Home Explore Help
Register Sign In
Apq
/
Docker-official-images
mirror of https://github.com/docker-library/official-images.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: b0309588b5
Branches Tags
Docker-official...
/
naughty-from.sh

naughty-from.sh 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. #!/usr/bin/env bash
    2. 

  2. set -Eeuo pipefail
    3. 

  3. 

  4. : "${BASHBREW_CACHE:=$HOME/.cache/bashbrew}"
    5. 

  5. export BASHBREW_CACHE BASHBREW_ARCH=
    6. 

  6. 

  7. if [ ! -d "$BASHBREW_CACHE/git" ]; then
    8. 

  8. 	# initialize the "bashbrew cache"
    9. 

  9. 	bashbrew --arch amd64 from --uniq --apply-constraints hello-world:linux > /dev/null
    10. 

  10. fi
    11. 

  11. 

  12. if [ "$#" -eq 0 ]; then
    13. 

  13. 	set -- '--all'
    14. 

  14. fi
    15. 

  15. 

  16. _is_naughty() {
    17. 

  17. 	local from="$1"; shift
    18. 

  18. 

  19. 	case "$BASHBREW_ARCH=$from" in
    20. 

  20. 		# a few images that no longer exist (and are thus not permissible)
    21. 

  21. 		# https://techcommunity.microsoft.com/t5/Containers/Removing-the-latest-Tag-An-Update-on-MCR/ba-p/393045
    22. 

  22. 		*=mcr.microsoft.com/windows/*:latest) return 0 ;;
    23. 

  23. 

  24. 		# 20H2 is not *technically* EOL until 05/10/2022, but its use is discouraged here given the existence of ltsc2022
    25. 

  25. 		# 2004 is not *technically* EOL until 12/14/2021, but its use is discouraged here given the existence of ltsc2022
    26. 

  26. 

  27. 		# https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/base-image-lifecycle
    28. 

  28. 		# "05/11/2021"
    29. 

  29. 		*=mcr.microsoft.com/windows/*:1909*) return 0 ;;
    30. 

  30. 

  31. 		# https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/base-image-lifecycle
    32. 

  32. 		# "12/08/2020"
    33. 

  33. 		*=mcr.microsoft.com/windows/*:1903*) return 0 ;;
    34. 

  34. 

  35. 		# https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/base-image-lifecycle
    36. 

  36. 		# "11/12/2019"
    37. 

  37. 		*=mcr.microsoft.com/windows/*:1803*) return 0 ;;
    38. 

  38. 

  39. 		# https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/base-image-lifecycle
    40. 

  40. 		# "04/09/2019"
    41. 

  41. 		*=mcr.microsoft.com/windows/*:1709*) return 0 ;;
    42. 

  42. 

  43. 		# https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/base-image-lifecycle
    44. 

  44. 		# "10/09/2018"
    45. 

  45. 		*=mcr.microsoft.com/windows/nanoserver:sac2016) return 0 ;;
    46. 

  46. 

  47. 		# a few explicitly permissible exceptions to Santa's naughty list
    48. 

  48. 		*=scratch \
    49. 

  49. 		| amd64=docker.elastic.co/elasticsearch/elasticsearch:* \
    50. 

  50. 		| amd64=docker.elastic.co/kibana/kibana:* \
    51. 

  51. 		| amd64=docker.elastic.co/logstash/logstash:* \
    52. 

  52. 		| arm64v8=docker.elastic.co/elasticsearch/elasticsearch:* \
    53. 

  53. 		| arm64v8=docker.elastic.co/kibana/kibana:* \
    54. 

  54. 		| arm64v8=docker.elastic.co/logstash/logstash:* \
    55. 

  55. 		| windows-*=mcr.microsoft.com/windows/nanoserver:* \
    56. 

  56. 		| windows-*=mcr.microsoft.com/windows/servercore:* \
    57. 

  57. 		) return 1 ;;
    58. 

  58. 

  59. 		# "x/y" and not an approved exception
    60. 

  60. 		*/*) return 0 ;;
    61. 

  61. 	esac
    62. 

