Starting with this commit, integration tests should no longer rely on
the docker cli, they should be API tests instead. For the existing tests
the scripts will use a frozen version of the docker cli with a
DOCKER_API_VERSION frozen to 1.30, which should ensure that the CI remains
green at all times.
To help contributors develop and test manually with a modified docker
cli, this commit also adds a DOCKER_CLI_PATH environment variable to the
Makefile. This allows to set the path of a custom cli that will be
available inside the development container and used to run the
integration tests.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
This updates the versions of the frozen images used to their current
version. The original reason for updating these images was to make sure
they are not affected by [CVE-2016-1252 / DSA-3733-1](https://lwn.net/Articles/709119/),
which is fixed in apt 1.0.9.8.4 and up.
Note that `CVE-2016-1252` won't affect our test-suite, because no packages
are installed during out tests. It is just "good practice" to keep these
images up to date.
The `debian:jessie`, and `buildpack-deps:jessie` in `Dockerfile.s390x`,
and `Dockerfile.armhf` have not been updated in this patch, because
those images have not yet been updated to contain apt 1.0.9.8.4.
While working on this, the `busybox` and `hello-world` were also updated
to their latest version.
Also removes a reference to `hack/make/.ensure-frozen-images`, which
was removed in ff91276d1f.
The new busybox image has one layer less than the original,
so updated `TestBuildSquashParent` to take that into account.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Notary switched to vendor a while ago, so make that change here. Change
is consistent with all other dockerfiles.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
This drops support for migrations from pre-1.10 Docker versions, which
should be done via an external tool or an intermediate upgrade.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
go 1.7.4 introduced official go ppc64le binaries, so use those
instead of using older versions of go and building from src.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Allows replacing of the default httpredir.debian.org in /etc/apt/sources.list
with a user-specified mirror. This will (hopefully) fix CI apt issues.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
There is no reason to duplicate efforts and tini is well built and
better than grimes. It is a much stronger option for the default init
and @krallin has done a great job maintaining it and helping make
changes so that it will work with Docker.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
this switches all go download links to use a redirect,
https://golang.org/dl/ instead of the direct source.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
This means we can vendor libnetwork without special casing, and
it is built the same way as the other external binaries.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Now that gccgo isn't supported, change the ppc64le dockerfile base image
from a debian:jessie based + gccgo image to a debian:jessie + golang image.
Also includes a go path change to be more consistent across Dockerfiles.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
When #24648 was merged, only the main Dockerfile was updated with the
new containerd commit, this commit brings the other Dockerfile up to
speed.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
following the announcement;
https://groups.google.com/forum/m/#!topic/golang-announce/7JTsd70ZAT0
> [security] Go 1.6.3 and Go 1.7rc2 pre-announcement
>
> Hello gophers,
> We plan to issue Go 1.6.3 and Go 1.7rc2 on Monday July 18 at approximately 2am UTC.
> These are minor release to fix a security issue.
>
> Following our policy at https://golang.org/security, this is the pre-announcement of those releases.
>
> Because we are so late in the release cycle for Go 1.7, we will not issue a minor release of Go 1.5.
> Additionally, we plan to issue Go 1.7rc3 later next week, which will include any changes between 1.7rc1 and tip.
>
> Cheers,
> Chris on behalf of the Go team
**Note:**
the man/Dockerfile is not yet updated, because
the official image for Go 1.6.2 has not yet
been updated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This version introduces the following:
- uses nanosecond timestamps for event
- ensure events are sent once their effect is "live"
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>