-
Notifications
You must be signed in to change notification settings - Fork 0
/
Containerfile
62 lines (49 loc) · 2.79 KB
/
Containerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
FROM docker.io/gentoo/portage:20240324 as portage
FROM docker.io/gentoo/stage3:20240318
# copy the entire portage volume in
COPY --from=portage /var/db/repos/gentoo /var/db/repos/gentoo
RUN emerge -v --noreplace dev-vcs/git
RUN emerge -v1u portage
# Pinned commits for the dependency tree state
ARG gentoo_hash=1890d689a91c1c480bbd817c19990db09946def4
ARG science_hash=73916dd3680ffd92e5bd3d32b262e5d78c86a448
ARG FEATURES="-ipc-sandbox -network-sandbox -pid-sandbox"
# This will be bound, and contents available outside of container
RUN mkdir /outputs
COPY .gentoo/portage/ /etc/portage/
COPY .gentoo/overlay/ /var/db/repos/local/
# Moving gentoo repo from default rsync to git
RUN rm /var/db/repos/gentoo -rf
# Disable auto-sync
#RUN sed -i /etc/portage/repos.conf/{gentoo,science} -e "s/sync-type *= *git/sync-type =/g"
# Cloning manually to prevent vdb update, pinning state via git
# Allegedly it's better to chain everything in one command, something with container layers 🤔
RUN \
REPO_URL=$(grep "^sync-uri" /etc/portage/repos.conf/gentoo | sed -e "s/sync-uri *= *//g") && \
mkdir -p /var/db/repos/gentoo && pushd /var/db/repos/gentoo && git init . && \
git remote add origin ${REPO_URL} && \
git fetch --filter="blob:none" origin $gentoo_hash && \
git reset --hard $gentoo_hash && rm .git -rf && popd && \
REPO_URL=$(grep "^sync-uri" /etc/portage/repos.conf/science | sed -e "s/sync-uri *= *//g") && \
mkdir -p /var/db/repos/science && pushd /var/db/repos/science && git init . && \
git remote add origin ${REPO_URL} && \
git fetch --filter="blob:none" origin $science_hash && \
git reset --hard $science_hash && rm .git -rf && popd
# Remove sync-uri for consistency
RUN sed -i /etc/portage/repos.conf/{gentoo,science} -e "/sync-uri/d"
RUN sed -i /etc/portage/repos.conf/{gentoo,science} -e "/sync-git-verify-commit-signature/d"
# Ensure Umask-safe permissions
RUN chmod -R a+rX /var/db/repos/local*/
# Make sure all CPU flags supported by the hardware are whitelisted
# This only affects packages with handwritten assembly language optimizations, e.g. ffmpeg.
# Removing it is safe, software will just not take full advantage of processor capabilities.
#RUN emerge cpuid2cpuflags
#RUN echo "*/* $(cpuid2cpuflags)" > /etc/portage/package.use/00cpu-flags
# Dynamically prepare manifest and go crazy.
RUN my_ebuild=$(/bin/ls -1 /var/db/repos/local/sci-misc/*/*99999.ebuild) && \
ebuild "$my_ebuild" manifest && \
emerge -v $(echo $my_ebuild | sed -e 's,.*/\([-_0-9a-zA-Z]*\)-99999.ebuild,\1,g') --autounmask-continue && \
rm -rf /var/cache/distfiles/
#RUN my_ebuild=$(/bin/ls -1 /var/db/repos/local/sci-misc/*/*99999.ebuild) && \
# ebuild "$my_ebuild" manifest
#ENTRYPOINT ["/bin/bash"]