more pkgs: no more package bumping

.hadolint.yaml

@@ -2,3 +2,4 @@
 ignored:
   - DL3059
   - DL3002
+  - DL3006

pkg/acrn-kernel/Dockerfile

@@ -1,4 +1,6 @@
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS kernel-build
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS kernel-build
 
 ENV BUILD_PKGS \
     argp-standalone automake bash bc binutils-dev bison build-base \

pkg/acrn-kernel/build.yml

@@ -1,2 +1,5 @@
 image: eve-acrn-kernel
 org: lfedge
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/acrn/Dockerfile

@@ -3,7 +3,9 @@
 # Copyright (c) 2023 Zededa, Inc.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS kernel-build
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS kernel-build
 
 ENV BUILD_PKGS \
     gcc make libc-dev dev86 xz-dev perl bash python3-dev gettext iasl         \

pkg/acrn/build.yml

@@ -1,2 +1,5 @@
 image: eve-acrn
 org: lfedge
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/alpine-base/build.yml

@@ -1,3 +1,6 @@
 image: eve-alpine-base
 org: lfedge
 network: yes
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/alpine/Dockerfile

@@ -5,7 +5,6 @@ FROM lfedge/eve-alpine:e799def68af51dba83ec5a41f34bd0109704574f AS cache
 FROM lfedge/eve-alpine:b96ae7c5b776702cdc7596e3722e40cc0d353ad7 AS cache-riscv64
 FROM cache AS cache-amd64
 FROM cache AS cache-arm64
-# hadolint ignore=DL3006
 FROM cache-${TARGETARCH} AS cache-build
 
 ARG ALPINE_VERSION=3.16
@@ -76,7 +75,6 @@ ENV EVE_TARGET_ARCH=riscv64
 
 # we merge layers in previous step
 # so we should avoid large possible diff
-# hadolint ignore=DL3006
 FROM final-${TARGETARCH}
 COPY --from=compactor / /
 ENV GOTOOLCHAIN=local

pkg/alpine/build.yml

@@ -1,3 +1,6 @@
 image: eve-alpine
 org: lfedge
 network: yes
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/apparmor/Dockerfile

@@ -3,7 +3,9 @@
 # Copyright (c) 2023 Zededa, Inc.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS build
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build
 ENV BUILD_PKGS linux-headers musl-dev musl-utils musl-libintl git gcc g++ \
                autoconf automake libtool make flex bison bash sed gettext
 ENV PKGS alpine-baselayout

pkg/apparmor/build.yml

@@ -5,3 +5,6 @@ config:
     - /sys:/sys
   capabilities:
     - all
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/bpftrace/Dockerfile

@@ -2,7 +2,10 @@
 
 # Copyright (c) 2024 Zededa, Inc.
 # SPDX-License-Identifier: Apache-2.0
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS build
+
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build
 
 ENV BUILD_PKGS make gcc g++ git perl linux-headers musl-dev cmake zlib-dev bcc-dev libbpf-dev cereal flex bison llvm13-libs llvm13-dev llvm13-static clang-dev clang-static pahole gtest-dev bash
 
@@ -50,5 +53,4 @@ FROM bin AS bin-amd64
 FROM bin AS bin-arm64
 FROM scratch AS bin-riscv64
 
-# hadolint ignore=DL3006
 FROM bin-${TARGETARCH} AS bpftrace

pkg/bpftrace/build.yml

@@ -4,3 +4,6 @@
 org: lfedge
 image: eve-bpftrace
 network: no
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/bsp-imx/Dockerfile

@@ -3,28 +3,28 @@
 # use the same set of packages for simplicity
 ARG BUILD_PKGS_BASE="bash binutils-dev build-base bc bison flex openssl-dev util-linux-dev swig gnutls-dev perl python3 python3-dev py3-setuptools py3-pycryptodome py3-elftools"
 
-# we use the same image in several places
-ARG EVE_ALPINE_IMAGE=lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+ARG REL_HASH_LFEDGE_EVE_OPTEE_OS
+ARG REL_HASH_LFEDGE_EVE_CROSS_COMPILERS
 
