diff options
author | Konstantinos Smanis <konstantinos.smanis@gmail.com> | 2021-08-04 23:35:41 +0300 |
---|---|---|
committer | Alexys Jacob <ultrabug@gentoo.org> | 2021-08-20 20:05:13 +0200 |
commit | 7d477af788c1b206bd22d1268ed75e842d3fe00e (patch) | |
tree | 9f4a9a089f76c79d1d9e2d92148701b25a7deff5 | |
parent | Add support for systemd and musl-hardened profiles to ppc64le. (diff) | |
download | docker-images-7d477af788c1b206bd22d1268ed75e842d3fe00e.tar.gz docker-images-7d477af788c1b206bd22d1268ed75e842d3fe00e.tar.bz2 docker-images-7d477af788c1b206bd22d1268ed75e842d3fe00e.zip |
Update stage3 targets
Closes: #109
Signed-off-by: Konstantinos Smanis <konstantinos.smanis@gmail.com>
Closes: https://github.com/gentoo/gentoo-docker-images/pull/108
Signed-off-by: Alexys Jacob <ultrabug@gentoo.org>
-rw-r--r-- | .github/workflows/build.yml | 38 | ||||
-rw-r--r-- | README.md | 94 | ||||
-rwxr-xr-x | build.sh | 16 | ||||
-rwxr-xr-x | deploy.sh | 71 |
4 files changed, 131 insertions, 88 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0f7349b..a5ec941 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,30 +16,34 @@ jobs: matrix: target: - portage - - stage3-amd64 - - stage3-amd64-hardened - - stage3-amd64-hardened-nomultilib + - stage3-amd64-hardened-nomultilib-openrc + - stage3-amd64-hardened-openrc + - stage3-amd64-musl - stage3-amd64-musl-hardened - - stage3-amd64-musl-vanilla - - stage3-amd64-nomultilib + - stage3-amd64-nomultilib-openrc + - stage3-amd64-nomultilib-systemd + - stage3-amd64-openrc - stage3-amd64-systemd - - stage3-amd64-uclibc-hardened - - stage3-amd64-uclibc-vanilla - - stage3-arm64 - - stage3-arm64-systemd - stage3-armv5tel + - stage3-armv5tel-systemd + - stage3-armv6j + - stage3-armv6j-systemd - stage3-armv6j_hardfp + - stage3-armv6j_hardfp-systemd + - stage3-armv7a + - stage3-armv7a-systemd - stage3-armv7a_hardfp - - stage3-ppc64le - - stage3-ppc64le-musl-hardened + - stage3-armv7a_hardfp-systemd + - stage3-arm64 + - stage3-arm64-systemd + - stage3-i686-hardened-openrc + - stage3-i686-musl + - stage3-i686-openrc + - stage3-i686-systemd + - stage3-ppc64le-musl-hardened-openrc + - stage3-ppc64le-openrc - stage3-ppc64le-systemd - stage3-s390x - - stage3-x86 - - stage3-x86-hardened - - stage3-x86-musl-vanilla - - stage3-x86-systemd - - stage3-x86-uclibc-hardened - - stage3-x86-uclibc-vanilla name: ${{ matrix.target }} runs-on: ubuntu-latest env: @@ -18,50 +18,86 @@ The following targets are built and pushed to Docker Hub: * `portage` * `stage3` * `amd64` - * `stage3-amd64` - * `stage3-amd64-hardened` - * `stage3-amd64-hardened-nomultilib` + * `stage3-amd64-hardened-nomultilib-openrc` + * `stage3-amd64-hardened-openrc` + * `stage3-amd64-musl` * `stage3-amd64-musl-hardened` - * `stage3-amd64-musl-vanilla` - * `stage3-amd64-nomultilib` + * `stage3-amd64-nomultilib-openrc` + * `stage3-amd64-nomultilib-systemd` + * `stage3-amd64-openrc` * `stage3-amd64-systemd` - * `stage3-amd64-uclibc-hardened` - * `stage3-amd64-uclibc-vanilla` - * `arm64` - * `stage3-arm64` - * `stage3-arm64-systemd` * `arm` * `stage3-armv5tel` + * `stage3-armv5tel-systemd` + * `stage3-armv6j` + * `stage3-armv6j-systemd` * `stage3-armv6j_hardfp` + * `stage3-armv6j_hardfp-systemd` + * `stage3-armv7a` + * `stage3-armv7a-systemd` * `stage3-armv7a_hardfp` + * `stage3-armv7a_hardfp-systemd` + * `arm64` + * `stage3-arm64` + * `stage3-arm64-systemd` * `ppc` - * `stage3-ppc64le` + * `stage3-ppc64le-musl-hardened-openrc` + * `stage3-ppc64le-openrc` + * `stage3-ppc64le-systemd` * `s390` * `stage3-s390x` * `x86` - * `stage3-x86` - * `stage3-x86-hardened` - * `stage3-x86-musl-vanilla` - * `stage3-x86-systemd` - * `stage3-x86-uclibc-hardened` - * `stage3-x86-uclibc-vanilla` - -The