diff --git a/tools/buildkit/Dockerfile.template b/tools/buildkit/Dockerfile.template index ea89efcea6..11d1cc75f7 100644 --- a/tools/buildkit/Dockerfile.template +++ b/tools/buildkit/Dockerfile.template @@ -7,14 +7,15 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version -COPY init-buildkit "/uniget_bootstrap/etc/init.d/buildkit" RUN < /dev/null | grep -q upstart; then - log_failure_msg "$BUILDKIT_DESC is managed via upstart, try using service $BASE $1" - exit 1 - fi -} -fail_unless_root() { - if [ "$(id -u)" != '0' ]; then - log_failure_msg "$BUILDKIT_DESC must be run as root" - exit 1 - fi -} -cgroupfs_mount() { - # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount - if grep -v '^#' /etc/fstab | grep -q cgroup \ - || [ ! -e /proc/cgroups ] \ - || [ ! -d /sys/fs/cgroup ]; then - return - fi - if ! mountpoint -q /sys/fs/cgroup; then - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup - fi - ( - cd /sys/fs/cgroup - for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do - mkdir -p $sys - if ! mountpoint -q $sys; then - if ! mount -n -t cgroup -o $sys cgroup $sys; then - rmdir $sys || true - fi - fi - done - ) -} -case "$1" in - start) - check_init - fail_unless_root - cgroupfs_mount - touch "$BUILDKIT_LOGFILE" - ulimit -n 1048576 - # Having non-zero limits causes performance problems due to accounting overhead - # in the kernel. We recommend using cgroups to do container-local accounting. - if [ "$BASH" ]; then - ulimit -u unlimited - else - ulimit -p unlimited - fi - log_begin_msg "Starting $BUILDKIT_DESC: $BASE" - start-stop-daemon --start --background \ - --no-close \ - --exec "$BUILDKIT" \ - --pidfile "$BUILDKIT_SSD_PIDFILE" \ - --make-pidfile \ - -- \ - >> "$BUILDKIT_LOGFILE" 2>&1 - log_end_msg $? - ;; - stop) - check_init - fail_unless_root - if [ -f "$BUILDKIT_SSD_PIDFILE" ]; then - log_begin_msg "Stopping $BUILDKIT_DESC: $BASE" - start-stop-daemon --stop --pidfile "$BUILDKIT_SSD_PIDFILE" --retry 10 - log_end_msg $? - else - log_warning_msg "Docker already stopped - file $BUILDKIT_SSD_PIDFILE not found." - fi - ;; - restart) - check_init - fail_unless_root - buildkit_pid=$(cat "$BUILDKIT_SSD_PIDFILE" 2> /dev/null) - [ -n "$buildkit_pid" ] \ - && ps -p $buildkit_pid > /dev/null 2>&1 \ - && $0 stop - $0 start - ;; - force-reload) - check_init - fail_unless_root - $0 restart - ;; - status) - check_init - status_of_proc -p "$BUILDKIT_SSD_PIDFILE" "$BUILDKIT" "$BUILDKIT_DESC" - ;; - *) - echo "Usage: service buildkit {start|stop|restart|status}" - exit 1 - ;; -esac \ No newline at end of file diff --git a/tools/buildkit/post_install.sh b/tools/buildkit/post_install.sh deleted file mode 100644 index ad5bd64eb7..0000000000 --- a/tools/buildkit/post_install.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -echo "Install init script" -cat "${target}/etc/init.d/buildkit" \ -| sed "s|/usr/local/bin/buildkitd|${target}/bin/buildkitd|" \ ->"/etc/init.d/buildkit" - -echo "Install systemd units" -cat "${target}/etc/systemd/system/buildkit.service" \ -| sed "s|ExecStart=/usr/local/bin/buildkitd|ExecStart=${target}/bin/buildkitd|" \ ->"/etc/systemd/system/buildkit.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/buildx/manifest.yaml b/tools/buildx/manifest.yaml index b78a8b83ff..f9aff768a9 100644 --- a/tools/buildx/manifest.yaml +++ b/tools/buildx/manifest.yaml @@ -21,6 +21,16 @@ tags: - docker homepage: https://github.com/docker/buildx description: Docker CLI plugin for extended build capabilities with BuildKit +messages: + internals: | + It is recommended to make buildx the default builder by adding the following + to you ~/.docker/config.json: + + { + "aliases": { + "builder": "buildx" + } + } renovate: datasource: github-releases package: docker/buildx diff --git a/tools/buildx/post_install.sh b/tools/buildx/post_install.sh deleted file mode 100644 index 69e0745f06..0000000000 --- a/tools/buildx/post_install.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -echo "Make buildx the default builder on login" -cat >"${target}/etc/profile.d/docker-buildx-install.sh" <"\${HOME}/.docker/config.json" -fi -cat <<< "\$(jq '. * {"aliases": {"builder": "buildx"}}' "\${HOME}/.docker/config.json")" >"\${HOME}/.docker/config.json" -EOF - -if docker version >/dev/null 2>&1; then - echo "Enable multi-platform builds" - "${target}/bin/docker" container run --privileged --rm tonistiigi/binfmt --install all -fi \ No newline at end of file diff --git a/tools/cascadia-code/manifest.yaml b/tools/cascadia-code/manifest.yaml index 608b85c6a1..edc816cb4a 100644 --- a/tools/cascadia-code/manifest.yaml +++ b/tools/cascadia-code/manifest.yaml @@ -10,6 +10,9 @@ tags: - font homepage: https://github.com/microsoft/cascadia-code description: Monospaced font that includes programming ligatures +messages: + update: | + Please run: fc-cache -f -v renovate: datasource: github-releases package: microsoft/cascadia-code diff --git a/tools/cascadia-code/post_install.sh b/tools/cascadia-code/post_install.sh deleted file mode 100644 index dd3b1a7e18..0000000000 --- a/tools/cascadia-code/post_install.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -o errexit - -if type fc-cache >/dev/null 2>&1; then - fc-cache -f -v -fi \ No newline at end of file diff --git a/tools/cni/Dockerfile.template b/tools/cni/Dockerfile.template index 815194f966..366fd5c7f6 100644 --- a/tools/cni/Dockerfile.template +++ b/tools/cni/Dockerfile.template @@ -12,8 +12,11 @@ check-github-release-asset "containernetworking/plugins" "v${version}" "cni-plug mkdir -p "${prefix}/libexec/cni" curl --silent --show-error --location --fail "https://github.com/containernetworking/plugins/releases/download/v${version}/cni-plugins-linux-${alt_arch}-v${version}.tgz" \ | tar --extract --gzip --directory="${prefix}/libexec/cni" --no-same-owner + curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/cni-dhcp.service" \ "https://github.com/containernetworking/plugins/raw/v${version}/plugins/ipam/dhcp/systemd/cni-dhcp.service" +sed -i -E 's|^ExecStart=/opt/cni/bin/dhcp|ExecStart={{ .Target }}/libexec/cni/dhcp|' "${prefix}/etc/systemd/system/cni-dhcp.service" + curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/cni-dhcp.socket" \ "https://github.com/containernetworking/plugins/raw/v${version}/plugins/ipam/dhcp/systemd/cni-dhcp.socket" EOF \ No newline at end of file diff --git a/tools/cni/post_install.sh b/tools/cni/post_install.sh deleted file mode 100644 index 81ed87d70f..0000000000 --- a/tools/cni/post_install.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -set -o errexit - -echo "Install systemd unit" -cat "${target}/etc/systemd/system/cni-dhcp.service" \ -| sed "s|ExecStart=/opt/cni/bin/dhcp|ExecStart=${target}/libexec/cni/dhcp|" \ ->"/etc/systemd/system/cni-dhcp.service" -cat "${target}/etc/systemd/system/cni-dhcp.socket" \ ->"/etc/systemd/system/cni-dhcp.socket" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/containerd/10-containerd-net.conflist b/tools/containerd/10-containerd-net.conflist index 5699fb9030..caead43b32 100644 --- a/tools/containerd/10-containerd-net.conflist +++ b/tools/containerd/10-containerd-net.conflist @@ -1,29 +1,29 @@ - { - "cniVersion": "1.0.0", - "name": "containerd-net", - "plugins": [ - { - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "promiscMode": true, - "ipam": { - "type": "host-local", - "ranges": [ - [{ - "subnet": "172.129.0.0/16" - }] - ], - "routes": [ - { "dst": "0.0.0.0/0" }, - { "dst": "::/0" } - ] - } - }, - { - "type": "portmap", - "capabilities": {"portMappings": true} - } - ] - } +{ + "cniVersion": "1.0.0", + "name": "containerd-net", + "plugins": [ + { + "type": "bridge", + "bridge": "cni0", + "isGateway": true, + "ipMasq": true, + "promiscMode": true, + "ipam": { + "type": "host-local", + "ranges": [ + [{ + "subnet": "172.129.0.0/16" + }] + ], + "routes": [ + { "dst": "0.0.0.0/0" }, + { "dst": "::/0" } + ] + } + }, + { + "type": "portmap", + "capabilities": {"portMappings": true} + } + ] +} diff --git a/tools/containerd/Dockerfile.template b/tools/containerd/Dockerfile.template index 6063921e41..0f370c6f29 100644 --- a/tools/containerd/Dockerfile.template +++ b/tools/containerd/Dockerfile.template @@ -13,14 +13,14 @@ ARG version COPY 10-containerd-net.conflist "/uniget_bootstrap/etc/cni/net.d/" COPY runtimes.toml "/uniget_bootstrap/etc/containerd/conf.d/runtimes.toml" COPY snapshotters.toml "/uniget_bootstrap/etc/containerd/conf.d/snapshotters.toml" -COPY init-containerd "/uniget_bootstrap/etc/init.d/containerd" RUN <"/etc/containerd/config.toml.template.go-template" EOF \ No newline at end of file diff --git a/tools/containerd/init-containerd b/tools/containerd/init-containerd deleted file mode 100755 index f33ac0d243..0000000000 --- a/tools/containerd/init-containerd +++ /dev/null @@ -1,150 +0,0 @@ -#!