# Inspiration: # * https://github.com/ungoogled-software/ungoogled-chromium-archlinux/blob/master/.github/workflows/build/Dockerfile # * https://github.com/WhyNotHugo/docker-makepkg/blob/main/Dockerfile FROM archlinux:base-devel # 0. DisableDownloadTimeout # 1. Add de-p1st mirror # 2. Add home_ungoogled_chromium_Arch (ungoogled-chromium) mirror # 3. Add signing key of home_ungoogled_chromium_Arch mirror # 4. Enable parallel downloads # TODO: Wait until next baseimage update # && sed --in-place 's|^#ParallelDownloads\s*=.*$|ParallelDownloads = 4|' /etc/pacman.conf \ # 5. Update mirrors + packages # 6. Install svn for makepkg to handle svn sources RUN printf '\n[options]\nDisableDownloadTimeout\n' >> /etc/pacman.conf && \ printf '\n[de-p1st]\nSigLevel = Optional TrustAll\nServer = https://arch.p1st.de\n' >> /etc/pacman.conf && \ printf '\n[home_ungoogled_chromium_Arch]\nSigLevel = Required TrustAll\nServer = https://download.opensuse.org/repositories/home:/ungoogled_chromium/Arch/$arch\n' >> /etc/pacman.conf && \ curl -s 'https://download.opensuse.org/repositories/home:/ungoogled_chromium/Arch/x86_64/home_ungoogled_chromium_Arch.key' | pacman-key --add - && \ pacman -Syu --noconfirm && \ pacman -S --needed --noconfirm svn # 1. Set packager # 2. Store built packages in /out/ RUN sed --in-place 's|^#PACKAGER=.*$|PACKAGER="Daniel Langbein "|' /etc/makepkg.conf && \ sed --in-place 's|^#PKGDEST=.*$|PKGDEST=/out|' /etc/makepkg.conf # Create a normal user to be used by makepkg RUN useradd --create-home build RUN echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers # Create output directory RUN mkdir -p /out # Continue execution (and CMD) as notroot: USER build WORKDIR /home/build # Auto-fetch GPG keys (to check signatures): RUN install -dm0700 .gnupg && \ install -m0600 <(printf "keyserver-options auto-key-retrieve\nkeyserver hkp://keyserver.ubuntu.com\n") .gnupg/gpg.conf # # GnuPG key import from keys.opengpg.org does not work for all keys, see # https://keys.openpgp.org/about/usage#gnupg-troubleshooting # https://superuser.com/a/1485255 # It seems as if thos won't be fixed: # https://dev.gnupg.org/T4393 # Thus we use the ubuntu keyserver instead. COPY run.sh /home/build/run.sh ENTRYPOINT [ "/bin/bash", "/home/build/run.sh" ] # Default arguments passed to /run.sh # CMD [ "de-p1st-font" ]