Browse Source

Option to specify docker image hash

Adds the option to specify a docker image hash to use for the base vm
and for descriptors
pull/185/head
Andrew Chow 2 years ago
parent
commit
4053f3c88e
2 changed files with 34 additions and 8 deletions
  1. 8
    0
      bin/gbuild
  2. 26
    8
      bin/make-base-vm

+ 8
- 0
bin/gbuild View File

@@ -237,6 +237,14 @@ distro = build_desc["distro"] || "ubuntu"
suites = build_desc["suites"] or raise "must supply suites"
archs = build_desc["architectures"] or raise "must supply architectures"
build_desc["reference_datetime"] or build_desc["remotes"].size > 0 or raise "must supply `reference_datetime` or `remotes`"
docker_image_digests = build_desc["docker_image_digests"] || []

# if docker_image_digests are supplied, it must be the same length as suites
if docker_image_digests.size > 0 and suites.size != docker_image_digests.size
raise "`suites` and `docker_image_digests` must both be the same size if both are supplied"
elsif ENV["USE_DOCKER"] and docker_image_digests.size > 0 and suites.size == docker_image_digests.size
suites = docker_image_digests
end

ENV['DISTRO'] = distro


+ 26
- 8
bin/make-base-vm View File

@@ -8,19 +8,21 @@ MIRROR_BASE=http://${MIRROR_HOST:-127.0.0.1}:3142
LXC=0
VBOX=0
DOCKER=0
DOCKER_IMAGE_HASH=""

usage() {
echo "Usage: ${0##*/} [OPTION]..."
echo "Make a base client."
echo
cat << EOF
--help display this help and exit
--distro D build distro D (e.g. debian) instead of ubuntu
--suite U build suite U instead of xenial
--arch A build architecture A (e.g. i386) instead of amd64
--lxc use lxc instead of kvm
--vbox use VirtualBox instead of kvm
--docker use docker instead of kvm
--help display this help and exit
--distro D build distro D (e.g. debian) instead of ubuntu
--suite U build suite U instead of xenial
--arch A build architecture A (e.g. i386) instead of amd64
--lxc use lxc instead of kvm
--vbox use VirtualBox instead of kvm
--docker use docker instead of kvm
--docker-image-hash D digest of the docker image to build from

The MIRROR_HOST environment variable can be used to change the
apt-cacher host. It should be something that both the host and the
@@ -42,6 +44,11 @@ usage() {
This is done as separate variable to make it clear that we modify sudo
behaviour here regarding security (though anyway env is cleared with
whitelist so should be perfectly safe).

The --docker-image-hash option can be used to specify the hash of a particular
base image to use. These hashes can be found under the "RepoDigests" field of
"docker image inspect <image>". They will be reported in the form "sha256:<hash>";
only need the <hash> part is needed
EOF
}

@@ -76,6 +83,10 @@ if [ $# != 0 ] ; then
DOCKER=1
shift 1
;;
--docker-image-digest)
DOCKER_IMAGE_HASH="$2"
shift 2
;;
--*)
echo "unrecognized option $1"
exit 1
@@ -166,9 +177,16 @@ if [ $DOCKER = "1" ]; then
mkdir -p docker
cd docker

if [ -n "$DOCKER_IMAGE_HASH" ]; then
base_image="$DISTRO@sha256:$DOCKER_IMAGE_HASH"
OUT=base-$DOCKER_IMAGE_HASH-$ARCH
else
base_image="$DISTRO:$SUITE"
fi

# Generate the dockerfile
cat << EOF > $OUT.Dockerfile
FROM $DISTRO:$SUITE
FROM $base_image

ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get --no-install-recommends -y install $addpkg

Loading…
Cancel
Save