Skip to content

Commit

Permalink
Merge pull request #7 from dubo-dubon-duponey/work
Browse files Browse the repository at this point in the history 
Work
  • Loading branch information
@dubo-dubon-duponey
dubo-dubon-duponey committed Dec 19, 2019
2 parents cc1a44b + 130d237 commit e1a9646
Show file tree
Hide file tree
Showing 5 changed files with 156 additions and 22 deletions.
12 changes: 12 additions & 0 deletions .github/FUNDING.yml
View file
@@ -0,0 +1,12 @@
# These are supported funding model platforms

github: [dubo-dubon-duponey] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
104 changes: 104 additions & 0 deletions DEVELOP.md
View file
@@ -0,0 +1,104 @@
# Hackers zone

## Build from source

### TL;DR

```bash
VENDOR=you
IMAGE_NAME=super_image
IMAGE_TAG=sometag
./build.sh
```

### The what

This image is built using `dubodubonduponey/base:builder-$DEBIAN_DATE` and its runtime uses `dubodubonduponey/base:runtime-$DEBIAN_DATE`.

Both these images are built upon `dubodubonduponey/debian:$DEBIAN_DATE`, a debootstrapped version of Debian Buster, built from a Debian snapshot at `$DEBIAN_DATE`.

At the time of this writing, `DEBIAN_DATE` evaluates to `2019-12-01`, and is updated every 15 days.

You can find out more here:

* https://github.com/dubo-dubon-duponey/docker-debian for the debootstrapped Debian base
* https://github.com/dubo-dubon-duponey/docker-base for the builder and runtime images

These images provide very little - they are (mostly) barebone Buster with metadata and some ONBUILD
Docker syntactic sugar (metadata, user creation, entrypoint).

Let me repeat: you have very little reason to go and add anything up there.

### Configuration reference

```bash
# Controls to which registry your image gets pushed (default to Docker Hub if left unspecified)
REGISTRY="registry-1.docker.io"

# "Vendor" name of the image (eg: `REGISTRY/VENDOR/IMAGE`)
VENDOR="dubodubonduponey"

# Image name (as in `REGISTRY/VENDOR/IMAGE`)
IMAGE_NAME="super_image"

# Tag name to publish
IMAGE_TAG="v1"

# Image metadata (applied through labels)
TITLE="My super image title"
DESCRIPTION="My super image description"

# Platforms you want to target (note: certain platforms may be unavailable for the underlying software)
PLATFORMS="linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6}"

# Base debian image date to use (from our own base images)
DEBIAN_DATE=2019-12-01

# Controls which user-id to assign to the in-container user
BUILD_UID=2000
```

### Behavior control

```bash
# Do NOT push the built image if left empty (useful for debugging) - default to true
PUSH=
# Do NOT use buildkit cache if left empty - default to true
CACHE=

```

## Develop

### TL;DR

Hack away.

Be sure to run `./test.sh` before submitting anything.

### Philosophy

* keep it simple
* entrypoint should be kept self-contained
* minimize runtime dependencies
* base images should be kept dead simple
* one process per container (letsencrypt refresh being the only exception)
* unrelated ops should go elsewhere
* advanced logging infrastructure does not belong inside a container
* no init system, failing containers should fail, exit, and be handled from the outside
* keep it secure
* no root
* no write
* no cap
* use existing infrastructure
* runnable artifacts go to:
* `/boot/bin` (read-only)
* configuration goes to:
* `/config` (read-only)
* certificates go to:
* `/certs` (read-write)
* persistent application data goes to:
* `/data` (read-write)
* volatile data go to:
* `/tmp` (read-write)
* only use chroot if you really REALLY need root first
53 changes: 35 additions & 18 deletions Dockerfile
View file
Expand Up @@ -31,8 +31,9 @@ RUN tar -xjf bridge.tar.bz2
RUN rm bridge.tar.bz2
RUN ./RoonBridge/check.sh

WORKDIR /dist/boot/lib/
RUN cp /usr/lib/"$(gcc -dumpmachine)"/libasound.so.2 .
# XXX see note in shairport-sync
#WORKDIR /dist/boot/lib/
#RUN cp /usr/lib/"$(gcc -dumpmachine)"/libasound.so.2 .

