-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Label support #1862
Label support #1862
Conversation
This means Go code can use the same base image, which now includes Go tooling. Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
f8f316d
to
4f6eddd
Compare
From a Slack convo:
|
cc86dd3
to
0530481
Compare
cc @dave-tucker I changed the default command for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One nit otherwise LGTM
test/hack/test-ltp.yml
Outdated
capabilities: | ||
- CAP_SYS_BOOT | ||
readonly: true | ||
image: "linuxkit/poweroff:5673236900c6beae35bbceec90ded4b9add3f5ae" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you presvere the old behaviour by adding a 30 second delay here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm, but actually I didnt change the default, I should change back the other ones that were 3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh yes I did but I shouldnt have, going to revert. It makes little sense having command
in yaml as it is already in image
0530481
to
13f309a
Compare
@dave-tucker they should be unchanged now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few comments, but great to see config in labels and go-compile being phased out
CMD ["/usr/bin/sysctl"] | ||
LABEL org.mobyproject.config='{"net": "host","pid": "host", "ipc": "host", "readonly": true, "capabilities": ["CAP_SYS_ADMIN"]}' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would it be possible to make this multi-line for better readability?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The advantage of this format is it is the only way to write something you can cut and paste as JSON, as it needs backslashes if it has line break. Hence the single quotes so the double ones don't need to be escaped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, makes sense. escaping quotes makes this error prone and less readable
test/cases/040_packages/group.sh
Outdated
@@ -0,0 +1,37 @@ | |||
#!/bin/sh | |||
# SUMMARY: LinuxKit security tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not security tests
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixing
|
||
default: push | ||
|
||
hash: Dockerfile check.sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason this package makefile is old-style rather than the new more compact form with git tree hash etc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all the test ones need redoing, was easier to leave this old style for now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, agree best to re-do all the test ones new style in one PR
Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
And remove all the config options as they are now in the label. Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
Signed-off-by: Justin Cormack <[email protected]>
13f309a
to
56121a7
Compare
are you planning to convert the other packages using |
@rneugeba yes, but didnt want to do anything else in the same PR its got enough in... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! 🎸
Add support for using labels to specify the image configuration yaml, as done in moby/tool#39 - use
org.mobyproject.config
as the label with a JSON version of the yaml image config.First example I have done
sysctl
, which I also converted to modern style build, and added a test to make sure it was still working correctly. I also added thetest-sysctl
one andpoweroff
to clean up the tests.Once we do this elsewhere this will make the config files much simpler for the
linuxkit
images; external images will not have the correct labels.