Merge pull request #81 from AkihiroSuda/dev

Add "full" distribution

Author: AkihiroSuda

.dockerignore

@@ -0,0 +1,9 @@
+# artifacts
+/nerdctl
+_output
+
+# golangci-lint
+build
+
+# vagrant
+/.vagrant

.github/workflows/release.yml

@@ -33,13 +33,11 @@ jobs:
       run: |
         tag="${GITHUB_REF##*/}"
         shasha=$(sha256sum _output/SHA256SUMS | awk '{print $1}')
-        cat << EOF | tee /tmp/release-note.txt
+        cat <<-EOF | tee /tmp/release-note.txt
         ${tag}
 
-        #### Changes
-        (To be documented)
-
-        #### About the binaries
+        $(hack/generate-release-note.sh)
+        - - -
         The binaries were built automatically on GitHub Actions.
         The build log is available for 90 days: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
 

Dockerfile

@@ -1,15 +1,79 @@
 # Usage: `docker run -it --privileged <IMAGE>`. Make sure to add `-t` and `--privileged`.
-ARG UBUNTU_VERSION=20.04
-ARG CONTAINERIZED_SYSTEMD_VERSION=0.1.1
+
+# Basic deps
 ARG CONTAINERD_VERSION=1.5.0-beta.2
 ARG RUNC_VERSION=1.0.0-rc93
 ARG CNI_PLUGINS_VERSION=0.9.1
+
+# Extra deps: CNI isolation
 ARG CNI_ISOLATION_VERSION=0.0.3
+# Extra deps: Build
 ARG BUILDKIT_VERSION=0.8.2
+# Extra deps: Lazy-pulling
+ARG STARGZ_SNAPSHOTTER_VERSION=0.4.1
+# Extra deps: Rootless
+ARG ROOTLESSKIT_VERSION=0.14.0-beta.0
+ARG SLIRP4NETNS_VERSION=1.1.9
+
+# Test deps
 ARG GO_VERSION=1.16
+ARG UBUNTU_VERSION=20.04
+ARG CONTAINERIZED_SYSTEMD_VERSION=0.1.1
+
+FROM golang:${GO_VERSION}-alpine AS build-minimal
+RUN apk add --no-cache make git
+COPY . /go/src/github.com/AkihiroSuda/nerdctl
+WORKDIR /go/src/github.com/AkihiroSuda/nerdctl
+RUN BINDIR=/out/bin make binaries install
+# We do not set CMD to `go test` here, because it requires systemd
+
+FROM build-minimal AS build-full
+RUN apk add --no-cache curl
+RUN mkdir -p /out/share/doc/nerdctl-full && \
+  echo "# nerdctl (full distribution)" > /out/share/doc/nerdctl-full/README.md && \
+  echo "- nerdctl: $(cd /go/src/github.com/AkihiroSuda/nerdctl && git describe --tags)" >> /out/share/doc/nerdctl-full/README.md
+ARG TARGETARCH
+ARG CONTAINERD_VERSION
+RUN curl -L https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /out && \
+  rm -f /out/bin/containerd-shim /out/bin/containerd-shim-runc-v1 && \
+  echo "- containerd: v${CONTAINERD_VERSION}" >> /out/share/doc/nerdctl-full/README.md
+ARG RUNC_VERSION
+RUN curl -L -o /out/bin/runc https://github.com/opencontainers/runc/releases/download/v${RUNC_VERSION}/runc.${TARGETARCH:-amd64} && \
+  chmod +x /out/bin/runc && \
+  echo "- runc: v${RUNC_VERSION}" >> /out/share/doc/nerdctl-full/README.md
+ARG CNI_PLUGINS_VERSION
+RUN mkdir -p /out/libexec/cni && \
+  curl -L https://github.com/containernetworking/plugins/releases/download/v${CNI_PLUGINS_VERSION}/cni-plugins-linux-${TARGETARCH:-amd64}-v${CNI_PLUGINS_VERSION}.tgz | tar xzvC /out/libexec/cni && \
+  echo "- CNI plugins: v${CNI_PLUGINS_VERSION}" >> /out/share/doc/nerdctl-full/README.md
+ARG CNI_ISOLATION_VERSION
+RUN curl -L https://github.com/AkihiroSuda/cni-isolation/releases/download/v${CNI_ISOLATION_VERSION}/cni-isolation-${TARGETARCH:-amd64}.tgz | tar xzvC /out/libexec/cni && \
+  echo "- CNI isolation plugin: v${CNI_ISOLATION_VERSION}" >> /out/share/doc/nerdctl-full/README.md
+ARG BUILDKIT_VERSION
+RUN curl -L https://github.com/moby/buildkit/releases/download/v${BUILDKIT_VERSION}/buildkit-v${BUILDKIT_VERSION}.linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /out && \
+  rm -f /out/bin/buildkit-qemu-* /out/bin/buildkit-runc && \
+  echo "- BuildKit: v${BUILDKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md
+ARG STARGZ_SNAPSHOTTER_VERSION
+RUN curl -L https://github.com/containerd/stargz-snapshotter/releases/download/v${STARGZ_SNAPSHOTTER_VERSION}/stargz-snapshotter-v${STARGZ_SNAPSHOTTER_VERSION}-linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /out/bin && \
+  echo "- Stargz Snapshotter: v${STARGZ_SNAPSHOTTER_VERSION}" >> /out/share/doc/nerdctl-full/README.md
+ARG ROOTLESSKIT_VERSION
+RUN curl -L https://github.com/rootless-containers/rootlesskit/releases/download/v${ROOTLESSKIT_VERSION}/rootlesskit-$(uname -m).tar.gz | tar xzvC /out/bin && \
+  rm -f /out/bin/rootlesskit-docker-proxy && \
+  echo "- RootlessKit: v${ROOTLESSKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md
+ARG SLIRP4NETNS_VERSION
+RUN curl -L -o /out/bin/slirp4netns https://github.com/rootless-containers/slirp4netns/releases/download/v${SLIRP4NETNS_VERSION}/slirp4netns-$(uname -m) && \
+  chmod +x /out/bin/slirp4netns && \
+  echo "- slirp4netns: v${SLIRP4NETNS_VERSION}" >> /out/share/doc/nerdctl-full/README.md
+RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \
+  echo "## License" >> /out/share/doc/nerdctl-full/README.md && \
+  echo "- bin/slirp4netns: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/v${SLIRP4NETNS_VERSION}/COPYING)" >> /out/share/doc/nerdctl-full/README.md && \
+  echo "- Other files: [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)" >> /out/share/doc/nerdctl-full/README.md
+RUN (cd /out && find ! -type d | sort | xargs sha256sum > /tmp/SHA256SUMS ) && \
+  mv /tmp/SHA256SUMS /out/share/doc/nerdctl-full/SHA256SUMS
+
+FROM scratch AS out-full
+COPY --from=build-full /out /
 