 # OPTEE-OS images
-FROM lfedge/eve-optee-os:9224bc23bc238d0f499dadb134de32dc3a2abdf9 AS optee-os
+FROM ${REL_HASH_LFEDGE_EVE_OPTEE_OS} AS optee-os
 
 # hadolint ignore=DL3006
-FROM ${EVE_ALPINE_IMAGE} AS build-native
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build-native
 ARG BUILD_PKGS_BASE
 RUN BUILD_PKGS="${BUILD_PKGS_BASE}" eve-alpine-deploy.sh
 
-# hadolint ignore=DL3006,DL3029
-FROM --platform=${BUILDPLATFORM} ${EVE_ALPINE_IMAGE} AS build-cross
+# hadolint ignore=DL3029
+FROM --platform=${BUILDPLATFORM} ${REL_HASH_LFEDGE_EVE_ALPINE} AS build-cross
 ARG BUILD_PKGS_BASE
 RUN BUILD_PKGS="${BUILD_PKGS_BASE}" eve-alpine-deploy.sh
 
 # hadolint ignore=DL3029
-FROM --platform=${BUILDPLATFORM} lfedge/eve-cross-compilers:f476a79bcd086759592a105a49f9ed5bfa2c4ffa AS cross-compilers
+FROM --platform=${BUILDPLATFORM} ${REL_HASH_LFEDGE_EVE_CROSS_COMPILERS} AS cross-compilers
 
 # will use several packages from target arch and copy them to sysroot
-# hadolint ignore=DL3006
-FROM ${EVE_ALPINE_IMAGE} AS cross-compile-libs
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS cross-compile-libs
 ENV PKGS="musl-dev libgcc libintl libuuid libtirpc libblkid"
 RUN eve-alpine-deploy.sh
 
@@ -36,7 +36,6 @@ ENV EVE_TARGET_ARCH=aarch64
 FROM build-cross AS build-cross-target-riscv64
 ENV EVE_TARGET_ARCH=riscv64
 
-# hadolint ignore=DL3006
 FROM build-cross-target-${TARGETARCH} AS build-cross-target
 ENV CROSS_COMPILE_ENV="${EVE_TARGET_ARCH}-alpine-linux-musl-"
 COPY --from=cross-compilers /packages /packages
@@ -54,7 +53,6 @@ FROM build-native AS target-amd64-build-amd64
 FROM build-native AS target-arm64-build-arm64
 FROM build-native AS target-riscv64-build-riscv64
 
-# hadolint ignore=DL3006
 FROM target-${TARGETARCH}-build-${BUILDARCH} AS build
 
 SHELL ["/bin/bash", "-eo", "pipefail", "-c"]

pkg/bsp-imx/build.yml

@@ -1,2 +1,5 @@
 image: eve-bsp-imx
 org: lfedge
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/cross-compilers/Dockerfile

@@ -1,4 +1,6 @@
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS build-base
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build-base
 ENV BUILD_PKGS abuild curl tar make linux-headers patch g++ git gcc ncurses-dev autoconf file sudo
 RUN eve-alpine-deploy.sh
 
@@ -47,9 +49,8 @@ FROM build-base AS build-armhf
 # we do not support cross-compilers for riscv64 host
 # as gcc-gnat is not available on riscv64
 # we cannot build cross-compilers without additional patches
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS build-riscv64
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build-riscv64
 
-# hadolint ignore=DL3006
 FROM build-${TARGETARCH} AS build
 RUN mkdir -p /packages
 

pkg/cross-compilers/build.yml

@@ -1,2 +1,5 @@
 image: eve-cross-compilers
 org: lfedge
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/debug/Dockerfile

@@ -3,14 +3,18 @@
 # Copyright (c) 2023 Zededa, Inc.
 # SPDX-License-Identifier: Apache-2.0
 
