-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuild.sh
executable file
·106 lines (80 loc) · 3.29 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/bin/bash
# Bind
# A container running ISC's BIND 9 DNS server.
#
# Copyright (c) 2022 SGS Serious Gaming & Simulations GmbH
#
# This work is licensed under the terms of the MIT license.
# For a copy, see LICENSE file or <https://opensource.org/licenses/MIT>.
#
# SPDX-License-Identifier: MIT
# License-Filename: LICENSE
set -eu -o pipefail
export LC_ALL=C.UTF-8
[ -v CI_TOOLS ] && [ "$CI_TOOLS" == "SGSGermany" ] \
|| { echo "Invalid build environment: Environment variable 'CI_TOOLS' not set or invalid" >&2; exit 1; }
[ -v CI_TOOLS_PATH ] && [ -d "$CI_TOOLS_PATH" ] \
|| { echo "Invalid build environment: Environment variable 'CI_TOOLS_PATH' not set or invalid" >&2; exit 1; }
source "$CI_TOOLS_PATH/helper/common.sh.inc"
source "$CI_TOOLS_PATH/helper/container.sh.inc"
source "$CI_TOOLS_PATH/helper/container-alpine.sh.inc"
BUILD_DIR="$(CDPATH= cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)"
source "$BUILD_DIR/container.env"
readarray -t -d' ' TAGS < <(printf '%s' "$TAGS")
echo + "CONTAINER=\"\$(buildah from $(quote "$BASE_IMAGE"))\"" >&2
CONTAINER="$(buildah from "$BASE_IMAGE")"
echo + "MOUNT=\"\$(buildah mount $(quote "$CONTAINER"))\"" >&2
MOUNT="$(buildah mount "$CONTAINER")"
pkg_install "$CONTAINER" --virtual .bind \
bind
echo + "rm -f …/etc/bind/named.conf.{authoritative,recursive}" >&2
rm -f "$MOUNT/etc/bind/named.conf.authoritative" \
"$MOUNT/etc/bind/named.conf.recursive"
echo + "rm -rf …/var/bind" >&2
rm -rf "$MOUNT/var/bind"
pkg_install "$CONTAINER" --virtual .bind-run-deps \
openssl \
bash \
inotify-tools
echo + "rsync -v -rl --exclude .gitignore ./src/ …/" >&2
rsync -v -rl --exclude '.gitignore' "$BUILD_DIR/src/" "$MOUNT/"
user_changeuid "$CONTAINER" named 65536
user_add "$CONTAINER" ssl-certs 65537
cmd buildah run "$CONTAINER" -- \
addgroup named ssl-certs
cmd buildah run "$CONTAINER" -- \
chown named:named "/var/bind/"
cmd buildah run "$CONTAINER" -- \
chmod 750 "/var/bind/"
VERSION="$(pkg_version "$CONTAINER" bind)"
cleanup "$CONTAINER"
cmd buildah config \
--env BIND_VERSION="$VERSION" \
"$CONTAINER"
cmd buildah config \
--port "53/udp" \
--port "53/tcp" \
--port "853/tcp" \
"$CONTAINER"
cmd buildah config \
--volume "/etc/bind/local-zones" \
--volume "/etc/bind/ssl/dns-over-tls" \
--volume "/var/bind" \
"$CONTAINER"
cmd buildah config \
--workingdir "/var/bind" \
--entrypoint '[ "/entrypoint.sh" ]' \
--cmd '[ "named", "-g", "-u", "named" ]' \
"$CONTAINER"
cmd buildah config \
--annotation org.opencontainers.image.title="Bind" \
--annotation org.opencontainers.image.description="A container running ISC's BIND 9 DNS server." \
--annotation org.opencontainers.image.version="$VERSION" \
--annotation org.opencontainers.image.url="https://github.com/SGSGermany/bind" \
--annotation org.opencontainers.image.authors="SGS Serious Gaming & Simulations GmbH" \
--annotation org.opencontainers.image.vendor="SGS Serious Gaming & Simulations GmbH" \
--annotation org.opencontainers.image.licenses="MIT" \
--annotation org.opencontainers.image.base.name="$BASE_IMAGE" \
--annotation org.opencontainers.image.base.digest="$(podman image inspect --format '{{.Digest}}' "$BASE_IMAGE")" \
"$CONTAINER"
con_commit "$CONTAINER" "$IMAGE" "${TAGS[@]}"