Move build to script, configure gpg keyserver

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-12-20 17:41:19 +00:00 · 2020-10-03 16:49:06 +02:00 · 2020-10-03 16:49:06 +02:00 · ccf273b650
commit ccf273b650
parent 68f511b08c
2 changed files with 38 additions and 16 deletions
--- a/18
+++ b/18
@ -1,21 +1,7 @@
 FROM luzifer/archlinux:latest
-RUN set -ex \
+COPY build.sh /usr/local/bin/
- && pacman -Sy \
+RUN bash /usr/local/bin/build.sh
 && pacman -S --noconfirm --needed \
      base-devel \
      curl \
      git \
 && useradd -m -u 1000 builder \
 && echo "builder ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/builder \
 && pacman-key --init \
 && pacman-key --keyserver hkp://keyserver.ubuntu.com -r 6F73A4F39CDF652E3F944142085AA223D0391BF9 \
 && pacman-key --lsign-key 6F73A4F39CDF652E3F944142085AA223D0391BF9 \
 && curl -sSfLo /usr/local/bin/dumb-init  "https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64" \
 && curl -sSfLo /usr/local/bin/gosu       "https://github.com/tianon/gosu/releases/download/1.11/gosu-amd64" \
 && chmod 0755 \
      /usr/local/bin/dumb-init \
      /usr/local/bin/gosu
 VOLUME ["/src", "/repo", "/config"]
 WORKDIR /src
--- a/build.sh
+++ b/build.sh
@ -0,0 +1,36 @@
 #!/bin/bash
 set -euxo pipefail
 required_packages=(
 	base-devel
 	curl
 	git
 )
 luzifer_pkg_key="6F73A4F39CDF652E3F944142085AA223D0391BF9"
 keyserver="hkp://keyserver.ubuntu.com"
 # Update system to latest state and install required packages
 pacman -Sy
 pacman -S --noconfirm --needed "${required_packages[@]}"
 # Add new build user and allow it to `sudo`
 useradd -m -u 1000 builder
 echo "builder ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/builder
 # Configure keyserver for builder user
 mkdir ~builder/.gnupg
 echo "keyserver ${keyserver}" >~builder/.gnupg/gpg.conf
 chown -R builder ~builder/.gnupg
 # Install
 pacman-key --init
 pacman-key --keyserver "${keyserver}" -r "${luzifer_pkg_key}"
 pacman-key --lsign-key "${luzifer_pkg_key}"
 # Install dumb-init and gosu
 curl -sSfLo /usr/local/bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64"
 curl -sSfLo /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.11/gosu-amd64"
 chmod 0755 \
 	/usr/local/bin/dumb-init \
 	/usr/local/bin/gosu