Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKonstantinos Smanis <konstantinos.smanis@gmail.com>2021-08-04 23:35:41 +0300
committerAlexys Jacob <ultrabug@gentoo.org>2021-08-20 20:05:13 +0200
commit7d477af788c1b206bd22d1268ed75e842d3fe00e (patch)
tree9f4a9a089f76c79d1d9e2d92148701b25a7deff5
parentAdd support for systemd and musl-hardened profiles to ppc64le. (diff)
downloaddocker-images-7d477af788c1b206bd22d1268ed75e842d3fe00e.tar.gz
docker-images-7d477af788c1b206bd22d1268ed75e842d3fe00e.tar.bz2
docker-images-7d477af788c1b206bd22d1268ed75e842d3fe00e.zip
Update stage3 targets
Closes: #109 Signed-off-by: Konstantinos Smanis <konstantinos.smanis@gmail.com> Closes: https://github.com/gentoo/gentoo-docker-images/pull/108 Signed-off-by: Alexys Jacob <ultrabug@gentoo.org>
Diffstat
-rw-r--r--.github/workflows/build.yml38
-rw-r--r--README.md94
-rwxr-xr-xbuild.sh16
-rwxr-xr-xdeploy.sh71
4 files changed, 131 insertions, 88 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0f7349b..a5ec941 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,30 +16,34 @@ jobs:
matrix:
target:
- portage
- - stage3-amd64
- - stage3-amd64-hardened
- - stage3-amd64-hardened-nomultilib
+ - stage3-amd64-hardened-nomultilib-openrc
+ - stage3-amd64-hardened-openrc
+ - stage3-amd64-musl
- stage3-amd64-musl-hardened
- - stage3-amd64-musl-vanilla
- - stage3-amd64-nomultilib
+ - stage3-amd64-nomultilib-openrc
+ - stage3-amd64-nomultilib-systemd
+ - stage3-amd64-openrc
- stage3-amd64-systemd
- - stage3-amd64-uclibc-hardened
- - stage3-amd64-uclibc-vanilla
- - stage3-arm64
- - stage3-arm64-systemd
- stage3-armv5tel
+ - stage3-armv5tel-systemd
+ - stage3-armv6j
+ - stage3-armv6j-systemd
- stage3-armv6j_hardfp
+ - stage3-armv6j_hardfp-systemd
+ - stage3-armv7a
+ - stage3-armv7a-systemd
- stage3-armv7a_hardfp
- - stage3-ppc64le
- - stage3-ppc64le-musl-hardened
+ - stage3-armv7a_hardfp-systemd
+ - stage3-arm64
+ - stage3-arm64-systemd
+ - stage3-i686-hardened-openrc
+ - stage3-i686-musl
+ - stage3-i686-openrc
+ - stage3-i686-systemd
+ - stage3-ppc64le-musl-hardened-openrc
+ - stage3-ppc64le-openrc
- stage3-ppc64le-systemd
- stage3-s390x
- - stage3-x86
- - stage3-x86-hardened
- - stage3-x86-musl-vanilla
- - stage3-x86-systemd
- - stage3-x86-uclibc-hardened
- - stage3-x86-uclibc-vanilla
name: ${{ matrix.target }}
runs-on: ubuntu-latest
env:
diff --git a/README.md b/README.md
index 651b940..b474e04 100644
--- a/README.md
+++ b/README.md
@@ -18,50 +18,86 @@ The following targets are built and pushed to Docker Hub:
* `portage`
* `stage3`
* `amd64`
- * `stage3-amd64`
- * `stage3-amd64-hardened`
- * `stage3-amd64-hardened-nomultilib`
+ * `stage3-amd64-hardened-nomultilib-openrc`
+ * `stage3-amd64-hardened-openrc`
