From 6aebc9831f43542a19dbb2232f290b6a2dc57520 Mon Sep 17 00:00:00 2001 From: Jiawei Huang Date: Mon, 8 Dec 2025 13:39:10 -0800 Subject: [PATCH 1/2] Upgrade calico/go-build base to UBI 9 and remove UBI 8 --- images/Makefile | 5 +- images/calico-base/Dockerfile.ubi8 | 66 -------------- images/calico-go-build/Dockerfile | 18 ++-- .../almalinux/RPM-GPG-KEY-AlmaLinux | 87 ------------------- .../almalinux/RPM-GPG-KEY-AlmaLinux-9 | 52 +++++++++++ .../almalinux/almalinux-appstream.repo | 6 +- .../{almalinux.repo => almalinux-baseos.repo} | 6 +- .../almalinux/almalinux-crb.repo | 10 +++ .../almalinux/almalinux-extras.repo | 10 +++ .../almalinux/almalinux-powertools.repo | 10 --- images/calico-go-build/versions.yaml | 2 +- 11 files changed, 91 insertions(+), 181 deletions(-) delete mode 100644 images/calico-base/Dockerfile.ubi8 delete mode 100644 images/calico-go-build/almalinux/RPM-GPG-KEY-AlmaLinux create mode 100644 images/calico-go-build/almalinux/RPM-GPG-KEY-AlmaLinux-9 rename images/calico-go-build/almalinux/{almalinux.repo => almalinux-baseos.repo} (70%) create mode 100644 images/calico-go-build/almalinux/almalinux-crb.repo create mode 100644 images/calico-go-build/almalinux/almalinux-extras.repo delete mode 100644 images/calico-go-build/almalinux/almalinux-powertools.repo diff --git a/images/Makefile b/images/Makefile index c144b39a..b690ed85 100644 --- a/images/Makefile +++ b/images/Makefile @@ -35,15 +35,14 @@ else ifeq ($(ARCH),s390) override LDSONAME=ld64.so.1 endif -UBI_VERSIONS ?= ubi8 ubi9 ubi10 +UBI_VERSIONS ?= ubi9 ubi10 .PHONY: calico-base-image calico-base-image: $(addprefix calico-base-image-,$(UBI_VERSIONS)) .PHONY: calico-base-image-% calico-base-image-%: register - $(eval DOCKERFILE := $(if $(filter ubi8,$*),Dockerfile.ubi8,Dockerfile)) - $(DOCKER_BUILD) --build-arg LDSONAME=$(LDSONAME) --build-arg=UBI_VERSION=$* -t $(CALICO_BASE):$*-latest-$(ARCH) -f calico-base/$(DOCKERFILE) calico-base/ + $(DOCKER_BUILD) --build-arg LDSONAME=$(LDSONAME) --build-arg=UBI_VERSION=$* -t $(CALICO_BASE):$*-latest-$(ARCH) -f calico-base/Dockerfile calico-base/ $(MAKE) BUILD_IMAGES=$(CALICO_BASE) retag-build-images-with-registries VALIDARCHES=$(ARCH) LATEST_IMAGE_TAG=$*-latest IMAGETAG=$*-latest .PHONY: calico-base-image-all diff --git a/images/calico-base/Dockerfile.ubi8 b/images/calico-base/Dockerfile.ubi8 deleted file mode 100644 index 832cf96d..00000000 --- a/images/calico-base/Dockerfile.ubi8 +++ /dev/null @@ -1,66 +0,0 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest AS ubi - -ARG LDSONAME -ARG