Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
archlinux-docker
Commits
9b52d567
Commit
9b52d567
authored
Aug 31, 2020
by
Kristian Klausen
🎉
Browse files
Generate and verify checksum for the rootfs
parent
d51a887e
Changes
4
Hide whitespace changes
Inline
Side-by-side
.gitlab-ci.yml
View file @
9b52d567
...
...
@@ -9,7 +9,8 @@ stages:
lint
:
stage
:
lint
image
:
hadolint/hadolint:latest
script
:
hadolint --ignore DL3020 Dockerfile.template
# DL3007: We use the latest tag for multistage build
script
:
hadolint --ignore DL3007 --ignore DL3020 Dockerfile.template
rootfs:base:
stage
:
rootfs
...
...
@@ -20,10 +21,11 @@ rootfs:base:
-
echo "BUILD_DATE=$(date +%Y%m%d)" > build.env
script
:
-
pacman -Syu --noconfirm make devtools fakechroot fakeroot
-
make
base.tar.xz
-
make
dockerfile-image-base
artifacts
:
paths
:
-
base.tar.xz
-
Dockerfile.base
expire_in
:
10m
reports
:
dotenv
:
build.env
...
...
@@ -37,10 +39,11 @@ rootfs:base-devel:
-
echo "BUILD_DATE=$(date +%Y%m%d)" > build.env
script
:
-
pacman -Syu --noconfirm make devtools fakechroot fakeroot
-
make base-devel
.tar.xz
-
make
dockerfile-image-
base-devel
artifacts
:
paths
:
-
base-devel.tar.xz
-
Dockerfile.base-devel
expire_in
:
10m
reports
:
dotenv
:
build.env
...
...
@@ -54,8 +57,6 @@ docker:base:
-
job
:
"
rootfs:base"
before_script
:
-
echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-
sed "s/TEMPLATE_LOCATION_HERE/base.tar/" Dockerfile.template > Dockerfile.base
-
unxz base.tar.xz
script
:
-
/kaniko/executor
--whitelist-var-run="false"
...
...
@@ -72,8 +73,6 @@ docker:base-devel:
-
job
:
"
rootfs:base-devel"
before_script
:
-
echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-
sed "s/TEMPLATE_LOCATION_HERE/base-devel.tar/" Dockerfile.template > Dockerfile.base-devel
-
unxz base-devel.tar.xz
script
:
-
/kaniko/executor
--whitelist-var-run="false"
...
...
Dockerfile.template
View file @
9b52d567
FROM archlinux:latest AS verify
COPY TEMPLATE_ROOTFS_FILE /
SHELL ["/bin/bash", "-c"]
RUN ROOTFS="$(curl --continue-at - --remote-name --write-out "%{filename_effective}" TEMPLATE_ROOTFS_URL)" && \
sha256sum -c <<< "TEMPLATE_ROOTFS_HASH" && \
mkdir /rootfs && \
tar -C /rootfs --extract --auto-compress --file "${ROOTFS}"
FROM scratch AS base
ADD TEMPLATE_LOCATION_HERE
/
COPY --from=verify /rootfs/
/
# manually run all alpm hooks that can't be run inside the fakechroot
RUN ldconfig && update-ca-trust && locale-gen
...
...
Makefile
View file @
9b52d567
...
...
@@ -49,20 +49,32 @@ rootfs-base-devel: hooks
base.tar.xz
:
rootfs-base
xz
-9
-T0
-f
base.tar
sha256sum
base.tar.xz
>
base.tar.xz.SHA256
base-devel.tar.xz
:
rootfs-base-devel
xz
-9
-T0
-f
base-devel.tar
sha256sum
base-devel.tar.xz
>
base-devel.tar.xz.SHA256
.PHONY
:
dockerfile-image-base
dockerfile-image-base
:
base.tar.xz
sed
-e
"s/TEMPLATE_ROOTFS_FILE/base.tar.xz/"
\
-e
"s/TEMPLATE_ROOTFS_URL/file:
\/\/\/
base.tar.xz/"
\
-e
"s/TEMPLATE_ROOTFS_HASH/
$$
(cat base.tar.xz.SHA256)/"
\
Dockerfile.template
>
Dockerfile.base
.PHONY
:
dockerfile-image-base-devel
dockerfile-image-base-devel
:
base-devel.tar.xz
sed
-e
"s/TEMPLATE_ROOTFS_FILE/base-devel.tar.xz/"
\
-e
"s/TEMPLATE_ROOTFS_URL/file:
\/\/\/
base-devel.tar.xz/"
\
-e
"s/TEMPLATE_ROOTFS_HASH/
$$
(cat base-devel.tar.xz.SHA256)/"
\
Dockerfile.template
>
Dockerfile.base-devel
.PHONY
:
docker-image-base
docker-image-base
:
base.tar.xz
unxz base.tar.xz
sed
"s/TEMPLATE_LOCATION_HERE/base.tar/"
Dockerfile.template
>
Dockerfile.base
docker-image-base
:
dockerfile-image-base
docker build
-f
Dockerfile.base
-t
archlinux/archlinux:base .
