Docker Base Image for Arch Linux (read-only mirror)

Go to file

Justin Kromlinger bc4d9f8ec5 Also use ignore-var-run in image:publish:secure See `52729f9911`		2021-11-13 13:21:54 +01:00
ci	Fail public download script on API / json parsing errors	2020-11-13 11:09:11 +01:00
rootfs/etc	Add base-devel tag	2020-08-31 18:20:52 +02:00
.editorconfig	Add editor config	2017-05-26 09:45:16 +02:00
.gitignore	Deduplicate a lot of code	2020-10-19 03:32:25 +02:00
.gitlab-ci.yml	Also use ignore-var-run in image:publish:secure	2021-11-13 13:21:54 +01:00
Dockerfile.template	Avoid curl call on local builds	2021-09-18 16:11:09 +02:00
LICENSE	LICENSE: add license	2018-11-11 14:31:59 -05:00
Makefile	Avoid curl call on local builds	2021-09-18 16:11:09 +02:00
README.md	README: add note on lsign-key	2021-04-29 15:52:57 -04:00
docker-library.template	Remove my name from the template to reduce notification spam by Github	2021-04-04 13:56:19 +00:00
exclude	Deduplicate a lot of code	2020-10-19 03:32:25 +02:00
pacman-conf.d-noextract.conf	pacstrap: set up the image using NoExtract rules to prune dead weight	2019-02-28 15:25:30 -05:00

README.md

Arch Linux Docker Image

Arch Linux provides Docker images both in the official DockerHub library (docker pull library/archlinux:latest) and in our own repository (docker pull archlinux/archlinux:latest).

Images in the official library are updated weekly while our own repository is updated daily.

Two versions of the image are provided: base (approx. 160MB) and base-devel (approx. 240MB), containing the respective meta package / package group. Both are available as tags with latest pointing to base. Additionally, images are tagged with their date and build job number, f.e. base-devel-20201118.0.9436.

While the images are regularly kept up to date it is strongly recommended running pacman -Syu right after starting a container due to the rolling release nature of Arch Linux.

Principles

Provide the Arch experience in a Docker image
Provide the simplest but complete image to base and base-devel on a regular basis
pacman needs to work out of the box
All installed packages have to be kept unmodified

 ⚠️⚠️⚠️ NOTE: For Security Reasons, these images strip the pacman lsign key.
 This is because the same key would be spread to all containers of the same
 image, allowing for malicious actors to inject packages (via, for example,
 a man-in-the-middle). In order to create an lsign-key run `pacman-key
 --init` on the first execution, but be careful to not redistribute that
 key.⚠️⚠️⚠️

Building your own image

This repository contains all scripts and files needed to create a Docker image for Arch Linux.

Dependencies

Install the following Arch Linux packages:

make
devtools
docker
fakechroot
fakeroot

Make sure your user can directly interact with Docker (i.e. docker info works).

Usage

Run make docker-image-base to build the archlinux:base image with the base meta package installed. You can also run make docker-image-base-devel to build the image archlinux:base-devel which additionally has the base-devel group installed.

Pipeline

Daily builds

Daily images are build with scheduled GitLab CI using our own runner infrastructure. Initially root filesystem archives are constructed and provided in our package registry. The released multi-stage Dockerfile downloads those archives and verifies their integrity before unpacking it into a Docker image layer. Images are built using kaniko to avoid using privileged Docker containers, which also publishes them to our DockerHub repository.

Weekly releases

Weekly releases to the official DockerHub library use the same pipeline as daily builds. Updates are provided as automatic pull requests to the official-images library, whose GitHub pipeline will build the images using our provided rootfs archives and Dockerfiles.

Development

Changes in Git feature branches are built and tested using the pipeline as well. Development images are uploaded to our GitLab Container Registry.