/bin/sh -set -e - -### BEGIN INIT INFO -# Provides: containerd -# Required-Start: $syslog $remote_fs -# Required-Stop: $syslog $remote_fs -# Should-Start: cgroupfs-mount cgroup-lite -# Should-Stop: cgroupfs-mount cgroup-lite -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Create lightweight, portable, self-sufficient containers. -# Description: -# Docker is an open-source project to easily create lightweight, portable, -# self-sufficient containers from any application. The same container that a -# developer builds and tests on a laptop can run at scale, in production, on -# VMs, bare metal, OpenStack clusters, public clouds and more. -### END INIT INFO - -export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin - -BASE=containerd - -# modify these in /etc/default/$BASE (/etc/default/containerd) -CONTAINERD=/usr/local/bin/containerd -# This is the pid file created/managed by start-stop-daemon -CONTAINERD_SSD_PIDFILE=/var/run/$BASE-ssd.pid -CONTAINERD_LOGFILE=/var/log/$BASE.log -CONTAINERD_DESC="containerd" - -# Get lsb functions -. /lib/lsb/init-functions - -if [ -f /etc/default/$BASE ]; then - . /etc/default/$BASE -fi - -# Check containerd is present -if [ ! -x $CONTAINERD ]; then - log_failure_msg "$CONTAINERD not present or not executable" - exit 1 -fi - -check_init() { - # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly) - if [ -x /sbin/initctl ] && /sbin/initctl version 2> /dev/null | grep -q upstart; then - log_failure_msg "$CONTAINERD_DESC is managed via upstart, try using service $BASE $1" - exit 1 - fi -} - -fail_unless_root() { - if [ "$(id -u)" != '0' ]; then - log_failure_msg "$CONTAINERD_DESC must be run as root" - exit 1 - fi -} - -cgroupfs_mount() { - # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount - if grep -v '^#' /etc/fstab | grep -q cgroup \ - || [ ! -e /proc/cgroups ] \ - || [ ! -d /sys/fs/cgroup ]; then - return - fi - if ! mountpoint -q /sys/fs/cgroup; then - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup - fi - ( - cd /sys/fs/cgroup - for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do - mkdir -p $sys - if ! mountpoint -q $sys; then - if ! mount -n -t cgroup -o $sys cgroup $sys; then - rmdir $sys || true - fi - fi - done - ) -} - -case "$1" in - start) - check_init - - fail_unless_root - - #cgroupfs_mount - - touch "$CONTAINERD_LOGFILE" - - ulimit -n 1048576 - - # Having non-zero limits causes performance problems due to accounting overhead - # in the kernel. We recommend using cgroups to do container-local accounting. - if [ "$BASH" ]; then - ulimit -u unlimited - else - ulimit -p unlimited - fi - - log_begin_msg "Starting $CONTAINERD_DESC: $BASE" - start-stop-daemon --start --background \ - --no-close \ - --exec "$CONTAINERD" \ - --pidfile "$CONTAINERD_SSD_PIDFILE" \ - --make-pidfile \ - -- \ - >> "$CONTAINERD_LOGFILE" 2>&1 - log_end_msg $? - ;; - - stop) - check_init - fail_unless_root - if [ -f "$CONTAINERD_SSD_PIDFILE" ]; then - log_begin_msg "Stopping $CONTAINERD_DESC: $BASE" - start-stop-daemon --stop --pidfile "$CONTAINERD_SSD_PIDFILE" --retry 10 - log_end_msg $? - else - log_warning_msg "Docker already stopped - file $CONTAINERD_SSD_PIDFILE not found." - fi - ;; - - restart) - check_init - fail_unless_root - containerd_pid=$(cat "$CONTAINERD_SSD_PIDFILE" 2> /dev/null) - [ -n "$containerd_pid" ] \ - && ps -p $containerd_pid > /dev/null 2>&1 \ - && $0 stop - $0 start - ;; - - force-reload) - check_init - fail_unless_root - $0 restart - ;; - - status) - check_init - status_of_proc -p "$CONTAINERD_SSD_PIDFILE" "$CONTAINERD" "$CONTAINERD_DESC" - ;; - - *) - echo "Usage: service containerd {start|stop|restart|status}" - exit 1 - ;; -esac \ No newline at end of file diff --git a/tools/containerd/manifest.yaml b/tools/containerd/manifest.yaml index 9b6b9d0619..56a59a4fb5 100644 --- a/tools/containerd/manifest.yaml +++ b/tools/containerd/manifest.yaml @@ -22,6 +22,21 @@ tags: - lang/go homepage: https://github.com/containerd/containerd description: Open and reliable container runtime +messages: + internals: | + - For a minimal configuration, see /etc/containerd/config.toml.template. + This also includes the correct path for CNI plugins + - For adding a registry mirror, please refer to the official documentation + (https://github.com/containerd/containerd/blob/main/docs/hosts.md#setup-a-local-mirror-for-docker). + TL;DR: Add the following to /etc/containerd/certs.d/docker.io/hosts.toml + + server = "https://docker.io" + [host."https://my-mirror.company.com"] + capabilities = ["pull", "resolve"] + - When using crictl, please update the endpoint(s) in /etc/crictl.yaml: + + runtime-endpoint: unix:///run/containerd/containerd.sock + image-endpoint: unix:///run/containerd/containerd.sock renovate: datasource: github-releases package: containerd/containerd diff --git a/tools/containerd/post_install.sh b/tools/containerd/post_install.sh deleted file mode 100644 index 2ba82f508f..0000000000 --- a/tools/containerd/post_install.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -set -o errexit - -mkdir -p \ - /etc/containerd/conf.d \ - /etc/containerd/certs.d - -if ! test -f "/etc/containerd/config.toml"; then - echo "Adding default configuration" - "${target}/bin/containerd" config default \ - | sed "s|/opt/cni/bin|${target}/libexec/cni|" \ - | sed 's|imports = \[\]|imports = ["/etc/containerd/conf.d/*.toml"]|' \ - | sed 's|config_path = ""|config_path = "/etc/containerd/certs.d"|' \ - >"/etc/containerd/config.toml" -fi - -if test -f "/etc/crictl.yaml"; then - echo "Fixing configuration for cticrl" - ENDPOINT=unix:///run/containerd/containerd.sock - sed -i "s|#runtime-endpoint: YOUR-CHOICE|runtime-endpoint: ${ENDPOINT}|; s|#image-endpoint: YOUR-CHOICE|image-endpoint: ${ENDPOINT}|" "/etc/crictl.yaml" -fi - -if test -n "${docker_hub_mirror}"; then - echo "Adding registry mirror" - mkdir -p "/etc/containerd/certs.d/docker.io" - cat >"/etc/containerd/certs.d/docker.io/hosts.toml" <"/etc/init.d/containerd" - -echo "Install systemd unit" -cat "${target}/etc/systemd/system/containerd.service" \ -| sed "s|ExecStart=/usr/local/bin/containerd|ExecStart=${target}/bin/containerd|" \ ->"/etc/systemd/system/containerd.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/containers-common/Dockerfile.template b/tools/containers-common/Dockerfile.template index 028ab565a0..a6650f3afe 100644 --- a/tools/containers-common/Dockerfile.template +++ b/tools/containers-common/Dockerfile.template @@ -25,5 +25,5 @@ done EOF COPY policy.json /uniget_bootstrap/etc/containers/ COPY shortnames.conf /uniget_bootstrap/etc/containers/registries.conf.d/ -COPY containers.conf /uniget_bootstrap/usr/share/containers/ -COPY seccomp.json /uniget_bootstrap/usr/share/containers/ \ No newline at end of file +COPY containers.conf /uniget_bootstrap/share/containers/ +COPY seccomp.json /uniget_bootstrap/share/containers/ \ No newline at end of file diff --git a/tools/containers-common/manifest.yaml b/tools/containers-common/manifest.yaml index 80163a3cc5..cd43a92983 100644 --- a/tools/containers-common/manifest.yaml +++ b/tools/containers-common/manifest.yaml @@ -14,6 +14,13 @@ tags: - type/documentation homepage: https://github.com/containers/common description: Location for shared common files in github.com/containers repos +messages: + update: | + The following default configuration files must be copied to the final locations: + - {{ .Target }}/etc/containers/policy.json -> /etc/containers/ + - {{ .Target }}/etc/containers/registries.conf.d/shortnames.conf -> /etc/containers/registries.conf.d/ + - {{ .Target }}/share/containers/containers.conf -> /usr/share/containers/ + - {{ .Target }}/usr/share/containers/seccomp.json -> /usr/share/containers/ renovate: datasource: github-releases package: containers/common diff --git a/tools/containers-common/post_install.sh b/tools/containers-common/post_install.sh deleted file mode 100644 index 22b06297d9..0000000000 --- a/tools/containers-common/post_install.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -set -o errexit -o pipefail - -mkdir -p \ - "${target}/etc/containers/registries.conf.d" \ - "${target}/usr/share/containers" -cp "${target}/etc/containers/policy.json" /etc/containers/ -cp "${target}/etc/containers/registries.conf.d/shortnames.conf" /etc/containers/registries.conf.d/ -cp "${target}/usr/share/containers/containers.conf" /usr/share/containers/ -cp "${target}/usr/share/containers/seccomp.json" /usr/share/containers/ diff --git a/tools/containers-image/manifest.yaml b/tools/containers-image/manifest.yaml index c8d0e0e123..cdc1c8d0f2 100644 --- a/tools/containers-image/manifest.yaml +++ b/tools/containers-image/manifest.yaml @@ -15,6 +15,10 @@ tags: - type/documentation homepage: https://github.com/containers/image description: Work with containers' images +messages: + update: | + The following default configuration file(s) must be copied to the final locations: + - {{ .Target }}/etc/containers/registries.conf -> /etc/containers/ renovate: datasource: github-releases package: containers/image diff --git a/tools/containers-image/post_install.sh b/tools/containers-image/post_install.sh deleted file mode 100644 index edf200f9d5..0000000000 --- a/tools/containers-image/post_install.