.PHONY
:
docker-image-base-devel
docker-image-base-devel
:
base-devel.tar.xz
unxz base-devel.tar.xz
sed
"s/TEMPLATE_LOCATION_HERE/base-devel.tar/"
Dockerfile.template
>
Dockerfile.base-devel
docker-image-base-devel
:
dockerfile-image-base-devel
docker build
-f
Dockerfile.base-devel
-t
archlinux/archlinux:base-devel .
.PHONY
:
docker-push-base
...
...
ci/release.py
View file @
9b52d567
...
...
@@ -11,6 +11,7 @@ Required env vars:
"""
import
os
import
re
from
pathlib
import
Path
import
gitlab
...
...
@@ -24,22 +25,36 @@ if __name__ == "__main__":
project
=
gl
.
projects
.
get
(
project_id
)
print
(
"Uploading base.tar.xz"
)
base_filename
=
f
"base-
{
build_date
}
.tar.xz"
base_uploaded_url
=
project
.
upload
(
f
"
base
-
{
build_date
}
.tar.xz"
,
filepath
=
"base.tar.xz"
base
_filename
,
filepath
=
"base.tar.xz"
)[
"url"
]
base_template
=
Path
(
"Dockerfile.template"
).
read_text
()
base_full_url
=
f
"
{
project_url
}{
base_uploaded_url
}
"
base_replaced
=
base_template
.
replace
(
"TEMPLATE_LOCATION_HERE"
,
base_full_url
)
base_replaced
=
base_template
.
replace
(
"TEMPLATE_ROOTFS_URL"
,
base_full_url
)
base_hash
=
f
"
{
Path
(
'base.tar.xz.SHA256'
).
read_text
()[
0
:
64
]
}
{
base_filename
}
"
base_replaced
=
base_replaced
.
replace
(
"TEMPLATE_ROOTFS_HASH"
,
base_hash
)
# Remove the line containing TEMPLATE_ROOTFS_FILE
base_replaced
=
re
.
sub
(
".*TEMPLATE_ROOTFS_FILE.*
\n
"
,
""
,
base_replaced
)
print
(
"Uploading base-devel.tar.xz"
)
base_devel_filename
=
f
"base-devel-
{
build_date
}
.tar.xz"
base_devel_uploaded_url
=
project
.
upload
(
f
"
base
-
devel
-
{
build_date
}
.tar.xz"
,
filepath
=
"base-devel.tar.xz"
base
_
devel
_filename
,
filepath
=
"base-devel.tar.xz"
)[
"url"
]
base_devel_template
=
Path
(
"Dockerfile.template"
).
read_text
()
base_devel_full_url
=
f
"
{
project_url
}{
base_devel_uploaded_url
}
"
base_devel_replaced
=
base_devel_template
.
replace
(
"TEMPLATE_LOCATION_HERE"
,
base_devel_full_url
"TEMPLATE_ROOTFS_URL"
,
base_devel_full_url
)
base_devel_hash
=
f
"
{
Path
(
'base-devel.tar.xz.SHA256'
).
read_text
()[
0
:
64
]
}
{
base_devel_filename
}
"
base_devel_replaced
=
base_devel_replaced
.
replace
(
"TEMPLATE_ROOTFS_HASH"
,
base_devel_hash
)
# Remove the line containing TEMPLATE_ROOTFS_FILE
base_devel_replaced
=
re
.
sub
(
".*TEMPLATE_ROOTFS_FILE.*
\n
"
,
""
,
base_devel_replaced
)
print
(
"Templating Dockerfiles"
)
data
=
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment