gentoo / gentoo-docker-images Goto Github PK

View Code? Open in Web Editor NEW

315.0 71.0 90.0 233 KB

[MIRROR] Common effort to get an official and automated gentoo base docker container

Home Page: https://gitweb.gentoo.org/proj/docker-images.git

License: GNU General Public License v2.0

Shell 47.59% Dockerfile 52.41%

hacktoberfest

gentoo-docker-images's Introduction

Gentoo Docker Images

A collection of Dockerfiles for generating Gentoo docker images.

These images are intended to be created automatically by a cron job and pushed to docker hub. This repository include basic stage3 images and an image usable as a /var/db/repos/gentoo volume

DockerHub

https://hub.docker.com/u/gentoo/

Inventory

The following targets are built and pushed to Docker Hub:

portage
stage3
- amd64
  - stage3-amd64-hardened-nomultilib-openrc
  - stage3-amd64-hardened-openrc
  - stage3-amd64-musl
  - stage3-amd64-musl-hardened
  - stage3-amd64-nomultilib-openrc
  - stage3-amd64-nomultilib-systemd
  - stage3-amd64-openrc
  - stage3-amd64-desktop-openrc
  - stage3-amd64-systemd
  - stage3-amd64-desktop-systemd
- arm
  - stage3-armv5tel-openrc
  - stage3-armv5tel-systemd
  - stage3-armv6j-openrc
  - stage3-armv6j-systemd
  - stage3-armv6j_hardfp-openrc
  - stage3-armv6j_hardfp-systemd
  - stage3-armv7a-openrc
  - stage3-armv7a-systemd
  - stage3-armv7a_hardfp_musl-openrc
  - stage3-armv7a_hardfp-openrc
  - stage3-armv7a_hardfp-systemd
- arm64
  - stage3-arm64-desktop-openrc
  - stage3-arm64-desktop-systemd
  - stage3-arm64-musl
  - stage3-arm64-musl-hardened
  - stage3-arm64-openrc
  - stage3-arm64-systemd
- ppc
  - stage3-ppc64le-musl-hardened-openrc
  - stage3-ppc64le-openrc
  - stage3-ppc64le-systemd
- riscv
  - stage3-rv64_lp64-openrc
  - stage3-rv64_lp64-systemd
  - stage3-rv64_lp64d-openrc
  - stage3-rv64_lp64d-systemd
- s390
  - stage3-s390x
- x86
  - stage3-i686-hardened-openrc
  - stage3-i686-musl
  - stage3-i686-openrc
  - stage3-i686-systemd

The following upstream stage3 targets are not built at all:

amd64
- stage3-amd64 [deprecated]
- stage3-amd64-hardened [deprecated]
- stage3-amd64-hardened+nomultilib [deprecated]
- stage3-amd64-hardened-selinux [deprecated, selinux]
- stage3-amd64-hardened-selinux+nomultilib [deprecated, selinux]
- stage3-amd64-hardened-selinux-openrc [selinux]
- stage3-amd64-musl-vanilla [deprecated]
- stage3-amd64-nomultilib [deprecated]
- stage3-amd64-nomultilib-selinux-openrc [selinux]
- stage3-x32 [deprecated, unsupported]
- stage3-x32-openrc [unsupported]
arm
- stage3-armv4tl [unsupported]
- stage3-armv4tl-systemd [unsupported]
ppc
- stage3-power9le-openrc [unsupported]
- stage3-power9le-systemd [unsupported]
- stage3-ppc [deprecated, unsupported]
- stage3-ppc-openrc [unsupported]
- stage3-ppc64 [deprecated, unsupported]
- stage3-ppc64-musl-hardened [deprecated, unsupported]
- stage3-ppc64-musl-hardened-openrc [unsupported]
- stage3-ppc64-openrc [unsupported]
- stage3-ppc64-systemd [unsupported]
- stage3-ppc64le [deprecated]
- stage3-ppc64le-musl-hardened [deprecated]
riscv
- stage3-rv32_* [unsupported]
- stage3-rv64_multilib [under testing]
s390
- stage3-s390 [unsupported]
x86
- stage3-i486 [deprecated, unsupported]
- stage3-i486-openrc [unsupported]
- stage3-i686 [deprecated]
- stage3-i686-hardened [deprecated]
- stage3-i686-musl-vanilla [deprecated]

[deprecated]: Deprecated stage3 target

[selinux]: SELinux doesn't seem to make sense inside containers

[under testing]: Not ready for container. Our arch team is working on testing it

[unsupported]: Unsupported Docker architecture

Building the containers

The containers are created using a multi-stage build, which requires Docker >= 19.03.0. The container being built is defined by the TARGET environment variable:

TARGET=stage3-amd64-openrc ./build.sh

Using the portage container as a data volume

docker create -v /var/db/repos/gentoo --name myportagesnapshot gentoo/portage:latest /bin/true
docker run --interactive --tty --volumes-from myportagesnapshot gentoo/stage3:latest /bin/bash

Using the portage container in a multi-stage build

docker-17.05.0 or later supports multi-stage builds, allowing the portage volume to be used when creating images based on a stage3 image.

Example Dockerfile

# name the portage image
FROM gentoo/portage:latest as portage

# based on stage3 image
FROM gentoo/stage3:latest

# copy the entire portage volume in
COPY --from=portage /var/db/repos/gentoo /var/db/repos/gentoo

# continue with image build ...
RUN emerge -qv www-servers/apache # or whichever packages you need

Contributing

We'd love to hear any ideas. Feel free to contact us via any of the following methods:

IRC: irc://irc.libera.chat:6697/#gentoo-containers
EMAIL: [email protected]
GITHUB: https://github.com/gentoo/gentoo-docker-images

Policy

Use topic branches (i.e. foo) and fix branches (i.e. fix/foo) when submitting pull requests
Make meaningful commits ideally with the following form:
- Subject line–what this commit does
- Blank line
- Body–why this commit is necessary or desired
Pull requests should not include merge commits
Use amend and rebase to fix commits after a pull request has been submitted

gentoo-docker-images's People

Contributors

Stargazers

Watchers

Forkers

wking xarthisius alunduil attilaolah therealromster chaosengine armbuild mrueg fatman2021 mayli ahyangyi d33tah goors dcb9 kingkongmok heradon tloebner wilreichert soullivaneuh yangchuansheng m1lan pylam necrose99 niyaton danvaida hardentoo universal-it-systems changmingchen cmchaol javabrett heikipikker ciaala lyz-code orangejulius chmodawk ashleyj ghiknt lazyforks xyzarchive globalcitizen wuodan-docker temparus androdev4u alanfredson stephaneerard nopcall paulyc shinoa-fores mgorny john-r-graham jcaesar openwebx kennystrawnmusic shizonic dalehamel paleozogt lucianposton robimarko 5l1v3r1 sartura justicezhou meddevintgrp mjeveritt junghans ksmanis tubbz-alt andzuc daugustin colingilbert holmanb linobigatti konstantindjairo pandather esavier alexfanqi debuchat ajakk nabbi td5038 hanez peeweep maffblaster flowdalic thesamesam nullorigin 0001ca rahilarious pastalian berney

gentoo-docker-images's Issues

Fix typo in README

Just a minor nitpick.

Using the portage container as a data volume

docker create -v /usr/portage --name myportagesnapshot gentoo/portage:latest /bin/true
docker run --volumes-from myportagesnapshot gentoo/stage-amd64:latest /bin/bash

Needs to be,
gentoo/stage-amd64:latest -> gentoo/stage3-amd64:latest

portage expects the tree in /var/db/repos/gentoo

!!! Section 'gentoo' in repos.conf has location attribute set to nonexistent directory: '/var/db/repos/gentoo'
!!! Invalid Repository Location (not a dir): '/var/db/repos/gentoo'

!!! /etc/portage/make.profile is not a symlink and will probably prevent most merges.
!!! It should point into a profile within /var/db/repos/gentoo/profiles/
!!! (You can safely ignore this message when syncing. It's harmless.)

!!! Your current profile is invalid. If you have just changed your profile
!!! configuration, you should revert back to the previous configuration.
!!! Allowed actions are limited to --help, --info, --search, --sync, and
!!! --version.

This doesn't work any more:

# copy the entire portage volume in
COPY --from=portage /usr/portage /usr/portage

A workaround is to use
COPY --from=portage /usr/portage /var/db/repos/gentoo
Less messy would probably be to update the portage docker image...

Unable to unshare: EPERM

Unable to unshare: EPERM (for FEATURES="pid-sandbox")
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")

New containers not showing on dockerhub (yet!)

@ultrabug : It looks like you need to create new 'repositories' on hub.docker.com for the new builds for musl (and soon for uclibc!) as it would appear the Travis cron job is unable to update.

