N0rthernL1ghts/s6-rootfs
1
0
Fork 0
mirror of https://github.com/N0rthernL1ghts/s6-rootfs.git synced 2024-11-23 14:13:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Verify file integrity for new versions

Browse Source
This commit is contained in:
Aleksandar Puharic 2022-09-14 01:43:50 +02:00
parent 779eef0d71
commit 0a5084746c
Signed by: xZero707
GPG Key ID: 3CC53DCAA9C237BB
1 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Dockerfile
View File

@ -17,20 +17,46 @@ ARG S6_OVERLAY_VERSION
ARG S6_OVERLAY_RELEASE ARG S6_OVERLAY_RELEASE
ARG S6_OVERLAY_PAK_EXT ARG S6_OVERLAY_PAK_EXT
ARG S6_OVERLAY_RELEASE_URL="${S6_OVERLAY_RELEASE}/v${S6_OVERLAY_VERSION}/s6-overlay-${TARGETPLATFORM}${S6_OVERLAY_PAK_EXT}" ARG S6_OVERLAY_RELEASE_URL="${S6_OVERLAY_RELEASE}/v${S6_OVERLAY_VERSION}/s6-overlay-${TARGETPLATFORM}${S6_OVERLAY_PAK_EXT}"
ARG S6_OVERLAY_HASH_URL="${S6_OVERLAY_RELEASE}/v${S6_OVERLAY_VERSION}/s6-overlay-${TARGETPLATFORM}${S6_OVERLAY_PAK_EXT}.sha256"
RUN apk add --no-cache wget \ RUN set -eux \
&& apk add --no-cache wget \
&& wget -O /s6overlay-bin.tar.xz "$(echo ${S6_OVERLAY_RELEASE_URL} | sed 's/linux\///g' | sed 's/amd64/x86_64/g' | sed 's/arm64/aarch64/g' | sed 's/arm\/v7/armhf/g')" && wget -O /s6overlay-bin.tar.xz "$(echo ${S6_OVERLAY_RELEASE_URL} | sed 's/linux\///g' | sed 's/amd64/x86_64/g' | sed 's/arm64/aarch64/g' | sed 's/arm\/v7/armhf/g')"
# Third stage - Build rootfs from s6 parts
# Third stage - Download s6-overlay platform-dependent hashes
FROM --platform=${TARGETPLATFORM} alpine:3.16.2 AS downloader-s6-sha256-sums
ARG TARGETPLATFORM
ARG S6_OVERLAY_VERSION
ARG S6_OVERLAY_RELEASE
ARG S6_OVERLAY_PAK_EXT
ARG S6_OVERLAY_BASE_HASH_URL="${S6_OVERLAY_RELEASE}/v${S6_OVERLAY_VERSION}/s6-overlay-noarch${S6_OVERLAY_PAK_EXT}.sha256"
ARG S6_OVERLAY_BIN_HASH_URL="${S6_OVERLAY_RELEASE}/v${S6_OVERLAY_VERSION}/s6-overlay-${TARGETPLATFORM}${S6_OVERLAY_PAK_EXT}.sha256"
RUN set -eux \
&& apk add --no-cache wget \
&& wget -O /s6overlay-base.tar.xz.sha256 "${S6_OVERLAY_BASE_HASH_URL}" \
&& wget -O /s6overlay-bin.tar.xz.sha256 "$(echo "${S6_OVERLAY_BIN_HASH_URL}" | sed 's/linux\///g' | sed 's/amd64/x86_64/g' | sed 's/arm64/aarch64/g' | sed 's/arm\/v7/armhf/g')" \
&& echo "$(cat /s6overlay-base.tar.xz.sha256 | cut -d' ' -f1) /s6overlay-base.tar.xz" > /SHA256SUMS \
&& echo "$(cat /s6overlay-bin.tar.xz.sha256 | cut -d' ' -f1) /s6overlay-bin.tar.xz" >> /SHA256SUMS \
&& rm /s6overlay-base.tar.xz.sha256 \
&& rm /s6overlay-bin.tar.xz.sha256
# Fourth stage - Build rootfs from s6 parts
FROM alpine:3.16.2 AS rootfs-builder FROM alpine:3.16.2 AS rootfs-builder
COPY --from=downloader-s6-sha256-sums ["/SHA256SUMS", "/"]
COPY --from=downloader-s6-base ["/s6overlay-base.tar.xz", "/s6overlay-base.tar.xz"] COPY --from=downloader-s6-base ["/s6overlay-base.tar.xz", "/s6overlay-base.tar.xz"]
COPY --from=downloader-s6-bin ["/s6overlay-bin.tar.xz", "/s6overlay-bin.tar.xz"] COPY --from=downloader-s6-bin ["/s6overlay-bin.tar.xz", "/s6overlay-bin.tar.xz"]
WORKDIR "/rootfs-build/" WORKDIR "/rootfs-build/"
RUN apk add --no-cache tar xz \ RUN set -eux \
&& sha256sum -c /SHA256SUMS \
&& apk add --no-cache tar xz \
&& tar -Jxpf /s6overlay-base.tar.xz -C /rootfs-build \ && tar -Jxpf /s6overlay-base.tar.xz -C /rootfs-build \
&& tar -Jxpf /s6overlay-bin.tar.xz -C /rootfs-build && tar -Jxpf /s6overlay-bin.tar.xz -C /rootfs-build