This is a Docker image for building Alpine Linux packages.
We tag each release with the Alpine Linux version used. Here are the tags to choose from:
sgerrand/alpine-abuild:3.3: based on Alpine 3.3sgerrand/alpine-abuild:3.4: based on Alpine 3.4sgerrand/alpine-abuild:3.5: based on Alpine 3.5sgerrand/alpine-abuild:3.6: based on Alpine 3.6sgerrand/alpine-abuild:3.7: based on Alpine 3.7sgerrand/alpine-abuild:3.8: based on Alpine 3.8sgerrand/alpine-abuild:3.9: based on Alpine 3.9sgerrand/alpine-abuild:3.10: based on Alpine 3.10sgerrand/alpine-abuild:3.11: based on Alpine 3.11sgerrand/alpine-abuild:3.12: based on Alpine 3.12sgerrand/alpine-abuild:3.13: based on Alpine 3.13sgerrand/alpine-abuild:3.14: based on Alpine 3.14sgerrand/alpine-abuild:3.15: based on Alpine 3.15sgerrand/alpine-abuild:3.16: based on Alpine 3.16sgerrand/alpine-abuild:edge: based on Alpine edge (includes testing repository as well)
The builder is typically run from your Alpine Linux package source directory (changing ~/.abuild/mykey.rsa and ~/.abuild/mykey.rsa.pub to your packager private and public key locations):
docker run \
-e RSA_PRIVATE_KEY="$(cat ~/.abuild/mykey.rsa)" \
-e RSA_PRIVATE_KEY_NAME="mykey.rsa" \
-v "$PWD:/home/builder/package" \
-v "$HOME/.abuild/packages:/packages" \
-v "$HOME/.abuild/mykey.rsa.pub:/etc/apk/keys/mykey.rsa.pub" \
sgerrand/alpine-abuild:3.16
This would build the package at your current working directory, and place the resulting packages in ~/.abuild/packages/builder/x86_64. Subsequent builds of packages will update the ~/.abuild/packages/builder/x86_64/APKINDEX.tar.gz file.
You can also run the builder anywhere. You just need to mount your package source and build directories to /home/builder/package and /packages, respectively.
There are a number of environment variables you can change at package build time:
RSA_PRIVATE_KEY: This is the contents of your RSA private key. This is optional. You should usePACKAGER_PRIVKEYand mount your private key if not usingRSA_PRIVATE_KEY.RSA_PRIVATE_KEY_NAME: Defaults tossh.rsa. This is the name we will set the private key file as when usingRSA_PRIVATE_KEY. The file will be written out to/home/builder/$RSA_PRIVATE_KEY_NAME.PACKAGER_PRIVKEY: Defaults to/home/builder/.abuild/$RSA_PRIVATE_KEY_NAME. This is generally used if you are bind mounting your private key instead of passing it in withRSA_PRIVATE_KEY.REPODEST: Defaults to/packages. If you want to override the destination of the build packages. You must also be sure thebuilderuser has access to write to the destination. Theabuilderentry point will attempt tomkdir -pthis location.PACKAGER: This is the name of the package used in package metadata.
You can use this image to generate keys if you don't already have them. Generate them in a container using the following command (replacing YOUR NAME <YOUR@EMAIL> with your own name and email):
docker run --name keys --entrypoint abuild-keygen -e PACKAGER="YOUR NAME <YOUR@EMAIL>" sgerrand/alpine-abuild:3.16 -n
You'll see some output like the following:
Generating RSA private key, 2048 bit long modulus
.............................................+++
.................................+++
e is 65537 (0x10001)
writing RSA key
>>>
>>> You'll need to install /home/builder/.abuild/[email protected] into
>>> /etc/apk/keys to be able to install packages and repositories signed with
>>> /home/builder/.abuild/[email protected]
>>>
>>> You might want add following line to /home/builder/.abuild/abuild.conf:
>>>
>>> PACKAGER_PRIVKEY="/home/builder/.abuild/[email protected]"
>>>
>>>
>>> Please remember to make a safe backup of your private key:
>>> /home/builder/.abuild/[email protected]
>>>
This output contains the path to your public and private keys. Copy the keys out of the container:
mkdir ~/.abuild
docker cp keys:/home/builder/.abuild/[email protected] ~/.abuild/
docker cp keys:/home/builder/.abuild/[email protected] ~/.abuild/
Put your key files in a same place and destroy this container:
docker rm -f keys