* added Ubuntu Archive reference keyring

* added script to debootstrap Ubuntu Trusty * added Dockerfile for Ubuntu Trusty kernel builder
2014-06-10 12:25:20 +02:00 · 2014-06-10 12:25:20 +02:00 · 0e216f2548
commit 0e216f2548
parent a05c460c2d
5 changed files with 143 additions and 0 deletions
--- a/docker/keyrings/ubuntu-archive-keyring.gpg
+++ b/docker/keyrings/ubuntu-archive-keyring.gpg
--- a/docker/scripts/build-trusty.sh
+++ b/docker/scripts/build-trusty.sh
@ -0,0 +1,68 @@
 #!/bin/bash
 ## @author gdm85
 ##
 ## build a base Ubuntu Trusty
 #
 BASENAME=$(dirname $(readlink -m $0))
 ## the distro we are going to use
 ## the distro we are going to use
 DISTNAME=trusty
 REPOSRC=http://archive.ubuntu.com/ubuntu/
 if [ ! $UID -eq 0 ]; then
 	echo "This script can only be run as root" 1>&2
 	exit 1
 fi
 ## check for prerequisites
 if ! type -P debootstrap >/dev/null; then
 	echo "You need to install debootstrap" 1&2
 	exit 2
 fi
 ## check about the Ubuntu archive keyring
 DEFK=/usr/share/keyrings/ubuntu-archive-keyring.gpg
 KEYRING=$BASENAME/../keyrings/ubuntu-archive-keyring.gpg
 if [ -s $DEFK ]; then
 	if ! diff $DEFK $KEYRING; then
 		ANSWER=
 		while [[ "$ANSWER" != "Y" && "$ANSWER" != "n" ]]; do
 			echo -n "The Ubuntu Archive keyring in your system ($DEFK) that will be used to debootstrap is different from the reference provided keyring. Continue? (Y/n) "
 			read -r ANSWER || exit $?
 		done
 		if [[ "$ANSWER" == "n" ]]; then
 			exit 1
 		fi
 		## use system's keyring, even if different than provided one
 		## this is a no-issue only in case the system's keyring is more recent than the provided one
 		KEYRING=$DEFK
 	fi
 else
 	ANSWER=
 	while [[ "$ANSWER" != "Y" && "$ANSWER" != "n" ]]; do
 		echo -n "Your system comes with no Ubuntu Archive keyring in $DEFK that is necessary for debootstrap. Use reference provided keyring? (Y/n) "
 		read -r ANSWER || exit $?
 	done
 	if [[ "$ANSWER" == "n" ]]; then
 		exit 1
 	fi
 fi
 echo "Will use $KEYRING"
 exit 0
 ## NOTE: a temporary directory under /tmp is not used because can't be mounted dev/exec
 mkdir $DISTNAME || exit $?
 TMPDIR=$PWD/$DISTNAME
 debootstrap --keyring=$KEYRING $DISTNAME $DISTNAME $REPOSRC && \
 cd $DISTNAME && \
 tar -c . | docker import - gdm85/$DISTNAME
 RV=$?
 # always perform cleanup
 rm -rf $TMPDIR
 exit $RV
--- a/docker/trusty-kbuilder/Dockerfile
+++ b/docker/trusty-kbuilder/Dockerfile
@ -0,0 +1,48 @@
 ## trusty-kbuilder
 ##
 ## VERSION 0.1.0
 ##
 ## Trusty image to build kernel
 ##
 #
 ## NOTE: this image must be debootstrapped with build-trusty.sh
 FROM gdm85/trusty
 MAINTAINER Giuseppe Mazzotta "gdm85@users.noreply.github.com"
 ENV DEBIAN_FRONTEND noninteractive
 ## replace sources
 ADD sources.list /etc/apt/sources.list
 RUN apt-get update && apt-get install -y apt-utils aptitude && aptitude update && aptitude safe-upgrade -y && \
 aptitude install -y nano tmux fakeroot build-essential crash kexec-tools makedumpfile kernel-wedge openssh-server
 ## log rotation is managed outside, thus remove it
 ## install necessary daemons
 RUN apt-get remove -y logrotate
 ## set current user's id_rsa as only allowed key
 ADD authorized_keys /root/.ssh/authorized_keys
 RUN chmod -R go-rwx /root/.ssh
 ## disable password logins & reverse DNS lookups
 RUN sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && echo 'UseDNS no' >> /etc/ssh/sshd_config
 EXPOSE 22
 ##NOTE: this will use current kernel version!
 RUN apt-get build-dep -y --no-install-recommends linux-image-$(uname -r)
 RUN apt-get install -y git-core libncurses5 libncurses5-dev libelf-dev asciidoc binutils-dev
 ## user that will make the compilation
 RUN useradd -m -s /bin/bash rdeckard
 ## add script for getting source
 ADD build-kernel.sh /home/rdeckard/
 ADD patches/ /home/rdeckard/patches/
 RUN chown -R rdeckard.rdeckard /home/rdeckard
 CMD /usr/sbin/sshd -D -e
--- a/docker/trusty-kbuilder/build-kernel.sh
+++ b/docker/trusty-kbuilder/build-kernel.sh
@ -0,0 +1,16 @@
 #!/bin/bash
 set -e
 apt-get source linux-image-$(uname -r)
 cd linux-3.13.0
 ## will fail here if no patches are available
 ## why are you recompiling kernel if no custom patches are there?
 for MYP in $(ls ../patches); do
 	patch -p1 < ../patches/$MYP
 done
 fakeroot debian/rules clean
 DEB_BUILD_OPTIONS=parallel=3 AUTOBUILD=1 NOEXTRAS=1 fakeroot debian/rules binary-generic
--- a/docker/trusty-kbuilder/sources.list
+++ b/docker/trusty-kbuilder/sources.list
@ -0,0 +1,11 @@
 deb http://archive.ubuntu.com/ubuntu/ trusty main restricted
 deb-src http://archive.ubuntu.com/ubuntu/ trusty main restricted
 deb http://archive.ubuntu.com/ubuntu/ trusty-updates main restricted
 deb-src http://archive.ubuntu.com/ubuntu/ trusty-updates main restricted
 deb http://security.ubuntu.com/ubuntu trusty-security main restricted
 deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
 deb http://security.ubuntu.com/ubuntu trusty-security universe
 deb-src http://security.ubuntu.com/ubuntu trusty-security universe
 deb http://security.ubuntu.com/ubuntu trusty-security multiverse
 deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse