diff --git a/9.10/_cabal-install.deb11.yaml b/9.10/_cabal-install.deb11.yaml new file mode 100644 index 00000000..ca8620e1 --- /dev/null +++ b/9.10/_cabal-install.deb11.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": '5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + "x86_64": '41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' diff --git a/9.10/_cabal-install.deb12.yaml b/9.10/_cabal-install.deb12.yaml new file mode 100644 index 00000000..23bbd2f4 --- /dev/null +++ b/9.10/_cabal-install.deb12.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": 'f763fb2af2bc1ff174b7361a7d51109a585954f87a0e14f86d144f3bce28f7a9' + "x86_64": '73a463306c771e18ca22c0a9469176ffab0138ec5925adb5364ef47174e1adc5' diff --git a/9.10/bookworm/Dockerfile b/9.10/bookworm/Dockerfile index 6b9a52e4..5b94c67d 100644 --- a/9.10/bookworm/Dockerfile +++ b/9.10/bookworm/Dockerfile @@ -25,8 +25,8 @@ RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.10.2 -ARG GHC_RELEASE_KEY=88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4 +ARG GHC='9.10.2' +ARG GHC_RELEASE_KEY='88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - GHC_URL="https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-$ARCH-deb11-linux.tar.xz"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='0188ca098abdaf71eb0804d0f35311f405da489137d8d438bfaa43b8d1e3f1b0' + ;; + 'x86_64') + GHC_SHA256='2fe2c3e0a07e4782530e8bf83eeda8ff6935e40d5450c1809abcdc6182c9c848' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.4/_cabal-install.yaml b/9.4/_cabal-install.yaml new file mode 100644 index 00000000..ca8620e1 --- /dev/null +++ b/9.4/_cabal-install.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": '5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + "x86_64": '41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' diff --git a/9.4/_ghc.yaml b/9.4/_ghc.yaml new file mode 100644 index 00000000..f31e1d09 --- /dev/null +++ b/9.4/_ghc.yaml @@ -0,0 +1,5 @@ +version: "9.4.8" +release_key: "88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4" +sha256sum: + "aarch64": '278e287e1ee624712b9c6d7803d1cf915ca1cce56e013b0a16215eb8dfeb1531' + "x86_64": '2743629d040f3213499146cb5154621d6f25e85271019afc9b9009e04d66bf6c' diff --git a/9.4/_globals.yaml b/9.4/_globals.yaml new file mode 100644 index 00000000..a6d67e60 --- /dev/null +++ b/9.4/_globals.yaml @@ -0,0 +1,9 @@ +stack: + version: "3.3.1" + release_key: "C5705533DA4F78D8664B5DC0575159689BEFB442" + sha256sum: + "aarch64": 'bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + "x86_64": '88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' +cabal_install: + version: "3.14.1.1" + release_key: "EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF" diff --git a/9.4/bullseye.yaml b/9.4/bullseye.yaml new file mode 100644 index 00000000..dd37c20a --- /dev/null +++ b/9.4/bullseye.yaml @@ -0,0 +1,13 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +overrides: + ghc: + "aarch64": + # GHC 9.4.8 doesn't have a deb11 bindist for aarch64 for some reason, so we're using the deb10 one instead + url: "https://downloads.haskell.org/~ghc/9.4.8/ghc-9.4.8-aarch64-deb10-linux.tar.xz" +_globals: !include '_globals.yaml' diff --git a/9.4/bullseye/Dockerfile b/9.4/bullseye/Dockerfile new file mode 100644 index 00000000..ee9d577b --- /dev/null +++ b/9.4/bullseye/Dockerfile @@ -0,0 +1,144 @@ +FROM debian:bullseye + +ENV LANG=C.UTF-8 + +# common haskell + stack dependencies +RUN <&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + + stack --version; +EOT + +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' + +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS + # confirm we are verifying SHA256SUMS that matches the release + sha256 + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + + cabal --version +EOT + +ARG GHC='9.4.8' +ARG GHC_RELEASE_KEY='88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4' + +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + + "/opt/ghc/$GHC/bin/ghc" --version +EOT + +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH + +CMD ["ghci"] diff --git a/9.4/slim-bullseye.yaml b/9.4/slim-bullseye.yaml new file mode 100644 index 00000000..5f8f987f --- /dev/null +++ b/9.4/slim-bullseye.yaml @@ -0,0 +1,13 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye-slim' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +overrides: + ghc: + "aarch64": + # GHC 9.4.8 doesn't have a deb11 bindist for aarch64 for some reason, so we're using the deb10 one instead + url: "https://downloads.haskell.org/~ghc/9.4.8/ghc-9.4.8-aarch64-deb10-linux.tar.xz" +_globals: !include '_globals.yaml' diff --git a/9.4/slim-bullseye/Dockerfile b/9.4/slim-bullseye/Dockerfile new file mode 100644 index 00000000..db655796 --- /dev/null +++ b/9.4/slim-bullseye/Dockerfile @@ -0,0 +1,144 @@ +FROM debian:bullseye-slim + +ENV LANG=C.UTF-8 + +# common haskell + stack dependencies +RUN <&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + + stack --version; +EOT + +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' + +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS + # confirm we are verifying SHA256SUMS that matches the release + sha256 + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + + cabal --version +EOT + +ARG GHC='9.4.8' +ARG GHC_RELEASE_KEY='88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4' + +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + + "/opt/ghc/$GHC/bin/ghc" --version +EOT + +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH + +CMD ["ghci"] diff --git a/9.6/_cabal-install.yaml b/9.6/_cabal-install.yaml new file mode 100644 index 00000000..ca8620e1 --- /dev/null +++ b/9.6/_cabal-install.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": '5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + "x86_64": '41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' diff --git a/9.6/_ghc.yaml b/9.6/_ghc.yaml new file mode 100644 index 00000000..1461e4e8 --- /dev/null +++ b/9.6/_ghc.yaml @@ -0,0 +1,5 @@ +version: "9.6.7" +release_key: "8C961469C8FDC968718D6245AC7DE836C5DF907D" +sha256sum: + "aarch64": '3cfa843687856de304a946dbe849a497c4fdad021f0275628b8ca7b55ccf8082' + "x86_64": 'fc6a6247d1831745c67b27d6212f6911c35a933043f3b6851724e2e01484d077' diff --git a/9.6/_globals.yaml b/9.6/_globals.yaml new file mode 100644 index 00000000..a6d67e60 --- /dev/null +++ b/9.6/_globals.yaml @@ -0,0 +1,9 @@ +stack: + version: "3.3.1" + release_key: "C5705533DA4F78D8664B5DC0575159689BEFB442" + sha256sum: + "aarch64": 'bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + "x86_64": '88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' +cabal_install: + version: "3.14.1.1" + release_key: "EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF" diff --git a/9.6/bullseye.yaml b/9.6/bullseye.yaml new file mode 100644 index 00000000..83613f9f --- /dev/null +++ b/9.6/bullseye.yaml @@ -0,0 +1,13 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +overrides: + ghc: + "aarch64": + # GHC 9.6.7 doesn't have a deb11 bindist for aarch64 for some reason, so we're using the deb10 one instead + url: "https://downloads.haskell.org/~ghc/9.6.7/ghc-9.6.7-aarch64-deb10-linux.tar.xz" +_globals: !include '_globals.yaml' diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index 7b0cf8fe..83aea5ad 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -3,7 +3,8 @@ FROM debian:bullseye ENV LANG=C.UTF-8 # common haskell + stack dependencies -RUN apt-get update && \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.6.7 -ARG GHC_RELEASE_KEY=8C961469C8FDC968718D6245AC7DE836C5DF907D +ARG GHC='9.6.7' +ARG GHC_RELEASE_KEY='8C961469C8FDC968718D6245AC7DE836C5DF907D' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='3cfa843687856de304a946dbe849a497c4fdad021f0275628b8ca7b55ccf8082' + GHC_URL='https://downloads.haskell.org/~ghc/9.6.7/ghc-9.6.7-aarch64-deb10-linux.tar.xz' + ;; + 