+ * `stage3-amd64-musl`
* `stage3-amd64-musl-hardened`
- * `stage3-amd64-musl-vanilla`
- * `stage3-amd64-nomultilib`
+ * `stage3-amd64-nomultilib-openrc`
+ * `stage3-amd64-nomultilib-systemd`
+ * `stage3-amd64-openrc`
* `stage3-amd64-systemd`
- * `stage3-amd64-uclibc-hardened`
- * `stage3-amd64-uclibc-vanilla`
- * `arm64`
- * `stage3-arm64`
- * `stage3-arm64-systemd`
* `arm`
* `stage3-armv5tel`
+ * `stage3-armv5tel-systemd`
+ * `stage3-armv6j`
+ * `stage3-armv6j-systemd`
* `stage3-armv6j_hardfp`
+ * `stage3-armv6j_hardfp-systemd`
+ * `stage3-armv7a`
+ * `stage3-armv7a-systemd`
* `stage3-armv7a_hardfp`
+ * `stage3-armv7a_hardfp-systemd`
+ * `arm64`
+ * `stage3-arm64`
+ * `stage3-arm64-systemd`
* `ppc`
- * `stage3-ppc64le`
+ * `stage3-ppc64le-musl-hardened-openrc`
+ * `stage3-ppc64le-openrc`
+ * `stage3-ppc64le-systemd`
* `s390`
* `stage3-s390x`
* `x86`
- * `stage3-x86`
- * `stage3-x86-hardened`
- * `stage3-x86-musl-vanilla`
- * `stage3-x86-systemd`
- * `stage3-x86-uclibc-hardened`
- * `stage3-x86-uclibc-vanilla`
-
-The following upstream stage3 targets are not built at all (see [rationale](https://github.com/gentoo/gentoo-docker-images/issues/75#issuecomment-680776939)):
+ * `stage3-i686-hardened-openrc`
+ * `stage3-i686-musl`
+ * `stage3-i686-openrc`
+ * `stage3-i686-systemd`
+
+The following upstream stage3 targets are not built at all:
* `amd64`
- * `stage3-amd64-hardened-selinux`
- * `stage3-amd64-hardened-selinux+nomultilib`
- * `stage3-x32`
+ * `stage3-amd64` [[deprecated](#deprecated)]
+ * `stage3-amd64-hardened` [[deprecated](#deprecated)]
+ * `stage3-amd64-hardened+nomultilib` [[deprecated](#deprecated)]
+ * `stage3-amd64-hardened-selinux` [[deprecated](#deprecated), [selinux](#selinux)]
+ * `stage3-amd64-hardened-selinux+nomultilib` [[deprecated](#deprecated), [selinux](#selinux)]
+ * `stage3-amd64-hardened-selinux-openrc` [[selinux](#selinux)]
+ * `stage3-amd64-musl-vanilla` [[deprecated](#deprecated)]
+ * `stage3-amd64-nomultilib` [[deprecated](#deprecated)]
+ * `stage3-amd64-nomultilib-selinux-openrc` [[selinux](#selinux)]
+ * `stage3-amd64-uclibc-hardened` [[deprecated](#deprecated)]
+ * `stage3-amd64-uclibc-vanilla` [[deprecated](#deprecated)]
+ * `stage3-x32` [[deprecated](#deprecated), [unsupported](#unsupported)]
+ * `stage3-x32-openrc` [[unsupported](#unsupported)]
* `arm`
- * `stage3-armv4tl`
- * `stage3-armv6j`
- * `stage3-armv7a`
+ * `stage3-armv4tl` [[unsupported](#unsupported)]
+ * `stage3-armv4tl-systemd` [[unsupported](#unsupported)]
* `ppc`
- * `stage3-ppc`
- * `stage3-ppc64`
+ * `stage3-power9le-openrc` [[unsupported](#unsupported)]
+ * `stage3-power9le-systemd` [[unsupported](#unsupported)]
