Further work on build script
This commit is contained in:
parent
5523a823e0
commit
715c934116
GPG Key ID:
5FE0CB25945EFAA2
@ -2,15 +2,47 @@
|
|||||||
|
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
|
|
||||||
mkdir -p /artifacts/dist
|
# Clean build dir and remake
|
||||||
export EPREFIX="/build/artifacts/dist"
|
rm -rf /build/artifacts/*
|
||||||
|
mkdir -p /build/artifacts/dist
|
||||||
|
|
||||||
rm -f /var/db/repos/gentoo/metadata/timestamp.chk
|
# Gentoo setup
|
||||||
emerge --sync --quiet
|
mkdir -p /var/db/repos/gentoo
|
||||||
eselect profile list | grep hardened
|
rm -f /var/db/repos/gentoo/metadata/timestamp.x
|
||||||
|
emerge-webrsync --quiet
|
||||||
eselect profile set default/linux/amd64/23.0/musl/hardened/selinux
|
eselect profile set default/linux/amd64/23.0/musl/hardened/selinux
|
||||||
|
|
||||||
|
# SquashFS tools needed for image generation
|
||||||
|
emerge squashfstools
|
||||||
|
|
||||||
|
# Copy in package list
|
||||||
mkdir -p /etc/portage/sets
|
mkdir -p /etc/portage/sets
|
||||||
cp /build/packages.txt /etc/portage/sets/halogenos
|
cp /build/packages.txt /etc/portage/sets/halogenos
|
||||||
|
|
||||||
emerge @halogenos
|
# Set install location
|
||||||
|
export ROOT="/build/artifacts/dist"
|
||||||
|
|
||||||
|
# Emerge all packages
|
||||||
|
emerge -j $(nproc) --quiet @halogenos
|
||||||
|
|
||||||
|
# Fix directory locations
|
||||||
|
mv /build/artifacts/dist/bin /build/artifacts/dist/usr/bin
|
||||||
|
mv /build/artifacts/dist/lib /build/artifacts/dist/usr/lib
|
||||||
|
mv /build/artifacts/dist/sbin /build/artifacts/dist/usr/sbin
|
||||||
|
|
||||||
|
# Include any additional files
|
||||||
|
|
||||||
|
# Make any additional config changes
|
||||||
|
|
||||||
|
# Create images dir and img files
|
||||||
|
mkdir -p /build/artifacts/images
|
||||||
|
dd if=/dev/zero of=/build/images/usr.img bs=1 count=0 seek=2G
|
||||||
|
dd if=/dev/zero of=/build/images/verity.img bs=1 count=0 seek=2000M
|
||||||
|
|
||||||
|
# Create squashfs
|
||||||
|
mksquashfs /build/artifacts/dist /build/artifacts/usr.squashfs
|
||||||
|
|
||||||
|
# Image squashfs filesystem onto usr img
|
||||||
|
dd if=/build/artifacts/usr.squashfs of=/build/images/usr.img
|
||||||
|
|
||||||
|
# Build verity
|
||||||
@ -1 +1,3 @@
|
|||||||
app-shells/bash
|
app-shells/bash
|
||||||
|
app-misc/hyfetch
|
||||||
|
sys-libs/musl
|
||||||
@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
build:
|
build:
|
||||||
image: docker.io/gentoo/stage3
|
image: docker.io/gentoo/stage3:musl-hardened
|
||||||
command: /build/build-image.sh
|
command: /build/build-image.sh
|
||||||
volumes:
|
volumes:
|
||||||
- ./build:/build
|
- ./build:/build
|
||||||
@ -12,11 +12,11 @@ services:
|
|||||||
- signing_key_private
|
- signing_key_private
|
||||||
- signing_key_public
|
- signing_key_public
|
||||||
volumes:
|
volumes:
|
||||||
- ./build/artifacts:/artifacts
|
- ./build/images:/images
|
||||||
serve:
|
serve:
|
||||||
image: docker.io/halverneus/static-file-server
|
image: docker.io/halverneus/static-file-server
|
||||||
volumes:
|
volumes:
|
||||||
- ./build/artifacts:/artifacts
|
- ./build/images:/images
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
signing_key_password:
|
signing_key_password:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user