following upstream stage3 targets are not built at all (see [rationale](https://github.com/gentoo/gentoo-docker-images/issues/75#issuecomment-680776939)): + * `stage3-i686-hardened-openrc` + * `stage3-i686-musl` + * `stage3-i686-openrc` + * `stage3-i686-systemd` + +The following upstream stage3 targets are not built at all: * `amd64` - * `stage3-amd64-hardened-selinux` - * `stage3-amd64-hardened-selinux+nomultilib` - * `stage3-x32` + * `stage3-amd64` [[deprecated](#deprecated)] + * `stage3-amd64-hardened` [[deprecated](#deprecated)] + * `stage3-amd64-hardened+nomultilib` [[deprecated](#deprecated)] + * `stage3-amd64-hardened-selinux` [[deprecated](#deprecated), [selinux](#selinux)] + * `stage3-amd64-hardened-selinux+nomultilib` [[deprecated](#deprecated), [selinux](#selinux)] + * `stage3-amd64-hardened-selinux-openrc` [[selinux](#selinux)] + * `stage3-amd64-musl-vanilla` [[deprecated](#deprecated)] + * `stage3-amd64-nomultilib` [[deprecated](#deprecated)] + * `stage3-amd64-nomultilib-selinux-openrc` [[selinux](#selinux)] + * `stage3-amd64-uclibc-hardened` [[deprecated](#deprecated)] + * `stage3-amd64-uclibc-vanilla` [[deprecated](#deprecated)] + * `stage3-x32` [[deprecated](#deprecated), [unsupported](#unsupported)] + * `stage3-x32-openrc` [[unsupported](#unsupported)] * `arm` - * `stage3-armv4tl` - * `stage3-armv6j` - * `stage3-armv7a` + * `stage3-armv4tl` [[unsupported](#unsupported)] + * `stage3-armv4tl-systemd` [[unsupported](#unsupported)] * `ppc` - * `stage3-ppc` - * `stage3-ppc64` + * `stage3-power9le-openrc` [[unsupported](#unsupported)] + * `stage3-power9le-systemd` [[unsupported](#unsupported)] + * `stage3-ppc` [[deprecated](#deprecated), [unsupported](#unsupported)] + * `stage3-ppc-openrc` [[unsupported](#unsupported)] + * `stage3-ppc64` [[deprecated](#deprecated), [unsupported](#unsupported)] + * `stage3-ppc64-musl-hardened` [[deprecated](#deprecated), [unsupported](#unsupported)] + * `stage3-ppc64-musl-hardened-openrc` [[unsupported](#unsupported)] + * `stage3-ppc64-openrc` [[unsupported](#unsupported)] + * `stage3-ppc64-systemd` [[unsupported](#unsupported)] + * `stage3-ppc64le` [[deprecated](#deprecated)] + * `stage3-ppc64le-musl-hardened` [[deprecated](#deprecated)] * `s390` - * `stage3-s390` + * `stage3-s390` [[unsupported](#unsupported)] * `x86` - * `stage3-i486` + * `stage3-i486` [[deprecated](#deprecated), [unsupported](#unsupported)] + * `stage3-i486-openrc` [[unsupported](#unsupported)] + * `stage3-i686` [[deprecated](#deprecated)] + * `stage3-i686-hardened` [[deprecated](#deprecated)] + * `stage3-i686-musl-vanilla` [[deprecated](#deprecated)] + * `stage3-i686-uclibc-hardened` [[deprecated](#deprecated)] + * `stage3-i686-uclibc-vanilla` [[deprecated](#deprecated)] + +<a name="deprecated">[deprecated]</a>: Deprecated stage3 target + +<a name="selinux">[selinux]</a>: [SELinux doesn't seem to make sense inside containers](https://serverfault.com/q/757606/) + +<a name="unsupported">[unsupported]</a>: [Unsupported Docker architecture](https://github.com/docker-library/official-images#architectures-other-than-amd64) # Building the containers @@ -5,7 +5,7 @@ # Example usage: TARGET=stage3-amd64 ./build.sh if [[ -z "$TARGET" ]]; then - echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64." + echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64-openrc." exit 1 fi @@ -33,6 +33,11 @@ case $ARCH in MICROARCH="${ARCH}" ARCH="arm" ;; + "i686") + DOCKER_ARCH="386" + MICROARCH="${ARCH}" + ARCH="x86" + ;; "ppc64le") DOCKER_ARCH="${ARCH}" MICROARCH="${ARCH}" @@ -43,20 +48,11 @@ case $ARCH in MICROARCH="${ARCH}" ARCH="s390" ;; - "x86") - DOCKER_ARCH="386" - MICROARCH="i686" - ;; *) # portage DOCKER_ARCH="amd64" ;; esac -# Handle targets with special characters in the suffix -if [[ "${TARGET}" == "stage3-amd64-hardened-nomultilib" ]]; then - SUFFIX="hardened+nomultilib" -fi - # Prefix the suffix with a hyphen to make sure the URL works if [[ -n "${SUFFIX}" ]]; then SUFFIX="-${SUFFIX}" @@ -1,60 +1,67 @@ #!