diff options
Diffstat (limited to 'images')
| -rw-r--r-- | images/Makefile | 19 | ||||
| -rw-r--r-- | images/basic/mysql/Dockerfile | 2 | ||||
| -rw-r--r-- | images/basic/tomcat/Dockerfile.aarch64 | 1 | ||||
| -rw-r--r-- | images/benchmarks/httpd/Dockerfile | 2 | ||||
| -rw-r--r-- | images/benchmarks/nginx/Dockerfile | 11 | ||||
| -rw-r--r-- | images/benchmarks/nginx/nginx.conf | 19 | ||||
| -rw-r--r-- | images/benchmarks/nginx/nginx_gofer.conf | 19 | ||||
| -rw-r--r-- | images/defs.bzl | 34 | ||||
| -rw-r--r-- | images/jekyll/Dockerfile.x86_64 (renamed from images/jekyll/Dockerfile) | 7 | ||||
| -rwxr-xr-x | images/jekyll/build.sh | 22 | ||||
| -rw-r--r-- | images/packetdrill/Dockerfile | 2 | ||||
| -rw-r--r-- | images/packetimpact/Dockerfile | 10 |
12 files changed, 134 insertions, 14 deletions
diff --git a/images/Makefile b/images/Makefile index 278dec02f..12927c509 100644 --- a/images/Makefile +++ b/images/Makefile @@ -23,7 +23,7 @@ ARCH := $(shell uname -m) # tests are using locally-defined images (that are consistent and idempotent). REMOTE_IMAGE_PREFIX ?= gcr.io/gvisor-presubmit LOCAL_IMAGE_PREFIX ?= gvisor.dev/images -ALL_IMAGES := $(subst /,_,$(subst ./,,$(shell find . -name Dockerfile -exec dirname {} \;))) +ALL_IMAGES := $(subst /,_,$(subst ./,,$(shell find . -name Dockerfile -o -name Dockerfile.$(ARCH) | xargs -n 1 dirname | uniq))) ifneq ($(ARCH),$(shell uname -m)) DOCKER_PLATFORM_ARGS := --platform=$(ARCH) else @@ -51,6 +51,7 @@ load-%-images: # ensuring that images will always be sourced using the local files if there # are changes. path = $(subst _,/,$(1)) +dockerfile = $$(if [ -f "$(call path,$(1))/Dockerfile.$(ARCH)" ]; then echo Dockerfile.$(ARCH); else echo Dockerfile; fi) tag = $(shell find $(call path,$(1)) -type f -print | sort | xargs -n 1 sha256sum | sha256sum - | cut -c 1-16) remote_image = $(REMOTE_IMAGE_PREFIX)/$(subst _,/,$(1))_$(ARCH):$(call tag,$(1)) local_image = $(LOCAL_IMAGE_PREFIX)/$(subst _,/,$(1)) @@ -59,11 +60,17 @@ local_image = $(LOCAL_IMAGE_PREFIX)/$(subst _,/,$(1)) # we need to explicitly repull the base layer in order to ensure that the # architecture is correct. Note that we use the term "rebuild" here to avoid # conflicting with the bazel "build" terminology, which is used elsewhere. -rebuild-%: FROM=$(shell grep FROM $(call path,$*)/Dockerfile } cut -d' ' -f2) +rebuild-%: FROM=$(shell grep FROM "$(call path,$*)/$(call dockerfile,$*)" | cut -d' ' -f2) rebuild-%: register-cross - $(foreach IMAGE,$(FROM),docker $(DOCKER_PLATFORM_ARGS) $(IMAGE); &&) true + @if ! [ -f "$(call path,$*)/$(call dockerfile,$*)" ]; then \ + (echo "ERROR: Dockerfile for $* not found (is it available for $(ARCH)?)." >&2 && exit 1); \ + fi + $(foreach IMAGE,$(FROM),docker pull $(DOCKER_PLATFORM_ARGS) $(IMAGE) &&) \ T=$$(mktemp -d) && cp -a $(call path,$*)/* $$T && \ - docker build $(DOCKER_PLATFORM_ARGS) -t $(call remote_image,$*) $$T && \ + docker build $(DOCKER_PLATFORM_ARGS) \ + -f "$$T/$(call dockerfile,$*)" \ + -t "$(call remote_image,$*)" \ + $$T && \ rm -rf $$T # pull will check the "remote" image and pull if necessary. If the remote image @@ -73,10 +80,10 @@ pull-%: docker pull $(DOCKER_PLATFORM_ARGS) $(call