-
Notifications
You must be signed in to change notification settings - Fork 25
/
Dockerfile
51 lines (45 loc) · 2.41 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# Build SELinux packages for Arch linux in Docker/Podman container
# Usage:
# sudo docker build -t arch-selinux-build .
# or
# podman build -t arch-selinux-build .
#
# Once the container is built, you can get the packages in "pkgs" directory with:
# sudo docker run -v "$(pwd)/pkgs:/packages" --rm -ti arch-selinux-build
# or
# podman run -v "$(pwd)/pkgs:/packages" --rm -ti arch-selinux-build
# Use official Arch Linux Docker image:
# https://gitlab.archlinux.org/archlinux/archlinux-docker
FROM docker.io/archlinux/archlinux:latest
LABEL Description="Build SELinux packages for Arch Linux"
COPY . /startdir
# * Install base packages which needed to build SELinux packages,
# upgrading the system because mirrors remove older versions of package and
# weird issues can occur for example when python or ruby is up to date but not
# their dependencies (like libxcrypt, openssl, etc.).
# * Configure the system to be able to build packages as builduser, like makechrootpkg:
# https://github.com/archlinux/devtools/blob/20200407/makechrootpkg.in#L155
# * Sync GPG keys used to verify package sources
# * Build and install every package, using /build as build directory
# * Remove temporary files
RUN \
pacman -q --noconfirm -Syu base base-devel expect git && \
pacman --noconfirm -Sc && \
rm -rf /var/cache/pacman/pkg/* && \
ln -sf /usr/share/zoneinfo/UTC /etc/localtime && \
useradd -g users -m builduser && \
echo 'builduser ALL=(ALL) NOPASSWD: /usr/bin/pacman' >> /etc/sudoers && \
echo 'builduser ALL=(ALL) NOPASSWD: /usr/bin/sh -c { pacman --noconfirm --ask=4 -U sudo-selinux/sudo-selinux-*.pkg.tar.zst && if test -e /etc/sudoers.pacsave ; then mv /etc/sudoers.pacsave /etc/sudoers ; fi }' >> /etc/sudoers && \
echo 'MAKEFLAGS="-j$(nproc)"' >> /etc/makepkg.conf && \
echo 'BUILDDIR=/build' >> /etc/makepkg.conf && \
echo 'LOGDEST=/logdest' >> /etc/makepkg.conf && \
mkdir /packages /build /logdest && \
chown -R builduser /startdir /packages /build /logdest && \
sudo -u builduser /startdir/clean.sh && \
sudo -u builduser /startdir/recv_gpg_keys.sh && \
sudo -u builduser /startdir/build_and_install_all.sh && \
rm -rf /startdir/*/src/ /startdir/*/pkg/ && \
pacman --noconfirm -Sc && rm -rf /var/cache/pacman/pkg/*
WORKDIR /startdir
# Copy packages to /packages when running, so that they can be easily exported.
CMD ["sh", "-c", "cp /startdir/*/*.pkg.tar.zst /packages"]