+ * `stage3-ppc` [[deprecated](#deprecated), [unsupported](#unsupported)]
+ * `stage3-ppc-openrc` [[unsupported](#unsupported)]
+ * `stage3-ppc64` [[deprecated](#deprecated), [unsupported](#unsupported)]
+ * `stage3-ppc64-musl-hardened` [[deprecated](#deprecated), [unsupported](#unsupported)]
+ * `stage3-ppc64-musl-hardened-openrc` [[unsupported](#unsupported)]
+ * `stage3-ppc64-openrc` [[unsupported](#unsupported)]
+ * `stage3-ppc64-systemd` [[unsupported](#unsupported)]
+ * `stage3-ppc64le` [[deprecated](#deprecated)]
+ * `stage3-ppc64le-musl-hardened` [[deprecated](#deprecated)]
* `s390`
- * `stage3-s390`
+ * `stage3-s390` [[unsupported](#unsupported)]
* `x86`
- * `stage3-i486`
+ * `stage3-i486` [[deprecated](#deprecated), [unsupported](#unsupported)]
+ * `stage3-i486-openrc` [[unsupported](#unsupported)]
+ * `stage3-i686` [[deprecated](#deprecated)]
+ * `stage3-i686-hardened` [[deprecated](#deprecated)]
+ * `stage3-i686-musl-vanilla` [[deprecated](#deprecated)]
+ * `stage3-i686-uclibc-hardened` [[deprecated](#deprecated)]
+ * `stage3-i686-uclibc-vanilla` [[deprecated](#deprecated)]
+
+<a name="deprecated">[deprecated]</a>: Deprecated stage3 target
+
+<a name="selinux">[selinux]</a>: [SELinux doesn't seem to make sense inside containers](https://serverfault.com/q/757606/)
+
+<a name="unsupported">[unsupported]</a>: [Unsupported Docker architecture](https://github.com/docker-library/official-images#architectures-other-than-amd64)
# Building the containers
diff --git a/build.sh b/build.sh
index c3979a3..f17641b 100755
--- a/build.sh
+++ b/build.sh
@@ -5,7 +5,7 @@
# Example usage: TARGET=stage3-amd64 ./build.sh
if [[ -z "$TARGET" ]]; then
- echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64."
+ echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64-openrc."
exit 1
fi
@@ -33,6 +33,11 @@ case $ARCH in
MICROARCH="${ARCH}"
ARCH="arm"
;;
+ "i686")
+ DOCKER_ARCH="386"
+ MICROARCH="${ARCH}"
+ ARCH="x86"
+ ;;
"ppc64le")
DOCKER_ARCH="${ARCH}"
MICROARCH="${ARCH}"
@@ -43,20 +48,11 @@ case $ARCH in
MICROARCH="${ARCH}"
ARCH="s390"
;;
- "x86")
- DOCKER_ARCH="386"
- MICROARCH="i686"
- ;;
*) # portage
DOCKER_ARCH="amd64"
;;
esac
-# Handle targets with special characters in the suffix
-if [[ "${TARGET}" == "stage3-amd64-hardened-nomultilib" ]]; then
- SUFFIX="hardened+nomultilib"
-fi
-
# Prefix the suffix with a hyphen to make sure the URL works
if [[ -n "${SUFFIX}" ]]; then
SUFFIX="-${SUFFIX}"
diff --git a/deploy.sh b/deploy.sh
index 0a49525..877c6eb 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -1,60 +1,67 @@
#!/bin/bash
if [[ -z "$TARGET" ]]; then
- echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64."
+ echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64-openrc."
exit 1
fi
# Split the TARGET variable into three elements separated by hyphens
IFS=- read -r NAME ARCH SUFFIX <<< "${TARGET}"
+VERSION=${VERSION:-$(date -u +%Y%m%d)}
+
+ORG=${ORG:-gentoo}
+
# Push built images
docker push --all-tags "${ORG}/${NAME}"
-if [[ "${TARGET}" != stage* ]]; then
+declare -A MANIFEST_TAGS=(
+ [stage3:latest]="amd64-openrc;armv5tel;armv6j_hardfp;armv7a_hardfp;arm64;i686-openrc;ppc64le-openrc;s390x"
+ [stage3:hardened]="amd64-hardened-openrc;i686-hardened-openrc"
+ [stage3:hardened-nomultilib]="amd64-hardened-nomultilib-openrc"
+ [stage3:musl]="amd64-musl;i686-musl"
+ [stage3:musl-hardened]="amd64-musl-hardened;ppc64le-musl-hardened-openrc"
+ [stage3:nomultilib]="amd64-nomultilib-openrc"
+ [stage3:nomultilib-systemd]="amd64-nomultilib-systemd"
+ [stage3:systemd]="amd64-systemd;armv5tel-systemd;armv6j_hardfp-systemd;armv7a_hardfp-systemd;arm64-systemd;i686-systemd;ppc64le-systemd"
+)
+
+# Find latest manifest
+TAG="${ARCH}${SUFFIX:+-${SUFFIX}}"
+for MANIFEST in "${!MANIFEST_TAGS[@]}"; do
+ if [[ "${MANIFEST_TAGS[${MANIFEST}]}" =~ (^|;)"${TAG}"(;|$) ]]; then
+ IFS=';' read -ra TAGS <<< "${MANIFEST_TAGS[${MANIFEST}]}"
+ break
+ fi
+done
+if [[ -z "${TAGS+x}" ]]; then
echo "Done! No manifests to push for TARGET=${TARGET}."
exit 0
fi
-VERSION=${VERSION:-$(date -u +%Y%m%d)}
-
-declare -A MANIFEST_ARCHES=(
- [stage3:latest]="amd64;arm64;armv5tel;armv6j_hardfp;armv7a_hardfp;ppc64le;s390x;x86"
- [stage3:hardened]="amd64;x86"
- [stage3:hardened-nomultilib]="amd64"
- [stage3:musl-hardened]="amd64;ppc64le"
- [stage3:musl-vanilla]="amd64;x86"
- [stage3:nomultilib]="amd64"
- [stage3:systemd]="amd64;arm64;x86;ppc64le"
- [stage3:uclibc-hardened]="amd64;x86"
- [stage3:uclibc-vanilla]="amd64;x86"
-)
-
# Latest manifests
-MANIFEST="${NAME}:${SUFFIX:-latest}"
-IFS=';' read -ra ARCHES <<< "${MANIFEST_ARCHES[${MANIFEST}]}"
-
-TAGS=()
-for ARCH in "${ARCHES[@]}"; do
- TAG="${ORG}/${NAME}:${ARCH}${SUFFIX:+-${SUFFIX}}"
- if docker manifest inspect "${TAG}" 1>/dev/null 2>&1; then
- TAGS+=("${TAG}")
+IMAGES=()
+for TAG in "${TAGS[@]}"; do
+ IMAGE="${ORG}/${NAME}:${TAG}"
+ if docker manifest inspect "${IMAGE}" &>/dev/null; then
+ IMAGES+=("${IMAGE}")
fi
done
-docker manifest create "${ORG}/${MANIFEST}" "${TAGS[@]}"
+docker manifest create "${ORG}/${MANIFEST}" "${IMAGES[@]}"
docker manifest push "${ORG}/${MANIFEST}"
# Dated manifests
-MANIFEST="${NAME}:${SUFFIX:+${SUFFIX}-}${VERSION}"
+MANIFEST="${MANIFEST}-${VERSION}"
+MANIFEST="${MANIFEST/:latest-/:}" # Remove "latest" tag prefix
-TAGS=()
-for ARCH in "${ARCHES[@]}"; do
- TAG="${ORG}/${NAME}:${ARCH}${SUFFIX:+-${SUFFIX}}-${VERSION}"
- if docker manifest inspect "${TAG}" 1>/dev/null 2>&1; then
- TAGS+=("${TAG}")
+IMAGES=()
+for TAG in "${TAGS[@]}"; do
+ IMAGE="${ORG}/${NAME}:${TAG}-${VERSION}"
+ if docker manifest inspect "${IMAGE}" &>/dev/null; then
+ IMAGES+=("${IMAGE}")
fi
done
-docker manifest create "${ORG}/${MANIFEST}" "${TAGS[@]}"
+docker manifest create "${ORG}/${MANIFEST}" "${IMAGES[@]}"
docker manifest push "${ORG}/${MANIFEST}"