Remove last DOCKER_BUILDKIT=0 (attempt #2)

This reverts commit ecde90e.

* "--network" is somehow not supported by the new builder, see moby/buildkit#978
* anyway, during our builds this process does not makes much sense anymore (especially as we don't find release candidates on the download servers)
* if you've used this locally, just provide the package manually

Change-Id: Iab8a5a3108d84064fc14dab1e5bf44d7884d7cc0
JIRA-Ref: CMK-12974
(cherry picked from commit 1360a18886eb764b3f18279d5cfaad98aee99bbd)

docker_image/Dockerfile

@@ -8,8 +8,6 @@ ARG CMK_VERSION="2.2.0b9"
 # Choose one of: raw, enterprise, managed
 ARG CMK_EDITION="raw"
 
-ARG CMK_DL_URL="https://download.checkmk.com/checkmk"
-
 # The following variables can be set during container init (docker run -e KEY=val)
 ARG CMK_SITE_ID
 ENV CMK_SITE_ID="cmk"
@@ -30,11 +28,6 @@ ARG DISTRO_CODENAME="jammy"
 # Used e.g. for omd update
 ENV CMK_CONTAINERIZED="TRUE"
 
-# The credentials for the download are provided by a sidecar container. For
-# local builds it is convenient to change this (e.g. to the docker host and
-# running `python -m http.simple`)
-ARG CREDENTIALS_URL="http://127.0.0.1:8000/secret"
-
 # Make the list of required packages available to the following command
 COPY needed-packages /needed-packages
 
@@ -84,11 +77,8 @@ RUN set -e \
     && PKG_NAME="check-mk-${CMK_EDITION}-${CMK_VERSION}" \
     && PKG_FILE="${PKG_NAME}_0.${DISTRO_CODENAME}_$(dpkg --print-architecture).deb" \
     && if [ ! -e "/${PKG_FILE}" ]; then \
-        echo "Receive download credentials from ${CREDENTIALS_URL}..." && \
-        CMK_DL_CREDENTIALS=$(curl -fsS "${CREDENTIALS_URL}") && \
-        echo "Downloading ${PKG_FILE}..." && \
-        echo "--user \"${CMK_DL_CREDENTIALS}\"" \
-            | curl -f -o "${PKG_FILE}" -K - "${CMK_DL_URL}/${CMK_VERSION}/${PKG_FILE}" ; \
+        echo "ERROR: Please provide ${PKG_FILE} by downloading it from https://download.checkmk.com/checkmk" \
+        && return 1 ; \
        fi \
     && gpg -q --import "/Check_MK-pubkey.gpg" \
     && gpg --verify "${PKG_FILE}" \

docker_image/Makefile

@@ -6,13 +6,9 @@
 
 include ../defines.make
 
-CREDENTIALS_FILE         := $$HOME/.cmk-credentials
 DOCKER_REPO_NAME         := checkmk
 SHELL                    := /bin/bash -e -o pipefail
 RESOLVE_CMD              := ../buildscripts/docker_image_aliases/resolve.py
-SECRET_CONTAINER_ID_CMD  := docker run -d --rm \
-    --volume $(CREDENTIALS_FILE):/files/secret \
-    $$($(RESOLVE_CMD) IMAGE_BUSYBOX_LATEST) timeout 180 httpd -f -p 8000 -h /files
 
 .PHONY: help setup setversion image image-daily clean test-lint-dockerfile test-lint-entrypoint
 
@@ -59,18 +55,14 @@ image: needed-packages
   		echo "VERSION_TAG is not set, please pass this environment variable during make target call."; \
   		exit 1; \
   	fi; \
-	SECRET_CONTAINER_ID=$$($(SECRET_CONTAINER_ID_CMD)) ; \
-	DOCKER_BUILDKIT=0 docker build \
-	    --network=container:$$SECRET_CONTAINER_ID \
+	docker build \
 	    --build-arg CMK_VERSION="$(VERSION)" \
 	    --build-arg CMK_EDITION="$(EDITION)" \
 	    --build-arg IMAGE_CMK_BASE=$$($(RESOLVE_CMD) IMAGE_CMK_BASE) \
 	    -t $(DOCKER_REPO_NAME)/check-mk-$(EDITION):$(VERSION_TAG) \
 	    . ; \
-	docker stop $$SECRET_CONTAINER_ID
 