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -o errexit -o pipefail - -mkdir -p \ - "${target}/etc/containers" -cp "${target}/etc/containers/registries.conf" /etc/containers/ diff --git a/tools/containers-storage/Dockerfile.template b/tools/containers-storage/Dockerfile.template index c1b139609d..d697e66ba0 100644 --- a/tools/containers-storage/Dockerfile.template +++ b/tools/containers-storage/Dockerfile.template @@ -91,4 +91,4 @@ for file in \ go-md2man -in "docs/${file}.md" -out "${prefix}/share/man/man5/${file}" done EOF -COPY storage.conf /uniget_bootstrap/usr/share/containers/ \ No newline at end of file +COPY storage.conf /uniget_bootstrap/share/containers/ \ No newline at end of file diff --git a/tools/containers-storage/manifest.yaml b/tools/containers-storage/manifest.yaml index cebd36965b..15d226f751 100644 --- a/tools/containers-storage/manifest.yaml +++ b/tools/containers-storage/manifest.yaml @@ -17,6 +17,10 @@ tags: - type/documentation homepage: https://github.com/containers/storage description: Container Storage Library +messages: + update: | + The following default configuration file(s) must be copied to the final locations: + - {{ .Target }}/share/containers/storage.conf -> /usr/share/containers/ renovate: datasource: github-releases package: containers/storage diff --git a/tools/containers-storage/post_install.sh b/tools/containers-storage/post_install.sh deleted file mode 100644 index d5bce19daf..0000000000 --- a/tools/containers-storage/post_install.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -o errexit -o pipefail - -mkdir -p "${target}/usr/share/containers" -cp "${target}/usr/share/containers/storage.conf" /usr/share/containers/ diff --git a/tools/cri-dockerd/Dockerfile.template b/tools/cri-dockerd/Dockerfile.template index ba80520f69..901e81978d 100644 --- a/tools/cri-dockerd/Dockerfile.template +++ b/tools/cri-dockerd/Dockerfile.template @@ -13,8 +13,10 @@ curl --silent --show-error --location --fail "https://github.com/Mirantis/cri-do | tar --extract --gzip --directory="${prefix}/bin" --strip-components=1 --no-same-owner \ cri-dockerd -curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/cri-docker.service" \ +curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/cri-docker.service.go-template" \ "https://github.com/Mirantis/cri-dockerd/raw/v${version}/packaging/systemd/cri-docker.service" +sed -i -E 's|^ExecStart=/usr/bin/cri-dockerd|ExecStart={{ .Target }}/bin/cri-dockerd|' "${prefix}/etc/systemd/system/cri-docker.service.go-template" + curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/cri-docker.socket" \ "https://github.com/Mirantis/cri-dockerd/raw/v${version}/packaging/systemd/cri-docker.socket" EOF \ No newline at end of file diff --git a/tools/cri-dockerd/manifest.yaml b/tools/cri-dockerd/manifest.yaml index 76ddff1f06..2bc0345a35 100644 --- a/tools/cri-dockerd/manifest.yaml +++ b/tools/cri-dockerd/manifest.yaml @@ -17,6 +17,12 @@ tags: - docker homepage: https://github.com/Mirantis/cri-dockerd description: Shim for Docker Engine that lets you control Docker via the Kubernetes Container Runtime Interface +messages: + internals: | + When using crictl, please update the endpoint(s) in /etc/crictl.yaml: + + runtime-endpoint: unix:///var/run/cri-dockerd.sock + image-endpoint: unix:///var/run/cri-dockerd.sock renovate: datasource: github-releases package: Mirantis/cri-dockerd diff --git a/tools/cri-dockerd/post_install.sh b/tools/cri-dockerd/post_install.sh deleted file mode 100644 index 97488d5dc0..0000000000 --- a/tools/cri-dockerd/post_install.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -set -o errexit - -if test -f "/etc/crictl.yaml"; then - echo "Fixing configuration for cticrl" - ENDPOINT=unix:///var/run/cri-dockerd.sock - cat "${target}/etc/crictl.yaml" \ - | sed "s|#runtime-endpoint: YOUR-CHOICE|runtime-endpoint: ${ENDPOINT}|; s|#image-endpoint: YOUR-CHOICE|image-endpoint: ${ENDPOINT}|" \ - >"/etc/crictl.yaml" -fi - -echo "Install systemd unit" -cat "${target}/etc/systemd/system/cri-docker.service" \ -| sed "s|ExecStart=/usr/bin/cri-dockerd|ExecStart=${target}/bin/cri-dockerd|" \ ->"/etc/systemd/system/cri-docker.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/cri-o/Dockerfile.template b/tools/cri-o/Dockerfile.template index 48b39c16f5..5ee054bd77 100644 --- a/tools/cri-o/Dockerfile.template +++ b/tools/cri-o/Dockerfile.template @@ -47,10 +47,14 @@ EOF RUN <"/etc/systemd/system/crio.service" -cat "${target}/etc/systemd/system/crio-wipe.service" \ -| sed "s|ExecStart=/usr/local/bin/crio|ExecStart=${target}/bin/crio|" \ ->"/etc/systemd/system/crio-wipe.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi diff --git a/tools/crictl/manifest.yaml b/tools/crictl/manifest.yaml index ee2468870d..728a1cd473 100644 --- a/tools/crictl/manifest.yaml +++ b/tools/crictl/manifest.yaml @@ -15,6 +15,9 @@ tags: - lang/go homepage: https://github.com/kubernetes-sigs/cri-tools description: CLI and validation tools for Kubelet Container Runtime Interface +messages: + update: | + See /etc/crictl.yaml for configuring your favorite endpoint. renovate: datasource: github-releases package: kubernetes-sigs/cri-tools diff --git a/tools/crun/manifest.yaml b/tools/crun/manifest.yaml index e1535a17cc..8499999228 100644 --- a/tools/crun/manifest.yaml +++ b/tools/crun/manifest.yaml @@ -10,6 +10,18 @@ tags: - lang/c homepage: https://github.com/containers/crun description: Fast and lightweight fully featured OCI runtime +messages: + update: | + Add crun to Docker runtimes by merging the following into + /etc/docker/daemon.json: + + { + "runtimes": { + "crun": { + "path": "TARGET/bin/crun" + } + } + } renovate: datasource: github-releases package: containers/crun diff --git a/tools/crun/post_install.sh b/tools/crun/post_install.sh deleted file mode 100644 index 359ffe1f98..0000000000 --- a/tools/crun/post_install.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -set -o errexit - -if ! test -f "/etc/docker/daemon.json" || ! test "$(jq --raw-output '.runtimes | keys | any(. == "crun")' "/etc/docker/daemon.json")" == "true"; then - echo "Add runtime to Docker" - cat <<< "$( - jq --arg target "${target}" '. * {"runtimes":{"crun":{"path":"\($target)/bin/crun"}}}' /etc/docker/daemon.json - )" >/etc/docker/daemon.json -fi diff --git a/tools/ct_server/Dockerfile.template b/tools/ct_server/Dockerfile.template index 7225312446..ff49dad6ac 100644 --- a/tools/ct_server/Dockerfile.template +++ b/tools/ct_server/Dockerfile.template @@ -10,7 +10,7 @@ SHELL [ "bash", "-clo", "errexit" ] COPY --link --from=go / /usr/local/ ARG name ARG version -COPY ct_server.service /uniget_bootstrap/etc/systemd/system/ct_server.service +COPY ct_server.service.go-template /uniget_bootstrap/etc/systemd/system/ WORKDIR /go/src/github.com/google/certificate-transparency-go RUN <"/etc/systemd/system/ct_server.service" - -if systemctl >/dev/null 2>&1; then - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/docker-preview/Dockerfile.template b/tools/docker-preview/Dockerfile.template index 2dfb9cb995..e121f45cdb 100644 --- a/tools/docker-preview/Dockerfile.template +++ b/tools/docker-preview/Dockerfile.template @@ -22,48 +22,31 @@ exec /libexec/${name}/bin/docker "\$@" EOF RUN <>"${prefix}${uniget_contrib}/${name}/sysvinit/debian/docker.default" - -curl --silent --show-error --location --fail --output "${prefix}${uniget_contrib}/${name}/sysvinit/debian/docker" --create-dirs \ - "https://github.com/moby/moby/raw/v${version}/contrib/init/sysvinit-debian/docker" -sed -i -E "s|^(export PATH=)|\1/libexec/${name}/bin:|" "${prefix}${uniget_contrib}/${name}/sysvinit/debian/docker" -sed -i -E "s|^DOCKERD=/usr/bin/dockerd|DOCKERD=/libexec/${name}/bin/dockerd|" "${prefix}${uniget_contrib}/${name}/sysvinit/debian/docker" -sed -i -E "s|^BASE=docker|BASE=${name}|" "${prefix}${uniget_contrib}/${name}/sysvinit/debian/docker" -chmod +x "${prefix}${uniget_contrib}/${name}/sysvinit/debian/docker" - -curl --silent --show-error --location --fail --output "${prefix}${uniget_contrib}/${name}/sysvinit/redhat/docker.sysconfig" --create-dirs \ - "https://github.com/moby/moby/raw/v${version}/contrib/init/sysvinit-redhat/docker.sysconfig" - -curl --silent --show-error --location --fail --output "${prefix}${uniget_contrib}/${name}/sysvinit/redhat/docker" --create-dirs \ - "https://github.com/moby/moby/raw/v${version}/contrib/init/sysvinit-redhat/docker" -sed -i -E "s|(^prog=)|export PATH="/libexec/${name}/bin:/sbin:/bin:\${PATH}"\n\n\1|" "${prefix}${uniget_contrib}/${name}/sysvinit/redhat/docker" -sed -i -E "s|/usr/bin/dockerd|/libexec/${name}/bin/dockerd|" "${prefix}${uniget_contrib}/${name}/sysvinit/redhat/docker" -chmod +x "${prefix}${uniget_contrib}/${name}/sysvinit/redhat/docker" - -curl --silent --show-error --location --fail --output "${prefix}${uniget_contrib}/${name}/openrc/docker.confd" --create-dirs \ - "https://github.com/moby/moby/raw/v${version}/contrib/init/openrc/docker.confd" -sed -i "s|/usr/bin/dockerd|/libexec/${name}/bin/dockerd|" "${prefix}${uniget_contrib}/${name}/openrc/docker.confd" - -curl --silent --show-error --location --fail --output "${prefix}${uniget_contrib}/${name}/openrc/docker.initd" --create-dirs \ - "https://github.com/moby/moby/raw/v${version}/contrib/init/openrc/docker.initd" -sed -i -E "s|^(command=)|export PATH="/libexec/${name}/bin:\${PATH}"\n\n\1|" "${prefix}${uniget_contrib}/${name}/openrc/docker.initd" -sed -i "s|/usr/bin/dockerd|/libexec/${name}/bin/dockerd|" "${prefix}${uniget_contrib}/${name}/openrc/docker.initd" +COPY <"/etc/systemd/system/docker.service" - - echo "Patch paths in init scripts (@ ${SECONDS} seconds)" - sed -i -E "s|^DOCKERD=/usr/local/bin/dockerd|DOCKERD=${target}/bin/dockerd|" "${uniget_contrib}/${name}/sysvinit/debian/docker" - sed -i -E "s|/usr/local/bin/dockerd|${target}/bin/dockerd|" "${uniget_contrib}/${name}/sysvinit/redhat/docker" - sed -i "s|/usr/local/bin/dockerd|${target}/bin/dockerd|" "${uniget_contrib}/${name}/openrc/docker.initd" - sed -i "s|/usr/local/bin/dockerd|${target}/bin/dockerd|" "${uniget_contrib}/${name}/openrc/docker.confd" -fi - if test -f "/etc/group"; then echo "Create group (@ ${SECONDS} seconds)" - groupadd --prefix "" --system --force docker -fi - -echo "Configure daemon (@ ${SECONDS} seconds)" -mkdir -p "/etc/docker" -if ! test -f "/etc/${name}/daemon.json"; then - echo "Initialize dockerd configuration" - echo "{}" >"/etc/${name}/daemon.json" + groupadd --prefix "" --system --force "${name}" fi if test -f "/etc/fstab"; then @@ -117,71 +36,3 @@ if ! test "$(jq '."exec-opts" // [] | any(. | startswith("native.cgroupdriver=") cat <<< "$(jq '."exec-opts" += ["native.cgroupdriver=cgroupfs"]' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" fi fi -if ! test "$(jq '. | keys | any(. == "default-runtime")' "/etc/${name}/daemon.json")" == true; then - echo "Set default runtime" - # shellcheck disable=SC2094 - cat <<< "$(jq '. * {"default-runtime": "runc"}' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -# shellcheck disable=SC2016 -if test -n "${docker_address_base}" && test -n "${docker_address_size}" && ! test "$(jq --arg base "${docker_address_base}" --arg size "${docker_address_size}" '."default-address-pool" | any(.base == $base and .size == $size)' "/etc/${name}/daemon.json")" == "true"; then - echo "Add address pool with base ${docker_address_base} and size ${docker_address_size}" - # shellcheck disable=SC2094 - cat <<< "$(jq --args base "${docker_address_base}" --arg size "${docker_address_size}" '."default-address-pool" += {"base": $base, "size": $size}' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -# shellcheck disable=SC2016 -if test -n "${docker_hub_mirror}" && ! test "$(jq --arg mirror "${docker_hub_mirror}" '."registry-mirrors" // [] | any(. == $mirror)' "/etc/${name}/daemon.json")" == "true"; then - echo "Add registry mirror ${docker_hub_mirror}" - # shellcheck disable=SC2094 - # shellcheck disable=SC2016 - cat <<< "$(jq --args mirror "${docker_hub_mirror}" '."registry-mirrors" += ["\($mirror)"]' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -if ! test "$(jq --raw-output '.features.buildkit // false' "/etc/${name}/daemon.json")" == true; then - echo "Enable BuildKit" - # shellcheck disable=SC2094 - cat <<< "$(jq '. * {"features":{"buildkit":true}}' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -if ! test "$(jq --raw-output '.features."containerd-snapshotter" // false' "/etc/${name}/daemon.json")" == true; then - echo "Enable ContainerD snapshotter" - # shellcheck disable=SC2094 - cat <<< "$(jq '. * {"features":{"containerd-snapshotter":true}}' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -echo "Check if daemon.json is valid JSON (@ ${SECONDS} seconds)" -if ! jq --exit-status '.' "/etc/${name}/daemon.json" >/dev/null 2>&1; then - echo "ERROR: /etc/${name}/daemon.json is not valid JSON." - exit 1 -fi - -if is_debian || is_clearlinux; then - echo "Install init script for debian" - mkdir -p "/etc/default" "/etc/init.d" - cp "${uniget_contrib}/${name}/sysvinit/debian/docker.default" "/etc/default/docker" - cp "${uniget_contrib}/${name}/sysvinit/debian/docker" "/etc/init.d/docker" - -elif is_redhat; then - echo "Install init script for redhat" - mkdir -p "/etc/sysconfig" "/etc/init.d" - cp "${uniget_contrib}/${name}/sysvinit/redhat/docker.sysconfig" "/etc/sysconfig/docker" - cp "${uniget_contrib}/${name}/sysvinit/redhat/docker" "/etc/init.d/docker" - -elif is_alpine; then - echo "Install openrc script for alpine" - mkdir -p "/etc/conf.d" "/etc/init.d" - cp "${uniget_contrib}/${name}/openrc/docker.confd" "/etc/conf.d/docker" - cp "${uniget_contrib}/${name}/openrc/docker.initd" "/etc/init.d/docker" - openrc -else - echo "Unable to install init script because the distributon is unknown." -fi - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd (@ ${SECONDS} seconds)" - systemctl daemon-reload - - if test "${name}" == "docker" && ! systemctl is-active --quiet docker; then - echo "Start dockerd (@ ${SECONDS} seconds)" - systemctl enable docker - systemctl start docker - fi -fi - -echo "Finished after ${SECONDS} seconds." \ No newline at end of file diff --git a/tools/docker-rootless/Dockerfile.template b/tools/docker-rootless/Dockerfile.template index a4ca08aa89..cefd30539f 100644 --- a/tools/docker-rootless/Dockerfile.template +++ b/tools/docker-rootless/Dockerfile.template @@ -7,6 +7,6 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version -COPY docker.service /uniget_bootstrap/etc/systemd/user/ +COPY docker.service.go-template /uniget_bootstrap/etc/systemd/user/ COPY delegate.conf /uniget_bootstrap/var/lib/uniget/contrib/docker-rootless/ COPY --chmod=0755 enable-docker-rootless.sh /uniget_bootstrap/bin/ \ No newline at end of file diff --git a/tools/docker-rootless/docker.service b/tools/docker-rootless/docker.service.go-template similarity index 64% rename from tools/docker-rootless/docker.service rename to tools/docker-rootless/docker.service.go-template index dcd662eebd..81eb4e3624 100644 --- a/tools/docker-rootless/docker.service +++ b/tools/docker-rootless/docker.service.go-template @@ -3,9 +3,8 @@ Description=Docker Application Container Engine (Rootless) Documentation=https://docs.docker.com/go/rootless/ [Service] -Environment=PATH=${HOME}/.local/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin -Environment=XDG_RUNTIME_DIR=${HOME}/.cache/dockerd-rootless -ExecStart=dockerd-rootless.sh +Environment=XDG_RUNTIME_DIR=%h/.cache/dockerd-rootless +ExecStart={{ .Target }}/bin/dockerd-rootless.sh ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 diff --git a/tools/docker/Dockerfile.template b/tools/docker/Dockerfile.template index 766453dcc1..ea70136b2c 100644 --- a/tools/docker/Dockerfile.template +++ b/tools/docker/Dockerfile.template @@ -36,39 +36,20 @@ EOF RUN <"/etc/systemd/system/docker.service" - - echo "Patch paths in init scripts (@ ${SECONDS} seconds)" - sed -i -E "s|^DOCKERD=/usr/local/bin/dockerd|DOCKERD=${target}/bin/dockerd|" "${uniget_contrib}/${name}/sysvinit/debian/docker" - sed -i -E "s|/usr/local/bin/dockerd|${target}/bin/dockerd|" "${uniget_contrib}/${name}/sysvinit/redhat/docker" - sed -i "s|/usr/local/bin/dockerd|${target}/bin/dockerd|" "${uniget_contrib}/${name}/openrc/docker.initd" - sed -i "s|/usr/local/bin/dockerd|${target}/bin/dockerd|" "${uniget_contrib}/${name}/openrc/docker.confd" -fi - if test -f "/etc/group"; then echo "Create group (@ ${SECONDS} seconds)" - groupadd --prefix "" --system --force docker -fi - -echo "Configure daemon (@ ${SECONDS} seconds)" -mkdir -p "/etc/docker" -if ! test -f "/etc/${name}/daemon.json"; then - echo "Initialize dockerd configuration" - echo "{}" >"/etc/${name}/daemon.json" + groupadd --prefix "" --system --force "${name}" fi if test -f "/etc/fstab"; then @@ -117,71 +36,3 @@ if ! test "$(jq '."exec-opts" // [] | any(. | startswith("native.cgroupdriver=") cat <<< "$(jq '."exec-opts" += ["native.cgroupdriver=cgroupfs"]' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" fi fi -if ! test "$(jq '. | keys | any(. == "default-runtime")' "/etc/${name}/daemon.json")" == true; then - echo "Set default runtime" - # shellcheck disable=SC2094 - cat <<< "$(jq '. * {"default-runtime": "runc"}' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -# shellcheck disable=SC2016 -if test -n "${docker_address_base}" && test -n "${docker_address_size}" && ! test "$(jq --arg base "${docker_address_base}" --arg size "${docker_address_size}" '."default-address-pool" | any(.base == $base and .size == $size)' "/etc/${name}/daemon.json")" == "true"; then - echo "Add address pool with base ${docker_address_base} and size ${docker_address_size}" - # shellcheck disable=SC2094 - cat <<< "$(jq --args base "${docker_address_base}" --arg size "${docker_address_size}" '."default-address-pool" += {"base": $base, "size": $size}' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -# shellcheck disable=SC2016 -if test -n "${docker_hub_mirror}" && ! test "$(jq --arg mirror "${docker_hub_mirror}" '."registry-mirrors" // [] | any(. == $mirror)' "/etc/${name}/daemon.json")" == "true"; then - echo "Add registry mirror ${docker_hub_mirror}" - # shellcheck disable=SC2094 - # shellcheck disable=SC2016 - cat <<< "$(jq --args mirror "${docker_hub_mirror}" '."registry-mirrors" += ["\($mirror)"]' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -if ! test "$(jq --raw-output '.features.buildkit // false' "/etc/${name}/daemon.json")" == true; then - echo "Enable BuildKit" - # shellcheck disable=SC2094 - cat <<< "$(jq '. * {"features":{"buildkit":true}}' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -if ! test "$(jq --raw-output '.features."containerd-snapshotter" // false' "/etc/${name}/daemon.json")" == true; then - echo "Enable ContainerD snapshotter" - # shellcheck disable=SC2094 - cat <<< "$(jq '. * {"features":{"containerd-snapshotter":true}}' "/etc/${name}/daemon.json")" >"/etc/${name}/daemon.json" -fi -echo "Check if daemon.json is valid JSON (@ ${SECONDS} seconds)" -if ! jq --exit-status '.' "/etc/${name}/daemon.json" >/dev/null 2>&1; then - echo "ERROR: /etc/${name}/daemon.json is not valid JSON." - exit 1 -fi - -if is_debian || is_clearlinux; then - echo "Install init script for debian" - mkdir -p "/etc/default" "/etc/init.d" - cp "${uniget_contrib}/${name}/sysvinit/debian/docker.default" "/etc/default/docker" - cp "${uniget_contrib}/${name}/sysvinit/debian/docker" "/etc/init.d/docker" - -elif is_redhat; then - echo "Install init script for redhat" - mkdir -p "/etc/sysconfig" "/etc/init.d" - cp "${uniget_contrib}/${name}/sysvinit/redhat/docker.sysconfig" "/etc/sysconfig/docker" - cp "${uniget_contrib}/${name}/sysvinit/redhat/docker" "/etc/init.d/docker" - -elif is_alpine; then - echo "Install openrc script for alpine" - mkdir -p "/etc/conf.d" "/etc/init.d" - cp "${uniget_contrib}/${name}/openrc/docker.confd" "/etc/conf.d/docker" - cp "${uniget_contrib}/${name}/openrc/docker.initd" "/etc/init.d/docker" - openrc -else - echo "Unable to install init script because the distributon is unknown." -fi - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd (@ ${SECONDS} seconds)" - systemctl daemon-reload - - if test "${name}" == "docker" && ! systemctl is-active --quiet docker; then - echo "Start dockerd (@ ${SECONDS} seconds)" - systemctl enable docker - systemctl start docker - fi -fi - -echo "Finished after ${SECONDS} seconds." \ No newline at end of file diff --git a/tools/faasd/Dockerfile.template b/tools/faasd/Dockerfile.template index 742659de8a..3714f7f1f4 100644 --- a/tools/faasd/Dockerfile.template +++ b/tools/faasd/Dockerfile.template @@ -15,8 +15,11 @@ curl --silent --show-error --location --fail --output "${prefix}/bin/faasd" \ "https://github.com/openfaas/faasd/releases/download/${version}/faasd" chmod +x "${prefix}/bin/faasd" -curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/faasd.service" \ +curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/faasd.service.go-template" \ "https://github.com/openfaas/faasd/raw/${version}/hack/faasd.service" -curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/faasd-provider.service" \ +sed -i -E 's|^ExecStart=/usr/local/bin/faasd|ExecStart={{ .Target }}/bin/faasd|' "${prefix}/etc/systemd/system/faasd.service.go-template" + +curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/faasd-provider.service.go-template" \ "https://github.com/openfaas/faasd/raw/${version}/hack/faasd-provider.service" +sed -i -E 's|^ExecStart=/usr/local/bin/faasd|ExecStart={{ .Target }}/bin/faasd|' "${prefix}/etc/systemd/system/faasd-provider.service.go-template" EOF \ No newline at end of file diff --git a/tools/faasd/post_install.sh b/tools/faasd/post_install.sh deleted file mode 100644 index 619d54c472..0000000000 --- a/tools/faasd/post_install.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -o errexit - -echo "Patch systemd units" -cat "${target}/etc/systemd/system/faasd.service" \ -| sed "s|ExecStart=/usr/local/bin/faasd|ExecStart=${target}/bin/faasd|" \ ->"/etc/systemd/system/faasd.service" -cat "${target}/etc/systemd/system/faasd-provider.service" \ -| sed "s|ExecStart=/usr/local/bin/faasd|ExecStart=${target}/bin/faasd|" \ ->"/etc/systemd/system/faasd-provider.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/fuse-overlayfs-snapshotter/Dockerfile.template b/tools/fuse-overlayfs-snapshotter/Dockerfile.template index 57f08bc35c..5d474544b9 100644 --- a/tools/fuse-overlayfs-snapshotter/Dockerfile.template +++ b/tools/fuse-overlayfs-snapshotter/Dockerfile.template @@ -7,7 +7,7 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version -COPY fuse-overlayfs-snapshotter.service /uniget_bootstrap/etc/systemd/system/ +COPY fuse-overlayfs-snapshotter.service.go-template /uniget_bootstrap/etc/systemd/system/ RUN <"/etc/systemd/system/fuse-overlayfs-snapshotter.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/geist-font/manifest.yaml b/tools/geist-font/manifest.yaml index bf2f0ed1d7..75fcc30d1d 100644 --- a/tools/geist-font/manifest.yaml +++ b/tools/geist-font/manifest.yaml @@ -14,6 +14,9 @@ tags: - font homepage: https://github.com/vercel/geist-font description: Typeface specifically designed for developers and designers +messages: + update: | + Please run: fc-cache -f -v renovate: datasource: github-releases package: vercel/geist-font diff --git a/tools/geist-font/post_install.sh b/tools/geist-font/post_install.sh deleted file mode 100644 index dd3b1a7e18..0000000000 --- a/tools/geist-font/post_install.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -o errexit - -if type fc-cache >/dev/null 2>&1; then - fc-cache -f -v -fi \ No newline at end of file diff --git a/tools/gitlab-runner/Dockerfile.template b/tools/gitlab-runner/Dockerfile.template index 9c73e3fec9..50bd982857 100644 --- a/tools/gitlab-runner/Dockerfile.template +++ b/tools/gitlab-runner/Dockerfile.template @@ -7,7 +7,7 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version -COPY gitlab-runner.service /uniget_bootstrap/etc/systemd/system/ +COPY gitlab-runner.service.go-template /uniget_bootstrap/etc/systemd/system/ COPY config.toml /uniget_bootstrap/etc/gitlab-runner/ RUN <"/etc/systemd/system/gitlab-runner.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/gitsign/manifest.yaml b/tools/gitsign/manifest.yaml index a02a166fe5..ff44520722 100644 --- a/tools/gitsign/manifest.yaml +++ b/tools/gitsign/manifest.yaml @@ -21,8 +21,8 @@ homepage: https://github.com/sigstore/gitsign description: Keyless Git signing using Sigstore messages: internals: | - - Copy gitsign-credential-cache.sh from TARGET/etc/profile.d to /etc/profile.d/ or ~/.local/etc/profile.d/ - - Copy gitsign.service from TARGET/etc/systemd/user/ to /etc/systemd/user/ or ~/.config/systemd/user/ + - Copy gitsign-credential-cache.sh from {{ .Target }}/etc/profile.d to /etc/profile.d/ or ~/.local/etc/profile.d/ + - Copy gitsign.service from {{ .Target }}/etc/systemd/user/ to /etc/systemd/user/ or ~/.config/systemd/user/ - Enable and start the systemd unit renovate: datasource: github-releases diff --git a/tools/gvisor/manifest.yaml b/tools/gvisor/manifest.yaml index 898d3e16e1..81c4dcc95c 100644 --- a/tools/gvisor/manifest.yaml +++ b/tools/gvisor/manifest.yaml @@ -18,6 +18,18 @@ tags: - docker homepage: https://github.com/google/gvisor description: Application Kernel for Containers +messages: + update: | + Add crun to Docker runtimes by merging the following into + /etc/docker/daemon.json: + + { + "runtimes": { + "runsc": { + "path": "{{ .Target }}/bin/runsc" + } + } + } renovate: datasource: github-tags package: google/gvisor diff --git a/tools/gvisor/post_install.sh b/tools/gvisor/post_install.sh deleted file mode 100644 index 39478a2814..0000000000 --- a/tools/gvisor/post_install.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -set -o errexit - -if ! test -f "/etc/docker/daemon.json" || ! test "$(jq --raw-output '.runtimes | keys | any(. == "runsc")' "/etc/docker/daemon.json")" == "true"; then - echo "Add runtime to Docker" - cat <<< "$( - jq --arg target "${target}" '. * {"runtimes":{"runsc":{"path":"\($target)/bin/runsc"}}}' /etc/docker/daemon.json - )" >/etc/docker/daemon.json -fi diff --git a/tools/jetbrainsmono/manifest.yaml b/tools/jetbrainsmono/manifest.yaml index ebb81d0d7a..14a5f1765f 100644 --- a/tools/jetbrainsmono/manifest.yaml +++ b/tools/jetbrainsmono/manifest.yaml @@ -14,6 +14,9 @@ tags: - state/stale homepage: https://github.com/JetBrains/JetBrainsMono description: Free and open-source typeface for developers +messages: + update: | + Please run: fc-cache -f -v renovate: datasource: github-releases package: JetBrains/JetBrainsMono diff --git a/tools/jetbrainsmono/post_install.sh b/tools/jetbrainsmono/post_install.sh deleted file mode 100644 index dd3b1a7e18..0000000000 --- a/tools/jetbrainsmono/post_install.