support nerdctl (#30)

.github/workflows/test.yml

@@ -20,7 +20,8 @@ jobs:
     strategy:
       matrix:
         example: ["x86_64", "rpi4", "ginet-gl-mt300n-v2", "nexx-wt3020", "rpi2", "wrt1043nd"]
-        option: ["--skip-sudo", "--dockerless"]
+        option: ["--docker", "--podman"]
+        sudo: ["", "--sudo"]
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -32,6 +33,6 @@ jobs:
         run: |
           mkdir -p output
           time ./builder.sh build-docker-image \
-                  example-${{ matrix.example }}.conf ${{ matrix.option }}  &&\
+                  example-${{ matrix.example }}.conf ${{ matrix.option }}  ${{ matrix.sudo }} &&\
           time ./builder.sh build \
-                  example-${{ matrix.example }}.conf ${{ matrix.option }}
+                  example-${{ matrix.example }}.conf ${{ matrix.option }} ${{ matrix.sudo }}

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog for lede-dockerbuilder
 
+## v3.0 [2022-03-20]
+
+* add experimental support for nerdctl with the new `--nerdctl` option
+* `--dockerless` option removed, use `--podman` or `--nerdctl` instead.
+  Docker is still the default
+* `--skip-sudo` removed, is now the default. Use `--sudo` to run commands with
+  sudo
+* use ubuntu LTS as base image
+
 ## v2.11 [2022-03-16]
 
 * bump to OpenWrt 21.02.2

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright {yyyy} {name of copyright owner}
+   Copyright 2017-2022 Jan Delgado
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -5,17 +5,17 @@
 <!-- vim-markdown-toc GFM -->
 
 * [What](#what)
-    * [Note](#note)
+	* [Note](#note)
 * [Why](#why)
 * [How](#how)
-    * [Usage](#usage)
-        * [Dockerless operation](#dockerless-operation)
-    * [Configuration file](#configuration-file)
-    * [File system overlay](#file-system-overlay)
-    * [Example directory structure](#example-directory-structure)
-        * [Debugging](#debugging)
+	* [Usage](#usage)
+		* [Dockerless operation](#dockerless-operation)
+	* [Configuration file](#configuration-file)
+	* [File system overlay](#file-system-overlay)
+	* [Example directory structure](#example-directory-structure)
+		* [Debugging](#debugging)
 * [Examples](#examples)
-    * [Building a x86_64 image and running it in qemu](#building-a-x86_64-image-and-running-it-in-qemu)
+	* [Building a x86_64 image and running it in qemu](#building-a-x86_64-image-and-running-it-in-qemu)
 * [Building an OpenWrt snapshot release](#building-an-openwrt-snapshot-release)
 * [Author](#author)
 * [License](#license)
@@ -67,18 +67,21 @@ Dockerized LEDE/OpenWRT image builder.
 Usage: ./builder.sh COMMAND CONFIGFILE [OPTIONS]
   COMMAND is one of:
     build-docker-image - build the docker image (run once first)
-    profiles  - start container and show avail profiles for current configuration
-    build     - start container and build the LEDE/OpenWRT image
-    shell     - start shell in docker container
-  CONFIGFILE  - configuraton file to use
+    profiles           - start container and show avail profiles for
+                         current configuration
+    build              - start container and build the LEDE/OpenWRT image
+    shell              - start shell in docker container
+  CONFIGFILE           - configuraton file to use
 
   OPTIONS:
-  -o OUTPUT_DIR       - output directory (default /home/paco/src/lede-dockerbuilder/output)
-  --docker-opts OPTS  - additional options to pass to docker run
-                        (can occur multiple times)
-  -f ROOTFS_OVERLAY   - rootfs-overlay directory (default /home/paco/src/lede-dockerbuilder/rootfs-overlay)
-  --skip-sudo         - call docker directly, without sudo
-  --dockerless        - use podman and buildah instead of docker daemon
+  -o OUTPUT_DIR        - output directory (default /home/paco/src/lede-dockerbuilder/output)
+  --docker-opts OPTS   - additional options to pass to docker run
+                         (can occur multiple times)
+  -f ROOTFS_OVERLAY    - rootfs-overlay directory (default /home/paco/src/lede-dockerbuilder/rootfs-overlay)
+  --sudo               - call container tool with sudo
+  --podman             - use buildah and podman to build and run container
+  --nerdctl            - use nerdctl to build and run container
+  --docker             - use docker to build and run container (default)
 
   command line options -o, -f override config file settings.
 