It looks like you/we should have ~13 dockerhub 'repos' for stage3 builds, and one for the portage snapshot volume, and only 7 are showing at present at https://hub.docker.com/u/gentoo FYI 😃

[DockerHub] Deprecation notices for old repos

Since all stage3 images are now pushed to a single repo, it would probably be a good idea to put up deprecation notices on all old stage3-* Docker Hub repos that would redirect newcomers to the new stage3 repo and hopefully avoid confusion.

Musl containers incorrectly configured.

Container builds for stage3-amd64-musl-vanilla and stage3-amd64-musl-hardened seem to be missing the ::musl overlay required for musl-specific patches. This prevents some packages from being correctly compiled. It is a small fix from the user side, but it requires command execution which might not be ideal for containers.

link from dockerhub to github

Edit the description of https://registry.hub.docker.com/u/gentoo/stage3-amd64/ to link to this GitHub repository, to make it easier for users to find the source code for building the gentoo images.

Note that DockerHub Markdown syntax is rather subpar, requiring hyperlinks to be explicitly turned into links. The syntax would be:

# Source

[https://github.com/gentoo/gentoo-docker-images](https://github.com/gentoo/gentoo-docker-images)

Please tag releases

As someone who might be using one or more of these images to build production code, it's really important to be able to be getting a known version of the image.

I'm not sure if this is exactly the right place to file this request since it relates more to the workflow of pushing to dockerhub, so please let me know if there is a better place to do it.

Cannot create container for service portage: No command specified

Since the last docker pull with the following docker-compose.yml extract:

  portage:
    image: gentoo/portage

  nx-default:
    build: docker/gentoo
    hostname: nx-default.nexylan.net
    volumes_from:
      - portage
    depends_on:
      - influxdb

And I have the following error:

ERROR: for portage  Cannot create container for service portage: No command specified

I tried to add command: /bin/true but I have the following error:

ERROR: for portage  Cannot start service portage: oci runtime error: container_linux.go:247: starting container process caused "exec: \"/bin/true\": stat /bin/true: no such file or directory"

Any idea? This was working without command before the last pull.

uclibc variants cannot be built

When setting TARGET=stage3-amd64-uclibc-vanilla the script fails, because it will replace the last dash into a plus sign and it tries to download:
https://ftp-osl.osuosl.org/pub/gentoo/releases/amd64/autobuilds/latest-stage3-amd64-uclibc+vanilla.txt

This will probably also prevent the selinux variants from being built.

Recent changes break AMD64 Images

Hi,

The recent push to docker hub (tag: 20171206) fails to perform any emerge actions with:

!!! Section 'x-gentoo' in repos.conf has location attribute set to nonexistent directory: '/usr/portage/gentoo'
!!! Section 'gentoo' in repos.conf has name different from repository name 'frr-gentoo' set inside repository
!!! main-repo not set in DEFAULT and PORTDIR is empty.


!!! /etc/portage/make.profile is not a symlink and will probably prevent most merges.
!!! It should point into a profile within /usr/portage/gentoo/profiles/
!!! (You can safely ignore this message when syncing. It's harmless.)


!!! Your current profile is invalid. If you have just changed your profile
!!! configuration, you should revert back to the previous configuration.
!!! Allowed actions are limited to --help, --info, --search, --sync, and
!!! --version.

This didn't used to be the case, did anything change that requires extra steps prior using the images?

Cheers :)

Checking stage3 signature

I'd recommend something like my signature check instead of blindly trusting a tarball downloaded over insecure HTTP. With the end goal of publishing images, it probably doesn't matter much before Docker gets signed images (moby/moby#2700), but checking the sigs on the source tarball at least secures the transmission between rel-eng and our local image.

Mount overlay as volume?

git clone https://gitlab.com/oxr463/overlay.git
docker run -v $(pwd):/usr/local/portage/rage -it gentoo/stage3-amd64 /bin/bash

stage3 images do not have /run/lock directory required by some ebuilds

app-text/build-docbook-catalog-2.1 has been recently stabilized for multiple architectures and is now being pre-installed in stage3. This version requires /run/lock to exist in the file system. If it does not exist, the build-docbook-catalog program gives the following error:

# build-docbook-catalog 
build-docbook-catalog: //run/lock: missing critical system path; please create it, aborting

However, /run/lock is not present in Docker container created from the latest stage3 Docker images. This prevents other ebuilds that depend on this package from successfully being merged in the container, such as app-text/docbook-xml-dtd-4.5-r2.

To reproduce:

Get the latest version of the gentoo/stage3 image, then start a container with interactive session:
```
# docker pull gentoo/stage3
# docker run -it gentoo/stage3
```

Install an affected package in the container:

# emerge-webrsync 
# emerge app-text/docbook-xml-dtd

Execution log

# docker pull gentoo/stage3
Trying to pull docker.io/gentoo/stage3:latest...
Getting image source signatures
Copying blob ea4b30c8b584 skipped: already exists  
Copying config c3cf53e81d done  
Writing manifest to image destination
Storing signatures
c3cf53e81d255ff0873fdfc7beadf9970ffcaf0f948befba223cd9d5af71297a
# docker run -it gentoo/stage3

# emerge-webrsync 
!!! Section 'gentoo' in repos.conf has location attribute set to nonexistent directory: '/var/db/repos/gentoo'
!!! Invalid Repository Location (not a dir): '/var/db/repos/gentoo'
Fetching most recent snapshot ...
Trying to retrieve 20211221 snapshot from http://distfiles.gentoo.org ...
Fetching file gentoo-20211221.tar.xz.md5sum ...
Fetching file gentoo-20211221.tar.xz.gpgsig ...
Fetching file gentoo-20211221.tar.xz ...
Checking digest ...
Getting snapshot timestamp ...
Syncing local tree ...

Number of files: 148,102 (reg: 121,273, dir: 26,829)
Number of created files: 148,101 (reg: 121,273, dir: 26,828)
Number of deleted files: 0
Number of regular files transferred: 121,273
Total file size: 236.51M bytes
Total transferred file size: 236.51M bytes
Literal data: 236.51M bytes
Matched data: 0 bytes
File list size: 2.63M
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 114.14M
Total bytes received: 2.42M

sent 114.14M bytes  received 2.42M bytes  11.10M bytes/sec
total size is 236.51M  speedup is 2.03
Cleaning up ...

Performing Global Updates
(Could take a couple of minutes if you have a lot of binary packages.)



 * IMPORTANT: 12 news items need reading for repository 'gentoo'.
 * Use eselect news read to view new items.

# emerge app-text/docbook-xml-dtd

 * IMPORTANT: 12 news items need reading for repository 'gentoo'.
 * Use eselect news read to view new items.

Calculating dependencies... done!

>>> Verifying ebuild manifests

>>> Emerging (1 of 1) app-text/docbook-xml-dtd-4.5-r2::gentoo
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
bash: line 1: /var/cache/distfiles/.__portage_test_write__: Permission denied
Adjusting permissions recursively: '/var/cache/distfiles'
>>> Downloading 'http://distfiles.gentoo.org/distfiles/layout.conf'
--2021-12-22 01:13:05--  http://distfiles.gentoo.org/distfiles/layout.conf
Resolving distfiles.gentoo.org... 89.187.187.15, 2a02:6ea0:c800::8
Connecting to distfiles.gentoo.org|89.187.187.15|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 45 [text/plain]
Saving to: ‘/var/cache/distfiles/.layout.conf.distfiles.gentoo.org.__download__’

/var/cache/distfile 100%[===================>]      45  --.-KB/s    in 0s      

2021-12-22 01:13:05 (6.32 MB/s) - ‘/var/cache/distfiles/.layout.conf.distfiles.gentoo.org.__download__’ saved [45/45]

>>> Downloading 'http://distfiles.gentoo.org/distfiles/9e/docbook-xml-4.5.zip'
--2021-12-22 01:13:05--  http://distfiles.gentoo.org/distfiles/9e/docbook-xml-4.5.zip
Resolving distfiles.gentoo.org... 89.187.187.15, 2a02:6ea0:c800::8
Connecting to distfiles.gentoo.org|89.187.187.15|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 98497 (96K) [application/zip]
Saving to: ‘/var/cache/distfiles/docbook-xml-4.5.zip.__download__’

/var/cache/distfile 100%[===================>]  96.19K  --.-KB/s    in 0.008s  

2021-12-22 01:13:05 (12.1 MB/s) - ‘/var/cache/distfiles/docbook-xml-4.5.zip.__download__’ saved [98497/98497]

