Dockerfile: fix rootfs container generation

Currently several rootfs containers are failing to build, as the buildbot user doesn't exists in those FROM:scratch containers: /usr/bin/docker buildx build (snip) --build-arg USER=root --build-arg BASE_IMAGE=scratch (snip) ...snip... #2 [1/5] ADD --chown=buildbot:buildbot keys/*.asc /builder/keys/ #2 ERROR: invalid user index: -1 So lets fix it by avoiding need for ownership and simply import the keys through pipe. Move the gpg key import into setup.sh script as well, since this is the place where the keys are being used. Also add a new Dockerfile.rootfs that must be used to generate a rootfs container as the generic Dockerfile is not able to build the rootfs image. Fixes: 9b55784b18 ("BREAKING: use setup.sh instead of Dockerfile") References: https://github.com/openwrt/routing/pull/1107#issuecomment-2768156513 References: https://github.com/openwrt/docker/actions/runs/14165468179/job/39681375639#step:9:243 Link: https://github.com/openwrt/docker/pull/161 Acked-by: Paul Spooren <mail@aparcar.org> Signed-off-by: Petr Štetiar <ynezz@true.cz>
2025-04-01 06:02:04 +00:00 · 2025-04-01 06:02:04 +00:00 · 79999f3c7e
parent 22cde2e838
commit 79999f3c7e
4 changed files with 38 additions and 3 deletions
--- a/.github/workflows/containers.yml
+++ b/.github/workflows/containers.yml
@ -421,6 +421,7 @@ jobs:
          push: false
          tags: ${{ steps.meta.outputs.tags }}
          load: true
+          file: Dockerfile.rootfs
          build-args: ${{ steps.build_args.outputs.args }}
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/${{ matrix.arch }}
--- a/4
+++ b/4
@ -18,9 +18,7 @@ ENV VERSION_PATH=$VERSION_PATH
 USER $USER
 WORKDIR $WORKDIR

-ADD --chown=buildbot:buildbot keys/*.asc /builder/keys/
-RUN gpg --import /builder/keys/*.asc && rm -rf /builder/keys/
-
+ADD keys/*.asc /builder/keys/
 COPY --chmod=0755 setup.sh /builder/setup.sh

 ARG RUN_SETUP=0
--- a/Dockerfile.rootfs
+++ b/Dockerfile.rootfs
@ -0,0 +1,35 @@
+FROM ghcr.io/openwrt/buildbot/buildworker-v3.11.8:v21 as builder
+
+ARG DOWNLOAD_FILE="imagebuilder-.*x86_64.tar.[xz|zst]"
+ARG TARGET=x86/64
+ARG FILE_HOST=downloads.openwrt.org
+ARG VERSION_PATH
+
+ENV DOWNLOAD_FILE=$DOWNLOAD_FILE
+ENV TARGET=$TARGET
+ENV FILE_HOST=$FILE_HOST
+ENV VERSION_PATH=$VERSION_PATH
+
+USER root
+WORKDIR /builder/rootfs
+
+ADD keys/*.asc /builder/keys/
+COPY --chmod=0755 setup.sh /builder/setup.sh
+
+RUN /builder/setup.sh
+
+FROM scratch
+
+ARG CMD=/bin/ash
+ARG USER=root
+
+ENV CMD=$CMD
+ENV USER=$USER
+
+COPY --from=builder  /builder/rootfs/ /
+
+ENTRYPOINT [ ]
+
+# required to have CMD as ENV to be executed
+ENV CMD_ENV=${CMD}
+CMD ${CMD_ENV}
--- a/setup.sh
+++ b/setup.sh
@ -10,6 +10,7 @@ DOWNLOAD_PATH="$VERSION_PATH/targets/$TARGET"
 wget "$UPSTREAM_URL/$DOWNLOAD_PATH/sha256sums" -O sha256sums
 wget "$UPSTREAM_URL/$DOWNLOAD_PATH/sha256sums.asc" -O sha256sums.asc

+cat /builder/keys/*.asc | gpg --import && rm -rf /builder/keys/
 gpg --with-fingerprint --verify sha256sums.asc sha256sums

 # determine archive name