Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop trying to pin package versions in the kicbase Dockerfile #8766

Closed
afbjorklund opened this issue Jul 19, 2020 · 2 comments
Closed

Stop trying to pin package versions in the kicbase Dockerfile #8766

afbjorklund opened this issue Jul 19, 2020 · 2 comments
Labels
area/build-release co/docker-driver Issues related to kubernetes in container co/podman-driver podman driver issues kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@afbjorklund
Copy link
Collaborator

It doesn't work to pin the package versions, without also pinning all the apt packages (in a separate download somewhere)

# specify version of everything explicitly using 'apt-cache policy'
RUN apt-get update && apt-get install -y --no-install-recommends \
    lz4=1.9.1-1 \
    gnupg=2.2.12-1ubuntu3 \ 
    sudo=1.8.27-1ubuntu4.1 \
    docker.io=19.03.2-0ubuntu1 \
    openssh-server=1:8.0p1-6build1 \
    dnsutils=1:9.11.5.P4+dfsg-5.1ubuntu2.1 \
    # libglib2.0-0 is required for conmon, which is required for podman
    libglib2.0-0=2.62.1-1 \
    && rm /etc/crictl.yaml

As long as we are using latest/greatest ubuntu:eoan (or focal) anyway, we might as well just use apt-get install as well.

Trying to rebuild, and you get errors like:
E: Version '1:9.11.5.P4+dfsg-5.1ubuntu2.1' for 'dnsutils' was not found

This is due to security updates, since then.
https://packages.ubuntu.com/eoan/dnsutils

1:9.11.5.P4+dfsg-5.1ubuntu2.2 [security]: amd64 i386
1:9.11.5.P4+dfsg-5.1ubuntu2 [ports]: arm64 armhf ppc64el s390x

This is of course a problem when it comes to reproducability, but that is something that is being shared with upstream KIND.

If you try to rebuild the docker old image now, you get a different result than the binary that is posted on the Docker Hub:

kindest_base.diff.txt

So we should focus on package names, and then use ranges where it matters.
@afbjorklund afbjorklund added co/docker-driver Issues related to kubernetes in container co/podman-driver podman driver issues area/build-release labels Jul 19, 2020
@afbjorklund
Copy link
Collaborator Author

Same problem in #7884

@afbjorklund
Copy link
Collaborator Author

See #8251 (comment)

@afbjorklund afbjorklund changed the title Stop trying to pin packages in the kicbase Dockerfile Stop trying to pin package versions in the kicbase Dockerfile Jul 19, 2020
@afbjorklund afbjorklund mentioned this issue Jul 19, 2020
Closed
@tstromberg tstromberg added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Jul 22, 2020
@sharifelgamal sharifelgamal added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Jul 27, 2020
@medyagh medyagh mentioned this issue Jul 28, 2020
Merged
@afbjorklund afbjorklund mentioned this issue Aug 13, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/build-release co/docker-driver Issues related to kubernetes in container co/podman-driver podman driver issues kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tstromberg @afbjorklund @sharifelgamal