Merge branch 'dockerfileCMDsToMakefile' into 'master'

Move all Dockerfile commands to Makefile Closes #45 See merge request !49

Merge branch 'dockerfileCMDsToMakefile' into 'master'
Move all Dockerfile commands to Makefile Closes #45 See merge request !49
73504a73 · hashworks · 41d5da41 · 17b668ef · 73504a73 · 73504a73
Commit 73504a73 authored Nov 13, 2020 by hashworks
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -39,6 +39,8 @@ get_version:
  stage: rootfs
  before_script:
    - pacman -Syu --noconfirm make devtools fakechroot fakeroot
+  script:
+    - make $PWD/output/Dockerfile.$GROUP
  artifacts:
    paths:
      - output/*
@@ -54,8 +56,6 @@ rootfs:
  parallel:
    matrix:
      - GROUP: [base, base-devel]
-  script:
-    - make $PWD/output/$GROUP.tar.xz $PWD/output/Dockerfile.$GROUP

 rootfs:secure:
  extends: .rootfs
@@ -70,8 +70,6 @@ rootfs:secure:
  parallel:
    matrix:
      - GROUP: [base, base-devel]
-  script:
-    - make $PWD/output/$GROUP.tar.xz $PWD/output/Dockerfile.$GROUP

 .image:
  stage: image
@@ -151,22 +149,26 @@ image:publish:secure:
    refs:
      - releases
      - tags
-  script:
-    - pacman -Sy
-    - pacman -Qqk
-    - pacman -Syu --noconfirm docker grep
-    - docker -v
-    - id -u http
-    - locale | grep -q UTF-8
+
+.test-script: &test-script
+  - pacman -Sy
+  - pacman -Qqk
+  - pacman -Syu --noconfirm docker grep
+  - docker -v
+  - id -u http
+  - locale | grep -q UTF-8

 test:base:
  extends: .test
  image: $CI_REGISTRY_IMAGE:base-$CI_COMMIT_REF_SLUG
+  script:
+    - *test-script

 test:base-devel:
  extends: .test
  image: $CI_REGISTRY_IMAGE:base-devel-$CI_COMMIT_REF_SLUG
-  after_script:
+  script:
+    - *test-script
    - gcc -v
    - g++ -v
    - make -v

--- a/Dockerfile.template
+++ b/Dockerfile.template
@@ -20,15 +20,7 @@ RUN ROOTFS="$(curl -sOJL --continue-at - -w "%{filename_effective}" TEMPLATE_ROO
 FROM scratch AS root
 COPY --from=verify /rootfs/ /

-# manually run all alpm hooks that can't be run inside the fakechroot
-RUN ldconfig && update-ca-trust && locale-gen
-RUN sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers '
-
-# update /etc/os-release
-RUN ln -s /usr/lib/os-release /etc/os-release
-
-# initialize the archlinux keyring, but discard any private key that may be shipped.
-RUN pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"
+RUN ldconfig

 ENV LANG=en_US.UTF-8
 CMD ["/usr/bin/bash"]
--- a/Makefile
+++ b/Makefile
@@ -8,13 +8,22 @@ define rootfs
 	mkdir -vp $(BUILDDIR)/var/lib/pacman/ $(OUTPUTDIR)
 	install -Dm644 /usr/share/devtools/pacman-extra.conf $(BUILDDIR)/etc/pacman.conf
 	cat pacman-conf.d-noextract.conf >> $(BUILDDIR)/etc/pacman.conf
+
 	fakechroot -- fakeroot -- pacman -Sy -r $(BUILDDIR) \
 		--noconfirm --dbpath $(BUILDDIR)/var/lib/pacman \
 		--config $(BUILDDIR)/etc/pacman.conf \
 		--noscriptlet \
 		--hookdir $(BUILDDIR)/alpm-hooks/usr/share/libalpm/hooks/ $(2)
+
 	cp --recursive --preserve=timestamps --backup --suffix=.pacnew rootfs/* $(BUILDDIR)/

+fakechroot -- fakeroot -- chroot $(BUILDDIR) update-ca-trust
+	fakechroot -- fakeroot -- chroot $(BUILDDIR) locale-gen
+	fakechroot -- fakeroot -- chroot $(BUILDDIR) sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers'
+	fakechroot -- fakeroot -- chroot $(BUILDDIR) sh -c 'pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"'
+
+	ln -fs /usr/lib/os-release $(BUILDDIR)/etc/os-release
+
 	# remove passwordless login for root (see CVE-2019-5021 for reference)
 	sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow"

@@ -42,16 +51,16 @@ $(OUTPUTDIR)/base.tar.xz:
 $(OUTPUTDIR)/base-devel.tar.xz:
 	$(call rootfs,base-devel,base base-devel)

-$(OUTPUTDIR)/Dockerfile.base:
+$(OUTPUTDIR)/Dockerfile.base: $(OUTPUTDIR)/base.tar.xz
 	$(call dockerfile,base)

-$(OUTPUTDIR)/Dockerfile.base-devel:
+$(OUTPUTDIR)/Dockerfile.base-devel: $(OUTPUTDIR)/base-devel.tar.xz
 	$(call dockerfile,base-devel)

 .PHONY: docker-image-base
-image-base: $(OUTPUTDIR)/base.tar.xz $(OUTPUTDIR)/Dockerfile.base
+image-base: $(OUTPUTDIR)/Dockerfile.base
 	docker build -f $(OUTPUTDIR)/Dockerfile.base -t archlinux/archlinux:base $(OUTPUTDIR)

 .PHONY: docker-image-base-devel
-image-base-devel: $(OUTPUTDIR)/base-devel.tar.xz $(OUTPUTDIR)/Dockerfile.base-devel
+image-base-devel: $(OUTPUTDIR)/Dockerfile.base-devel
 	docker build -f $(OUTPUTDIR)/Dockerfile.base-devel -t archlinux/archlinux:base-devel $(OUTPUTDIR)