Makefile 2.09 KB
Newer Older
1
DOCKER_USER:=pierres
2
3
DOCKER_ORGANIZATION=archlinux
DOCKER_IMAGE:=base
4
BUILDDIR=build
5
PWD=$(shell pwd)
Pierre Schmitz's avatar
Pierre Schmitz committed
6

7
8
XZ_THREADS ?= 0

Santiago Torres's avatar
Santiago Torres committed
9
10
hooks:
	mkdir -p alpm-hooks/usr/share/libalpm/hooks
11
	find /usr/share/libalpm/hooks -exec ln -sf /dev/null $(PWD)/alpm-hooks{} \;
Santiago Torres's avatar
Santiago Torres committed
12
13

rootfs: hooks
14
	mkdir -vp $(BUILDDIR)/var/lib/pacman/
15
16
	cp /usr/share/devtools/pacman-extra.conf rootfs/etc/pacman.conf
	cat pacman-conf.d-noextract.conf >> rootfs/etc/pacman.conf
Santiago Torres's avatar
Santiago Torres committed
17
	fakechroot -- fakeroot -- pacman -Sy -r $(BUILDDIR) \
18
		--noconfirm --dbpath $(PWD)/$(BUILDDIR)/var/lib/pacman \
19
		--config rootfs/etc/pacman.conf \
20
		--noscriptlet \
Santiago Torres's avatar
Santiago Torres committed
21
		--hookdir $(PWD)/alpm-hooks/usr/share/libalpm/hooks/ $(shell cat packages)
22
	cp --recursive --preserve=timestamps --backup --suffix=.pacnew rootfs/* $(BUILDDIR)/
23
24
25
26
	
	# remove passwordless login for root (see CVE-2019-5021 for reference)
	sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow"

27
28
29
	# fakeroot to map the gid/uid of the builder process to root
	# fixes #22
	fakeroot -- tar --numeric-owner --xattrs --acls --exclude-from=exclude -C $(BUILDDIR) -c . -f archlinux.tar
Santiago Torres's avatar
Santiago Torres committed
30
	rm -rf $(BUILDDIR) alpm-hooks
Pierre Schmitz's avatar
Pierre Schmitz committed
31

32
33
archlinux.tar: rootfs

34
compress-rootfs: archlinux.tar
35
	xz -9 -T"$(XZ_THREADS)" -f archlinux.tar
36
37

docker-image: compress-rootfs
38
	docker build -t $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) .
Pierre Schmitz's avatar
Pierre Schmitz committed
39

40
41
docker-image-test: docker-image
	# FIXME: /etc/mtab is hidden by docker so the stricter -Qkk fails
42
	docker run --rm $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) sh -c "/usr/bin/pacman -Sy && /usr/bin/pacman -Qqk"
43
	docker run --rm $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) sh -c "/usr/bin/pacman -Syu --noconfirm docker && docker -v" # Ensure that the image does not include a private key
44
	! docker run --rm $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) pacman-key --lsign-key pierre@archlinux.de
45
	docker run --rm $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) sh -c "/usr/bin/id -u http"
46
	docker run --rm $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) sh -c "/usr/bin/pacman -Syu --noconfirm grep && locale | grep -q UTF-8"
47

Pierre Schmitz's avatar
Pierre Schmitz committed
48
docker-push:
Pierre Schmitz's avatar
Pierre Schmitz committed
49
	docker login -u $(DOCKER_USER)
50
	docker push $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE)
Pierre Schmitz's avatar
Pierre Schmitz committed
51

hashworks's avatar
hashworks committed
52
.PHONY: rootfs docker-image docker-image-test docker-push