 * docbook-xml-4.5.zip BLAKE2B SHA512 size ;-) ...                       [ ok ]
Unable to unshare: EPERM (for FEATURES="pid-sandbox")
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
>>> Unpacking source...
>>> Unpacking docbook-xml-4.5.zip to /var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/work
>>> Source unpacked in /var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/work
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
>>> Preparing source in /var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/work ...
>>> Source prepared.
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
>>> Configuring source in /var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/work ...
>>> Source configured.
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
>>> Compiling source in /var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/work ...
>>> Source compiled.
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
>>> Test phase [not enabled]: app-text/docbook-xml-dtd-4.5-r2
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")

>>> Install app-text/docbook-xml-dtd-4.5-r2 into /var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/image
>>> Completed installing app-text/docbook-xml-dtd-4.5-r2 into /var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/image

 * Final size of build directory: 536 KiB
 * Final size of installed tree:  536 KiB


>>> Installing (1 of 1) app-text/docbook-xml-dtd-4.5-r2::gentoo
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
build-docbook-catalog: //run/lock: missing critical system path; please create it, aborting
 * Updating /etc/sgml/catalog ...                                        [ ok ]
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
build-docbook-catalog: //run/lock: missing critical system path; please create it, aborting
 * ERROR: app-text/docbook-xml-dtd-4.5-r2::gentoo failed (postinst phase):
 *   Failed to regenerate docbook catalog. Is /run mounted?
 * 
 * Call stack:
 *     ebuild.sh, line 127:  Called pkg_postinst
 *   environment, line 448:  Called die
 * The specific snippet of code:
 *       build-docbook-catalog || die "Failed to regenerate docbook catalog. Is /run mounted?";
 * 
 * If you need support, post the output of `emerge --info '=app-text/docbook-xml-dtd-4.5-r2::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=app-text/docbook-xml-dtd-4.5-r2::gentoo'`.
 * The complete build log is located at '/var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/temp/environment'.
 * Working directory: '/var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/empty'
 * S: '/var/tmp/portage/app-text/docbook-xml-dtd-4.5-r2/work'
 * FAILED postinst: 1
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")

>>> Recording app-text/docbook-xml-dtd in "world" favorites file...

Should /run/lock now be created in the stage3 Docker images, so ebuilds like app-text/docbook-xml-dtd can be merged directly without any issues out-of-box?

Build Failures: /bin/sh: /run/openrc/softlevel: No such file or directory

Getting build failures, most likely due to /run no longer being part of the stage3 image but that's only a guess.

Cloning into 'bzcxqo6grmy7v9dqlrjcm9f'...
Cloning done
Starting Build
KernelVersion: 3.13.0-40-generic
Os: linux
BuildTime: Mon Oct 12 05:37:18 UTC 2015
ApiVersion: 1.20
Version: 1.8.3
GitCommit: f4bf5c7
Arch: amd64
GoVersion: go1.4.2
Starting build of index.docker.io/gentoo/stage3-amd64:latest...
Step 0 : FROM busybox
 ---> 65e4158d9625
Step 1 : MAINTAINER Gentoo Docker Team
 ---> Running in 01a3fce37a5b
 ---> 132d14e71e09
Removing intermediate container 01a3fce37a5b
Step 2 : ADD build.sh /
 ---> 4848bf969e2f
Removing intermediate container 76b61387f595
Step 3 : RUN /build.sh amd64 x86_64
 ---> Running in df8b6a2f5ddf
Downloading and extracting 20160218/stage3-amd64-20160218.tar.bz2...
DIGEST sum is okey
Installing stage 3
Bootstrapped 20160218/stage3-amd64-20160218.tar.bz2 into /:
total 68K
drwxr-xr-x  33 root root 4.0K Feb 23 13:05 .
drwxr-xr-x  33 root root 4.0K Feb 23 13:05 ..
-rwxr-xr-x   1 root root    0 Feb 23 13:02 .dockerenv
-rwxr-xr-x   1 root root    0 Feb 23 13:02 .dockerinit
drwxr-xr-x   2 root root 4.0K Feb 23 13:02 bin
drwxr-xr-x   2 root root 4.0K Feb 23 13:04 boot
drwxr-xr-x   5 root root  360 Feb 23 13:02 dev
drwxr-xr-x  31 root root 4.0K Feb 23 13:05 etc
drwxr-xr-x   2 root root 4.0K Feb 23 13:04 home
lrwxrwxrwx   1 root root    5 Feb 23 13:04 lib -> lib64
drwxr-xr-x   2 root root 4.0K Feb 23 13:04 lib32
drwxr-xr-x  10 root root 4.0K Feb 23 13:04 lib64
drwxr-xr-x   2 root root 4.0K Feb 23 13:04 media
drwxr-xr-x   2 root root 4.0K Feb 23 13:04 mnt
drwxr-xr-x   2 root root 4.0K Feb 23 13:04 opt
dr-xr-xr-x 122 root root    0 Feb 23 13:02 proc
drwx------   2 root root 4.0K Feb 23 13:04 root
drwxr-xr-x   2 root root 4.0K Feb 23 13:04 run
drwxr-xr-x   2 root root 4.0K Feb 23 13:04 sbin
dr-xr-xr-x  13 root root    0 Feb 23 13:02 sys
drwxrwxrwt   2 root root 4.0K Feb 23 13:04 tmp
drwxr-xr-x  12 root root 4.0K Feb 23 13:04 usr
drwxr-xr-x   9 root root 4.0K Feb 23 13:04 var
 ---> a7be407873ca
Removing intermediate container df8b6a2f5ddf
Step 4 : RUN echo "default" > /run/openrc/softlevel
 ---> Running in 32b67201ece4
�[91m/bin/sh: /run/openrc/softlevel: No such file or directory
�[0mRemoving intermediate container 32b67201ece4
The command '/bin/sh -c echo "default" > /run/openrc/softlevel' returned a non-zero code: 1

Build Failure

Not sure which merge started this or if it's due to the base image but here's the latest build status on stage3-amd64-nomultilib from dockerhub:

lient:
 Version:      1.8.1
 API version:  1.20
 Go version:   go1.4.2
 Git commit:   d12ea79
 Built:        Thu Aug 13 02:49:29 UTC 2015
 OS/Arch:      linux/amd64

Server:
 Version:      1.8.3-rc4
 API version:  1.20
 Go version:   go1.4.2
 Git commit:   9f1606a
 Built:        Fri Oct  2 23:36:50 UTC 2015
 OS/Arch:      linux/amd64
Step 0 : FROM busybox
c51f86c28340 Verifying Checksum
c51f86c28340 Download complete
039b63dd2cba Verifying Checksum
039b63dd2cba Download complete
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Extracting
039b63dd2cba Pull complete
c51f86c28340 Extracting
c51f86c28340 Extracting
c51f86c28340 Extracting
c51f86c28340 Pull complete
Digest: sha256:eb3c0d4680f9213ee5f348ea6d39489a1f85a318a2ae09e012c426f78252a6d2
Status: Downloaded newer image for busybox:latest
---> c51f86c28340
Step 1 : MAINTAINER Gentoo Docker Team
---> bf3be088470c
Step 2 : ADD build.sh /
---> ffa6009644f5
Step 3 : RUN /build.sh amd64 x86_64 -nomultilib
Downloading and extracting 20151203/stage3-amd64-nomultilib-20151203.tar.bz2...
�[91mwget: can't execute 'ssl_helper': No such file or directory
�[0m
�[91mwget: error getting response: Connection reset by peer
�[0m
�[91mchmod: /busybox: No such file or directory
�[0m
�[91m/build.sh: line 14�[0m
�[91m: /busybox: not found
�[0m
�[91m/build.sh�[0m
�[91m: �[0m
�[91mline �[0m
�[91m15�[0m
�[91m: �[0m
�[91m/busybox�[0m
�[91m: �[0m
�[91mnot found�[0m
�[91m
�[0m
�[91m/build.sh�[0m
�[91m: �[0m
�[91mline �[0m
�[91m16�[0m
�[91m: �[0m
�[91m/busybox�[0m
�[91m: �[0m
�[91mnot found�[0m
�[91m
�[0m
�[91m/build.sh�[0m
�[91m: �[0m
�[91mline �[0m
�[91m17�[0m
�[91m: �[0m
�[91m/busybox�[0m
�[91m: �[0m
�[91mnot found�[0m
�[91m
�[0m
�[91m/build.sh�[0m
�[91m: �[0m
�[91mline �[0m
�[91m20�[0m
�[91m: �[0m
�[91m/busybox�[0m
�[91m: �[0m
�[91mnot found�[0m
�[91m
�[0m
Bootstrapped  into /:
total 0
drwxr-xr-x    1 root     root         134 Dec  6 05:03 �[1;34m.�[0m
drwxr-xr-x    1 root     root         134 Dec  6 05:03 �[1;34m..�[0m
-rwxr-xr-x    1 root     root           0 Dec  6 05:02 �[1;32m.dockerenv�[0m
-rwxr-xr-x    1 root     root           0 Dec  6 05:02 �[1;32m.dockerinit�[0m
drwxr-xr-x    1 root     root        4.2K Oct 31 17:14 �[1;34mbin�[0m
drwxr-xr-x    5 root     root         360 Dec  6 05:02 �[1;34mdev�[0m
drwxr-xr-x    1 root     root          90 Dec  6 05:02 �[1;34metc�[0m
drwxr-xr-x    1 root     root           6 Oct 31 17:15 �[1;34mhome�[0m
drwxr-xr-x    1 root     root         120 Dec  6 05:03 �[1;34mnewWorldOrder�[0m
dr-xr-xr-x  117 root     root           0 Dec  6 05:02 �[1;34mproc�[0m
drwxr-xr-x    1 root     root           0 Oct 31 17:15 �[1;34mroot�[0m
dr-xr-xr-x   13 root     root           0 Dec  6 05:02 �[1;34msys�[0m
drwxrwxrwt    1 root     root           0 Oct 31 17:15 �[1;34mtmp�[0m
drwxr-xr-x    1 root     root           8 Oct 31 17:15 �[1;34musr�[0m
drwxr-xr-x    1 root     root          16 Oct 31 17:15 �[1;34mvar�[0m
---> 10d26e747baa
Step 4 : RUN echo "default" > /run/openrc/softlevel
�[91m/bin/sh�[0m
�[91m: can't create /run/openrc/softlevel: nonexistent directory
�[0m

