-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7 from dubo-dubon-duponey/work
Work
- Loading branch information
Showing
41 changed files
with
2,256 additions
and
832 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,3 +25,6 @@ trim_trailing_whitespace = false | |
[Makefile] | ||
indent_style = tab | ||
indent_size = 4 | ||
|
||
[*.cue] | ||
indent_style = tab |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package cake | ||
|
||
import ( | ||
"duponey.cloud/scullery" | ||
) | ||
|
||
UserDefined: scullery.#Icing & { | ||
buildkit: { | ||
address: string @tag(bk, type=string) | ||
} | ||
hosts: { | ||
// This allows usage of the apt-front with mTLS | ||
"snapshot.debian.org": { | ||
ip: string @tag(ip, type=string) | ||
} | ||
} | ||
subsystems: { | ||
apt: { | ||
// proxy: string @tag(apt_proxy, type=string) | ||
user_agent: "DuboDubonDuponey/1.0 (apt)" | ||
check_valid: false | ||
} | ||
curl: { | ||
user_agent: "DuboDubonDuponey/1.0 (curl)" | ||
} | ||
} | ||
trust: { | ||
authority: string @tag(trust, type=string) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
.DS_Store | ||
/.idea | ||
*/cache/* | ||
cache |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
ARG FROM_REGISTRY=ghcr.io/dubo-dubon-duponey | ||
ARG FROM_IMAGE_RUNTIME=debian:bullseye-2021-09-01@sha256:7231d833660dd4fe1ec0aa4b4484cde1e538fe77b0b6871f8ea55197c56cf692 | ||
|
||
# XXX a new experimental image meant for auditing shit | ||
FROM $FROM_REGISTRY/$FROM_IMAGE_RUNTIME AS auditor | ||
|
||
# hadolint ignore=DL3008 | ||
RUN --mount=type=secret,uid=100,id=CA \ | ||
--mount=type=secret,uid=100,id=CERTIFICATE \ | ||
--mount=type=secret,uid=100,id=KEY \ | ||
--mount=type=secret,uid=100,id=GPG.gpg \ | ||
--mount=type=secret,id=NETRC \ | ||
--mount=type=secret,id=APT_SOURCES \ | ||
--mount=type=secret,id=APT_CONFIG \ | ||
packages=(); \ | ||
for architecture in armel armhf arm64 ppc64el i386 s390x amd64; do \ | ||
dpkg --add-architecture "$architecture"; \ | ||
packages+=(libc6:"$architecture"=2.31-13); \ | ||
done; \ | ||
apt-get update -qq; \ | ||
apt-get install -qq --no-install-recommends \ | ||
curl=7.74.0-1.3+b1 file=1:5.39-3 binutils=2.35.2-2 schroot=1.6.10-12 patchelf=0.12-1 \ | ||
procps=2:3.3.17-5 iproute2=5.10.0-4 libcap2-bin=1:2.44-1 \ | ||
dnsutils=1:9.16.15-1 iputils-ping=3:20210202-1 \ | ||
lynis=3.0.2-1 devscripts=2.21.3; \ | ||
apt-get install -qq --no-install-recommends \ | ||
"${packages[@]}"; \ | ||
apt-get -qq autoremove; \ | ||
apt-get -qq clean; \ | ||
rm -rf /var/lib/apt/lists/*; \ | ||
rm -rf /tmp/*; \ | ||
rm -rf /var/tmp/* | ||
|
||
COPY ./dubo-check /usr/bin/ | ||
|
||
# Add metadata | ||
ARG BUILD_CREATED="1976-04-14T17:00:00-07:00" | ||
ARG BUILD_URL="https://github.com/dubo-dubon-duponey/docker-base" | ||
ARG BUILD_DOCUMENTATION="https://github.com/dubo-dubon-duponey/docker-base" | ||
ARG BUILD_SOURCE="https://github.com/dubo-dubon-duponey/docker-base" | ||
ARG BUILD_VERSION="unknown" | ||
ARG BUILD_REVISION="unknown" | ||
ARG BUILD_VENDOR="dubodubonduponey" | ||
ARG BUILD_LICENSES="MIT" | ||
ARG BUILD_REF_NAME="latest" | ||
ARG BUILD_TITLE="A DBDBDP image" | ||
ARG BUILD_DESCRIPTION="So image. Much DBDBDP. Such description." | ||
|
||
LABEL org.opencontainers.image.created="$BUILD_CREATED" | ||
LABEL org.opencontainers.image.authors="Dubo Dubon Duponey <dubo-dubon-duponey@farcloser.world>" | ||
LABEL org.opencontainers.image.url="$BUILD_URL" | ||
LABEL org.opencontainers.image.documentation="$BUILD_DOCUMENTATION" | ||
LABEL org.opencontainers.image.source="$BUILD_SOURCE" | ||
LABEL org.opencontainers.image.version="$BUILD_VERSION" | ||
LABEL org.opencontainers.image.revision="$BUILD_REVISION" | ||
LABEL org.opencontainers.image.vendor="$BUILD_VENDOR" | ||
LABEL org.opencontainers.image.licenses="$BUILD_LICENSES" | ||
LABEL org.opencontainers.image.ref.name="$BUILD_REF_NAME" | ||
LABEL org.opencontainers.image.title="$BUILD_TITLE" | ||
LABEL org.opencontainers.image.description="$BUILD_DESCRIPTION" | ||
|
||
# Image building from here can use this for buildtime (that is usually set at the time of the last commit to their repo) | ||
ONBUILD ARG BUILD_CREATED="1976-04-14T17:00:00-07:00" | ||
|
||
# Helper for our secrets | ||
# Pointing curl home out, allowing for /run/secrets/.curlrc to be seen automatically | ||
ENV CURL_HOME=/run/secrets | ||
|
||
# Location | ||
WORKDIR /dist |
Oops, something went wrong.