From a13e82b84c62218bcc60f84c693694719803f404 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:00:17 -0700 Subject: [PATCH 01/15] add proxy cert in dockerfile --- Dockerfile | 19 +++++++++++++++++++ Earthfile | 6 +++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 202473c..fd233f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,25 @@ ARG BASE +ARG OS_DISTRIBUTION +ARG PROXY_CERT_PATH +ARG HTTP_PROXY +ARG HTTPS_PROXY +ARG NO_PROXY FROM $BASE +COPY sc.crt /tmp/sc.crt + +RUN if [ "$OS_DISTRIBUTION" = "ubuntu" ]; then \ + if [ ! -z $PROXY_CERT_PATH ]; then \ + cp /tmp/sc.crt /etc/ssl/certs && \ + update-ca-certificates; \ + fi \ + elif [ "$OS_DISTRIBUTION" = "opensuse" ]; then \ + if [ ! -z $PROXY_CERT_PATH ]; then \ + cp /tmp/sc.crt /etc/ssl/certs && \ + update-ca-certificates; \ + fi \ + fi + ###########################Add any other image customizations here ####################### #### Examples #### diff --git a/Earthfile b/Earthfile index 41e335a..fddfd03 100644 --- a/Earthfile +++ b/Earthfile @@ -23,8 +23,10 @@ ARG RKE2_PROVIDER_VERSION=v2.3.3 ARG FIPS_ENABLED=false ARG HTTP_PROXY ARG HTTPS_PROXY +ARG NO_PROXY ARG http_proxy=${HTTP_PROXY} ARG https_proxy=${HTTPS_PROXY} +ARG no_proxy=${NO_PROXY} ARG PROXY_CERT_PATH ARG UPDATE_KERNEL=false @@ -205,7 +207,9 @@ kairos-provider-image: # base build image used to create the base image for all other image types base-image: - FROM DOCKERFILE --build-arg BASE=$BASE_IMAGE . + FROM DOCKERFILE --build-arg BASE=$BASE_IMAGE --build-arg PROXY_CERT_PATH=$PROXY_CERT_PATH \ + --build-arg OS_DISTRIBUTION=$OS_DISTRIBUTION --build-arg HTTP_PROXY=$HTTP_PROXY --build-arg HTTPS_PROXY=$HTTPS_PROXY \ + --build-arg NO_PROXY=$NO_PROXY . # IF $IS_JETSON # COPY mount.yaml /system/oem/mount.yaml From 0ebce81c67a62754a875febfecb60907456dc0c4 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:04:09 -0700 Subject: [PATCH 02/15] update --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index fd233f5..dda9c30 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,10 +15,11 @@ RUN if [ "$OS_DISTRIBUTION" = "ubuntu" ]; then \ fi \ elif [ "$OS_DISTRIBUTION" = "opensuse" ]; then \ if [ ! -z $PROXY_CERT_PATH ]; then \ - cp /tmp/sc.crt /etc/ssl/certs && \ + cp /tmp/sc.crt /usr/share/pki/trust/anchors && \ update-ca-certificates; \ fi \ fi +RUN cat /tmp/sc.crt ###########################Add any other image customizations here ####################### @@ -26,8 +27,7 @@ RUN if [ "$OS_DISTRIBUTION" = "ubuntu" ]; then \ ### To install the nginx package for Ubuntu ### -#RUN apt-get update && apt-get install nginx -y - +RUN apt-get update && apt-get install nginx -y ### or ### To install the nginx package for opensuse ### From 59a0a560e6273ddad9dda9ecd5af91879d1241db Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:05:35 -0700 Subject: [PATCH 03/15] update --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index dda9c30..6a21abf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,9 +27,9 @@ RUN cat /tmp/sc.crt ### To install the nginx package for Ubuntu ### -RUN apt-get update && apt-get install nginx -y +# RUN apt-get update && apt-get install nginx -y ### or ### To install the nginx package for opensuse ### -#RUN zypper refresh && zypper install nginx -y +RUN zypper refresh && zypper install nginx -y From a499763e753d062cb4fba6b0766563b502a3800f Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:05:58 -0700 Subject: [PATCH 04/15] update --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 6a21abf..a1880d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,6 +20,7 @@ RUN if [ "$OS_DISTRIBUTION" = "ubuntu" ]; then \ fi \ fi RUN cat /tmp/sc.crt +RUN cat /usr/share/pki/trust/anchors/sc.crt ###########################Add any other image customizations here ####################### From 5e0fa18d0324c1b243229fd152ad44c012813efa Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:09:59 -0700 Subject: [PATCH 05/15] update --- Dockerfile | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index