1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
# Global ARGs shared by all stages
ARG DEBIAN_FRONTEND=noninteractive
ARG GOPATH=/usr/local/go
### first stage - builder ###
FROM debian:trixie-slim AS builder
ARG DEBIAN_FRONTEND
ARG GOPATH
ENV GOPATH=${GOPATH}
# install debos build and unit-test dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
gcc \
git \
golang-go \
libc6-dev \
libostree-dev \
unzip && \
rm -rf /var/lib/apt/lists/*
# Optionally add host CA certificates for environments with MITM proxies
# Usage: DOCKER_BUILDKIT=1 docker build --secret id=cacert,src=/etc/ssl/certs/ca-certificates.crt ...
RUN --mount=type=secret,id=cacert,target=/tmp/host-ca-certificates.crt \
if [ -f /tmp/host-ca-certificates.crt ]; then \
cp /tmp/host-ca-certificates.crt /usr/local/share/ca-certificates/host-ca-certificates.crt && \
update-ca-certificates; \
fi
# Build debos
ARG DEBOS_VER
COPY . $GOPATH/src/github.com/go-debos/debos
WORKDIR $GOPATH/src/github.com/go-debos/debos/cmd/debos
RUN go install -ldflags="-X main.Version=${DEBOS_VER}" ./...
# Install the latest archlinux-keyring, since the one in Debian is bound
# to get outdated sooner or later.
# WARNING: returning to the debian package will break the pacstrap action
COPY docker/get-archlinux-keyring.sh /
RUN /get-archlinux-keyring.sh /arch-keyring
### second stage - runner ###
FROM debian:trixie-slim AS runner-amd64
RUN apt-get update && \
apt-get install -y --no-install-recommends initramfs-tools && \
rm -rf /var/lib/apt/lists/*
RUN rm /etc/kernel/postinst.d/*
RUN apt-get update && \
apt-get install -y --no-install-recommends \
linux-image-amd64 \
qemu-system-x86 && \
rm -rf /var/lib/apt/lists/*
FROM debian:trixie-slim AS runner-arm64
RUN apt-get update && \
apt-get install -y --no-install-recommends initramfs-tools && \
rm -rf /var/lib/apt/lists/*
RUN rm /etc/kernel/postinst.d/*
RUN apt-get update && \
apt-get install -y --no-install-recommends \
linux-image-arm64 \
qemu-system-arm \
# fixes: qemu-system-aarch64: failed to find romfile "efi-virtio.rom"
ipxe-qemu && \
rm -rf /var/lib/apt/lists/*
FROM runner-${TARGETARCH} AS runner
ARG DEBIAN_FRONTEND
ARG GOPATH
# Set HOME to a writable directory in case something wants to cache things
ENV HOME=/tmp
LABEL org.label-schema.name="debos"
LABEL org.label-schema.description="Debian OS builder"
LABEL org.label-schema.vcs-url="https://github.com/go-debos/debos"
LABEL org.label-schema.docker.cmd='docker run \
--rm \
--interactive \
--tty \
--device /dev/kvm \
--user $(id -u) \
--workdir /recipes \
--mount "type=bind,source=$(pwd),destination=/recipes" \
--security-opt label=disable'
# debos runtime dependencies
# ca-certificates is required to validate HTTPS certificates when getting debootstrap release file
RUN apt-get update && \
apt-get install -y --no-install-recommends \
apt-transport-https \
binfmt-support \
bmap-tools \
btrfs-progs \
busybox \
bzip2 \
ca-certificates \
debian-ports-archive-keyring \
debootstrap \
mmdebstrap \
dosfstools \
e2fsprogs \
equivs \
fdisk \
f2fs-tools \
git \
gzip \
pigz \
libostree-1-1 \
openssh-client \
parted \
pkg-config \
qemu-user-static \
qemu-utils \
rsync \
systemd \
systemd-container \
systemd-resolved \
u-boot-tools \
unzip \
xfsprogs \
xz-utils \
zip \
zstd \
makepkg \
pacman-package-manager \
arch-install-scripts \
arch-test && \
rm -rf /var/lib/apt/lists/*
COPY --from=builder $GOPATH/bin/debos /usr/local/bin/debos
# Install the latest archlinux-keyring, since the one in Debian is bound
# to get outdated sooner or later.
# WARNING: returning to the debian package will break the pacstrap action
COPY --from=builder /arch-keyring /usr/share/keyrings
ENTRYPOINT ["/usr/local/bin/debos"]
|
