Skip to content

Commit 65f44c6

Browse files
AkihiroSudaAkihiroSuda
committedMar 19, 2025··
update containerd (2.0.4), etc.; verify the git tags with the commit hashes
Signed-off-by: Akihiro Suda <[email protected]>
·
v2.0.4
1 parent fe82600 commit 65f44c6

8 files changed

+124
-66
lines changed
 

‎.github/workflows/test-canary.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ jobs:
8181
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
8282
with:
8383
repository: containerd/containerd
84-
ref: "v1.7.25"
84+
ref: "v1.7.27"
8585
path: containerd
8686
fetch-depth: 1
8787
- name: "Set up CNI"

‎.github/workflows/test.yml

+15-15
Original file line numberDiff line numberDiff line change
@@ -26,13 +26,13 @@ jobs:
2626
matrix:
2727
include:
2828
- runner: ubuntu-24.04
29-
containerd: v1.6.36
29+
containerd: v1.6.38
3030
arch: amd64
3131
- runner: ubuntu-24.04
32-
containerd: v2.0.3
32+
containerd: v2.0.4
3333
arch: amd64
3434
- runner: ubuntu-24.04-arm
35-
containerd: v2.0.3
35+
containerd: v2.0.4
3636
arch: arm64
3737
env:
3838
CONTAINERD_VERSION: "${{ matrix.containerd }}"
@@ -82,7 +82,7 @@ jobs:
8282
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
8383
with:
8484
repository: containerd/containerd
85-
ref: v1.7.25
85+
ref: v1.7.27
8686
path: containerd
8787
fetch-depth: 1
8888
- if: ${{ matrix.goos=='windows' }}
@@ -102,15 +102,15 @@ jobs:
102102
matrix:
103103
include:
104104
- ubuntu: 22.04
105-
containerd: v1.6.36
105+
containerd: v1.6.38
106106
runner: "ubuntu-22.04"
107107
arch: amd64
108108
- ubuntu: 24.04
109-
containerd: v2.0.3
109+
containerd: v2.0.4
110110
runner: "ubuntu-24.04"
111111
arch: amd64
112112
- ubuntu: 24.04
113-
containerd: v2.0.3
113+
containerd: v2.0.4
114114
runner: "ubuntu-24.04-arm"
115115
arch: arm64
116116
env:
@@ -160,7 +160,7 @@ jobs:
160160
matrix:
161161
include:
162162
- ubuntu: 24.04
163-
containerd: v2.0.3
163+
containerd: v2.0.4
164164
arch: amd64
165165
env:
166166
CONTAINERD_VERSION: "${{ matrix.containerd }}"
@@ -221,25 +221,25 @@ jobs:
221221
matrix:
222222
include:
223223
- ubuntu: 22.04
224-
containerd: v1.6.36
224+
containerd: v1.6.38
225225
rootlesskit: v1.1.1 # Deprecated
226226
target: rootless
227227
runner: "ubuntu-22.04"
228228
arch: amd64
229229
- ubuntu: 24.04
230-
containerd: v2.0.3
230+
containerd: v2.0.4
231231
rootlesskit: v2.3.4
232232
target: rootless
233233
arch: amd64
234234
runner: "ubuntu-24.04"
235235
- ubuntu: 24.04
236-
containerd: v2.0.3
236+
containerd: v2.0.4
237237
rootlesskit: v2.3.4
238238
target: rootless
239239
arch: arm64
240240
runner: "ubuntu-24.04-arm"
241241
- ubuntu: 24.04
242-
containerd: v2.0.3
242+
containerd: v2.0.4
243243
rootlesskit: v2.3.4
244244
target: rootless-port-slirp4netns
245245
arch: amd64
@@ -373,15 +373,15 @@ jobs:
373373
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
374374
with:
375375
repository: containerd/containerd
376-
ref: v1.7.25
376+
ref: v1.7.27
377377
path: containerd
378378
fetch-depth: 1
379379
- name: "Set up CNI"
380380
working-directory: containerd
381381
run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows
382382
- name: "Set up containerd"
383383
env:
384-
ctrdVersion: 1.7.25
384+
ctrdVersion: 1.7.27
385385
run: powershell hack/configure-windows-ci.ps1
386386
- name: "Run integration tests"
387387
run: ./hack/test-integration.sh -test.only-flaky=false
@@ -437,7 +437,7 @@ jobs:
437437
env:
438438
MODE: ${{ matrix.mode }}
439439
# FIXME: this is only necessary to access the build cache. To remove with build cleanup.
440-
CONTAINERD_VERSION: v2.0.3
440+
CONTAINERD_VERSION: v2.0.4
441441
steps:
442442
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
443443
with:

