This repository holds scripts and releases for the rkt-in-rkt builder ACI.
To build the builder ACI image, first update the version variable IMG_VERSION
in acbuild.sh
, and execute:
$ sudo ./acbuild.sh
The rkt project key must be used to sign the generated image. $RKTSUBKEYID
is the key ID of the rkt Yubikey. Connect the key and run gpg2 --card-status
to get the ID.
The public key for GPG signing can be found at CoreOS Application Signing Key and is assumed as trusted.
$ gpg2 -u $RKTSUBKEYID'!' --armor --output rkt-builder.aci.asc --detach-sign rkt-builder.aci
Commit any changes to acbuild.sh
, and push them.
Add a signed tag:
$ GIT_COMMITTER_NAME="CoreOS Application Signing Key" GIT_COMMITTER_EMAIL="[email protected]" git tag -u $RKTSUBKEYID'!' -s v1.0.0 -m "rkt-builder v1.0.0"`
Push the tag to GitHub:
$ git push --tags
$ git clone github.com/coreos/rkt
$ cd rkt
$ sudo rkt run \
--volume src-dir,kind=host,source="$(pwd)" \
--volume build-dir,kind=host,source="$(pwd)/release-build" \
--interactive \
coreos.com/rkt/builder:v1.0.0
This repository consists of two scripts:
acbuild.sh
: This script builds the rkt-in-rkt builder ACI.build.sh
: This script is added to the rkt-in-rkt builder ACI as/scripts/build.sh
, and is defined as the entrypoint.
The built rkt-in-rkt ACI declares the following volumes:
src-dir
: Points to the directory holding the rkt source code.build-dir
: Points to the output directory where the build artifacts are being placed.