remote_image,$*) # load will either pull the "remote" or build it locally. This is the preferred -# entrypoint, as it should never file. The local tag should always be set after +# entrypoint, as it should never fail. The local tag should always be set after # this returns (either by the pull or the build). load-%: - docker inspect $(call remote_image,$*) >/dev/null 2>&1 || $(MAKE) pull-$* || $(MAKE) rebuild-$* + $(MAKE) pull-$* || $(MAKE) rebuild-$* docker tag $(call remote_image,$*) $(call local_image,$*) # push pushes the remote image, after either pulling (to validate that the tag diff --git a/images/basic/mysql/Dockerfile b/images/basic/mysql/Dockerfile index 95da9c48d..d87bfe55b 100644 --- a/images/basic/mysql/Dockerfile +++ b/images/basic/mysql/Dockerfile @@ -1 +1 @@ -FROM mysql:8.0.19 +FROM mysql/mysql-server:8.0.19 diff --git a/images/basic/tomcat/Dockerfile.aarch64 b/images/basic/tomcat/Dockerfile.aarch64 new file mode 100644 index 000000000..ed4096de9 --- /dev/null +++ b/images/basic/tomcat/Dockerfile.aarch64 @@ -0,0 +1 @@ +FROM arm64v8/tomcat:8.0 diff --git a/images/benchmarks/httpd/Dockerfile b/images/benchmarks/httpd/Dockerfile index b72406012..e95538a40 100644 --- a/images/benchmarks/httpd/Dockerfile +++ b/images/benchmarks/httpd/Dockerfile @@ -8,7 +8,7 @@ RUN set -x \ # Generate a bunch of relevant files. RUN mkdir -p /local && \ - for size in 1 10 100 1000 1024 10240; do \ + for size in 1 10 100 1024 10240; do \ dd if=/dev/zero of=/local/latin${size}k.txt count=${size} bs=1024; \ done diff --git a/images/benchmarks/nginx/Dockerfile b/images/benchmarks/nginx/Dockerfile index b64eb52ae..c8e3330d0 100644 --- a/images/benchmarks/nginx/Dockerfile +++ b/images/benchmarks/nginx/Dockerfile @@ -1 +1,12 @@ FROM nginx:1.15.10 + +# Generate a bunch of relevant files. +RUN mkdir -p /local && \ + for size in 1 10 100 1024 10240; do \ + dd if=/dev/zero of=/local/latin${size}k.txt count=${size} bs=1024; \ + done + +RUN touch /local/index.html + +COPY ./nginx.conf /etc/nginx/nginx.conf +COPY ./nginx_gofer.conf /etc/nginx/nginx_gofer.conf diff --git a/images/benchmarks/nginx/nginx.conf b/images/benchmarks/nginx/nginx.conf new file mode 100644 index 000000000..2c43c0cda --- /dev/null +++ b/images/benchmarks/nginx/nginx.conf @@ -0,0 +1,19 @@ +user nginx; +worker_processes 1; +daemon off; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + + +http { + server { + location / { + root /tmp/html; + } + } +} diff --git a/images/benchmarks/nginx/nginx_gofer.conf b/images/benchmarks/nginx/nginx_gofer.conf new file mode 100644 index 000000000..dbba2a575 --- /dev/null +++ b/images/benchmarks/nginx/nginx_gofer.conf @@ -0,0 +1,19 @@ +user nginx; +worker_processes 1; +daemon off; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + + +http { + server { + location / { + root /local; + } + } +} diff --git a/images/defs.bzl b/images/defs.bzl new file mode 100644 index 000000000..c1f96e312 --- /dev/null +++ b/images/defs.bzl @@ -0,0 +1,34 @@ +"""Helpers for Docker image generation.""" + +def _docker_image_impl(ctx): + importer = ctx.actions.declare_file(ctx.label.name) + + importer_content = [ + "#!