‎Dockerfile

+49-38
Original file line numberDiff line numberDiff line change
@@ -15,42 +15,42 @@
1515
# -----------------------------------------------------------------------------
1616
# Usage: `docker run -it --privileged <IMAGE>`. Make sure to add `-t` and `--privileged`.
1717

18-
# TODO: verify commit hash
19-
2018
# Basic deps
21-
ARG CONTAINERD_VERSION=v2.0.3
22-
ARG RUNC_VERSION=v1.2.5
23-
ARG CNI_PLUGINS_VERSION=v1.6.2
19+
# @BINARY: the binary checksums are verified via Dockerfile.d/SHA256SUMS.d/<COMPONENT>-<VERSION>
20+
ARG CONTAINERD_VERSION=v2.0.4@1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20
21+
ARG RUNC_VERSION=v1.2.6@e89a29929c775025419ab0d218a43588b4c12b9a
22+
ARG CNI_PLUGINS_VERSION=v1.6.2@BINARY
2423

2524
# Extra deps: Build
26-
ARG BUILDKIT_VERSION=v0.20.1
25+
ARG BUILDKIT_VERSION=v0.20.1@BINARY
2726
# Extra deps: Lazy-pulling
28-
ARG STARGZ_SNAPSHOTTER_VERSION=v0.16.3
27+
ARG STARGZ_SNAPSHOTTER_VERSION=v0.16.3@BINARY
2928
# Extra deps: Encryption
30-
ARG IMGCRYPT_VERSION=v2.0.0
29+
ARG IMGCRYPT_VERSION=v2.0.1@c377ec98ff79ec9205eabf555ebd2ea784738c6c
3130
# Extra deps: Rootless
32-
ARG ROOTLESSKIT_VERSION=v2.3.4
33-
ARG SLIRP4NETNS_VERSION=v1.3.1
31+
ARG ROOTLESSKIT_VERSION=v2.3.4@BINARY
32+
ARG SLIRP4NETNS_VERSION=v1.3.2@BINARY
3433
# Extra deps: bypass4netns
35-
ARG BYPASS4NETNS_VERSION=v0.4.2
34+
ARG BYPASS4NETNS_VERSION=v0.4.2@aa04bd3dcc48c6dae6d7327ba219bda8fe2a4634
3635
# Extra deps: FUSE-OverlayFS
37-
ARG FUSE_OVERLAYFS_VERSION=v1.14
38-
ARG CONTAINERD_FUSE_OVERLAYFS_VERSION=v2.1.1
36+
ARG FUSE_OVERLAYFS_VERSION=v1.14@BINARY
37+
ARG CONTAINERD_FUSE_OVERLAYFS_VERSION=v2.1.2@BINARY
3938
# Extra deps: Init
40-
ARG TINI_VERSION=v0.19.0
39+
ARG TINI_VERSION=v0.19.0@BINARY
4140
# Extra deps: Debug
42-
ARG BUILDG_VERSION=v0.4.1
41+
ARG BUILDG_VERSION=v0.4.1@BINARY
4342

4443
# Test deps
44+
# Currently, the Docker Official Images and the test deps are not pinned by the hash
4545
ARG GO_VERSION=1.24
4646
ARG UBUNTU_VERSION=24.04
4747
ARG CONTAINERIZED_SYSTEMD_VERSION=v0.1.1
4848
ARG GOTESTSUM_VERSION=v1.12.0
4949
ARG NYDUS_VERSION=v2.3.0
5050
ARG SOCI_SNAPSHOTTER_VERSION=0.8.0
51-
ARG KUBO_VERSION=v0.32.1
51+
ARG KUBO_VERSION=v0.33.2
5252

53-
FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.6.1 AS xx
53+
FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.6.1@sha256:923441d7c25f1e2eb5789f82d987693c47b8ed987c4ab3b075d6ed2b5d6779a3 AS xx
5454

5555

5656
FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bookworm AS build-base-debian
@@ -70,13 +70,14 @@ RUN xx-apt-get update -qq && xx-apt-get install -qq --no-install-recommends \
7070
libseccomp-dev \
7171
pkg-config
7272
RUN git config --global advice.detachedHead false
73+
ADD hack/git-checkout-tag-with-hash.sh /usr/local/bin/
7374

7475
FROM build-base-debian AS build-containerd
7576
ARG TARGETARCH
7677
ARG CONTAINERD_VERSION
7778
RUN git clone https://github.com/containerd/containerd.git /go/src/github.com/containerd/containerd
7879
WORKDIR /go/src/github.com/containerd/containerd
79-
RUN git checkout ${CONTAINERD_VERSION} && \
80+
RUN git-checkout-tag-with-hash.sh ${CONTAINERD_VERSION} && \
8081
mkdir -p /out /out/$TARGETARCH && \
8182
cp -a containerd.service /out
8283
RUN GO=xx-go make STATIC=1 && \
@@ -87,7 +88,7 @@ ARG RUNC_VERSION
8788
ARG TARGETARCH
8889
RUN git clone https://github.com/opencontainers/runc.git /go/src/github.com/opencontainers/runc
8990
WORKDIR /go/src/github.com/opencontainers/runc
90-
RUN git checkout ${RUNC_VERSION} && \
91+
RUN git-checkout-tag-with-hash.sh ${RUNC_VERSION} && \
9192
mkdir -p /out
9293
ENV CGO_ENABLED=1
9394
RUN GO=xx-go CC=$(xx-info)-gcc STRIP=$(xx-info)-strip make static && \
@@ -98,7 +99,7 @@ ARG BYPASS4NETNS_VERSION
9899
ARG TARGETARCH
99100
RUN git clone https://github.com/rootless-containers/bypass4netns.git /go/src/github.com/rootless-containers/bypass4netns
100101
WORKDIR /go/src/github.com/rootless-containers/bypass4netns
101-
RUN git checkout ${BYPASS4NETNS_VERSION} && \
102+
RUN git-checkout-tag-with-hash.sh ${BYPASS4NETNS_VERSION} && \
102103
mkdir -p /out/${TARGETARCH}
103104
ENV CGO_ENABLED=1
104105
RUN GO=xx-go make static && \
@@ -109,7 +110,7 @@ ARG KUBO_VERSION
109110
ARG TARGETARCH
110111
RUN git clone https://github.com/ipfs/kubo.git /go/src/github.com/ipfs/kubo
111112
WORKDIR /go/src/github.com/ipfs/kubo
112-
RUN git checkout ${KUBO_VERSION} && \
113+
RUN git-checkout-tag-with-hash.sh ${KUBO_VERSION} && \
113114
mkdir -p /out/${TARGETARCH}
114115
ENV CGO_ENABLED=0
115116
RUN xx-go --wrap && \
@@ -119,6 +120,7 @@ RUN xx-go --wrap && \
119120
FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS build-base
120121
RUN apk add --no-cache make git curl
121122
RUN git config --global advice.detachedHead false
123+
ADD hack/git-checkout-tag-with-hash.sh /usr/local/bin/
122124

