Skip to content

Commit

Permalink
fix: image reproducibility with finalize
Browse files Browse the repository at this point in the history
See tonistiigi/fsutil#207

The result of this issue is that we can't use `finalize` steps where
destination is a directory, so refactor things to pull in such steps
into the `install` step.

Signed-off-by: Andrey Smirnov <[email protected]>
  • Loading branch information
smira committed Sep 16, 2024
1 parent 39d2f20 commit 11f48c5
Show file tree
Hide file tree
Showing 17 changed files with 68 additions and 53 deletions.
6 changes: 4 additions & 2 deletions container-runtime/crun/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ steps:
mkdir -p /rootfs/usr/local/bin
cp -av crun /rootfs/usr/local/bin/crun
chmod +x /rootfs/usr/local/bin/crun
- |
mkdir -p /rootfs/etc/cri/conf.d
cp /pkg/crun.part /rootfs/etc/cri/conf.d/crun.part
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -36,5 +40,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/crun.part
to: /rootfs/etc/cri/conf.d/crun.part
13 changes: 5 additions & 8 deletions container-runtime/gvisor/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@ steps:
cp ./bin/containerd-shim-runsc-v1 /rootfs/usr/local/bin/containerd-shim-runsc-v1
chmod +x /rootfs/usr/local/bin/containerd-shim-runsc-v1
- |
mkdir -p /rootfs/etc/cri/conf.d
cp /pkg/gvisor.part /pkg/runsc.toml /pkg/gvisor-kvm.part /pkg/runsc-kvm.toml /rootfs/etc/cri/conf.d/
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -55,11 +60,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/gvisor.part
to: /rootfs/etc/cri/conf.d/gvisor.part
- from: /pkg/runsc.toml
to: /rootfs/etc/cri/conf.d/runsc.toml
- from: /pkg/gvisor-kvm.part
to: /rootfs/etc/cri/conf.d/gvisor-kvm.part
- from: /pkg/runsc-kvm.toml
to: /rootfs/etc/cri/conf.d/runsc-kvm.toml
10 changes: 6 additions & 4 deletions container-runtime/kata-containers/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,12 @@ steps:
- |
cd ${GOPATH}/src/github.com/kata-containers/src/runtime
cp containerd-shim-kata-v2 /rootfs/usr/local/bin/containerd-shim-kata-v2
- |
mkdir -p /rootfs/etc/cri/conf.d
cp /pkg/kata-containers.part /rootfs/etc/cri/conf.d/kata-containers.part
mkdir -p /rootfs/usr/local/share/kata-containers
cp /pkg/configuration.toml /rootfs/usr/local/share/kata-containers/configuration.toml
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -70,7 +76,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/kata-containers.part
to: /rootfs/etc/cri/conf.d/kata-containers.part
- from: /pkg/configuration.toml
to: /rootfs/usr/local/share/kata-containers/configuration.toml
5 changes: 3 additions & 2 deletions container-runtime/spin/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ steps:
mkdir -p /rootfs/usr/local/bin
tar xf containerd-shim-spin.tar.gz -C /rootfs/usr/local/bin
- |
mkdir -p /rootfs/etc/cri/conf.d
cp /pkg/spin.part /rootfs/etc/cri/conf.d/spin.part
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -35,5 +38,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/spin.part
to: /rootfs/etc/cri/conf.d/spin.part
15 changes: 9 additions & 6 deletions container-runtime/stargz-snapshotter/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,15 @@ steps:
cp ./out/ctr-remote /rootfs/usr/local/lib/containers/stargz-snapshotter/ctr-remote
chmod +x /rootfs/usr/local/lib/containers/stargz-snapshotter/ctr-remote
- |
mkdir -p /rootfs/etc/cri/conf.d
cp /pkg/stargz-snapshotter.part /rootfs/etc/cri/conf.d/stargz-snapshotter.part
mkdir -p /rootfs/usr/local/etc/containerd-stargz-grpc
cp /pkg/config.toml /rootfs/usr/local/etc/containerd-stargz-grpc/config.toml
mkdir -p /rootfs/usr/local/etc/containers
cp /pkg/stargz-snapshotter.yaml /rootfs/usr/local/etc/containers/
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -52,9 +61,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/stargz-snapshotter.part
to: /rootfs/etc/cri/conf.d/stargz-snapshotter.part
- from: /pkg/config.toml
to: /rootfs/usr/local/etc/containerd-stargz-grpc/config.toml
- from: /pkg/stargz-snapshotter.yaml
