Dockerfile.base-devel 1.74 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
# We're using a multistage Docker build here in order to allow us to release a self-verifying
# Docker image when built on the official Docker infrastructure.
# They require us to verify the source integrity in some way while making sure that this is a
# reproducible build.
# See https://github.com/docker-library/official-images#image-build
# In order to achieve this, we externally host the rootfs archives and their checksums and then
# just download and verify it in the first stage of this Dockerfile.
# The second stage is for actually configuring the system a little bit.
# Some templating is done in order to allow us to easily build different configurations and to
# allow us to automate the releaes process.
11
12
FROM alpine:3.12 AS verify
RUN apk add --no-cache curl bash
13
SHELL ["/bin/bash", "-c"]
14
15
RUN ROOTFS="$(curl -sOJL --continue-at - -w "%{filename_effective}" https://gitlab.archlinux.org/archlinux/archlinux-docker/-/package_files/159/download)" && \
    sha256sum -c <<< "155a587f07f61e5056207dd033197575f1a81f5de22a679d0df1e5662f779cc6  base-devel-20201109.0.8666.tar.xz" && \
16
    mkdir /rootfs && \
17
    tar -C /rootfs --extract --file "${ROOTFS}"
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

FROM scratch AS root
COPY --from=verify /rootfs/ /

# manually run all alpm hooks that can't be run inside the fakechroot
RUN ldconfig && update-ca-trust && locale-gen
RUN sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers '

# update /etc/os-release
RUN ln -s /usr/lib/os-release /etc/os-release

# initialize the archlinux keyring, but discard any private key that may be shipped.
RUN pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"

ENV LANG=en_US.UTF-8
CMD ["/usr/bin/bash"]