Mikkel Georgsen
77a5aaa0f5
Replace systemd-nspawn (Arch-only) with Podman/Docker containers: - Works on any Linux host (Debian, Ubuntu, Fedora, etc.) - Prefers Podman for rootless security, falls back to Docker - Uses archlinux:latest image with archiso installed - Network isolation via --network=none - Resource limits: 8GB RAM, 4 CPUs - Deterministic builds via SOURCE_DATE_EPOCH This allows ISO builds from any development/production environment rather than requiring an Arch-based build server. LXC/Proxmox users: enable nesting on the container. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
79 lines
2.2 KiB
Bash
Executable file
79 lines
2.2 KiB
Bash
Executable file
#!/bin/bash
|
|
# Setup build sandbox for Debate platform
|
|
# Works on any Linux distribution with podman or docker
|
|
#
|
|
# LXC/Proxmox VE Requirements:
|
|
# If running in an LXC container, enable nesting:
|
|
# - Proxmox UI: Container -> Options -> Features -> Nesting: checked
|
|
# - Or via CLI: pct set <vmid> -features nesting=1
|
|
# - Container may need to be privileged for full functionality
|
|
|
|
set -euo pipefail
|
|
|
|
log() {
|
|
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
|
|
}
|
|
|
|
# Detect container runtime (prefer podman)
|
|
if command -v podman &> /dev/null; then
|
|
RUNTIME="podman"
|
|
log "Found podman (recommended)"
|
|
elif command -v docker &> /dev/null; then
|
|
RUNTIME="docker"
|
|
log "Found docker"
|
|
else
|
|
log "ERROR: No container runtime found."
|
|
log "Install podman (recommended) or docker:"
|
|
log " Debian/Ubuntu: apt install podman"
|
|
log " Fedora: dnf install podman"
|
|
log " Arch: pacman -S podman"
|
|
exit 1
|
|
fi
|
|
|
|
# Configuration
|
|
BUILD_IMAGE="debate-archiso-builder:latest"
|
|
BASE_IMAGE="ghcr.io/archlinux/archlinux:latest"
|
|
|
|
# Check if build image already exists
|
|
if $RUNTIME image inspect "$BUILD_IMAGE" &> /dev/null; then
|
|
log "Build image already exists: $BUILD_IMAGE"
|
|
log "To rebuild, run: $RUNTIME rmi $BUILD_IMAGE"
|
|
exit 0
|
|
fi
|
|
|
|
log "Building Debate ISO builder image..."
|
|
log "This will pull Arch Linux and install archiso (~500MB download)"
|
|
|
|
# Pull base image
|
|
log "Pulling base Arch Linux image..."
|
|
$RUNTIME pull "$BASE_IMAGE"
|
|
|
|
# Build our image with archiso
|
|
log "Installing archiso into image..."
|
|
|
|
$RUNTIME build -t "$BUILD_IMAGE" -f - . << 'DOCKERFILE'
|
|
FROM ghcr.io/archlinux/archlinux:latest
|
|
|
|
# Update and install archiso
|
|
RUN pacman -Syu --noconfirm && \
|
|
pacman -S --noconfirm archiso && \
|
|
pacman -Scc --noconfirm
|
|
|
|
# Set fixed locale for determinism
|
|
RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
|
|
ENV LC_ALL=C
|
|
ENV TZ=UTC
|
|
|
|
# Create build directories
|
|
RUN mkdir -p /build/profile /build/output /build/work
|
|
|
|
WORKDIR /build
|
|
DOCKERFILE
|
|
|
|
log "Build image created successfully: $BUILD_IMAGE"
|
|
log ""
|
|
log "Sandbox is ready. The application will use this image for ISO builds."
|
|
log "Runtime: $RUNTIME"
|
|
log ""
|
|
log "To test the image manually:"
|
|
log " $RUNTIME run --rm -it $BUILD_IMAGE mkarchiso --help"
|