This updates the versions of the frozen images used to their current
version. The original reason for updating these images was to make sure
they are not affected by [CVE-2016-1252 / DSA-3733-1](https://lwn.net/Articles/709119/),
which is fixed in apt 1.0.9.8.4 and up.
Note that `CVE-2016-1252` won't affect our test-suite, because no packages
are installed during out tests. It is just "good practice" to keep these
images up to date.
The `debian:jessie`, and `buildpack-deps:jessie` in `Dockerfile.s390x`,
and `Dockerfile.armhf` have not been updated in this patch, because
those images have not yet been updated to contain apt 1.0.9.8.4.
While working on this, the `busybox` and `hello-world` were also updated
to their latest version.
Also removes a reference to `hack/make/.ensure-frozen-images`, which
was removed in ff91276d1f.
The new busybox image has one layer less than the original,
so updated `TestBuildSquashParent` to take that into account.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This drops support for migrations from pre-1.10 Docker versions, which
should be done via an external tool or an intermediate upgrade.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
With commit ee59f25c2d we changed from
gcc-go to golang 1.7. By switching to debian we can reduce the base
layer from 1.4 GB to around 130 MB.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
There is no reason to duplicate efforts and tini is well built and
better than grimes. It is a much stronger option for the default init
and @krallin has done a great job maintaining it and helping make
changes so that it will work with Docker.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
this switches all go download links to use a redirect,
https://golang.org/dl/ instead of the direct source.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
This means we can vendor libnetwork without special casing, and
it is built the same way as the other external binaries.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
We finally have a s390x binary tarball for go on "storage.googleapis.com".
So use this instead of bootstrapping with gccgo.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
With golang version 1.7 the s390x architecture is officially supported.
To be in sync with the other architectures now switch also for s390x
from gccgo 6.1 to golang:
- golang: build and install to /usr/src/go
* Download golang-1.7 sources
* Bootstrap with gccgo 6.1
- go lint: Sync GO_LINT_COMMIT with other Dockerfiles
- notary: Remove GO15VENDOREXPERIMENT and softlink hack
With this patch the current CI on s390x completes with:
- OK: 1375 passed, 43 skipped
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
When #24648 was merged, only the main Dockerfile was updated with the
new containerd commit, this commit brings the other Dockerfile up to
speed.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This version introduces the following:
- uses nanosecond timestamps for event
- ensure events are sent once their effect is "live"
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This updates containerd to b93a33be39bc4ef0fb00bfcb79147a28c33d9d43
fixing the start sync issues.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Due to the issue of go-md2man, a numbered list in `man docker login` was not rendered correctly.
a8f937e113
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
We have to wait until runc version (RUNC_COMMIT) is bumped.
Otherwise we get the following error:
oci runtime error: string SCMP_ARCH_S390 is not a valid
arch for seccomp
Fixes: bf2a577c13 ("Enable seccomp for s390x")
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
This bumps containerd to cf554d59dd96e459544748290eb9167f4bcde509 and
includes various fixes and updates the grpc package and types generated
for use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
