From 20c60aae682c18bcc416179d29686002d9200d1c Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Thu, 2 Dec 2021 17:33:37 -0800 Subject: [PATCH] Update hotfix documentation and container building --- Dockerfile | 2 ++ Dockerfile.dev | 22 --------------------- Dockerfile.hotfix | 50 +++++++++++++++++++++++++++++++++++++++++++++++ Makefile | 22 ++++++++++++++++----- docs/hotfixes.md | 6 +++--- 5 files changed, 72 insertions(+), 30 deletions(-) delete mode 100644 Dockerfile.dev create mode 100644 Dockerfile.hotfix diff --git a/Dockerfile b/Dockerfile index 5dd50b029..3db2c622e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ FROM minio/minio:latest +COPY ./minio /opt/bin/minio + ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] VOLUME ["/data"] diff --git a/Dockerfile.dev b/Dockerfile.dev deleted file mode 100644 index ef0be60b1..000000000 --- a/Dockerfile.dev +++ /dev/null @@ -1,22 +0,0 @@ -FROM minio/minio - -LABEL maintainer="MinIO Inc " - -ENV PATH=/opt/bin:$PATH - -RUN mkdir -p /opt/bin && chmod -R 777 /opt/bin - -COPY minio /opt/bin - -COPY dockerscripts/docker-entrypoint.sh /usr/bin/ - -RUN chmod +x /opt/bin/minio && \ - chmod +x /usr/bin/docker-entrypoint.sh - -EXPOSE 9000 - -ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] - -VOLUME ["/data"] - -CMD ["minio"] diff --git a/Dockerfile.hotfix b/Dockerfile.hotfix new file mode 100644 index 000000000..8ad18509d --- /dev/null +++ b/Dockerfile.hotfix @@ -0,0 +1,50 @@ +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.4 + +ARG RELEASE + +LABEL name="MinIO" \ + vendor="MinIO Inc " \ + maintainer="MinIO Inc " \ + version="${RELEASE}" \ + release="${RELEASE}" \ + summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \ + description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads." + +ENV MINIO_ACCESS_KEY_FILE=access_key \ + MINIO_SECRET_KEY_FILE=secret_key \ + MINIO_ROOT_USER_FILE=access_key \ + MINIO_ROOT_PASSWORD_FILE=secret_key \ + MINIO_KMS_SECRET_KEY_FILE=kms_master_key \ + MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \ + MINIO_CONFIG_ENV_FILE=config.env \ + PATH=/opt/bin:$PATH + +COPY dockerscripts/verify-minio.sh /usr/bin/verify-minio.sh +COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh +COPY CREDITS /licenses/CREDITS +COPY LICENSE /licenses/LICENSE + +RUN \ + microdnf clean all && \ + microdnf update --nodocs && \ + microdnf install curl ca-certificates shadow-utils util-linux --nodocs && \ + rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ + microdnf install minisign --nodocs && \ + mkdir -p /opt/bin && chmod -R 777 /opt/bin && \ + curl -s -q https://dl.min.io/server/minio/hotfixes/linux-amd64/archive/minio.${RELEASE} -o /opt/bin/minio && \ + curl -s -q https://dl.min.io/server/minio/hotfixes/linux-amd64/archive/minio.${RELEASE}.sha256sum -o /opt/bin/minio.sha256sum && \ + curl -s -q https://dl.min.io/server/minio/hotfixes/linux-amd64/archive/minio.${RELEASE}.minisig -o /opt/bin/minio.minisig && \ + microdnf clean all && \ + chmod +x /opt/bin/minio && \ + chmod +x /usr/bin/docker-entrypoint.sh && \ + chmod +x /usr/bin/verify-minio.sh && \ + /usr/bin/verify-minio.sh && \ + microdnf clean all + +EXPOSE 9000 + +ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] + +VOLUME ["/data"] + +CMD ["minio"] diff --git a/Makefile b/Makefile index f3b668f13..079d39fe8 100644 --- a/Makefile +++ b/Makefile @@ -77,16 +77,28 @@ build: checks ## builds minio to $(PWD) hotfix-vars: $(eval LDFLAGS := $(shell MINIO_RELEASE="RELEASE" MINIO_HOTFIX="hotfix.$(shell git rev-parse --short HEAD)" go run buildscripts/gen-ldflags.go $(shell git describe --tags --abbrev=0 | \ sed 's#RELEASE\.\([0-9]\+\)-\([0-9]\+\)-\([0-9]\+\)T\([0-9]\+\)-\([0-9]\+\)-\([0-9]\+\)Z#\1-\2-\3T\4:\5:\6Z#'))) - $(eval TAG := "minio/minio:$(shell git describe --tags --abbrev=0).hotfix.$(shell git rev-parse --short HEAD)") -hotfix: hotfix-vars install ## builds minio binary with hotfix tags + $(eval VERSION := $(shell git describe --tags --abbrev=0).hotfix.$(shell git rev-parse --short HEAD)) + $(eval TAG := "minio/minio:$(VERSION)") -docker-hotfix: hotfix checks ## builds minio docker container with hotfix tags +hotfix: hotfix-vars install ## builds minio binary with hotfix tags + @mv -f ./minio ./minio.$(VERSION) + @minisign -qQSm ./minio.$(VERSION) -s "${CRED_DIR}/minisign.key" < "${CRED_DIR}/minisign-passphrase" + @sha256sum < ./minio.$(VERSION) | sed 's, -,minio.$(VERSION),g' > minio.$(VERSION).sha256sum + +hotfix-push: hotfix + @scp -r minio.$(VERSION)* minio@dl-0.minio.io:~/releases/server/minio/hotfixes/linux-amd64/archive/ + @scp -r minio.$(VERSION)* minio@dl-1.minio.io:~/releases/server/minio/hotfixes/linux-amd64/archive/ + +docker-hotfix-push: docker-hotfix + @docker push $(TAG) + +docker-hotfix: hotfix-push checks ## builds minio docker container with hotfix tags @echo "Building minio docker image '$(TAG)'" - @docker build -t $(TAG) . -f Dockerfile.dev + @docker build -t $(TAG) --build-arg RELEASE=$(VERSION) . -f Dockerfile.hotfix docker: build checks ## builds minio docker container @echo "Building minio docker image '$(TAG)'" - @docker build -t $(TAG) . -f Dockerfile.dev + @docker build -t $(TAG) . -f Dockerfile install: build ## builds minio and installs it to $GOPATH/bin. @echo "Installing minio binary to '$(GOPATH)/bin/minio'" diff --git a/docs/hotfixes.md b/docs/hotfixes.md index 253fb3b28..7ac3f3493 100644 --- a/docs/hotfixes.md +++ b/docs/hotfixes.md @@ -109,12 +109,12 @@ To add a hotfix tag to the binary version and embed the relevant #### Builds the hotfix binary ``` -λ make hotfix +λ CRED_DIR=/media/builder/minio make hotfix ``` #### Builds the hotfix container ``` -λ make docker-hotfix +λ CRED_DIR=/media/builder/minio make docker-hotfix ``` -Once this has been provided to the customer relevant binary will be uploaded from our *release server* securely, directly to https://dl.minio.io/server/minio/hotfixes/ +Once this has been provided to the customer relevant binary will be uploaded from our *release server* securely, directly to https://dl.minio.io/server/minio/hotfixes/archive/