'x86_64') + GHC_SHA256='fc6a6247d1831745c67b27d6212f6911c35a933043f3b6851724e2e01484d077' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.6/slim-bullseye.yaml b/9.6/slim-bullseye.yaml new file mode 100644 index 00000000..cee76810 --- /dev/null +++ b/9.6/slim-bullseye.yaml @@ -0,0 +1,13 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye-slim' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +overrides: + ghc: + "aarch64": + # GHC 9.6.7 doesn't have a deb11 bindist for aarch64 for some reason, so we're using the deb10 one instead + url: "https://downloads.haskell.org/~ghc/9.6.7/ghc-9.6.7-aarch64-deb10-linux.tar.xz" +_globals: !include '_globals.yaml' diff --git a/9.6/slim-bullseye/Dockerfile b/9.6/slim-bullseye/Dockerfile index 3a7f96ec..4eeb808e 100644 --- a/9.6/slim-bullseye/Dockerfile +++ b/9.6/slim-bullseye/Dockerfile @@ -3,7 +3,8 @@ FROM debian:bullseye-slim ENV LANG=C.UTF-8 # common haskell + stack dependencies -RUN apt-get update && \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.6.7 -ARG GHC_RELEASE_KEY=8C961469C8FDC968718D6245AC7DE836C5DF907D +ARG GHC='9.6.7' +ARG GHC_RELEASE_KEY='8C961469C8FDC968718D6245AC7DE836C5DF907D' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - # remove profiling support to save space - find "/opt/ghc/$GHC/" \( -name "*_p.a" -o -name "*.p_hi" \) -type f -delete; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='3cfa843687856de304a946dbe849a497c4fdad021f0275628b8ca7b55ccf8082' + GHC_URL='https://downloads.haskell.org/~ghc/9.6.7/ghc-9.6.7-aarch64-deb10-linux.tar.xz' + ;; + 'x86_64') + GHC_SHA256='fc6a6247d1831745c67b27d6212f6911c35a933043f3b6851724e2e01484d077' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.8/_cabal-install.yaml b/9.8/_cabal-install.yaml new file mode 100644 index 00000000..ca8620e1 --- /dev/null +++ b/9.8/_cabal-install.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": '5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + "x86_64": '41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' diff --git a/9.8/_ghc.yaml b/9.8/_ghc.yaml new file mode 100644 index 00000000..6140f876 --- /dev/null +++ b/9.8/_ghc.yaml @@ -0,0 +1,5 @@ +version: "9.8.4" +release_key: "FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD" +sha256sum: + "aarch64": '310204daf2df6ad16087be94b3498ca414a0953b29e94e8ec8eb4a5c9bf603d3' + "x86_64": 'af151db8682b8c763f5a44f960f65453d794c95b60f151abc82dbdefcbe6f8ad' diff --git a/9.8/_globals.yaml b/9.8/_globals.yaml new file mode 100644 index 00000000..a6d67e60 --- /dev/null +++ b/9.8/_globals.yaml @@ -0,0 +1,9 @@ +stack: + version: "3.3.1" + release_key: "C5705533DA4F78D8664B5DC0575159689BEFB442" + sha256sum: + "aarch64": 'bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + "x86_64": '88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' +cabal_install: + version: "3.14.1.1" + release_key: "EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF" diff --git a/9.8/bullseye.yaml b/9.8/bullseye.yaml new file mode 100644 index 00000000..4e3cc203 --- /dev/null +++ b/9.8/bullseye.yaml @@ -0,0 +1,9 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +_globals: !include '_globals.yaml' + diff --git a/9.8/bullseye/Dockerfile b/9.8/bullseye/Dockerfile index afbf65f7..7726fdf9 100644 --- a/9.8/bullseye/Dockerfile +++ b/9.8/bullseye/Dockerfile @@ -3,7 +3,8 @@ FROM debian:bullseye ENV LANG=C.UTF-8 # common haskell + stack dependencies -RUN apt-get update && \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.8.4 -ARG GHC_RELEASE_KEY=FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD +ARG GHC='9.8.4' +ARG GHC_RELEASE_KEY='FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - GHC_URL="https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-$ARCH-deb11-linux.tar.xz"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='310204daf2df6ad16087be94b3498ca414a0953b29e94e8ec8eb4a5c9bf603d3' + ;; + 