Label support #1862
Label support #1862
Conversation
This means Go code can use the same base image, which now includes Go tooling. Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
justincormack
force-pushed
the
label-support
branch
from
f8f316d
to
4f6eddd
Compare
|
From a Slack convo:
|
justincormack
force-pushed
the
label-support
branch
from
cc86dd3
to
0530481
Compare
|
cc @dave-tucker I changed the default command for |
test/hack/test-ltp.yml
Outdated
| capabilities: | ||
| - CAP_SYS_BOOT | ||
| readonly: true | ||
| image: "linuxkit/poweroff:5673236900c6beae35bbceec90ded4b9add3f5ae" |
There was a problem hiding this comment.
Could you presvere the old behaviour by adding a 30 second delay here?
There was a problem hiding this comment.
hmm, but actually I didnt change the default, I should change back the other ones that were 3
There was a problem hiding this comment.
oh yes I did but I shouldnt have, going to revert. It makes little sense having command in yaml as it is already in image
justincormack
force-pushed
the
label-support
branch
from
0530481
to
13f309a
Compare
|
@dave-tucker they should be unchanged now |
| CMD ["/usr/bin/sysctl"] | ||
| LABEL org.mobyproject.config='{"net": "host","pid": "host", "ipc": "host", "readonly": true, "capabilities": ["CAP_SYS_ADMIN"]}' |
There was a problem hiding this comment.
would it be possible to make this multi-line for better readability?
There was a problem hiding this comment.
The advantage of this format is it is the only way to write something you can cut and paste as JSON, as it needs backslashes if it has line break. Hence the single quotes so the double ones don't need to be escaped.
There was a problem hiding this comment.
OK, makes sense. escaping quotes makes this error prone and less readable
test/cases/040_packages/group.sh
Outdated
| @@ -0,0 +1,37 @@ | |||
| #!/bin/sh | |||
| # SUMMARY: LinuxKit security tests | |||
|
|
||
| default: push | ||
|
|
||
| hash: Dockerfile check.sh |
There was a problem hiding this comment.
Is there a reason this package makefile is old-style rather than the new more compact form with git tree hash etc
There was a problem hiding this comment.
all the test ones need redoing, was easier to leave this old style for now
There was a problem hiding this comment.
Ok, agree best to re-do all the test ones new style in one PR
Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
And remove all the config options as they are now in the label. Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
justincormack
force-pushed
the
label-support
branch
from
13f309a
to
56121a7
Compare
|
are you planning to convert the other packages using |
|
@rneugeba yes, but didnt want to do anything else in the same PR its got enough in... |
Add support for using labels to specify the image configuration yaml, as done in moby/tool#39 - use
org.mobyproject.configas the label with a JSON version of the yaml image config.First example I have done
sysctl, which I also converted to modern style build, and added a test to make sure it was still working correctly. I also added thetest-sysctlone andpoweroffto clean up the tests.Once we do this elsewhere this will make the config files much simpler for the
linuxkitimages; external images will not have the correct labels.