forked from docker/packaging
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathverify.Dockerfile
More file actions
131 lines (121 loc) · 3.55 KB
/
verify.Dockerfile
File metadata and controls
131 lines (121 loc) · 3.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# syntax=docker/dockerfile:1
# Copyright 2022 Docker Packaging authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ARG XX_VERSION="1.9.0"
ARG DISTRO_TYPE="deb"
ARG DISTRO_IMAGE="debian:bookworm"
# cross compilation helper
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
FROM scratch AS bin
FROM scratch AS scripts
FROM ${DISTRO_IMAGE} AS base
FROM base AS verify-deb
RUN apt-get update && apt-get install -y libnftables1
COPY --from=xx / /
ARG DISTRO_RELEASE
ARG DISTRO_ID
ARG DISTRO_SUITE
ARG TARGETPLATFORM
RUN --mount=from=bin,target=/build <<EOT
set -e
targetplatform=$(xx-info os)_$(xx-info arch)
if [ -n "$(xx-info variant)" ]; then
targetplatform="${targetplatform}_$(xx-info variant)"
fi
dir=/build/${targetplatform}/${DISTRO_RELEASE}/${DISTRO_SUITE}/$(xx-info arch)
if [ ! -d "$dir" ]; then
echo >&2 "warning: no packages found in $dir"
exit 0
fi
for package in $(find $dir -type f -name 'docker-ce_[0-9]*.deb'); do
(
set -e
mkdir -p /tmp/$package
set -x
dpkg-deb --info $package
dpkg-deb -e $package /tmp/$package
grep -E 'docker\.service|docker\.socket' /tmp/$package/md5sums
grep -E 'deb-systemd-helper|installsystemd|systemctl' /tmp/$package/postinst
dpkg -i --ignore-depends=containerd.io,docker-ce-cli,iptables,nftables --force-depends $package
)
done
set -x
dockerd --version
EOT
FROM base AS verify-rpm
COPY --from=xx / /
ARG DISTRO_NAME
ARG DISTRO_RELEASE
ARG DISTRO_ID
ARG DISTRO_SUITE
RUN --mount=type=bind,from=scripts,source=verify-rpm-init.sh,target=/usr/local/bin/verify-rpm-init \
verify-rpm-init $DISTRO_NAME
ARG TARGETPLATFORM
RUN --mount=from=bin,target=/build <<EOT
set -e
targetplatform=$(xx-info os)_$(xx-info arch)
if [ -n "$(xx-info variant)" ]; then
targetplatform="${targetplatform}_$(xx-info variant)"
fi
dir=/build/${targetplatform}/${DISTRO_RELEASE}/${DISTRO_SUITE}/$(xx-info arch)
if [ ! -d "$dir" ]; then
echo >&2 "warning: no packages found in $dir"
exit 0
fi
for package in $(find $dir -type f -name 'docker-ce-[0-9]*.rpm'); do
(
set -x
rpm -qilp $package
rpm --install --nodeps $package
)
done
case "$DISTRO_NAME" in
rhel*)
;;
*)
# dockerd requires libnftables.so.1
dnf install -y nftables
;;
esac
set -x
dockerd --version
EOT
FROM base AS verify-static
RUN apt-get update && apt-get install -y --no-install-recommends tar
COPY --from=xx / /
ARG DISTRO_RELEASE
ARG DISTRO_ID
ARG DISTRO_SUITE
ARG TARGETPLATFORM
RUN --mount=from=bin,target=/build <<EOT
set -e
targetplatform=$(xx-info os)_$(xx-info arch)
if [ -n "$(xx-info variant)" ]; then
targetplatform="${targetplatform}_$(xx-info variant)"
fi
dir=/build/${targetplatform}/static/$(xx-info os)/$(xx-info arch)
if [ ! -d "$dir" ]; then
echo >&2 "warning: no packages found in $dir"
exit 0
fi
for package in $(find $dir -type f -name '*.tgz'); do
(
set -x
tar zxvf $package -C /usr/bin --strip-components=1
)
done
set -x
dockerd --version
EOT
FROM verify-${DISTRO_TYPE}