/bin/bash if [[ -z "$TARGET" ]]; then - echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64." + echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64-openrc." exit 1 fi # Split the TARGET variable into three elements separated by hyphens IFS=- read -r NAME ARCH SUFFIX <<< "${TARGET}" +VERSION=${VERSION:-$(date -u +%Y%m%d)} + +ORG=${ORG:-gentoo} + # Push built images docker push --all-tags "${ORG}/${NAME}" -if [[ "${TARGET}" != stage* ]]; then +declare -A MANIFEST_TAGS=( + [stage3:latest]="amd64-openrc;armv5tel;armv6j_hardfp;armv7a_hardfp;arm64;i686-openrc;ppc64le-openrc;s390x" + [stage3:hardened]="amd64-hardened-openrc;i686-hardened-openrc" + [stage3:hardened-nomultilib]="amd64-hardened-nomultilib-openrc" + [stage3:musl]="amd64-musl;i686-musl" + [stage3:musl-hardened]="amd64-musl-hardened;ppc64le-musl-hardened-openrc" + [stage3:nomultilib]="amd64-nomultilib-openrc" + [stage3:nomultilib-systemd]="amd64-nomultilib-systemd" + [stage3:systemd]="amd64-systemd;armv5tel-systemd;armv6j_hardfp-systemd;armv7a_hardfp-systemd;arm64-systemd;i686-systemd;ppc64le-systemd" +) + +# Find latest manifest +TAG="${ARCH}${SUFFIX:+-${SUFFIX}}" +for MANIFEST in "${!MANIFEST_TAGS[@]}"; do + if [[ "${MANIFEST_TAGS[${MANIFEST}]}" =~ (^|;)"${TAG}"(;|$) ]]; then + IFS=';' read -ra TAGS <<< "${MANIFEST_TAGS[${MANIFEST}]}" + break + fi +done +if [[ -z "${TAGS+x}" ]]; then echo "Done! No manifests to push for TARGET=${TARGET}." exit 0 fi -VERSION=${VERSION:-$(date -u +%Y%m%d)} - -declare -A MANIFEST_ARCHES=( - [stage3:latest]="amd64;arm64;armv5tel;armv6j_hardfp;armv7a_hardfp;ppc64le;s390x;x86" - [stage3:hardened]="amd64;x86" - [stage3:hardened-nomultilib]="amd64" - [stage3:musl-hardened]="amd64;ppc64le" - [stage3:musl-vanilla]="amd64;x86" - [stage3:nomultilib]="amd64" - [stage3:systemd]="amd64;arm64;x86;ppc64le" - [stage3:uclibc-hardened]="amd64;x86" - [stage3:uclibc-vanilla]="amd64;x86" -) - # Latest manifests -MANIFEST="${NAME}:${SUFFIX:-latest}" -IFS=';' read -ra ARCHES <<< "${MANIFEST_ARCHES[${MANIFEST}]}" - -TAGS=() -for ARCH in "${ARCHES[@]}"; do - TAG="${ORG}/${NAME}:${ARCH}${SUFFIX:+-${SUFFIX}}" - if docker manifest inspect "${TAG}" 1>/dev/null 2>&1; then - TAGS+=("${TAG}") +IMAGES=() +for TAG in "${TAGS[@]}"; do + IMAGE="${ORG}/${NAME}:${TAG}" + if docker manifest inspect "${IMAGE}" &>/dev/null; then + IMAGES+=("${IMAGE}") fi done -docker manifest create "${ORG}/${MANIFEST}" "${TAGS[@]}" +docker manifest create "${ORG}/${MANIFEST}" "${IMAGES[@]}" docker manifest push "${ORG}/${MANIFEST}" # Dated manifests -MANIFEST="${NAME}:${SUFFIX:+${SUFFIX}-}${VERSION}" +MANIFEST="${MANIFEST}-${VERSION}" +MANIFEST="${MANIFEST/:latest-/:}" # Remove "latest" tag prefix -TAGS=() -for ARCH in "${ARCHES[@]}"; do - TAG="${ORG}/${NAME}:${ARCH}${SUFFIX:+-${SUFFIX}}-${VERSION}" - if docker manifest inspect "${TAG}" 1>/dev/null 2>&1; then - TAGS+=("${TAG}") +IMAGES=() +for TAG in "${TAGS[@]}"; do + IMAGE="${ORG}/${NAME}:${TAG}-${VERSION}" + if docker manifest inspect "${IMAGE}" &>/dev/null; then + IMAGES+=("${IMAGE}") fi done -docker manifest create "${ORG}/${MANIFEST}" "${TAGS[@]}" +docker manifest create "${ORG}/${MANIFEST}" "${IMAGES[@]}" docker manifest push "${ORG}/${MANIFEST}" |