From 26a1b23ce7ac8d923630476dc443a9dd15d86272 Mon Sep 17 00:00:00 2001 From: langfingaz Date: Thu, 13 May 2021 13:44:34 +0000 Subject: [PATCH] Build packages with Docker --- .dockerignore | 3 +++ .gitignore | 1 + Dockerfile | 34 ++++++++++++++++++++++++ build-pkg-docker.sh | 43 ++++++++++++++++++++++++++++++ build-pkg.sh | 2 +- docker-compose.yml | 12 +++++++++ run.sh | 65 +++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 159 insertions(+), 1 deletion(-) create mode 100644 .dockerignore create mode 100644 Dockerfile create mode 100755 build-pkg-docker.sh create mode 100644 docker-compose.yml create mode 100644 run.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..ca36dd0 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +* +!Dockerfile +!run.sh diff --git a/.gitignore b/.gitignore index 3608c05..b9be933 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ /pkg/de-p1st-gnupg/duraconf/ /archlive/ +/out/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..a1b8f7f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,34 @@ +# https://github.com/ungoogled-software/ungoogled-chromium-archlinux/blob/master/.github/workflows/build/Dockerfile +# https://github.com/WhyNotHugo/docker-makepkg/blob/main/Dockerfile + +FROM archlinux:base-devel + +# Add de-p1st mirror ... +RUN printf '\n[de-p1st]\nSigLevel = Optional TrustAll\nServer = https://arch.p1st.de\n' >> /etc/pacman.conf +# ... and update mirrors + packages +RUN pacman -Syu --noconfirm + +# Set packager +RUN sed --in-place 's|^#PACKAGER=.*$|PACKAGER="Daniel Langbein "|' /etc/makepkg.conf +# Store built packages in /out/ +RUN sed --in-place 's|^#PKGDEST=.*$|PKGDEST=/out|' /etc/makepkg.conf + +# Create a normal user to be used by makepkg +RUN useradd --create-home build +RUN echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers + +# Create output directory +RUN mkdir -p /out + +# Continue execution (and CMD) as notroot: +USER build +WORKDIR /home/build + +# Auto-fetch GPG keys (to check signatures): +RUN mkdir .gnupg && \ + echo "keyserver-options auto-key-retrieve" > .gnupg/gpg.conf + +COPY run.sh /home/build/run.sh +ENTRYPOINT [ "/bin/bash", "/home/build/run.sh" ] +# Default arguments passed to /run.sh +CMD [ "pkg/de-p1st-installer" ] diff --git a/build-pkg-docker.sh b/build-pkg-docker.sh new file mode 100755 index 0000000..2a4db51 --- /dev/null +++ b/build-pkg-docker.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +function is-installed() { + type "${1}" +} + +function start-docker() { + is-installed "systemctl" || return $? + is-installed "docker" || return $? + + res="$(systemctl show --property ActiveState docker)" || return $? + case "${res}" in + "ActiveState=active") + # Docker service is active + ;; + "ActiveState=inactive") + # Docker service is inactive -> Let's start it + echo "Starting docker service ..." + sudo systemctl start docker || return $? + ;; + *) + echo "Unknown state or error!" + return 1 + esac +} + +function build-pkg() { + sudo docker-compose run makepkg "${1}" +} + +function main() { + start-docker || return $? + is-installed "docker-compose" || return $? + + PKGS=(xorg-meta de-p1st-systemd de-p1st-sudo de-p1st-screen de-p1st-pacman de-p1st-pacman-mirrorlist de-p1st-networkmanager de-p1st-ucode-placeholder de-p1st-ucode-intel de-p1st-ucode-amd de-p1st-nano de-p1st-mkinitcpio de-p1st-makepkg de-p1st-grub de-p1st-font de-p1st-keyboard-de de-p1st-keyboard-x11-de de-p1st-gnupg