TARGETARCH - -RUN microdnf upgrade -y - -# Prepare a rootfs for necessary files from UBI. -# Symbolic links are preserved. -RUN mkdir -p /rootfs/lib64 /rootfs/etc - -# Copy dynamic loader and symbolic links. -# For s390x architecture, modify the /lib/${LDSONAME} symlink to ../lib64/${LDSONAME} -# instead of /usr/lib64 as the /usr/lib64 directory is not included in our base. -RUN cp /lib64/ld-2.28.so /rootfs/lib64/ld-2.28.so -RUN set -eux; \ - cp -a /lib64/${LDSONAME} /rootfs/lib64/${LDSONAME}; \ - if [ -f /lib/${LDSONAME} ]; then \ - mkdir -p /rootfs/lib && cp -a /lib/${LDSONAME} /rootfs/lib/${LDSONAME}; \ - if [ "${TARGETARCH}" = "s390x" ]; then \ - ln -sf ../lib64/${LDSONAME} /rootfs/lib/${LDSONAME}; \ - fi \ - fi - -# Required external C dependencies for CGO builds. -RUN cp /lib64/libc.so.6 /rootfs/lib64/libc.so.6 -RUN cp /lib64/libpthread.so.0 /rootfs/lib64/libpthread.so.0 -RUN cp /lib64/libresolv.so.2 /rootfs/lib64/libresolv.so.2 - -# Standard C library dependencies required for C/C++ applications. -RUN cp /lib64/libdl.so.2 /rootfs/lib64/libdl.so.2 -RUN cp /lib64/libgcc_s.so.1 /rootfs/lib64/libgcc_s.so.1 -RUN cp /lib64/libm.so.6 /rootfs/lib64/libm.so.6 -RUN cp /lib64/librt.so.1 /rootfs/lib64/librt.so.1 -RUN cp /lib64/libstdc++.so.6 /rootfs/lib64/libstdc++.so.6 - -# Glibc NSS plugins and config files. -# Use our customized configuration, since the base image only includes the dns and files plugins. -COPY nsswitch.conf /rootfs/etc/nsswitch.conf - -RUN cp /lib64/libnss_dns.so.2 /rootfs/lib64/libnss_dns.so.2 -RUN cp /lib64/libnss_files.so.2 /rootfs/lib64/libnss_files.so.2 - -RUN cp /etc/host.conf /rootfs/etc/host.conf -RUN cp /etc/hosts /rootfs/etc/hosts -RUN cp /etc/networks /rootfs/etc/networks - -# Copy base image release info. -RUN cp /etc/os-release /rootfs/etc/os-release - -FROM scratch AS source - -COPY --from=ubi /rootfs / - -# Verify if glibc can be properly loaded. -# This check ensures that the dynamic loader and symbolic links are copied correctly. -RUN ["/lib64/libc.so.6"] - -# tmp.tar has a /tmp with the correct permissions 01777. -ADD tmp.tar / - -COPY licenses /licenses/ - -FROM scratch - -COPY --from=source / / diff --git a/images/calico-go-build/Dockerfile b/images/calico-go-build/Dockerfile index 70a42843..0367b705 100644 --- a/images/calico-go-build/Dockerfile +++ b/images/calico-go-build/Dockerfile @@ -2,7 +2,7 @@ ARG TARGETARCH=${TARGETARCH} FROM calico/bpftool:v7.4.0 AS bpftool -FROM registry.access.redhat.com/ubi8/ubi:latest AS ubi +FROM registry.access.redhat.com/ubi9/ubi:latest