| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This function is still useful for the dev environment.
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
|
| |
|
|
| |
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Better support for cross compilation so we can fully rely
on `--platform` flag of buildx for a seamless integration.
This removes unnecessary extra cross logic in the Dockerfile,
DOCKER_CROSSPLATFORMS and CROSS vars and some hack scripts as well.
Non-sandboxed build invocation is still supported and dev stages
in the Dockerfile have been updated accordingly.
Bake definition and GitHub Actions workflows have been updated
accordingly as well.
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
| |
Current Dockerfile downloads vpnkit for both linux/amd64
and linux/arm64 platforms even if target platform does not
match. This change will download vpnkit only if target
platform matches, otherwise it will just use a dummy scratch
stage.
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script to build (static)binaries also generated checksums for all binaries
and scripts included. These checksums were not used, and not included when
releasing packages (which are a `tar.gz` for which a separate checksum would
be generated).
Removing these checksums, as they're unused, and complicated using these
artifacts for packagers (who would have to exclude them after building).
Before this:
```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .
tree bundles
bundles
└── binary-daemon
├── containerd
├── containerd-shim-runc-v2
├── containerd-shim-runc-v2.md5
├── containerd-shim-runc-v2.sha256
├── containerd.md5
├── containerd.sha256
├── ctr
├── ctr.md5
├── ctr.sha256
├── docker-init
├── docker-init.md5
├── docker-init.sha256
├── docker-proxy
├── docker-proxy.md5
├── docker-proxy.sha256
├── dockerd
├── dockerd-rootless-setuptool.sh
├── dockerd-rootless-setuptool.sh.md5
├── dockerd-rootless-setuptool.sh.sha256
├── dockerd-rootless.sh
├── dockerd-rootless.sh.md5
├── dockerd-rootless.sh.sha256
├── dockerd.md5
├── dockerd.sha256
├── rootlesskit
├── rootlesskit-docker-proxy
├── rootlesskit-docker-proxy.md5
├── rootlesskit-docker-proxy.sha256
├── rootlesskit.md5
├── rootlesskit.sha256
├── runc
├── runc.md5
├── runc.sha256
├── vpnkit
├── vpnkit.md5
└── vpnkit.sha256
1 directory, 36 files
```
After this:
```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .
tree bundles
bundles
└── binary-daemon
├── containerd
├── containerd-shim-runc-v2
├── ctr
├── docker-init
├── docker-proxy
├── dockerd
├── dockerd-rootless-setuptool.sh
├── dockerd-rootless.sh
├── rootlesskit
├── rootlesskit-docker-proxy
├── runc
└── vpnkit
1 directory, 12 files
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There may have been some historic reason for doing this, but I couldn't find
a practical use for building the (some) binaries with a version (default: "dev")
included, only to use a symlink to refer to the actual binary.
This patch removes the "${VERSION}" from the binary names in bundles, and
removes the code that created symlinks for them.
Before this patch:
```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .
tree bundles
bundles
└── binary-daemon
├── containerd
├── containerd-shim-runc-v2
├── containerd-shim-runc-v2.md5
├── containerd-shim-runc-v2.sha256
├── containerd.md5
├── containerd.sha256
├── ctr
├── ctr.md5
├── ctr.sha256
├── docker-init
├── docker-init.md5
├── docker-init.sha256
├── docker-proxy -> docker-proxy-22.06.0-beta.1
├── docker-proxy-22.06.0-beta.1
├── docker-proxy-22.06.0-beta.1.md5
├── docker-proxy-22.06.0-beta.1.sha256
├── dockerd -> dockerd-22.06.0-beta.1
├── dockerd-22.06.0-beta.1
├── dockerd-22.06.0-beta.1.md5
├── dockerd-22.06.0-beta.1.sha256
├── dockerd-rootless-setuptool.sh
├── dockerd-rootless-setuptool.sh.md5
├── dockerd-rootless-setuptool.sh.sha256
├── dockerd-rootless.sh
├── dockerd-rootless.sh.md5
├── dockerd-rootless.sh.sha256
├── rootlesskit
├── rootlesskit-docker-proxy
├── rootlesskit-docker-proxy.md5
├── rootlesskit-docker-proxy.sha256
├── rootlesskit.md5
├── rootlesskit.sha256
├── runc
├── runc.md5
├── runc.sha256
├── vpnkit
├── vpnkit.md5
└── vpnkit.sha256
1 directory, 38 files
```
After this patch:
```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .
