diff --git a/Makefile b/Makefile index 5e7fa17..3350960 100755 --- a/Makefile +++ b/Makefile @@ -1,4 +1,3 @@ -DOCKER_PREFIX=sudo IMAGE_NAME=unixvoid/seedpod WEB_THEME=https://github.com/Secretmapper/combustion/archive/v0.6.2.tar.gz ALPINE_FS=https://cryo.unixvoid.com/bin/filesystem/alpine/linux-latest-amd64.rootfs.tar.gz @@ -20,6 +19,18 @@ build_filesystem: tar -czf rootfs.tar.gz * mv filesystem.tmp/rootfs.tar.gz deps/ +aci_build: pull_actool + mkdir -p seedpod-layout/rootfs/ + tar -xzf deps/rootfs.tar.gz -C seedpod-layout/rootfs/ + cp deps/config.ovpn seedpod-layout/rootfs/ + cp deps/creds.x seedpod-layout/rootfs/ + cp deps/settings.json seedpod-layout/rootfs/transmission/ + cp deps/run.sh seedpod-layout/rootfs/ + cp deps/manifest.json seedpod-layout/manifest + ./appc-v0.8.7/actool build seedpod-layout seedpod.aci + ./appc-v0.8.7/actool --debug validate seedpod.aci + rm -rf appc* + aci_build_web: pull_actool cd deps/ && \ mkdir -p stage.tmp/theme && \ @@ -34,20 +45,28 @@ aci_build_web: pull_actool cp deps/run.sh seedpod-layout/rootfs/ cp deps/manifest.json seedpod-layout/manifest ./appc-v0.8.7/actool build seedpod-layout seedpod.aci + ./appc-v0.8.7/actool --debug validate seedpod.aci + rm -rf appc* + +run_aci: + $(OS_PERMS) rkt run \ + --net=host \ + --insecure-options=image \ + ./seedpod.aci docker_build: cd deps/ && \ - $(DOCKER_PREFIX) docker build -t $(IMAGE_NAME) . + $(OS_PERMS) docker build -t $(IMAGE_NAME) . docker_build_web: cd deps/ && \ mkdir -p stage.tmp/theme && \ wget -O stage.tmp/theme.tar.gz $(WEB_THEME) && \ tar -xzf stage.tmp/theme.tar.gz -C stage.tmp/theme --strip-components 1 && \ - $(DOCKER_PREFIX) docker build -t $(IMAGE_NAME) -f Dockerfile.web . + $(OS_PERMS) docker build -t $(IMAGE_NAME) -f Dockerfile.web . docker_run: - $(DOCKER_PREFIX) docker run \ + $(OS_PERMS) docker run \ -d \ --name seedpod \ --cap-add=NET_ADMIN \ diff --git a/deps/manifest.json b/deps/manifest.json index 82c609e..3ee006a 100644 --- a/deps/manifest.json +++ b/deps/manifest.json @@ -40,7 +40,20 @@ "path": "/transmission/incomplete/", "readOnly": false } - ] + ], + "isolators": [ + { + "name": "os/linux/capabilities-retain-set", + "value": { + "set": [ + "CAP_NET_RAW", + "CAP_NET_ADMIN", + "CAP_NET_BIND_SERVICE", + "CAP_CHOWN" + ] + } + } + ] }, "annotations": [ {