AS ubi ARG TARGETARCH @@ -37,18 +37,20 @@ RUN dnf upgrade -y && dnf install -y \ xz \ zip -# Install yq and copy versions.yaml -RUN curl -sfL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${TARGETARCH} -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq +# Install system dependencies that are not in UBI repos +COPY almalinux/RPM-GPG-KEY-AlmaLinux-9 /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 +COPY almalinux/almalinux*.repo /etc/yum.repos.d/ +# Install yq and copy versions.yaml COPY versions.yaml /etc/versions.yaml -# Install system dependencies that are not in UBI repos -COPY almalinux/RPM-GPG-KEY-AlmaLinux /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux -COPY almalinux/almalinux*.repo /etc/yum.repos.d/ +RUN set -eux; \ + dnf --enablerepo=extras install -y epel-release && \ + dnf install -y yq RUN set -eux; \ llvm_version=$(yq -r .llvm.version /etc/versions.yaml); \ - dnf --enablerepo=baseos,powertools,appstream install -y \ + dnf --enablerepo=appstream,baseos,crb install -y \ clang-${llvm_version} \ elfutils-libelf-devel \ iproute-devel \ @@ -58,7 +60,7 @@ RUN set -eux; \ RUN set -eux; \ if [ "${TARGETARCH}" = "amd64" ]; then \ - dnf --enablerepo=powertools install -y \ + dnf --enablerepo=appstream,baseos,crb install -y \ mingw64-gcc; \ fi diff --git a/images/calico-go-build/almalinux/RPM-GPG-KEY-AlmaLinux b/images/calico-go-build/almalinux/RPM-GPG-KEY-AlmaLinux deleted file mode 100644 index fe1293e5..00000000 --- a/images/calico-go-build/almalinux/RPM-GPG-KEY-AlmaLinux +++ /dev/null @@ -1,87 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mQINBF/9iQ4BEADguRE+cjShp7JujKkiVH3+ZYYD5ncX7IMh7Ig0DbDC8ldtm84k -4vi8266IIBLM3eRgkF9sgHciRikTPow50R+Ww7jJzehV9vjTkRzWr8ikog6X3ZPw -rh9QAqOdTOIn4bBSS6j5+xdxYKG7yEWXjADbkFVSiLvejp3FrLZGlNFdPCkGKFhC -vTCgbEKtAkXHx/jFDJCYbnJkzrecCSd+a3yQ4Ehp6TCxnywXdseX4WGyNT3E6Ppu -JRIXLKrVwP/5pZxqgBS9EDsQpaqxmkS8iJe9j8Bkzm4mL0K4Y8B5vApIyxRO0i0C -8Eb8UgLSoOwWsZjWpDcYtLgCTNT1CCaOe5lG6qy3HD6Y7LiXinnMgq5uXbfTEKxZ -rUyQ9Jepxe5hk5GJ1mTbQ6vEj0oYOWYWCwLZKOHucRh8BmvYEbhMBGsgBGcMruql -Na+gw1eVIMTknGCdGGwceb3DLNHXGolU3GDTKd8d6lEaXkFx9zXWBicOIDyG72tU -vZMj2RVzmgEhxcw1vKxoJIUOegjpdqBqTJRnM/tnimm4eE65hHhuqRYIngwHWqL0 -K+Daxt+J+4l5Xo56AEYc+2i8JA1nGT/nw13KE/7S79wRVaJPzDccI7/mefDKcF3R -EGWG7f9jWqoCB+wvXD+0FpHDcp0TPgDcWTObUs3yBoySbgj8IXL3z2R64wARAQAB -tCJBbG1hTGludXggPHBhY2thZ2VyQGFsbWFsaW51eC5vcmc+iQI+BBMBAgAoBQJf -/YkOAhsBBQkFo5qABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBIj898Ors0 -+IsjD/9/F/PIu7kSn4P8Ud9j/iyoO8hH53qXKMimarg920ugt2uUyl6SzaJqV0dK -ACrczvC0VmxrNaJ1jB31TGPpdJZpey5AJbefofu/RgAlxHN6o3QX0Br4bEHahF20 -21q2eIjoMrq8eiz8X5D2wfx6CyOA6RZY96MVQ2whXjQHV+hwo65xyMUyjTuFx5Pb -nl7gdYr9EkH3EafdNrpuVurp+Zrgur+973nUrzKq8c2rlDiEQz/ZG+bgasTDYkcz -q6NUPP5OQ5BVpFCkuE9YuziZD+37hxN07P2gyz9NRrfAOZqBXj8er4vqNhpR/lLA -h5QF1erb0mjcMFEhkV8ETN0ceJzL/t829BlQ7MB7LdQ5v9kc5p5cwcsBly54ouI0 -l9LjSN95Al0VPoWE8zgjnytecu2UN5+0k12bfcj0zjKdAxEVD3y9Id1MJIze7/PA -6v3LOk+SSs8M0ASmZEnDBTCbDRpXlDDUKEEmMIBRdvpTxjiUnwD2tHwhXR8m6vw6 -749i+mdc8fgljTey8sJLKxTabbYNgTHLi9lCMdmPlKU2QJYsIwIBpqF2/eenNyZT -LvlW/aBUU7Li3etUnJeP9ig+V2LuDhyT6TlVPsFKCCruoy7faSjW2/2wlVcasGQp -YqqqqtQJyVDRud6ig7oH3EWSvUySEmywjBp5zfwrMw3jeWkwHbkBjQRf/YnGAQwA -tk5NBR7SCwYwEsmPDUX/SJ98eGHb1nux/cRaX+K2KgX7Yi3hhlFs/InkiiNKs+Au -0N5ZBIXltypguo5jE3MwXQxLr2MfJ74bdDXR7z3BmBB92BMaS+tHNJWroYnqiSQ7 -2PXfWRF9PtlChF12NyK6SVrQg58IqJjf5MQ8hodgIk0t21qCvxe/IotktjKHy2Vn -gvKPjtT05qXpAK0CP8N5wtOc4WnFCxvNTI7e1KkYS4dvXHL6V+WvqL3saGIXY5Iy -0jYZW5xMxh691C+HvHQ8/Lof3Enenz3hDJR0X9wvzusxBJWwg/vqRIR8+YYKSHj1 -VEFycTabqGLlnPpYpFqDOdqS2gDtdrD6FEsrSpy9pBd98XAzjkn6BW4Rf0PTaJ/z -b3paHsqxEnWbamANs5GYs1Y/1rEIl66jOhZB9Sua22/wfGd3PvfM6nxi825l4coO -bbivRY6U4/WtxQUcK8zdoF97zUlvbNNN0LsluZ0tBF44o5vt7f4aCGXZ8XMVIef1 -ABEBAAGJA8QEGAECAA8FAl/9icYCGwIFCQWjmoABqQkQSI/PfDq7NPjA3SAEGQEC -AAYFAl/9icYACgkQUdZkfsIa1upqtQv/R9oLsG3g4Rg2MKDrXYSa94n1CBY5ESDL -1N0mZTWQ5nVdfIWWifnpe72VDBR3Y+r5ootnCHq09DbK+K3q82q2UmGEq968mR96 -LKGjWuTS1rY/MCbQbW+jcrnju0T3bCcImggMJoYCzuUnBfIkexObwi/YidqgL92+ -nw3NzqeWnq+gu/1Q2ngzhN8Ft4mwOcFr9H0px0476LLvR+7lrSu2HqGeHk+fUA4c -ZNwvsgGYgCAJhz8fPwKCoLrxsE82bkZ86JgUJEcMu0ki4UFo3rg6NmkDwnrYO61l -MOrBCxt/lPJz7d8L9oCLu9pJSBsKH9RNqO10NAoEMppKwnQSz6RQFRJj7WNW+OEs -mjZt7sNrTr0Y+udx58Sqd0C5k7lGUtYWKKGpLfdz0RLnBTTFmjnB3Y2uyOJFc4FS -g251yjk9ds1AFjdRThQ2kFpZzQAo5ei6zMBaZATg0E2uk4HAfpQ58CPGj4f1k3py -1N2hYUA+qksZIVxjFfwYr5LCv4tMZumZl6UP/je7EHh5IGkB1+Bpeyj3dudZblvM -lE6kdGridxInbiJvgqBSdprIksR8wm1Vy/Z1/lHEM6QnUODGyRAbjQHL3kPKloPj -lKr8TNAELbmVTZjBRJowsGw27rhYAaji/qEet/0ALfu2l3QuOQ38dyuPpxlDSTLY -WnajVIgvSJUU3Yl38Lp3UTuHdtdiNWgyHkLOA/11GK14RSWYsjZAamstlSpl24Op -yKLN5z+q4tNAs+tfQrWNRi3SMG7UDroxztJVkHGvuJ2DT/Q6tANigPzipLzSgOIO -8Wa2aQmqtQ4V0eB2S4DxcMckHti3+4fbrzBzeN/PFaIVLwUtdsUdBs+TtSZFdN9e -i0oLUChIYKDvVBGqgmIor6YgenNSSZni3rj+RRA3gQom7jyVrQPgUv7lsv/MLCmg -Ogpibxs3+SDbbZ6tP0D8uxdRnB4NVeENewlqw/ImacgjLtjBHaq+BebjWErIAkdX -VnjWoLdZoV3B4ComKsjFNf7sfbzV/T2Xpg/r/u1WkiSjvD0mkSZ+3seDjd6oL20s -p7jGLnSGZqGsUksJym0tWRvuyspgTELZlcjuMfHKuKmYudYFi+Y48+YsdJ7UetNT -kAIBinjtZwEEAP4GumNNy7f4l4tt1CBy1EgoYtYCcJC5SGyhWMee3L3hLhHe7Iwd -72EHtteVBoVn0eg6 -=rEWJ ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGUlFG8BEADc0kEC57b722MbPVkI8aoYFAEWM+lj084H26msZpAYVfW7fCi5 -S7g3n6htVdvvnB6MrJANitZgQhMyC7tchNQz5sjrFffasNkOoI5Q27PSrG676ILP -diowPWfJkwrN0f0UcJsV3w5KBedvUXJnoa64lP/oBFkbz3SvUTqZFkSBzOfCTdXW -bvpZonghgm/AEU8wqsdOitXU23Xn4fsPB7aULgR31jz3irnaUDFXUnNqoiQpU6JB -P6WiFqN/IZMH95HW1WlMBGSOalSbQUlNEND3J0lxK2a33UBmTdR3aLyS+o9P8+7b -Cdzbkrs1fXXVxxvlaQdSWBSjVULUZjKIZ+HtqhIaTiBELa7JHBEBbEZgNHpymmc8 -hIF6fdTbzbbYx9MbNmpzCcr+SKHubCdvZyX2FsWK1CHvYx6iPc9wcu4x9yh8MIfp -KpLSJG1SaSCHbUdatpsOSQK2pbIN3THsvFrKPVssLrMgVjwp22Q3vMFL+ldq0vZ5 -6uIIiNRKrX2CKKrUy1kF7FjDNMx4riaCQHs5vp7qOttxv0E/X4Z9B4QZdC02H2Mq -Ea5LoDxONutv+JMzWFyxIEQvbnfdDSu4QUDkn3H1WkBNmqTUwny5DSxZNjGB8a6P -ISaIE+kN2pp5v9eB8Q4+4BxbU2G2/Jy/V6bFC8eLL+PIKodPKbpCqoPyGwARAQAB -tCdBbG1hTGludXggT1MgOCA8cGFja2FnZXJAYWxtYWxpbnV4Lm9yZz6JAk8EEwEI -ADkWIQS8Xt3K31AsB38Vgogq6B6KztcliwUCZSUUbwIbAwQLCQgHAyICAQQVCgkI -BBYCAwECHgcCF4AACgkQKugeis7XJYvOeA/9E/hJwfd7UPtvsv+y7Wiei1NCt+OJ -AzJQPjEzHJNmLAD157AHtpA2yZpB9GlRQkjRu40fn0It20mwjnl0j5oHF9HnQ+/H -Qtiw9pwgNpZJaTe5YnzETbGqrrOVgWihkJyJhn42vtuirNu7pKJvWilRvz1a81JK -i/okezXp1KBrgrxR/bG26c8k61AK6n/ExI1MoHZhyaAAebFqG8vTiWTuC2a4t7SD -pxbzsn5CMuXqVY1gxIdiUGzgrXfSm5WgpSYEG01VN+VF885caPvtMHoLBy/pLGN3 -5TKp4pKiA9JGQxtlZLdO666UbpgbjoxFYxNZEwY3Tdx37zbsP4pHcaN8fOGbk5mG -h8LwkjppPZzoXONyBfUJ+uHBEzRJEw4KtVRgaZZfCcojRvmyJB4TAM1SYkikaw8F -0gi3OPRWtVdEogxP0XD/tTrPSKo7pTDEk17HIyKCU0KxF4ZSbxXFMeH5OZUQAQM4 -l7ECGNg3bVhXC66AHE72mz/PN39M2Z0Sww7GWYCf6IDhhkeTxYx+I7VW1Uo9ht5L -i3ZRMbX/h6NBYTUaPJEx3fwixNv2+RtE3m4JIxg76xBOYGLyIRlaImWNGKTnGz5m -IBRP5Vm7nRdFOOFhNz+iDIyq0LEyhGU7xCriFaL+ozXLiIzycidgTTZW3WfkHxlr -ZEzov/wIBeoaIp8= -=mC/C ------END PGP PUBLIC KEY BLOCK----- diff --git a/images/calico-go-build/almalinux/RPM-GPG-KEY-AlmaLinux-9 b/images/calico-go-build/almalinux/RPM-GPG-KEY-AlmaLinux-9 new file mode 100644 index 00000000..d4165d58 --- /dev/null +++ b/images/calico-go-build/almalinux/RPM-GPG-KEY-AlmaLinux-9 @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGHmnykBEACuIcqcNYTmu2q58XI5NRZowdJGAxxs+6ExX7qsa4vbPp6St7lB +JmLpwf5p6czIBhLL4b8E7zJpu57tVDo7Ejw6Hv584rbI8vw7pnMTe6XUFhMTL8FT +lyAmn8xAIlcyM+SzshnxAc5b8E0p/egMonr3J1QnvMSfixMQ59GrmLVyece7Vv3J +4fREh6k31kg7eQdEkzRQhRdO2KyxWYLR0A6haXSXVaiBOjFF7iUs7anlJSfeD3FO +afPq0Ix8oWi+mUc4txkABMdsGpdkE/MHOwN90FB8EG5XVrdv3emm3yzKMMzb53Yd +jcf0fovIeRloQyl9+CrVCnkBjFcIFBZZddsB43kM7eTflmAQ+tanOZ8OKBRPMtmI +56b/vk31ozHUoST/NmjbEI5tu+QYCuFSZ++mC06qJg0Bkw821DTAsM7Kynuj7K2f +WWQjlDL9ZsFifLqDXRymL+sn6g142hHQOa5KSHtT7cAcrm6L48gEL3fPntVSOU/H +BlTnODiSSTIsIRNA7kBkbSP3wWoYC1JQPmNYbUtZ7va2uXNb9dGT2k7Ae0465WND +wqRQJDxsr6TLYFpti+JRaOpSMNclXz4kRSP263Y4ZzQvkMGgSgwqg7JU00Uahk2p +KTlJAA8AiaMBdShlo/QXvL29Lyg0Y5klq2HCNziJDupWhXto5j5pjixrpwARAQAB +tCdBbG1hTGludXggT1MgOSA8cGFja2FnZXJAYWxtYWxpbnV4Lm9yZz6JAk4EEwEI +ADgWIQS/GKwodheJCNbnEmfTbLhsuGs3FgUCYeafKQIbAwULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRDTbLhsuGs3FrvnD/9X1wDM/C214t3UVsMVjTLdIJDGG+iU +E7Uk7QGeyeNif19rRatzXUHBBGjiAwpxe2rkveWBHCHPSUKqsAR9Arv3nMKiaGfA +0nomzDndLEDIgv35xzaU6OhX95mZzvj+9PThuxDxUnsNoA+7vGkaiRw+cyyDdTJQ +bKwum8bx1gS8Kbqo9mqrMekQ4NHCodq9bb2hI6pAxlYa472QuwFAXFAzbE3LIMIK +hzLkew7nxwP0txP/zzqPw4lYN38fg9AlHL2qgf0twCFO4N/ftkw25qwoiBhiwaWT +Ca8Z9wUJx35Z/ufscbNrtRrIGYNXTDFJdGY/WxKDp7QsyOx/sclcsSksKoC/52tL +2yFLQrMXsqnLjAQajA6adaeCAAwvp2/8VP8R65O4KMuKghMneCGwXVlVVYyRUXJD +Kjg7EvmmMGuh/Lj2A/vj+mQMmlS2kAl0qOsK9DtUIA7Z9m98zI3UmN/5BMb/HdqW +KADagOW9IPyo6IaSIT+A+7npTN1Y7m1aIrL1vsAKrus4MrCvAs1vYqzqIikv88Di +EWYVFCWTsTWf7jxBCVTLn1Lr7Mj08i+7OgRgguQGpcnvKsbwq1v2whQrs+YKR9hP +vVaW5DmGJ5brPykJUaQS6p5Esp1q3HBk0HbBxiiGIwGsKbLp0pKsk5TLzMIJwIG/ +lEolCV+fJ0P4nLkCDQRh5p8pARAAvXTL29arJ5Dl9FXVpE4Km1jJLaK2WfbQARJz +ygQKps9QNqS1yz7C7mYdTtgRxeK2eqcX5oA83w3ppJ0DTsxfAkY3nqAXS8+QRORU +ffSFvhdsU1G/qpvhX0Aq62gr4y1bkIMr9GlLq86uVKIQrNdmto4NDfQc1bDD5e4j +KaNMmNLXxq/s67AxFW/yLchYYZ7cMqQd6Ab4lacqpGdYFIAkBkVMmj3GUSo+FLpl ++4c50AZ8O0aB+xkrjch+4PoVyIpIC1IuqNYBYn2wMYFB414QY2iDopzpZXUhpCqx +NP4Zyhl1noUcOtH/wUfH1JsIcYRn0ixWF6JnE9KmjpkqBuM2/4Ot/bl67iPiN/if +vf3Z1kYjNPaszoMW3kmJj8MlBCSH9w6nQRG/eikihbeUDBB6rh2O7Dz8ltFqlt8N +asbngRoNZMnWMnItRV67Fo0pfn/DZA8VvI029apE21sNp6l7MUa8Z2/I/PNq10E8 +rPMQM//k9y2kgxz52i6iCyesobPvun6UC4xuFoYKUTQMgKQgqOhyZ4evkepFhmHg +Gzx+F8EmwN1FtxfNxfLtQZSUT3kxuUDizwpaH/LkSkRXpJOQyHJL6VBINNTjB4j1 +3+0jD+lCV6xIt88NYkGJL9rtKwZLQHSDPiI0ooCJ69GKy8SmSx04AwSsY67In1q8 ++FQjT20AEQEAAYkCNgQYAQgAIBYhBL8YrCh2F4kI1ucSZ9NsuGy4azcWBQJh5p8p +AhsMAAoJENNsuGy4azcW0KkP/i0YLRv+pDiSC4034oboczAnNrzJnBhqTi9cUEGn +Xpqvf/Zz3opqvRQiqZAgVcCtxfW+P9J3Vb/mBJ6OkR/jywAlY5il2dzK08YfVXmP +cEf6RF4M0KNtlYJmPlnQCZjMJaisrPmYD3Yy8ER1qJ5JQZ7n0REHZCbBCqH8w+5r +j4ohEHY7xXbd7+tvWTCk2MkHaide/UV/04WiO064AoZSUze/vaAx8Ll4AyFpxuIk +ktXZXbq7MaVzqYYJptiRB6TljzMwIbblLm9A7T7YTA/1rNe12OhDT8VoR3gG2C/l +Mtf37EmYq3QVqFlbj4+ouQWIiQmp5dQenH5ugf+Bob7IiENpxzF1cIu6wd4p5Y64 +3cdYUoxrjhsCM6W1lSqECoN8yXJnRTxpBwwm65SVk477KS2h77aJfa+v5UnBhpSt +eVlAhs0A8Qp/hX3o7qMO1jWca3zdJwXppLlFEYTVaFUOUrc4Lhlbi0gAnn8aBwSx +xF1r5GhPGIBzHtRgulwZkmS6VwtDMuC6KlrASu9f93D5gLZqVk22Oar9LpgCEACd +8Gw/+BFbdANqo9IKmDrWf7k/YuEqZ3h+eoyKI/2z7dKh/fcVEydMTn3LB4nFRvSD +AZ27tvC0IUXCUNx7iJdrD5kDsMhZRl5/dXbe539G4y2W00QYuJC0DpUvGdtOuaFx +1WKL +=jk2t +-----END PGP PUBLIC KEY BLOCK----- diff --git a/images/calico-go-build/almalinux/almalinux-appstream.repo b/images/calico-go-build/almalinux/almalinux-appstream.repo index 732927f0..a7cb4aaf 100644 --- a/images/calico-go-build/almalinux/almalinux-appstream.repo +++ b/images/calico-go-build/almalinux/almalinux-appstream.repo @@ -1,5 +1,3 @@ -# almalinux-appstream.repo - [appstream] name=AlmaLinux $releasever - AppStream mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream @@ -7,4 +5,6 @@ mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream enabled=0 gpgcheck=1 countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 +metadata_expire=86400 +enabled_metadata=1 diff --git a/images/calico-go-build/almalinux/almalinux.repo b/images/calico-go-build/almalinux/almalinux-baseos.repo similarity index 70% rename from images/calico-go-build/almalinux/almalinux.repo rename to images/calico-go-build/almalinux/almalinux-baseos.repo index fff5f713..d92f90bd 100644 --- a/images/calico-go-build/almalinux/almalinux.repo +++ b/images/calico-go-build/almalinux/almalinux-baseos.repo @@ -1,5 +1,3 @@ -# almalinux.repo - [baseos] name=AlmaLinux $releasever - BaseOS mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos @@ -7,4 +5,6 @@ mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos enabled=0 gpgcheck=1 countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 +metadata_expire=86400 +enabled_metadata=1 diff --git a/images/calico-go-build/almalinux/almalinux-crb.repo b/images/calico-go-build/almalinux/almalinux-crb.repo new file mode 100644 index 00000000..176a99d2 --- /dev/null +++ b/images/calico-go-build/almalinux/almalinux-crb.repo @@ -0,0 +1,10 @@ +[crb] +name=AlmaLinux $releasever - CRB +mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/crb +# baseurl=https://repo.almalinux.org/almalinux/$releasever/CRB/$basearch/os/ +enabled=0 +gpgcheck=1 +countme=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 +metadata_expire=86400 +enabled_metadata=0 diff --git a/images/calico-go-build/almalinux/almalinux-extras.repo b/images/calico-go-build/almalinux/almalinux-extras.repo new file mode 100644 index 00000000..5278e43c --- /dev/null +++ b/images/calico-go-build/almalinux/almalinux-extras.repo @@ -0,0 +1,10 @@ +[extras] +name=AlmaLinux $releasever - Extras +mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras +# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/$basearch/os/ +enabled=0 +gpgcheck=1 +countme=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 +metadata_expire=86400 +enabled_metadata=0 diff --git a/images/calico-go-build/almalinux/almalinux-powertools.repo b/images/calico-go-build/almalinux/almalinux-powertools.repo deleted file mode 100644 index 09b1fc65..00000000 --- a/images/calico-go-build/almalinux/almalinux-powertools.repo +++ /dev/null @@ -1,10 +0,0 @@ -# almalinux-powertools.repo - -[powertools] -name=AlmaLinux $releasever - PowerTools -mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/powertools -# baseurl=https://repo.almalinux.org/almalinux/$releasever/PowerTools/$basearch/os/ -enabled=0 -gpgcheck=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux diff --git a/images/calico-go-build/versions.yaml b/images/calico-go-build/versions.yaml index b6883762..d315903a 100644 --- a/images/calico-go-build/versions.yaml +++ b/images/calico-go-build/versions.yaml @@ -9,4 +9,4 @@ golang: kubernetes: version: 1.34.3 llvm: - version: 18.1.8 + version: 20.1.8 From e09a2354af6dd4da23e82a64816f6e35236d5c96 Mon Sep 17 00:00:00 2001 From: Jiawei Huang Date: Mon, 26 Jan 2026 14:39:35 -0800 Subject: [PATCH 2/2] Use calico/binfmt image --- Makefile.common | 2 +- README.md | 9 ++------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/Makefile.common b/Makefile.common index a7c5fe44..ebe05542 100644 --- a/Makefile.common +++ b/Makefile.common @@ -75,7 +75,7 @@ endif # This is only needed when running non-native binaries. register: ifneq ($(BUILDARCH),$(ARCH)) - docker run --privileged --rm tonistiigi/binfmt --install all || true + docker run --privileged --rm calico/binfmt:qemu-v10.1.3 --install all || true endif # If this is a release, also tag and push additional images. diff --git a/README.md b/README.md index f3666292..a18c35b4 100644 --- a/README.md +++ b/README.md @@ -50,12 +50,6 @@ For example, if you registered the `s390x` emulator at `/usr/bin/qemu-s390x-stat To register emulators, we run: -```bash -docker run --privileged --rm tonistiigi/binfmt --install all -``` - -or simply - ```bash make register ``` @@ -69,7 +63,8 @@ To _run_ a binary from a different architecture, you need to use `binfmt` and `q Register `qemu-*-static` for all supported processors except the current one using the following command: ```bash -docker run --privileged --rm tonistiigi/binfmt --install all +# Replace qemu-vx.y.z with the latest tag from https://hub.docker.com/r/calico/binfmt/tags +docker run --privileged --rm calico/binfmt:qemu-vx.y.z --install all ``` If a cross built binary is executed in the go-build container qemu-static will automatically be used.