diff options
author | Pavlos Ratis <dastergon@gentoo.org> | 2014-07-12 21:04:48 +0300 |
---|---|---|
committer | Pavlos Ratis <dastergon@gentoo.org> | 2014-07-12 21:04:48 +0300 |
commit | d008f02b29c6ee618b1612a41137fc4e5176cf85 (patch) | |
tree | 963e0f4d020ef44e571f239241dc41a3eb5d031f | |
parent | Merge pull request #5 from gentoo/minor_improvements (diff) | |
download | docker-images-hardened_g.tar.gz docker-images-hardened_g.tar.bz2 docker-images-hardened_g.zip |
add amd64 hardened supporthardened_g
-rw-r--r-- | amd64-hardened/Dockerfile | 38 | ||||
-rwxr-xr-x | amd64-hardened/build.sh | 26 |
2 files changed, 64 insertions, 0 deletions
diff --git a/amd64-hardened/Dockerfile b/amd64-hardened/Dockerfile new file mode 100644 index 0000000..2f7d17a --- /dev/null +++ b/amd64-hardened/Dockerfile @@ -0,0 +1,38 @@ +FROM scratch + +MAINTAINER Gentoo Docker Team + +# This one should be present by running the build.sh script +ADD stage3-amd64-hardened.tar.xz / + +# Setup the (virtually) current runlevel +RUN echo "default" > /run/openrc/softlevel + +# Setup the rc_sys +RUN sed -e 's/#rc_sys=""/rc_sys="lxc"/g' -i /etc/rc.conf + +# Setup the net.lo runlevel +RUN ln -s /etc/init.d/net.lo /run/openrc/started/net.lo + +# Setup the net.eth0 runlevel +RUN ln -s /etc/init.d/net.lo /etc/init.d/net.eth0 +RUN ln -s /etc/init.d/net.eth0 /run/openrc/started/net.eth0 + +# By default, UTC system +RUN echo 'UTC' > /etc/timezone + +# Used when this image is the base of another +# +# Setup the portage directory and permissions +ONBUILD RUN mkdir -p /usr/portage/{distfiles,metadata,packages} +ONBUILD RUN chown -R portage:portage /usr/portage +ONBUILD RUN echo "masters = gentoo" > /usr/portage/metadata/layout.conf + +# Sync portage +ONBUILD RUN emerge-webrsync -q + +# Display some news items +ONBUILD RUN eselect news read new + +# Finalization +ONBUILD RUN env-update diff --git a/amd64-hardened/build.sh b/amd64-hardened/build.sh new file mode 100755 index 0000000..6d444ea --- /dev/null +++ b/amd64-hardened/build.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +die(){ echo "$@" 1>&2; exit 1; } + +base_url="http://distfiles.gentoo.org/releases/amd64/autobuilds" + +latest_stage3=$(curl "${base_url}/latest-stage3-amd64-hardened.txt" 2>/dev/null | grep -v '#') +stage3=$(basename "${latest_stage3}") + +[ ! -f "${stage3}" ] && xz=true || xz=false + +wget -nc "${base_url}/${latest_stage3}" || die "Could not download stage3" +wget -nc "${base_url}/${latest_stage3}.DIGESTS.asc" || die "Could not download digests" +wget -nc "${base_url}/${latest_stage3}.CONTENTS" || die "Could not download contents" +sha512_digests=$(grep -A1 SHA512 "${stage3}.DIGESTS.asc" | grep -v '^--') +gpg --verify "${stage3}.DIGESTS.asc" || die "Insecure digests" +echo "${sha512_digests}" | sha512sum -c || die "Checksum validation failed" + +if [ ${xz} == true ] || [ ! -f stage3-amd64.tar.xz ]; then + echo "Transforming bz2 tarball to xz (golang bug). This will take some time..." + bunzip2 -c "${stage3}" | xz -z > stage3-amd64-hardened.tar.xz || die "Failed to recompress to xz" +fi +echo "I'm done with the stage3." + +echo "Building docker Gentoo image now..." +docker build -t gentoo:latest-hardened . |