[FEAT] Use system extensions #1
Description
for an immutable system, the less you do to the default image, the better. im still tweaking it but here's an example of gvisor.
FROM docker.io/archlinux:base-devel
# Install git and squashfs-tools
RUN pacman -Syu --noconfirm git squashfs-tools
# Create builder user
RUN useradd -m builder && \
echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder
# Switch to builder
USER builder
WORKDIR /home/builder
# Build gvisor-git
RUN git clone https://aur.archlinux.org/gvisor-git.git
WORKDIR /home/builder/gvisor-git
RUN makepkg -si --noconfirm
# Prepare sysroot for extension
USER root
RUN mkdir -p /sysroot/usr/bin /sysroot/usr/lib/extension-release.d /output
# Copy binaries
RUN cp /usr/bin/runsc /sysroot/usr/bin/
RUN cp /usr/bin/containerd-shim-runsc-v1 /sysroot/usr/bin/
# Create extension-release metadata
RUN echo "ID=_any" > /sysroot/usr/lib/extension-release.d/extension-release.gvisor
RUN echo "SYSEXT_LEVEL=1.0" >> /sysroot/usr/lib/extension-release.d/extension-release.gvisor
# Generate SquashFS image
RUN mksquashfs /sysroot /output/gvisor.raw -all-root -comp xz