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -o errexit - -if type fc-cache >/dev/null 2>&1; then - fc-cache -f -v -fi \ No newline at end of file diff --git a/tools/k3s/Dockerfile.template b/tools/k3s/Dockerfile.template index d478c0e92e..9a1a4bf9bb 100644 --- a/tools/k3s/Dockerfile.template +++ b/tools/k3s/Dockerfile.template @@ -7,7 +7,7 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version -COPY k3s.service /uniget_bootstrap/etc/systemd/system/ +COPY k3s.service.go-template /uniget_bootstrap/etc/systemd/system/ RUN <"/etc/systemd/system/k3s.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/krew/Dockerfile.template b/tools/krew/Dockerfile.template index b861132da8..94e5c3f0c7 100644 --- a/tools/krew/Dockerfile.template +++ b/tools/krew/Dockerfile.template @@ -7,6 +7,9 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version +COPY <<"EOF" /uniget_bootstrap/etc/profile.d/krew.sh +export PATH="${HOME}/.krew/bin:${PATH}" +EOF RUN <"${target}/etc/profile.d/krew.sh" <<"EOF" -export PATH="${HOME}/.krew/bin:${PATH}" -EOF \ No newline at end of file diff --git a/tools/kubeadm/Dockerfile.template b/tools/kubeadm/Dockerfile.template index 8d5661652b..05360d7d66 100644 --- a/tools/kubeadm/Dockerfile.template +++ b/tools/kubeadm/Dockerfile.template @@ -10,7 +10,7 @@ SHELL [ "bash", "-clo", "errexit" ] COPY --from=cosign / /usr/local/ ARG name ARG version -COPY kubelet.service /uniget_bootstrap/etc/systemd/system/ +COPY kubelet.service.go-template /uniget_bootstrap/etc/systemd/system/ RUN <"/etc/systemd/system/kubelet.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/kubelet/Dockerfile.template b/tools/kubelet/Dockerfile.template index b30e9257bb..8d4f08e0f9 100644 --- a/tools/kubelet/Dockerfile.template +++ b/tools/kubelet/Dockerfile.template @@ -10,7 +10,7 @@ SHELL [ "bash", "-clo", "errexit" ] COPY --from=cosign / /usr/local/ ARG name ARG version -COPY kubelet.service /uniget_bootstrap/etc/systemd/system/ +COPY kubelet.service.go-template /uniget_bootstrap/etc/systemd/system/ RUN <"/etc/systemd/system/kubelet.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/kubo/Dockerfile.template b/tools/kubo/Dockerfile.template index aaf8fd4550..80824d7c08 100644 --- a/tools/kubo/Dockerfile.template +++ b/tools/kubo/Dockerfile.template @@ -7,9 +7,7 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version - -COPY ipfs.service /uniget_bootstrap/etc/systemd/system/ - +COPY ipfs.service.go-template /uniget_bootstrap/etc/systemd/system/ RUN <"${prefix}/share/bash-completion/completions/ipfs" EOF - RUN <"/etc/systemd/system/ipfs.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi - diff --git a/tools/libcgroup/Dockerfile.template b/tools/libcgroup/Dockerfile.template index 61644749e2..ad1736463e 100644 --- a/tools/libcgroup/Dockerfile.template +++ b/tools/libcgroup/Dockerfile.template @@ -19,8 +19,8 @@ COPY --link --from=make / /usr/local/ RUN </etc/systemd/system/micro.service - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/mink/manifest.yaml b/tools/mink/manifest.yaml index b50029f555..b8f2716299 100644 --- a/tools/mink/manifest.yaml +++ b/tools/mink/manifest.yaml @@ -13,6 +13,12 @@ tags: - k8s homepage: https://github.com/mattmoor/mink description: Minimal distribution of Knative and Tekton, and CLI +messages: + update: | + You can make mink available as the knative plugin by running: + + mkdir -p $HOME/.config/kn/plugins + ln -s {{ .Target }}/bin/mink $HOME/.config/kn/plugins/kn-im renovate: datasource: github-releases package: mattmoor/mink diff --git a/tools/mink/post_install.sh b/tools/mink/post_install.sh deleted file mode 100644 index 41854c359d..0000000000 --- a/tools/mink/post_install.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -o errexit - -mkdir -p "${HOME}/.config/kn/plugins" -cd "${HOME}/.config/kn/plugins" -ln -s "${target}/bin/mink" kn-im diff --git a/tools/monaspace/manifest.yaml b/tools/monaspace/manifest.yaml index a18c4075c2..72db4c8fac 100644 --- a/tools/monaspace/manifest.yaml +++ b/tools/monaspace/manifest.yaml @@ -14,6 +14,9 @@ tags: - font homepage: https://github.com/githubnext/monaspace description: Innovative superfamily of fonts for code +messages: + update: | + Please run: fc-cache -f -v renovate: datasource: github-releases package: githubnext/monaspace diff --git a/tools/monaspace/post_install.sh b/tools/monaspace/post_install.sh deleted file mode 100644 index dd3b1a7e18..0000000000 --- a/tools/monaspace/post_install.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -o errexit - -if type fc-cache >/dev/null 2>&1; then - fc-cache -f -v -fi \ No newline at end of file diff --git a/tools/musl/Dockerfile.template b/tools/musl/Dockerfile.template index 2dd3732c7d..ccd87ddcb1 100644 --- a/tools/musl/Dockerfile.template +++ b/tools/musl/Dockerfile.template @@ -12,6 +12,12 @@ WORKDIR /tmp/musl ARG name ARG version RUN < "/etc/ld.so.conf.d/musl.conf" -${target}/lib -EOF -ldconfig \ No newline at end of file diff --git a/tools/nerd-fonts/manifest.yaml b/tools/nerd-fonts/manifest.yaml index c68d7c4462..b24bfae6f5 100644 --- a/tools/nerd-fonts/manifest.yaml +++ b/tools/nerd-fonts/manifest.yaml @@ -9,6 +9,9 @@ tags: - fonts homepage: https://github.com/ryanoasis/nerd-fonts description: Iconic font aggregator, collection, and patcher +messages: + update: | + Please run: fc-cache -f -v renovate: datasource: github-releases package: ryanoasis/nerd-fonts diff --git a/tools/nerd-fonts/post_install.sh b/tools/nerd-fonts/post_install.sh deleted file mode 100644 index dd3b1a7e18..0000000000 --- a/tools/nerd-fonts/post_install.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -o errexit - -if type fc-cache >/dev/null 2>&1; then - fc-cache -f -v -fi \ No newline at end of file diff --git a/tools/nerdctl/Dockerfile.template b/tools/nerdctl/Dockerfile.template index 45f036bcec..943585abff 100644 --- a/tools/nerdctl/Dockerfile.template +++ b/tools/nerdctl/Dockerfile.template @@ -7,7 +7,7 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version -COPY nerdctl.toml /uniget_bootstrap/etc/nerdctl/ +COPY nerdctl.toml.go-template /uniget_bootstrap/etc/nerdctl/ RUN <"/etc/nerdctl/nerdctl.toml" \ No newline at end of file diff --git a/tools/podman/post_install.sh b/tools/podman/post_install.sh deleted file mode 100644 index 9b1cc867fe..0000000000 --- a/tools/podman/post_install.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -o errexit - -mkdir -p /etc/containers -ln --symbolic --force "${target}/etc/containers/registries.conf" "/etc/containers/" -ln --symbolic --force "${target}/etc/containers/registries.json" "/etc/containers/" - -echo "Install systemd unit" -cat "${target}/etc/systemd/system/podman.service" \ -| sed "s|ExecStart=/usr/local/bin/podman|ExecStart=${target}/bin/podman|" \ ->"/etc/systemd/system/podman.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/portainer/Dockerfile.template b/tools/portainer/Dockerfile.template index 2982f43d1c..6ca25725ef 100644 --- a/tools/portainer/Dockerfile.template +++ b/tools/portainer/Dockerfile.template @@ -7,8 +7,7 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version -COPY portainer.service /uniget_bootstrap/etc/systemd/system/ -COPY init-portainer /uniget_bootstrap/etc/init.d/portainer +COPY portainer.service.go-template /uniget_bootstrap/etc/systemd/system/ RUN < /dev/null | grep -q upstart; then - log_failure_msg "$PORTAINER_DESC is managed via upstart, try using service $BASE $1" - exit 1 -fi -} - -fail_unless_root() { -if [ "$(id -u)" != '0' ]; then - log_failure_msg "$PORTAINER_DESC must be run as root" - exit 1 -fi -} - -cgroupfs_mount() { -# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount -if grep -v '^#' /etc/fstab | grep -q cgroup \ - || [ ! -e /proc/cgroups ] \ - || [ ! -d /sys/fs/cgroup ]; then - return -fi -if ! mountpoint -q /sys/fs/cgroup; then - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup -fi -( - cd /sys/fs/cgroup - for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do - mkdir -p $sys - if ! mountpoint -q $sys; then - if ! mount -n -t cgroup -o $sys cgroup $sys; then - rmdir $sys || true - fi - fi - done -) -} - -case "$1" in -start) - check_init - - fail_unless_root - - cgroupfs_mount - - touch "$PORTAINER_LOGFILE" - - ulimit -n 1048576 - - # Having non-zero limits causes performance problems due to accounting overhead - # in