package obuilder-spec

  1. Overview
  2. Docs
Build specification format

Install

Dune Dependency

Authors

Maintainers

Sources

obuilder-spec-v0.3.tbz
sha256=43473944fefea40e80cfa18461e23e69b5c3b81add828a70250d085bc794d62d
sha512=4c523440945f69552d7defd0f453777b4f7204b17ec67de366ad8f77efdc3e08c938beda117d5b8585fea4767a2c95a52f48939024ae8d811af8a16e85d84646

CHANGES.md.html

v0.3

Security fix:

  • resolv.conf file should be mounted read-only.

Other changes:

  • Make Os and Db modules private. Move the env type to Config, as that is used externally.

  • Fix license. It was copy-pasted from OCurrent, and still mentioned that project's lib_ansi library.

  • Require obuilder-spec package to be same version.

v0.2

  • Add support for nested / multi-stage builds (@talex5 #48 #49).
    This allows you to use a large build environment to create a binary and then copy that into a smaller runtime environment. It's also useful to get better caching if two things can change independently (e.g. you want to build your software and also a linting tool, and be able to update either without rebuilding the other).

  • Add healthcheck feature (@talex5 #52).

    • Checks that Docker is running.

    • Does a test build using busybox.

  • Clean up left-over runc containers on restart (@talex5 #53).
    If btrfs crashes and makes the filesystem read-only then after rebooting there will be stale runc directories. New jobs with the same IDs would then fail.

  • Remove dependency on dockerfile (@talex5 #51).
    This also allows us more control over the formatting (e.g. putting a blank line between stages in multi-stage builds).

  • Record log output from docker pull (@talex5 #46).
    Otherwise, it's not obvious why we've stopped at a pull step, or what is happening.

  • Improve formatting of OBuilder specs (@talex5 #45).

  • Use seccomp policy to avoid necessary sync operations (@talex5 #44).
    Sync operations are really slow on btrfs. They're also pointless, since if the computer crashes while we're doing a build then we'll just throw it away and start again anyway. Use a seccomp policy that causes all sync operations to "fail", with errno 0 ("success"). On my machine, this reduces the time to apt-get install -y shared-mime-info from 18.5s to 4.7s. Use --fast-sync to enable to new behaviour (it requires runc 1.0.0-rc92).

  • Use a mutex to avoid concurrent btrfs operations (@talex5 #43).
    Btrfs deadlocks enough as it is. Don't stress it further by trying to do two things at once.

Internal changes:

  • Improve handling of file redirections (@talex5 #46).
    Instead of making the caller do all the work of closing the file descriptors safely, add an FD_move_safely mode.

  • Travis tests: ensure apt cache is up-to-date (@talex5 #50).

v0.1

Initial release.

OCaml

Innovation. Community. Security.