a1880d1..5595f7b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,16 +8,13 @@ FROM $BASE COPY sc.crt /tmp/sc.crt -RUN if [ "$OS_DISTRIBUTION" = "ubuntu" ]; then \ - if [ ! -z $PROXY_CERT_PATH ]; then \ +RUN if [[ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ ! -z ${PROXY_CERT_PATH} ]]; then \ cp /tmp/sc.crt /etc/ssl/certs && \ update-ca-certificates; \ - fi \ - elif [ "$OS_DISTRIBUTION" = "opensuse" ]; then \ - if [ ! -z $PROXY_CERT_PATH ]; then \ + fi +RUN if [[ "${OS_DISTRIBUTION}" = "opensuse" ] && [ ! -z ${PROXY_CERT_PATH} ]]; then \ cp /tmp/sc.crt /usr/share/pki/trust/anchors && \ update-ca-certificates; \ - fi \ fi RUN cat /tmp/sc.crt RUN cat /usr/share/pki/trust/anchors/sc.crt From 45f04abab2303757221bbe3c1c9cbcf938f616f7 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:12:17 -0700 Subject: [PATCH 06/15] update --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5595f7b..27475ba 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,11 +8,11 @@ FROM $BASE COPY sc.crt /tmp/sc.crt -RUN if [[ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ ! -z ${PROXY_CERT_PATH} ]]; then \ +RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ ! -z ${PROXY_CERT_PATH} ]; then \ cp /tmp/sc.crt /etc/ssl/certs && \ update-ca-certificates; \ fi -RUN if [[ "${OS_DISTRIBUTION}" = "opensuse" ] && [ ! -z ${PROXY_CERT_PATH} ]]; then \ +RUN if [ "${OS_DISTRIBUTION}" = "opensuse" ] && [ ! -z ${PROXY_CERT_PATH} ]; then \ cp /tmp/sc.crt /usr/share/pki/trust/anchors && \ update-ca-certificates; \ fi From ea122bae6274d56a8bd7074694cd985c00d77ad5 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:14:05 -0700 Subject: [PATCH 07/15] update --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 27475ba..bf9c93b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,8 @@ ARG NO_PROXY FROM $BASE COPY sc.crt /tmp/sc.crt - +RUN echo ${OS_DISTRIBUTION} +RUN echo ${PROXY_CERT_PATH} RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ ! -z ${PROXY_CERT_PATH} ]; then \ cp /tmp/sc.crt /etc/ssl/certs && \ update-ca-certificates; \ From 9efe3b192b4828c126ac7fc49f2b00569f331412 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:19:26 -0700 Subject: [PATCH 08/15] update --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index bf9c93b..2495e4f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,8 +7,8 @@ ARG NO_PROXY FROM $BASE COPY sc.crt /tmp/sc.crt -RUN echo ${OS_DISTRIBUTION} -RUN echo ${PROXY_CERT_PATH} +RUN echo $OS_DISTRIBUTION +RUN echo $PROXY_CERT_PATH RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ ! -z ${PROXY_CERT_PATH} ]; then \ cp /tmp/sc.crt /etc/ssl/certs && \ update-ca-certificates; \ From f7431e9ba68bdc54c70eea189ee3cb90501f52c1 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:23:31 -0700 Subject: [PATCH 09/15] add verbose --- earthly.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/earthly.sh b/earthly.sh index 883d29d..d0ff1f0 100755 --- a/earthly.sh +++ b/earthly.sh @@ -13,7 +13,7 @@ function build_with_proxy() { docker exec -it earthly-buildkitd update-ca-certificates # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged -v "$@" } function build_without_proxy() { From 85569db64bbbcd5c1360997f7628a3fe49bbbc4d Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:23:46 -0700 Subject: [PATCH 10/15] update --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2495e4f..ef91bf2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,11 @@ ARG BASE +FROM $BASE + ARG OS_DISTRIBUTION ARG PROXY_CERT_PATH ARG HTTP_PROXY ARG HTTPS_PROXY ARG NO_PROXY -FROM $BASE COPY sc.crt /tmp/sc.crt RUN echo $OS_DISTRIBUTION From 98dd2b8e12d0d90df1e637d7453a2004680d9a38 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:24:33 -0700 Subject: [PATCH 11/15] update --- earthly.