Thanks to @fabiokung there is no container locks anymore on
docker ps #31273
New development repo is open at https://github.com/moby/buildkit
The readme file provides examples how to get started. You can see an example of building BuildKit with BuildKit.
There are lots of new issues opened as well to track the missing functionality. You are welcomed to help on any of them or discuss the design there.
Last week most of the work was done on improving the
llb client library for more complicated use cases and providing traces and interactive progress of executed build jobs.
llb client package is a go library that helps you to generate the build definition graph. It uses chained methods to make it easy to describe what steps need to be running. Mounts can be added to the execution steps for defining multiple inputs or outputs. To prepare the graph, you just have to call
Marshal() on a leaf node that will generate the protobuf definition for everything required to build that node.
This PR that enables parsing Dockerfiles into typed structures so they can be preprocessed to eliminate unnecessary build stages and reused with different kinds of dispatchers(eg. BuildKit).
The PR had some review and updates in last week. Should be ready to code review soon.
Incremental context sending PR was merged and is expected to land in
This feature experimental feature lets you skip sending the build context to the daemon on repeated builder invocations during development. Currently, this feature requires a CLI flag
--stream=true. If this flag is used, one first builder invocation full build context is sent to the daemon. On a second attempt, only the changed files are transferred.
Previous build context is saved in the build cache, and you can see how much space it takes form
docker system df. Build cache will be automatically garbage collected and can also be manually cleared with
Move file copying from the daemon to the builder PR was merged.
Allow --cache-from=* (new)
If you are interested in implementing any of them, leave a comment on the specific issues.
Build secrets has not got much traction. If you want this feature to become a reality, please make yourself heard.
Kernel GPG verification: The kernel compilation containers now verify the GPG and SHA256 checksums before building the binaries. (#2062 #2083 [@mscribe] [@justincormack] [@rn] [@riyazdf]). The base Alpine build image now includes
gnupg to support this feature (#2091 [@riyazdf] [@rn]).
Security SIG on Landlock: The third Moby Security SIG focussed on the Landlock security module that provides unprivileged fine-grained sandboxing to applications. There are videos and forum links (#2087 #2089 #2073 [@riyazdf]).
Whaley important update: The ASCII logo was updated and we fondly wave goodbye to the waves. (#2084 [@thaJeztah] [@rn])
Containerised getty and sshd: The login services now run in their own mount namespace, which was confusing people since they were expecting it to be on the host filesystem. This is now being addressed via a reminder in the
motd upon login (#2078 #2097 [@deitch] [@ijc] [@justincormack] [@riyazdf] [@rn])
Hardened user copying: The RFC on ensuring that we use a hardened kernel/userspace copying system was closed, as it is enabled by default on all our modern kernels and a regression test is included by default (#2086 [@fntlnz] [@riyazdf]).