gdm85 10 years ago
commit 21c3c34b29

@ -15,27 +15,24 @@ MAINTAINER Giuseppe Mazzotta "gdm85@users.noreply.github.com"
ENV TERM xterm
ENV DEBIAN_FRONTEND noninteractive
## can be customized
## some core packages
RUN apt-get update && apt-get install -y htop tmux less locales openssh-server
## these 2 files can be customized
ADD etc/timezone /etc/timezone
RUN dpkg-reconfigure -f noninteractive tzdata
ADD etc/locale.gen /etc/locale.gen
RUN dpkg-reconfigure locales && dpkg-reconfigure tzdata
## first line of packages is core, second necessary for gitian builds
## continue installation of gitian-builder packages
RUN echo "deb http://http.debian.net/debian wheezy main contrib non-free" > /etc/apt/sources.list.d/non-free.list
RUN apt-get update && apt-get install -y htop tmux less locales openssh-server \
iptables ca-certificates sudo bridge-utils git python-cheetah qemu-utils parted kpartx ruby apt-cacher-ng
RUN apt-get install -y lxc
## can be customized
ADD etc/locale.gen /etc/locale.gen
RUN dpkg-reconfigure -f noninteractive locales
RUN apt-get install -y iptables ca-certificates sudo bridge-utils git python-cheetah qemu-utils parted kpartx ruby apt-cacher-ng lxc
## disable password logins, reverse DNS lookups & privilege separation (due to chroot issues on latest docker)
RUN sed -i -e 's/^#PasswordAuthentication yes/PasswordAuthentication no/' -e 's/^UsePrivilegeSeparation.*$/UsePrivilegeSeparation no/' /etc/ssh/sshd_config && echo 'UseDNS no' >> /etc/ssh/sshd_config
# the version of lxc-start in Debian Wheezy needs to run as root, so make sure
# this version of Debian needs to run as root, so make sure
# that the build script can exectute it without providing a password
RUN echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc
RUN echo 'debian ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/debian-sudo
@ -49,7 +46,7 @@ RUN chmod -R go-rwx /home/debian/.ssh
WORKDIR /home/debian
## download in clear HTTP & check md5 right afterwards
RUN wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr489.orig.tar.gz && echo "ec12e0070a007989561bfee5862c89a32c301992dd2771c4d5078ef1b3014f03 vm-build$
RUN wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr489.orig.tar.gz && echo "ec12e0070a007989561bfee5862c89a32c301992dd2771c4d5078ef1b3014f03 vm-builder_0.12.4+bzr489.orig.tar.gz" | sha256sum -c
RUN tar -zxvf vm-builder_0.12.4+bzr489.orig.tar.gz && cd vm-builder-0.12.4+bzr489 && python setup.py install
## these must always be loaded when you login as 'debian' user
@ -60,10 +57,12 @@ RUN echo 'export LXC_GUEST_IP=' >> .bash_profile
RUN git clone https://github.com/devrandom/gitian-builder.git --depth=1
RUN chown -R debian.debian . && chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/
## optional: run this image with volumes for pre-downloaded inputs and apt-cacher-ng cache
## suggested: run this image with mounted volumes for pre-downloaded inputs and apt-cacher-ng cache
## -v inputs:/home/debian/gitian-builder/inputs -v apt-cacher-ng:/var/cache/apt-cacher-ng
##NOTE: if you do use them, then not forget to set proper user rights for these mounted volumes
## all necessary setup instructions (SSH, LXC)
ADD setup.sh /usr/local/bin/setup.sh
## on run failure, check logs to see if setup failed. on success connect via SSH
CMD /usr/local/bin/setup.sh && /etc/init.d/apt-cacher-ng start && /usr/sbin/sshd -D
CMD /usr/local/bin/setup.sh && /etc/init.d/apt-cacher-ng start && /usr/sbin/sshd -D -e

@ -5,11 +5,17 @@
## (thus most of the comment are his voice)
set -e
## prevent (re)starting of sshd
## we want to use sshd as our container process
echo -e "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \
chmod +x /usr/sbin/policy-rc.d
## regenerate host keys
/bin/rm -v /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
/bin/rm -v /etc/ssh/ssh_host_* && \
dpkg-reconfigure -f noninteractive openssh-server || exit $?
## removed, in case you want to install other packages at container-time
rm /usr/sbin/policy-rc.d
# First, make sure that cgroups are mounted correctly.
@ -96,6 +102,8 @@ source /home/debian/.bash_profile
brctl addbr br0 && \
ifconfig br0 ${GITIAN_HOST_IP}/16 up || exit $?
##NOTE: *DO NOT* try to add eth0 to the bridge, it will kill container's networking
## temporary workaround until this bug is fixed: https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/891045
umount /dev/shm
rmdir /dev/shm

@ -2,6 +2,8 @@
set -e
CID=$(docker run -d --privileged gitian-host) || exit $?
CID=$(docker run -d --privileged gdm85/gitian-host) || exit $?
IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) || exit $?
echo "You can now SSH into container $CID (IPv4 $IP) with user debian"
echo "You can now SSH into container $CID:"
echo "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"
