Skip to content
rkt-in-rkt builder ACI
Branch: master
Clone or download
squeed Merge pull request #10 from glevand/for-merge-arm64 Add arm64 support
Latest commit 473c713 Jan 15, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
MAINTAINERS MAINTAINERS: initial commit Sep 9, 2016 Update Oct 2, 2017 Add arm64 support Oct 23, 2017 initial commit Jul 12, 2016


This repository holds scripts and releases for the rkt-in-rkt builder ACI.


Building a new rkt-in-rkt builder ACI

To build the builder ACI image, first update the version variable IMG_VERSION in, and execute:

$ sudo ./

The rkt project key must be used to sign the generated image. $RKTSUBKEYID is the key ID of the rkt Yubikey. Connect the key and run gpg2 --card-status to get the ID.

The public key for GPG signing can be found at CoreOS Application Signing Key and is assumed as trusted.

$ gpg2 -u $RKTSUBKEYID'!' --armor --output rkt-builder.aci.asc --detach-sign rkt-builder.aci

Commit any changes to, and push them.

Add a signed tag:

$ GIT_COMMITTER_NAME="CoreOS Application Signing Key" GIT_COMMITTER_EMAIL="" git tag -u $RKTSUBKEYID'!' -s v1.2.0 -m "rkt-builder v1.2.0"`

Push the tag to GitHub:

$ git push --tags

Building rkt-in-rkt

$ git clone
$ cd rkt
$ sudo rkt run \
    --volume src-dir,kind=host,source="$(pwd)" \
    --volume build-dir,kind=host,source="$(pwd)/release-build" \
    --interactive \


This repository consists of two scripts:

  • This script builds the rkt-in-rkt builder ACI.
  • This script is added to the rkt-in-rkt builder ACI as /scripts/, and is defined as the entrypoint.

The built rkt-in-rkt ACI declares the following volumes:

  • src-dir: Points to the directory holding the rkt source code.
  • build-dir: Points to the output directory where the build artifacts are being placed.
You can’t perform that action at this time.