to: /rootfs/usr/local/etc/containers/
7 changes: 4 additions & 3 deletions examples/hello-world-service/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,13 @@ steps:
CGO_ENABLED=0 go build -o ./hello-world .
install:
- |
mkdir -p /rootfs/usr/local/etc/containers
mkdir -p /rootfs/usr/local/lib/containers/hello-world
cp -p /pkg/src/hello-world /rootfs/usr/local/lib/containers/hello-world/
- |
mkdir -p /rootfs/usr/local/etc/containers
cp /pkg/hello-world.yaml /rootfs/usr/local/etc/containers/
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -35,5 +38,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/hello-world.yaml
to: /rootfs/usr/local/etc/containers/
5 changes: 3 additions & 2 deletions guest-agents/qemu-guest-agent/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@ steps:
rmdir /rootfs/usr/local/share
rmdir /rootfs/var/run
rmdir /rootfs/var
- |
mkdir -p /rootfs/usr/local/etc/containers
cp /pkg/qemu-guest-agent.yaml /rootfs/usr/local/etc/containers/
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -74,5 +77,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/qemu-guest-agent.yaml
to: /rootfs/usr/local/etc/containers/
6 changes: 4 additions & 2 deletions guest-agents/xen-guest-agent/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,10 @@ steps:
containerRoot=/rootfs/usr/local/lib/containers/xen-guest-agent
mkdir -p "$containerRoot"
mv target/{{ .ARCH }}-alpine-linux-musl/release/xen-guest-agent "$containerRoot/xen-guest-agent"
- |
mkdir -p /rootfs/usr/local/etc/containers
cp /pkg/xen-guest-agent.yaml /rootfs/usr/local/etc/containers/
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -43,5 +47,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/xen-guest-agent.yaml
to: /rootfs/usr/local/etc/containers/
5 changes: 3 additions & 2 deletions network/tailscale/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ steps:
cp -pr dist/tailscale /rootfs/usr/local/lib/containers/tailscale/usr/local/bin
cp -pr dist/tailscaled /rootfs/usr/local/lib/containers/tailscale/usr/local/bin
cp -pr dist/containerboot /rootfs/usr/local/lib/containers/tailscale/usr/local/bin
- |
mkdir -p /rootfs/usr/local/etc/containers
cp /pkg/tailscale.yaml /rootfs/usr/local/etc/containers/
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -48,5 +51,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/tailscale.yaml
to: /rootfs/usr/local/etc/containers/
6 changes: 3 additions & 3 deletions nvidia-gpu/nvidia-container-toolkit/lts/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ steps:
sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
install:
- |
mkdir -p /rootfs
mkdir -p /rootfs/usr/local/etc/containers
cp /pkg/nvidia-persistenced.yaml /rootfs/usr/local/etc/containers/nvidia-persistenced.yaml
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -28,7 +30,5 @@ steps:
finalize:
- from: /rootfs
to: /rootfs
- from: /pkg/nvidia-persistenced.yaml
to: /rootfs/usr/local/etc/containers/nvidia-persistenced.yaml
- from: /pkg/manifest.yaml
to: /
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,12 @@ steps:
ln -sv nvidia-container-runtime-wrapper /rootfs/usr/local/bin/$(basename $clean_file)
cp $clean_file /rootfs/usr/local/bin/$(basename $clean_file).real
done
- |
mkdir -p /rootfs/etc/cri/conf.d
cp /pkg/nvidia-container-runtime.part /rootfs/etc/cri/conf.d/nvidia-container-runtime.part
mkdir -p /rootfs/usr/local/etc/nvidia-container-runtime
cp /pkg/nvidia-container-runtime.toml /rootfs/usr/local/etc/nvidia-container-runtime/config.toml
finalize:
- from: /rootfs
to: /rootfs
- from: /pkg/nvidia-container-runtime.part
to: /rootfs/etc/cri/conf.d/nvidia-container-runtime.part
- from: /pkg/nvidia-container-runtime.toml
to: /rootfs/usr/local/etc/nvidia-container-runtime/config.toml
5 changes: 2 additions & 3 deletions nvidia-gpu/nvidia-container-toolkit/production/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ steps:
sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
install:
- |
mkdir -p /rootfs
mkdir -p /rootfs/usr/local/etc/containers
