Dockerfile: use DEBIAN_FRONTEND=noninteractive Using a build-arg so that we don't have to specify it for each `apt-get install`, and to preserve that the `DEBIAN_FRONTEND` is preserved in the image itself (which changes the default behavior, and can be surprising if the image is run interactively).` With this patch, some (harmless, but possibly confusing) errors are no longer printed during build, for example: ```patch Unpacking libgcc1:armhf (1:6.3.0-18+deb9u1) ... Selecting previously unselected package libc6:armhf. Preparing to unpack .../04-libc6_2.24-11+deb9u4_armhf.deb ... -debconf: unable to initialize frontend: Dialog -debconf: (TERM is not set, so the dialog frontend is not usable.) -debconf: falling back to frontend: Readline Unpacking libc6:armhf (2.24-11+deb9u4) ... Selecting previously unselected package libgcc1:arm64. Preparing to unpack .../05-libgcc1_1%3a6.3.0-18+deb9u1_arm64.deb ... Unpacking libgcc1:arm64 (1:6.3.0-18+deb9u1) ... Selecting previously unselected package libc6:arm64. Preparing to unpack .../06-libc6_2.24-11+deb9u4_arm64.deb ... -debconf: unable to initialize frontend: Dialog -debconf: (TERM is not set, so the dialog frontend is not usable.) -debconf: falling back to frontend: Readline ``` Looks like some output is now also printed on stdout instead of stderr Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
add powerpc-master stage to Jenkinsfile The powerpc-master stage will just run the integration-cli tests. The existing powerpc stage will run the unit tests and the integration tests. In this way, PR check jobs will be shorter, but all integration tests will run after PR is merged to master. Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
add z-master stage to Jenkinsfile The z-master stage will just run the integration-cli tests. The existing z stage will run the unit tests and the integration tests. In this way, PR check jobs will be shorter, but all integration tests will run after PR is merged to master. Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
be more lenient on junit report gathering in Jenkinsfile In case a job fails before even generating a report file. Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Jenkinsfile: send junit.xml in the stage that produced it This will send the results directly after the tests complete, and make the stage more atomic. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Jenkinsfile: collect junit.xml for all architectures Jenkins groups them per stage, so collecting them for all architectures is possible (without them conflicting or becoming ambiguous) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Bump golang 1.12.8 (CVE-2019-9512, CVE-2019-9514) go1.12.8 (released 2019/08/13) includes security fixes to the net/http and net/url packages. See the Go 1.12.8 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.12.8 - net/http: Denial of Service vulnerabilities in the HTTP/2 implementation net/http and golang.org/x/net/http2 servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. Servers will now close connections if the send queue accumulates too many control messages. The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606. Thanks to Jonathan Looney from Netflix for discovering and reporting these issues. This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of golang.org/x/net/http2. net/url: parsing validation issue - url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses in certain applications. Note that URLs with invalid, not numeric ports will now return an error from url.Parse. The issue is CVE-2019-14809 and Go issue golang.org/issue/29098. Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me) for discovering and reporting this issue. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Dockerfile: update CRIU to v3.12 New features - build CRIU with Android NDK - C/R of - IP RAW sockets - lsm: dump and restore any SELinux process label - support restoring ghost files on readonly mounts Bugfixes - Do not lock network if running in the host network namespace - Fix RPC configuration file handling - util: don't leak file descriptors to third-party tools - small fixes here and there Improvements - travis: switch to the Ubuntu Xenial - travis-ci: Enable ia32 tests - Many improvements and bug fixes in the libcriu - Changes in the API and ABI (SONAME increased from 1 to 2) full diff: https://github.com/checkpoint-restore/criu/compare/v3.11...v3.12 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
docker-py: fix linting issues reported by shellcheck - SC2006: use $(...) notation instead of legacy backticked `...` - SC2086: double quote to prevent globbing and word splitting Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Jenkinsfile: build dynamic binary for docker-py, to match makefile This also makes sure that we can test all functionality of the daemon, because some features are not available on static binaries. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>