@@ -90,16 +93,20 @@ Example:
   ./builder.sh build example.conf -o output -f myrootfs
 
   # show available profiles
-  ./builder.sh profiles example.conf 
+  ./builder.sh profiles example.conf
 
   # mount downloads to host directory during build
   ./builder.sh build example-nexx-wt3020.conf --docker-opts "-v=$(pwd)/dl:/lede/imagebuilder/dl:z"
 ```
 
-#### Dockerless operation
+#### Container runtime
 
-When called with `--dockerless` option, lede-dockerbuilder will use buildah and 
-podman to build and run the container.
+* By default docker will be used to build and run the container.
+* When called with `--podman` option, lede-dockerbuilder will use buildah and
+  podman to build and run the container.
+* When called with `--nerdctl` option, lede-dockerbuilder will use nerdctl to
+  build and run the container.
+* Use the `--sudo` option to run the container command with sudo.
 
 ### Configuration file
 
@@ -158,14 +165,21 @@ LEDE_TARGET=ramips
 LEDE_SUBTARGET=mt7620
 
 # list packages to include in LEDE image. prepend packages to deinstall with "-".
-LEDE_PACKAGES="ksmbd-server ksmbd-utils vsftpd lsblk iwinfo tcpdump block-mount\
+# 
+# include all packages to build a mobile NAS supporting disk encryption:
+# ksmbd (samba4 is too large now for the WT3020's 8MB), cryptsetup.
+# see https://github.com/namjaejeon/ksmbd-tools for ksmbd info.
+LEDE_PACKAGES="ksmbd-server ksmbd-utils lsblk iwinfo tcpdump block-mount\
     kmod-usb-storage-uas kmod-scsi-core kmod-fs-ext4 ntfs-3g\
     kmod-nls-cp437 kmod-nls-iso8859-1 cryptsetup kmod-crypto-xts\
     kmod-mt76 kmod-usb2 kmod-usb-ohci kmod-usb-core kmod-dm kmod-crypto-ecb\
     kmod-crypto-misc kmod-crypto-cbc kmod-crypto-crc32c kmod-crypto-hash\
     kmod-crypto-user\
     -ppp -kmod-ppp -kmod-pppoe -kmod-pppox -ppp-mod-pppoe\
     -ip6tables -odhcp6c -kmod-ipv6 -kmod-ip6tables -odhcpd-ipv6only"
+
+# optionally override OUTPUT_DIR and ROOTFS_OVERLAY directory location here
+
 ```
 
 ### File system overlay
@@ -298,7 +312,7 @@ the raspi 4, which is (as of may 2020) only available on the snapshots branch.
 
 ## Author
 
-Jan Delgado
+(C) Copyright 2017-2022 by Jan Delgado
 
 ## License
 

builder.sh

@@ -3,7 +3,7 @@
 #
 # https://github.com/jandelgado/lede-dockerbuilder
 #
-# (c) Jan Delgado 2017-2021
+# (c) Jan Delgado 2017-2022
 set -euo pipefail
 
 # base Tag to use for docker imag
@@ -23,18 +23,21 @@ Dockerized LEDE/OpenWRT image builder.
 Usage: $1 COMMAND CONFIGFILE [OPTIONS]
   COMMAND is one of:
     build-docker-image - build the docker image (run once first)
-    profiles  - start container and show avail profiles for current configuration
-    build     - start container and build the LEDE/OpenWRT image
-    shell     - start shell in docker container
-  CONFIGFILE  - configuraton file to use
+    profiles           - start container and show avail profiles for
+                         current configuration
+    build              - start container and build the LEDE/OpenWRT image
+    shell              - start shell in docker container
+  CONFIGFILE           - configuraton file to use
 
