Skip to content

Dockerfile: update syntax, switch to bullseye, add missing libseccomp-dev, remove build pack#42763

Merged
AkihiroSuda merged 6 commits intomoby:masterfrom
thaJeztah:go_🎯
Aug 22, 2021

Hidden character warning

The head ref may contain hidden characters: "go_\ud83c\udfaf"
Merged

Dockerfile: update syntax, switch to bullseye, add missing libseccomp-dev, remove build pack#42763
AkihiroSuda merged 6 commits intomoby:masterfrom
thaJeztah:go_🎯

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Aug 19, 2021
edited
Loading

So, this started with the intention to "just" update buster to bullseye, but finding various issues that needed fixing, or could be improved.

Dockerfile: update to docker/dockerfile:1.3, and remove temporary fix.

I saw we were using an older syntax, and the issue I reported (moby/buildkit#2114) was fixed in dockerfile:1.3 front-end, so upgrading allowed me to remove the temporary fix.

Dockerfile: remove aufs-tools, as it's not available on bullseye

Well, title says all. No more aufs?

Dockerfile: update to debian bullseye

Well, that's what I came here for 😂

Dockerfile: add back libseccomp-dev to cross-compile runc

Commit 7168d98 removed these, but I think we overlooked that the same stage is used to build runc as well, so we likely need these. (but happy to remove if we really don't need them!)

Dockerfile: frozen images: update to bullseye, remove buildpack-dep

Update the frozen images to also be based on Debian bullseye. Using the "slim" variant (which looks to have all we're currently using), and remove the buildpack-dep frozen image.

The buildpack-dep image is quite large, and it looks like we only use it to compile some C binaries, which should work fine on a regular debian image;

docker build -t debian:bullseye-slim-gcc -<<EOF
FROM debian:bullseye-slim
RUN apt-get update && apt-get install -y gcc libc6-dev --no-install-recommends
EOF

docker image ls

REPOSITORY        TAG                 IMAGE ID       CREATED          SIZE
debian            bullseye-slim-gcc   1851750242af   About a minute ago   255MB
buildpack-deps    bullseye            fe8fece98de2   2 days ago           834MB

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah thaJeztah added this to the 21.xx milestone Aug 19, 2021
thaJeztah
thaJeztah commented Aug 19, 2021
View reviewed changes
integration/build/build_userns_linux_test.go Outdated
Comment on lines 56 to 57
Copy link
Member Author

@thaJeztah thaJeztah Aug 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like setcap was removed from bullseye at some point;

docker run --rm debian:bullseye@sha256:7190e972ab16aefea4d758ebe42a293f4e5c5be63595f4d03a5b9bf6839a4344  sh -c 'setcap CAP_NET_BIND_SERVICE=+eip /bin/sleep'

docker run --rm debian:bullseye  sh -c 'setcap CAP_NET_BIND_SERVICE=+eip /bin/sleep'
sh: 1: setcap: not found

@thaJeztah thaJeztah force-pushed the go_ branch 2 times, most recently from 90f8d0c to 61e0ad9 Compare August 19, 2021 22:43
@thaJeztah
Copy link
Member Author

thaJeztah commented Aug 19, 2021

Arf.. output format changed of getcap;

archive_unix_test.go:288: assertion failed: string "/tmp/docker-test-untar-origin629714680/2 cap_block_suspend=ep\n" does not contain "= cap_block_suspend+ep": untar should have kept the 'security.capability' xattr

@thaJeztah
Copy link
Member Author

thaJeztah commented Aug 19, 2021

Ahm... needs some more tests to be updated;

=== RUN   TestDaemonDefaultNetworkPools
    service_test.go:23: assertion failed:
        Command:  ip link delete docker0
        ExitCode: 127
        Error:    exec: "ip": executable file not found in $PATH
        Stdout:
        Stderr:

        Failures:
        ExitCode was 127 expected 0
        Expected no error

=== RUN   TestDaemonRestartWithExistingNetwork
    service_test.go:23: assertion failed: 
        Command:  ip link delete docker0
        ExitCode: 127
        Error:    exec: "ip": executable file not found in $PATH
        Stdout:   
        Stderr:   
        
        Failures:
        ExitCode was 127 expected 0
        Expected no error

@thaJeztah
Copy link
Member Author

thaJeztah commented Aug 20, 2021

Getting close now; only one related failure;

=== RUN   TestDockerSuite/TestAPIStatsNetworkStats
    docker_api_stats_test.go:145: assertion failed: error is not nil: exec: "ping": executable file not found in $PATH
    --- FAIL: TestDockerSuite/TestAPIStatsNetworkStats (1.75s)

@thaJeztah
Dockerfile: update to docker/dockerfile:1.3, and remove temporary fix
882fd19 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Dockerfile: remove aufs-tools, as it's not available on bullseye
3ab8dec 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
integration/libnetwork: make delInterface() a t.Helper()
7e67bc0 
Otherwise errors within this function will all show to be at the line
number of the utility, instead of where it failed in the test:

    === RUN   TestDaemonDefaultNetworkPools
        service_test.go:23: assertion failed:
            Command:  ip link delete docker0
            ExitCode: 127
            Error:    exec: "ip": executable file not found in $PATH
            Stdout:
            Stderr:

            Failures:
            ExitCode was 127 expected 0
            Expected no error

    === RUN   TestDaemonRestartWithExistingNetwork
        service_test.go:23: assertion failed:
            Command:  ip link delete docker0
            ExitCode: 127
            Error:    exec: "ip": executable file not found in $PATH
            Stdout:
            Stderr:

            Failures:
            ExitCode was 127 expected 0
            Expected no error

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
tianon
tianon reviewed Aug 20, 2021
View reviewed changes
Dockerfile Outdated
Copy link
Member

@tianon tianon Aug 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
inetutils-ping\
inetutils-ping \

👀

Copy link
Member Author

@thaJeztah thaJeztah Aug 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙈

Dockerfile.e2e Outdated
Copy link
Member

@tianon tianon Aug 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
inetutils-ping\
inetutils-ping \

@thaJeztah
Dockerfile: update to debian bullseye
43c6a3d 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Dockerfile: add back libseccomp-dev to cross-compile runc
1effe74 
commit 7168d98 removed these, but
we overlooked that the same stage is used to build runc as well, so
we likely need these.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Dockerfile: frozen images: update to bullseye, remove buildpack-dep
f68260b 
Update the frozen images to also be based on Debian bullseye. Using the "slim"
variant (which looks to have all we're currently using),  and remove the
buildpack-dep frozen image.

The buildpack-dep image is quite large, and it looks like we only use it to
compile some C binaries, which should work fine on a regular debian image;

    docker build -t debian:bullseye-slim-gcc -<<EOF
    FROM debian:bullseye-slim
    RUN apt-get update && apt-get install -y gcc libc6-dev --no-install-recommends
    EOF

    docker image ls

    REPOSITORY        TAG                 IMAGE ID       CREATED          SIZE
    debian            bullseye-slim-gcc   1851750242af   About a minute ago   255MB
    buildpack-deps    bullseye            fe8fece98de2   2 days ago           834MB

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Copy link
Member Author

thaJeztah commented Aug 20, 2021

@tianon fixed; PTAL

@thaJeztah
Copy link
Member Author

thaJeztah commented Aug 20, 2021

New flaky test? ("interesting" error)

=== RUN   TestServicePlugin
    plugin_test.go:50: assertion failed: error is not nil: Error response from daemon: content sha256:fc6183ae6e37a7808e1ee317bb5d513b52d0053577e973606e9725f26135ac7d: already exists
--- FAIL: TestServicePlugin (2.09s)

tianon
tianon approved these changes Aug 21, 2021
View reviewed changes
Dockerfile
--mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
chmod 0644 /etc/apt/trusted.gpg.d/criu.gpg.asc \
&& echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/ /' > /etc/apt/sources.list.d/criu.list \
echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/ /' > /etc/apt/sources.list.d/criu.list \
Copy link
Member

@tianon tianon Aug 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add something like TODO update to Debian_11 or just not worry about it? (It's probably fine.)

Copy link
Member Author

@thaJeztah thaJeztah Aug 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm hoping @kolyshkin will remind me at that time; opencontainers/runc#3171 (comment) 😁

@thaJeztah
Copy link
Member Author

thaJeztah commented Aug 22, 2021

@AkihiroSuda @cpuguy83 PTAL

@AkihiroSuda AkihiroSuda merged commit 2f74fa5 into moby:master Aug 22, 2021
@thaJeztah thaJeztah deleted the go_🎯 branch August 22, 2021 18:37
@thaJeztah thaJeztah mentioned this pull request Sep 27, 2021
Merged
@prabhav-thali prabhav-thali mentioned this pull request Sep 9, 2022
Merged
@thaJeztah thaJeztah mentioned this pull request Jan 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tianon tianon tianon approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

area/packaging area/testing status/2-code-review

Projects

None yet

Milestone

23.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@thaJeztah @tianon @AkihiroSuda