Skip to content

Commit

Permalink
Add openresty and mkcert for image allow list
Browse files Browse the repository at this point in the history 
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
  • Loading branch information
@jandubois
jandubois committed Nov 8, 2022
1 parent 83d4d33 commit 6ae64a2
Show file tree
Hide file tree
Showing 7 changed files with 45 additions and 4 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
/rd.yaml
/std.yaml
/nerdctl-*
/openresty-*
/qemu-*
/cri-dockerd-*
22 changes: 19 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,17 @@ ARG BINFMT_IMAGE=tonistiigi/binfmt:latest
FROM ${BINFMT_IMAGE} as binfmt

FROM alpine:${ALPINE_VERSION}
RUN apk add alpine-sdk build-base apk-tools alpine-conf busybox \

ARG ARCH=x86_64
ARG OPENRESTY_VERSION=0.0.1

RUN \
apk add alpine-sdk build-base apk-tools alpine-conf busybox \
fakeroot xorriso squashfs-tools sudo \
mtools dosfstools grub-efi

# syslinux is missing for aarch64
ARG TARGETARCH
RUN if [ "${TARGETARCH}" = "amd64" ]; then apk add syslinux; fi
RUN if [ "${ARCH}" = "x86_64" ]; then apk add syslinux; fi

COPY --from=binfmt /usr/bin /binfmt

Expand All @@ -19,5 +23,17 @@ RUN abuild-keygen -i -a -n
RUN apk update

ADD src/aports /home/build/aports

# add custom OpenResty version with http-proxy-connect module compiled in
ADD openresty-v${OPENRESTY_VERSION}-${ARCH}.tar /home/build/packages/lima

# mkcert is only available in the "testing" repo from the "edge" branch
RUN \
mkdir -p /home/build/packages/lima/${ARCH} && \
cd /home/build/packages/lima/${ARCH} && \
apk fetch mkcert --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing && \
apk index -o APKINDEX.tar.gz *.apk && \
abuild-sign APKINDEX.tar.gz

WORKDIR /home/build/aports/scripts
ENTRYPOINT ["sh", "./mkimage.sh"]
8 changes: 7 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,22 @@ ARCH_ALIAS_aarch64 = arm64
ARCH_ALIAS = $(shell echo "$(ARCH_ALIAS_$(ARCH))")

NERDCTL_VERSION=1.0.0
OPENRESTY_VERSION=0.0.1
QEMU_VERSION=v6.2.0
CRI_DOCKERD_VERSION=0.2.3
CRI_DOCKERD_ORG=Mirantis
BINFMT_IMAGE=tonistiigi/binfmt:qemu-$(QEMU_VERSION)

.PHONY: mkimage
mkimage:
mkimage: openresty-v$(OPENRESTY_VERSION)-$(ARCH).tar
cd src/aports && git fetch && git checkout $(GIT_TAG)
$(DOCKER) build \
--progress plain --no-cache \
--tag mkimage:$(ALPINE_VERSION)-$(ARCH) \
--build-arg ALPINE_VERSION=$(ALPINE_VERSION) \
--build-arg ARCH=$(ARCH) \
--build-arg BINFMT_IMAGE=$(BINFMT_IMAGE) \
--build-arg OPENRESTY_VERSION=$(OPENRESTY_VERSION) \
--platform linux/$(ARCH_ALIAS) \
.

Expand All @@ -46,6 +49,9 @@ iso: nerdctl-$(NERDCTL_VERSION)-$(ARCH) qemu-$(QEMU_VERSION)-copying cri-dockerd
nerdctl-$(NERDCTL_VERSION)-$(ARCH):
curl -o $@ -Ls https://github.com/containerd/nerdctl/releases/download/v$(NERDCTL_VERSION)/nerdctl-full-$(NERDCTL_VERSION)-linux-$(ARCH_ALIAS).tar.gz

openresty-v$(OPENRESTY_VERSION)-$(ARCH).tar:
curl -o $@ -Ls https://github.com/rancher-sandbox/openresty-packaging/releases/download/v$(OPENRESTY_VERSION)/$@

qemu-$(QEMU_VERSION)-copying:
curl -o $@ -Ls https://raw.githubusercontent.com/qemu/qemu/$(QEMU_VERSION)/COPYING

Expand Down
2 changes: 2 additions & 0 deletions edition/min
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,9 @@ export LIMA_INSTALL_CRI_DOCKERD=false
export LIMA_INSTALL_IPTABLES=false
export LIMA_INSTALL_LIMA_INIT=false
export LIMA_INSTALL_LOGROTATE=false
export LIMA_INSTALL_MKCERT=false
export LIMA_INSTALL_NERDCTL=false
export LIMA_INSTALL_OPENRESTY=false
export LIMA_INSTALL_OPENSSH_SFTP_SERVER=false
export LIMA_INSTALL_SSHFS=false
export LIMA_INSTALL_ZSTD=false
2 changes: 2 additions & 0 deletions edition/rd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@ LIMA_INSTALL_GIT=true
LIMA_INSTALL_IPTABLES=true
LIMA_INSTALL_LIMA_INIT=true
LIMA_INSTALL_LOGROTATE=true
LIMA_INSTALL_MKCERT=true
LIMA_INSTALL_NERDCTL=true
LIMA_INSTALL_OPENRESTY=true
LIMA_INSTALL_OPENSSH_SFTP_SERVER=true
LIMA_INSTALL_SSHFS=true
LIMA_INSTALL_ZSTD=true
8 changes: 8 additions & 0 deletions genapkovl-lima.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,10 @@ if [ "${LIMA_INSTALL_IPTABLES}" == "true" ] || [ "${LIMA_INSTALL_NERDCTL}" == "t
echo "iptables ip6tables" >> "$tmp"/etc/apk/world
fi

if [ "${LIMA_INSTALL_MKCERT}" == "true" ]; then
echo "mkcert" >> "$tmp"/etc/apk/world
fi

if [ "${LIMA_INSTALL_NERDCTL}" == "true" ]; then
mkdir -p "${tmp}/nerdctl"
tar xz -C "${tmp}/nerdctl" -f /home/build/nerdctl.tar.gz
Expand All @@ -261,6 +265,10 @@ if [ "${LIMA_INSTALL_NERDCTL}" == "true" ]; then
done
fi

if [ "${LIMA_INSTALL_OPENRESTY}" == "true" ]; then
echo "openresty" >> "$tmp"/etc/apk/world
fi

if [ "${LIMA_INSTALL_OPENSSH_SFTP_SERVER}" == "true" ]; then
echo "openssh-sftp-server" >> "$tmp"/etc/apk/world
fi
Expand Down
6 changes: 6 additions & 0 deletions mkimg.lima.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,12 @@ profile_lima() {
if [ "${LIMA_INSTALL_LOGROTATE}" == "true" ]; then
apks="$apks logrotate"
fi
if [ "${LIMA_INSTALL_MKCERT}" == "true" ]; then
apks="$apks mkcert"
fi
if [ "${LIMA_INSTALL_OPENRESTY}" == "true" ]; then
apks="$apks openresty"
fi
if [ "${LIMA_INSTALL_OPENSSH_SFTP_SERVER=true}" == "true" ]; then
apks="$apks openssh-sftp-server"
fi
Expand Down

0 comments on commit 6ae64a2

Please sign in to comment.