-FROM mirror.gcr.io/library/ubuntu:${UBUNTU_VERSION} AS base
-ENV DEBIAN_FRONTEND=noninteractive
+FROM ubuntu:${UBUNTU_VERSION} AS base
 RUN apt-get update && \
   apt-get install -qq -y --no-install-recommends \
   ca-certificates curl \
@@ -18,26 +82,11 @@ RUN apt-get update && \
 ARG CONTAINERIZED_SYSTEMD_VERSION
 RUN curl -L -o /docker-entrypoint.sh https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/v${CONTAINERIZED_SYSTEMD_VERSION}/docker-entrypoint.sh && \
   chmod +x /docker-entrypoint.sh
-ARG CONTAINERD_VERSION
-ARG TARGETARCH
-RUN curl -L https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /usr/local && \
-  rm -f /usr/local/bin/containerd-{shim,shim-runc-v1}
-COPY Dockerfile.d/containerd.service /etc/systemd/system/containerd.service
-RUN systemctl enable containerd
-ARG RUNC_VERSION
-RUN curl -L -o /usr/local/sbin/runc https://github.com/opencontainers/runc/releases/download/v${RUNC_VERSION}/runc.${TARGETARCH:-amd64} && \
-  chmod +x /usr/local/sbin/runc
-ARG CNI_PLUGINS_VERSION
-RUN mkdir -p /opt/cni/bin && \
-  curl -L https://github.com/containernetworking/plugins/releases/download/v${CNI_PLUGINS_VERSION}/cni-plugins-linux-${TARGETARCH:-amd64}-v${CNI_PLUGINS_VERSION}.tgz | tar xzvC /opt/cni/bin
-ARG CNI_ISOLATION_VERSION
-RUN curl -L https://github.com/AkihiroSuda/cni-isolation/releases/download/v${CNI_ISOLATION_VERSION}/cni-isolation-${TARGETARCH:-amd64}.tgz | tar xzvC /opt/cni/bin
-ARG BUILDKIT_VERSION
-RUN curl -L https://github.com/moby/buildkit/releases/download/v${BUILDKIT_VERSION}/buildkit-v${BUILDKIT_VERSION}.linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /usr/local && \
-  rm -f /usr/local/bin/buildkit-qemu-* /usr/local/bin/buildkit-runc
-COPY Dockerfile.d/buildkitd.service /etc/systemd/system/buildkitd.service
-RUN systemctl enable buildkitd
+COPY --from=out-full / /usr/local/
+COPY Dockerfile.d/*.service /etc/systemd/system
+RUN systemctl enable containerd buildkitd
 VOLUME /var/lib/containerd
+VOLUME /var/lib/buildkit
 VOLUME /var/lib/nerdctl
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["bash"]
@@ -53,8 +102,6 @@ ENV PATH=/usr/local/go/bin:$PATH
 COPY . /go/src/github.com/AkihiroSuda/nerdctl
 WORKDIR /go/src/github.com/AkihiroSuda/nerdctl
 ENV CGO_ENABLED=0
-RUN make binaries install
 CMD ["go", "test", "-v", "./..."]
 