'x86_64') + GHC_SHA256='af151db8682b8c763f5a44f960f65453d794c95b60f151abc82dbdefcbe6f8ad' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.8/slim-bullseye.yaml b/9.8/slim-bullseye.yaml new file mode 100644 index 00000000..d60aeff8 --- /dev/null +++ b/9.8/slim-bullseye.yaml @@ -0,0 +1,9 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye-slim' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +_globals: !include '_globals.yaml' + diff --git a/9.8/slim-bullseye/Dockerfile b/9.8/slim-bullseye/Dockerfile index 2ffc0a58..9e47cd55 100644 --- a/9.8/slim-bullseye/Dockerfile +++ b/9.8/slim-bullseye/Dockerfile @@ -3,7 +3,8 @@ FROM debian:bullseye-slim ENV LANG=C.UTF-8 # common haskell + stack dependencies -RUN apt-get update && \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.8.4 -ARG GHC_RELEASE_KEY=FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD +ARG GHC='9.8.4' +ARG GHC_RELEASE_KEY='FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - GHC_URL="https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-$ARCH-deb11-linux.tar.xz"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='310204daf2df6ad16087be94b3498ca414a0953b29e94e8ec8eb4a5c9bf603d3' + ;; + 'x86_64') + GHC_SHA256='af151db8682b8c763f5a44f960f65453d794c95b60f151abc82dbdefcbe6f8ad' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/README.md b/README.md index f4a1a979..8f3ea4ca 100644 --- a/README.md +++ b/README.md @@ -102,12 +102,12 @@ Now, check the created/updated `Dockerfile` and commit it to the VCS. You can build and run the images locally with something like: ```bash -$ docker build -t haskell-local 9.2/buster && docker run -it haskell-local bash +$ docker build -t haskell-local 9.12/bookworm && docker run -it haskell-local bash ``` ### Updating The Images -This invovles a 2 step process. +This involves a 2-step process. 1. Update the images in the docker-haskell repository. 2. Update the [official images repo](https://github.com/docker-library/official-images/blob/master/library/haskell) to use the new git commit sha. @@ -123,7 +123,7 @@ When a new version of Cabal, Stack or GHC is released the images need to be upda ##### GHC 1. Replace the old and new GHC version globally eg. `9.4.3` becomes `9.4.4`. This will update both Dockerfiles **and the github actions**. -2. Obtain the new sha256 for the new GHC binary distribution via https://downloads.haskell.org/~ghc/9.4.4/SHA256SUMS . Look for the sha for the `.tar.xz` supported versions (currently `x86_64-deb10` + `aarch64-deb10`). +2. Get the new sha256 for the new GHC binary distribution via https://downloads.haskell.org/~ghc/9.4.4/SHA256SUMS . Look for the sha for the `.tar.xz` supported versions (currently `x86_64-deb10` + `aarch64-deb10`). 3. Replace globally the old sha256 for these with the new one obtained in step 2. 4. Update the PGP key if the person doing the release has changed. You can build the image locally at this point to see if it works or not. If it fails you need to update the PGP key. You need to find the key from the person doing the release on the ubuntu keyserver. See below for known releasers. diff --git a/generate.sh b/generate.sh new file mode 100755 index 00000000..7a007e4e --- /dev/null +++ b/generate.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -e +set -o pipefail + +main() { + if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 + fi + local script_dir + script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) + cd "$script_dir" || exit 1 + local abs_data_file + abs_data_file=$(realpath "$1") + local abs_output_file + abs_output_file=$(realpath "$2") + local template_path + template_path=$(realpath ./template/Dockerfile.jinja) + # run the generator + pushd generator || exit 1 + stack run -- -t "$template_path" --data-file "$abs_data_file" > "$abs_output_file" + popd || exit 1 +} +main "$@"