-
Notifications
You must be signed in to change notification settings - Fork 386
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't pass --platform to docker/podman
The `--platform` flag is only ever passed to docker/podman when both the user and server platform values are equal. When they mismatch, the `--platform` flag is ommitted, and the server's native platform is used. Since the `--platform` value is only ever passed when the user and server platforms are equal, it shouldn't matter; however in practice there is a podman bug, which causes a pull to occur whenver the `--platform` flag is specified: containers/podman#15711 This bug will cause podman to always pull the earthly/buildkitd image from docker hub, which will either 1) overwrite the local image if the image exists in docker hub, and ultimately will cause our tests to run against an incorrect image version, or 2) result in the following 404-error if the tag does not exist: exit status 125: Trying to pull docker.io/earthly/buildkitd:dev-HEAD... Error: initializing source docker://earthly/buildkitd:dev-HEAD: reading manifest dev-HEAD in docker.io/earthly/buildkitd: manifest unknown: manifest unknown: exit status 125 This commit additionally updates the podman tests to use capsh rather than grep for the `RUN --privileged` tests, as the Effective capabilities (CapEff) bits are not always the same between docker and podman Signed-off-by: Alex Couture-Beil <alex@earthly.dev>
- Loading branch information
Showing
8 changed files
with
28 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,10 @@ | ||
VERSION 0.6 | ||
FROM alpine:3.15 | ||
RUN apk add libcap # for capsh | ||
|
||
test: | ||
RUN cat /proc/self/status | grep CapEff | grep 00000000a80425fb | ||
RUN --privileged cat /proc/self/status | grep CapEff | grep 0000003fffffffff | ||
|
||
# when running under podman CapEff is not always 0000003fffffffff; but might instead be 000001ffffffffff | ||
# use the capsh tool (which reads from /proc/self/status) to check if the sys_admin capability is permitted | ||
RUN --privileged capsh --has-p=cap_sys_admin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters