| 1 |
commit: 2a77ebf7e7c02d43eb9dd385dc808efd87a54af0 |
| 2 |
Author: Konstantinos Smanis <konstantinos.smanis <AT> gmail <DOT> com> |
| 3 |
AuthorDate: Sun Aug 23 18:54:34 2020 +0000 |
| 4 |
Commit: Alexys Jacob <ultrabug <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Sep 3 20:34:00 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/docker-images.git/commit/?id=2a77ebf7 |
| 7 |
|
| 8 |
Add CI builds for all supported stage3 architectures |
| 9 |
|
| 10 |
Build multiarch images using buildx [1] instead of modifying the image |
| 11 |
architecture post-creation with docker-copyedit. Although still |
| 12 |
experimental, buildx is the recommended way of building multi-platform |
| 13 |
images. |
| 14 |
|
| 15 |
All stage3 architectures that are supported by Docker [2] were added. |
| 16 |
|
| 17 |
Closes: #61 |
| 18 |
|
| 19 |
[1] https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images |
| 20 |
[2] https://github.com/docker-library/official-images#architectures-other-than-amd64 |
| 21 |
|
| 22 |
Signed-off-by: Konstantinos Smanis <konstantinos.smanis <AT> gmail.com> |
| 23 |
Closes: https://github.com/gentoo/gentoo-docker-images/pull/92 |
| 24 |
Signed-off-by: Alexys Jacob <ultrabug <AT> gentoo.org> |
| 25 |
|
| 26 |
.gitmodules | 3 --- |
| 27 |
.travis.yml | 67 ++++++++++++++++++++++++++++++++------------------- |
| 28 |
README.md | 59 +++++++++++++++++++++++++++++++++++++-------- |
| 29 |
build-multiarch.sh | 9 ------- |
| 30 |
build.sh | 71 ++++++++++++++++++++++++++++++++++-------------------- |
| 31 |
docker-copyedit | 1 - |
| 32 |
portage.Dockerfile | 2 +- |
| 33 |
stage3.Dockerfile | 2 +- |
| 34 |
8 files changed, 138 insertions(+), 76 deletions(-) |
| 35 |
|
| 36 |
diff --git a/.gitmodules b/.gitmodules |
| 37 |
deleted file mode 100644 |
| 38 |
index 52c678d..0000000 |
| 39 |
--- a/.gitmodules |
| 40 |
+++ /dev/null |
| 41 |
@@ -1,3 +0,0 @@ |
| 42 |
-[submodule "docker-copyedit"] |
| 43 |
- path = docker-copyedit |
| 44 |
- url = https://github.com/gdraheim/docker-copyedit.git |
| 45 |
|
| 46 |
diff --git a/.travis.yml b/.travis.yml |
| 47 |
index 874e1ce..50ba3f4 100644 |
| 48 |
--- a/.travis.yml |
| 49 |
+++ b/.travis.yml |
| 50 |
@@ -1,46 +1,63 @@ |
| 51 |
-services: docker |
| 52 |
-language: bash |
| 53 |
+language: shell |
| 54 |
env: |
| 55 |
global: |
| 56 |
+ - DOCKER_CLI_EXPERIMENTAL=enabled # required by buildx |
| 57 |
- ORG=gentoo |
| 58 |
- matrix: |
| 59 |
+ jobs: |
| 60 |
- TARGET=portage |
| 61 |
- TARGET=stage3-amd64 |
| 62 |
- TARGET=stage3-amd64-hardened |
| 63 |
- TARGET=stage3-amd64-hardened-nomultilib |
| 64 |
+ - TARGET=stage3-amd64-musl-hardened |
| 65 |
+ - TARGET=stage3-amd64-musl-vanilla |
| 66 |
- TARGET=stage3-amd64-nomultilib |
| 67 |
- TARGET=stage3-amd64-systemd |
| 68 |
- - TARGET=stage3-amd64-musl-vanilla |
| 69 |
- - TARGET=stage3-amd64-musl-hardened |
| 70 |
+ - TARGET=stage3-amd64-uclibc-hardened |
| 71 |
+ - TARGET=stage3-amd64-uclibc-vanilla |
| 72 |
+ - TARGET=stage3-arm64 |
| 73 |
+ - TARGET=stage3-arm64-systemd |
| 74 |
+ - TARGET=stage3-armv5tel |
| 75 |
+ - TARGET=stage3-armv6j_hardfp |
| 76 |
+ - TARGET=stage3-armv7a_hardfp |
| 77 |
+ - TARGET=stage3-ppc64le |
| 78 |
+ - TARGET=stage3-s390x |
| 79 |
- TARGET=stage3-x86 |
| 80 |
- TARGET=stage3-x86-hardened |
| 81 |
- - TARGET=stage3-armv7a |
| 82 |
- TARGET=stage3-x86-musl-vanilla |
| 83 |
- - TARGET=stage3-ppc |
| 84 |
- - TARGET=stage3-ppc64 |
| 85 |
- - TARGET=stage3-ppc64le |
| 86 |
+ - TARGET=stage3-x86-systemd |
| 87 |
+ - TARGET=stage3-x86-uclibc-hardened |
| 88 |
+ - TARGET=stage3-x86-uclibc-vanilla |
| 89 |
|
| 90 |
before_install: |
| 91 |
- # Install latest Docker |
| 92 |
+ # Install latest Docker (>=19.03.0 required by buildx) |
| 93 |
+ # https://docs.travis-ci.com/user/docker/#installing-a-newer-docker-version |
| 94 |
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - |
| 95 |
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" |
| 96 |
- sudo apt-get update -qq |
| 97 |
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce |
| 98 |
- - echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json |
| 99 |
- - sudo apt-get install qemu-user-static binfmt-support |
| 100 |
- - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes |
| 101 |
+ - docker info |
| 102 |
+before_script: |
| 103 |
+ # Create multiarch buildx builder |
| 104 |
+ - docker buildx create --driver docker-container --use |
| 105 |
script: |
| 106 |
- - VERSION="$(date -u +%Y%m%d)" |
| 107 |
- - sudo ./build.sh |
| 108 |
- - if [[ "${TARGET}" == stage* ]]; then |
| 109 |
- sudo docker run -it --rm ${ORG}/${TARGET}:${VERSION} /bin/bash -c "emerge --info" ; |
| 110 |
- fi |
| 111 |
- |
| 112 |
-# Travis is set up to push daily to dockerhub |
| 113 |
+ # Build image |
| 114 |
+ - ./build.sh |
| 115 |
after_success: |
| 116 |
- - if [[ "${TRAVIS_PULL_REQUEST_BRANCH:-${TRAVIS_BRANCH}}" == "master" && "${TRAVIS_EVENT_TYPE}" == "cron" ]]; then |
| 117 |
- VERSION=$(date -u +%Y%m%d); |
| 118 |
- echo "${DOCKER_PASSWORD}" | docker login -u="${DOCKER_USERNAME}" --password-stdin; |
| 119 |
- docker push "${ORG}/${TARGET}:latest"; |
| 120 |
- docker push "${ORG}/${TARGET}:${VERSION}"; |
| 121 |
+ # Inspect built image |
| 122 |
+ - docker image inspect "${ORG}/${TARGET}:latest" |
| 123 |
+ # Run `emerge --info` for stage builds |
| 124 |
+ - | |
| 125 |
+ if [[ "${TARGET}" == stage* ]]; then |
| 126 |
+ # Check if QEMU emulation support is required |
| 127 |
+ if [[ ! "${TARGET}" =~ -(amd64|x86)($|-) ]]; then |
| 128 |
+ # Enable execution of foreign binary formats (i.e., non-amd64/x86) |
| 129 |
+ docker run --rm --privileged multiarch/qemu-user-static --reset -p yes |
| 130 |
+ fi |
| 131 |
+ docker run --rm "${ORG}/${TARGET}:latest" emerge --info |
| 132 |
+ fi |
| 133 |
+ # Push all built images to Docker Hub (cron daily task) |
| 134 |
+ - | |
| 135 |
+ if [[ "${TRAVIS_PULL_REQUEST_BRANCH:-${TRAVIS_BRANCH}}" == "master" && "${TRAVIS_EVENT_TYPE}" == "cron" ]]; then |
| 136 |
+ echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin |
| 137 |
+ docker push "${ORG}/${TARGET}" |
| 138 |
fi |
| 139 |
|
| 140 |
diff --git a/README.md b/README.md |
| 141 |
index eb5eba5..10eba12 100644 |
| 142 |
--- a/README.md |
| 143 |
+++ b/README.md |
| 144 |
@@ -14,19 +14,58 @@ https://hub.docker.com/u/gentoo/ |
| 145 |
|
| 146 |
## Inventory |
| 147 |
|
| 148 |
-* portage |
| 149 |
-* stage3 |
| 150 |
- * stage3-amd64 |
| 151 |
- * stage3-amd64-hardened |
| 152 |
- * stage3-amd64-hardened-nomultilib |
| 153 |
- * stage3-amd64-nomultilib |
| 154 |
- * stage3-amd64-systemd |
| 155 |
- * stage3-x86 |
| 156 |
- * stage3-x86-hardened |
| 157 |
+The following targets are built by Travis (bold targets are also pushed to Docker Hub): |
| 158 |
+ * **`portage`** |
| 159 |
+ * `stage3` |
| 160 |
+ * `amd64` |
| 161 |
+ * **`stage3-amd64`** |
| 162 |
+ * **`stage3-amd64-hardened`** |
| 163 |
+ * **`stage3-amd64-hardened-nomultilib`** |
| 164 |
+ * `stage3-amd64-musl-hardened` |
| 165 |
+ * `stage3-amd64-musl-vanilla` |
| 166 |
+ * **`stage3-amd64-nomultilib`** |
| 167 |
+ * `stage3-amd64-systemd` |
| 168 |
+ * `stage3-amd64-uclibc-hardened` |
| 169 |
+ * `stage3-amd64-uclibc-vanilla` |
| 170 |
+ * `arm64` |
| 171 |
+ * `stage3-arm64` |
| 172 |
+ * `stage3-arm64-systemd` |
| 173 |
+ * `arm` |
| 174 |
+ * `stage3-armv5tel` |
| 175 |
+ * `stage3-armv6j_hardfp` |
| 176 |
+ * `stage3-armv7a_hardfp` |
| 177 |
+ * `ppc` |
| 178 |
+ * `stage3-ppc64le` |
| 179 |
+ * `s390` |
| 180 |
+ * `stage3-s390x` |
| 181 |
+ * `x86` |
| 182 |
+ * **`stage3-x86`** |
| 183 |
+ * **`stage3-x86-hardened`** |
| 184 |
+ * `stage3-x86-musl-vanilla` |
| 185 |
+ * `stage3-x86-systemd` |
| 186 |
+ * `stage3-x86-uclibc-hardened` |
| 187 |
+ * `stage3-x86-uclibc-vanilla` |
| 188 |
+ |
| 189 |
+The following upstream stage3 targets are not built at all (see [rationale](https://github.com/gentoo/gentoo-docker-images/issues/75#issuecomment-680776939)): |
| 190 |
+ * `amd64` |
| 191 |
+ * `stage3-amd64-hardened-selinux` |
| 192 |
+ * `stage3-amd64-hardened-selinux+nomultilib` |
| 193 |
+ * `stage3-x32` |
| 194 |
+ * `arm` |
| 195 |
+ * `stage3-armv4tl` |
| 196 |
+ * `stage3-armv6j` |
| 197 |
+ * `stage3-armv7a` |
| 198 |
+ * `ppc` |
| 199 |
+ * `stage3-ppc` |
| 200 |
+ * `stage3-ppc64` |
| 201 |
+ * `s390` |
| 202 |
+ * `stage3-s390` |
| 203 |
+ * `x86` |
| 204 |
+ * `stage3-i486` |