123125
FROM build-base AS build-minimal
124126
RUN BINDIR=/out/bin make binaries install
@@ -134,20 +136,22 @@ RUN mkdir -p /out/share/doc/nerdctl-full && touch /out/share/doc/nerdctl-full/RE
134136
ARG CONTAINERD_VERSION
135137
COPY --from=build-containerd /out/${TARGETARCH:-amd64}/* /out/bin/
136138
COPY --from=build-containerd /out/containerd.service /out/lib/systemd/system/containerd.service
137-
RUN echo "- containerd: ${CONTAINERD_VERSION}" >> /out/share/doc/nerdctl-full/README.md
139+
RUN echo "- containerd: ${CONTAINERD_VERSION/@*}" >> /out/share/doc/nerdctl-full/README.md
138140
ARG RUNC_VERSION
139141
COPY --from=build-runc /out/runc.${TARGETARCH:-amd64} /out/bin/runc
140-
RUN echo "- runc: ${RUNC_VERSION}" >> /out/share/doc/nerdctl-full/README.md
142+
RUN echo "- runc: ${RUNC_VERSION/@*}" >> /out/share/doc/nerdctl-full/README.md
141143
ARG CNI_PLUGINS_VERSION
142-
RUN fname="cni-plugins-${TARGETOS:-linux}-${TARGETARCH:-amd64}-${CNI_PLUGINS_VERSION}.tgz" && \
144+
RUN CNI_PLUGINS_VERSION=${CNI_PLUGINS_VERSION/@BINARY}; \
145+
fname="cni-plugins-${TARGETOS:-linux}-${TARGETARCH:-amd64}-${CNI_PLUGINS_VERSION}.tgz" && \
143146
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGINS_VERSION}/${fname}" && \
144147
grep "${fname}" "/SHA256SUMS.d/cni-plugins-${CNI_PLUGINS_VERSION}" | sha256sum -c && \
145148
mkdir -p /out/libexec/cni && \
146149
tar xzf "${fname}" -C /out/libexec/cni && \
147150
rm -f "${fname}" && \
148151
echo "- CNI plugins: ${CNI_PLUGINS_VERSION}" >> /out/share/doc/nerdctl-full/README.md
149152
ARG BUILDKIT_VERSION
150-
RUN fname="buildkit-${BUILDKIT_VERSION}.${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \
153+
RUN BUILDKIT_VERSION=${BUILDKIT_VERSION/@BINARY}; \
154+
fname="buildkit-${BUILDKIT_VERSION}.${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \
151155
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/moby/buildkit/releases/download/${BUILDKIT_VERSION}/${fname}" && \
152156
grep "${fname}" "/SHA256SUMS.d/buildkit-${BUILDKIT_VERSION}" | sha256sum -c && \
153157
tar xzf "${fname}" -C /out && \
@@ -161,7 +165,8 @@ RUN cd /out/lib/systemd/system && \
161165
echo "" >> buildkit.service && \
162166
echo "# This file was converted from containerd.service, with \`sed -E '${sedcomm}'\`" >> buildkit.service
163167
ARG STARGZ_SNAPSHOTTER_VERSION
164-
RUN fname="stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \
168+
RUN STARGZ_SNAPSHOTTER_VERSION=${STARGZ_SNAPSHOTTER_VERSION/@BINARY}; \
169+
fname="stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \
165170
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/containerd/stargz-snapshotter/releases/download/${STARGZ_SNAPSHOTTER_VERSION}/${fname}" && \
166171
curl -o "stargz-snapshotter.service" -fsSL --proto '=https' --tlsv1.2 "https://raw.githubusercontent.com/containerd/stargz-snapshotter/${STARGZ_SNAPSHOTTER_VERSION}/script/config/etc/systemd/system/stargz-snapshotter.service" && \
167172
grep "${fname}" "/SHA256SUMS.d/stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}" | sha256sum -c - && \
@@ -173,48 +178,54 @@ RUN fname="stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}-${TARGETOS:-linux}-$
173178
ARG IMGCRYPT_VERSION
174179
RUN git clone https://github.com/containerd/imgcrypt.git /go/src/github.com/containerd/imgcrypt && \
175180
cd /go/src/github.com/containerd/imgcrypt && \
176-
git checkout "${IMGCRYPT_VERSION}" && \
181+
git-checkout-tag-with-hash.sh "${IMGCRYPT_VERSION}" && \
177182
CGO_ENABLED=0 make && DESTDIR=/out make install && \
178-
echo "- imgcrypt: ${IMGCRYPT_VERSION}" >> /out/share/doc/nerdctl-full/README.md
183+
echo "- imgcrypt: ${IMGCRYPT_VERSION/@*}" >> /out/share/doc/nerdctl-full/README.md
179184
ARG SLIRP4NETNS_VERSION
180-
RUN fname="slirp4netns-$(cat /target_uname_m)" && \
185+
RUN SLIRP4NETNS_VERSION=${SLIRP4NETNS_VERSION/@BINARY}; \
186+
fname="slirp4netns-$(cat /target_uname_m)" && \
181187
