-
Notifications
You must be signed in to change notification settings - Fork 290
/
Copy pathdocker.yaml
152 lines (137 loc) · 5.01 KB
/
docker.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
package:
name: docker
version: 25.0.3
epoch: 0
description: A meta package for Docker Engine and Docker CLI
copyright:
- license: Apache-2.0
dependencies:
runtime:
- docker-cli
- dockerd
checks:
disabled:
# docker is a meta package pulling in several subpackages at runtime
- empty
environment:
contents:
packages:
- bash
- btrfs-progs-dev
- build-base
- busybox
- ca-certificates-bundle
- containerd
- coreutils
- go
- libseccomp-dev
- libtool
- linux-headers
- lvm2-dev
pipeline:
- uses: git-checkout
with:
repository: https://github.com/moby/moby
tag: v${{package.version}}
expected-commit: f417435e5f6216828dec57958c490c4f8bae4f98
- runs: |
# moby/moby uses a non-standard `vendor.mod` and helper scripts instead
# of the standard `go.mod`. the only way to modify dependencies is to
# manually change them in the provided `vendor.mod`. To ensure we don't
# pin to older dependencies when this package auto updates, we use sed with
# the specific replacement version.
# CVE-2023-47108 GHSA-8pgv-569h-w5rw CVE-2023-45142 GHSA-rcjv-mgp8-qvmr
sed -i 's|go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0|go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0|' vendor.mod
sed -i 's|go.opentelemetry.io/otel v1.19.0|go.opentelemetry.io/otel v1.21.0|' vendor.mod
sed -i 's|go.opentelemetry.io/otel/sdk v1.19.0|go.opentelemetry.io/otel/sdk v1.21.0|' vendor.mod
sed -i 's|go.opentelemetry.io/otel/trace v1.19.0|go.opentelemetry.io/otel/trace v1.21.0|' vendor.mod
sed -i 's|go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0|go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0|' vendor.mod
./hack/vendor.sh
# Replicate the environment setup performed by docker
export DOCKER_BUILDTAGS="seccomp"
./hack/make.sh dynbinary
# Independently managed from moby/moby, but contains many utility scripts needed for the official docker images.
# TODO: Figure out a way to autobump this as required
# https://github.com/docker-library/docker/tree/master
- working-directory: /home/docker-library
pipeline:
- uses: fetch
with:
uri: https://github.com/docker-library/docker/archive/273a2df601253b25e8e98dda8f6675346d7338b8.zip
expected-sha256: 6ce21996f0b98a850d01de6f8f9f79e54c8a72a83fabfde6e228d2c43e2567d6
extract: false
- runs: |
unzip -q 273a2df601253b25e8e98dda8f6675346d7338b8.zip
mv */** .
# Docker is vehemenetly against stripping the resulting binary
# Ref: https://github.com/moby/moby/blob/d8a51d2887cbc465ab8d76ed98f7a86996ab3c22/project/PACKAGERS.md#stripping-binaries
# - uses: strip
- runs: |
# this exists to appease yam
subpackages:
- name: dockerd
description: "Docker Engine (dockerd)"
dependencies:
runtime:
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
- btrfs-progs
- e2fsprogs
- e2fsprogs-extra
- ip6tables
- iptables
- openssl
- xfsprogs
- xz
- pigz
- zfs
- containerd
- ctr
- tini-static
pipeline:
- runs: |
install -Dm755 bundles/dynbinary-daemon/docker-proxy ${{targets.destdir}}/usr/bin/docker-proxy
install -Dm755 bundles/dynbinary-daemon/dockerd ${{targets.destdir}}/usr/bin/dockerd
ln -sf /sbin/tini-static ${{targets.destdir}}/usr/bin/docker-init
- name: docker-oci-entrypoint
description: "docker OCI entrypoint"
dependencies:
runtime:
- docker
pipeline:
- runs: |
install -Dm755 /home/docker-library/docker-entrypoint.sh "${{targets.subpkgdir}}"/usr/bin/docker-entrypoint.sh
- name: dockerd-oci-entrypoint
description: "dockerd OCI entrypoint"
dependencies:
runtime:
- docker
# Used as a fallback in the dockerd-entrypoint.sh script
- docker-oci-entrypoint
# Used as a fallback in the dockerd-entrypoint.sh script
- docker-dind
pipeline:
- runs: |
install -Dm755 /home/docker-library/dockerd-entrypoint.sh "${{targets.subpkgdir}}"/usr/bin/dockerd-entrypoint.sh
# Ref: https://github.com/docker-library/docker/blob/master/Dockerfile-dind.template
- name: docker-dind
description: "Docker in Docker"
dependencies:
runtime:
- docker
pipeline:
- runs: |
install -Dm755 /home/build/hack/dind "${{targets.subpkgdir}}"/usr/bin/dind
# I can't believe this is a real thing
- name: docker-modprobe-compat
dependencies:
runtime:
- docker
pipeline:
- runs: |
install -Dm755 /home/docker-library/modprobe.sh "${{targets.subpkgdir}}"/usr/bin/modprobe
update:
enabled: true
github:
identifier: moby/moby
strip-prefix: v
tag-filter: v