ben/silverblue-images
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
9f531871e8f7555b508b480f18d94582d89bf9b8
silverblue-images/Containerfile-supermicro-x10drh
T
Ben Radey 0738f55745 Rolling back switch to bootc
2025-11-24 16:39:23 -05:00

80 lines
2.3 KiB
Plaintext
Raw Blame History

# ====== Stage 1: Builder image ======
FROM fedora:latest AS builder
RUN dnf5 update -y && dnf install -y git golang
RUN git clone https://github.com/rfjakob/gocryptfs.git
WORKDIR /gocryptfs
RUN ./build-without-openssl.bash
# ====== Stage 2: Server image ======
FROM quay.io/fedora/fedora-silverblue:43
COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs
COPY gpg-keys/* /keys/
# Import keys, install ZFS repository & build deps & zfs
RUN rpm --import \
/keys/OpenZFS \
/keys/Smallstep \
/keys/zrepl-rpm-pkgs \
/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-43-x86_64 && \
rm -rf /keys && \
dnf5 install -y https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-3-0$(rpm --eval "%{dist}").noarch.rpm && \
dnf5 install -y \
kernel-devel kernel-devel-matched kernel-headers kernel-srpm-macros && \
dnf5 install -y zfs && \
dkms autoinstall -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \
dnf5 clean all
# Install smallstep & zrepl repository
COPY supermicro-x10drh/*.repo /etc/yum.repos.d/
RUN dnf5 install -y \
ansible \
borgbackup \
certbot \
distrobox \
fail2ban \
fuse-encfs \
fuse-sshfs \
hddtemp \
htop \
iftop \
iotop \
ipmitool \
libvirt \
lm_sensors \
net-tools \
netcat \
nginx \
nut \
pv \
python3-certbot-nginx \
qemu-kvm \
rclone \
screen \
smartmontools \
step-cli \
strace \
stress-ng \
telnet \
vim \
zrepl-v0.6.0-1.x86_64 && \
dnf5 clean all
# Cleanup image for linting
RUN test -f /usr/lib/sysusers.d/libvirt.conf || echo -e 'g libvirt 963' > /usr/lib/sysusers.d/libvirt.conf && \
test -f /usr/lib/sysusers.d/qat.conf || echo -e 'g qat 995' > /usr/lib/sysusers.d/qat.conf
# The first check makes sure that we have exactly 4 gpg pubkeys trusted in the rpmdb (the ones from the base image).
# Any more than that means that dnf automatically added a new one, which is shady!
# Then: cleanup image for linting
# Finally: verify image is good
RUN [[ 4 -eq $(rpm -qa gpg-pubkey* | wc -l) ]] && \
rm -rf /var /boot && mkdir /var /boot && \
bootc container lint --fatal-warnings --skip baseimage-composefs
Reference in New Issue View Git Blame Copy Permalink