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/rootless-containers/slirp4netns/releases/download/${SLIRP4NETNS_VERSION}/${fname}" && \
182188
grep "${fname}" "/SHA256SUMS.d/slirp4netns-${SLIRP4NETNS_VERSION}" | sha256sum -c && \
183189
mv "${fname}" /out/bin/slirp4netns && \
184190
chmod +x /out/bin/slirp4netns && \
185191
echo "- slirp4netns: ${SLIRP4NETNS_VERSION}" >> /out/share/doc/nerdctl-full/README.md
186192
ARG BYPASS4NETNS_VERSION
187193
COPY --from=build-bypass4netns /out/${TARGETARCH:-amd64}/* /out/bin/
188-
RUN echo "- bypass4netns: ${BYPASS4NETNS_VERSION}" >> /out/share/doc/nerdctl-full/README.md
194+
RUN echo "- bypass4netns: ${BYPASS4NETNS_VERSION/@*}" >> /out/share/doc/nerdctl-full/README.md
189195
ARG FUSE_OVERLAYFS_VERSION
190-
RUN fname="fuse-overlayfs-$(cat /target_uname_m)" && \
196+
RUN FUSE_OVERLAYFS_VERSION=${FUSE_OVERLAYFS_VERSION/@BINARY}; \
197+
fname="fuse-overlayfs-$(cat /target_uname_m)" && \
191198
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/containers/fuse-overlayfs/releases/download/${FUSE_OVERLAYFS_VERSION}/${fname}" && \
192199
grep "${fname}" "/SHA256SUMS.d/fuse-overlayfs-${FUSE_OVERLAYFS_VERSION}" | sha256sum -c && \
193200
mv "${fname}" /out/bin/fuse-overlayfs && \
194201
chmod +x /out/bin/fuse-overlayfs && \
195202
echo "- fuse-overlayfs: ${FUSE_OVERLAYFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md
196203
ARG CONTAINERD_FUSE_OVERLAYFS_VERSION
197-
RUN fname="containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION/v}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \
204+
RUN CONTAINERD_FUSE_OVERLAYFS_VERSION=${CONTAINERD_FUSE_OVERLAYFS_VERSION/@BINARY}; \
205+
fname="containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION/v}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \
198206
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/${CONTAINERD_FUSE_OVERLAYFS_VERSION}/${fname}" && \
199207
grep "${fname}" "/SHA256SUMS.d/containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}" | sha256sum -c && \
200208
tar xzf "${fname}" -C /out/bin && \
201209
rm -f "${fname}" && \
202210
echo "- containerd-fuse-overlayfs: ${CONTAINERD_FUSE_OVERLAYFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md
203211
ARG TINI_VERSION
204-
RUN fname="tini-static-${TARGETARCH:-amd64}" && \
212+
RUN TINI_VERSION=${TINI_VERSION/@BINARY}; \
213+
fname="tini-static-${TARGETARCH:-amd64}" && \
205214
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${fname}" && \
206215
grep "${fname}" "/SHA256SUMS.d/tini-${TINI_VERSION}" | sha256sum -c && \
207216
cp -a "${fname}" /out/bin/tini && chmod +x /out/bin/tini && \
208217
echo "- Tini: ${TINI_VERSION}" >> /out/share/doc/nerdctl-full/README.md
209218
ARG BUILDG_VERSION
210-
RUN fname="buildg-${BUILDG_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \
219+
RUN BUILDG_VERSION=${BUILDG_VERSION/@BINARY}; \
220+
fname="buildg-${BUILDG_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \
211221
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/ktock/buildg/releases/download/${BUILDG_VERSION}/${fname}" && \
212222
grep "${fname}" "/SHA256SUMS.d/buildg-${BUILDG_VERSION}" | sha256sum -c && \
213223
tar xzf "${fname}" -C /out/bin && \
214224
rm -f "${fname}" && \
215225
echo "- buildg: ${BUILDG_VERSION}" >> /out/share/doc/nerdctl-full/README.md
216226
ARG ROOTLESSKIT_VERSION
217-
RUN fname="rootlesskit-$(cat /target_uname_m).tar.gz" && \
227+
RUN ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION/@BINARY}; \
228+
fname="rootlesskit-$(cat /target_uname_m).tar.gz" && \
218229
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/rootless-containers/rootlesskit/releases/download/${ROOTLESSKIT_VERSION}/${fname}" && \
219230
grep "${fname}" "/SHA256SUMS.d/rootlesskit-${ROOTLESSKIT_VERSION}" | sha256sum -c && \
220231
tar xzf "${fname}" -C /out/bin && \
@@ -223,10 +234,10 @@ RUN fname="rootlesskit-$(cat /target_uname_m).tar.gz" && \
223234

