particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Better support distrobox (#160)

Browse source 
We will now have a dedicated alpine based `distrobox` image. Due to
restrictions in how the `/tmp` directory in a `distrobox` image works,
it will not play nicely with generating a local tarball for rebasing a
locally built image. Going further into fixing this would required a
rootful setup and I'd rather leave the `distrobox` method as an easy way
to try out building a recipe for users who are not booted on a
`bluebuild` image.

Extra packages are installed to make the `distrobox` setup quicker and a
`distrobox.ini` file is provided to easily create the container and
export the CLI for use on the host machine. The `podman` binary is
passed into the `distrobox` container so that all images that are built
will be accessible locally and allows rootless operation without extra
setup.
This commit is contained in:
Gerald Pinder 2024-11-24 11:50:38 -05:00 committed by GitHub
parent 0de0417515
commit 367359e8ea
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 83 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Dockerfile.alpine
View file

@ -1,8 +0,0 @@
ARG BASE_IMAGE="alpine"
FROM $BASE_IMAGE
RUN apk update && apk add buildah podman skopeo fuse-overlayfs gpg tini dumb-init git
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
STOPSIGNAL SIGTERM

21
Dockerfile.fedora
View file

@ -1,21 +0,0 @@
ARG BASE_IMAGE="registry.fedoraproject.org/fedora-toolbox:40"
FROM $BASE_IMAGE
RUN dnf -y install dnf-plugins-core \
&& dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo \
&& dnf install --refresh -y \
docker-ce \
docker-ce-cli \
containerd.io \
docker-buildx-plugin \
docker-compose-plugin \
buildah \
podman \
skopeo \
gpg \
dumb-init \
git
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
STOPSIGNAL SIGTERM

60
Earthfile
View file

@ -18,12 +18,12 @@ run-checks:
build-images: build-images:
BUILD +blue-build-cli BUILD +blue-build-cli
BUILD +blue-build-cli-alpine BUILD +blue-build-cli-distrobox
BUILD +installer BUILD +installer
prebuild: prebuild:
BUILD +blue-build-cli-prebuild BUILD +blue-build-cli-prebuild
BUILD +blue-build-cli-alpine-prebuild BUILD +blue-build-cli-distrobox-prebuild
lint: lint:
FROM +common FROM +common
@ -110,22 +110,39 @@ build-scripts:
DO --pass-args +SAVE_IMAGE --IMAGE="$IMAGE/build-scripts" DO --pass-args +SAVE_IMAGE --IMAGE="$IMAGE/build-scripts"
blue-build-cli-prebuild: blue-build-cli-prebuild:
ARG BASE_IMAGE="registry.fedoraproject.org/fedora-toolbox:40" ARG BASE_IMAGE="registry.fedoraproject.org/fedora-toolbox"
FROM DOCKERFILE -f Dockerfile.fedora . FROM "$BASE_IMAGE"
RUN dnf -y install dnf-plugins-core \
&& dnf config-manager addrepo \
--from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo \
&& dnf install --refresh -y docker-ce docker-ce-cli containerd.io \
docker-buildx-plugin docker-compose-plugin \
buildah podman skopeo dumb-init git
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
COPY --platform=native (+digest/base-image-digest --BASE_IMAGE=$BASE_IMAGE) /base-image-digest COPY --platform=native (+digest/base-image-digest --BASE_IMAGE=$BASE_IMAGE) /base-image-digest
LABEL org.opencontainers.image.base.name="$BASE_IMAGE" LABEL org.opencontainers.image.base.name="$BASE_IMAGE"
LABEL org.opencontainers.image.base.digest="$(cat /base-image-digest)" LABEL org.opencontainers.image.base.digest="$(cat /base-image-digest)"
COPY +cosign/cosign /usr/bin/cosign COPY +cosign/cosign /usr/bin/cosign
ARG EARTHLY_GIT_HASH ARG EARTHLY_GIT_HASH
ARG TARGETARCH ARG TARGETARCH
SAVE IMAGE --push "$IMAGE:$EARTHLY_GIT_HASH-prebuild-$TARGETARCH" SAVE IMAGE --push "$IMAGE:$EARTHLY_GIT_HASH-prebuild-$TARGETARCH"
blue-build-cli: blue-build-cli:
ARG EARTHLY_GIT_HASH FROM alpine
ARG RELEASE="true"
ARG TARGETARCH ARG TARGETARCH
FROM "$IMAGE:$EARTHLY_GIT_HASH-prebuild-$TARGETARCH"
IF [ "$RELEASE" = "true" ]
ARG EARTHLY_GIT_HASH
FROM "$IMAGE:$EARTHLY_GIT_HASH-prebuild-$TARGETARCH"
ELSE
FROM +blue-build-cli-prebuild
END
IF [ "$TARGETARCH" = "arm64" ] IF [ "$TARGETARCH" = "arm64" ]
DO --pass-args +INSTALL --OUT_DIR="/usr/bin/" --BUILD_TARGET="aarch64-unknown-linux-gnu" DO --pass-args +INSTALL --OUT_DIR="/usr/bin/" --BUILD_TARGET="aarch64-unknown-linux-gnu"
@ -139,9 +156,24 @@ blue-build-cli:
DO --pass-args +SAVE_IMAGE DO --pass-args +SAVE_IMAGE
blue-build-cli-alpine-prebuild: blue-build-cli-distrobox-prebuild:
ARG BASE_IMAGE="alpine" ARG BASE_IMAGE="alpine"
FROM DOCKERFILE -f Dockerfile.alpine . FROM $BASE_IMAGE
RUN apk update && apk add --no-cache \
alpine-base git dumb-init buildah \
podman skopeo bash-completion docs \
gcompat libc-utils lsof man-pages \
mandoc musl-utils openssh-client-default \
pinentry tar vte3 which \
bash bc bzip2 coreutils curl diffutils findmnt \
findutils gnupg gpg iproute2 iputils keyutils \
less libcap ncurses ncurses-terminfo net-tools \
pigz rsync shadow sudo tcpdump tree tzdata unzip \
util-linux util-linux-misc vulkan-loader wget \
xauth xz zip procps
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
COPY --platform=native (+digest/base-image-digest --BASE_IMAGE=$BASE_IMAGE) /base-image-digest COPY --platform=native (+digest/base-image-digest --BASE_IMAGE=$BASE_IMAGE) /base-image-digest
LABEL org.opencontainers.image.base.name="$BASE_IMAGE" LABEL org.opencontainers.image.base.name="$BASE_IMAGE"
@ -151,12 +183,12 @@ blue-build-cli-alpine-prebuild:
ARG EARTHLY_GIT_HASH ARG EARTHLY_GIT_HASH
ARG TARGETARCH ARG TARGETARCH
SAVE IMAGE --push "$IMAGE:$EARTHLY_GIT_HASH-alpine-prebuild-$TARGETARCH" SAVE IMAGE --push "$IMAGE:$EARTHLY_GIT_HASH-distrobox-prebuild-$TARGETARCH"
blue-build-cli-alpine: blue-build-cli-distrobox:
ARG EARTHLY_GIT_HASH ARG EARTHLY_GIT_HASH
ARG TARGETARCH ARG TARGETARCH
FROM "$IMAGE:$EARTHLY_GIT_HASH-alpine-prebuild-$TARGETARCH" FROM "$IMAGE:$EARTHLY_GIT_HASH-distrobox-prebuild-$TARGETARCH"
IF [ "$TARGETARCH" = "arm64" ] IF [ "$TARGETARCH" = "arm64" ]
DO --pass-args +INSTALL --OUT_DIR="/usr/bin/" --BUILD_TARGET="aarch64-unknown-linux-musl" DO --pass-args +INSTALL --OUT_DIR="/usr/bin/" --BUILD_TARGET="aarch64-unknown-linux-musl"
@ -164,11 +196,7 @@ blue-build-cli-alpine:
DO --pass-args +INSTALL --OUT_DIR="/usr/bin/" --BUILD_TARGET="x86_64-unknown-linux-musl" DO --pass-args +INSTALL --OUT_DIR="/usr/bin/" --BUILD_TARGET="x86_64-unknown-linux-musl"
END END
RUN mkdir -p /bluebuild DO --pass-args +SAVE_IMAGE --SUFFIX="-distrobox"
WORKDIR /bluebuild
CMD ["bluebuild"]
DO --pass-args +SAVE_IMAGE --SUFFIX="-alpine"
installer: installer:
ARG BASE_IMAGE="alpine" ARG BASE_IMAGE="alpine"

