From 4b4a98d5e59354870325ad19703fba03d1b104c2 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Wed, 1 Nov 2023 11:37:25 -0700 Subject: [PATCH] add support for older CPU via a new container image (#18370) fixes #18365 --- Dockerfile.hotfix | 3 +- Dockerfile.release | 5 ++-- Dockerfile.release.old_cpu | 61 ++++++++++++++++++++++++++++++++++++++ docker-buildx.sh | 9 ++++++ 4 files changed, 75 insertions(+), 3 deletions(-) create mode 100644 Dockerfile.release.old_cpu diff --git a/Dockerfile.hotfix b/Dockerfile.hotfix index b15b575de..a8db05d01 100644 --- a/Dockerfile.hotfix +++ b/Dockerfile.hotfix @@ -18,7 +18,8 @@ RUN curl -s -q https://dl.min.io/server/minio/hotfixes/linux-${TARGETARCH}/archi # Download mc binary and signature file RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \ - curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig + curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \ + chmod +x /go/bin/mc # Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN" RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav && \ diff --git a/Dockerfile.release b/Dockerfile.release index 05252d3c9..c72098751 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -18,13 +18,14 @@ RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archiv # Download mc binary and signature file RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \ - curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig + curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \ + chmod +x /go/bin/mc # Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN" RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav && \ minisign -Vqm /go/bin/mc -x /go/bin/mc.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav -FROM registry.access.redhat.com/ubi9/ubi-micro:9.2 +FROM registry.access.redhat.com/ubi9/ubi-micro:latest ARG RELEASE diff --git a/Dockerfile.release.old_cpu b/Dockerfile.release.old_cpu new file mode 100644 index 000000000..49d70725b --- /dev/null +++ b/Dockerfile.release.old_cpu @@ -0,0 +1,61 @@ +FROM golang:1.21-alpine as build + +ARG TARGETARCH +ARG RELEASE + +ENV GOPATH /go +ENV CGO_ENABLED 0 + +# Install curl and minisign +RUN apk add -U --no-cache ca-certificates && \ + apk add -U --no-cache curl && \ + go install aead.dev/minisign/cmd/minisign@v0.2.0 + +# Download minio binary and signature file +RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \ + curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \ + chmod +x /go/bin/minio + +# Download mc binary and signature file +RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \ + curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \ + chmod +x /go/bin/mc + +# Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN" +RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav && \ + minisign -Vqm /go/bin/mc -x /go/bin/mc.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav + +FROM registry.access.redhat.com/ubi8/ubi-micro:latest + +ARG RELEASE + +LABEL name="MinIO" \ + vendor="MinIO Inc " \ + maintainer="MinIO Inc " \ + version="${RELEASE}" \ + release="${RELEASE}" \ + summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \ + description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads." + +ENV MINIO_ACCESS_KEY_FILE=access_key \ + MINIO_SECRET_KEY_FILE=secret_key \ + MINIO_ROOT_USER_FILE=access_key \ + MINIO_ROOT_PASSWORD_FILE=secret_key \ + MINIO_KMS_SECRET_KEY_FILE=kms_master_key \ + MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \ + MINIO_CONFIG_ENV_FILE=config.env \ + MC_CONFIG_DIR=/tmp/.mc + +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=build /go/bin/minio /usr/bin/minio +COPY --from=build /go/bin/mc /usr/bin/mc + +COPY CREDITS /licenses/CREDITS +COPY LICENSE /licenses/LICENSE +COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh + +EXPOSE 9000 +VOLUME ["/data"] + +ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] +CMD ["minio"] diff --git a/docker-buildx.sh b/docker-buildx.sh index fb93c0f7a..2ebc98e6f 100755 --- a/docker-buildx.sh +++ b/docker-buildx.sh @@ -15,6 +15,15 @@ docker buildx build --push --no-cache \ docker buildx prune -f +docker buildx build --push --no-cache \ + --build-arg RELEASE="${release}" \ + -t "minio/minio:${release}-cpuv1" \ + -t "quay.io/minio/minio:${release}-cpuv1" \ + --platform=linux/arm64,linux/amd64,linux/ppc64le,linux/s390x \ + -f Dockerfile.release.old_cpu . + +docker buildx prune -f + docker buildx build --push --no-cache \ --build-arg RELEASE="${release}" \ -t "minio/minio:${release}.fips" \