Broken automated builds on docker hub

All automated builds on docker hub ( https://hub.docker.com/r/gentoo/ ) are old a couple of weeks... they used to be triggered every day, but for some reason it stopped some time around New Year.

gfortran link is missing

/usr/bin/gfortran is missing even though /usr/bin/gfortran-4.9.3 is in the container, running

gcc-config 1

helps.

Large image size

I don't know if this is the right place because this isn't really an issue, but more of a question.

Why do the gentoo containers have such a large image size? Currently, latest on am64 is 287.76 MB, while the Fedora image is 58.39 MB and Ubuntu is down to 22.95 MB. I'm seeing that /usr/libexec/gcc is taking 111 MB, and I understand that it wouldn't be Gentoo without GCC, but is there any other place to trim some fat?

Image "portage" and "stage3-amd64" have identical descriptions?

Hi!

It seems that images portage and stage3-amd64 have identical descriptions at docker hub:

Checking their Dockerfiles the are rather different though. It would be cool to save user time wondering about how these images differ.

Best, Sebastian

docker images for all supported gentoo arches

The stage3.Dockerfile pulls from https://ftp-osl.osuosl.org/pub/gentoo/releases/, which contains a lot more arches than just x86 and amd64. With a few tweaks of the build.sh script, we could have docker images for any of the supported Gentoo arches (arm, ppc, et al).

17.1 profile

A recent portage news article stated that the 17.0 profile will soon be removed and that users should switch to 17.1. When will this docker image start using 17.1?

Can't Pull, Redirects to private Google Container Registry

$> podman pull gentoo/stage3

✔ docker.io/gentoo/stage3:latest
Trying to pull docker.io/gentoo/stage3:latest...
Error: initializing source docker://gentoo/stage3:latest: reading manifest latest in mirror.gcr.io/gentoo/stage3: manifest unknown: Failed to fetch "latest" from request "/v2/gentoo/stage3/manifests/latest".

When browsing to https://mirror.gcr.io/gentoo/stage3 in the browser, it redirects to https://cloud.google.com/container-registry/, idk if these registries can be made public but they seem to be private

[Feature Request] gentoo/catalyst: new docker image

Could we get a catalyst image? I tried creating my own, but I ran into a lot of issues.

Not sure if this is the best place, but it doesn't look like the GitHub mirror is accepting issues, https://github.com/gentoo/catalyst/issues

Reference(s):

amd64-hardened-nomultilib missing from DockerHub

In the source here I see there is a hardened+nomultilib but on DockerHub I can only see amd64, amd64-nomultilib, and amd64-hardened.

Similarly x86 is here but missing there (also there's only one x86 profile).

Latest images on Docker Hub use masked sys-libs/glibc-2.32-r2

... and are more than 3 months old :(

Any chance of an update, please?

Warn or inform regarding cryptographic validations

On my environment although the build succeeds I receive errors regarding cryptographic validation as follows.

STAGE3PATH: 20180403T214502Z/stage3-amd64-20180403T214502Z.tar.xz
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key BB572E0E2D182910: 7 signatures not checked due to missing keys
gpg: key BB572E0E2D182910: 1 bad signature
gpg: key BB572E0E2D182910: public key "Gentoo Linux Release Engineering (Automated Weekly Release Key) <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
gpg: Signature made Wed Apr  4 02:04:17 2018 UTC
gpg:                using RSA key 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD  B1BA BB57 2E0E 2D18 2910
stage3-amd64-20180403T214502Z.tar.xz: OK
stage3-amd64-20180403T214502Z.tar.xz.CONTENTS: OK
Removing intermediate container 27a24686e6f2

Short descriptions missing for some official Gentoo repositories on Docker Hub

Currently, not all official Gentoo repositories on Docker Hub have their short description field populated. This means that when users search for Gentoo images using docker, it's not immediately clear which are official images and which are not:

$ docker search gentoo | head -n10
NAME                                          DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
gentoo/stage3-amd64                                                                           61                                      [OK]
gentoo/portage                                                                                26                                      [OK]
gentoo/stage3-amd64-hardened                  Official Gentoo stage3-amd64-hardened Image     15                                      [OK]
gentoo/stage3-amd64-nomultilib                Official Gentoo stage3-amd64-nomultilib Image   13                                      [OK]
plabedan/gentoo-minimal                       Gentoo minimal image (stage3 + portage)         7                                       
vguardiola/gentoo-nginx                       Gentoo Nginx                                    3                                       [OK]
thedcg/tl-gentoo                              tl-gentoo                                       2                                       [OK]
vguardiola/gentoo                             Gentoo Docker images                            2                                       [OK]
tianon/gentoo                                 outdated direct stage3 imports                  2

One can assume that an image is official based on the repository namespace beginning with gentoo/, but it's best to be explicit.

I propose the following descriptions should be added:

Repository	Short Description
`gentoo/stage3-amd64`	`Official Gentoo stage3-amd64 Image`
`gentoo/portage`	`Official Gentoo portage snapshot, designed to be mounted as a container volume`

This may seem a small and nit-picking type change, but I think it helps to highlight to users what's official and what's not 🙂

setuptools and certifi block eachother/circular dependency

To be honest I'm not entirely sure where the issue is, could the it's in the stage3 itself and not the Docker image, wasn't able to figure it out entirely. If anyone has any suggestions/pointers please let me know.

When using the current images for stage3-amd64 (sha256:4fd2075ee41636e0042dad5210518a8513404296b961cc0f43792621abc87864) and portage (sha256:d74cfaccc16c8e72150af45ce564d46a8b3f37c0a9832b0f2a9a0190a7774ac8) I get the following blocker when emerging setuptools

15ecbe990357 /usr/local/portage # emerge -av setuptools 

 * IMPORTANT: 6 news items need reading for repository 'gentoo'.
 * Use eselect news read to view new items.