the kernel. We recommend using cgroups to do container-local accounting. - if [ "$BASH" ]; then - ulimit -u unlimited - else - ulimit -p unlimited - fi - - log_begin_msg "Starting $PORTAINER_DESC: $BASE" - start-stop-daemon --start --background \ - --no-close \ - --exec "$PORTAINER" \ - --pidfile "$PORTAINER_SSD_PIDFILE" \ - --make-pidfile \ - -- \ - >> "$PORTAINER_LOGFILE" 2>&1 - log_end_msg $? - ;; - -stop) - check_init - fail_unless_root - if [ -f "$PORTAINER_SSD_PIDFILE" ]; then - log_begin_msg "Stopping $PORTAINER_DESC: $BASE" - start-stop-daemon --stop --pidfile "$PORTAINER_SSD_PIDFILE" --retry 10 - log_end_msg $? - else - log_warning_msg "Docker already stopped - file $PORTAINER_SSD_PIDFILE not found." - fi - ;; - -restart) - check_init - fail_unless_root - portainer_pid=$(cat "$PORTAINER_SSD_PIDFILE" 2> /dev/null) - [ -n "$portainer_pid" ] \ - && ps -p $portainer_pid > /dev/null 2>&1 \ - && $0 stop - $0 start - ;; - -force-reload) - check_init - fail_unless_root - $0 restart - ;; - -status) - check_init - status_of_proc -p "$PORTAINER_SSD_PIDFILE" "$PORTAINER" "$PORTAINER_DESC" - ;; - -*) - echo "Usage: service portainer {start|stop|restart|status}" - exit 1 - ;; -esac diff --git a/tools/portainer/portainer.service b/tools/portainer/portainer.service.go-template similarity index 75% rename from tools/portainer/portainer.service rename to tools/portainer/portainer.service.go-template index 67092227ec..c9eae02c2c 100644 --- a/tools/portainer/portainer.service +++ b/tools/portainer/portainer.service.go-template @@ -4,7 +4,7 @@ Documentation=https://www.portainer.io/ After=network.target local-fs.target [Service] -ExecStart=/usr/local/bin/portainer --assets=${TARGET}/share/portainer --data=${TARGET}/lib/portainer --bind=127.0.0.1:9000 --bind-https=127.0.0.1:9443 --tunnel-addr=127.0.0.1 +ExecStart={{ .Target }}/bin/portainer --assets={{ .Target }}/share/portainer --data={{ .Target }}/lib/portainer --bind=127.0.0.1:9000 --bind-https=127.0.0.1:9443 --tunnel-addr=127.0.0.1 Type=exec Delegate=yes diff --git a/tools/portainer/post_install.sh b/tools/portainer/post_install.sh deleted file mode 100644 index e40ce1fee0..0000000000 --- a/tools/portainer/post_install.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -o errexit - -echo "Install init script" -cat "${target}/etc/init.d/portainer" \ -| sed "s|/usr/local/bin/portainer|${target}/bin/portainer|g" \ ->/etc/init.d/portainer - -echo "Install systemd unit" -cat "${target}/etc/systemd/system/portainer.service" \ -| sed "s|/usr/local/bin/portainer|${target}/bin/portainer|g" \ ->/etc/systemd/system/portainer.service - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi - diff --git a/tools/porter/manifest.yaml b/tools/porter/manifest.yaml index 8a5fcf76eb..6732554784 100644 --- a/tools/porter/manifest.yaml +++ b/tools/porter/manifest.yaml @@ -10,6 +10,18 @@ tags: - category/operations homepage: https://github.com/getporter/porter description: Package your application artifact, client tools, configuration and deployment logic +messages: + update: | + - Mixins are installed user-context: + + porter mixin install exec + porter mixin install docker + porter mixin install docker-compose + porter mixin install kubernetes + + - plugins are installed in user context: + + porter plugins install kubernetes renovate: datasource: github-releases package: getporter/porter diff --git a/tools/porter/post_install.sh b/tools/porter/post_install.sh deleted file mode 100644 index 0bdc9b668e..0000000000 --- a/tools/porter/post_install.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -o errexit - -if test -z ""; then - - echo "Install mixins" - porter mixin install exec - porter mixin install docker - porter mixin install docker-compose - porter mixin install kubernetes - - echo "Install plugins" - porter plugins install kubernetes - -fi \ No newline at end of file diff --git a/tools/python/manifest.yaml b/tools/python/manifest.yaml index f4316f9bc4..a78c350144 100644 --- a/tools/python/manifest.yaml +++ b/tools/python/manifest.yaml @@ -14,6 +14,9 @@ description: Redistributable builds of Python messages: internals: | This dynamically linked Python requires dynamically linked libraries for executions. + Run the following command to update the library cache: + + ldconfig renovate: datasource: github-releases package: uniget-org/renovate-custom diff --git a/tools/python/post_install.sh b/tools/python/post_install.sh deleted file mode 100644 index d31131a191..0000000000 --- a/tools/python/post_install.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -o errexit - -ldconfig \ No newline at end of file diff --git a/tools/rekor/Dockerfile.template b/tools/rekor/Dockerfile.template index 9aa5060a31..03f4060a6e 100644 --- a/tools/rekor/Dockerfile.template +++ b/tools/rekor/Dockerfile.template @@ -10,7 +10,7 @@ SHELL [ "bash", "-clo", "errexit" ] COPY --link --from=cosign / /usr/local/ ARG name ARG version -COPY rekor.service /uniget_bootstrap/etc/systemd/system/ +COPY rekor.service.go-template /uniget_bootstrap/etc/systemd/system/ RUN </etc/systemd/system/rekor.service - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/rekor/rekor.service b/tools/rekor/rekor.service.go-template similarity index 65% rename from tools/rekor/rekor.service rename to tools/rekor/rekor.service.go-template index 43a5fef114..b5a3757967 100644 --- a/tools/rekor/rekor.service +++ b/tools/rekor/rekor.service.go-template @@ -6,7 +6,7 @@ StartLimitIntervalSec=600 StartLimitBurst=5 [Service] -ExecStart=/usr/local/bin/rekor-server serve --rekor_server.address=0.0.0.0 --trillian_log_server.port=8091 +ExecStart={{ .Target }}/bin/rekor-server serve --rekor_server.address=0.0.0.0 --trillian_log_server.port=8091 Restart=on-failure RestartSec=5s diff --git a/tools/runq/manifest.yaml b/tools/runq/manifest.yaml index ddc82fdc61..2889b0506a 100644 --- a/tools/runq/manifest.yaml +++ b/tools/runq/manifest.yaml @@ -19,3 +19,21 @@ tags: - category/security homepage: https://github.com/gotoz/runq description: Run regular Docker images in KVM/Qemu +messages: + update: | + Add crun to Docker runtimes by merging the following into + /etc/docker/daemon.json: + + { + "runtimes": { + "runq": { + "path": "{{ .Target }}/var/lib/runq/runq", + "runtimeArgs": [ + "--cpu", "1", + "--mem", "256", + "--dns", "8.8.8.8,8.8.4.4", + "--tmpfs", "/tmp" + ] + } + } + } diff --git a/tools/runq/post_install.sh b/tools/runq/post_install.sh deleted file mode 100644 index 4281b20339..0000000000 --- a/tools/runq/post_install.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -set -o errexit - -if ! test -f "/etc/docker/daemon.json" || ! test "$(jq --raw-output 'select(.runtimes != null) | .runtimes | keys | any(. == "runq")' "/etc/docker/daemon.json")" == "true"; then - echo "Add runtime to Docker" - cat <<< "$( - jq --arg target "${target}" '. * { - "runtimes": { - "runq": { - "path": "\($target)/var/lib/runq/runq", - "runtimeArgs": [ - "--cpu", "1", - "--mem", "256", - "--dns", "8.8.8.8,8.8.4.4", - "--tmpfs", "/tmp" - ] - } - }}' /etc/docker/daemon.json - )" >/etc/docker/daemon.json -fi diff --git a/tools/rust/Dockerfile.template b/tools/rust/Dockerfile.template index dda418063c..0c19903ebf 100644 --- a/tools/rust/Dockerfile.template +++ b/tools/rust/Dockerfile.template @@ -7,6 +7,10 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \ SHELL [ "bash", "-clo", "errexit" ] ARG name ARG version +COPY <"/etc/systemd/system/stargz-snapshotter.service" - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/stargz-snapshotter/stargz-snapshotter.service b/tools/stargz-snapshotter/stargz-snapshotter.service deleted file mode 100644 index 3585a8c878..0000000000 --- a/tools/stargz-snapshotter/stargz-snapshotter.