diff --git a/docker_image/Dockerfile b/docker_image/Dockerfile index 3f014766003..56175f9393f 100644 --- a/docker_image/Dockerfile +++ b/docker_image/Dockerfile @@ -8,8 +8,6 @@ ARG CMK_VERSION="2.2.0b9" # Choose one of: raw, enterprise, managed ARG CMK_EDITION="raw" -ARG CMK_DL_URL="https://download.checkmk.com/checkmk" - # The following variables can be set during container init (docker run -e KEY=val) ARG CMK_SITE_ID ENV CMK_SITE_ID="cmk" @@ -30,11 +28,6 @@ ARG DISTRO_CODENAME="jammy" # Used e.g. for omd update ENV CMK_CONTAINERIZED="TRUE" -# The credentials for the download are provided by a sidecar container. For -# local builds it is convenient to change this (e.g. to the docker host and -# running `python -m http.simple`) -ARG CREDENTIALS_URL="http://127.0.0.1:8000/secret" - # Make the list of required packages available to the following command COPY needed-packages /needed-packages @@ -84,11 +77,8 @@ RUN set -e \ && PKG_NAME="check-mk-${CMK_EDITION}-${CMK_VERSION}" \ && PKG_FILE="${PKG_NAME}_0.${DISTRO_CODENAME}_$(dpkg --print-architecture).deb" \ && if [ ! -e "/${PKG_FILE}" ]; then \ - echo "Receive download credentials from ${CREDENTIALS_URL}..." && \ - CMK_DL_CREDENTIALS=$(curl -fsS "${CREDENTIALS_URL}") && \ - echo "Downloading ${PKG_FILE}..." && \ - echo "--user \"${CMK_DL_CREDENTIALS}\"" \ - | curl -f -o "${PKG_FILE}" -K - "${CMK_DL_URL}/${CMK_VERSION}/${PKG_FILE}" ; \ + echo "ERROR: Please provide ${PKG_FILE} by downloading it from https://download.checkmk.com/checkmk" \ + && return 1 ; \ fi \ && gpg -q --import "/Check_MK-pubkey.gpg" \ && gpg --verify "${PKG_FILE}" \ diff --git a/docker_image/Makefile b/docker_image/Makefile index 2084b20e2b1..786695bf08e 100644 --- a/docker_image/Makefile +++ b/docker_image/Makefile @@ -6,13 +6,9 @@ include ../defines.make -CREDENTIALS_FILE := $$HOME/.cmk-credentials DOCKER_REPO_NAME := checkmk SHELL := /bin/bash -e -o pipefail RESOLVE_CMD := ../buildscripts/docker_image_aliases/resolve.py -SECRET_CONTAINER_ID_CMD := docker run -d --rm \ - --volume $(CREDENTIALS_FILE):/files/secret \ - $$($(RESOLVE_CMD) IMAGE_BUSYBOX_LATEST) timeout 180 httpd -f -p 8000 -h /files .PHONY: help setup setversion image image-daily clean test-lint-dockerfile test-lint-entrypoint @@ -59,18 +55,14 @@ image: needed-packages echo "VERSION_TAG is not set, please pass this environment variable during make target call."; \ exit 1; \ fi; \ - SECRET_CONTAINER_ID=$$($(SECRET_CONTAINER_ID_CMD)) ; \ - DOCKER_BUILDKIT=0 docker build \ - --network=container:$$SECRET_CONTAINER_ID \ + docker build \ --build-arg CMK_VERSION="$(VERSION)" \ --build-arg CMK_EDITION="$(EDITION)" \ --build-arg IMAGE_CMK_BASE=$$($(RESOLVE_CMD) IMAGE_CMK_BASE) \ -t $(DOCKER_REPO_NAME)/check-mk-$(EDITION):$(VERSION_TAG) \ . ; \ - docker stop $$SECRET_CONTAINER_ID image-daily: needed-packages - SECRET_CONTAINER_ID=$$($(SECRET_CONTAINER_ID_CMD)) ; \ BRANCH_PREFIX="$$(git rev-parse --abbrev-ref HEAD)" ; \ if [[ "$$BRANCH_PREFIX" == "master" || "$$BRANCH_PREFIX" =~ "/" ]]; then \ BRANCH_PREFIX="" ; \ @@ -79,15 +71,13 @@ image-daily: needed-packages fi ; \ VERSION="$${VERSION:-$$(date +%F)}" ; \ VERSION="$${BRANCH_PREFIX}$${VERSION//-/.}" ; \ - DOCKER_BUILDKIT=0 docker build \ - --network=container:$$SECRET_CONTAINER_ID \ + docker build \ --build-arg CMK_VERSION="$${VERSION}" \ --build-arg CMK_EDITION=$(EDITION) \ --build-arg IMAGE_CMK_BASE=$$($(RESOLVE_CMD) IMAGE_CMK_BASE) \ -t $(DOCKER_REPO_NAME)/check-mk-$(EDITION):$${VERSION} \ -t $(DOCKER_REPO_NAME)/check-mk-$(EDITION):$${BRANCH_PREFIX}daily \ . ; \ - docker stop $$SECRET_CONTAINER_ID test-lint-dockerfile: docker run --rm -i $$($(RESOLVE_CMD) IMAGE_HADOLINT) < Dockerfile diff --git a/tests/docker/test_docker.py b/tests/docker/test_docker.py index 160ebf80103..0a0808cb901 100644 --- a/tests/docker/test_docker.py +++ b/tests/docker/test_docker.py @@ -7,7 +7,6 @@ import logging import os -import re import subprocess from collections.abc import Mapping from pathlib import Path @@ -20,7 +19,7 @@ from docker.models.images import Image # type: ignore[import] import tests.testlib as testlib -from tests.testlib.utils import cmk_path, get_cmk_download_credentials_file +from tests.testlib.utils import cmk_path from tests.testlib.version import CMKVersion, version_from_env from cmk.utils.version import Edition @@ -118,16 +117,6 @@ def _build( if prepare_package: _prepare_package(version) - logger.info("Starting helper container for build secrets") - secret_container = client.containers.run( - image="busybox", - command=["timeout", "180", "httpd", "-f", "-p", "8000", "-h", "/files"], - detach=True, - remove=True, - volumes={get_cmk_download_credentials_file(): {"bind": "/files/secret", "mode": "ro"}}, - ) - request.addfinalizer(lambda: secret_container.remove(force=True)) - logger.info("Building docker image (or reuse existing): %s", _image_name(version)) try: image: Image @@ -135,7 +124,6 @@ def _build( image, build_logs = client.images.build( path=build_path, tag=_image_name(version), - network_mode="container:%s" % secret_container.id, buildargs={ "CMK_VERSION": version.version, "CMK_EDITION": version.edition.long, @@ -415,22 +403,6 @@ def test_build_using_local_deb( _prepare_package(version) -# Test that the deb package from the download server is used. -# Works only with daily enterprise builds. -def test_build_using_package_from_download_server( - request: pytest.FixtureRequest, client: docker.DockerClient, version: CMKVersion -) -> None: - if not ( - version.is_enterprise_edition() and re.match(r"^\d\d\d\d\.\d\d\.\d\d$", version.version) - ): - pytest.skip("only enterprise daily packages are available on the download server") - package_path = Path(build_path, _package_name(version)) - # make sure no local package is used. - if package_path.exists(): - os.unlink(str(package_path)) - _build(request, client, version, prepare_package=False) - - # Test that the local GPG file is used by making the build fail because of an empty file def test_build_using_local_gpg_pubkey( request: pytest.FixtureRequest, client: docker.DockerClient, version: CMKVersion