 image-daily: needed-packages
-	SECRET_CONTAINER_ID=$$($(SECRET_CONTAINER_ID_CMD)) ; \
 	BRANCH_PREFIX="$$(git rev-parse --abbrev-ref HEAD)" ; \
 	if [[ "$$BRANCH_PREFIX" == "master" || "$$BRANCH_PREFIX" =~ "/" ]]; then \
 	    BRANCH_PREFIX="" ; \
@@ -79,15 +71,13 @@ image-daily: needed-packages
 	fi ; \
 	VERSION="$${VERSION:-$$(date +%F)}" ; \
 	VERSION="$${BRANCH_PREFIX}$${VERSION//-/.}" ; \
-	DOCKER_BUILDKIT=0 docker build \
-	    --network=container:$$SECRET_CONTAINER_ID \
+	docker build \
 	    --build-arg CMK_VERSION="$${VERSION}" \
 	    --build-arg CMK_EDITION=$(EDITION) \
 	    --build-arg IMAGE_CMK_BASE=$$($(RESOLVE_CMD) IMAGE_CMK_BASE) \
 	    -t $(DOCKER_REPO_NAME)/check-mk-$(EDITION):$${VERSION} \
 	    -t $(DOCKER_REPO_NAME)/check-mk-$(EDITION):$${BRANCH_PREFIX}daily \
 	    . ; \
-	docker stop $$SECRET_CONTAINER_ID
 
 test-lint-dockerfile:
 	docker run --rm -i $$($(RESOLVE_CMD) IMAGE_HADOLINT) < Dockerfile

tests/docker/test_docker.py

@@ -7,7 +7,6 @@
 
 import logging
 import os
-import re
 import subprocess
 from collections.abc import Mapping
 from pathlib import Path
@@ -20,7 +19,7 @@
 from docker.models.images import Image  # type: ignore[import]
 
 import tests.testlib as testlib
-from tests.testlib.utils import cmk_path, get_cmk_download_credentials_file
+from tests.testlib.utils import cmk_path
 from tests.testlib.version import CMKVersion, version_from_env
 
 from cmk.utils.version import Edition
@@ -118,24 +117,13 @@ def _build(
     if prepare_package:
         _prepare_package(version)
 
-    logger.info("Starting helper container for build secrets")
-    secret_container = client.containers.run(
-        image="busybox",
-        command=["timeout", "180", "httpd", "-f", "-p", "8000", "-h", "/files"],
-        detach=True,
-        remove=True,
-        volumes={get_cmk_download_credentials_file(): {"bind": "/files/secret", "mode": "ro"}},
-    )
-    request.addfinalizer(lambda: secret_container.remove(force=True))
-
     logger.info("Building docker image (or reuse existing): %s", _image_name(version))
     try:
         image: Image
         build_logs: Mapping[str, str]
         image, build_logs = client.images.build(
             path=build_path,
             tag=_image_name(version),
-            network_mode="container:%s" % secret_container.id,
             buildargs={
                 "CMK_VERSION": version.version,
                 "CMK_EDITION": version.edition.long,
@@ -415,22 +403,6 @@ def test_build_using_local_deb(
     _prepare_package(version)
 
 
-# Test that the deb package from the download server is used.
-# Works only with daily enterprise builds.
-def test_build_using_package_from_download_server(
-    request: pytest.FixtureRequest, client: docker.DockerClient, version: CMKVersion
-) -> None:
-    if not (
-        version.is_enterprise_edition() and re.match(r"^\d\d\d\d\.\d\d\.\d\d$", version.version)
-    ):
-        pytest.skip("only enterprise daily packages are available on the download server")
-    package_path = Path(build_path, _package_name(version))
-    # make sure no local package is used.
-    if package_path.exists():
-        os.unlink(str(package_path))
-    _build(request, client, version, prepare_package=False)
-
-
 # Test that the local GPG file is used by making the build fail because of an empty file
 def test_build_using_local_gpg_pubkey(
     request: pytest.FixtureRequest, client: docker.DockerClient, version: CMKVersion