gentoo-related/gentoo-binpkg-builder
gentoo-related/gentoo-binpkg-builder
Archived
1
0
Fork 0
Code Issues 1 Pull Requests Packages Activity

Merge branch 'build-container-from-stage3'

Browse Source 
Omit the step of using the official gentoo images
and use the stage3 tarballs directly.
This commit is contained in:
Nils Freydank 2023-10-22 11:21:42 +02:00
commit 5940ed8065
Signed by: nfr
GPG Key ID: 0F1DEAB2D36AD112
2 changed files with 47 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Dockerfile
View File

@ -4,10 +4,12 @@
# =========================================================================== # ===========================================================================
# Update the source image. # Update the source image.
# =========================================================================== # ===========================================================================
FROM gentoo/stage3:amd64-nomultilib-systemd as bootstrap
# Migrate to a merged-usr form. FROM scratch as bootstrap
RUN emerge --quiet-build=y --oneshot merge-usr # Unpack the stage3 archive (which is downloaded and verifed externally).
RUN merge-usr ARG ROOTFS_FILENAME=""
ADD ${ROOTFS_FILENAME} /
# Set the profile.
RUN eselect profile set "default/linux/amd64/17.1/no-multilib/systemd/merged-usr" RUN eselect profile set "default/linux/amd64/17.1/no-multilib/systemd/merged-usr"
# Replace /etc/portage/make.conf. # Replace /etc/portage/make.conf.
RUN rm --one-file-system /etc/portage/make.conf RUN rm --one-file-system /etc/portage/make.conf

46
build-image.sh
View File

@ -12,10 +12,15 @@ IMAGE_TAG="${REGISTRY}:${VERSION}"
REPOS="${REPOS:-/var/db/repos}" REPOS="${REPOS:-/var/db/repos}"
DISTFILES="${DISTFILES:-/var/cache/distfiles-podman-1}" DISTFILES="${DISTFILES:-/var/cache/distfiles-podman-1}"
DISTFILES_STAGE3="${DISTFILES_STAGE3:-distfiles}"
BINPKG="${BINPKG:-/var/cache/packages-podman-1}" BINPKG="${BINPKG:-/var/cache/packages-podman-1}"
LOGDIR="${LOGDIR:-$(pwd)/log}" LOGDIR="${LOGDIR:-$(pwd)/log}"
DOCKER_FILE="${DOCKER_FILE:-$(pwd)/Dockerfile}" DOCKER_FILE="${DOCKER_FILE:-$(pwd)/Dockerfile}"
ARCH="${ARCH:-amd64}"
MICROARCH="${MICROARCH:-amd64}"
OCI_ARCH="${OCI_ARCH:-linux/amd64}"
PODMAN_BUILD_ARGS=( PODMAN_BUILD_ARGS=(
# Do not leak the host's /etc/host into the container. # Do not leak the host's /etc/host into the container.
--no-hosts --no-hosts
@ -34,11 +39,16 @@ PODMAN_BUILD_ARGS=(
-v "${LOGDIR}:/var/log:rw,U" -v "${LOGDIR}:/var/log:rw,U"
# Use the given OCI file/Dockerfile. # Use the given OCI file/Dockerfile.
-f "${DOCKER_FILE}" -f "${DOCKER_FILE}"
# Add details about the architecture.
--build-arg ARCH="${ARCH}"
--build-arg MICROARCH="${MICROARCH}"
--platform "${OCI_ARCH}"
# Tag the generated image. # Tag the generated image.
-t "${IMAGE_TAG}" -t "${IMAGE_TAG}"
-t "${REGISTRY}:latest"
# Label the image. # Label the image.
--label="gentoo-nfr-${IMAGE_TAG}" --label="gentoo-nfr-${IMAGE_TAG}"
# Sign the image. # sign the image.
#--sign-by="${GPG_SIGNING_KEY}" #--sign-by="${GPG_SIGNING_KEY}"
# Rebuild everything w/o cache. # Rebuild everything w/o cache.
--no-cache --no-cache
@ -55,17 +65,43 @@ _mkdir()
mkdir -p "${@}" || exit_err "Could not create dir ${@}." mkdir -p "${@}" || exit_err "Could not create dir ${@}."
} }
# === Prepare all directories.
_mkdir "${REPOS}" _mkdir "${REPOS}"
_mkdir "${DISTFILES}" _mkdir "${DISTFILES}"
_mkdir "${DISTFILES_STAGE3}"
_mkdir "${BINPKG}" _mkdir "${BINPKG}"
_mkdir "${LOGDIR}" _mkdir "${LOGDIR}"
podman pull gentoo/stage3:amd64-nomultilib-systemd || exit_err "Could not fetch the image." # === Fetch the stage3 file (and verify it).
podman build "${PODMAN_BUILD_ARGS[@]}" || exit_err "Build failed." # Note: This uses some nasty string manipulation assuming a certain structure.
# If upstream changes the format, things will break here, again.
SERVER="https://ftp-osl.osuosl.org/pub/gentoo/releases/${ARCH}/autobuilds"
MY_STAGE3="latest-stage3-amd64-nomultilib-systemd-mergedusr.txt"
# Update the tag 'latest'. # Fetch the stage3 archive and its signature.
curl -sLC- -O --output-dir "${DISTFILES_STAGE3}" "${SERVER}/${MY_STAGE3}" \
|| exit_err "Could not download the pointer file for the stage3 archive."
gpg --verify "${DISTFILES_STAGE3}/${MY_STAGE3}" \
|| exit_err "Could not verify the download pointer file."
LATEST_ARCHIVE="$(grep $(echo ${MY_STAGE3} | sed 's/latest-//;s/.txt//') ${DISTFILES_STAGE3}/${MY_STAGE3} | cut -f1 -d' ')"
ARCHIVE_FILE_NAME="$(echo ${LATEST_ARCHIVE} | cut -f2 -d'/')"
curl -sLC- -O --output-dir "${DISTFILES_STAGE3}" "${SERVER}/${LATEST_ARCHIVE}" \
|| exit_err "Could not download the stage3 archive."
curl -sLC- -O --output-dir "${DISTFILES_STAGE3}" "${SERVER}/${LATEST_ARCHIVE}.asc" \
|| exit_err "Could not download the stage3 archive signature."
# Verify the signature.
gpg --verify "${DISTFILES_STAGE3}/${ARCHIVE_FILE_NAME}"{.asc,} \
|| exit_err "Could not verify the stage3 archive."
# === Remove the old tag 'latest'.
podman tag rm "${REGISTRY}:latest" # Do not exit_err here. At least on first run podman tag rm "${REGISTRY}:latest" # Do not exit_err here. At least on first run
# there is no latest tag to delete. # there is no latest tag to delete.
podman tag "${REGISTRY}:${VERSION}" "${REGISTRY}:latest" || exit_err "Could not tag new image as 'latest'."
# === Build the new image.
podman build --build-arg=ROOTFS_FILENAME="${DISTFILES_STAGE3}/${ARCHIVE_FILE_NAME}" \
"${PODMAN_BUILD_ARGS[@]}" || exit_err "Build failed."
# vim:fileencoding=utf-8:ts=4:syntax=bash:expandtab # vim:fileencoding=utf-8:ts=4:syntax=bash:expandtab