de-p1st-redshift de-p1st-theme de-p1st-gpu-generic de-p1st-gpu-amdgpu de-p1st-installer de-p1st-repo) + for PKG in "${PKGS[@]}"; do + build-pkg "${PKG}" || return $? + done + + echo "Successfully built all packages!" +} + +main "$@" diff --git a/build-pkg.sh b/build-pkg.sh index 1cf79f9..80f0ffb 100755 --- a/build-pkg.sh +++ b/build-pkg.sh @@ -77,7 +77,7 @@ function main() { # No arguments given # -> build in specified order EXCEPT de-p1st-locale - build-pkg xorg-meta de-p1st-systemd de-p1st-sudo de-p1st-screen de-p1st-pacman de-p1st-pacman-mirrorlist de-p1st-networkmanager de-p1st-ucode-placeholder de-p1st-ucode-intel de-p1st-ucode-amd de-p1st-nano de-p1st-mkinitcpio de-p1st-makepkg de-p1st-grub de-p1st-font de-p1st-keyboard-de de-p1st-keyboard-de-x11 de-p1st-gnupg de-p1st-redshift de-p1st-theme de-p1st-gpu-generic de-p1st-gpu-amdgpu de-p1st-installer de-p1st-repo || return $? + build-pkg xorg-meta de-p1st-systemd de-p1st-sudo de-p1st-screen de-p1st-pacman de-p1st-pacman-mirrorlist de-p1st-networkmanager de-p1st-ucode-placeholder de-p1st-ucode-intel de-p1st-ucode-amd de-p1st-nano de-p1st-mkinitcpio de-p1st-makepkg de-p1st-grub de-p1st-font de-p1st-keyboard-de de-p1st-keyboard-x11-de de-p1st-gnupg de-p1st-redshift de-p1st-theme de-p1st-gpu-generic de-p1st-gpu-amdgpu de-p1st-installer de-p1st-repo || return $? push-pkg || return $? build-pkg de-p1st-smartcard de-p1st-kernel-default de-p1st-kernel-lts de-p1st-dns || return $? diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..6ed57ea --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,12 @@ +version: '3.7' +services: + makepkg: + build: . + command: ["de-p1st-font", "de-p1st-nano", "de-p1st-grub", "de-p1st-installer", "de-p1st-repo"] + volumes: + - ./pkg:/pkg:ro + - ./out:/out + + # interactive + stdin_open: true # docker run -i + tty: true # docker run -t diff --git a/run.sh b/run.sh new file mode 100644 index 0000000..b253747 --- /dev/null +++ b/run.sh @@ -0,0 +1,65 @@ +#!/bin/bash +# +# For each ARG in ARGUMENTS +# build /pkg/$ARG/PKGBUILD +# and store the built package at /out/ +# +# If no ARGUMENTS are given, then fallback to path /pkg/PKGBUILD +# +set -e + +function build-pkg(){ + # Make a copy as "/pkg" might be read-only and we do not want to alter it + cp -r "${PKG}" /tmp/pkg + cd /tmp/pkg + + # Build the package. + # One could add argument "--noconfirm" to "makepkg" (which will be passed to Pacman) for non-interactive mode. + set +e + makepkg --syncdeps + saved="$?" + set -e + + case "${saved}" in + "0") + # Exit code 0, no error occurred. + true + ;; + "13") + # Exit code 13: A package has already been built. + true # Skip already built packages! + ;; + *) + # Exit with exit-code from makepkg. + exit ${saved} + ;; + esac +} + +function main(){ + # Write-permission for user "build" + sudo chown "build:wheel" /out + + + # Refresh mirrors -> not required as makepkg does this on every run + # sudo pacman -Sy + + # If first argument is zero, use default directory + if [ -z "${1}" ]; then + PKG=/pkg + echo "No argument given. Using default ${PKG} directory to look for PKGBUILD ..." + build-pkg + # Else repeat fo for each argument + else + for RELATIVE_PKG_DIR in "$@"; do + PKG=/pkg/"${RELATIVE_PKG_DIR}" + echo "Looking for PKGBUILD in ${PKG} ..." + build-pkg + done + fi + + # Ensure permissions match those of the original PKGBUILD. + sudo chown "$(stat -c '%u:%g' "${PKG}"/PKGBUILD)" /out/*.pkg.tar.* +} + +main "$@"