From bcff43109897f35087f9a0676d0b1f7a79244345 Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Tue, 9 Jul 2019 14:29:08 +0200 Subject: [PATCH] init Initial push to use openwrtorg. Generatres rootfs, sdk and imagebuilder for now. Signed-off-by: Paul Spooren --- .circleci/config.yml | 50 ++++++++++++++++++++++++++ .gitignore | 1 + Dockerfile.imagebuilder | 14 ++++++++ Dockerfile.rootfs | 13 +++++++ Dockerfile.sdk | 14 ++++++++ README.md | 76 +++++++++++++++++++++++++++++++++++++++ docker-common.sh | 18 ++++++++++ docker-imagebuilder.sh | 38 ++++++++++++++++++++ docker-rootfs.sh | 40 +++++++++++++++++++++ docker-sdk.sh | 49 +++++++++++++++++++++++++ rootfs/etc/config/network | 13 +++++++ rootfs/etc/inittab | 7 ++++ 12 files changed, 333 insertions(+) create mode 100644 .circleci/config.yml create mode 100644 .gitignore create mode 100644 Dockerfile.imagebuilder create mode 100644 Dockerfile.rootfs create mode 100644 Dockerfile.sdk create mode 100644 README.md create mode 100644 docker-common.sh create mode 100644 docker-imagebuilder.sh create mode 100644 docker-rootfs.sh create mode 100644 docker-sdk.sh create mode 100644 rootfs/etc/config/network create mode 100644 rootfs/etc/inittab diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..b43d078 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,50 @@ +version: 2 +jobs: + rootfs-snapshot: + machine: true + steps: + - checkout + - run: bash docker-common.sh + - run: + name: Create snapshot Rootfs container + command: bash docker-rootfs.sh + environment: + DOCKER_IMAGE: "openwrtorg/rootfs" + TARGETS: "x86-64 armvirt-32 armvirt-64" + imagebuilder-snapshot: + machine: true + steps: + - checkout + - run: bash docker-common.sh + - run: + name: Create snapshot ImageBuilder container + command: bash docker-imagebuilder.sh + environment: + DOCKER_IMAGE: "openwrtorg/imagebuilder" + TARGETS: "cns3xxx-generic mvebu-cortexa53 mvebu-cortexa72 mvebu-cortexa9 ipq40xx-generic ipq806x-generic layerscape-armv7 layerscape-armv8_32b layerscape-armv8_64b imx6-generic octeontx-generic sunxi-cortexa8 sunxi-cortexa53 sunxi-cortexa7 ppc44x-generic bcm53xx-generic brcm47xx-mips74k brcm47xx-generic brcm47xx-legacy ath79-nand ath79-generic ath79-tiny ath25-generic mcs814x-generic ar7-ac49x ar7-generic kirkwood-generic apm821xx-sata apm821xx-nand ramips-rt305x ramips-rt3883 ramips-mt76x8 ramips-mt7620 ramips-rt288x ramips-mt7621 au1000-au1550 au1000-au1500 pistachio-generic gemini-wiligear gemini-generic gemini-raidsonic brcm2708-bcm2708 brcm2708-bcm2709 brcm2708-bcm2710 x86-geode x86-generic x86-legacy x86-64 lantiq-xway_legacy lantiq-xrx200 lantiq-ase lantiq-falcon lantiq-xway mediatek-mt7622 mediatek-mt7623 mediatek-32 mpc85xx-p1020 mpc85xx-p2020 mpc85xx-generic tegra-generic zynq-generic archs38-generic ixp4xx-harddisk ixp4xx-generic mxs-generic oxnas-ox820 octeon-generic armvirt-32 armvirt-64 arc770-generic adm8668-generic xburst-qi_lb60 samsung-s5pv210 omap-generic ar71xx-nand ar71xx-generic ar71xx-tiny ar71xx-mikrotik brcm63xx-generic brcm63xx-smp at91-sama5d3 at91-sama5d4 at91-sam9x at91-sama5 at91-legacy at91-sama5d2 rb532-generic malta-le malta-be malta-be64 malta-le6" + sdk-snapshot: + machine: true + steps: + - checkout + - run: bash docker-common.sh + - run: + name: Create snapshot SDK container + command: bash docker-sdk.sh + environment: + DOCKER_IMAGE: "openwrtorg/sdk" + TARGETS: "cns3xxx-generic mvebu-cortexa53 mvebu-cortexa72 mvebu-cortexa9 ipq40xx-generic ipq806x-generic layerscape-armv7 layerscape-armv8_32b layerscape-armv8_64b imx6-generic octeontx-generic sunxi-cortexa8 sunxi-cortexa53 sunxi-cortexa7 ppc44x-generic bcm53xx-generic brcm47xx-mips74k brcm47xx-generic brcm47xx-legacy ath79-nand ath79-generic ath79-tiny ath25-generic mcs814x-generic ar7-ac49x ar7-generic kirkwood-generic apm821xx-sata apm821xx-nand ramips-rt305x ramips-rt3883 ramips-mt76x8 ramips-mt7620 ramips-rt288x ramips-mt7621 au1000-au1550 au1000-au1500 pistachio-generic gemini-wiligear gemini-generic gemini-raidsonic brcm2708-bcm2708 brcm2708-bcm2709 brcm2708-bcm2710 x86-geode x86-generic x86-legacy x86-64 lantiq-xway_legacy lantiq-xrx200 lantiq-ase lantiq-falcon lantiq-xway mediatek-mt7622 mediatek-mt7623 mediatek-32 mpc85xx-p1020 mpc85xx-p2020 mpc85xx-generic tegra-generic zynq-generic archs38-generic ixp4xx-harddisk ixp4xx-generic mxs-generic oxnas-ox820 octeon-generic armvirt-32 armvirt-64 arc770-generic adm8668-generic xburst-qi_lb60 samsung-s5pv210 omap-generic ar71xx-nand ar71xx-generic ar71xx-tiny ar71xx-mikrotik brcm63xx-generic brcm63xx-smp at91-sama5d3 at91-sama5d4 at91-sam9x at91-sama5 at91-legacy at91-sama5d2 rb532-generic malta-le malta-be malta-be64 malta-le6" + +workflows: + version: 2 + docker: + triggers: + - schedule: + cron: "0 0 * * *" + filters: + branches: + only: + - master + jobs: + - rootfs-snapshot + - imagebuilder-snapshot + - sdk-snapshot diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..213fabf --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +sha256sums* diff --git a/Dockerfile.imagebuilder b/Dockerfile.imagebuilder new file mode 100644 index 0000000..27b0d78 --- /dev/null +++ b/Dockerfile.imagebuilder @@ -0,0 +1,14 @@ +FROM debian:latest + +RUN apt-get update -qq &&\ + apt-get install -y build-essential libncurses5-dev gawk git subversion \ + libssl-dev gettext zlib1g-dev swig unzip python2.7 wget file &&\ + apt-get -y autoremove && apt-get clean + +RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build +COPY --chown=build:build ./imagebuilder /home/build/imagebuilder +RUN chown build:build /home/build/imagebuilder + +USER build +ENV HOME /home/build +WORKDIR /home/build/imagebuilder diff --git a/Dockerfile.rootfs b/Dockerfile.rootfs new file mode 100644 index 0000000..1711098 --- /dev/null +++ b/Dockerfile.rootfs @@ -0,0 +1,13 @@ +FROM scratch + +MAINTAINER Paul Spooren + +ADD ./rootfs-openwrt / + +ADD ./rootfs / + +EXPOSE 80 443 22 + +USER root + +CMD ["/sbin/init"] diff --git a/Dockerfile.sdk b/Dockerfile.sdk new file mode 100644 index 0000000..56737b0 --- /dev/null +++ b/Dockerfile.sdk @@ -0,0 +1,14 @@ +FROM debian:latest + +RUN apt-get update -qq &&\ + apt-get install -y build-essential libncurses5-dev gawk git subversion \ + libssl-dev gettext zlib1g-dev swig unzip python2.7 wget file &&\ + apt-get -y autoremove && apt-get clean + +RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build +COPY --chown=build:build ./sdk /home/build/sdk +RUN chown build:build /home/build/sdk + +USER build +ENV HOME /home/build +WORKDIR /home/build/sdk diff --git a/README.md b/README.md new file mode 100644 index 0000000..152c8a5 --- /dev/null +++ b/README.md @@ -0,0 +1,76 @@ +# OpenWrt Docker repository + +This repository contains scripts to create Docker containers for OpenWrt. The +scripts are run via an CI and upload such containers to docker.io. + +Used variables are `BRANCHES`, `TARGETS`, `DOCKER_USER`, `DOCKER_PASS` and `DOCKER_IMAGE`. + +`$BRANCHES`: space separated list of OpenWrt branches to build ("master 18.06.2 18.06.1") +`$TARGETS`: space separated list of OpenWrt targets to build ("x86-64 ath79-generic") +`$DOCKER_USER`: user to upload +`$DOCKER_PASS`: passwort to upload +`$DOCKER_IMAGE`: image name + +`$BRANCHES` and `$TARGETS` unite to an build matrix. + +See `.circleci/config.yml` for the current setup. + +## `rootfs` + +An unpackaged version of OpenWrt's rootfs for different architectures. The +`./rootfs` folder requires slight modifications to work within Docker, +additional files for the rootfs should be added there before building. + +### Example + + docker run --rm -it openwrtorg/rootfs:x86-64 + +Enjoy a local OpenWrt container with internet access. Once closed the image is +removed. + +### Tags + +* x86-64 +* armvirt-32 +* armvirt-64 + +## `sdk` + +Contains the OpenWrt SDK based on a `debian:latest` container with required +packages preinstalled. This can be usefull when building packages on MacOS X, +Windows or via CI. + +### Example + + docker run --rm -v ./bin/:/home/build/sdk/bin -it openwrtorg/sdk:x86-64 + # within the Docker container + ./scripts/feeds update base + make defconfig + ./scripts/feeds install firewall + make package/firewall/{clean,compile} -j$(nproc) + +Enjoy a local OpenWrt SDK container building the `firewall3` package and but the +binary in hosts `./bin` folder. + +### Tags + +All currently available SDKs via lower case `-` + +## `imagebuilder` + +Contains the OpenWrt ImageBuilder based on a `debian:latest` container with +required packages preinstalled. This can be usefull when creating images on +MacOS X, Windows or via CI. + +### Example + + docker run --rm -v ./bin/:/home/build/imagebuilder/bin -it openwrtorg/imagebuilder:x86-64 + # within the Docker container + make image + +Enjoy a local OpenWrt ImageBuilder container building an image for x86/64 and +store the binary in hosts `./bin` folder. + +### Tags + +All currently available ImageBuilders via lower case `-` diff --git a/docker-common.sh b/docker-common.sh new file mode 100644 index 0000000..a2fc2a1 --- /dev/null +++ b/docker-common.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -e +set -x + +docker login -u $DOCKER_USER -p $DOCKER_PASS + +# LEDE Build System (LEDE GnuPG key for unattended build jobs) +curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \ + && echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust + +# LEDE Release Builder (17.01 "Reboot" Signing Key) +curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/D52BBB6B.asc' | gpg --import \ + && echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust + +# OpenWrt Release Builder (18.06 Signing Key) +curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/17E1CE16.asc' | gpg --import \ + && echo '6768C55E79B032D77A28DA5F0F20257417E1CE16:6:' | gpg --import-ownertrust diff --git a/docker-imagebuilder.sh b/docker-imagebuilder.sh new file mode 100644 index 0000000..8c31378 --- /dev/null +++ b/docker-imagebuilder.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +TARGETS="${TARGETS:-x86-64}" +BRANCHES="${BRANCHES:-master}" +DOCKER_IMAGE="${DOCKER_IMAGE:-openwrt-imagebuilder}" + +for TARGET in $TARGETS ; do + export IMAGEBUILDER_FILE="openwrt-imagebuilder*x86_64.tar.xz" + for BRANCH in $BRANCHES; do + if [ "$BRANCH" == "master" ]; then + export IMAGEBUILDER_PATH="snapshots/targets/$(echo $TARGET | tr '-' '/')" + else + export IMAGEBUILDER_PATH="releases/$BRANCH/targets/$(echo $TARGET | tr '-' '/')" + fi + + curl "https://downloads.openwrt.org/$IMAGEBUILDER_PATH/sha256sums" -sS -o sha256sums + curl "https://downloads.openwrt.org/$IMAGEBUILDER_PATH/sha256sums.asc" -sS -o sha256sums.asc + gpg --with-fingerprint --verify sha256sums.asc sha256sums + rsync -av "downloads.openwrt.org::downloads/$IMAGEBUILDER_PATH/$IMAGEBUILDER_FILE" . || contine # skip uploading if no IB is available + cat sha256sums | grep openwrt-imagebuilder > sha256sums_imagebuilder + sha256sum -c sha256sums_imagebuilder + + mkdir -p ./imagebuilder + tar Jxf $IMAGEBUILDER_FILE --strip=1 -C ./imagebuilder + rm -rf $IMAGEBUILDER_FILE + + docker build -t $DOCKER_IMAGE:$TARGET-$BRANCH -f Dockerfile.imagebuilder . + + rm -rf ./imagebuilder + + if [ "$BRANCH" == "master" ]; then + docker tag $DOCKER_IMAGE:$TARGET-$BRANCH $DOCKER_IMAGE:$TARGET + docker push $DOCKER_IMAGE:$TARGET + else + docker push $DOCKER_IMAGE:$TARGET-$BRANCH + fi + done +done diff --git a/docker-rootfs.sh b/docker-rootfs.sh new file mode 100644 index 0000000..3417b8c --- /dev/null +++ b/docker-rootfs.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +TARGETS="${TARGETS:-x86-64}" +BRANCHES="${BRANCHES:-master}" +DOCKER_IMAGE="${DOCKER_IMAGE:-openwrt-rootfs}" + +for TARGET in $TARGETS ; do + export ROOTFS_FILE="openwrt-*-rootfs.tar.gz" + for BRANCH in $BRANCHES; do + export ROOTFS_PATH="snapshots/targets/$(echo $TARGET | tr '-' '/')" + + # download and verify checksums + curl "https://downloads.openwrt.org/$ROOTFS_PATH/sha256sums" -sS -o sha256sums + curl "https://downloads.openwrt.org/$ROOTFS_PATH/sha256sums.asc" -sS -o sha256sums.asc + gpg --with-fingerprint --verify sha256sums.asc sha256sums + + # download file or skip if not available + rsync -av "downloads.openwrt.org::downloads/$ROOTFS_PATH/$ROOTFS_FILE" . || contine + + # shrink checksum file to single desired file and verify downloaded archive + cat sha256sums | grep generic-rootfs > sha256sums_rootfs + sha256sum -c sha256sums_rootfs + + mkdir -p ./rootfs-openwrt + tar xzf $ROOTFS_FILE -C ./rootfs-openwrt + rm -rf $ROOTFS_FILE + + docker build -t $DOCKER_IMAGE:$TARGET-$BRANCH -f Dockerfile.rootfs . + + rm -rf ./rootfs-openwrt + + # snapshot don't get master attached to tag + if [ "$BRANCH" == "master" ]; then + docker tag $DOCKER_IMAGE:$TARGET-$BRANCH $DOCKER_IMAGE:$TARGET + docker push $DOCKER_IMAGE:$TARGET + else + docker push $DOCKER_IMAGE:$TARGET-$BRANCH + fi + done +done diff --git a/docker-sdk.sh b/docker-sdk.sh new file mode 100644 index 0000000..497769d --- /dev/null +++ b/docker-sdk.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +TARGETS="${TARGETS:-x86-64}" +BRANCHES="${BRANCHES:-master}" +DOCKER_IMAGE="${DOCKER_IMAGE:-openwrt-sdk}" + +for TARGET in $TARGETS ; do + SDK_FILE="openwrt-sdk-*.Linux-x86_64.tar.xz" + for BRANCH in $BRANCHES; do + if [ "$BRANCH" == "master" ]; then + SDK_PATH="snapshots/targets/$(echo $TARGET | tr '-' '/')" + BRANCH_FEEDS="$BRANCH" + else + SDK_PATH="releases/$BRANCH/targets/$(echo $TARGET | tr '-' '/')" + BRANCH_FEEDS="openwrt-$BRANCH" + fi + + curl "https://downloads.openwrt.org/$SDK_PATH/sha256sums" -sS -o sha256sums + curl "https://downloads.openwrt.org/$SDK_PATH/sha256sums.asc" -sS -o sha256sums.asc + gpg --with-fingerprint --verify sha256sums.asc sha256sums + rsync -av "downloads.openwrt.org::downloads/$SDK_PATH/$SDK_FILE" . || continue # skip uploading if no SDK is available + cat sha256sums | grep openwrt-sdk > sha256sums_sdk + sha256sum -c sha256sums_sdk + + mkdir -p ./sdk + tar Jxf $SDK_FILE --strip=1 -C ./sdk + rm -rf $SDK_FILE + + # use GitHub instead of git.openwrt.org + cat > ./sdk/feeds.conf <