  62. 

  63. 	# must be some other official image AND support our current architecture
    64. 

  64. 	local archSupported
    65. 

  65. 	if archSupported="$(bashbrew cat --format '{{ .TagEntry.HasArchitecture arch | ternary arch "" }}' "$from")" && [ -n "$archSupported" ]; then
    66. 

  66. 		return 1
    67. 

  67. 	fi
    68. 

  68. 

  69. 	return 0
    70. 

  70. }
    71. 

  71. 

  72. _arches() {
    73. 

  73. 	bashbrew cat --format '
    74. 

  74. 		{{- range .TagEntries -}}
    75. 

  75. 			{{- .Architectures | join "\n" -}}
    76. 

  76. 			{{- "\n" -}}
    77. 

  77. 		{{- end -}}
    78. 

  78. 	' "$@" | sort -u
    79. 

  79. }
    80. 

  80. 

  81. _froms() {
    82. 

  82. 	bashbrew cat --format '
    83. 

  83. 		{{- range .TagEntries -}}
    84. 

  84. 			{{- $.DockerFroms . | join "\n" -}}
    85. 

  85. 			{{- "\n" -}}
    86. 

  86. 		{{- end -}}
    87. 

  87. 	' "$@" | sort -u
    88. 

  88. }
    89. 

  89. 

  90. declare -A naughtyFromsArches=(
    91. 

  91. 	#[img:tag=from:tag]='arch arch ...'
    92. 

  92. )
    93. 

  93. naughtyFroms=()
    94. 

  94. declare -A allNaughty=(
    95. 

  95. 	#[img:tag]=1
    96. 

  96. )
    97. 

  97. 

  98. tags="$(bashbrew --namespace '' list --uniq "$@" | sort -u)"
    99. 

  99. for img in $tags; do
    100. 

  100. 	arches="$(_arches "$img")"
    101. 

  101. 	hasNice= # do we have _any_ arches that aren't naughty? (so we can make the message better if not)
    102. 

  102. 	for BASHBREW_ARCH in $arches; do
    103. 

  103. 		export BASHBREW_ARCH
    104. 

  104. 

  105. 		froms="$(_froms "$img")"
    106. 

  106. 		[ -n "$froms" ] # rough sanity check
    107. 

  107. 

  108. 		for from in $froms; do
    109. 

  109. 			if _is_naughty "$from"; then
    110. 

  110. 				if [ -z "${naughtyFromsArches["$img=$from"]:-}" ]; then
    111. 

  111. 					naughtyFroms+=( "$img=$from" )
    112. 

  112. 				else
    113. 

  113. 					naughtyFromsArches["$img=$from"]+=', '
    114. 

  114. 				fi
    115. 

  115. 				naughtyFromsArches["$img=$from"]+="$BASHBREW_ARCH"
    116. 

  116. 			else
    117. 

  117. 				hasNice=1
    118. 

  118. 			fi
    119. 

  119. 		done
    120. 

  120. 	done
    121. 

  121. 

  122. 	if [ -z "$hasNice" ]; then
    123. 

  123. 		allNaughty["$img"]=1
    124. 

  124. 	fi
    125. 

  125. done
    126. 

  126. 

  127. for naughtyFrom in "${naughtyFroms[@]:-}"; do
    128. 

  128. 	[ -n "$naughtyFrom" ] || continue # https://mywiki.wooledge.org/BashFAQ/112#BashFAQ.2F112.line-8 (empty array + "set -u" + bash 4.3 == sad day)
    129. 

  129. 	img="${naughtyFrom%%=*}"
    130. 

  130. 	from="${naughtyFrom#$img=}"
    131. 

  131. 	if [ -n "${allNaughty["$img"]:-}" ]; then
    132. 

  132. 		echo " - $img (FROM $from) -- completely unsupported base!"
    133. 

  133. 	else
    134. 

  134. 		arches="${naughtyFromsArches[$naughtyFrom]}"
    135. 

  135. 		echo " - $img (FROM $from) [$arches]"
    136. 

  136. 	fi
    137. 

  137. done
    138.