/bin/bash", + "set -euo pipefail", + "source_file='%s'" % ctx.file.data.path, + "if [[ ! -f \"$source_file\" ]]; then", + " source_file='%s'" % ctx.file.data.short_path, + "fi", + "exec docker import " + " ".join([ + "-c '%s'" % attr + for attr in ctx.attr.statements + ]) + " \"$source_file\" $1", + "", + ] + + ctx.actions.write(importer, "\n".join(importer_content), is_executable = True) + return [DefaultInfo( + runfiles = ctx.runfiles([ctx.file.data]), + executable = importer, + )] + +docker_image = rule( + implementation = _docker_image_impl, + doc = "Tool to import a Docker image; takes a single parameter (image name).", + attrs = { + "statements": attr.string_list(doc = "Extra Dockerfile directives."), + "data": attr.label(doc = "Image filesystem tarball", allow_single_file = [".tgz", ".tar.gz"]), + }, + executable = True, +) diff --git a/images/jekyll/Dockerfile b/images/jekyll/Dockerfile.x86_64 index ba039ba15..ae19f3bfc 100644 --- a/images/jekyll/Dockerfile +++ b/images/jekyll/Dockerfile.x86_64 @@ -1,5 +1,6 @@ FROM jekyll/jekyll:4.0.0 USER root + RUN gem install \ html-proofer:3.10.2 \ nokogiri:1.10.1 \ @@ -10,5 +11,9 @@ RUN gem install \ jekyll-relative-links:0.6.1 \ jekyll-feed:0.13.0 \ jekyll-sitemap:1.4.0 + +# checks.rb is used with html-proofer for presubmit checks. COPY checks.rb /checks.rb -CMD ["/usr/gem/gems/jekyll-4.0.0/exe/jekyll", "build", "-t", "-s", "/input", "-d", "/output"] + +COPY build.sh /build.sh +CMD ["/build.sh"] diff --git a/images/jekyll/build.sh b/images/jekyll/build.sh new file mode 100755 index 000000000..010972ea6 --- /dev/null +++ b/images/jekyll/build.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# Copyright 2020 The gVisor Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -euxo pipefail + +# Generate the syntax highlighting css file. +/usr/gem/bin/rougify style github >/input/_sass/syntax.css +# Build website including pages irrespective of date. +/usr/gem/bin/jekyll build --future -t -s /input -d /output diff --git a/images/packetdrill/Dockerfile b/images/packetdrill/Dockerfile index 01296dbaf..b4cd73006 100644 --- a/images/packetdrill/Dockerfile +++ b/images/packetdrill/Dockerfile @@ -1,8 +1,8 @@ FROM ubuntu:bionic RUN apt-get update && apt-get install -y net-tools git iptables iputils-ping \ netcat tcpdump jq tar bison flex make +# Pick up updated git. RUN hash -r RUN git clone --depth 1 --branch packetdrill-v2.0 \ https://github.com/google/packetdrill.git RUN cd packetdrill/gtests/net/packetdrill && ./configure && make -CMD /bin/bash diff --git a/images/packetimpact/Dockerfile b/images/packetimpact/Dockerfile index 87aa99ef2..906d5cdd6 100644 --- a/images/packetimpact/Dockerfile +++ b/images/packetimpact/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:bionic +FROM ubuntu:focal RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ # iptables to disable OS native packet processing. iptables \ @@ -11,6 +11,8 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ # tshark to log verbose packet sniffing. tshark \ # killall for cleanup. - psmisc -RUN hash -r -CMD /bin/bash + psmisc \ + # qemu-system-x86 to emulate fuchsia. + qemu-system-x86 \ + # sha1sum to generate entropy. + libdigest-sha-perl |