| 205 |
|
| 206 |
# Building the containers |
| 207 |
|
| 208 |
-The containers are created using a multi-stage build, which requires docker-17.05.0 or later. |
| 209 |
+The containers are created using a multi-stage build, which requires Docker >= 19.03.0. |
| 210 |
The container being built is defined by the TARGET environment variable: |
| 211 |
|
| 212 |
`` TARGET=stage3-amd64 ./build.sh `` |
| 213 |
|
| 214 |
diff --git a/build-multiarch.sh b/build-multiarch.sh |
| 215 |
deleted file mode 100755 |
| 216 |
index bc2fde9..0000000 |
| 217 |
--- a/build-multiarch.sh |
| 218 |
+++ /dev/null |
| 219 |
@@ -1,9 +0,0 @@ |
| 220 |
-#!/bin/bash |
| 221 |
-docker manifest create gentoo/stage3 \ |
| 222 |
- gentoo/stage3-amd64 \ |
| 223 |
- gentoo/stage3-x86 \ |
| 224 |
- gentoo/stage3-armv7a \ |
| 225 |
- gentoo/stage3-amd64 \ |
| 226 |
- gentoo/stage3-ppc \ |
| 227 |
- gentoo/stage3-ppc64 \ |
| 228 |
- gentoo/stage3-ppc64le |
| 229 |
|
| 230 |
diff --git a/build.sh b/build.sh |
| 231 |
index 10651cf..c0100d7 100755 |
| 232 |
--- a/build.sh |
| 233 |
+++ b/build.sh |
| 234 |
@@ -11,32 +11,45 @@ fi |
| 235 |
|
| 236 |
# Split the TARGET variable into three elements separated by hyphens |
| 237 |
IFS=- read -r NAME ARCH SUFFIX <<< "${TARGET}" |
| 238 |
-DOCKER_ARCH="${ARCH}" |
| 239 |
- |
| 240 |
-# Ensure upstream directories for stage3-amd64-hardened+nomultilib work |
| 241 |
-# unless we're building for musl targets (vanilla/hardened) |
| 242 |
-if [[ "${SUFFIX}" != *musl* ]]; then |
| 243 |
- SUFFIX=${SUFFIX/-/+} |
| 244 |
-fi |
| 245 |
|
| 246 |
VERSION=${VERSION:-$(date -u +%Y%m%d)} |
| 247 |
|
| 248 |
ORG=${ORG:-gentoo} |
| 249 |
|
| 250 |
-# x86 requires the i686 subfolder |
| 251 |
-if [[ "${ARCH}" == "x86" ]]; then |
| 252 |
- DOCKER_ARCH="386" |
| 253 |
- MICROARCH="i686" |
| 254 |
- BOOTSTRAP="multiarch/alpine:x86-v3.11" |
| 255 |
-elif [[ "${ARCH}" = ppc* ]]; then |
| 256 |
- MICROARCH="${ARCH}" |
| 257 |
- ARCH=ppc |
| 258 |
-elif [[ "${ARCH}" = arm* ]]; then |
| 259 |
- DOCKER_ARCH=$(echo $ARCH | sed -e 's-\(v.\).*-/\1-g') |
| 260 |
- MICROARCH="${ARCH}" |
| 261 |
- ARCH=arm |
| 262 |
-else |
| 263 |
- MICROARCH="${ARCH}" |
| 264 |
+case $ARCH in |
| 265 |
+ "amd64" | "arm64") |
| 266 |
+ DOCKER_ARCH="${ARCH}" |
| 267 |
+ MICROARCH="${ARCH}" |
| 268 |
+ ;; |
| 269 |
+ "armv"*) |
| 270 |
+ # armv6j_hardfp -> arm/v6 |
| 271 |
+ # armv7a_hardfp -> arm/v7 |
| 272 |
+ DOCKER_ARCH=$(echo "$ARCH" | sed -e 's#arm\(v.\).*#arm/\1#g') |
| 273 |
+ MICROARCH="${ARCH}" |
| 274 |
+ ARCH="arm" |
| 275 |
+ ;; |
| 276 |
+ "ppc64le") |
| 277 |
+ DOCKER_ARCH="${ARCH}" |
| 278 |
+ MICROARCH="${ARCH}" |
| 279 |
+ ARCH="ppc" |
| 280 |
+ ;; |
| 281 |
+ "s390x") |
| 282 |
+ DOCKER_ARCH="${ARCH}" |
| 283 |
+ MICROARCH="${ARCH}" |
| 284 |
+ ARCH="s390" |
| 285 |
+ ;; |
| 286 |
+ "x86") |
| 287 |
+ DOCKER_ARCH="386" |
| 288 |
+ MICROARCH="i686" |
| 289 |
+ ;; |
| 290 |
+ *) # portage |
| 291 |
+ DOCKER_ARCH="amd64" |
| 292 |
+ ;; |
| 293 |
+esac |
| 294 |
+ |
| 295 |
+# Handle targets with special characters in the suffix |
| 296 |
+if [[ "${TARGET}" == "stage3-amd64-hardened-nomultilib" ]]; then |
| 297 |
+ SUFFIX="hardened+nomultilib" |
| 298 |
fi |
| 299 |
|
| 300 |
# Prefix the suffix with a hyphen to make sure the URL works |
| 301 |
@@ -44,8 +57,14 @@ if [[ -n "${SUFFIX}" ]]; then |
| 302 |
SUFFIX="-${SUFFIX}" |
| 303 |
fi |
| 304 |
|
| 305 |
-set -x |
| 306 |
-docker build --build-arg ARCH="${ARCH}" --build-arg MICROARCH="${MICROARCH}" --build-arg BOOTSTRAP="${BOOTSTRAP}" --build-arg SUFFIX="${SUFFIX}" -t "${ORG}/${TARGET}:${VERSION}" -f "${NAME}.Dockerfile" . |
| 307 |
-docker-copyedit/docker-copyedit.py FROM "${ORG}/${TARGET}:${VERSION}" INTO "${ORG}/${TARGET}:${VERSION}" -vv \ |
| 308 |
- set arch ${DOCKER_ARCH} |
| 309 |
-docker tag "${ORG}/${TARGET}:${VERSION}" "${ORG}/${TARGET}:latest" |
| 310 |
+docker buildx build \ |
| 311 |
+ --file "${NAME}.Dockerfile" \ |
| 312 |
+ --build-arg ARCH="${ARCH}" \ |
| 313 |
+ --build-arg MICROARCH="${MICROARCH}" \ |
| 314 |
+ --build-arg SUFFIX="${SUFFIX}" \ |
| 315 |
+ --tag "${ORG}/${TARGET}:latest" \ |
| 316 |
+ --tag "${ORG}/${TARGET}:${VERSION}" \ |
| 317 |
+ --platform "linux/${DOCKER_ARCH}" \ |
| 318 |
+ --progress plain \ |
| 319 |
+ --load \ |
| 320 |
+ . |
| 321 |
|
| 322 |
diff --git a/docker-copyedit b/docker-copyedit |
| 323 |
deleted file mode 160000 |
| 324 |
index ab6bd5d..0000000 |
| 325 |
--- a/docker-copyedit |
| 326 |
+++ /dev/null |
| 327 |
@@ -1 +0,0 @@ |
| 328 |
-Subproject commit ab6bd5d9f5ca3a9ba314e7124c2aac8ad7987a3b |
| 329 |
|
| 330 |
diff --git a/portage.Dockerfile b/portage.Dockerfile |
| 331 |
index 7f51c7e..23261d2 100644 |
| 332 |
--- a/portage.Dockerfile |
| 333 |
+++ b/portage.Dockerfile |
| 334 |
@@ -3,7 +3,7 @@ |
| 335 |
# docker-17.05.0 or later. It fetches a daily snapshot from the official |
| 336 |
# sources and verifies its checksum as well as its gpg signature. |
| 337 |
|
| 338 |
-FROM alpine:3.11 as builder |
| 339 |
+FROM --platform=$BUILDPLATFORM alpine:3.11 as builder |
| 340 |
|
| 341 |
WORKDIR /portage |
| 342 |
|
| 343 |
|
| 344 |
diff --git a/stage3.Dockerfile b/stage3.Dockerfile |
| 345 |
index a9dc594..b9909ee 100644 |
| 346 |
--- a/stage3.Dockerfile |
| 347 |
+++ b/stage3.Dockerfile |
| 348 |
@@ -4,7 +4,7 @@ |
| 349 |
# sources and verifies its checksum as well as its gpg signature. |
| 350 |
|
| 351 |
ARG BOOTSTRAP |
| 352 |
-FROM ${BOOTSTRAP:-alpine:3.11} as builder |
| 353 |
+FROM --platform=$BUILDPLATFORM ${BOOTSTRAP:-alpine:3.11} as builder |
| 354 |
|
| 355 |
WORKDIR /gentoo |
Archives