* added Ubuntu Archive reference keyring

* added script to debootstrap Ubuntu Trusty
* added Dockerfile for Ubuntu Trusty kernel builder
This commit is contained in:
gdm85 2014-06-10 12:25:20 +02:00
parent a05c460c2d
commit 0e216f2548
5 changed files with 143 additions and 0 deletions

Binary file not shown.

68
docker/scripts/build-trusty.sh Executable file
View File

@ -0,0 +1,68 @@
#!/bin/bash
## @author gdm85
##
## build a base Ubuntu Trusty
#
BASENAME=$(dirname $(readlink -m $0))
## the distro we are going to use
## the distro we are going to use
DISTNAME=trusty
REPOSRC=http://archive.ubuntu.com/ubuntu/
if [ ! $UID -eq 0 ]; then
echo "This script can only be run as root" 1>&2
exit 1
fi
## check for prerequisites
if ! type -P debootstrap >/dev/null; then
echo "You need to install debootstrap" 1&2
exit 2
fi
## check about the Ubuntu archive keyring
DEFK=/usr/share/keyrings/ubuntu-archive-keyring.gpg
KEYRING=$BASENAME/../keyrings/ubuntu-archive-keyring.gpg
if [ -s $DEFK ]; then
if ! diff $DEFK $KEYRING; then
ANSWER=
while [[ "$ANSWER" != "Y" && "$ANSWER" != "n" ]]; do
echo -n "The Ubuntu Archive keyring in your system ($DEFK) that will be used to debootstrap is different from the reference provided keyring. Continue? (Y/n) "
read -r ANSWER || exit $?
done
if [[ "$ANSWER" == "n" ]]; then
exit 1
fi
## use system's keyring, even if different than provided one
## this is a no-issue only in case the system's keyring is more recent than the provided one
KEYRING=$DEFK
fi
else
ANSWER=
while [[ "$ANSWER" != "Y" && "$ANSWER" != "n" ]]; do
echo -n "Your system comes with no Ubuntu Archive keyring in $DEFK that is necessary for debootstrap. Use reference provided keyring? (Y/n) "
read -r ANSWER || exit $?
done
if [[ "$ANSWER" == "n" ]]; then
exit 1
fi
fi
echo "Will use $KEYRING"
exit 0
## NOTE: a temporary directory under /tmp is not used because can't be mounted dev/exec
mkdir $DISTNAME || exit $?
TMPDIR=$PWD/$DISTNAME
debootstrap --keyring=$KEYRING $DISTNAME $DISTNAME $REPOSRC && \
cd $DISTNAME && \
tar -c . | docker import - gdm85/$DISTNAME
RV=$?
# always perform cleanup
rm -rf $TMPDIR
exit $RV

View File

@ -0,0 +1,48 @@
## trusty-kbuilder
##
## VERSION 0.1.0
##
## Trusty image to build kernel
##
#
## NOTE: this image must be debootstrapped with build-trusty.sh
FROM gdm85/trusty
MAINTAINER Giuseppe Mazzotta "gdm85@users.noreply.github.com"
ENV DEBIAN_FRONTEND noninteractive
## replace sources
ADD sources.list /etc/apt/sources.list
RUN apt-get update && apt-get install -y apt-utils aptitude && aptitude update && aptitude safe-upgrade -y && \
aptitude install -y nano tmux fakeroot build-essential crash kexec-tools makedumpfile kernel-wedge openssh-server
## log rotation is managed outside, thus remove it
## install necessary daemons
RUN apt-get remove -y logrotate
## set current user's id_rsa as only allowed key
ADD authorized_keys /root/.ssh/authorized_keys
RUN chmod -R go-rwx /root/.ssh
## disable password logins & reverse DNS lookups
RUN sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && echo 'UseDNS no' >> /etc/ssh/sshd_config
EXPOSE 22
##NOTE: this will use current kernel version!
RUN apt-get build-dep -y --no-install-recommends linux-image-$(uname -r)
RUN apt-get install -y git-core libncurses5 libncurses5-dev libelf-dev asciidoc binutils-dev
## user that will make the compilation
RUN useradd -m -s /bin/bash rdeckard
## add script for getting source
ADD build-kernel.sh /home/rdeckard/
ADD patches/ /home/rdeckard/patches/
RUN chown -R rdeckard.rdeckard /home/rdeckard
CMD /usr/sbin/sshd -D -e

View File

@ -0,0 +1,16 @@
#!/bin/bash
set -e
apt-get source linux-image-$(uname -r)
cd linux-3.13.0
## will fail here if no patches are available
## why are you recompiling kernel if no custom patches are there?
for MYP in $(ls ../patches); do
patch -p1 < ../patches/$MYP
done
fakeroot debian/rules clean
DEB_BUILD_OPTIONS=parallel=3 AUTOBUILD=1 NOEXTRAS=1 fakeroot debian/rules binary-generic

View File

@ -0,0 +1,11 @@
deb http://archive.ubuntu.com/ubuntu/ trusty main restricted
deb-src http://archive.ubuntu.com/ubuntu/ trusty main restricted
deb http://archive.ubuntu.com/ubuntu/ trusty-updates main restricted
deb-src http://archive.ubuntu.com/ubuntu/ trusty-updates main restricted
deb http://security.ubuntu.com/ubuntu trusty-security main restricted
deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse