Initial commit

This commit is contained in:
Julian Ospald 2016-08-12 17:33:54 +02:00
commit ba5e6216ed
No known key found for this signature in database
GPG Key ID: 511B62C09D50CD28
19 changed files with 281 additions and 0 deletions

25
Dockerfile Normal file
View File

@ -0,0 +1,25 @@
FROM busybox
MAINTAINER Julian Ospald <hasufell@posteo.de>
# copy hooks
COPY ./config/paludis /etc/paludis-new
# This one should be present by running the build.sh script
COPY bootstrap.sh /
# one step, to make the layer as thin as possible
# bootstrap.h calls build.sh
RUN /bootstrap.sh amd64 x86_64
COPY build.sh /
RUN /build.sh
# update etc files... hope this doesn't screw up
RUN eclectic config accept-all
# don't allow regular sync, because we want to make sure
# all images deriving from this one have the same state
RUN sed -i -e 's|^sync|#sync|' /etc/paludis/repositories/*.conf

59
README.md Normal file
View File

@ -0,0 +1,59 @@
## Usage
This image is optimized for size, as such, stuff in the following
directories is removed:
```
/srv/binhost/
/usr/include/
/usr/lib64/debug/
/usr/portage/
/usr/share/applications/
/usr/share/doc/
/usr/share/gtk-doc/
/usr/share/info/
/usr/share/man/
/usr/share/mime/
/var/cache/paludis/metadata/
/var/cache/paludis/names/
/var/tmp/paludis/
```
When installing something, the hook in `ebuild_preinst_pre/cleanup_files.bash`
will remove files from the following directories from the package before
it is merged:
```
/usr/include/
/usr/lib64/debug/
/usr/share/applications/
/usr/share/doc/
/usr/share/gtk-doc/
/usr/share/info/
/usr/share/man/
/usr/share/mime/
```
When creating a derived image, you have to do the following before
you can attempt package installation, since the checked out files
of the main gentoo repositories are removed, while the git repository
data is still intact:
```sh
git -C /usr/portage checkout -- .
cave sync gentoo
```
A complete Dockerfile command to install something could look like this:
```
RUN chgrp paludisbuild /dev/tty && \
git -C /usr/portage checkout -- . && \
env-update && \
source /etc/profile && \
cave sync && \
cave resolve <the-package-I-want> -x && \
rm -rf /var/cache/paludis/names/* /var/cache/paludis/metadata/* \
/var/tmp/paludis/* /usr/portage/* /srv/binhost/*
```
A few things to note are also:
* non-binary packages are not allowed, since /usr/include/ files are removed and compilation would probably fail hard (a complete rebuild via `cave resolve -e world -x` would be necessary after removing the `ebuild_preinst_pre/cleanup_files.bash` hook)
* the same goes for Dockerfiles that do local compilations, they will have to run `cave resolve -e world -x` in order to restore all development files
* a regular sync does not update the actual repositories, so we have a defined state (files in `/etc/paludis/repositories/*.conf` can be modified to allow that though)

55
bootstrap.sh Executable file
View File

@ -0,0 +1,55 @@
#!/bin/sh
set -e
# First param is package tarball, 2nd is the *.DIGEST file
VerifyShaOfStage3()
{
test_sum=$(awk -v myvar="$1" '$2==myvar {for(i=1; i<=1; i++) { print $1; exit}}' $2)
calculated_sum=$(sha1sum $1 | awk '{print $1}' -)
if [[ "$test_sum" == "$calculated_sum" ]]; then
return 0
else
return 1
fi
}
suffix=$3 # e.g. -hardened
arch=$1
dist="http://dev.exherbo.org/stages/"
stage3="exherbo-amd64-current.tar.xz"
# Create working directory, keep a copy of busybox handy
mkdir newWorldOrder; cd newWorldOrder
cp /bin/busybox .
echo "Downloading and extracting ${stage3}..."
wget -c "${dist}/${stage3}" "${dist}/sha1sum"
if VerifyShaOfStage3 $stage3 "sha1sum"; then
echo "DIGEST sum is okey";
else
echo "DIGEST sum is NOT okey";
return 1;
fi
xz -d ${stage3}
tar --exclude "./etc/hosts" --exclude "./etc/hostname" --exclude "./sys/*" -xf ${stage3%.*}
/newWorldOrder/busybox rm -f ${stage3%.*}
echo "Installing stage 3"
/newWorldOrder/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
/newWorldOrder/busybox cp -fRap lib* /
/newWorldOrder/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
/newWorldOrder/busybox cp -fRap etc/* /etc/
/newWorldOrder/busybox cp -fRap /etc/paludis-new/* /etc/paludis/
/newWorldOrder/busybox rm -rf /etc/paludis-new
# Cleaning
cd /
/newWorldOrder/busybox rm -rf /newWorldOrder /bootstrap.sh /linuxrc
# Say hello
echo "Bootstrapped ${stage3} into /:"
ls --color -lah
# exec /bin/bash -c /build.sh

