5e8b1a045dc3efe16a1d59134aaede9ad44496907e40d9fcc1c907db5838204b cni-isolation-mips64le.tgz +5807817f725deef71d152193e7bd6e6e8f93adf74eb0a56c18e108286da7bf31 cni-isolation-ppc64le.tgz +aea168380eb7c80be16c97d843188121e2249f00b0cbbbba5179162a20ae389a cni-isolation-s390x.tgz diff --git a/Dockerfile.d/SHA256SUMS.d/cni-plugins-0.9.1 b/Dockerfile.d/SHA256SUMS.d/cni-plugins-0.9.1 new file mode 100644 index 00000000000..b8d75280906 --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/cni-plugins-0.9.1 @@ -0,0 +1 @@ +962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7 cni-plugins-linux-amd64-v0.9.1.tgz diff --git a/Dockerfile.d/SHA256SUMS.d/containerd-1.4.4 b/Dockerfile.d/SHA256SUMS.d/containerd-1.4.4 new file mode 100644 index 00000000000..1dc25574f0f --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/containerd-1.4.4 @@ -0,0 +1,2 @@ +2d93227ae882ce29671a863de124fe464a8b75387d69d8d618805572c8013ee8 containerd-1.4.4-linux-amd64.tar.gz +5ed152bbf73b86c5c290f3755ecf7373a282866b7e1407a4102d5be36026a288 containerd.service diff --git a/Dockerfile.d/SHA256SUMS.d/containerd-1.5.0-beta.4 b/Dockerfile.d/SHA256SUMS.d/containerd-1.5.0-beta.4 new file mode 100644 index 00000000000..e46e46d7d84 --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/containerd-1.5.0-beta.4 @@ -0,0 +1,2 @@ +725ce7465b3c007a081e1292a839c8e7aec8d5f58a99a1317ed2d87c512d7811 containerd-1.5.0-beta.4-linux-amd64.tar.gz +16a9e9fed866ad36246239582a1d72eb2f815b6b10298a8ae493dca72af71b31 containerd.service diff --git a/Dockerfile.d/SHA256SUMS.d/containerd-fuse-overlayfs-1.0.2 b/Dockerfile.d/SHA256SUMS.d/containerd-fuse-overlayfs-1.0.2 new file mode 100644 index 00000000000..d6e0b3097eb --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/containerd-fuse-overlayfs-1.0.2 @@ -0,0 +1,5 @@ +1f1e69f71b5ea568e93e40059af1b02a377ac0966d2acd27e4cce388a27af218 containerd-fuse-overlayfs-1.0.2-linux-amd64.tar.gz +870aa3171f07709c8d901760b0b72221e4efcd6c1cf22b22d353bda34008ee7d containerd-fuse-overlayfs-1.0.2-linux-arm-v7.tar.gz +7ade1a44d880b3fb8eaa3c5ff7d3890a43b777d06ec80439c9a51ae35626c83c containerd-fuse-overlayfs-1.0.2-linux-arm64.tar.gz +eaf9bdd3de4514546945ea93119acea2b7bfa55ced43766e20adabddd5d20978 containerd-fuse-overlayfs-1.0.2-linux-ppc64le.tar.gz +ab8e20a71a51506d485cd8ee3bd287e385eee0c81c3a7c4a1c2b5aa9bcf8ad84 containerd-fuse-overlayfs-1.0.2-linux-s390x.tar.gz diff --git a/Dockerfile.d/SHA256SUMS.d/fuse-overlayfs-1.5.0 b/Dockerfile.d/SHA256SUMS.d/fuse-overlayfs-1.5.0 new file mode 100644 index 00000000000..851f9544dec --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/fuse-overlayfs-1.5.0 @@ -0,0 +1,5 @@ +7cb4ec0269a6adf2bf8d89baadf5335e139d5d7c534c6f9cdd2e9ca71afbd784 fuse-overlayfs-aarch64 +d177e182d8080f44eb28c7874720b6c0bb6133fe16d1d506e7aac8650649c798 fuse-overlayfs-armv7l +dd15032d33cef20a535608f416f877ff5c7a70b11b38d222e87f3bf1e3a89656 fuse-overlayfs-ppc64le +55dabf52c26a08d7a1d56d4800317db4410ae1027833b6d510a89b59e867e406 fuse-overlayfs-s390x +53e54b2febf39ba6e67018294a7162bd6b4d18cb544ed7aff54c29ffb2791606 fuse-overlayfs-x86_64 diff --git a/Dockerfile.d/SHA256SUMS.d/rootlesskit-0.14.1 b/Dockerfile.d/SHA256SUMS.d/rootlesskit-0.14.1 new file mode 100644 index 00000000000..1bf0152c6a7 --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/rootlesskit-0.14.1 @@ -0,0 +1,5 @@ +1591b81b9f290b3d09c2ae608524bd5b474939ae56dd71a25d7756a22265de1f rootlesskit-aarch64.tar.gz +4d3794080a37b900ae7b14c32e625ae5a3c40f735d0698212c1149173fb29e62 rootlesskit-armv7l.tar.gz +34e14b2cf76324f227d1e5f5239a4620c51ec78fef7d342151c9812791725023 rootlesskit-ppc64le.tar.gz +ab31a2eda0746781c2c031149662a8cb0bde21df93904efff3bd09ab10d395f5 rootlesskit-s390x.tar.gz +8ce5a87fb7bee0a320a570a8467be7ec786893d3ad532c9a53396e430c445d5f rootlesskit-x86_64.tar.gz diff --git a/Dockerfile.d/SHA256SUMS.d/runc-1.0.0-rc93 b/Dockerfile.d/SHA256SUMS.d/runc-1.0.0-rc93 new file mode 100644 index 00000000000..0b5d9976e93 --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/runc-1.0.0-rc93 @@ -0,0 +1 @@ +9feaa82be15cb190cf0ed76fcb6d22841abd18088d275a47e894cd1e3a0ee4b6 runc.amd64 diff --git a/Dockerfile.d/SHA256SUMS.d/slirp4netns-1.1.9 b/Dockerfile.d/SHA256SUMS.d/slirp4netns-1.1.9 new file mode 100644 index 00000000000..1dd42965df2 --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/slirp4netns-1.1.9 @@ -0,0 +1,5 @@ +74253478ab5e18d5e2a1199f0f011454bdd3fa48112ef89c771a85c5c514e317 slirp4netns-aarch64 +9e74d2bc8f07dbc53376aeca6cb015b45c0cc89a139f95e51853f3168ae1a5ac slirp4netns-armv7l +85557a232cb78b5a4fd969f0af56424cd8bab4c9f4a594d2ed4b7e7dac0b44b5 slirp4netns-ppc64le +b707992edbd194143ca3bf7a031a1d2bc984ddbd3ca372d970e7257cd9cf31a3 slirp4netns-s390x +69c80cd0f8abc9618472958d238f15561da6a767472b11d022b86d3c33a42715 slirp4netns-x86_64 diff --git a/Dockerfile.d/SHA256SUMS.d/stargz-snapshotter-0.5.0 b/Dockerfile.d/SHA256SUMS.d/stargz-snapshotter-0.5.0 new file mode 100644 index 00000000000..3b5f6f67836 --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/stargz-snapshotter-0.5.0 @@ -0,0 +1,2 @@ +a800f1ef707443260df6ea2b0627edb404ecad67bbbefea81b997c4499555b02 stargz-snapshotter-v0.5.0-linux-amd64.tar.gz +f1cf855870af16a653d8acb9daa3edf84687c2c05323cb958f078fb148af3eec stargz-snapshotter.service diff --git a/pkg/testutil/testutil.go b/pkg/testutil/testutil.go index a98950d2193..cd468691830 100644 --- a/pkg/testutil/testutil.go +++ b/pkg/testutil/testutil.go @@ -273,10 +273,10 @@ func NewBase(t *testing.T) *Base { return base } -// use GCR mirror to avoid hitting Docker Hub rate limit +// TODO: do not use Docker Hub nor GCR mirror: https://github.com/containerd/nerdctl/issues/146 const ( - AlpineImage = "mirror.gcr.io/library/alpine:3.13" - NginxAlpineImage = "mirror.gcr.io/library/nginx:1.19-alpine" + AlpineImage = "alpine:3.13" + NginxAlpineImage = "nginx:1.19-alpine" NginxAlpineIndexHTMLSnippet = "Welcome to nginx!" - RegistryImage = "mirror.gcr.io/library/registry:2" + RegistryImage = "registry:2" )