ver4a/ostree-native-containers
1
0
Fork 0
Code Activity Actions

build: move kde-onc image build logic to bash
Some checks failed
/ Build onc-kde:main (push) Failing after 14m34s
Details
/ Build onc-kde:main-ver4a (push) Has been skipped
Details
/ Build onc-kde:main-nvidia (push) Has been skipped
Details
/ Build onc-kde:main-nvidia-ver4a (push) Has been skipped
Details

Browse source 
This makes the build significantly faster, as podman/buildah has a large processing
overhead for commiting each layer, even though I squash them in the end.
This commit is contained in:
ver4a 2026-02-13 18:41:53 +01:00
parent ca9a24c308
commit dddd72d82a
2 changed files with 40 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

43
containers/Dockerfile.kde
View file

@ -35,48 +35,13 @@ COPY --from=scx-build /build/scx/services/scx.service /usr/lib/systemd/system/sc
# dnf configuration has to be in effect during build # dnf configuration has to be in effect during build
COPY etc/dnf /etc/dnf COPY etc/dnf /etc/dnf
# Add rpmfusion repositories
RUN dnf5 -y install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
# Install ffmpeg (removing all the -free replacements is required)
RUN dnf5 -y install --allowerasing ffmpeg
# Install hardware codecs
RUN dnf5 -y install intel-media-driver
# Install gpu utilities
RUN dnf5 -y install igt-gpu-tools
# Install openh264
RUN dnf5 -y swap noopenh264 openh264 && dnf5 -y install mozilla-openh264
# Bulk of layered packages
RUN dnf5 -y install vim bat btop pv restic zstd nmap-ncat yt-dlp
# Set vim as default editor
RUN dnf5 -y swap nano-default-editor vim-default-editor
# Remove default color prompt (is replaced with a custom one)
RUN dnf5 -y remove bash-color-prompt
# Load the ntsync kernel module on boot
RUN dnf5 -y install ntsync-autoload
# Apply configuration # Apply configuration
COPY etc /etc COPY etc /etc
COPY usr /usr COPY usr /usr
# fix-up kconfig path # Run build logic
RUN sed -i "/SCX_FLAGS=/ s/$/ --kconfig \/usr\/lib\/modules\/$(rpm -qa kernel | sed 's/kernel-//g')\/config/" /etc/default/scx COPY build-scripts/kde.bash /tmp/kde.bash
RUN chmod +x /tmp/kde.bash
# Apply hardened firewall configuration RUN /tmp/kde.bash
RUN firewall-offline-cmd --set-default-zone public
RUN firewall-offline-cmd --remove-service ssh
# Restrict permissions on quadlet directory
RUN chmod 700 /etc/containers/systemd
# https://github.com/ostreedev/ostree-rs-ext/issues/159
RUN ostree container commit
LABEL quay.expires-after="" LABEL quay.expires-after=""

36
containers/build-scripts/kde.bash Normal file
View file

@ -0,0 +1,36 @@
#!/usr/bin/bash
set -euo pipefail
# Add rpmfusion repositories
dnf5 -y install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
# Install ffmpeg (removing all the -free replacements is required)
dnf5 -y install --allowerasing ffmpeg
PKGS_CODECS="intel-media-driver openh264 mozilla-openh264 ffmpeg"
PKGS_UTILS="igt-gpu-tools"
PKGS_GENERAL="vim bat btop pv restic zstd nmap-ncat yt-dlp"
# Set vim as default editor
PKGS_DEFAULT_EDITOR="vim-default-editor"
# Load the ntsync kernel module on boot
PKGS_NTSYNC="ntsync-autoload"
# Add packages
dnf5 -y install --allowerasing ${PKGS_CODECS} ${PKGS_UTILS} ${PKGS_GENERAL} ${PKGS_DEFAULT_EDITOR} ${PKGS_NTSYNC}
# Remove default color prompt (is replaced with a custom one)
dnf5 -y remove bash-color-prompt
# Apply configuration
# fix-up kconfig path
sed -i "/SCX_FLAGS=/ s/$/ --kconfig \/usr\/lib\/modules\/$(rpm -qa kernel | sed 's/kernel-//g')\/config/" /etc/default/scx
# Apply hardened firewall configuration
firewall-offline-cmd --set-default-zone public
firewall-offline-cmd --remove-service ssh
# Restrict permissions on quadlet directory
chmod 700 /etc/containers/systemd
# https://github.com/ostreedev/ostree-rs-ext/issues/159
ostree container commit