##########################
# Building image server
Expand All @@ -53,29 +54,43 @@ RUN tar -xjf server.tar.bz2
RUN rm server.tar.bz2
RUN ./RoonServer/check.sh

RUN ln -s /boot/bin/RoonMono/bin/mono-sgen /dist/boot/bin/RoonServer/RoonMono/bin/RAATServer
RUN ln -s /boot/bin/RoonMono/bin/mono-sgen /dist/boot/bin/RoonServer/RoonMono/bin/RoonAppliance
RUN ln -s /boot/bin/RoonMono/bin/mono-sgen /dist/boot/bin/RoonServer/RoonMono/bin/RoonServer
RUN ln -s mono-sgen /dist/boot/bin/RoonServer/RoonMono/bin/RAATServer
RUN ln -s mono-sgen /dist/boot/bin/RoonServer/RoonMono/bin/RoonAppliance
RUN ln -s mono-sgen /dist/boot/bin/RoonServer/RoonMono/bin/RoonServer

COPY --from=builder-healthcheck /dist/boot/bin /dist/boot/bin

WORKDIR /dist/boot/lib/
RUN cp /usr/lib/"$(gcc -dumpmachine)"/libasound.so.2 .
# XXX see note in shairport-sync
#WORKDIR /dist/boot/lib/
#RUN cp /usr/lib/"$(gcc -dumpmachine)"/libasound.so.2 .

#######################
# Running image bridge
#######################
# hadolint ignore=DL3006
FROM $RUNTIME_BASE AS runtime-bridge

USER root

ARG DEBIAN_FRONTEND="noninteractive"
ENV TERM="xterm" LANG="C.UTF-8" LC_ALL="C.UTF-8"
# XXX this is possibly not necessary, as roon apparently is able to adress the device directly
RUN apt-get update -qq \
&& apt-get install -qq --no-install-recommends \
libasound2=1.1.8-1 \
&& apt-get -qq autoremove \
&& apt-get -qq clean \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /tmp/* \
&& rm -rf /var/tmp/*

USER dubo-dubon-duponey

COPY --from=builder-bridge --chown=$BUILD_UID:root /dist .

ENV ROON_DATAROOT /data
ENV ROON_ID_DIR /data

EXPOSE 9003/udp
EXPOSE 9100-9110/tcp

VOLUME /data
VOLUME /tmp

Expand All @@ -87,16 +102,18 @@ FROM $RUNTIME_BASE

USER root

# Removing this will prevent the RoonServer from using audio devices, hence making the use of RaatBridges mandatory (which is fine)
# libasound2=1.1.8-1 \
ARG DEBIAN_FRONTEND="noninteractive"
ENV TERM="xterm" LANG="C.UTF-8" LC_ALL="C.UTF-8"
RUN apt-get update -qq && \
apt-get install -qq --no-install-recommends ffmpeg=7:4.1.4-1~deb10u1 \
&& \
apt-get -qq autoremove && \
apt-get -qq clean && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /tmp/* && \
rm -rf /var/tmp/*
RUN apt-get update -qq \
&& apt-get install -qq --no-install-recommends \
ffmpeg=7:4.1.4-1~deb10u1 \
&& apt-get -qq autoremove \
&& apt-get -qq clean \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /tmp/* \
&& rm -rf /var/tmp/*

USER dubo-dubon-duponey

Expand Down
7 changes: 4 additions & 3 deletions README.md
View file
Expand Up @@ -68,9 +68,6 @@ echo 1048576 > /proc/sys/fs/inotify/max_user_watches
```bash
# In case you want to download the latest from Roon servers
# ./refresh.sh

# Build & push
VENDOR=you ./build.sh
```

### Roon packages version
Expand All @@ -93,3 +90,7 @@ At this time, ncopa just enabled armv7 for mono (https://git.alpinelinux.org/apo

Whether you can use it as a drop-in replacement for Roon embedded Mono is yet to be determined.
Assuming this would work, it's unclear also if gcompat would still be necessary.

## Moar?

See [DEVELOP.md](DEVELOP.md)
2 changes: 1 addition & 1 deletion runtime/boot/entrypoint.sh
View file
@@ -1,7 +1,7 @@
#!/usr/bin/env bash
set -o errexit -o errtrace -o functrace -o nounset -o pipefail

if [ -e /boot/bin/Server/RoonServer ]; then
if [ -e /boot/bin/RoonServer/Server/RoonServer ]; then
exec /boot/bin/RoonServer/Server/RoonServer
else
exec /boot/bin/RoonBridge/Bridge/RoonBridge
Expand Down

0 comments on commit e1a9646

Please sign in to comment.