From 8407d4a6660c8884854811221deb4efe86d7c8d5 Mon Sep 17 00:00:00 2001
From: Arch Linux Docker release bot <project10185_bot2@example.com>
Date: Wed, 28 Oct 2020 09:07:56 +0000
Subject: [PATCH] Release 20201028.0.7504

---
 Dockerfile.base       | 32 ++++++++++++++++++++++++++++++++
 Dockerfile.base-devel | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)

diff --git a/Dockerfile.base b/Dockerfile.base
index e69de29..c41940c 100644
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -0,0 +1,32 @@
+# We're using a multistage Docker build here in order to allow us to release a self-verifying
+# Docker image when built on the official Docker infrastructure.
+# They require us to verify the source integrity in some way while making sure that this is a
+# reproducible build.
+# See https://github.com/docker-library/official-images#image-build
+# In order to achieve this, we externally host the rootfs archives and their checksums and then
+# just download and verify it in the first stage of this Dockerfile.
+# The second stage is for actually configuring the system a little bit.
+# Some templating is done in order to allow us to easily build different configurations and to
+# allow us to automate the releaes process.
+FROM archlinux:latest AS verify
+SHELL ["/bin/bash", "-c"]
+RUN ROOTFS="$(curl -OJL --continue-at - -w "%{filename_effective}" https://gitlab.archlinux.org/archlinux/archlinux-docker/-/package_files/89/download)" && \
+    sha256sum -c <<< "1bd86e51805e9177626c0f0f01d0e31ac6fc9798501805c1383cf32f21289356  base-20201028.0.7504.tar.xz" && \
+    mkdir /rootfs && \
+    tar -C /rootfs --extract --auto-compress --file "${ROOTFS}"
+
+FROM scratch AS root
+COPY --from=verify /rootfs/ /
+
+# manually run all alpm hooks that can't be run inside the fakechroot
+RUN ldconfig && update-ca-trust && locale-gen
+RUN sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers '
+
+# update /etc/os-release
+RUN ln -s /usr/lib/os-release /etc/os-release
+
+# initialize the archlinux keyring, but discard any private key that may be shipped.
+RUN pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"
+
+ENV LANG=en_US.UTF-8
+CMD ["/usr/bin/bash"]
diff --git a/Dockerfile.base-devel b/Dockerfile.base-devel
index e69de29..7e672e5 100644
--- a/Dockerfile.base-devel
+++ b/Dockerfile.base-devel
@@ -0,0 +1,32 @@
+# We're using a multistage Docker build here in order to allow us to release a self-verifying
+# Docker image when built on the official Docker infrastructure.
+# They require us to verify the source integrity in some way while making sure that this is a
+# reproducible build.
+# See https://github.com/docker-library/official-images#image-build
+# In order to achieve this, we externally host the rootfs archives and their checksums and then
+# just download and verify it in the first stage of this Dockerfile.
+# The second stage is for actually configuring the system a little bit.
+# Some templating is done in order to allow us to easily build different configurations and to
+# allow us to automate the releaes process.
+FROM archlinux:latest AS verify
+SHELL ["/bin/bash", "-c"]
+RUN ROOTFS="$(curl -OJL --continue-at - -w "%{filename_effective}" https://gitlab.archlinux.org/archlinux/archlinux-docker/-/package_files/91/download)" && \
+    sha256sum -c <<< "a1aa414ab3d5c6f90332330c23354abf2fe89417550411c00db2256d2aae24f7  base-devel-20201028.0.7504.tar.xz" && \
+    mkdir /rootfs && \
+    tar -C /rootfs --extract --auto-compress --file "${ROOTFS}"
+
+FROM scratch AS root
+COPY --from=verify /rootfs/ /
+
+# manually run all alpm hooks that can't be run inside the fakechroot
+RUN ldconfig && update-ca-trust && locale-gen
+RUN sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers '
+
+# update /etc/os-release
+RUN ln -s /usr/lib/os-release /etc/os-release
+
+# initialize the archlinux keyring, but discard any private key that may be shipped.
+RUN pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"
+
+ENV LANG=en_US.UTF-8
+CMD ["/usr/bin/bash"]