48
README.md
View file

@ -18,6 +18,8 @@ The `bluebuild` tool takes advantage of newer build features. Specifically bind,
## Installation ## Installation
Every image created with `bluebuild` comes with the CLI installed. If you have not built and booted a `bluebuild` created image, you can follow these instructions to install it.
### Cargo ### Cargo
This is the best way to install as it gives you the opportunity to build for your specific environment. This is the best way to install as it gives you the opportunity to build for your specific environment.
@ -28,7 +30,7 @@ cargo install --locked blue-build
### Podman/Docker ### Podman/Docker
This will install the binary on your system in `/usr/local/bin`. This is only a `linux-gnu` version. This will install the binary on your system in `/usr/local/bin`.
```bash ```bash
podman run --pull always --rm ghcr.io/blue-build/cli:latest-installer | bash podman run --pull always --rm ghcr.io/blue-build/cli:latest-installer | bash
@ -46,41 +48,15 @@ bash <(curl -s https://raw.githubusercontent.com/blue-build/cli/main/install.sh)
### Distrobox ### Distrobox
[distrobox-export-documentation]: https://distrobox.it/usage/distrobox-export/ We package an `alpine` image with all the tools needed to run `bluebuild`. You can use `distrobox` to run the application without needing to install it on your machine. You can clone this repo locally and run:
We package a `fedora-toolbox` and `alpine` image with all the tools needed to run `bluebuild`. You can use `distrobox` to run the application without needing to install it on your machine.
```bash ```bash
# fedora-toolbox distrobox assemble create
distrobox create blue-build --image ghcr.io/blue-build/cli
# alpine
distrobox create blue-build --image ghcr.io/blue-build/cli:latest-alpine
``` ```
By default, the bluebuild commands will not be visible outside of the distrobox itself. You will need to **enter** the distrobox, and either run the commands from inside the distrobox, or **export** the distrobox commands for use outside the distrobox. This will export `bluebuild` to your local machine and allow you to build images and test out your recipes. For security reasons, we keep this as a rootless image which means you will not be able to use this method to locally rebase to an image. If you want that capability, you should install the CLI tool directly.
Refer to the [distrobox documentation][distrobox-export-documentation] for more information. Refer to the [distrobox documentation](https://distrobox.it/usage/distrobox-export/) for more information.
#### Running commands from within distrobox
```bash
[user@host]$ bluebuild help
ERROR
[user@host]$ distrobox enter blue-build
[user@blue-build]$ bluebuild help
A CLI tool built for creating Containerfile templates based on the Ublue Community Project
...
```
#### Exporting commands to run outside distrobox
```bash
[user@blue-build]$ distrobox-export --bin $(which bluebuild)
[user@blue-build]$ exit
[user@host]$ bluebuild help
A CLI tool built for creating Containerfile templates based on the Ublue Community Project
...
```
### Nix Flake ### Nix Flake
@ -167,7 +143,7 @@ $ bluebuild # press <Tab>
-h --quiet build rebase help -h --quiet build rebase help
``` ```
Currently, bluebuild completions are available for `bash`, `zsh`, `fish`, `powershell`, and `elvish` shell environments. Currently, bluebuild completions are available for `bash`, `zsh`, `fish`, `powershell`, and `elvish` shell environments. Please follow your shell's documentation for completion scripts.
#### Local Builds #### Local Builds
@ -290,11 +266,3 @@ build-image:
- sleep 5 # Wait a bit for the docker-in-docker service to start - sleep 5 # Wait a bit for the docker-in-docker service to start
- bluebuild build --push ./recipes/$RECIPE - bluebuild build --push ./recipes/$RECIPE
``` ```
## Future Features
- Stages for parallel building (useful for compiling programs for your image)
- Automatic download and management of image keys for seamless signed image rebasing
- Module command for easy 3rd party plugin management
- Create an init command to create a repo for you to start out
- Setup the project to allow installing with `cargo-binstall`

7
distrobox.ini Normal file
View file

@ -0,0 +1,7 @@
[bluebuild]
image=ghcr.io/blue-build/cli:latest-distrobox
exported_bins=/usr/bin/bluebuild
init_hooks=ln -sf /usr/bin/distrobox-host-exec /usr/local/bin/podman
pull=true
replace=true
start_now=true

8
integration-tests/Earthfile
View file

@ -125,8 +125,7 @@ init:
--no-git --no-git
legacy-base: legacy-base:
FROM ../+blue-build-cli-alpine --RELEASE=false FROM ../+blue-build-cli --RELEASE=false
RUN apk update --no-cache && apk add bash grep jq sudo coreutils
ENV BB_TEST_LOCAL_IMAGE=/etc/bluebuild/cli_test-legacy.tar.gz ENV BB_TEST_LOCAL_IMAGE=/etc/bluebuild/cli_test-legacy.tar.gz
ENV CLICOLOR_FORCE=1 ENV CLICOLOR_FORCE=1
@ -140,9 +139,8 @@ legacy-base:
DO +GEN_KEYPAIR DO +GEN_KEYPAIR
test-base: test-base:
FROM ../+blue-build-cli-alpine --RELEASE=false FROM ../+blue-build-cli --RELEASE=false
RUN apk update --no-cache && apk add bash grep jq sudo coreutils git && \ RUN git config --global user.email "you@example.com" && \
git config --global user.email "you@example.com" && \
git config --global user.name "Your Name" git config --global user.name "Your Name"
ENV BB_TEST_LOCAL_IMAGE=/etc/bluebuild/cli_test.tar.gz ENV BB_TEST_LOCAL_IMAGE=/etc/bluebuild/cli_test.tar.gz

21
integration-tests/mock-scripts/docker Normal file
View file

@ -0,0 +1,21 @@
#!/bin/bash
print_version_json() {
local version="24.0.0"
printf '{"Client":{"Version": "%s"}}\n' "$version"
}
main() {
if [[ "$1" == "version" && "$2" == "-f" && "$3" == "json" ]]; then
print_version_json
elif [[ "$1" == "build" && "$7" == *"cli_test.tar.gz" ]]; then
tarpath=$(echo "$7" | awk -F ':' '{print $2}')
echo "Exporting image to a tarball (JK JUST A MOCK!)"
echo "${tarpath}"
touch $tarpath
else
echo 'Running docker'
fi
}
main "$@"