From 246342ea67540bee90d4ad0ba21d49b85619bbc1 Mon Sep 17 00:00:00 2001
From: Markus Pesch <markus.pesch@cryptic.systems>
Date: Sat, 2 Apr 2022 16:33:40 +0200
Subject: [PATCH] fix: makepkg, build user

---
 .gitignore    |  3 ++-
 Dockerfile    | 38 +++++++++++++++++++++++++++---------
 README.md     | 54 +++++++++++++++++++++++++++++++++++++++++++++++++--
 entrypoint.sh | 33 +++++++++++++++++++++++++++++++
 4 files changed, 116 insertions(+), 12 deletions(-)
 create mode 100644 entrypoint.sh

diff --git a/.gitignore b/.gitignore
index 2eea525..a2d79bb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-.env
\ No newline at end of file
+.env
+test.sh
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 933e9e1..db3a1c1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,25 +1,39 @@
 FROM docker.io/library/archlinux:latest
 
-RUN pacman --sync --refresh --noconfirm --sysupgrade \
+ENV BUILD_USER=build
+
+RUN pacman --sync --refresh --noconfirm --sysupgrade sudo
+
+RUN echo "${BUILD_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/${BUILD_USER} && \
+    useradd --create-home --home-dir /home/${BUILD_USER} --shell /bin/bash ${BUILD_USER}
+USER ${BUILD_USER}
+
+# execute local files
+COPY installation-scripts /tmp/installation-scripts
+RUN for f in {00-pacman-mirror.sh,01-rustup.sh}; do sudo /tmp/installation-scripts/$f; done && \
+    sudo rm --recursive --force /tmp/installation-scripts
+ENV PATH="/home/${BUILD_USER}/.cargo/bin:/${BUILD_USER}/go/bin:${PATH}"
+
+# Install PKGs from public repositories
+RUN sudo pacman --sync --refresh --noconfirm --sysupgrade \
       awk \
+      base-devel \
       bash-completion \
       docker \
       gcc \
       git \
+      gnupg \
       go \
       make \
+      pacman-contrib \
       podman \
       which \
       zip
 
-# execute local files
-COPY installation-scripts /tmp/installation-scripts
-RUN for f in {00-pacman-mirror.sh,01-rustup.sh}; do /tmp/installation-scripts/$f; done && \
-    rm --recursive --force /tmp/installation-scripts
-ENV PATH="/root/.cargo/bin:/root/go/bin:${PATH}"
+RUN sudo usermod --append --groups docker ${BUILD_USER}
 
-# Install PKGs from own repo
-RUN pacman --sync --refresh --noconfirm --sysupgrade \
+# Install PKGs from private repositories
+RUN sudo pacman --sync --refresh --noconfirm --sysupgrade \
       oracle-instantclient-basic \
       oracle-instantclient-jdbc \
       oracle-instantclient-odbc \
@@ -28,4 +42,10 @@ RUN pacman --sync --refresh --noconfirm --sysupgrade \
       oracle-instantclient-tools \
       rpm-builder
 
-WORKDIR /workspace
\ No newline at end of file
+WORKDIR /workspace
+VOLUME [ "/workspace" ]
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN sudo chmod +x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
diff --git a/README.md b/README.md
index ac4949c..e410300 100644
--- a/README.md
+++ b/README.md
@@ -4,8 +4,43 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/volkerraschek/build-image)](https://hub.docker.com/r/volkerraschek/build-image)
 
 This project contains all sources to build the container image
-`docker.io/volkerraschek/build-image`. The primary goal of the image is only
-to provide an environment to compile source code like go or rust.
+`docker.io/volkerraschek/build-image`. The primary goal of the image is only to
+provide an environment to compile source code for `go` or `rust` and package
+compiled binaries as PKG for Arch Linux or as RPM for RHEL based distributions.
+
+## Supported environment variables
+
+### gnupg
+
+#### GNUPG_KEY
+
+Import private gpg key via `GPG_KEY`. The private key must be escaped to import
+the key inside the container image correctly. For example:
+
+```bash
+GPG_FPR=YOUR_GPG_FINGERPRINT
+GPG_KEY=$(gpg --armor --export-secret-keys ${GPG_FPR} | cat -e | sed -e 's/\$/\\n/g' -e 's/^[ \t]*//g')
+```
+
+### makepkg
+
+The `makepkg.conf` configuration is composed from the environment variables with
+the prefix `MAKEPKG_`. Below are some examples:
+
+`MAKEPKG_PACKAGER="Hugo McKinnock <hugo.mckinnock@example.local>"`
+`MAKEPKG_GPGKEY="0123456789"`
+`MAKEPKG_PKGEXT=.pkg.tar.zst"`
+
+### ssh
+
+#### SSH_KEY
+
+Import private ssh key via `SSH_KEY`. The private key must be escaped to import
+the key inside the container image correctly. For example:
+
+```bash
+SSH_KEY=$(cat -e ${HOME}/.ssh/id_rsa | sed -e 's/\$/\\n/g')
+```
 
 ## Usage
 
@@ -22,6 +57,21 @@ $ docker run \
       go build
 ```
 
+### makepkg
+
+With the following example will be an package be build for Arch Linux. Execute
+the commond in the root directory of the project, where the `PKGBUILD` file is
+located.
+
+```bash
+$ docker run \
+    --env MAKEPKG_PACKAGER="Max Mustermann <max.mustermann@example.com" \
+    --rm \
+    --volume ${PWD}:/workspace \
+    volkerraschek/build-image:latest \
+      makepkg
+```
+
 ### rust
 
 If you want to compile instead go rust sourcecode, than you can do it similar to
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..bce38eb
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+IFS=$'\n'
+
+# generate makepkg.conf
+MAKEPKG_ENV_VARS=($(env | sort | grep --perl-regexp '^MAKEPKG_.*'))
+for ENV_VAR in ${MAKEPKG_ENV_VARS[@]}; do
+  KEY=$(echo ${ENV_VAR} | cut --delimiter="=" --fields="1" | sed 's/MAKEPKG_//' | tr '[:lower:]' '[:upper:]')
+  VALUE=$(echo ${ENV_VAR} | cut --delimiter="=" --fields="2-")
+  echo "${KEY}='${VALUE}'" >> ${HOME}/.makepkg.conf
+done
+
+# import gpg key
+if [ ! -z ${GPG_KEY+x} ]; then
+
+  echo -e ${GPG_KEY} | gpg --import
+
+  # trust gpg key
+  for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u); do
+    echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key $fpr trust
+  done
+fi
+
+# add ssh private key
+if [ ! -z ${SSH_KEY+x} ]; then
+  mkdir --parents ${HOME}/.ssh
+  sudo chmod 0700 ${HOME}/.ssh
+  echo -e ${SSH_KEY} > ${HOME}/.ssh/key
+  sudo chmod 0600 ${HOME}/.ssh/key
+  echo -e "Host *\n  IdentityFile ~/.ssh/key" > ${HOME}/.ssh/config
+fi
+
+/bin/bash ${@}
\ No newline at end of file