-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile_rpi
120 lines (91 loc) · 4.17 KB
/
Dockerfile_rpi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
FROM docker.io/library/alpine:3.21 as builder
# Run an APK update so we have a recent cache ready in the Docker image
# (if we don't do this then the "apk fetch" stages of the build that fetch
# packages like the Raspberry Pi bootloader will fail).
RUN apk update
# Install build deps
RUN apk add \
alpine-conf \
alpine-sdk \
apk-tools \
build-base \
busybox \
dosfstools \
fakeroot \
grub-efi \
mtools \
squashfs-tools \
tzdata \
xorriso
# Create build directory
RUN mkdir /tmp/abuild
WORKDIR /tmp/abuild
# Clone the aports repo for our specific branch
# If building from Alpine Edge, we need to use the `master` branch
#RUN git clone --depth 1 --branch master https://gitlab.alpinelinux.org/alpine/aports.git
RUN git clone --depth 1 --branch 3.21-stable https://gitlab.alpinelinux.org/alpine/aports.git
# Add our custom profile into the abuild scripts directory
COPY mkimg.pinewall_rpi.sh /tmp/abuild/aports/scripts/mkimg.pinewall_rpi.sh
COPY genapkovl-pinewall.sh /tmp/abuild/aports/scripts/genapkovl-pinewall.sh
# Make our scripts executable
RUN chmod +x /tmp/abuild/aports/scripts/mkimage.sh
RUN chmod +x /tmp/abuild/aports/scripts/mkimg.pinewall_rpi.sh
RUN chmod +x /tmp/abuild/aports/scripts/genapkovl-pinewall.sh
# Add in our configs
COPY config/etc/ /tmp/etc/
COPY config/home/ /tmp/home/
# Add unprivileged builder user and change ownership of build directory
# so we can launch the mkimage process unprivileged
RUN adduser builder --disabled-password
RUN addgroup builder abuild
RUN chown -R builder:abuild /tmp/abuild /tmp/etc /tmp/home
# Become builder user and generate our build key
# Most examples pass the -i flag to abuild-keygen, but that just installs
# our generated keys into /etc/apk/keys. We don't need to do that since we're
# not actually going to be installing any packages we've built inside this container
# (or even building any packages in the first place really, I think this is just a pre-req
# to running abuild-based processes).
USER builder
RUN abuild-keygen -a -n
# Enter the script directory
WORKDIR /tmp/abuild/aports/scripts
# Create our output dir
RUN mkdir /tmp/images
# Build our image
RUN ./mkimage.sh --tag 3.21 --outdir /tmp/images --workdir /tmp/cache --arch aarch64 --repository https://uk.alpinelinux.org/alpine/v3.21/main --repository https://uk.alpinelinux.org/alpine/v3.21/community --profile pinewall_rpi
# List the contents of our image directory
# (should show our built image if everything worked)
RUN ls -lah /tmp/images
# --------------------------------------------- #
# This second-stage of the Dockerfile is focused on building a Raspberry Pi compatible
# .img file for writing directly to a Pi microSD card
# Copy our built image into a new container
FROM docker.io/library/alpine:3.21
# Install mtools to build FAT32 images without mounting them
RUN apk --no-cache add mtools
# Copy our built images and settings from the build container
COPY --from=builder /tmp/images/alpine-pinewall_rpi-3.21-aarch64.tar.gz /tmp/images/pinewall.tar.gz
# Set workdir
WORKDIR /opt
# Extract the .tar.gz that Alpine's script builds for us
RUN mkdir /opt/pinewall
RUN tar -xvf /tmp/images/pinewall.tar.gz --no-same-owner -C /opt/pinewall
# Add in our Pi firmware tweaks
COPY usercfg.txt /opt/pinewall/usercfg.txt
# Build a FAT32 image with our overlay and the contents of our archive
RUN dd if=/dev/zero of=/opt/pinewall.img bs=1M count=128
# Create FAT32 filesystem on our image
RUN mformat -i /opt/pinewall.img ::
# Copy our image contents to the the image
RUN mcopy -si /opt/pinewall.img /opt/pinewall/* ::
# Set disk image label for PINEWALL
RUN mlabel -i ./pinewall.img ::PINEWALL
# Print the listing of APKs into a file
RUN mdir -i pinewall.img ::apks/aarch64 | grep APK | grep -v APKINDEX | awk '{ print $6 }' | sort | sed s/\.apk$// > /opt/pinewall.txt
# Compress our image since otherwise a lot of it is just unallocated blocks
RUN gzip -9 /opt/pinewall.img
# --------------------------------------------- #
# We don't set an entrypoint in this container as our preferred method for
# retrieving the built image from it is to use `podman create` to create an
# instance of the container, and then `podman cp` to copy /tmp/pinewall.img.gz
# to the host machine.