HalogenOS/image-builder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: HalogenOS:715c934116a0239e56461712553ddfde88aeead4
Branches Tags
HalogenOS:main
..
compare: HalogenOS:361e4a1f1eb9332e2f76d09a6729b684050ed37c
Branches Tags
HalogenOS:main

No commits in common. "715c934116a0239e56461712553ddfde88aeead4" and "361e4a1f1eb9332e2f76d09a6729b684050ed37c" have entirely different histories.
715c934116 ... 361e4a1f1e

5 changed files with 8 additions and 50 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
build/artifacts/ artifacts/
secrets/ secrets/

46
build/build-image.sh
View File

@ -2,47 +2,7 @@
set -euxo pipefail set -euxo pipefail
# Clean build dir and remake mkdir -p /artifacts/dist
rm -rf /build/artifacts/* export EPREFIX="/artifacts/dist"
mkdir -p /build/artifacts/dist
# Gentoo setup emerge --sync --quiet
mkdir -p /var/db/repos/gentoo
rm -f /var/db/repos/gentoo/metadata/timestamp.x
emerge-webrsync --quiet
eselect profile set default/linux/amd64/23.0/musl/hardened/selinux
# SquashFS tools needed for image generation
emerge squashfstools
# Copy in package list
mkdir -p /etc/portage/sets
cp /build/packages.txt /etc/portage/sets/halogenos
# Set install location
export ROOT="/build/artifacts/dist"
# Emerge all packages
emerge -j $(nproc) --quiet @halogenos
# Fix directory locations
mv /build/artifacts/dist/bin /build/artifacts/dist/usr/bin
mv /build/artifacts/dist/lib /build/artifacts/dist/usr/lib
mv /build/artifacts/dist/sbin /build/artifacts/dist/usr/sbin
# Include any additional files
# Make any additional config changes
# Create images dir and img files
mkdir -p /build/artifacts/images
dd if=/dev/zero of=/build/images/usr.img bs=1 count=0 seek=2G
dd if=/dev/zero of=/build/images/verity.img bs=1 count=0 seek=2000M
# Create squashfs
mksquashfs /build/artifacts/dist /build/artifacts/usr.squashfs
# Image squashfs filesystem onto usr img
dd if=/build/artifacts/usr.squashfs of=/build/images/usr.img
# Build verity

3
build/packages.txt
View File

@ -1,3 +0,0 @@
app-shells/bash
app-misc/hyfetch
sys-libs/musl

7
compose.yml
View File

@ -1,8 +1,9 @@
services: services:
build: build:
image: docker.io/gentoo/stage3:musl-hardened image: docker.io/gentoo/stage3
command: /build/build-image.sh command: /build/build-image.sh
volumes: volumes:
- ./artifacts:/artifacts
- ./build:/build - ./build:/build
sign: sign:
image: docker.io/vladgh/gpg image: docker.io/vladgh/gpg
@ -12,11 +13,11 @@ services:
- signing_key_private - signing_key_private
- signing_key_public - signing_key_public
volumes: volumes:
- ./build/images:/images - ./artifacts:/artifacts
serve: serve:
image: docker.io/halverneus/static-file-server image: docker.io/halverneus/static-file-server
volumes: volumes:
- ./build/images:/images - ./artifacts:/artifacts
secrets: secrets:
signing_key_password: signing_key_password:

0
packages.txt Normal file
View File