   OPTIONS:
-  -o OUTPUT_DIR       - output directory (default $OUTPUT_DIR)
-  --docker-opts OPTS  - additional options to pass to docker run
-                        (can occur multiple times)
-  -f ROOTFS_OVERLAY   - rootfs-overlay directory (default $ROOTFS_OVERLAY)
-  --skip-sudo         - call docker directly, without sudo
-  --dockerless        - use podman and buildah instead of docker daemon
+  -o OUTPUT_DIR        - output directory (default $OUTPUT_DIR)
+  --docker-opts OPTS   - additional options to pass to docker run
+                         (can occur multiple times)
+  -f ROOTFS_OVERLAY    - rootfs-overlay directory (default $ROOTFS_OVERLAY)
+  --sudo               - call container tool with sudo
+  --podman             - use buildah and podman to build and run container
+  --nerdctl            - use nerdctl to build and run container
+  --docker             - use docker to build and run container (default)
 
   command line options -o, -f override config file settings.
 
@@ -46,7 +49,7 @@ Example:
   $PROG build example.conf -o output -f myrootfs
 
   # show available profiles
-  $PROG profiles example.conf 
+  $PROG profiles example.conf
 
   # mount downloads to host directory during build
   $PROG build example-nexx-wt3020.conf --docker-opts "-v=\$(pwd)/dl:/lede/imagebuilder/dl:z"
@@ -81,8 +84,8 @@ function run_cmd_in_container {
     $SUDO $DOCKER_RUN\
         --rm\
 		$docker_term_opts \
-        -v "$(abspath "$ROOTFS_OVERLAY")":/lede/rootfs-overlay:z \
-        -v "$(abspath "$OUTPUT_DIR")":/lede/output:z \
+        -v "$(abspath "$ROOTFS_OVERLAY")":/lede/rootfs-overlay \
+        -v "$(abspath "$OUTPUT_DIR")":/lede/output \
         "${repositories_volume[@]}" \
         ${DOCKER_OPTS[@]} \
         --rm "$IMAGE_TAG" "$@"
@@ -114,6 +117,10 @@ function fail {
     exit 1
 }
 
+function warn {
+    echo "WARNING: $*" >&2
+}
+
 if [ $# -lt 2 ]; then
     usage "$0"
     exit 1
@@ -123,7 +130,7 @@ COMMAND=$1; shift
 CONFIG_FILE=$1; shift
 
 # default: use docker
-SUDO=sudo
+SUDO=""
 DOCKER_BUILD="docker build"
 DOCKER_RUN="docker run -e GOSU_UID=$(id -ur) -e GOSU_GID=$(id -g)"
 DOCKER_OPTS=()
@@ -145,17 +152,34 @@ while [[ $# -ge 1 ]]; do
     key="$1"
     case $key in
         -f)
-            ROOTFS_OVERLAY="$2"; shift ;;
+            ROOTFS_OVERLAY="$2"; shift 
+            ;;
         -o)
-            OUTPUT_DIR="$2"; shift ;;
-        --skip-sudo)
-            SUDO="" ;;
-        --docker-opts) 
-            DOCKER_OPTS+=("$2"); shift ;;
-        --dockerless)
-            SUDO=""
+            OUTPUT_DIR="$2"; shift 
+            ;;
+        --sudo)
+            SUDO="sudo" 
+            ;;
+        --docker-opts)
+            DOCKER_OPTS+=("$2"); shift 
+            ;;
+        --docker)
+            ;;
+        --nerdctl)
+            DOCKER_BUILD="nerdctl build"
+            DOCKER_RUN="nerdctl run -e GOSU_UID=$(id -ur) -e GOSU_GID=$(id -g)"
+            ;;
+        --podman)
             DOCKER_BUILD="buildah bud --layers=true"
-            DOCKER_RUN="podman run" ;;
+            DOCKER_RUN="podman run" 
+            ;;
+        --dockerless)
+            fail "option --dockerless removed. Use --podman or --nerdctl instead"
+            ;;
+        --skip-sudo)
+            warn "option --skip-sudo removed (is now the default). Use --sudo to enable sudo"
+            ;;
+
         *)
             fail "invalid option: $key";;
     esac

