Nicolas Massé
3 months ago
commit
33586dbc80
6 changed files with 73 additions and 0 deletions
@ -0,0 +1,2 @@ |
|||||
|
auth.json |
||||
|
signing-key.* |
||||
@ -0,0 +1,23 @@ |
|||||
|
FROM registry.redhat.io/rhel9/rhel-bootc:9.6 |
||||
|
|
||||
|
ARG ADMIN_USERNAME=demo \ |
||||
|
ADMIN_PASSWORD=redhat |
||||
|
|
||||
|
RUN <<EOF |
||||
|
set -Eeuo pipefail |
||||
|
|
||||
|
dnf config-manager --enable ansible-automation-platform-2.5-for-rhel-9-$(arch)-rpms |
||||
|
dnf install -y mkpasswd podman skopeo flightctl-agent |
||||
|
|
||||
|
if [ -n "$ADMIN_USERNAME" ]; then |
||||
|
useradd -m -G wheel -p "$(echo -n "$ADMIN_PASSWORD" | mkpasswd -m bcrypt --stdin)" "$ADMIN_USERNAME" |
||||
|
fi |
||||
|
EOF |
||||
|
|
||||
|
ADD --chown=root:root root / |
||||
|
|
||||
|
RUN <<EOF |
||||
|
set -Eeuo pipefail |
||||
|
systemctl enable flightctl-agent.service |
||||
|
systemctl mask bootc-fetch-apply-updates.timer |
||||
|
EOF |
||||
@ -0,0 +1 @@ |
|||||
|
TARGET_IMAGE="edge-registry.itix.fr/demo-edge-retail/generic:latest" |
||||
@ -0,0 +1,2 @@ |
|||||
|
KEYMAP="fr-oss" |
||||
|
FONT="eurlatgr" |
||||
@ -0,0 +1,2 @@ |
|||||
|
kargs = ["console=tty0", "console=ttyS0"] |
||||
|
match-architectures = ["x86_64"] |
||||
@ -0,0 +1,43 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
set -Eeuo pipefail |
||||
|
|
||||
|
if [[ "$UID" -ne 0 ]]; then |
||||
|
echo "This command must be run as root!" |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
. "$PWD/env.sh" |
||||
|
|
||||
|
OCI_REGISTRY="${TARGET_IMAGE%%/*}" |
||||
|
SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" |
||||
|
PROJECT_DIR="$(dirname "$SCRIPT_DIR")" |
||||
|
|
||||
|
if [ ! -f "$PROJECT_DIR/signing-key.pass" ]; then |
||||
|
openssl rand -base64 30 > "$PROJECT_DIR/signing-key.pass" |
||||
|
chmod 600 "$PROJECT_DIR/signing-key.pass" |
||||
|
fi |
||||
|
|
||||
|
if [ ! -f "$PROJECT_DIR/signing-key.pub" ]; then |
||||
|
skopeo generate-sigstore-key --output-prefix "$PROJECT_DIR/signing-key" --passphrase-file "$PROJECT_DIR/signing-key.pass" |
||||
|
fi |
||||
|
|
||||
|
if [ ! -f "/etc/containers/registries.d/${OCI_REGISTRY}.yaml" ]; then |
||||
|
tee "/etc/containers/registries.d/${OCI_REGISTRY}.yaml" > /dev/null <<EOF |
||||
|
docker: |
||||
|
${OCI_REGISTRY}: |
||||
|
use-sigstore-attachments: true |
||||
|
EOF |
||||
|
fi |
||||
|
|
||||
|
export REGISTRY_AUTH_FILE="$PROJECT_DIR/auth.json" |
||||
|
if [ ! -f "$REGISTRY_AUTH_FILE" ]; then |
||||
|
echo "Please enter your credentials for ${OCI_REGISTRY}:" |
||||
|
podman login "${OCI_REGISTRY}" |
||||
|
|
||||
|
echo "Please enter your credentials for registry.redhat.io:" |
||||
|
podman login registry.redhat.io |
||||
|
fi |
||||
|
|
||||
|
podman build -t "${TARGET_IMAGE}" . |
||||
|
podman push --sign-by-sigstore-private-key "$PROJECT_DIR/signing-key.private" --sign-passphrase-file "$PROJECT_DIR/signing-key.pass" "${TARGET_IMAGE}" |
||||
Loading…
Reference in new issue