forked from armbian/build
-
Notifications
You must be signed in to change notification settings - Fork 2
/
config-docker.conf
78 lines (59 loc) · 3.25 KB
/
config-docker.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# DO NOT EDIT THIS FILE
#
# This is a Docker launcher file. To set up the configuration, use command line arguments to compile.sh
# or create a config file named "config-docker-guest.conf" based on config-example.conf
[[ ! -c /dev/loop-control ]] && display_alert "/dev/loop-control does not exist, image building may not work" "" "wrn"
# remove "docker" from the command line since "docker-guest" will be passed instead
shift
# create user accessible directories and set their owner group and permissions
# if they are created from Docker they will be owned by root and require root permissions to change/delete
mkdir -p $SRC/{output,userpatches}
grep -q '^docker:' /etc/group && chgrp --quiet docker $SRC/{output,userpatches}
chmod --quiet g+w,g+s $SRC/{output,userpatches}
# build a new container based on provided Dockerfile
display_alert "Building a Docker container"
docker build -t armbian .
DOCKER_FLAGS=()
# Running this container in privileged mode is a simple way to solve loop device access issues
#DOCKER_FLAGS+=(--privileged)
# add only required capabilities instead (though MKNOD should be already present)
# CAP_SYS_PTRACE is required for systemd-detect-virt in some cases
DOCKER_FLAGS+=(--cap-add=SYS_ADMIN --cap-add=MKNOD --cap-add=SYS_PTRACE)
# mounting things inside the container on Ubuntu won't work without this
# https://github.com/moby/moby/issues/16429#issuecomment-217126586
DOCKER_FLAGS+=(--security-opt=apparmor:unconfined)
# remove resulting container after exit to minimize clutter
# bad side effect - named volumes are considered not attached to anything and are removed on "docker volume prune"
#DOCKER_FLAGS+=(--rm)
# pass through loop devices
for d in /dev/loop*; do
DOCKER_FLAGS+=(--device=$d)
done
# accessing dynamically created devices won't work by default
# and --device doesn't accept devices that don't exist at the time "docker run" is executed
# https://github.com/moby/moby/issues/27886
# --device-cgroup-rule requires new Docker version
# allow loop devices (not required)
DOCKER_FLAGS+=(--device-cgroup-rule='b 7:* rmw')
# allow loop device partitions
DOCKER_FLAGS+=(--device-cgroup-rule='b 259:* rmw')
# this is an ugly hack, but it is required to get /dev/loopXpY minor number
# for mknod inside the container, and container itself still uses private /dev internally
DOCKER_FLAGS+=(-v /dev:/tmp/dev:ro)
# mount 2 named volumes - for cacheable data and compiler cache
DOCKER_FLAGS+=(-v=armbian-cache:/root/armbian/cache -v=armbian-ccache:/root/.ccache)
# mount 2 local directories - output and userpatches
DOCKER_FLAGS+=(-v=$SRC/output:/root/armbian/output -v=$SRC/userpatches:/root/armbian/userpatches)
# pass other command line arguments like KERNEL_ONLY=yes, KERNEL_CONFIGURE=yes, etc.
# pass "docker-guest" as an additional config name that will be sourced in the container if exists
display_alert "Running the container"
docker run "${DOCKER_FLAGS[@]}" -it armbian docker-guest "$@"
STATUS=$?
if [[ $STATUS -ge 125 && $STATUS -le 127 ]]; then
display_alert "Docker error" "$STATUS" "wrn"
display_alert "please make sure you are using the latest version (17.06 CE or newer)" "" "wrn"
display_alert "please check the Armbian documentation for the Docker setup procedure" "" "wrn"
docker version
fi
# don't need to proceed further on the host
exit 0