These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild     U  ] dev-python/setuptools-44.1.0::gentoo [44.0.0::gentoo] USE="-test" PYTHON_TARGETS="python2_7 python3_7* (-pypy3) -python3_6* (-python3_8)" 839 KiB
[ebuild   R    ] dev-python/certifi-2019.11.28::gentoo  PYTHON_TARGETS="python2_7 python3_7* (-pypy3) -python3_6* (-python3_8)" 153 KiB

Total: 2 packages (1 upgrade, 1 reinstall), Size of downloads: 992 KiB

!!! Multiple package instances within a single package slot have been pulled
!!! into the dependency graph, resulting in a slot conflict:

dev-python/setuptools:0

  (dev-python/setuptools-44.1.0:0/0::gentoo, ebuild scheduled for merge) USE="-test" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_7 (-pypy3) -python3_6 (-python3_8)" pulled in by
    dev-python/setuptools[python_targets_pypy3(-)?,python_targets_python2_7(-)?,python_targets_python3_6(-)?,python_targets_python3_7(-)?,python_targets_python3_8(-)?,-python_single_target_pypy3(-),-python_single_target_python2_7(-),-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-)] required by (dev-python/certifi-2019.11.28:0/0::gentoo, ebuild scheduled for merge) USE="" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_7 (-pypy3) -python3_6 (-python3_8)"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     
    >=dev-python/setuptools-42.0.2[python_targets_pypy3(-)?,python_targets_python2_7(-)?,python_targets_python3_6(-)?,python_targets_python3_7(-)?,python_targets_python3_8(-)?,-python_single_target_pypy3(-),-python_single_target_python2_7(-),-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-)] required by (dev-python/certifi-2019.11.28:0/0::gentoo, ebuild scheduled for merge) USE="" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_7 (-pypy3) -python3_6 (-python3_8)"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
    dev-python/setuptools (Argument)

  (dev-python/setuptools-44.0.0:0/0::gentoo, installed) USE="-test" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_6 (-pypy3) -python3_7 (-python3_8)" pulled in by
    dev-python/setuptools[python_targets_pypy3(-)?,python_targets_python2_7(-)?,python_targets_python3_6(-)?,python_targets_python3_7(-)?,python_targets_python3_8(-)?,-python_single_target_pypy3(-),-python_single_target_python2_7(-),-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-)] required by (dev-python/certifi-2019.11.28:0/0::gentoo, installed) USE="" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_6 (-pypy3) -python3_7 (-python3_8)"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
    >=dev-python/setuptools-42.0.2[python_targets_pypy3(-)?,python_targets_python2_7(-)?,python_targets_python3_6(-)?,python_targets_python3_7(-)?,python_targets_python3_8(-)?,-python_single_target_pypy3(-),-python_single_target_python2_7(-),-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-)] required by (dev-python/certifi-2019.11.28:0/0::gentoo, installed) USE="" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_6 (-pypy3) -python3_7 (-python3_8)"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
    >=dev-python/setuptools-42.0.2[python_targets_pypy3(-)?,python_targets_python3_6(-)?,python_targets_python3_7(-)?,python_targets_python3_8(-)?,-python_single_target_pypy3(-),-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-)] required by (app-portage/gemato-14.3:0/0::gentoo, installed) USE="blake2 bzip2 gpg -lzma -sha3 -test -tools" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_6 (-pypy3) -python3_7 (-python3_8)"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     
    >=dev-python/setuptools-42.0.2[python_targets_python3_6(-)?,python_targets_python3_7(-)?,python_targets_python3_8(-)?,-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-)] required by (dev-util/meson-0.52.1:0/0::gentoo, installed) USE="(-test)" ABI_X86="(64)" PYTHON_TARGETS="python3_6 -python3_7 (-python3_8)"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              

dev-python/certifi:0

  (dev-python/certifi-2019.11.28:0/0::gentoo, ebuild scheduled for merge) USE="" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_7 (-pypy3) -python3_6 (-python3_8)" pulled in by
    >=dev-python/certifi-2016.9.26[python_targets_pypy3(-)?,python_targets_python2_7(-)?,python_targets_python3_6(-)?,python_targets_python3_7(-)?,python_targets_python3_8(-)?,-python_single_target_pypy3(-),-python_single_target_python2_7(-),-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-)] required by (dev-python/setuptools-44.1.0:0/0::gentoo, ebuild scheduled for merge) USE="-test" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_7 (-pypy3) -python3_6 (-python3_8)"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     

  (dev-python/certifi-2019.11.28:0/0::gentoo, installed) USE="" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_6 (-pypy3) -python3_7 (-python3_8)" pulled in by
    >=dev-python/certifi-2016.9.26[python_targets_pypy3(-)?,python_targets_python2_7(-)?,python_targets_python3_6(-)?,python_targets_python3_7(-)?,python_targets_python3_8(-)?,-python_single_target_pypy3(-),-python_single_target_python2_7(-),-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-)] required by (dev-python/setuptools-44.0.0:0/0::gentoo, installed) USE="-test" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_6 (-pypy3) -python3_7 (-python3_8)"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    


It may be possible to solve this problem by using package.mask to
prevent one of those packages from being selected. However, it is also
possible that conflicting dependencies exist such that they are
impossible to satisfy simultaneously.  If such a conflict exists in
the dependencies of two different packages, then those packages can
not be installed simultaneously. You may want to try a larger value of
the --backtrack option, such as --backtrack=30, in order to see if
that will solve this conflict automatically.

For more information, see MASKED PACKAGES section in the emerge man
page or refer to the Gentoo Handbook.


!!! The following installed packages are masked:
- sys-libs/glibc-2.29-r7::gentoo (masked by: package.mask)
/var/db/repos/gentoo/profiles/package.mask:
# Michał Górny <[email protected]>, Andreas K. Hüttel <[email protected]>,
# Matthias Maier <[email protected]> (2017-05-21 and later updates)
# These old versions of toolchain packages (binutils, gcc, glibc) are no
# longer officially supported and are not suitable for general use. Using
# these packages can result in build failures (and possible breakage) for
# many packages, and may leave your system vulnerable to known security
# exploits.
# If you still use one of these old toolchain packages, please upgrade (and
# switch the compiler / the binutils) ASAP. If you need them for a specific
# (isolated) use case, feel free to unmask them on your system.

For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.

Looking at the USE flags for both setuptools and certifi it seems like the Docker image is not up to date because it's still using python3_6?

15ecbe990357 /usr/local/portage # eix setuptools
[U] dev-python/setuptools
     Available versions:  44.0.0^t 44.1.0^t{xpak} [M]~45.3.0^t [M]~46.1.3^t {test PYTHON_TARGETS="pypy3 python2_7 python3_6 python3_7 python3_8"}
     Installed versions:  44.0.0^t(00:40:16 03/30/20)(-test PYTHON_TARGETS="python2_7 python3_6 -pypy3 -python3_7 -python3_8")
     Homepage:            https://github.com/pypa/setuptools https://pypi.org/project/setuptools/
     Description:         Collection of extensions to Distutils

15ecbe990357 /usr/local/portage # eix certifi
...
[I] dev-python/certifi
     Available versions:  2019.11.28{xpak} ~2020.4.5.1 {PYTHON_TARGETS="pypy3 python2_7 python3_6 python3_7 python3_8"}
     Installed versions:  2019.11.28{xpak}(00:40:33 03/30/20)(PYTHON_TARGETS="python2_7 python3_6 -pypy3 -python3_7 -python3_8")
     Homepage:            http://certifi.io/ https://pypi.org/project/certifi
     Description:         Python package for providing Mozilla's CA Bundle
...

emerge --info does list python 3.7 as the default together with 2.7 though

15ecbe990357 /usr/local/portage # emerge --info
Portage 2.3.89 (python 3.6.10-final-0, default/linux/amd64/17.1, gcc-9.3.0, glibc-2.29-r7, 4.15.17-gentoo-simon-1.1.3-dracut x86_64)
=================================================================
System uname: Linux-4.15.17-gentoo-simon-1.1.3-dracut-x86_64-Intel-R-_Core-TM-_i5-3570K_CPU_@_3.40GHz-with-gentoo-2.6
KiB Mem:    16350992 total,   4273392 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Sat, 09 May 2020 00:45:01 +0000
Head commit of repository gentoo: 97347298ed44c9d9db3c07dcf268f3bb5a93f244
sh bash 4.4_p23-r1
ld GNU ld (Gentoo 2.33.1 p2) 2.33.1
app-shells/bash:          4.4_p23-r1::gentoo
dev-lang/perl:            5.30.1::gentoo
dev-lang/python:          2.7.17-r2::gentoo, 3.6.10-r1::gentoo, 3.7.7-r1::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/openrc:          0.42.1::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.69-r4::gentoo
sys-devel/automake:       1.16.1-r1::gentoo
sys-devel/binutils:       2.33.1-r1::gentoo
sys-devel/gcc:            9.3.0::gentoo
sys-devel/gcc-config:     2.2.1::gentoo
sys-devel/libtool:        2.4.6-r6::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 5.4::gentoo (virtual/os-headers)
sys-libs/glibc:           2.29-r7::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-verify-metamanifest: yes
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-jobs: 1
    sync-rsync-extra-opts: 

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe"
DISTDIR="/var/cache/distfiles"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="acl amd64 berkdb bzip2 cli crypt dri fortran gdbm iconv ipv6 libtirpc multilib ncurses nls nptl openmp pam pcre readline seccomp split-usr ssl tcpd unicode xattr zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_7" PYTHON_TARGETS="python2_7 python3_7" RUBY_TARGETS="ruby24 ruby25" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, MAKEOPTS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

"portage" image produce huge I/O every time

Good day. I am using Gentoo images in Continuous Integration (Gitlab CI). I run docker via commands:

docker create -v /usr/portage --name portage gentoo/portage
docker run --volumes-from portage --name gentoo gentoo/stage3-amd64 -c "foo bar"

And every time first command produce huge I/O because all content from /usr/portage copying from image to container "portage".
How I can prevent it?

Can you create image without "VOLUME /usr/portage" keyword?

README: Link to DockerHub pages

Could we please:

Publish these images to DockerHub
Link to the DockerHub pages from this project's README.md?

"Official Images" for Gentoo

New Docker users are encouraged to use the Official Images in their projects. These images have clear documentation, promote best practices, and are designed for the most common use cases. --https://docs.docker.com/docker-hub/official_images

I'd be willing to do the work if needed to get this going.

Sources:

Weird assumptions

So first, the date command breaks this out of the gate before that days image is pushed:
TARGET=stage3-amd64 ./build.sh
Sending build context to Docker daemon 185.9kB
Step 1/13 : ARG BOOTSTRAP
Please provide a source image with from prior to commit
Error response from daemon: no such id: gentoo/stage3-amd64:20170903

After hard coding it to yesterdays date:
TARGET=stage3-amd64 ./build.sh
Sending build context to Docker daemon 185.9kB
Step 1/13 : ARG BOOTSTRAP
Please provide a source image with from prior to commit

Debugging the command that's run:
docker build --build-arg ARCH='amd64' --build-arg MICROARCH='amd64' --build-arg BOOTSTRAP='' --build-arg SUFFIX='' -t 'gentoo/stage3-amd64:20170902' -f 'stage3.Dockerfile' .

removed stage3 ARG BOOTSTRAP
hard coded FROM multiarch/alpine:x86_64-v3.6

New error:
TARGET=stage3-amd64 ./build.sh
docker build --build-arg ARCH='amd64' --build-arg MICROARCH='amd64' --build-arg BOOTSTRAP='multiarch/alpine:x86_64-v3.6' --build-arg SUFFIX='' -t 'gentoo/stage3-amd64:20170902' -f 'stage3.Dockerfile' .
Sending build context to Docker daemon 185.9kB
Step 1/12 : FROM multiarch/alpine:x86_64-v3.6
x86_64-v3.6: Pulling from multiarch/alpine
ea9646a5b752: Pull complete
6edbf64caa47: Pull complete
Digest: sha256:cd6acfa4c1ab59f0658f1bbdd1be1b42386e6f0acee20489cdac0286413517d5
Status: Downloaded newer image for multiarch/alpine:x86_64-v3.6
---> 91917cd6c0be
Step 2/12 : WORKDIR /gentoo
---> ad4e6ace1979
Removing intermediate container 47073c8c81c7
Step 3/12 : ARG ARCH=amd64
---> Running in d518bd744d67
---> ffd4d834dfc3
Removing intermediate container d518bd744d67
Step 4/12 : ARG MICROARCH=amd64
---> Running in 94476fded6f4
---> 6ab959945542
Removing intermediate container 94476fded6f4
Step 5/12 : ARG SUFFIX
---> Running in 57891eff9c8a
---> 9c4789705d86
Removing intermediate container 57891eff9c8a
Step 6/12 : ARG DIST="http://distfiles.gentoo.org/releases/${ARCH}/autobuilds/"
---> Running in 2e051c74bf4d
---> 805cf365edda
Removing intermediate container 2e051c74bf4d
Step 7/12 : ARG SIGNING_KEY="0xBB572E0E2D182910"
---> Running in 9b660ec70095
---> 1841f3b643ea
Removing intermediate container 9b660ec70095
Step 8/12 : RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" && apk --no-cache add gnupg tar wget && STAGE3PATH="$(wget -q -O- "${DIST}/latest-stage3-${MICROARCH}${SUFFIX}.txt" | tail -n 1 | cut -f 1 -d ' ')" && STAGE3="$(basename ${STAGE3PATH})" && wget -q -c "${DIST}/${STAGE3PATH}" "${DIST}/${STAGE3PATH}.CONTENTS" "${DIST}/${STAGE3PATH}.DIGESTS.asc" && gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} || gpg --keyserver keys.gnupg.net --recv-keys ${SIGNING_KEY} || gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys ${SIGNING_KEY} && gpg --verify "${STAGE3}.DIGESTS.asc" && awk '/# SHA512 HASH/{getline; print}' ${STAGE3}.DIGESTS.asc | sha512sum -c && tar xjpf "${STAGE3}" --xattrs --numeric-owner && sed -i -e 's/#rc_sys=""/rc_sys="docker"/g' etc/rc.conf && echo 'UTC' > etc/timezone && rm ${STAGE3}.DIGESTS.asc ${STAGE3}.CONTENTS ${STAGE3}
---> Running in 4a7b4d681654
json: cannot unmarshal array into Go struct field Process.capabilities of type specs.LinuxCapabilities

I don't know how this is functioning on your system, but it's clearly not on mine :) Am I just missing go dependencies?

Explicit licensing?

What is the license for code in this project? I'm using the 2-clause BSD license for my existing build script and Dockerfiles.

Services crash status

Hi!
After building a gentoo docker container, (with the Dockerfile provided by you), all worked fine but I added some packages, like emerge mariadb and mongodb, and both cases I get crashed status when trying to start them.
Dockerfile relevant lines:

RUN emerge dev-vcs/git dev-vcs/mercurial net-libs/nodejs dev-db/mariadb dev-db/mongodb
# Ensure mysql and mongo are up
RUN /etc/init.d/mongodb start
#next line fails
RUN /etc/init.d/mongodb status

Emerge works fine, after that I just try to start the service:

Here is the output: (no logs produced in the instance)

INFO     2015-05-25 14:52:22,998 containers.py:280] Step 32 : RUN /etc/init.d/mongodb start
INFO     2015-05-25 14:52:23,940 containers.py:280] ---> Running in 2d9efed0fe25
INFO     2015-05-25 14:52:24,373 containers.py:280]  * No permission to apply cgroup settings
INFO     2015-05-25 14:52:24,376 containers.py:280] * /run/mongodb: creating directory
 * /run/mongodb: correcting owner
INFO     2015-05-25 14:52:24,376 containers.py:280] * Starting mongodb ...
INFO     2015-05-25 14:52:24,378 containers.py:280] [ ok ]
INFO     2015-05-25 14:52:24,382 containers.py:280] * Caching service dependencies ... [ ok ]
INFO     2015-05-25 14:52:39,390 containers.py:280] ---> dbd1a381818b
INFO     2015-05-25 14:52:45,657 containers.py:280] Removing intermediate container 2d9efed0fe25
INFO     2015-05-25 14:52:45,657 containers.py:280] Step 33 : RUN /etc/init.d/mongodb status
INFO     2015-05-25 14:52:46,530 containers.py:280] ---> Running in 60139e970398
INFO     2015-05-25 14:52:46,805 containers.py:280]  * 
INFO     2015-05-25 14:52:46,805 containers.py:280] status: crashed
ERROR    2015-05-25 14:52:47,684 containers.py:283] The command [/bin/sh -c /etc/init.d/mongodb status] returned a non-zero code: 32

I have the same issue with mariadb.

I'm pretty sure it is not a bug, but I spent 2 days trying to get help on this, and no too much information about gentoo on docker :(

Thanks.
Matías.

Can't install package from Dockerfile

If you try something like this:

FROM gentoo/stage3-amd64

RUN emerge -qv www-servers/apache

You will get:

!!! Section 'x-portage' in repos.conf has location attribute set to nonexistent directory: '/usr/portage'
!!! Section 'gentoo' in repos.conf has location attribute set to nonexistent directory: '/usr/portage'
!!! Invalid Repository Location (not a dir): '/usr/portage'


!!! /etc/portage/make.profile is not a symlink and will probably prevent most merges.
!!! It should point into a profile within /usr/portage/profiles/
!!! (You can safely ignore this message when syncing. It's harmless.)


!!! Your current profile is invalid. If you have just changed your profile
!!! configuration, you should revert back to the previous configuration.
!!! Allowed actions are limited to --help, --info, --search, --sync, and
!!! --version.

This is because of the separation of portage structure on another image. On running image it's working.

Here is my docker-compose.yml file:

portage:
  image: gentoo/portage

nx-default:
  build: docker/gentoo
  hostname: nx-default.nexylan.net
  volumes_from:
    - portage
  links:
    - influxdb

I'm not an expert but why separating Portage? Because of this, we can't install package on image building.

