diff --git a/scripts/make-dockerfile.sh b/scripts/make-dockerfile.sh new file mode 100755 index 0000000..e9e6255 --- /dev/null +++ b/scripts/make-dockerfile.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -euo pipefail + +declare -r ROOTFS_FILE="$1" +declare -r GROUP="$2" +declare -r OUTPUTDIR="$3" +declare -r DOWNLOAD="$4" +declare -r TITLE="$5" + +BUILD_VERSION="${BUILD_VERSION:-dev}" +CI_COMMIT_SHA="${CI_COMMIT_SHA:-$(git rev-parse HEAD)}" + +sed -e "s|TEMPLATE_ROOTFS_FILE|$ROOTFS_FILE|" \ + -e "s|TEMPLATE_ROOTFS_DOWNLOAD|$DOWNLOAD|" \ + -e "s|TEMPLATE_ROOTFS_HASH|$(cat $OUTPUTDIR/$ROOTFS_FILE.SHA256)|" \ + -e "s|TEMPLATE_TITLE|Arch Linux $TITLE Image|" \ + -e "s|TEMPLATE_VERSION_ID|$BUILD_VERSION|" \ + -e "s|TEMPLATE_REVISION|$CI_COMMIT_SHA|" \ + -e "s|TEMPLATE_CREATED|$(date -Is)|" \ + Dockerfile.template > "$OUTPUTDIR/Dockerfile.$GROUP" diff --git a/scripts/make-rootfs.sh b/scripts/make-rootfs.sh new file mode 100755 index 0000000..001a88c --- /dev/null +++ b/scripts/make-rootfs.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +set -euo pipefail + +declare -r WRAPPER="fakechroot -- fakeroot" + +declare -r GROUP="$1" +declare -r BUILDDIR="$2" +declare -r OUTPUTDIR="$3" + +mkdir -vp "$BUILDDIR/alpm-hooks/usr/share/libalpm/hooks" +find /usr/share/libalpm/hooks -exec ln -sf /dev/null "$BUILDDIR/alpm-hooks"{} \; + +mkdir -vp "$BUILDDIR/var/lib/pacman/" "$OUTPUTDIR" +[[ "$GROUP" == "multilib-devel" ]] && pacman_conf=multilib.conf || pacman_conf=extra.conf +install -Dm644 "/usr/share/devtools/pacman.conf.d/$pacman_conf" "$BUILDDIR/etc/pacman.conf" + +awk ' + { + print + if ($0 ~ /^Include *=/ && !found++) { + last_include_line = NR + } + } + END { + if (last_include_line) { + print "\n[ppr]" + print "SigLevel = Never" + print "Include = /etc/pacman.d/parch-mirrors" + print "" + print "[pcp]" + print "SigLevel = Never" + print "Include = /etc/pacman.d/parch-mirrors" + } + } +' "$BUILDDIR/etc/pacman.conf" > "$BUILDDIR/etc/pacman.conf.tmp" && mv "$BUILDDIR/etc/pacman.conf.tmp" "$BUILDDIR/etc/pacman.conf" + +cat pacman-conf.d-noextract.conf >> "$BUILDDIR/etc/pacman.conf" + +sed 's/Include = /&rootfs/g' < "$BUILDDIR/etc/pacman.conf" > pacman.conf + +sed -i '/#DisableSandbox/{c\ +# No kernel landlock in containerd\ +DisableSandbox +}' "$BUILDDIR/etc/pacman.conf" + +cp --recursive --preserve=timestamps rootfs/* "$BUILDDIR/" + +$WRAPPER -- \ + pacman -Sy -r "$BUILDDIR" \ + --noconfirm --dbpath "$BUILDDIR/var/lib/pacman" \ + --config pacman.conf \ + --noscriptlet \ + --hookdir "$BUILDDIR/alpm-hooks/usr/share/libalpm/hooks/" base "$GROUP" + +$WRAPPER -- chroot "$BUILDDIR" update-ca-trust +$WRAPPER -- chroot "$BUILDDIR" pacman-key --init +$WRAPPER -- chroot "$BUILDDIR" pacman-key --populate + +$WRAPPER -- chroot "$BUILDDIR" /usr/bin/systemd-sysusers --root "/" + +sed -i -e 's/^root::/root:!:/' "$BUILDDIR/etc/shadow" + +fakeroot -- \ + tar \ + --numeric-owner \ + --xattrs \ + --acls \ + --exclude-from=exclude \ + -C "$BUILDDIR" \ + -c . \ + -f "$OUTPUTDIR/$GROUP.tar" + +cd "$OUTPUTDIR" +zstd --long -T0 -8 "$GROUP.tar" +sha256sum "$GROUP.tar.zst" > "$GROUP.tar.zst.SHA256"