mirror of
https://github.com/outbackdingo/debos.git
synced 2026-01-27 10:18:47 +00:00
e5b84f2752
Since the user-mode-linux backend is flaky in trixie remove the runtime deps from the docker container so that it cannot be used. Signed-off-by: Christopher Obbard <christopher.obbard@linaro.org>
143 lines
4.1 KiB
Docker
143 lines
4.1 KiB
Docker
# Global ARGs shared by all stages
|
|
ARG DEBIAN_FRONTEND=noninteractive
|
|
ARG GOPATH=/usr/local/go
|
|
|
|
### first stage - builder ###
|
|
FROM debian:trixie-slim AS builder
|
|
|
|
ARG DEBIAN_FRONTEND
|
|
ARG GOPATH
|
|
ENV GOPATH=${GOPATH}
|
|
|
|
# install debos build and unit-test dependencies
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends \
|
|
ca-certificates \
|
|
curl \
|
|
gcc \
|
|
git \
|
|
golang-go \
|
|
libc6-dev \
|
|
libostree-dev \
|
|
unzip && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Optionally add host CA certificates for environments with MITM proxies
|
|
# Usage: DOCKER_BUILDKIT=1 docker build --secret id=cacert,src=/etc/ssl/certs/ca-certificates.crt ...
|
|
RUN --mount=type=secret,id=cacert,target=/tmp/host-ca-certificates.crt \
|
|
if [ -f /tmp/host-ca-certificates.crt ]; then \
|
|
cp /tmp/host-ca-certificates.crt /usr/local/share/ca-certificates/host-ca-certificates.crt && \
|
|
update-ca-certificates; \
|
|
fi
|
|
|
|
# Build debos
|
|
ARG DEBOS_VER
|
|
COPY . $GOPATH/src/github.com/go-debos/debos
|
|
WORKDIR $GOPATH/src/github.com/go-debos/debos/cmd/debos
|
|
RUN go install -ldflags="-X main.Version=${DEBOS_VER}" ./...
|
|
|
|
# Install the latest archlinux-keyring, since the one in Debian is bound
|
|
# to get outdated sooner or later.
|
|
# WARNING: returning to the debian package will break the pacstrap action
|
|
COPY docker/get-archlinux-keyring.sh /
|
|
RUN /get-archlinux-keyring.sh /arch-keyring
|
|
|
|
### second stage - runner ###
|
|
FROM debian:trixie-slim AS runner-amd64
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends initramfs-tools && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
RUN rm /etc/kernel/postinst.d/*
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends \
|
|
linux-image-amd64 \
|
|
qemu-system-x86 && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
FROM debian:trixie-slim AS runner-arm64
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends initramfs-tools && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
RUN rm /etc/kernel/postinst.d/*
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends \
|
|
linux-image-arm64 \
|
|
qemu-system-arm \
|
|
# fixes: qemu-system-aarch64: failed to find romfile "efi-virtio.rom"
|
|
ipxe-qemu && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
FROM runner-${TARGETARCH} AS runner
|
|
|
|
ARG DEBIAN_FRONTEND
|
|
ARG GOPATH
|
|
|
|
# Set HOME to a writable directory in case something wants to cache things
|
|
ENV HOME=/tmp
|
|
|
|
LABEL org.label-schema.name="debos"
|
|
LABEL org.label-schema.description="Debian OS builder"
|
|
LABEL org.label-schema.vcs-url="https://github.com/go-debos/debos"
|
|
LABEL org.label-schema.docker.cmd='docker run \
|
|
--rm \
|
|
--interactive \
|
|
--tty \
|
|
--device /dev/kvm \
|
|
--user $(id -u) \
|
|
--workdir /recipes \
|
|
--mount "type=bind,source=$(pwd),destination=/recipes" \
|
|
--security-opt label=disable'
|
|
|
|
# debos runtime dependencies
|
|
# ca-certificates is required to validate HTTPS certificates when getting debootstrap release file
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends \
|
|
apt-transport-https \
|
|
binfmt-support \
|
|
bmap-tools \
|
|
btrfs-progs \
|
|
busybox \
|
|
bzip2 \
|
|
ca-certificates \
|
|
debian-ports-archive-keyring \
|
|
debootstrap \
|
|
mmdebstrap \
|
|
dosfstools \
|
|
e2fsprogs \
|
|
equivs \
|
|
fdisk \
|
|
f2fs-tools \
|
|
git \
|
|
gzip \
|
|
pigz \
|
|
libostree-1-1 \
|
|
openssh-client \
|
|
parted \
|
|
pkg-config \
|
|
qemu-user-static \
|
|
qemu-utils \
|
|
rsync \
|
|
systemd \
|
|
systemd-container \
|
|
systemd-resolved \
|
|
u-boot-tools \
|
|
unzip \
|
|
xfsprogs \
|
|
xz-utils \
|
|
zip \
|
|
zstd \
|
|
makepkg \
|
|
pacman-package-manager \
|
|
arch-install-scripts \
|
|
arch-test && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY --from=builder $GOPATH/bin/debos /usr/local/bin/debos
|
|
|
|
# Install the latest archlinux-keyring, since the one in Debian is bound
|
|
# to get outdated sooner or later.
|
|
# WARNING: returning to the debian package will break the pacstrap action
|
|
COPY --from=builder /arch-keyring /usr/share/keyrings
|
|
|
|
ENTRYPOINT ["/usr/local/bin/debos"]
|