d0e1b7c8d1
I've been investigating more into how ostree works and how it relates to running `ostree container commit` for each layer. I've decided to move our pre-installed bins and public keys into their own stages and then bind mount them into a `RUN` instruction so that we can just use `cp` to get the files into the image and then call `ostree container commit`. Now all of our layers in the image (after the base image) will be in the ostree commit tree.
37 lines
1.4 KiB
Django/Jinja
37 lines
1.4 KiB
Django/Jinja
# Key RUN
|
|
RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys \
|
|
cp /tmp/keys/* /usr/etc/pki/containers/ \
|
|
&& ostree container commit
|
|
|
|
# Bin RUN
|
|
RUN --mount=type=bind,from=stage-bins,src=/bins,dst=/tmp/bins \
|
|
cp /tmp/bins/* /usr/bin/ \
|
|
&& ostree container commit
|
|
|
|
# Module RUNs
|
|
{%- for module in recipe.modules_ext.modules %}
|
|
{%- if let Some(type) = module.module_type %}
|
|
{%- if type == "containerfile" %}
|
|
{%- include "modules/containerfile/containerfile.j2" %}
|
|
{%- else %}
|
|
RUN \
|
|
--mount=type=tmpfs,target=/var \
|
|
--mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw \
|
|
{%- if let Some(source) = module.source %}
|
|
--mount=type=bind,from={{ source }},src=/modules,dst=/tmp/modules,rw \
|
|
{%- else %}
|
|
--mount=type=bind,from=stage-modules,src=/modules,dst=/tmp/modules,rw \
|
|
{%- endif %}
|
|
{%- if type == "akmods" %}
|
|
--mount=type=bind,from=stage-akmods-{{ module.generate_akmods_info(os_version).stage_name }},src=/rpms,dst=/tmp/rpms,rw \
|
|
{%- endif %}
|
|
--mount=type=bind,from=stage-exports,src=/exports.sh,dst=/tmp/exports.sh \
|
|
--mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \
|
|
chmod +x /tmp/modules/{{ type }}/{{ type }}.sh \
|
|
&& source /tmp/exports.sh && /tmp/modules/{{ type }}/{{ type }}.sh '{{ module.print_module_context() }}' \
|
|
&& ostree container commit
|
|
{%- endif %}
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
|
|
|