Newer
Older
# We're using a multistage Docker build here in order to allow us to release a self-verifying
# Docker image when built on the official Docker infrastructure.
# They require us to verify the source integrity in some way while making sure that this is a
# reproducible build.
# See https://github.com/docker-library/official-images#image-build
# In order to achieve this, we externally host the rootfs archives and their checksums and then
# just download and verify it in the first stage of this Dockerfile.
# The second stage is for actually configuring the system a little bit.
# Some templating is done in order to allow us to easily build different configurations and to
# allow us to automate the releaes process.
FROM alpine:3.12 AS verify
RUN apk add --no-cache curl bash
# https://gitlab.archlinux.org/archlinux/archlinux-docker/-/releases/v20210123.0.14083
RUN ROOTFS="$(curl -sOJL --continue-at - -w "%{filename_effective}" https://gitlab.archlinux.org/archlinux/archlinux-docker/-/package_files/435/download)" && \
sha256sum -c <<< "19a065356cc7267530765d91ed050b40f02be54b2073adbd9809a2b3f2e7e4f9 base-devel-20210123.0.14083.tar.xz" && \
tar -C /rootfs --extract --file "${ROOTFS}"
FROM scratch AS root
COPY --from=verify /rootfs/ /
ENV LANG=en_US.UTF-8
CMD ["/usr/bin/bash"]