Regards.

git-based portage to avoid rsync race conditions and garbage DNS/BGP

guys, gentoo portage has been suffering from broken snapshots as long as it has been using ebuild files with digests. this obliterates automated docker build scripts if an ebuild is out of sync with the distfiles.

also, we ought as well be outsourcing DNS to china these days, it's cheaper to replace it than fix it right?

in all seriousness about 12 years ago it was exciting to think the portage wars would finally get the benefit of git amidst the forum conservatives but they still seem to be using what they had 12 years ago despite the ebuild snapshot sync race conditions.

if this was just one percent of the time, it would be no big deal, but we're talking about dozens of potential files being caught in mid-update every day by various cron daemons mirroring things.

what do we need for a Dockerfile that is roughly as stable as ~amd64 with a git backed portage? still a different distro ?

Travis CI build results not shown on commits/pull requests

Even though the Travis CI build system is successfully triggered on every commit/pull request, its results are not shown as checks in the GitHub interface, making it unnecessarily difficult to track them.

Apparently the solution seems to be to revoke access to Travis and consequently reconnect it (possibly using GitHub Apps). A member with admin rights would be required to do this.

Relevant reports: [1], [2]

x86 stages failing - "Fatal Python error: _Py_InitializeMainInterpreter: can't initialize time"

stage3-x86* builds are currently failing with a message:

Fatal Python error: _Py_InitializeMainInterpreter: can't initialize time
PermissionError: [Errno 1] Operation not permitted

Python testing image

Gentoo is one of the few distributions with a diverse Python ecosystem that makes it possible to test stuff against many versions of Python. It would useful to have prebuilt images that contain all Python versions supported by Gentoo (2.7, 3.{5,6,7,8}, pypy, pypy3; maybe some older versions later in some overlay) + dev-python/tox.

stage3-amd64-hardened-nomultilib image is old

please update stage3-amd64-hardened-nomultilib to include the recent EAPI 8 changes

Deterministic builds

I'm trying to build deterministic docker images. The problem I'm currently facing is that I don't know what portage snapshot or git commit was used for building the stage3 image. Is there a way to reliably determine that?

Support for Gentoo Prefix?

Hello,

Given you've built the infrastructure already, and you have the expertise I'd like to ask you if making an image (or images actually) of a Gentoo Prefix bootstrapped would be possible.

I have two motivations to ask for this:

Given all the image flavours you already offer, it would be great to also support that one.
Be able to provide an out-of-the-box working Gentoo Prefix installation. Let me expand on this.

The goal of Gentoo Prefix (as can be read in the article of use cases) is to allow people to have a 'full OS with package manager' in any folder without root permissions needed. This is great! My personal use-case is deploy on robots with ancient systems and also in computing farm machines without a user that has privileges.

To make my workflow as re-usable as possible I found the trick of bootstrapping Gentoo Prefix in /tmp/gentoo. This is great cause /tmp/ is generally writable by anyone. And one can extract a full Gentoo Prefix system in any folder and just symlink to /tmp/gentoo. Then you can use it as normal.

Having a Docker image that builds continuously has the added benefit to, well, keep track that it does not break. And anyone can pull the image and either mount the Docker /tmp/gentoo in the system /tmp/gentoo, or copy it to deploy it in any machine directly (I have machines that can't have Docker).

If I could request it, I'd love a x86_64 and a i686 image of Gentoo Prefix.

(Kinda offtopic) I'm currently fighting myself to make it work, but no luck. x86_64 is not building. And i686 fails even earlier cause I haven't figured out how to generate it from a x86_64 machine.

Push access denied to docker.io/gentoo/stage3

Latest cron job fails for all stage3 targets with:

Login Succeeded
The push refers to repository [docker.io/gentoo/stage3]
9fa033b3feca: Preparing
denied: requested access to the resource is denied

Login succeeds and the images are properly tagged, so my guess would be that the DOCKER_USERNAME defined in the settings of the Travis repo (i.e., larrythecow) is not a collaborator in the new stage3 Docker Hub repo. @ultrabug could you please verify? If this is not the case could you compare the configuration between the new stage3 Docker Hub repo and the older stage3-* repos and find the culprit?

Travis CI builds fail due to negative credit balance

Travis CI builds have been disabled since yesterday with the following error:

Builds have been temporarily disabled for public repositories due to a negative credit balance. Please go to the Plan page to replenish your credit balance or alter your Consume paid credits for OSS setting.

Recent systemd images broken?

The following Dockerfile used to work with older stage3 images:

FROM gentoo/stage3:systemd-20210702

ARG BUILD_DATE

RUN emerge --sync
COPY ebuild-ipc /usr/lib/portage/python3.9/ebuild-ipc
RUN FEATURES="-pid-sandbox" emerge -q dev-vcs/git eix app-misc/jq

But with recent stage3 images, I am getting this error:

Step 5/8 : RUN emerge -q dev-vcs/git eix app-misc/jq
 ---> Running in fe58bf483575
>>> Verifying ebuild manifests

 * IMPORTANT: 6 news items need reading for repository 'gentoo'.
 * Use eselect news read to view new items.

>>> Emerging (1 of 20) dev-libs/oniguruma-6.9.7.1::gentoo
>>> Failed to emerge dev-libs/oniguruma-6.9.7.1, Log file:
>>>  '/var/tmp/portage/dev-libs/oniguruma-6.9.7.1/temp/build.log'
 * Package:    dev-libs/oniguruma-6.9.7.1
 * Repository: gentoo
 * Maintainer: [email protected] [email protected]
 * USE:        abi_x86_64 amd64 elibc_glibc kernel_linux userland_GNU
 * FEATURES:   network-sandbox preserve-libs sandbox userpriv usersandbox
Unable to unshare: EPERM (for FEATURES="pid-sandbox")
File not found: /usr/lib/portage/python3.9/ebuild-ipc
 * The ebuild phase 'setup' has exited unexpectedly. This type of behavior
 * is known to be triggered by things such as failed variable assignments
 * (bug #190128) or bad substitution errors (bug #200313). Normally, before
 * exiting, bash should have displayed an error message above. If bash did
 * not produce an error message above, it's possible that the ebuild has
 * called `exit` when it should have called `die` instead. This behavior
 * may also be triggered by a corrupt bash binary or a hardware problem
 * such as memory or cpu malfunction. If the problem is not reproducible or
 * it appears to occur randomly, then it is likely to be triggered by a
 * hardware problem. If you suspect a hardware problem then you should try
 * some basic hardware diagnostics such as memtest. Please do not report
 * this as a bug unless it is consistently reproducible and you are sure
 * that your bash binary and hardware are functioning properly.
File not found: /usr/lib/portage/python3.9/ebuild-ipc
 * The ebuild phase 'die_hooks' has exited unexpectedly. This type of
 * behavior is known to be triggered by things such as failed variable
 * assignments (bug #190128) or bad substitution errors (bug #200313).
 * Normally, before exiting, bash should have displayed an error message
 * above. If bash did not produce an error message above, it's possible
 * that the ebuild has called `exit` when it should have called `die`
 * instead. This behavior may also be triggered by a corrupt bash binary or
 * a hardware problem such as memory or cpu malfunction. If the problem is
 * not reproducible or it appears to occur randomly, then it is likely to
 * be triggered by a hardware problem. If you suspect a hardware problem
 * then you should try some basic hardware diagnostics such as memtest.
 * Please do not report this as a bug unless it is consistently
 * reproducible and you are sure that your bash binary and hardware are
 * functioning properly.
 * Messages for package dev-libs/oniguruma-6.9.7.1:
 * The ebuild phase 'setup' has exited unexpectedly. This type of behavior
 * is known to be triggered by things such as failed variable assignments
 * (bug #190128) or bad substitution errors (bug #200313). Normally, before
 * exiting, bash should have displayed an error message above. If bash did
 * not produce an error message above, it's possible that the ebuild has
 * called `exit` when it should have called `die` instead. This behavior
 * may also be triggered by a corrupt bash binary or a hardware problem
 * such as memory or cpu malfunction. If the problem is not reproducible or
 * it appears to occur randomly, then it is likely to be triggered by a
 * hardware problem. If you suspect a hardware problem then you should try
 * some basic hardware diagnostics such as memtest. Please do not report
 * this as a bug unless it is consistently reproducible and you are sure
 * that your bash binary and hardware are functioning properly.

This also looks weird to me?