docker/Dockerfile

@@ -1,13 +1,11 @@
-FROM alpine:3.13.1
+FROM ubuntu:18.04
 LABEL maintainer "Jan Delgado <[email protected]>"
 
-RUN  apk add --update asciidoc bash bc binutils bzip2 cdrkit coreutils\
-                      diffutils findutils flex g++ gawk gcc gettext git grep\
-                      intltool libxslt linux-headers make ncurses-dev patch\
-                      perl python2-dev tar unzip  util-linux wget zlib-dev xz\
-                      python3 rsync\
-                      su-exec\
-     && rm -rf /var/cache/apk/*
+RUN    apt-get update\
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential\
+         libncurses5-dev libncursesw5-dev zlib1g-dev gawk git gettext libssl-dev\
+         xsltproc rsync wget unzip python3\
+    && rm -rf /var/lib/apt/lists/*
 
 ADD etc/entrypoint.sh /usr/local/bin/
 RUN chmod 755 /usr/local/bin/entrypoint.sh 
@@ -19,8 +17,7 @@ ADD $BUILDER_URL /tmp/imagebuilder
 
 RUN    mkdir -p /lede/imagebuilder\
     && tar xf /tmp/imagebuilder --strip-components=1 -C /lede/imagebuilder\
-    && rm -f /tmp/imagebuilder
-
+    && rm -f /tmp/imagebuilder 
 
 WORKDIR "/lede/imagebuilder"
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

docker/etc/entrypoint.sh

@@ -1,22 +1,23 @@
 #!/bin/sh
+set -e
 
-# only needed in docker, not rootless podman.
-if [ -f /.dockerenv ]; then
-    # this is very, very slow inside a docker container.
-    chown -R "$GOSU_UID:$GOSU_GID" /lede
-fi
 
 # If GOSU_UID:GOSU_GID environment variable set to something other than 0:0 (root:root),
 # become user:group set within and exec command passed in args
-if [ "$GOSU_UID:$GOSU_GID" != "0:0" ]; then
-    # make sure a valid user exists in /etc/passwd
-    sed -i "/^builder:/d" /etc/passwd || true
-    echo "builder:x:$GOSU_UID:$GOSU_GID:LEDE builder:/lede:/bin/bash" >> /etc/passwd
-    sed -i "/^builder:/d" /etc/group || true
-    echo "builder:x:$GOSU_GID" >> /etc/group
-    exec su-exec "$GOSU_UID:$GOSU_GID" "$@"
+if [ "$GOSU_UID:$GOSU_GID" != "0:0" ] && [ "$GOSU_UID:$GOSU_GID" != ":" ]; then
+    export HOME="/lede"
+
+
+
+    groupadd -f -g "$GOSU_GID" builder
+    useradd -u "$GOSU_UID" -g "$GOSU_GID" -s /bin/bash -d "/lede" builder || :
+
+    # make sure user has write permissions 
+    su builder -c "touch /lede/.writetest > /dev/null 2>&1" || ( echo "fix permissions..."; chown -R "$GOSU_UID:$GOSU_GID" /lede/imagebuilder )
+    exec chroot --userspec "$GOSU_UID:$GOSU_GID" --skip-chdir / "$@"
 fi
 
-# If GOSU_UID:GOSU_GID was 0:0 exec command passed in args without gosu (assume already root)
+# If GOSU_UID:GOSU_GID was 0:0 exec command passed in args
+# without gosu (assume already root)
 exec "$@"