224235
RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \
225236
echo "## License" >> /out/share/doc/nerdctl-full/README.md && \
226-
echo "- bin/slirp4netns: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/${SLIRP4NETNS_VERSION}/COPYING)" >> /out/share/doc/nerdctl-full/README.md && \
227-
echo "- bin/fuse-overlayfs: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/containers/fuse-overlayfs/blob/${FUSE_OVERLAYFS_VERSION}/COPYING)" >> /out/share/doc/nerdctl-full/README.md && \
237+
echo "- bin/slirp4netns: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/${SLIRP4NETNS_VERSION/@*}/COPYING)" >> /out/share/doc/nerdctl-full/README.md && \
238+
echo "- bin/fuse-overlayfs: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/containers/fuse-overlayfs/blob/${FUSE_OVERLAYFS_VERSION/@*}/COPYING)" >> /out/share/doc/nerdctl-full/README.md && \
228239
echo "- bin/{runc,bypass4netns,bypass4netnsd}: Apache License 2.0, statically linked with libseccomp ([LGPL 2.1](https://github.com/seccomp/libseccomp/blob/main/LICENSE), source code available at https://github.com/seccomp/libseccomp/)" >> /out/share/doc/nerdctl-full/README.md && \
229-
echo "- bin/tini: [MIT License](https://github.com/krallin/tini/blob/${TINI_VERSION}/LICENSE)" >> /out/share/doc/nerdctl-full/README.md && \
240+
echo "- bin/tini: [MIT License](https://github.com/krallin/tini/blob/${TINI_VERSION/@*}/LICENSE)" >> /out/share/doc/nerdctl-full/README.md && \
230241
echo "- Other files: [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)" >> /out/share/doc/nerdctl-full/README.md
231242