cp /pkg/nvidia-persistenced.yaml /rootfs/usr/local/etc/containers/nvidia-persistenced.yaml
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -28,7 +29,5 @@ steps:
finalize:
- from: /rootfs
to: /rootfs
- from: /pkg/nvidia-persistenced.yaml
to: /rootfs/usr/local/etc/containers/nvidia-persistenced.yaml
- from: /pkg/manifest.yaml
to: /
4 changes: 2 additions & 2 deletions nvidia-gpu/nvidia-fabricmanager/lts/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ steps:
cp etc/fabricmanager.cfg /rootfs/usr/local/share/nvidia/nvswitch/
cp /pkg/nvidia-fabricmanager.yaml /rootfs/usr/local/etc/containers/nvidia-fabricmanager.yaml
sed -i 's/DAEMONIZE=.*/DAEMONIZE=0/g' /rootfs/usr/local/share/nvidia/nvswitch/fabricmanager.cfg
sed -i 's/STATE_FILE_NAME=.*/STATE_FILE_NAME=\/var\/run\/nvidia-fabricmanager\/fabricmanager.state/g' /rootfs/usr/local/share/nvidia/nvswitch/fabricmanager.cfg
sed -i 's/TOPOLOGY_FILE_PATH=.*/TOPOLOGY_FILE_PATH=\/usr\/local\/share\/nvidia\/nvswitch/g' /rootfs/usr/local/share/nvidia/nvswitch/fabricmanager.cfg
Expand All @@ -53,7 +55,5 @@ steps:
finalize:
- from: /rootfs
to: /rootfs
- from: /pkg/nvidia-fabricmanager.yaml
to: /rootfs/usr/local/etc/containers/nvidia-fabricmanager.yaml
- from: /pkg/manifest.yaml
to: /
4 changes: 2 additions & 2 deletions nvidia-gpu/nvidia-fabricmanager/production/lts/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ steps:
cp etc/fabricmanager.cfg /rootfs/usr/local/share/nvidia/nvswitch/
cp /pkg/nvidia-fabricmanager.yaml /rootfs/usr/local/etc/containers/nvidia-fabricmanager.yaml
sed -i 's/DAEMONIZE=.*/DAEMONIZE=0/g' /rootfs/usr/local/share/nvidia/nvswitch/fabricmanager.cfg
sed -i 's/STATE_FILE_NAME=.*/STATE_FILE_NAME=\/var\/run\/nvidia-fabricmanager\/fabricmanager.state/g' /rootfs/usr/local/share/nvidia/nvswitch/fabricmanager.cfg
sed -i 's/TOPOLOGY_FILE_PATH=.*/TOPOLOGY_FILE_PATH=\/usr\/local\/share\/nvidia\/nvswitch/g' /rootfs/usr/local/share/nvidia/nvswitch/fabricmanager.cfg
Expand All @@ -53,7 +55,5 @@ steps:
finalize:
- from: /rootfs
to: /rootfs
- from: /pkg/nvidia-fabricmanager.yaml
to: /rootfs/usr/local/etc/containers/nvidia-fabricmanager.yaml
- from: /pkg/manifest.yaml
to: /
5 changes: 3 additions & 2 deletions power/nut-client/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,9 @@ steps:
rm -rf /rootfs/usr/local/etc
rm -rf /rootfs/usr/local/lib/nut
rm -rf /rootfs/usr/local/sbin
- |
mkdir -p /rootfs/usr/local/etc/containers
cp /pkg/nut-client.yaml /rootfs/usr/local/etc/containers/
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -91,5 +94,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/nut-client.yaml
to: /rootfs/usr/local/etc/containers/
9 changes: 5 additions & 4 deletions storage/iscsi-tools/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,18 @@ steps:
# cleanup
rm -rf /rootfs/usr/local/include
rm -rf /rootfs/usr/share
- |
mkdir -p /rootfs/usr/local/etc/containers
cp /pkg/iscsid.yaml /rootfs/usr/local/etc/containers/iscsid.yaml
cp /pkg/tgtd.yaml /rootfs/usr/local/etc/containers/tgtd.yaml
test:
- |
mkdir -p /extensions-validator-rootfs
cp -r /rootfs/ /extensions-validator-rootfs/rootfs
cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
/extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
finalize:
- from: /pkg/iscsid.yaml
to: /rootfs/usr/local/etc/containers/iscsid.yaml
- from: /pkg/tgtd.yaml
to: /rootfs/usr/local/etc/containers/tgtd.yaml
- from: /rootfs
to: /rootfs
- from: /pkg/manifest.yaml
Expand Down
6 changes: 4 additions & 2 deletions storage/zfs/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ steps:
mkdir -p /rootfs/lib/modules /rootfs/usr/local/lib/containers/zpool-importer
cp -R /lib/modules/* /rootfs/lib/modules
- |
mkdir -p /rootfs/usr/local/lib/containers
cp /pkg/zpool-importer.yaml /rootfs/usr/local/lib/containers/zpool-importer.yaml
test:
- |
mkdir -p /extensions-validator-rootfs
Expand All @@ -29,5 +33,3 @@ finalize:
to: /rootfs
- from: /pkg/manifest.yaml
to: /
- from: /pkg/zpool-importer.yaml
to: /rootfs/usr/local/etc/containers/zpool-importer.yaml

0 comments on commit 11f48c5

Please sign in to comment.