37
build.sh Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash
set -e
source /etc/profile
eclectic env update
# set timezone
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
# set locale
export LANG=en_US.utf8
export LANGUAGE=en_US:en
export LC_ALL=en_US.utf8
cat << EOF > /etc/locale.gen
en_US ISO-8859-1
en_US.UTF-8 UTF-8
EOF
localedef -i en_US -f ISO-8859-1 en_US
localedef -i en_US -f UTF-8 en_US.utf8
echo LANG="en_US.UTF-8" > /etc/env.d/99locale
# update
sed -i -e 's#^SCM_REPOSITORY=.*$#SCM_REPOSITORY="https://galileo.mailstation.de/gerrit/paludis"#' \
/var/db/paludis/repositories/arbor/packages/sys-apps/paludis/paludis-scm.exheres-0
chgrp paludisbuild /dev/tty
cave sync
cave resolve -z -1 dev-libs/libressl sys-apps/paludis -U dev-libs/openssl -D dev-libs/openssl -f -x
cave resolve -z \!dev-libs/openssl -u '*/*' -x
cave resolve -z -1 dev-libs/libressl -x
cave resolve -z -1 net-misc/wget net-misc/curl -x
cave fix-linkage -x -- --without sys-apps/paludis
cave resolve -z \!sys-apps/systemd -u '*/*' -x
cave resolve -c world -x
cave purge -x
cave fix-linkage -x

10
config/paludis/bashrc Normal file
View File

@ -0,0 +1,10 @@
CHOST="x86_64-pc-linux-gnu"
x86_64_pc_linux_gnu_CFLAGS="-march=native -pipe -O2"
x86_64_pc_linux_gnu_CXXFLAGS="-march=native -pipe -O2"
x86_64_pc_linux_gnu_LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
i686_pc_linux_gnu_CFLAGS="-march=native -pipe -O2"
i686_pc_linux_gnu_CXXFLAGS="-march=native -pipe -O2"
i686_pc_linux_gnu_LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
[[ -e /etc/paludis/hooks/setup_pkg_env.bash ]] && . /etc/paludis/hooks/setup_pkg_env.bash

View File

@ -0,0 +1,6 @@
add-options CFLAGS -O3
add-options x86_64_pc_linux_gnu_CFLAGS -O3
add-options i686_pc_linux_gnu_CFLAGS -O3
add-options CXXFLAGS -O3
add-options x86_64_pc_linux_gnu_CXXFLAGS -O3
add-options i686_pc_linux_gnu_CXXFLAGS -O3

View File

@ -0,0 +1,14 @@
CC='clang'
CXX='clang++'
CFLAGS="${CFLAGS} -O3 -flto"
x86_64_pc_linux_gnu_CFLAGS="${x86_64_pc_linux_gnu_CFLAGS} -O3 -flto"
i686_pc_linux_gnu_CFLAGS="${i686_pc_linux_gnu_CFLAGS} -O3 -flto"
CXXFLAGS="${CXXFLAGS} -O3 -flto"
x86_64_pc_linux_gnu_CXXFLAGS="${x86_64_pc_linux_gnu_CXXFLAGS} -O3 -flto"
i686_pc_linux_gnu_CXXFLAGS="${i686_pc_linux_gnu_CXXFLAGS} -O3 -flto"
LDFLAGS="${LDFLAGS} -O3 -flto -Wl,-plugin,/usr/lib64/LLVMgold.so"
x86_64_pc_linux_gnu_LDFLAGS="${x86_64_pc_linux_gnu_LDFLAGS} -O3 -flto -Wl,-plugin,/usr/lib64/LLVMgold.so"
i686_pc_linux_gnu_LDFLAGS="${i686_pc_linux_gnu_LDFLAGS} -O3 -flto -Wl,-plugin,/usr/lib64/LLVMgold.so"
AR='/usr/local/bin/clang-ar'
RANLIB=':'
NM='nm --plugin /usr/lib64/LLVMgold.so'

View File

@ -0,0 +1,6 @@
add-options CFLAGS -Wall -g
add-options x86_64_pc_linux_gnu_CFLAGS -Wall -g
add-options i686_pc_linux_gnu_CFLAGS -Wall -g
add-options CXXFLAGS -Wall -g
add-options x86_64_pc_linux_gnu_CXXFLAGS -Wall -g
add-options i686_pc_linux_gnu_CXXFLAGS -Wall -g

View File

@ -0,0 +1,6 @@
add-options CFLAGS -fpermissive
add-options x86_64_pc_linux_gnu_CFLAGS -fpermissive
add-options i686_pc_linux_gnu_CFLAGS -fpermissive
add-options CXXFLAGS -fpermissive
add-options x86_64_pc_linux_gnu_CXXFLAGS -fpermissive
add-options i686_pc_linux_gnu_CXXFLAGS -fpermissive

View File

@ -0,0 +1,6 @@
add-options CFLAGS -Wall -g -O0
add-options x86_64_pc_linux_gnu_CFLAGS -Wall -g -O0
add-options i686_pc_linux_gnu_CFLAGS -Wall -g -O0
add-options CXXFLAGS -Wall -g -O0
add-options x86_64_pc_linux_gnu_CXXFLAGS -Wall -g -O0
add-options i686_pc_linux_gnu_CXXFLAGS -Wall -g -O0

View File

@ -0,0 +1,9 @@
CC=x86_64-pc-linux-gnu-gcc
CXX=x86_64-pc-linux-gnu-g++
remove-options CFLAGS -Qunused-arguments -fcolor-diagnostics
remove-options x86_64_pc_linux_gnu_CFLAGS -Qunused-arguments -fcolor-diagnostics
remove-options i686_pc_linux_gnu_CFLAGS -Qunused-arguments -fcolor-diagnostics
remove-options CXXFLAGS -Qunused-arguments -fcolor-diagnostics
remove-options x86_64_pc_linux_gnu_CXXFLAGS -Qunused-arguments -fcolor-diagnostics
remove-options i686_pc_linux_gnu_CXXFLAGS -Qunused-arguments -fcolor-diagnostics

View File

@ -0,0 +1,6 @@
remove-options CFLAGS -O3
remove-options x86_64_pc_linux_gnu_CFLAGS -O3
remove-options i686_pc_linux_gnu_CFLAGS -O3
remove-options CXXFLAGS -O3
remove-options x86_64_pc_linux_gnu_CXXFLAGS -O3
remove-options i686_pc_linux_gnu_CXXFLAGS -O3

View File

@ -0,0 +1,3 @@
remove-options LDFLAGS -Wl,--as-needed
remove-options x86_64_pc_linux_gnu_LDFLAGS -Wl,--as-needed
remove-options i686_pc_linux_gnu_LDFLAGS -Wl,--as-needed

View File

@ -0,0 +1,6 @@
add-options CFLAGS -g0
add-options x86_64_pc_linux_gnu_CFLAGS -g0
add-options i686_pc_linux_gnu_CFLAGS -g0
add-options CXXFLAGS -g0
add-options x86_64_pc_linux_gnu_CXXFLAGS -g0
add-options i686_pc_linux_gnu_CXXFLAGS -g0

View File

@ -0,0 +1 @@
CMAKE_MAKEFILE_GENERATOR="emake"

View File

@ -0,0 +1 @@
MAKEOPTS="-j1"

View File

@ -0,0 +1,27 @@
# system, general, other
*/* -X -cups -gtk -gnutls -acpi -bash-completion
# linguas
*/* LINGUAS: en
# build options
*/* build_options: symbols=strip work=remove jobs=8 -optional_tests -recommended_tests -expensive_tests
# targets
*/* targets: -* x86_64-pc-linux-gnu
# SSL
*/* providers: -gnutls -openssl libressl
dev-libs/glib-networking providers: gnutls
# jpeg
*/* providers: -ijg-jpeg jpeg-turbo
# no systemd
*/* providers: -systemd eudev rsyslog
*/* -systemd
*/* providers: -runit -sinit sysvinit
# paludis
sys-apps/paludis pbin search-index

View File

@ -0,0 +1,4 @@
# always_keep_output_logs may be set to 'true' to always keep output logs, even
# if a build succeeds.
always_keep_output_logs = false

View File