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+ARG REL_HASH_LFEDGE_EVE_BPFTRACE
+ARG REL_HASH_LFEDGE_EVE_RECOVERTPM
+
 # for debug container we need to build our own copy of musl
 # with -fno-omit-frame-pointer to make sure that perf(1)
 # has a fast path for stack unwinding. This also happens
 # to be a perfect place to put any other kind of debug info
 # into the package: see abuild/etc/abuild.conf.
-FROM lfedge/eve-recovertpm:f74dd4a31b7022455446ecc13c209bf8a1c4dcb4 AS recovertpm
-FROM lfedge/eve-bpftrace:c08d714db34b7cde90d20c56e74d2c11afe483df AS bpftrace
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS build
+FROM ${REL_HASH_LFEDGE_EVE_RECOVERTPM} AS recovertpm
+FROM ${REL_HASH_LFEDGE_EVE_BPFTRACE} AS bpftrace
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build
 ENV BUILD_PKGS="abuild curl tar make linux-headers patch g++ git gcc gpg ncurses-dev autoconf openssl-dev zlib-dev"
 # Feel free to add additional packages here, but be aware that
 # EVE's rootfs image can be no larger than 300Mb (and don't

pkg/debug/build.yml

@@ -30,3 +30,6 @@ config:
   devices:
     - path: all
       type: a
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/dnsmasq/Dockerfile

@@ -1,7 +1,9 @@
 # Copyright (c) 2025 Zededa, Inc.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS build
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build
 ENV BUILD_PKGS gcc make patch libc-dev linux-headers tar xz coreutils
 RUN eve-alpine-deploy.sh
 

pkg/dnsmasq/Makefile

@@ -1,7 +1,16 @@
 # Copyright (c) 2025 Zededa, Inc.
 # SPDX-License-Identifier: Apache-2.0
 
+HOSTARCH        := $(subst aarch64,arm64,$(subst x86_64,amd64,$(shell uname -m)))
+ZARCH           ?= $(HOSTARCH)
+DOCKER_LIKE_LKT := ../../build-tools/bin/linuxkit pkg build --network --platforms linux/$(ZARCH) --dry-run --force ./ | tail -n1 | perl -pe 's/ buildx / /g'
+
 .PHONY: test
 
-test:
-	docker run --privileged $(shell docker build --target=test -q .) go test -v
+build-docker-test-dependencies:
+	make -C ../../ dnsmasq-cache-export-docker-load
+build-docker-test-build: build-docker-test-dependencies
+	$(shell $(DOCKER_LIKE_LKT)) --load --target test
+
+test: build-docker-test-build
+	docker run --privileged $(shell $(shell $(DOCKER_LIKE_LKT)) --load -q --target test) go test -v

pkg/dnsmasq/build.yml

@@ -1,2 +1,5 @@
 image: eve-dnsmasq
 org: lfedge
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/dom0-ztools/Dockerfile

@@ -1,5 +1,8 @@
 # syntax=docker/dockerfile-upstream:1.5.0-rc2-labs
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS zfs
+
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS zfs
 ENV BUILD_PKGS git patch ca-certificates util-linux build-base gettext-dev libtirpc-dev automake autoconf \
     libtool linux-headers attr-dev e2fsprogs-dev glib-dev openssl-dev util-linux-dev coreutils
 ENV PKGS ca-certificates util-linux libintl libuuid libtirpc libblkid libcrypto1.1 zlib

pkg/dom0-ztools/build.yml

@@ -1,2 +1,5 @@
 org: lfedge
 image: eve-dom0-ztools
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/edgeview/Dockerfile

@@ -1,6 +1,9 @@
 # Copyright (c) 2023 Zededa, Inc.
 # SPDX-License-Identifier: Apache-2.0
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS build
+
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build
 ENV BUILD_PKGS git
 ENV PKGS alpine-baselayout musl-utils iproute2 iptables
 RUN eve-alpine-deploy.sh

pkg/edgeview/build.yml

@@ -18,3 +18,6 @@ config:
   devices:
     - path: all
       type: a
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/eve/Dockerfile.in

