docker scan was deprecated in favor of docker scout, so we can stop
building it as part of the 24.0 release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This verify step is primarily intended to verify that dependencies
are defined correctly, and available on the given distro.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows easier building without having to specify if an "rpm" or "deb"
needs to be built.
Before this patch:
make -C rpm centos-8
make -C deb ubuntu-focal
With this patch applied:
make centos-8
make ubuntu-focal
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows passing `CONTAINERD_VERSION` and `RUNC_VERSION` make vars
to override the default version in the upstream repository's Dockerfile.
With this, it's easier to make the static packages match the latest
released `containerd.io` deb/rpm (which are used by the .deb and .rpm
docker-ce packages), without having to modify the upstream moby repository.
Currently, this uses the DOCKER_BUILD_OPTS make variable, which is available
in the moby Makefile, but work is in progress to add `CONTAINERD_VERSION`
and `RUNC_VERSION` make variables in the upstream repository. Once those
changes are merged, we can update the makefile in this repository accordingly.
With this patch:
If `RUNC_VERSION` and `CONTAINERD_VERSION` are not passed, the defaults are used:
$ make \
DOCKER_BUILD_PKGS=static-linux \
REF=v20.10.8 \
VERSION=v20.10.8 \
static
$ docker run --rm -v $(pwd)/static/build/linux/docker/:/docker alpine sh -c '/docker/containerd --version && /docker/runc --version'
containerd github.com/containerd/containerd v1.4.9 e25210fe30a0a703442421b0f60afac609f950a3
runc version 1.0.1
commit: v1.0.1-0-g4144b638
spec: 1.0.2-dev
go: go1.16.8
libseccomp: 2.4.4
Passing the `RUNC_VERSION` and `CONTAINERD_VERSION` vars overrides the version
of containerd and runc:
$ make \
DOCKER_BUILD_PKGS=static-linux \
REF=v20.10.8 \
VERSION=v20.10.8 \
RUNC_VERSION=v1.0.2 \
CONTAINERD_VERSION=v1.4.10 \
static
$ docker run --rm -v $(pwd)/static/build/linux/docker/:/docker alpine sh -c '/docker/containerd --version && /docker/runc --version'
containerd github.com/containerd/containerd v1.4.10 8848fdb7c4ae3815afcc990a8a99d663dda1b590
runc version 1.0.2
commit: v1.0.2-0-g52b36a2d
spec: 1.0.2-dev
go: go1.16.8
libseccomp: 2.4.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Since we are building arm on arm64 machines we have to specify the desired platform
and not rely on the host's architecture.
Also when building arm on arm64 machines, there can be issues with cgo.
So this patch makes sure CGO_ENABLED env var gets passed on as a build arg.
Signed-off-by: Tibor Vass <tibor@docker.com>
fetching a tag ref does not download the tag itself.
This patch makes sure that the tag (or branch) is downloaded otherwise
fallsback to fetching the commit hash as it did before.
Co-Authored-By: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this change:
make clean
time make checkout
git clone -q "https://github.com/docker/cli.git" src/github.com/docker/cli
git clone -q "https://github.com/docker/docker.git" src/github.com/docker/docker
69.16 real 15.69 user 9.69 sys
After this change:
make clean
time make checkout
...
From https://github.com/docker/docker
* branch HEAD -> FETCH_HEAD
git -C src/github.com/docker/docker checkout -q FETCH_HEAD
14.73 real 1.35 user 2.37 sys
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This should prevent situations where the target directory
does not yet exist when make is called.
given the following makefile:
DIRECT := $(realpath ./direct)
LAZY = $(realpath ./lazy)
clean:
@rm -rf ./direct ./lazy
source:
@mkdir -p direct lazy
build: source
@echo DIRECT is $(DIRECT)
@echo LAZY is $(LAZY)
Running the below, will show that only "LAZY" shows the
correct path:
make clean && make build
DIRECT is
LAZY is /Users/sebastiaan/Projects/test/lazy
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.12.8 (released 2019/08/13) includes security fixes to the net/http and net/url packages.
See the Go 1.12.8 milestone on our issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.12.8
- net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
net/http and golang.org/x/net/http2 servers that accept direct connections from untrusted
clients could be remotely made to allocate an unlimited amount of memory, until the program
crashes. Servers will now close connections if the send queue accumulates too many control
messages.
The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606.
Thanks to Jonathan Looney from Netflix for discovering and reporting these issues.
This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of golang.org/x/net/http2.
net/url: parsing validation issue
- url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary
suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses
in certain applications. Note that URLs with invalid, not numeric ports will now return an error
from url.Parse.
The issue is CVE-2019-14809 and Go issue golang.org/issue/29098.
Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me) for discovering
and reporting this issue.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Instead of dynamically getting list of distros to build for,
rely on the corresponding targets in sub-Makefiles. This also
ensures that deb/Makefile and rpm/Makefile will have up-to-date
list of distros included.
This also fixes the following bug:
> $ make deb
> for p in raspbian-stretch ubuntu-bionic ubuntu-disco ubuntu-xenial debbuild/ubuntu-disco ubuntu-cosmic debian-buster debian-stretch; do \
> ...
As you can see, `debbuild/ubuntu-disco` should not be included but it
is. Could be prevented by using `-maxdepth 1` argument to `find`.
While at it, amend the sub-Makefiles to print out the distro
that we build for.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
go1.11.3 (released 2018/12/14)
- crypto/x509: CPU denial of service in chain validation golang/go#29233
- cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
- cmd/go: remote command execution during "go get -u" golang/go#29230
See the Go 1.11.3 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Includes fixes to the go command, linker, and the net/http, mime/multipart,
ld/macho, bytes, and strings packages. See the Go 1.10.4 milestone on the
issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.10.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds a build date using the same pattern as upstream
https://github.com/moby/moby/blob/master/hack/make.sh#L69
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
(cherry picked from commit c443439189)
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
This encodes the platform as "Docker Engine - Community"
for community engines
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
(cherry picked from commit 4d9fd7d17f)
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
go1.10.3 (released 2018/06/05) includes fixes to the go command, and the
crypto/tls, crypto/x509, and strings packages. In particular, it adds minimal
support to the go command for the vgo transition. See the Go 1.10.3 milestone
on our issue tracker for details;
https://github.com/golang/go/issues?q=milestone%3AGo1.10.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use a variable in the Makefile to set the GO_VERSION for the builds.
GO_VERSION is defaulted in all Makefiles as `1.10.2`, but can be set when running make: `make GO_VERSION=1.10.1 deb`.
Signed-off-by: corbin-coleman <corbin.coleman@docker.com>
The hardcoded values make it so that we have to update this everytime we
add/subtract something which is sometimes followed/not followed.
This makes it so that we no longer have to update this.
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Zesty is EOL and doesn't even have a subdirectory in the `deb` directory of this repo. There's no need to have it as a default.
Signed-off-by: Corbin <corbin.coleman@docker.com>
Was getting annoying to have to write it into one spot so moved them to
above the targets that they specify.
Signed-off-by: Eli Uriegas <seemethere101@gmail.com>
When building we should default to a dummy version unless otherwise
specified so we don't get ourselves confused over what is official and
what is not.
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Sebastiaan van Stijn
CrazyMax
Tibor Vass
Kir Kolyshkin
Andrew Hsu
Eli Uriegas
docker-unir[bot]
Daniel Hiltgen
Jose Bigio
corbin-coleman
Eli Uriegas
Stefan Scherer