github.com/cookieai-jar/moby@v17.12.1-ce-rc2+incompatible/reports/2017-06-26.md (about) 1 # Development Report for June 26, 2017 2 3 ## Moby Summit 4 5 The Moby Summit held in San Francisco was very active and well attended ([blog](http://mobyproject.org/blog/2017/06/26/moby-summit-recap/) / [linuxkit table notes](https://github.com/linuxkit/linuxkit/blob/master/reports/2017-06-19-summit.md) [#2090](https://github.com/linuxkit/linuxkit/pull/2090) [#2033](https://github.com/linuxkit/linuxkit/pull/2033) [@mgoelzer] [@justincormack]). 6 7 ## Container Engine 8 9 Thanks to @fabiokung there is no container locks anymore on `docker ps` [#31273](https://github.com/moby/moby/pull/31273) 10 11 ## BuildKit 12 13 [Repo](https://github.com/moby/buildkit) 14 [Proposal](https://github.com/moby/moby/issues/32925) 15 16 New development repo is open at https://github.com/moby/buildkit 17 18 The readme file provides examples how to get started. You can see an example of building BuildKit with BuildKit. 19 20 There are lots of new issues opened as well to track the missing functionality. You are welcomed to help on any of them or discuss the design there. 21 22 Last week most of the work was done on improving the `llb` client library for more complicated use cases and providing traces and interactive progress of executed build jobs. 23 24 The `llb` client package is a go library that helps you to generate the build definition graph. It uses chained methods to make it easy to describe what steps need to be running. Mounts can be added to the execution steps for defining multiple inputs or outputs. To prepare the graph, you just have to call `Marshal()` on a leaf node that will generate the protobuf definition for everything required to build that node. 25 26 ### Typed Dockerfile parsing 27 28 [PR](https://github.com/moby/moby/pull/33492) 29 30 This PR that enables parsing Dockerfiles into typed structures so they can be preprocessed to eliminate unnecessary build stages and reused with different kinds of dispatchers(eg. BuildKit). 31 32 The PR had some review and updates in last week. Should be ready to code review soon. 33 34 ### Merged: Long running session & incremental file sending 35 36 [PR](https://github.com/moby/moby/pull/32677) 37 38 Incremental context sending PR was merged and is expected to land in `v17.07`. 39 40 This feature experimental feature lets you skip sending the build context to the daemon on repeated builder invocations during development. Currently, this feature requires a CLI flag `--stream=true`. If this flag is used, one first builder invocation full build context is sent to the daemon. On a second attempt, only the changed files are transferred. 41 42 Previous build context is saved in the build cache, and you can see how much space it takes form `docker system df`. Build cache will be automatically garbage collected and can also be manually cleared with `docker prune`. 43 44 ### Quality: Dependency interface switch 45 46 [Move file copying from the daemon to the builder](https://github.com/moby/moby/pull/33454) PR was merged. 47 48 49 ### Proposals for new Dockerfile features that need design feedback: 50 51 [Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100) 52 53 [Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487) 54 55 [Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507) 56 57 [DAG image builder](https://github.com/moby/moby/issues/32550) 58 59 [Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new) 60 61 [Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new) 62 63 [Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989) 64 65 If you are interested in implementing any of them, leave a comment on the specific issues. 66 67 ### Other builder PRs merged last week 68 69 [Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161) 70 71 [Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088) 72 73 [fix copy —from conflict with force pull](https://github.com/moby/moby/pull/33735) 74 75 ### Builder features currently in code-review: 76 77 [Fix handling of remote "git@" notation](https://github.com/moby/moby/pull/33696) 78 79 [builder: Emit a BuildResult after squashing.](https://github.com/moby/moby/pull/33824) 80 81 [Fix shallow git clone in docker-build](https://github.com/moby/moby/pull/33704) 82 83 ### Backlog 84 85 [Build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard. 86 87 ## LinuxKit 88 89 * **Kernel GPG verification:** The kernel compilation containers now verify the GPG and SHA256 90 checksums before building the binaries. ([#2062](https://github.com/linuxkit/linuxkit/issues/2062) [#2083](https://github.com/linuxkit/linuxkit/issues/2083) [@mscribe] [@justincormack] [@rn] [@riyazdf]). 