@@ -1,4 +1,6 @@
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 as tools
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} as tools
 ENV PKGS="qemu-img tar u-boot-tools coreutils dosfstools"
 RUN eve-alpine-deploy.sh
 

pkg/eve/build.yml

@@ -1,2 +1,5 @@
 image: eve
 org: lfedge
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/external-boot-image/build.yml

@@ -4,3 +4,6 @@
 # SPDX-License-Identifier: Apache-2.0
 org: lfedge
 image: eve-external-boot-image
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/fscrypt/Dockerfile

@@ -2,13 +2,14 @@
 
 # SPDX-License-Identifier: Apache-2.0
 
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS build-base
+ARG REL_HASH_LFEDGE_EVE_ALPINE
+
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build-base
 
 FROM build-base AS build-amd64
 FROM build-base AS build-arm64
 FROM build-base AS build-riscv64
 
-# hadolint ignore=DL3006
 FROM build-${TARGETARCH} AS build
 
 ENV BUILD_PKGS git gcc make libc-dev linux-pam-dev m4 findutils util-linux make patch
@@ -29,4 +30,4 @@ RUN set -e && for patch in *.patch; do \
 RUN make -j "$(getconf _NPROCESSORS_ONLN)" && make DESTDIR="/out/opt/zededa" PREFIX="" install
 
 FROM scratch
-COPY --from=build /out/opt/zededa/bin /opt/zededa/bin
+COPY --from=build /out/opt/zededa/bin /opt/zededa/bin

pkg/fscrypt/build.yml

@@ -5,4 +5,7 @@ org: lfedge
 image: eve-fscrypt
 # we allow network in building fscrypt because we need it to downlaod go modules,
 # and it is limited to just this single target output.
-network: yes
+network: yes
+
+buildArgs:
+  - REL_HASH_%=@lkt:pkgs:../*

pkg/fw/Dockerfile

@@ -1,7 +1,9 @@
 # syntax=docker/dockerfile-upstream:1.5.0-rc2-labs
+
+ARG REL_HASH_LFEDGE_EVE_ALPINE
 ARG PLATFORM=generic
 
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS build-base
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS build-base
 
 ARG TARGETARCH
 
@@ -96,7 +98,7 @@ ADD https://hailo-hailort.s3.eu-west-2.amazonaws.com/Hailo8/${HAILO_FW_VERSION}/
 
 # generate initrd for Intel's and AMD's microcode
 # it makes sense only for x86_64 platform
-FROM --platform=${TARGETPLATFORM} lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS ucode-build-common
+FROM --platform=${TARGETPLATFORM} ${REL_HASH_LFEDGE_EVE_ALPINE} AS ucode-build-common
 RUN mkdir -p /boot /tmp/ucode/intel /tmp/ucode/amd /usr/share/licenses/ucode
 
 FROM ucode-build-common AS ucode-build-amd64
@@ -137,7 +139,7 @@ FROM ucode-build-common AS ucode-build-arm64
 FROM ucode-build-common AS ucode-build-riscv64
 FROM ucode-build-${TARGETARCH} AS ucode-build
 
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS compactor-common
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS compactor-common
 ENTRYPOINT []
 WORKDIR /
 COPY --from=build /lib/firmware/regulatory* /lib/firmware/
@@ -209,7 +211,7 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then \
     fi
 
 
-FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS compactor-full
+FROM ${REL_HASH_LFEDGE_EVE_ALPINE} AS compactor-full
 # get all possible FW
 COPY --from=build /lib/firmware/ /lib/firmware/
 

pkg/fw/build-evaluation-generic.yml

@@ -9,3 +9,4 @@ org: lfedge
 tag: "{{.Hash}}-generic"
 buildArgs:
     - PLATFORM=generic
+    - REL_HASH_%=@lkt:pkgs:../*

pkg/fw/build-evaluation.yml

@@ -9,3 +9,4 @@ org: lfedge
 tag: "{{.Hash}}-evaluation"
 buildArgs:
     - PLATFORM=evaluation
+    - REL_HASH_%=@lkt:pkgs:../*