1
0
mirror of https://codeberg.org/privacy1st/arch synced 2025-01-12 03:46:05 +01:00

Build packages with Docker

This commit is contained in:
Daniel Langbein 2021-05-13 13:44:34 +00:00
parent 33e7c8f6c7
commit 26a1b23ce7
7 changed files with 159 additions and 1 deletions

3
.dockerignore Normal file

@ -0,0 +1,3 @@
*
!Dockerfile
!run.sh

1
.gitignore vendored

@ -9,3 +9,4 @@
/pkg/de-p1st-gnupg/duraconf/
/archlive/
/out/

34
Dockerfile Normal file

@ -0,0 +1,34 @@
# https://github.com/ungoogled-software/ungoogled-chromium-archlinux/blob/master/.github/workflows/build/Dockerfile
# https://github.com/WhyNotHugo/docker-makepkg/blob/main/Dockerfile
FROM archlinux:base-devel
# Add de-p1st mirror ...
RUN printf '\n[de-p1st]\nSigLevel = Optional TrustAll\nServer = https://arch.p1st.de\n' >> /etc/pacman.conf
# ... and update mirrors + packages
RUN pacman -Syu --noconfirm
# Set packager
RUN sed --in-place 's|^#PACKAGER=.*$|PACKAGER="Daniel Langbein <daniel@systemli.org>"|' /etc/makepkg.conf
# Store built packages in /out/
RUN sed --in-place 's|^#PKGDEST=.*$|PKGDEST=/out|' /etc/makepkg.conf
# Create a normal user to be used by makepkg
RUN useradd --create-home build
RUN echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# Create output directory
RUN mkdir -p /out
# Continue execution (and CMD) as notroot:
USER build
WORKDIR /home/build
# Auto-fetch GPG keys (to check signatures):
RUN mkdir .gnupg && \
echo "keyserver-options auto-key-retrieve" > .gnupg/gpg.conf
COPY run.sh /home/build/run.sh
ENTRYPOINT [ "/bin/bash", "/home/build/run.sh" ]
# Default arguments passed to /run.sh
CMD [ "pkg/de-p1st-installer" ]

43
build-pkg-docker.sh Executable file

@ -0,0 +1,43 @@
#!/usr/bin/env bash
function is-installed() {
type "${1}"
}
function start-docker() {
is-installed "systemctl" || return $?
is-installed "docker" || return $?
res="$(systemctl show --property ActiveState docker)" || return $?
case "${res}" in
"ActiveState=active")
# Docker service is active
;;
"ActiveState=inactive")
# Docker service is inactive -> Let's start it
echo "Starting docker service ..."
sudo systemctl start docker || return $?
;;
*)
echo "Unknown state or error!"
return 1
esac
}
function build-pkg() {
sudo docker-compose run makepkg "${1}"
}
function main() {
start-docker || return $?
is-installed "docker-compose" || return $?
PKGS=(xorg-meta de-p1st-systemd de-p1st-sudo de-p1st-screen de-p1st-pacman de-p1st-pacman-mirrorlist de-p1st-networkmanager de-p1st-ucode-placeholder de-p1st-ucode-intel de-p1st-ucode-amd de-p1st-nano de-p1st-mkinitcpio de-p1st-makepkg de-p1st-grub de-p1st-font de-p1st-keyboard-de de-p1st-keyboard-x11-de de-p1st-gnupg de-p1st-redshift de-p1st-theme de-p1st-gpu-generic de-p1st-gpu-amdgpu de-p1st-installer de-p1st-repo)
for PKG in "${PKGS[@]}"; do
build-pkg "${PKG}" || return $?
done
echo "Successfully built all packages!"
}
main "$@"

@ -77,7 +77,7 @@ function main() {
# No arguments given
# -> build in specified order EXCEPT de-p1st-locale
build-pkg xorg-meta de-p1st-systemd de-p1st-sudo de-p1st-screen de-p1st-pacman de-p1st-pacman-mirrorlist de-p1st-networkmanager de-p1st-ucode-placeholder de-p1st-ucode-intel de-p1st-ucode-amd de-p1st-nano de-p1st-mkinitcpio de-p1st-makepkg de-p1st-grub de-p1st-font de-p1st-keyboard-de de-p1st-keyboard-de-x11 de-p1st-gnupg de-p1st-redshift de-p1st-theme de-p1st-gpu-generic de-p1st-gpu-amdgpu de-p1st-installer de-p1st-repo || return $?
build-pkg xorg-meta de-p1st-systemd de-p1st-sudo de-p1st-screen de-p1st-pacman de-p1st-pacman-mirrorlist de-p1st-networkmanager de-p1st-ucode-placeholder de-p1st-ucode-intel de-p1st-ucode-amd de-p1st-nano de-p1st-mkinitcpio de-p1st-makepkg de-p1st-grub de-p1st-font de-p1st-keyboard-de de-p1st-keyboard-x11-de de-p1st-gnupg de-p1st-redshift de-p1st-theme de-p1st-gpu-generic de-p1st-gpu-amdgpu de-p1st-installer de-p1st-repo || return $?
push-pkg || return $?
build-pkg de-p1st-smartcard de-p1st-kernel-default de-p1st-kernel-lts de-p1st-dns || return $?

12
docker-compose.yml Normal file

@ -0,0 +1,12 @@
version: '3.7'
services:
makepkg:
build: .
command: ["de-p1st-font", "de-p1st-nano", "de-p1st-grub", "de-p1st-installer", "de-p1st-repo"]
volumes:
- ./pkg:/pkg:ro
- ./out:/out
# interactive
stdin_open: true # docker run -i
tty: true # docker run -t

65
run.sh Normal file

@ -0,0 +1,65 @@
#!/bin/bash
#
# For each ARG in ARGUMENTS
# build /pkg/$ARG/PKGBUILD
# and store the built package at /out/
#
# If no ARGUMENTS are given, then fallback to path /pkg/PKGBUILD
#
set -e
function build-pkg(){
# Make a copy as "/pkg" might be read-only and we do not want to alter it
cp -r "${PKG}" /tmp/pkg
cd /tmp/pkg
# Build the package.
# One could add argument "--noconfirm" to "makepkg" (which will be passed to Pacman) for non-interactive mode.
set +e
makepkg --syncdeps
saved="$?"
set -e
case "${saved}" in
"0")
# Exit code 0, no error occurred.
true
;;
"13")
# Exit code 13: A package has already been built.
true # Skip already built packages!
;;
*)
# Exit with exit-code from makepkg.
exit ${saved}
;;
esac
}
function main(){
# Write-permission for user "build"
sudo chown "build:wheel" /out
# Refresh mirrors -> not required as makepkg does this on every run
# sudo pacman -Sy
# If first argument is zero, use default directory
if [ -z "${1}" ]; then
PKG=/pkg
echo "No argument given. Using default ${PKG} directory to look for PKGBUILD ..."
build-pkg
# Else repeat fo for each argument
else
for RELATIVE_PKG_DIR in "$@"; do
PKG=/pkg/"${RELATIVE_PKG_DIR}"
echo "Looking for PKGBUILD in ${PKG} ..."
build-pkg
done
fi
# Ensure permissions match those of the original PKGBUILD.
sudo chown "$(stat -c '%u:%g' "${PKG}"/PKGBUILD)" /out/*.pkg.tar.*
}
main "$@"