blob: 2358d927a3a398f24529766ef6f2316d82a1d75b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
# This Dockerfile creates a gentoo stage3 container image. By default it
# creates a stage3-amd64 image. It utilizes a multi-stage build and requires
# docker-17.05.0 or later. It fetches a daily snapshot from the official
# sources and verifies its checksum as well as its gpg signature.
# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools
# to fetch the signing key.
ARG BOOTSTRAP
FROM ${BOOTSTRAP:-alpine:3.7} as builder
WORKDIR /gentoo
ARG ARCH=amd64
ARG MICROARCH=amd64
ARG SUFFIX
ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/releases/${ARCH}/autobuilds/"
ARG SIGNING_KEY="0xBB572E0E2D182910"
RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" \
&& apk --no-cache add gnupg tar wget \
&& STAGE3PATH="$(wget -q -O- "${DIST}/latest-stage3-${MICROARCH}${SUFFIX}.txt" | tail -n 1 | cut -f 1 -d ' ')" \
&& STAGE3="$(basename ${STAGE3PATH})" \
&& wget -q -c "${DIST}/${STAGE3PATH}" "${DIST}/${STAGE3PATH}.CONTENTS" "${DIST}/${STAGE3PATH}.DIGESTS.asc" \
&& gpg --list-keys \
&& echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \
&& echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \
&& gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \
|| gpg --keyserver keys.gnupg.net --recv-keys ${SIGNING_KEY} \
|| gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys ${SIGNING_KEY} \
&& gpg --verify "${STAGE3}.DIGESTS.asc" \
&& awk '/# SHA512 HASH/{getline; print}' ${STAGE3}.DIGESTS.asc | sha512sum -c \
&& tar xjpf "${STAGE3}" --xattrs --numeric-owner \
&& sed -i -e 's/#rc_sys=""/rc_sys="docker"/g' etc/rc.conf \
&& echo 'UTC' > etc/timezone \
&& rm ${STAGE3}.DIGESTS.asc ${STAGE3}.CONTENTS ${STAGE3}
FROM scratch
WORKDIR /
COPY --from=builder /gentoo/ /
CMD ["/bin/bash"]
|
GitWeb
