Further work on build script
This commit is contained in:
parent
5523a823e0
commit
715c934116
GPG Key ID:
5FE0CB25945EFAA2
@ -2,15 +2,47 @@
|
||||
|
||||
set -euxo pipefail
|
||||
|
||||
mkdir -p /artifacts/dist
|
||||
export EPREFIX="/build/artifacts/dist"
|
||||
# Clean build dir and remake
|
||||
rm -rf /build/artifacts/*
|
||||
mkdir -p /build/artifacts/dist
|
||||
|
||||
rm -f /var/db/repos/gentoo/metadata/timestamp.chk
|
||||
emerge --sync --quiet
|
||||
eselect profile list | grep hardened
|
||||
# Gentoo setup
|
||||
mkdir -p /var/db/repos/gentoo
|
||||
rm -f /var/db/repos/gentoo/metadata/timestamp.x
|
||||
emerge-webrsync --quiet
|
||||
eselect profile set default/linux/amd64/23.0/musl/hardened/selinux
|
||||
|
||||
# SquashFS tools needed for image generation
|
||||
emerge squashfstools
|
||||
|
||||
# Copy in package list
|
||||
mkdir -p /etc/portage/sets
|
||||
cp /build/packages.txt /etc/portage/sets/halogenos
|
||||
|
||||
emerge @halogenos
|
||||
# Set install location
|
||||
export ROOT="/build/artifacts/dist"
|
||||
|
||||
# Emerge all packages
|
||||
emerge -j $(nproc) --quiet @halogenos
|
||||
|
||||
# Fix directory locations
|
||||
mv /build/artifacts/dist/bin /build/artifacts/dist/usr/bin
|
||||
mv /build/artifacts/dist/lib /build/artifacts/dist/usr/lib
|
||||
mv /build/artifacts/dist/sbin /build/artifacts/dist/usr/sbin
|
||||
|
||||
# Include any additional files
|
||||
|
||||
# Make any additional config changes
|
||||
|
||||
# Create images dir and img files
|
||||
mkdir -p /build/artifacts/images
|
||||
dd if=/dev/zero of=/build/images/usr.img bs=1 count=0 seek=2G
|
||||
dd if=/dev/zero of=/build/images/verity.img bs=1 count=0 seek=2000M
|
||||
|
||||
# Create squashfs
|
||||
mksquashfs /build/artifacts/dist /build/artifacts/usr.squashfs
|
||||
|
||||
# Image squashfs filesystem onto usr img
|
||||
dd if=/build/artifacts/usr.squashfs of=/build/images/usr.img
|
||||
|
||||
# Build verity
|
||||
@ -1 +1,3 @@
|
||||
app-shells/bash
|
||||
app-misc/hyfetch
|
||||
sys-libs/musl
|
||||
@ -1,6 +1,6 @@
|
||||
services:
|
||||
build:
|
||||
image: docker.io/gentoo/stage3
|
||||
image: docker.io/gentoo/stage3:musl-hardened
|
||||
command: /build/build-image.sh
|
||||
volumes:
|
||||
- ./build:/build
|
||||
@ -12,11 +12,11 @@ services:
|
||||
- signing_key_private
|
||||
- signing_key_public
|
||||
volumes:
|
||||
- ./build/artifacts:/artifacts
|
||||
- ./build/images:/images
|
||||
serve:
|
||||
image: docker.io/halverneus/static-file-server
|
||||
volumes:
|
||||
- ./build/artifacts:/artifacts
|
||||
- ./build/images:/images
|
||||
|
||||
secrets:
|
||||
signing_key_password:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user