From 79999f3c7e586ef97ddc17d1665a1b3956efc102 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Tue, 1 Apr 2025 06:02:04 +0000 Subject: [PATCH] Dockerfile: fix rootfs container generation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently several rootfs containers are failing to build, as the buildbot user doesn't exists in those FROM:scratch containers: /usr/bin/docker buildx build (snip) --build-arg USER=root --build-arg BASE_IMAGE=scratch (snip) ...snip... #2 [1/5] ADD --chown=buildbot:buildbot keys/*.asc /builder/keys/ #2 ERROR: invalid user index: -1 So lets fix it by avoiding need for ownership and simply import the keys through pipe. Move the gpg key import into setup.sh script as well, since this is the place where the keys are being used. Also add a new Dockerfile.rootfs that must be used to generate a rootfs container as the generic Dockerfile is not able to build the rootfs image. Fixes: 9b55784b18f8 ("BREAKING: use setup.sh instead of Dockerfile") References: https://github.com/openwrt/routing/pull/1107#issuecomment-2768156513 References: https://github.com/openwrt/docker/actions/runs/14165468179/job/39681375639#step:9:243 Link: https://github.com/openwrt/docker/pull/161 Acked-by: Paul Spooren Signed-off-by: Petr Štetiar --- .github/workflows/containers.yml | 1 + Dockerfile | 4 +--- Dockerfile.rootfs | 35 ++++++++++++++++++++++++++++++++ setup.sh | 1 + 4 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 Dockerfile.rootfs diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index ad0b0cf..f351ef2 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -421,6 +421,7 @@ jobs: push: false tags: ${{ steps.meta.outputs.tags }} load: true + file: Dockerfile.rootfs build-args: ${{ steps.build_args.outputs.args }} labels: ${{ steps.meta.outputs.labels }} platforms: linux/${{ matrix.arch }} diff --git a/Dockerfile b/Dockerfile index 75a021f..b1ae5d5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,9 +18,7 @@ ENV VERSION_PATH=$VERSION_PATH USER $USER WORKDIR $WORKDIR -ADD --chown=buildbot:buildbot keys/*.asc /builder/keys/ -RUN gpg --import /builder/keys/*.asc && rm -rf /builder/keys/ - +ADD keys/*.asc /builder/keys/ COPY --chmod=0755 setup.sh /builder/setup.sh ARG RUN_SETUP=0 diff --git a/Dockerfile.rootfs b/Dockerfile.rootfs new file mode 100644 index 0000000..1157520 --- /dev/null +++ b/Dockerfile.rootfs @@ -0,0 +1,35 @@ +FROM ghcr.io/openwrt/buildbot/buildworker-v3.11.8:v21 as builder + +ARG DOWNLOAD_FILE="imagebuilder-.*x86_64.tar.[xz|zst]" +ARG TARGET=x86/64 +ARG FILE_HOST=downloads.openwrt.org +ARG VERSION_PATH + +ENV DOWNLOAD_FILE=$DOWNLOAD_FILE +ENV TARGET=$TARGET +ENV FILE_HOST=$FILE_HOST +ENV VERSION_PATH=$VERSION_PATH + +USER root +WORKDIR /builder/rootfs + +ADD keys/*.asc /builder/keys/ +COPY --chmod=0755 setup.sh /builder/setup.sh + +RUN /builder/setup.sh + +FROM scratch + +ARG CMD=/bin/ash +ARG USER=root + +ENV CMD=$CMD +ENV USER=$USER + +COPY --from=builder /builder/rootfs/ / + +ENTRYPOINT [ ] + +# required to have CMD as ENV to be executed +ENV CMD_ENV=${CMD} +CMD ${CMD_ENV} \ No newline at end of file diff --git a/setup.sh b/setup.sh index e1f7b88..45d8e65 100644 --- a/setup.sh +++ b/setup.sh @@ -10,6 +10,7 @@ DOWNLOAD_PATH="$VERSION_PATH/targets/$TARGET" wget "$UPSTREAM_URL/$DOWNLOAD_PATH/sha256sums" -O sha256sums wget "$UPSTREAM_URL/$DOWNLOAD_PATH/sha256sums.asc" -O sha256sums.asc +cat /builder/keys/*.asc | gpg --import && rm -rf /builder/keys/ gpg --with-fingerprint --verify sha256sums.asc sha256sums # determine archive name