Jan De Landtsheer
709c4a0865
Docker Infrastructure: - Added proper user namespace mapping in Dockerfile.alpine - Created 'builder' user with host UID/GID mapping at build time - Removed runtime user mapping (now handled in Dockerfile) - Set up Rust environment for mapped user instead of root - Fixed config mount consistency (removed :ro flags for real-time sync) Container Management: - Added 15 essential cgroup modules to modules-essential.list - Complete cgroups v1 and v2 support for container orchestration - Process control: cgroup_pids, cgroup_freezer, cgroup_cpuset - Memory management: memcg, hugetlb_cgroup - Network control: net_cls_cgroup, net_prio_cgroup - Device access: cgroup_device, devices_cgroup - Advanced features: cgroup_bpf, cgroup_perf_event, cgroup_debug Environment Updates: - Updated RFS Dockerfile to Alpine 3.22 for consistency - Ensured proper /build directory permissions for mapped user This enables true rootless operation with full container management capabilities, fixing permission issues and enabling Zero-OS container orchestration with complete resource control.
104 lines
2.5 KiB
Docker
104 lines
2.5 KiB
Docker
# Alpine-based Zero-OS Initramfs Builder
|
|
FROM alpine:3.22
|
|
|
|
# Set build arguments
|
|
ARG TARGETARCH=amd64
|
|
ARG BUILDMODE=debug
|
|
ARG MINIMAL_MODE=false
|
|
ARG USER_UID=1000
|
|
ARG USER_GID=1000
|
|
ARG USERNAME=builder
|
|
|
|
# Set environment variables
|
|
ENV BUILDMODE=${BUILDMODE}
|
|
ENV TARGETARCH=${TARGETARCH}
|
|
ENV MINIMAL_MODE=${MINIMAL_MODE}
|
|
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
# Install build dependencies
|
|
RUN apk add --no-cache \
|
|
# Build tools
|
|
build-base \
|
|
linux-headers \
|
|
cmake \
|
|
git \
|
|
wget \
|
|
curl \
|
|
cpio \
|
|
xz \
|
|
gzip \
|
|
bc \
|
|
perl \
|
|
python3 \
|
|
upx \
|
|
# Kernel build dependencies
|
|
linux-lts-dev \
|
|
linux-lts \
|
|
elfutils-dev \
|
|
openssl-dev \
|
|
openssl-libs-static \
|
|
pkgconfig \
|
|
flex \
|
|
bison \
|
|
# Archive tools
|
|
tar \
|
|
bzip2 \
|
|
unzip \
|
|
# Text processing
|
|
sed \
|
|
grep \
|
|
findutils \
|
|
# JSON processing for GitHub API
|
|
jq \
|
|
# Rustup for proper Rust musl builds
|
|
rustup
|
|
|
|
# Setup Rust toolchain for musl builds
|
|
RUN rustup-init -y --default-toolchain stable && \
|
|
. ~/.cargo/env && \
|
|
rustup target add x86_64-unknown-linux-musl
|
|
|
|
# Create directories
|
|
RUN mkdir -p /build/initramfs /build/kernel /build/output /build/github /build/configs/zinit /mnt/zinit
|
|
|
|
# Set working directory
|
|
WORKDIR /build
|
|
|
|
# Copy build scripts and configs
|
|
COPY scripts/ /build/scripts/
|
|
COPY configs/ /build/configs/
|
|
|
|
# Make scripts executable
|
|
RUN chmod +x /build/scripts/*.sh
|
|
|
|
# Create build configuration
|
|
RUN echo "BUILDMODE=${BUILDMODE}" > /build/build.conf && \
|
|
echo "TARGETARCH=${TARGETARCH}" >> /build/build.conf && \
|
|
echo "MINIMAL_MODE=${MINIMAL_MODE}" >> /build/build.conf && \
|
|
echo "INITRAMFS_ROOT=/build/initramfs" >> /build/build.conf && \
|
|
echo "KERNEL_DIR=/build/kernel" >> /build/build.conf && \
|
|
echo "OUTPUT_DIR=/build/output" >> /build/build.conf && \
|
|
echo "CONFIG_DIR=/build/configs" >> /build/build.conf
|
|
|
|
# Create user with proper mapping
|
|
RUN addgroup -g ${USER_GID} ${USERNAME} && \
|
|
adduser -u ${USER_UID} -G ${USERNAME} -D -s /bin/sh ${USERNAME} && \
|
|
mkdir -p /home/${USERNAME}/.cargo && \
|
|
chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}
|
|
|
|
# Switch to the mapped user
|
|
USER ${USERNAME}
|
|
|
|
# Set up Rust environment for the user
|
|
RUN rustup-init -y --default-toolchain stable && \
|
|
. ~/.cargo/env && \
|
|
rustup target add x86_64-unknown-linux-musl
|
|
|
|
# Set working directory and ensure permissions
|
|
WORKDIR /build
|
|
USER root
|
|
RUN chown -R ${USERNAME}:${USERNAME} /build
|
|
USER ${USERNAME}
|
|
|
|
# Default command
|
|
CMD ["/build/scripts/build-initramfs.sh"] |