diff options
author | Manuel Rüger <mrueg@gentoo.org> | 2017-04-24 17:11:23 +0200 |
---|---|---|
committer | Manuel Rüger <manuel@rueg.eu> | 2017-05-07 16:50:28 +0200 |
commit | 64f150f16c0eb0f549dd8381914f7b7e1cdd195b (patch) | |
tree | 9c1f6dbbb31abad3d45ddac2664b24cfbf8ef264 /portage.Dockerfile | |
parent | Merge pull request #36 from mrueg/rc_sys (diff) | |
download | docker-images-64f150f16c0eb0f549dd8381914f7b7e1cdd195b.tar.gz docker-images-64f150f16c0eb0f549dd8381914f7b7e1cdd195b.tar.bz2 docker-images-64f150f16c0eb0f549dd8381914f7b7e1cdd195b.zip |
Utilize multi-stage builds
* Multi-Stage builds (docker-engine >=17.05.0 required)
* Bootstrap image changed from busybox to alpine
* Verifies the GPG signatures during bootstrap
* Single build.sh to define builds via a TARGET environment variable
* Add x86-hardened
* Travis CI integration
Diffstat (limited to 'portage.Dockerfile')
-rw-r--r-- | portage.Dockerfile | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/portage.Dockerfile b/portage.Dockerfile new file mode 100644 index 0000000..19de08e --- /dev/null +++ b/portage.Dockerfile @@ -0,0 +1,32 @@ +# This Dockerfile creates a portage snapshot that can be mounted as a +# container volume. It utilizes a multi-stage build and requires +# docker-17.05.0 or later. It fetches a daily snapshot from the official +# sources and verifies its checksum as well as its gpg signature. + +# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools +# to fetch the signing key. + +FROM alpine:3.5 as builder + +WORKDIR /portage + +ARG SNAPSHOT="portage-latest.tar.xz" +ARG DIST="http://distfiles.gentoo.org/snapshots" +ARG SIGNING_KEY="0xEC590EEAC9189250" + +RUN apk add --no-cache gnupg tar wget xz \ + && wget -q -c "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \ + && gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \ + && gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \ + || gpg --keyserver keys.gnupg.net --recv-keys ${SIGNING_KEY} \ + || gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys ${SIGNING_KEY} \ + && md5sum -c ${SNAPSHOT}.md5sum \ + && mkdir -p usr/portage/distfiles usr/portage/packages \ + && tar xJpf ${SNAPSHOT} -C usr \ + && rm ${SNAPSHOT} ${SNAPSHOT}.gpgsig ${SNAPSHOT}.md5sum + +FROM scratch + +WORKDIR / + +COPY --from=builder /portage/ / |