mirrors/oeffi
1
0
Fork 0
mirror of https://gitlab.com/oeffi/oeffi.git synced 2025-07-07 15:58:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

build.Containerfile: use disorderfs to improve build reproducibility

Browse source
This commit is contained in:
Andreas Schildbach 2023-09-04 01:03:16 +02:00
parent 42e3ffbc77
commit 843edcb001
1 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

24
build.Containerfile
View file

@ -1,13 +1,17 @@
# #
# Reproducible reference build
#
# Usage: # Usage:
#
# docker build --file build.Containerfile --output <outputdir> . # docker build --file build.Containerfile --output <outputdir> .
# or # or
# podman build --file build.Containerfile --output <outputdir> . # podman build --file build.Containerfile --output <outputdir> .
# #
# The unsigned APKs are written to the specified output directory. # For improved reproducibility, the project directory entries can be ordered
# Use `apksigner` to sign before installing via `adb install`. # like this:
#
# buildah build --cap-add=sys_admin --device /dev/fuse --file build.Containerfile --output <outputdir> .
#
# In any case, the unsigned APKs are written to the specified output
# directory. Use `apksigner` to sign before installing via `adb install`.
# #
FROM debian:bullseye-backports AS build-stage FROM debian:bullseye-backports AS build-stage
@ -15,9 +19,10 @@ FROM debian:bullseye-backports AS build-stage
# install debian packages # install debian packages
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
RUN /usr/bin/apt-get update && \ RUN /usr/bin/apt-get update && \
/usr/bin/apt-get --yes install openjdk-11-jdk-headless gradle sdkmanager && \ /usr/bin/apt-get --yes install disorderfs openjdk-11-jdk-headless gradle sdkmanager && \
/bin/ln -fs /usr/share/zoneinfo/CET /etc/localtime && \ /bin/ln -fs /usr/share/zoneinfo/CET /etc/localtime && \
/usr/sbin/dpkg-reconfigure --frontend noninteractive tzdata && \ /usr/sbin/dpkg-reconfigure --frontend noninteractive tzdata && \
/bin/ln -s /proc/self/mounts /etc/mtab && \
/usr/sbin/adduser --disabled-login --gecos "" builder /usr/sbin/adduser --disabled-login --gecos "" builder
# give up privileges # give up privileges
@ -32,7 +37,14 @@ ENV ANDROID_HOME /home/builder/android-sdk
RUN yes | /usr/bin/sdkmanager --licenses >/dev/null RUN yes | /usr/bin/sdkmanager --licenses >/dev/null
# build project # build project
RUN /usr/bin/gradle --project-dir project/ --no-build-cache --no-daemon --no-parallel clean :oeffi:assembleRelease RUN if [ -e /dev/fuse ] ; \
then /bin/mv project project.u && /bin/mkdir project && \
/usr/bin/disorderfs --sort-dirents=yes --reverse-dirents=no project.u project ; \
fi && \
/usr/bin/gradle --project-dir project/ --no-build-cache --no-daemon --no-parallel clean :oeffi:assembleRelease && \
if [ -e /dev/fuse ] ; \
then /bin/fusermount -u project | true && /bin/rmdir project && /bin/mv project.u project ; \
fi
# export build output # export build output
FROM scratch AS export-stage FROM scratch AS export-stage