Commit 73504a73 authored by hashworks's avatar hashworks
Browse files

Merge branch 'dockerfileCMDsToMakefile' into 'master'

Move all Dockerfile commands to Makefile

Closes #45

See merge request !49
parents 41d5da41 17b668ef
......@@ -39,6 +39,8 @@ get_version:
stage: rootfs
before_script:
- pacman -Syu --noconfirm make devtools fakechroot fakeroot
script:
- make $PWD/output/Dockerfile.$GROUP
artifacts:
paths:
- output/*
......@@ -54,8 +56,6 @@ rootfs:
parallel:
matrix:
- GROUP: [base, base-devel]
script:
- make $PWD/output/$GROUP.tar.xz $PWD/output/Dockerfile.$GROUP
rootfs:secure:
extends: .rootfs
......@@ -70,8 +70,6 @@ rootfs:secure:
parallel:
matrix:
- GROUP: [base, base-devel]
script:
- make $PWD/output/$GROUP.tar.xz $PWD/output/Dockerfile.$GROUP
.image:
stage: image
......@@ -151,22 +149,26 @@ image:publish:secure:
refs:
- releases
- tags
script:
- pacman -Sy
- pacman -Qqk
- pacman -Syu --noconfirm docker grep
- docker -v
- id -u http
- locale | grep -q UTF-8
.test-script: &test-script
- pacman -Sy
- pacman -Qqk
- pacman -Syu --noconfirm docker grep
- docker -v
- id -u http
- locale | grep -q UTF-8
test:base:
extends: .test
image: $CI_REGISTRY_IMAGE:base-$CI_COMMIT_REF_SLUG
script:
- *test-script
test:base-devel:
extends: .test
image: $CI_REGISTRY_IMAGE:base-devel-$CI_COMMIT_REF_SLUG
after_script:
script:
- *test-script
- gcc -v
- g++ -v
- make -v
......
......@@ -20,15 +20,7 @@ RUN ROOTFS="$(curl -sOJL --continue-at - -w "%{filename_effective}" TEMPLATE_ROO
FROM scratch AS root
COPY --from=verify /rootfs/ /
# manually run all alpm hooks that can't be run inside the fakechroot
RUN ldconfig && update-ca-trust && locale-gen
RUN sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers '
# update /etc/os-release
RUN ln -s /usr/lib/os-release /etc/os-release
# initialize the archlinux keyring, but discard any private key that may be shipped.
RUN pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"
RUN ldconfig
ENV LANG=en_US.UTF-8
CMD ["/usr/bin/bash"]
......@@ -8,13 +8,22 @@ define rootfs
mkdir -vp $(BUILDDIR)/var/lib/pacman/ $(OUTPUTDIR)
install -Dm644 /usr/share/devtools/pacman-extra.conf $(BUILDDIR)/etc/pacman.conf
cat pacman-conf.d-noextract.conf >> $(BUILDDIR)/etc/pacman.conf
fakechroot -- fakeroot -- pacman -Sy -r $(BUILDDIR) \
--noconfirm --dbpath $(BUILDDIR)/var/lib/pacman \
--config $(BUILDDIR)/etc/pacman.conf \
--noscriptlet \
--hookdir $(BUILDDIR)/alpm-hooks/usr/share/libalpm/hooks/ $(2)
cp --recursive --preserve=timestamps --backup --suffix=.pacnew rootfs/* $(BUILDDIR)/
fakechroot -- fakeroot -- chroot $(BUILDDIR) update-ca-trust
fakechroot -- fakeroot -- chroot $(BUILDDIR) locale-gen
fakechroot -- fakeroot -- chroot $(BUILDDIR) sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers'
fakechroot -- fakeroot -- chroot $(BUILDDIR) sh -c 'pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"'
ln -fs /usr/lib/os-release $(BUILDDIR)/etc/os-release
# remove passwordless login for root (see CVE-2019-5021 for reference)
sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow"
......@@ -42,16 +51,16 @@ $(OUTPUTDIR)/base.tar.xz:
$(OUTPUTDIR)/base-devel.tar.xz:
$(call rootfs,base-devel,base base-devel)
$(OUTPUTDIR)/Dockerfile.base:
$(OUTPUTDIR)/Dockerfile.base: $(OUTPUTDIR)/base.tar.xz
$(call dockerfile,base)
$(OUTPUTDIR)/Dockerfile.base-devel:
$(OUTPUTDIR)/Dockerfile.base-devel: $(OUTPUTDIR)/base-devel.tar.xz
$(call dockerfile,base-devel)
.PHONY: docker-image-base
image-base: $(OUTPUTDIR)/base.tar.xz $(OUTPUTDIR)/Dockerfile.base
image-base: $(OUTPUTDIR)/Dockerfile.base
docker build -f $(OUTPUTDIR)/Dockerfile.base -t archlinux/archlinux:base $(OUTPUTDIR)
.PHONY: docker-image-base-devel
image-base-devel: $(OUTPUTDIR)/base-devel.tar.xz $(OUTPUTDIR)/Dockerfile.base-devel
image-base-devel: $(OUTPUTDIR)/Dockerfile.base-devel
docker build -f $(OUTPUTDIR)/Dockerfile.base-devel -t archlinux/archlinux:base-devel $(OUTPUTDIR)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment