-
Notifications
You must be signed in to change notification settings - Fork 1
/
Containerfile
49 lines (35 loc) · 2.11 KB
/
Containerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
FROM docker.io/gentoo/portage:20230424 as portage
FROM docker.io/gentoo/stage3:20230424
# copy the entire portage volume in
COPY --from=portage /var/db/repos/gentoo /var/db/repos/gentoo
RUN emerge -v --noreplace dev-vcs/git
RUN emerge -v1u portage
# Pinned commits for the dependency tree state
ARG gentoo_hash=0f6aa0646baad09881e581250e24a4e018e14abc
ARG science_hash=3816342c4d4ad5da753dedcdcc7a50aaa27ac9be
ARG FEATURES="-ipc-sandbox -network-sandbox -pid-sandbox"
# This will be bound, and contents available outside of container
RUN mkdir /outputs
COPY code/opfvta /opfvta
COPY code/opfvta/.gentoo/portage/ /etc/portage/
COPY code/opfvta/.gentoo/overlay/ /var/db/repos/local_opfvta/
# Moving gentoo repo from default rsync to git
RUN rm /var/db/repos/gentoo -rf
# Disable auto-sync
RUN sed -i /etc/portage/repos.conf/{gentoo,science} -e "s/sync-type *= *git/sync-type =/g"
# Cloning manually to prevent vdb update, pinning state via git
RUN REPO_URL=$(grep "^sync-uri" /etc/portage/repos.conf/gentoo | sed -e "s/sync-uri *= *//g"); mkdir -p /var/db/repos/gentoo; pushd /var/db/repos/gentoo; git clone ${REPO_URL} .; git fetch origin $gentoo_hash; git checkout $gentoo_hash; rm .git -rf; popd
RUN REPO_URL=$(grep "^sync-uri" /etc/portage/repos.conf/science | sed -e "s/sync-uri *= *//g"); mkdir -p /var/db/repos/science; pushd /var/db/repos/science; git clone ${REPO_URL} .; git fetch origin $science_hash; git checkout $science_hash; rm .git -rf; popd
# Remove sync-uri for consistency
RUN sed -i /etc/portage/repos.conf/{gentoo,science} -e "/sync-uri/d"
RUN sed -i /etc/portage/repos.conf/{gentoo,science} -e "/sync-git-verify-commit-signature/d"
# Not really needed, would speed things up minimally, but it currently fails.
#RUN emerge --sync science gentoo
# This is only if we distribute data separately
RUN echo "sci-biology/opfvta_bidsdata-2.0" > /etc/portage/profile/package.provided
# Ensure Umask-safe permissions
RUN chmod -R a+rX /var/db/repos/local_opfvta/
# Prepare manifest
RUN pushd /var/db/repos/local_opfvta/sci-misc/opfvta; ebuild opfvta-99999.ebuild manifest; popd
# Go crazy!
RUN emerge -v opfvta --autounmask-continue