From a19e8fd05de6eba038bb01089ac16de77ad66e15 Mon Sep 17 00:00:00 2001 From: Johan Brandhorst-Satzkorn Date: Wed, 24 Jul 2024 17:01:43 -0700 Subject: [PATCH 1/4] plugincontainer: fix image build Lock the image version used in test, and switch to available commands --- plugincontainer/examples/container/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugincontainer/examples/container/Dockerfile b/plugincontainer/examples/container/Dockerfile index ad2b249..d683d69 100644 --- a/plugincontainer/examples/container/Dockerfile +++ b/plugincontainer/examples/container/Dockerfile @@ -7,13 +7,13 @@ COPY go-plugin-counter /bin/go-plugin-counter ENTRYPOINT [ "/bin/go-plugin-counter" ] -FROM docker.mirror.hashicorp.services/ubuntu as nonroot +FROM docker.mirror.hashicorp.services/ubuntu@sha256:2e863c44b718727c860746568e1d54afd13b2fa71b160f5cd9058fc436217b30 as nonroot COPY go-plugin-counter /bin/go-plugin-counter RUN apt-get update && apt-get install -y libcap2-bin acl && \ - addgroup --system nonroot && \ - adduser --system --ingroup nonroot nonroot && \ + groupadd --system nonroot && \ + useradd --system -g nonroot nonroot && \ chown -R nonroot:nonroot /bin/go-plugin-counter && \ cp /bin/go-plugin-counter /bin/go-plugin-counter-mlock && \ setcap cap_ipc_lock=+ep /bin/go-plugin-counter-mlock @@ -27,4 +27,4 @@ FROM nonroot as nonroot-mlock ENTRYPOINT [ "/bin/go-plugin-counter-mlock" ] # Set root as the default image. -FROM root \ No newline at end of file +FROM root From 1b8003b72ed5e694a0d81f99e35415e46339b1a7 Mon Sep 17 00:00:00 2001 From: Johan Brandhorst-Satzkorn Date: Wed, 24 Jul 2024 17:08:08 -0700 Subject: [PATCH 2/4] Try making it executable --- plugincontainer/examples/container/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/plugincontainer/examples/container/Dockerfile b/plugincontainer/examples/container/Dockerfile index d683d69..1d5fe9c 100644 --- a/plugincontainer/examples/container/Dockerfile +++ b/plugincontainer/examples/container/Dockerfile @@ -15,6 +15,7 @@ RUN apt-get update && apt-get install -y libcap2-bin acl && \ groupadd --system nonroot && \ useradd --system -g nonroot nonroot && \ chown -R nonroot:nonroot /bin/go-plugin-counter && \ + cmod 0755 /bin/go-plugin-counter && \ cp /bin/go-plugin-counter /bin/go-plugin-counter-mlock && \ setcap cap_ipc_lock=+ep /bin/go-plugin-counter-mlock From 5bc659af1fd5ce040fffbadf56c0789ec790eb31 Mon Sep 17 00:00:00 2001 From: Johan Brandhorst-Satzkorn Date: Wed, 24 Jul 2024 17:11:27 -0700 Subject: [PATCH 3/4] =?UTF-8?q?=F0=9F=A4=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugincontainer/examples/container/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugincontainer/examples/container/Dockerfile b/plugincontainer/examples/container/Dockerfile index 1d5fe9c..217bd8d 100644 --- a/plugincontainer/examples/container/Dockerfile +++ b/plugincontainer/examples/container/Dockerfile @@ -15,7 +15,7 @@ RUN apt-get update && apt-get install -y libcap2-bin acl && \ groupadd --system nonroot && \ useradd --system -g nonroot nonroot && \ chown -R nonroot:nonroot /bin/go-plugin-counter && \ - cmod 0755 /bin/go-plugin-counter && \ + chmod 0755 /bin/go-plugin-counter && \ cp /bin/go-plugin-counter /bin/go-plugin-counter-mlock && \ setcap cap_ipc_lock=+ep /bin/go-plugin-counter-mlock From ec7f39de0e21b9032e254c6e95cefb4c1c5530a2 Mon Sep 17 00:00:00 2001 From: Johan Brandhorst-Satzkorn Date: Wed, 31 Jul 2024 17:41:58 -0700 Subject: [PATCH 4/4] =?UTF-8?q?Hopefully=20fix=20build=20=F0=9F=A4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/go.yml | 2 +- plugincontainer/examples/container/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 268e752..205f94b 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -49,7 +49,7 @@ jobs: ( set -e ARCH="$(uname -m)" - URL="https://storage.googleapis.com/gvisor/releases/release/latest/${ARCH}" + URL="https://storage.googleapis.com/gvisor/releases/release/20240311/${ARCH}" wget --quiet "${URL}/runsc" "${URL}/runsc.sha512" \ "${URL}/containerd-shim-runsc-v1" "${URL}/containerd-shim-runsc-v1.sha512" sha512sum -c runsc.sha512 \ diff --git a/plugincontainer/examples/container/Dockerfile b/plugincontainer/examples/container/Dockerfile index 217bd8d..6636a94 100644 --- a/plugincontainer/examples/container/Dockerfile +++ b/plugincontainer/examples/container/Dockerfile @@ -7,6 +7,7 @@ COPY go-plugin-counter /bin/go-plugin-counter ENTRYPOINT [ "/bin/go-plugin-counter" ] +# This is docker.mirror.hashicorp.services/ubuntu:24.04 as of 2024-07-31. FROM docker.mirror.hashicorp.services/ubuntu@sha256:2e863c44b718727c860746568e1d54afd13b2fa71b160f5cd9058fc436217b30 as nonroot COPY go-plugin-counter /bin/go-plugin-counter @@ -15,7 +16,6 @@ RUN apt-get update && apt-get install -y libcap2-bin acl && \ groupadd --system nonroot && \ useradd --system -g nonroot nonroot && \ chown -R nonroot:nonroot /bin/go-plugin-counter && \ - chmod 0755 /bin/go-plugin-counter && \ cp /bin/go-plugin-counter /bin/go-plugin-counter-mlock && \ setcap cap_ipc_lock=+ep /bin/go-plugin-counter-mlock