mirrors/archlinux-docker
1
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/archlinux-docker.git synced 2025-08-07 14:47:14 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'dockerfileCMDsToMakefile' into 'master'

Browse Source 
Move all Dockerfile commands to Makefile

Closes #45

See merge request archlinux/archlinux-docker!49
This commit is contained in:
hashworks 2020-11-13 09:22:32 +00:00
commit 73504a73cd
3 changed files with 28 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.gitlab-ci.yml
View File

@ -39,6 +39,8 @@ get_version:
stage: rootfs stage: rootfs
before_script: before_script:
- pacman -Syu --noconfirm make devtools fakechroot fakeroot - pacman -Syu --noconfirm make devtools fakechroot fakeroot
script:
- make $PWD/output/Dockerfile.$GROUP
artifacts: artifacts:
paths: paths:
- output/* - output/*
@ -54,8 +56,6 @@ rootfs:
parallel: parallel:
matrix: matrix:
- GROUP: [base, base-devel] - GROUP: [base, base-devel]
script:
- make $PWD/output/$GROUP.tar.xz $PWD/output/Dockerfile.$GROUP
rootfs:secure: rootfs:secure:
extends: .rootfs extends: .rootfs
@ -70,8 +70,6 @@ rootfs:secure:
parallel: parallel:
matrix: matrix:
- GROUP: [base, base-devel] - GROUP: [base, base-devel]
script:
- make $PWD/output/$GROUP.tar.xz $PWD/output/Dockerfile.$GROUP
.image: .image:
stage: image stage: image
@ -151,22 +149,26 @@ image:publish:secure:
refs: refs:
- releases - releases
- tags - tags
script:
- pacman -Sy .test-script: &test-script
- pacman -Qqk - pacman -Sy
- pacman -Syu --noconfirm docker grep - pacman -Qqk
- docker -v - pacman -Syu --noconfirm docker grep
- id -u http - docker -v
- locale | grep -q UTF-8 - id -u http
- locale | grep -q UTF-8
test:base: test:base:
extends: .test extends: .test
image: $CI_REGISTRY_IMAGE:base-$CI_COMMIT_REF_SLUG image: $CI_REGISTRY_IMAGE:base-$CI_COMMIT_REF_SLUG
script:
- *test-script
test:base-devel: test:base-devel:
extends: .test extends: .test
image: $CI_REGISTRY_IMAGE:base-devel-$CI_COMMIT_REF_SLUG image: $CI_REGISTRY_IMAGE:base-devel-$CI_COMMIT_REF_SLUG
after_script: script:
- *test-script
- gcc -v - gcc -v
- g++ -v - g++ -v
- make -v - make -v

10
Dockerfile.template
View File

@ -20,15 +20,7 @@ RUN ROOTFS="$(curl -sOJL --continue-at - -w "%{filename_effective}" TEMPLATE_ROO
FROM scratch AS root FROM scratch AS root
COPY --from=verify /rootfs/ / COPY --from=verify /rootfs/ /
# manually run all alpm hooks that can't be run inside the fakechroot RUN ldconfig
RUN ldconfig && update-ca-trust && locale-gen
RUN sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers '
# update /etc/os-release
RUN ln -s /usr/lib/os-release /etc/os-release
# initialize the archlinux keyring, but discard any private key that may be shipped.
RUN pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"
ENV LANG=en_US.UTF-8 ENV LANG=en_US.UTF-8
CMD ["/usr/bin/bash"] CMD ["/usr/bin/bash"]

17
Makefile
View File

@ -8,13 +8,22 @@ define rootfs
mkdir -vp $(BUILDDIR)/var/lib/pacman/ $(OUTPUTDIR) mkdir -vp $(BUILDDIR)/var/lib/pacman/ $(OUTPUTDIR)
install -Dm644 /usr/share/devtools/pacman-extra.conf $(BUILDDIR)/etc/pacman.conf install -Dm644 /usr/share/devtools/pacman-extra.conf $(BUILDDIR)/etc/pacman.conf
cat pacman-conf.d-noextract.conf >> $(BUILDDIR)/etc/pacman.conf cat pacman-conf.d-noextract.conf >> $(BUILDDIR)/etc/pacman.conf
fakechroot -- fakeroot -- pacman -Sy -r $(BUILDDIR) \ fakechroot -- fakeroot -- pacman -Sy -r $(BUILDDIR) \
--noconfirm --dbpath $(BUILDDIR)/var/lib/pacman \ --noconfirm --dbpath $(BUILDDIR)/var/lib/pacman \
--config $(BUILDDIR)/etc/pacman.conf \ --config $(BUILDDIR)/etc/pacman.conf \
--noscriptlet \ --noscriptlet \
--hookdir $(BUILDDIR)/alpm-hooks/usr/share/libalpm/hooks/ $(2) --hookdir $(BUILDDIR)/alpm-hooks/usr/share/libalpm/hooks/ $(2)
cp --recursive --preserve=timestamps --backup --suffix=.pacnew rootfs/* $(BUILDDIR)/ cp --recursive --preserve=timestamps --backup --suffix=.pacnew rootfs/* $(BUILDDIR)/
fakechroot -- fakeroot -- chroot $(BUILDDIR) update-ca-trust
fakechroot -- fakeroot -- chroot $(BUILDDIR) locale-gen
fakechroot -- fakeroot -- chroot $(BUILDDIR) sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers'
fakechroot -- fakeroot -- chroot $(BUILDDIR) sh -c 'pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"'
ln -fs /usr/lib/os-release $(BUILDDIR)/etc/os-release
# remove passwordless login for root (see CVE-2019-5021 for reference) # remove passwordless login for root (see CVE-2019-5021 for reference)
sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow" sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow"
@ -42,16 +51,16 @@ $(OUTPUTDIR)/base.tar.xz:
$(OUTPUTDIR)/base-devel.tar.xz: $(OUTPUTDIR)/base-devel.tar.xz:
$(call rootfs,base-devel,base base-devel) $(call rootfs,base-devel,base base-devel)
$(OUTPUTDIR)/Dockerfile.base: $(OUTPUTDIR)/Dockerfile.base: $(OUTPUTDIR)/base.tar.xz
$(call dockerfile,base) $(call dockerfile,base)
$(OUTPUTDIR)/Dockerfile.base-devel: $(OUTPUTDIR)/Dockerfile.base-devel: $(OUTPUTDIR)/base-devel.tar.xz
$(call dockerfile,base-devel) $(call dockerfile,base-devel)
.PHONY: docker-image-base .PHONY: docker-image-base
image-base: $(OUTPUTDIR)/base.tar.xz $(OUTPUTDIR)/Dockerfile.base image-base: $(OUTPUTDIR)/Dockerfile.base
docker build -f $(OUTPUTDIR)/Dockerfile.base -t archlinux/archlinux:base $(OUTPUTDIR) docker build -f $(OUTPUTDIR)/Dockerfile.base -t archlinux/archlinux:base $(OUTPUTDIR)
.PHONY: docker-image-base-devel .PHONY: docker-image-base-devel
image-base-devel: $(OUTPUTDIR)/base-devel.tar.xz $(OUTPUTDIR)/Dockerfile.base-devel image-base-devel: $(OUTPUTDIR)/Dockerfile.base-devel
docker build -f $(OUTPUTDIR)/Dockerfile.base-devel -t archlinux/archlinux:base-devel $(OUTPUTDIR) docker build -f $(OUTPUTDIR)/Dockerfile.base-devel -t archlinux/archlinux:base-devel $(OUTPUTDIR)