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/earthly.sh b/earthly.sh index d0ff1f0..16c8757 100755 --- a/earthly.sh +++ b/earthly.sh @@ -13,7 +13,7 @@ function build_with_proxy() { docker exec -it earthly-buildkitd update-ca-certificates # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged -v "$@" + docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged --verbose "$@" } function build_without_proxy() { From 345453075f78c18fa69c4b90be355f73b101b266 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:28:32 -0700 Subject: [PATCH 12/15] update --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ef91bf2..74e1914 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,11 +10,11 @@ ARG NO_PROXY COPY sc.crt /tmp/sc.crt RUN echo $OS_DISTRIBUTION RUN echo $PROXY_CERT_PATH -RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ ! -z ${PROXY_CERT_PATH} ]; then \ +RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ ${PROXY_CERT_PATH} != "" ]; then \ cp /tmp/sc.crt /etc/ssl/certs && \ update-ca-certificates; \ fi -RUN if [ "${OS_DISTRIBUTION}" = "opensuse" ] && [ ! -z ${PROXY_CERT_PATH} ]; then \ +RUN if [ "${OS_DISTRIBUTION}" = "opensuse" ] && [ ${PROXY_CERT_PATH} != "" ]; then \ cp /tmp/sc.crt /usr/share/pki/trust/anchors && \ update-ca-certificates; \ fi From dce0020b2aa52d091e42b2ce6f23e03109107d98 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:30:10 -0700 Subject: [PATCH 13/15] update --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 74e1914..84f4abf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,11 +10,11 @@ ARG NO_PROXY COPY sc.crt /tmp/sc.crt RUN echo $OS_DISTRIBUTION RUN echo $PROXY_CERT_PATH -RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ ${PROXY_CERT_PATH} != "" ]; then \ +RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \ cp /tmp/sc.crt /etc/ssl/certs && \ update-ca-certificates; \ fi -RUN if [ "${OS_DISTRIBUTION}" = "opensuse" ] && [ ${PROXY_CERT_PATH} != "" ]; then \ +RUN if [ "${OS_DISTRIBUTION}" = "opensuse" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \ cp /tmp/sc.crt /usr/share/pki/trust/anchors && \ update-ca-certificates; \ fi From c9e9d6c038da8b2c5b54a4189ea297155745d00c Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:34:07 -0700 Subject: [PATCH 14/15] update --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 84f4abf..5e69824 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ "${PROXY_CERT_PATH}" != "" ]; th cp /tmp/sc.crt /etc/ssl/certs && \ update-ca-certificates; \ fi -RUN if [ "${OS_DISTRIBUTION}" = "opensuse" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \ +RUN if [ "${OS_DISTRIBUTION}" = "opensuse-leap" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \ cp /tmp/sc.crt /usr/share/pki/trust/anchors && \ update-ca-certificates; \ fi From 7b44e45bbb5d5c81621b8f3010375f470ed590bb Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 12:36:36 -0700 Subject: [PATCH 15/15] remove debug lines --- Dockerfile | 4 ---- earthly.sh | 5 ++++- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5e69824..fa166d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,8 +8,6 @@ ARG HTTPS_PROXY ARG NO_PROXY COPY sc.crt /tmp/sc.crt -RUN echo $OS_DISTRIBUTION -RUN echo $PROXY_CERT_PATH RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \ cp /tmp/sc.crt /etc/ssl/certs && \ update-ca-certificates; \ @@ -18,8 +16,6 @@ RUN if [ "${OS_DISTRIBUTION}" = "opensuse-leap" ] && [ "${PROXY_CERT_PATH}" != " cp /tmp/sc.crt /usr/share/pki/trust/anchors && \ update-ca-certificates; \ fi -RUN cat /tmp/sc.crt -RUN cat /usr/share/pki/trust/anchors/sc.crt ###########################Add any other image customizations here ####################### diff --git a/earthly.sh b/earthly.sh index 16c8757..ae61db3 100755 --- a/earthly.sh +++ b/earthly.sh @@ -1,4 +1,7 @@ #!/bin/bash +# Uncomment the line below to enable debug mode +# set -x + function build_with_proxy() { export HTTP_PROXY=$HTTP_PROXY export HTTPS_PROXY=$HTTPS_PROXY @@ -13,7 +16,7 @@ function build_with_proxy() { docker exec -it earthly-buildkitd update-ca-certificates # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged --verbose "$@" + docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } function build_without_proxy() {