# eselect python list
Available Python interpreters, in order of preference:
 [1]   python3.9 (uninstalled)

The file in question seems legit to me:

7789b003daaf / # ls -la /usr/lib/portage/python3.9/ebuild-ipc
-rwxr-xr-x 1 root root 608 Jun 13 21:26 /usr/lib/portage/python3.9/ebuild-ipc

7789b003daaf / # file /usr/lib/portage/python3.9/ebuild-ipc
/usr/lib/portage/python3.9/ebuild-ipc: Bourne-Again shell script, ASCII text executable

7789b003daaf / # cat /usr/lib/portage/python3.9/ebuild-ipc
#!/bin/bash
# Copyright 2010-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

export __PORTAGE_HELPER_CWD=${PWD}

if [[ ${0##*/} == "ebuild-pyhelper" ]]; then
        echo "ebuild-pyhelper: must be called via symlink" &>2
        exit 1
fi

# Use safe cwd, avoiding unsafe import for bug #469338.
cd "${PORTAGE_PYM_PATH}" || exit 1
for path in "${PORTAGE_BIN_PATH}/${0##*/}"{.py,}; do
        if [[ -x "${path}" ]]; then
                PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
                        exec "${PORTAGE_PYTHON:-/usr/bin/python}" "${path}" "$@"
        fi
done
echo "File not found: ${path}" >&2
exit 1

Replacing the line if [[ -x "${path}" ]]; then with if [[ -e "${path}" ]]; then seems to work around the issue, but only when running it in a container, not when using docker build.

Given the file, it looks like it could be a portage bug triggered only in specific situations like here, when not having a tty?

Anybody else facing that issue?

Thanks!

Avoid duplicating build script across amd64 variate

Since all the amd64 variate mostly use the similar build.sh script, we should avoid duplicating it for each particular case.

The information required to generate the URL for respective amd64 variate is already available in variables ${arch} & ${suffix} here: https://github.com/gentoo/gentoo-docker-images/blob/master/amd64/build.sh#L23 which is the only difference across each such build script.

PS: addressing issue raised in #23

alpine-multiarch

https://hub.docker.com/r/multiarch/alpine/
for ARM /ARM64 variants useful for bootstrapping I surmise.
FROM multiarch/alpine
willing to try on my images.. , as I do have valid images, however ....

/gentoo .... emerge --sync... && emerge --update @ system && ... @wolrd also would be a plus.

however getting QEMU to run on DOCKER AMD64/arm64-gentoo @ / is about as fun as throwing rocks at a hornets nest. works then fail..........ssssssssssssssss mostly FAILS. as bash won't run on most cloud docker's because of the arm64 on AMD64 , so shimming via Busybox-amd64 SH might needed to be ,

however multiarch/alpine looks like braincell killing work. so getting qemu to run otherwise is hell.

multiarch/alpine for making stages, etc.. also less hell. as the emu is running already ...

Docker Repository on Quay /dockerhub..
multiarch/alpine for least a better prepared seed stage-3 image... will likely work.
and for stage 4 images akin to below.. Gentoo-arm64-ISO also a plus.. been tinkering with Catalyst on PI3 ...

https://github.com/necrose99/Docker-Gentoo-ARM64/blob/master/Dockerfile
AMD-64 QEMU..... many tries and many fails...
so Far I don't have a Busybox /BB/ and symlinks for common tools.
busybox-multi ..... anyone...? (Mega-FAT binary for multiple CPU arches...)

/bb/bb-sh fire-up-arm64-bash-qemu.sh..... for entrypoint "bootstrapping"
anyhow Getting a Bleeping Emu running has been a vexing and irritating issue.
getting a mega-fat static QEMU with binfmt inside also would be a less baneful isse.

Mudler of Sabayon/Gentoo has had good luck thus far with ARM7-HF etc...

however arm64 and gentoo is more a fickle..... pain in the... @@@
Proot to ARM64 Gentoo in virtualbox can be done but... not the most stable..

I've tried many examples, however the ALPINE/DEBIAN arm64 builder FROM ... might suffice , as trying qemu to fire has been a royal...pain..
/Gentoo

Add emulation tools. so far a fail... or mostly ...

ADD https://github.com/multiarch/qemu-user-static/releases/download/v2.9.1/qemu-aarch64-static.tar.gz /qemu-static-arm64
ADD https://github.com/mickael-guene/umeq/releases/download/1.7.5/umeq-arm64 /
ADD https://github.com/mickael-guene/proot-static-build/raw/master/static/proot-x86_64 /
ADD http://distfiles.gentoo.org/experimental/arm64/stage3-arm64-arm64-20170223.tar.bz2 /

RUN ["/usr/bin/umeq-arm64", "-execve", "-0", "bash", "/bin/bash"] or inset emu to usrbin and groan.

qemu-static-arm64 , proot +qemu-static-arm64 .....

I'm a SEC-Eng... and not a Software DEV... so getting reliability from Docker/EMU/QEMU would be a plus. I've whacked... and..... so far its 100's rocks at the Hornet's nest. perhaps devs might have better luck, than I, a meddlesome Engineer/tinkerer ....

anyone whom is a docker EMU specialist , QEMU feel free to pull request ALL day..

https://quay.io/repository/necrose99/gentoo-on-rpi3-64bit (https://github.com/sakaki-/gentoo-on-rpi3-64bit)

https://hub.docker.com/r/necrose99/gentoo-on-rpi3-64bit/builds/

process_vm_readv when building software inside docker image

Dear Gentoo docker image team,

I would like to use the official docker image as a baseline for a gentoo container, but I am running into this issue when compiling for example fpc (and binutils and many more ...)

Compiling source in /var/tmp/portage/dev-lang/fpc-3.0.4/work/fpcbuild-3.0.4/fpcsrc ...
make -j8 -j1 PP=/var/tmp/portage/dev-lang/fpc-3.0.4/work/lib/fpc/3.0.4/ppcx64 compiler_cycle AS=x86_64-pc-linux-gnu-as

/var/tmp/portage/sys-apps/sandbox-2.20/work/sandbox-2.20/libsandbox/trace.c:do_peekstr():134: failure (Operation not permitted):
ISE:do_peekstr:process_vm_readv(27870, 0x00007ffc663d3670{0x00007ffb5cc28010, 0x1f7}, 1, 0x00007ffc663d3680{0x00007fffbc5d5e09, 0x1f7}, 1, 0) failed: Operation not permitted
/usr/lib/portage/python3.7/ebuild-helpers/emake: line 28: 27867 Aborted "${cmd[@]}"

I think the problem is that inside a docker container the seccomp security profile does not allow me to use the process_vm_readv syscall (https://docs.docker.com/engine/security/seccomp/)

For a quick test, I disabled the security option for the container with --security-opt seccomp=unconfined and things work, but this can't be a solution.

How did you get around this problem when building the original images? Is there a flag that I can set somewhere to disable the use of process_vm_readv so I can extend the image?

Bad path for emerge and ebuild

With the following Dockerfile:

FROM gentoo/stage3-amd64

RUN wget -O telegraf.tar.gz http://get.influxdb.org/telegraf/telegraf-0.11.1-1_linux_amd64.tar.gz \
    && tar xvfz telegraf.tar.gz \
    && rm telegraf.tar.gz

ADD telegraf.conf /etc/telegraf/telegraf.conf

CMD ["telegraf", "-config", "/etc/telegraf/telegraf.conf"]

I ran the following commands:

root@nx-default / # emerge
bash: emerge: command not found
root@nx-default / # find / -name emerge     
/usr/portage/app-xemacs/emerge
/usr/bin/emerge
/usr/lib64/python-exec/python2.7/emerge
/usr/lib64/python-exec/python3.4/emerge
/usr/lib64/python2.7/site-packages/portage/tests/emerge
/usr/lib64/python3.4/site-packages/portage/tests/emerge
root@nx-default / # ls -l /usr/bin/emerge       
lrwxrwxrwx 1 root root 31 Jul 28 03:03 /usr/bin/emerge -> ../lib/python-exec/python-exec2
root@nx-default / # /usr/lib/python-exec/python-exec2
bash: /usr/lib/python-exec/python-exec2: No such file or directory

Adding this on my Dockerfile "solves" the issue:

RUN rm -f /usr/bin/emerge && ln -s /usr/lib64/python-exec/python2.7/emerge /usr/bin/emerge
RUN rm -f /usr/bin/ebuild && ln -s /usr/lib64/python-exec/python2.7/ebuild /usr/bin/ebuild

So IMHO, we have two problem:

Why /usr/lib/python-exec/python-exec2? Should not the binary be called directly?
The path is pointing on a non-existing file.

gentoo / gentoo-docker-images Goto Github PK

gentoo-docker-images's Introduction

Gentoo Docker Images

DockerHub

Inventory

Building the containers

Using the portage container as a data volume

Using the portage container in a multi-stage build

Contributing

Policy

gentoo-docker-images's People

Contributors

Stargazers

Watchers

Forkers

gentoo-docker-images's Issues

Add emulation tools. so far a fail... or mostly ...

RUN ["/usr/bin/umeq-arm64", "-execve", "-0", "bash", "/bin/bash"] or inset emu to usrbin and groan.

Recommend Projects

Recommend Topics

Recommend Org