tree bundles
bundles
└── binary-daemon
├── containerd
├── containerd-shim-runc-v2
├── containerd-shim-runc-v2.md5
├── containerd-shim-runc-v2.sha256
├── containerd.md5
├── containerd.sha256
├── ctr
├── ctr.md5
├── ctr.sha256
├── docker-init
├── docker-init.md5
├── docker-init.sha256
├── docker-proxy
├── docker-proxy.md5
├── docker-proxy.sha256
├── dockerd
├── dockerd-rootless-setuptool.sh
├── dockerd-rootless-setuptool.sh.md5
├── dockerd-rootless-setuptool.sh.sha256
├── dockerd-rootless.sh
├── dockerd-rootless.sh.md5
├── dockerd-rootless.sh.sha256
├── dockerd.md5
├── dockerd.sha256
├── rootlesskit
├── rootlesskit-docker-proxy
├── rootlesskit-docker-proxy.md5
├── rootlesskit-docker-proxy.sha256
├── rootlesskit.md5
├── rootlesskit.sha256
├── runc
├── runc.md5
├── runc.sha256
├── vpnkit
├── vpnkit.md5
└── vpnkit.sha256
1 directory, 36 files
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
| |
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| |
|
|
| |
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
|
| |
|
|
| |
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| |
|
|
|
|
|
|
| |
Usage: `dockerd-rootless-setuptool.sh install --force` .
See `--help` for further information.
Co-authored-by: Tianon Gravi <admwiggin@gmail.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| |
|
|
|
|
|
| |
The containerd.installer was updated to also copy `containerd-shim-runc-v2`,
but `hack/make/binary-daemon` did not copy it to the bundles directory.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
| |
git grep --name-only '^#!' | egrep -v '(vendor|\.go|Jenkinsfile)' | xargs shfmt -w -bn -ci -sr
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| |
|
|
|
|
|
|
|
| |
- Add quotes to prevent word splitting in `cp` statement (SC2046)
- Replace legacy back tics with `$()`
- Replace `which` with `command -v` (SC2230)
- Fix incorrect (`==`) comparison
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Now `docker run -p` ports can be exposed to the host namespace automatically when `dockerd-rootless.sh` is launched with
`--userland-proxy --userland-proxy-path $(which rootlesskit-docker-proxy)`.
This is akin to how Docker for Mac/Win works with `--userland-proxy-path=/path/to/vpnkit-expose-port`.
The port number on the host namespace needs to be set to >= 1024.
SCTP ports are currently unsupported.
RootlessKit changes: https://github.com/rootless-containers/rootlesskit/compare/7bbbc48a6f906633a9b12783b957f4c3aa037d33...ed2671442965115b84ecf82d4831cc48747d89b8
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
|
| |
|
| |
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Please refer to `docs/rootless.md`.
TLDR:
* Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you
* `dockerd-rootless.sh --experimental`
* `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
|
| |
|
|
|
|
| |
This reverts commit 297b30df5ff4deaaedb6ceb17d7bd2e306a580ab.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
|
|
|
|
|
| |
These scripts explicitly use Bash, so we should be able to use
`[[` instead of `[` (which seems to be recommended).
Also added curly brackets to some bare variables, and quoted some paths.
This makes my IDE a bit more silent :-)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
| |
Signed-off-by: Tibor Vass <tibor@docker.com>
|
| |
|
|
| |
Signed-off-by: Daniel Nephin <dnephin@docker.com>
|
| |
|
|
| |
Signed-off-by: Daniel Nephin <dnephin@docker.com>
|
| |
|
|
|
|
| |
This is especially important for distributions like NixOS where `/bin/bash` doesn't exist, or for MacOS users who've installed a newer version of Bash than the one that comes with their OS.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
|
| |
|
|
|
|
|
| |
This means we can vendor libnetwork without special casing, and
it is built the same way as the other external binaries.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces memory usage with a lot of docker proxy processes.
On Docker for Mac we are currently carrying a patch to replace
the binary as we modify it to forward ports to the Mac rather
than the Linux VM, this allows us to simply replace this binary
in our packaging with one that has a compatible interface. This
patch does not provide an easy way to substitute a binary as
the interface is complex and there are few use cases, but where
needed this can be done.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
|
| |
|
|
|
|
|
|
| |
This installs docker and dockerd to `$DOCKER_MAKE_INSTALL_PREFIX/bin`, which
defaults to `/usr/local/bin`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
| |
Signed-off-by: John Howard <jhoward@microsoft.com>
|
| |
|
|
| |
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
|
|
|
Add a proxy to support 'docker daemon'
Fix configFile option, and remove a test that is no longer relevant.
Remove daemon build tag.
Remove DOCKER_CLIENTONLY from build scripts.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Change docker-daemon to dockerd.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
|