 FROM base AS demo
-COPY --from=test /usr/local/bin/nerdctl /usr/local/bin

Makefile

@@ -62,7 +62,10 @@ artifacts: clean
 	GOOS=linux GOARCH=arm GOARM=7 make -C $(CURDIR) binaries
 	tar $(TAR_FLAGS) -czvf $(CURDIR)/_output/nerdctl-$(VERSION_TRIMMED)-linux-arm-v7.tar.gz _output/nerdctl extras/rootless/*
 
-	rm -f _output/nerdctl
+	rm -f $(CURDIR)/_output/nerdctl
+
+	DOCKER_BUILDKIT=1 docker build --output type=tar,dest=$(CURDIR)/_output/nerdctl-full-$(VERSION_TRIMMED)-linux-amd64.tar --target out-full $(CURDIR)
+	gzip -9 $(CURDIR)/_output/nerdctl-full-$(VERSION_TRIMMED)-linux-amd64.tar
 
 .PHONY: \
 	help \

hack/generate-release-note.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+minimal_amd64tgz="$(find _output -name '*amd64.tar.gz*' -and ! -name '*full*')"
+full_amd64tgz="$(find _output -name '*amd64.tar.gz*' -and -name '*full*')"
+
+minimal_amd64tgz_basename="$(basename ${minimal_amd64tgz})"
+full_amd64tgz_basename="$(basename ${full_amd64tgz})"
+
+cat <<-EOX
+## Changes
+(To be documented)
+
+## About the binaries
+- Minimal (\`${minimal_amd64tgz_basename}\`): nerdctl only
+- Full (\`${full_amd64tgz_basename}\`):    Includes dependencies such as containerd, runc, and CNI
+
+### Minimal
+Extract the archive to a path like \`/usr/local/bin\` or \`~/bin\` .
+<details><summary>tar Cxzvvf /usr/local/bin ${minimal_amd64tgz_basename}</summary>
+<p>
+
+\`\`\`
+$(tar tzvf ${minimal_amd64tgz})
+\`\`\`
+</p>
+</details>
+
+### Full
+Extract the archive to a path like \`/usr/local\` or \`~/.local\` .
+
+<details><summary>tar Cxzvvf /usr/local ${full_amd64tgz_basename}</summary>
+<p>
+
+\`\`\`
+$(tar tzvf ${full_amd64tgz})
+\`\`\`
+</p>
+</details>
+
+<details><summary>Included components</summary>
+<p>
+
+See \`share/doc/nerdctl-full/README.md\`:
+\`\`\`markdown
+$(tar xOzf ${full_amd64tgz} share/doc/nerdctl-full/README.md)
+\`\`\`
+</p>
+</details>
+
+## Quick start
+### Rootful
+\`\`\`console
+$ sudo systemctl enable --now containerd
+$ sudo nerdctl run -d --name nginx -p 80:80 nginx:alpine
+\`\`\`
+
+### Rootless
+\`\`\`console
+$ containerd-rootless-setuptool.sh install
+$ nerdctl run -d --name nginx -p 8080:80 nginx:alpine
+\`\`\`
+
+Rootless mode requires systemd and cgroup v2, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .
+EOX

pkg/defaults/defaults.go

@@ -50,6 +50,8 @@ func CNIPath() string {
 			panic("environment variable HOME is not set")
 		}
 		candidates = append([]string{
+			// NOTE: These user paths are not defined in XDG
+			filepath.Join(home, ".local/libexec/cni"),
 			filepath.Join(home, "opt/cni/bin"),
 		}, candidates...)
 	}