91 The base Alpine build image now includes `gnupg` to support this feature ([#2091](https://github.com/linuxkit/linuxkit/issues/2091) [@riyazdf] [@rn]). 92 93 * **Security SIG on Landlock:** The third Moby Security SIG focussed on the [Landlock](https://github.com/landlock-lsm) security module that provides unprivileged fine-grained sandboxing to applications. There are videos and forum links ([#2087](https://github.com/linuxkit/linuxkit/issues/2087) [#2089](https://github.com/linuxkit/linuxkit/issues/2089) [#2073](https://github.com/linuxkit/linuxkit/issues/2073) [@riyazdf]). 94 95 * **Networking drivers now modules:** The kernels have been updated to 4.11.6/4.9.33/4.4.73, and many drivers are now loaded as modules to speed up boot-time ([#2095](https://github.com/linuxkit/linuxkit/issues/2095) [#2061](https://github.com/linuxkit/linuxkit/issues/2061) [@rn] [@justincormack] [@tych0]) 96 97 - **Whaley important update:** The ASCII logo was updated and we fondly wave goodbye to the waves. ([#2084](https://github.com/linuxkit/linuxkit/issues/2084) [@thaJeztah] [@rn]) 98 99 - **Containerised getty and sshd:** The login services now run in their own mount namespace, which was confusing people since they were expecting it to be on the host filesystem. This is now being addressed via a reminder in the `motd` upon login ([#2078](https://github.com/linuxkit/linuxkit/issues/2078) [#2097](https://github.com/linuxkit/linuxkit/issues/2097) [@deitch] [@ijc] [@justincormack] [@riyazdf] [@rn]) 100 101 - **Hardened user copying:** The RFC on ensuring that we use a hardened kernel/userspace copying system was closed, as it is enabled by default on all our modern kernels and a regression test is included by default ([#2086](https://github.com/linuxkit/linuxkit/issues/2086) [@fntlnz] [@riyazdf]). 102 103 - **Vultr provider:** There is an ongoing effort to add a metadata provider for [Vultr](http://vultr.com) ([#2101](https://github.com/linuxkit/linuxkit/issues/2101) [@furious-luke] [@justincormack]). 104 105 ### Packages and Projects 106 107 - Simplified Makefiles for packages ([#2080](https://github.com/linuxkit/linuxkit/issues/2080) [@justincormack] [@rn]) 108 - The MirageOS SDK is integrating many upstream changes from dependent libraries, for the DHCP client ([#2070](https://github.com/linuxkit/linuxkit/issues/2070) [#2072](https://github.com/linuxkit/linuxkit/issues/2072) [@samoht] [@talex5] [@avsm]). 109 110 ### Documentation and Tests 111 112 - A comprehensive test suite for containerd is now integrated into LinuxKit tests ([#2062](https://github.com/linuxkit/linuxkit/issues/2062) [@AkihiroSuda] [@justincormack] [@rn]) 113 - Fix documentation links ([#2074](https://github.com/linuxkit/linuxkit/issues/2074) [@ndauten] [@justincormack]) 114 - Update RTF version ([#2077](https://github.com/linuxkit/linuxkit/issues/2077) [@justincormack]) 115 - tests: add build test for Docker for Mac blueprint ([#2093](https://github.com/linuxkit/linuxkit/issues/2093) [@riyazdf] [@MagnusS]) 116 - Disable Qemu EFI ISO test for now ([#2100](https://github.com/linuxkit/linuxkit/issues/2100) [@justincormack]) 117 - The CI whitelists and ACLs were updated ([linuxkit-ci#11](https://github.com/linuxkit/linuxkit-ce/issues/11) [linuxkit-ci#15](https://github.com/linuxkit/linuxkit-ce/issues/15) [linuxkit/linuxkit-ci#10](https://github.com/linuxkit/linuxkit-ce/issues/10) [@rn] [@justincormack]) 118 - Fix spelling errors ([#2079](https://github.com/linuxkit/linuxkit/issues/2079) [@ndauten]) 119 - Fix typo in dev report ([#2094](https://github.com/linuxkit/linuxkit/issues/2094) [@justincormack]) 120 - Fix dead Link to VMWare File ([#2082](https://github.com/linuxkit/linuxkit/issues/2082) [@davefreitag])