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=stargz snapshotter -PartOf=containerd - -[Service] -Environment=IPFS_PATH=${XDG_DATA_HOME}/ipfs -ExecStart=/usr/local/bin/containerd-stargz-grpc -address "${XDG_RUNTIME_DIR}/containerd-stargz-grpc/containerd-stargz-grpc.sock" -root "${XDG_DATA_HOME}/containerd-stargz-grpc" -config "${XDG_CONFIG_HOME}/containerd-stargz-grpc/config.toml" -ExecReload=/bin/kill -s HUP \$MAINPID -RestartSec=2 -Restart=always -Type=simple -KillMode=mixed - -[Install] -WantedBy=default.target \ No newline at end of file diff --git a/tools/stargz-snapshotter/stargz-snapshotter.service.go-template b/tools/stargz-snapshotter/stargz-snapshotter.service.go-template new file mode 100644 index 0000000000..5a353e289e --- /dev/null +++ b/tools/stargz-snapshotter/stargz-snapshotter.service.go-template @@ -0,0 +1,15 @@ +[Unit] +Description=stargz snapshotter +PartOf=containerd + +[Service] +Environment=IPFS_PATH=${XDG_DATA_HOME}/ipfs +ExecStart={{ .Target }}/bin/containerd-stargz-grpc -address "${XDG_RUNTIME_DIR}/containerd-stargz-grpc/containerd-stargz-grpc.sock" -root "${XDG_DATA_HOME}/containerd-stargz-grpc" -config "${XDG_CONFIG_HOME}/containerd-stargz-grpc/config.toml" +ExecReload=/bin/kill -s HUP \$MAINPID +RestartSec=2 +Restart=always +Type=simple +KillMode=mixed + +[Install] +WantedBy=default.target \ No newline at end of file diff --git a/tools/teleport/Dockerfile.template b/tools/teleport/Dockerfile.template index 4f88c6bf31..46d7eb0aee 100644 --- a/tools/teleport/Dockerfile.template +++ b/tools/teleport/Dockerfile.template @@ -14,7 +14,8 @@ curl --silent --show-error --location --fail "https://cdn.teleport.dev/teleport- teleport/teleport \ teleport/tbot \ teleport/tsh -curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/teleport.service" \ + +curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/teleport.service.go-template" \ "https://github.com/gravitational/teleport/blob/v${version}/examples/systemd/teleport.service" -sed -i "s|ExecStart=/usr/local/bin/teleport|ExecStart=/bin/teleport|" "${prefix}/etc/systemd/system/teleport.service" +sed -i "s|ExecStart=/usr/local/bin/teleport|ExecStart={{ .Target }}/bin/teleport|" "${prefix}/etc/systemd/system/teleport.service.go-template" EOF \ No newline at end of file diff --git a/tools/teleport/post_install.sh b/tools/teleport/post_install.sh deleted file mode 100644 index 657e102a64..0000000000 --- a/tools/teleport/post_install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -set -o errexit - -echo "Install systemd unit" -cat "${target}/etc/systemd/system/teleport.service" \ -| sed "s|ExecStart=/usr/local/bin/teleport|ExecStart=${target}/bin/teleport|" \ ->/etc/systemd/system/teleport.service - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/terraform/Dockerfile.template b/tools/terraform/Dockerfile.template index 55166bffb8..9434ecb93e 100644 --- a/tools/terraform/Dockerfile.template +++ b/tools/terraform/Dockerfile.template @@ -12,5 +12,7 @@ curl --silent --show-error --location --fail --remote-name "https://releases.has unzip -q -o -d "/tmp" "terraform_${version}_linux_${alt_arch}.zip" rm "terraform_${version}_linux_${alt_arch}.zip" mv "/tmp/terraform" "${prefix}/bin" -echo "complete -C /bin/terraform terraform" >"${prefix}/etc/profile.d/terraform.sh" +EOF +COPY </etc/profile.d/terraform.sh \ No newline at end of file diff --git a/tools/traefik/Dockerfile.template b/tools/traefik/Dockerfile.template index b0f1cae4ce..034dc62e87 100644 --- a/tools/traefik/Dockerfile.template +++ b/tools/traefik/Dockerfile.template @@ -12,6 +12,7 @@ check-github-release-asset "traefik/traefik" "v${version}" "traefik_v${version}_ curl --silent --show-error --location --fail "https://github.com/traefik/traefik/releases/download/v${version}/traefik_v${version}_linux_${alt_arch}.tar.gz" \ | tar --extract --gzip --directory="${prefix}/bin/" --no-same-owner \ traefik -curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/traefik.service" \ +curl --silent --show-error --location --fail --output "${prefix}/etc/systemd/system/traefik.service.go-template" \ "https://github.com/traefik/traefik/raw/v${version}/contrib/systemd/traefik.service" +sed -i -E 's|#ExecStart=/usr/bin/traefik|ExecStart={{ .Target }}/bin/traefik|' "${prefix}/etc/systemd/system/traefik.service.go-template" EOF \ No newline at end of file diff --git a/tools/traefik/post_install.sh b/tools/traefik/post_install.sh deleted file mode 100644 index 0dacf3bcac..0000000000 --- a/tools/traefik/post_install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -set -o errexit - -echo "Install systemd unit" -cat "${target}/etc/systemd/system/traefik.service" \ -| sed "s|#ExecStart=/usr/bin/traefik|ExecStart=${target}/bin/traefik|" \ ->/etc/systemd/system/traefik.service - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/trillian/Dockerfile.template b/tools/trillian/Dockerfile.template index 7644a4ea74..b310a2b891 100644 --- a/tools/trillian/Dockerfile.template +++ b/tools/trillian/Dockerfile.template @@ -11,8 +11,8 @@ COPY --link --from=go / /usr/local/ WORKDIR /go/src/github.com/google/trillian ARG name ARG version -COPY trillian_log_server.service /uniget_bootstrap/etc/systemd/system/trillian_log_server.service -COPY trillian_log_signer.service /uniget_bootstrap/etc/systemd/system/trillian_log_signer.service +COPY trillian_log_server.service.go-template /uniget_bootstrap/etc/systemd/system/ +COPY trillian_log_signer.service.go-template /uniget_bootstrap/etc/systemd/system/ RUN </etc/systemd/system/trillian_log_server.service -cat "${target}/etc/systemd/system/trillian_log_signer.service" \ -| sed -E "s|/usr/local/bin/trillian_log_signer|${target}/bin/trillian_log_signer|" \ ->/etc/systemd/system/trillian_log_signer.service - -if systemctl >/dev/null 2>&1; then - systemctl daemon-reload -fi \ No newline at end of file diff --git a/tools/trillian/trillian_log_server.service b/tools/trillian/trillian_log_server.service.go-template similarity index 63% rename from tools/trillian/trillian_log_server.service rename to tools/trillian/trillian_log_server.service.go-template index ff97245b1b..8f4242812f 100644 --- a/tools/trillian/trillian_log_server.service +++ b/tools/trillian/trillian_log_server.service.go-template @@ -6,7 +6,7 @@ StartLimitIntervalSec=600 StartLimitBurst=5 [Service] -ExecStart=/usr/local/bin/trillian_log_server -http_endpoint=localhost:8090 -rpc_endpoint=localhost:8091 --logtostderr ... +ExecStart={{ .Target }}/bin/trillian_log_server -http_endpoint=localhost:8090 -rpc_endpoint=localhost:8091 --logtostderr ... Restart=on-failure RestartSec=5s diff --git a/tools/trillian/trillian_log_signer.service b/tools/trillian/trillian_log_signer.service.go-template similarity index 51% rename from tools/trillian/trillian_log_signer.service rename to tools/trillian/trillian_log_signer.service.go-template index 1577ee36b2..aa803ef770 100644 --- a/tools/trillian/trillian_log_signer.service +++ b/tools/trillian/trillian_log_signer.service.go-template @@ -6,7 +6,7 @@ StartLimitIntervalSec=600 StartLimitBurst=5 [Service] -ExecStart=/usr/local/bin/trillian_log_signer --logtostderr --force_master --http_endpoint=localhost:8190 -rpc_endpoint=localhost:8191 --batch_size=1000 --sequencer_guard_window=0 --sequencer_interval=200ms +ExecStart={{ .Target }}/bin/trillian_log_signer --logtostderr --force_master --http_endpoint=localhost:8190 -rpc_endpoint=localhost:8191 --batch_size=1000 --sequencer_guard_window=0 --sequencer_interval=200ms Restart=on-failure RestartSec=5s diff --git a/tools/wsl-interop/manifest.yaml b/tools/wsl-interop/manifest.yaml index 95bd79fc1d..43de93b0e8 100644 --- a/tools/wsl-interop/manifest.yaml +++ b/tools/wsl-interop/manifest.yaml @@ -14,4 +14,9 @@ description: Workaround for WSL interop issue messages: internals: | - This tool is a workaround for WSL interop issue described in microsoft/WSL/issues#8842 - - An alternative workaround is running the following commant manually: systemctl restart user@1000 \ No newline at end of file + - An alternative workaround is running the following commant manually: systemctl restart user@1000 + - Enable this workaround by running the following commands: + + systemctl daemon-reload + systemctl enable wslinterop-force.service wslinterop-monitor.path + systemctl start wslinterop-force.service wslinterop-monitor.path \ No newline at end of file diff --git a/tools/wsl-interop/post_install.sh b/tools/wsl-interop/post_install.sh deleted file mode 100644 index 979c08fbf2..0000000000 --- a/tools/wsl-interop/post_install.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -o errexit - - -if systemctl >/dev/null 2>&1; then - echo "Reload systemd" - systemctl daemon-reload - - systemctl enable wslinterop-force.service wslinterop-monitor.path - systemctl start wslinterop-force.service wslinterop-monitor.path -fi \ No newline at end of file diff --git a/tools/youki/manifest.yaml b/tools/youki/manifest.yaml index 8fb43a0f0f..970ec69f8c 100644 --- a/tools/youki/manifest.yaml +++ b/tools/youki/manifest.yaml @@ -17,6 +17,18 @@ tags: - docker homepage: https://github.com/containers/youki description: Container runtime written in rust +messages: + update: | + Add crun to Docker runtimes by merging the following into + /etc/docker/daemon.json: + + { + "runtimes": { + "runsc": { + "path": "{{ .Target }}/bin/runsc" + } + } + } renovate: datasource: github-releases package: containers/youki diff --git a/tools/youki/post_install.sh b/tools/youki/post_install.sh deleted file mode 100644 index 39478a2814..0000000000 --- a/tools/youki/post_install.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -set -o errexit - -if ! test -f "/etc/docker/daemon.json" || ! test "$(jq --raw-output '.runtimes | keys | any(. == "runsc")' "/etc/docker/daemon.json")" == "true"; then - echo "Add runtime to Docker" - cat <<< "$( - jq --arg target "${target}" '. * {"runtimes":{"runsc":{"path":"\($target)/bin/runsc"}}}' /etc/docker/daemon.json - )" >/etc/docker/daemon.json -fi