232243
FROM build-dependencies AS build-full

‎Dockerfile.d/SHA256SUMS.d/containerd-fuse-overlayfs-v2.1.1

-6
This file was deleted.

‎Dockerfile.d/SHA256SUMS.d/containerd-fuse-overlayfs-v2.1.2

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
b484d76468b7e91e215c7bdab99eb6322e3c396707cd72c3571d8bc6a62f4fb5 containerd-fuse-overlayfs-2.1.2-linux-amd64.tar.gz
2+
35648602f4eea1a84095ac19ca63752e3a9faa2e1a3b9ba95c6e555aee932820 containerd-fuse-overlayfs-2.1.2-linux-arm-v7.tar.gz
3+
0d9a75ef98e4538f039fea3da621560fd2b85a6bc34735f189121decf7d2266b containerd-fuse-overlayfs-2.1.2-linux-arm64.tar.gz
4+
02a4f9c90b2fbabd4326a19f7659638b36910c4633fe1772f44da6239c4e95fa containerd-fuse-overlayfs-2.1.2-linux-ppc64le.tar.gz
5+
febd653d766cc724383045509b6958d8f1bdfc4d4b8d5027099d7760c6374dca containerd-fuse-overlayfs-2.1.2-linux-riscv64.tar.gz
6+
44a6c830d3371d522033ac47a2f90b6be12311d72a8b290a70d73771aa062e6c containerd-fuse-overlayfs-2.1.2-linux-s390x.tar.gz

‎Dockerfile.d/SHA256SUMS.d/slirp4netns-v1.3.1

-6
This file was deleted.

‎Dockerfile.d/SHA256SUMS.d/slirp4netns-v1.3.2

+7
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
b4162d27bbbd3683ca8ee57b51a1b270c0054b3a15fcc1830a5d7c10b77ad045 SOURCE_DATE_EPOCH
2+
c55117faa5e18345a3ee1515267f056822ff0c1897999ae5422b0114ee48df85 slirp4netns-aarch64
3+
f55a6c9e3ec8280e9c3cec083f07dc124e2846ce8139a9281c35013e968d7e95 slirp4netns-armv7l
4+
7b388a9cacbd89821f7f7a6457470fcae8f51aa846162521589feb4634ec7586 slirp4netns-ppc64le
5+
041f9fe507510de1fbb802933a6add093ff19f941185965295c81f2ba4fc9cec slirp4netns-riscv64
6+
aa39cf14414ae53dbff6b79dfdfa55b5ff8ac5250e2261804863cd365b33a818 slirp4netns-s390x
7+
4d55a3658ae259e3e74bb75cf058eb05d6e39ad6bbe170ca8e94c2462bea0eb1 slirp4netns-x86_64

‎hack/git-checkout-tag-with-hash.sh

+46
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
#!/bin/sh
2+
3+
# Copyright The containerd Authors.
4+
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
17+
# This script is intended to be usable in other projects too.
18+
# * Must not have project-specific logics
19+
# * Must be compatible with bash, dash, and busybox
20+
21+
set -eu
22+
if [ "$#" -ne 1 ]; then
23+
echo "$0: checkout TAG with HASH, and validate it"
24+
echo "Usage: $0 TAG[@HASH]"
25+
exit 0
26+
fi
27+
28+
: "${GIT:=git}"
29+
TAG="$(echo "$1" | cut -d@ -f1)"
30+
HASH=""
31+
case "$1" in
32+
*@*)
33+
HASH="$(echo "$1" | cut -d@ -f2)"
34+
;;
35+
esac
36+
37+
"$GIT" checkout "$TAG"
38+
HEAD="$("$GIT" rev-parse HEAD)"
39+
if [ -z "$HASH" ]; then
40+
echo >&2 "WARNING: ${TAG}: commit hash was not specified (got ${HEAD})"
41+
else
42+
if [ "$HEAD" != "$HASH" ]; then
43+
echo >&2 "ERROR: ${TAG}: expected ${HASH}, got ${HEAD}"
44+
exit 1
45+
fi
46+
fi

0 commit comments

Comments
 (0)
Please sign in to comment.