Allow creating interactive build container

.github/workflows/build.yaml

@@ -52,7 +52,7 @@ jobs:
           # make sure to collect artifacts in a separate directory
           # makes uploading easier
           mkdir -p out
-          (cd out && ../build-with-docker.sh)
+          (cd out && ../scripts/build-with-docker.sh)
 
     - name: Sign
       env:
@@ -61,7 +61,7 @@ jobs:
       if: ${{ env.SIGNING_KEY != '' }}
       run: |
         find out
-        ./sign.sh out/runtime-*
+        scripts/sign.sh out/runtime-*
         # copy pubkey so that it's included with the files uploaded to the release page
         cp signing-pubkey.asc out/
 

Dockerfile

@@ -7,32 +7,8 @@ RUN apk add --no-cache \
     eudev-dev gettext-dev linux-headers meson \
     zstd-dev zstd-static zlib-dev zlib-static # fuse3-dev fuse3-static fuse-static fuse-dev
 
+COPY scripts/install-dependencies.sh /tmp/scripts/install-dependencies.sh
 COPY patches/ /tmp/patches/
 
 WORKDIR /tmp
-
-RUN wget https://github.com/libfuse/libfuse/releases/download/fuse-3.15.0/fuse-3.15.0.tar.xz && \
-    echo "70589cfd5e1cff7ccd6ac91c86c01be340b227285c5e200baa284e401eea2ca0  fuse-3.15.0.tar.xz" | sha256sum -c && \
-    tar xf fuse-3.*.tar.xz && \
-    cd fuse-3*/ && \
-    patch -p1 < /tmp/patches/libfuse/mount.c.diff && \
-    mkdir build && \
-    cd build && \
-    meson setup --prefix=/usr .. && \
-    meson configure --default-library static && \
-    ninja -v install && \
-    rm -r /tmp/fuse-*
-
-# Minimize binary size
-ENV CFLAGS="-ffunction-sections -fdata-sections -Os"
-
-RUN wget "https://github.com/vasi/squashfuse/archive/e51978c.tar.gz" && \
-    echo "f544029ad30d8fbde4e4540c574b8cdc6d38b94df025a98d8551a9441f07d341  e51978c.tar.gz" | sha256sum -c && \
-    tar xf e51978c.tar.gz && \
-    cd squashfuse-*/ && \
-    ./autogen.sh && \
-    ./configure CFLAGS="${CFLAGS} -no-pie" LDFLAGS=-static && \
-    make -j"$(nproc)" && \
-    make install && \
-    /usr/bin/install -c -m 644 ./*.h '/usr/local/include/squashfuse' && \
-    rm -r /tmp/e51978c* /tmp/squashfuse*
+RUN bash scripts/install-dependencies.sh

scripts/build-with-docker.sh

@@ -0,0 +1,12 @@
+#! /bin/bash
+
+set -euo pipefail
+
+orig_cwd="$(readlink -f .)"
+
+this_dir="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")")"/
+
+bash "$this_dir"/create-build-container.sh -u "$(id -u):$(id -g)" -- bash scripts/build-in-container.sh
+
+# done!
+# you should now have the binary in your current working directory

build-with-docker.sh → scripts/create-build-container.sh

@@ -21,7 +21,7 @@ case "${ARCH}" in
         ;;
     armhf)
         docker_arch=arm32v7
-        docker_platform=linux/arm32/v7
+        docker_platform=linux/arm/v7
         ;;
     aarch64)
         docker_arch=arm64v8
@@ -37,16 +37,30 @@ image_name="$docker_arch"/type2-runtime-build
 
 # first, we need to build the image
 # if nothing has changed, it'll run over this within a few seconds
-this_dir="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")")"
-docker build --build-arg docker_arch="$docker_arch" --platform "$docker_platform" -t "$image_name" "$this_dir"
+repo_root_dir="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")"/..)"/
+docker build --build-arg docker_arch="$docker_arch" --platform "$docker_platform" -t "$image_name" "$repo_root_dir"
 
 docker_run_args=()
 [[ -t 0 ]] && docker_run_args+=("-t")
 
-# next, build the binary in a container running this image
-# we run the build as an unprivileged user to a) make sure that the build process does not require root permissions and b) make the resulting binary writable to the current user
-set -x
-docker run -u "$(id -u):$(id -g)" --platform "$docker_platform" --rm -i "${docker_run_args[@]}" -w /ws -v "$this_dir":/ws -v "$orig_cwd":/ws/out "$image_name" bash build-in-container.sh
+# split Docker args from command
+while true; do
+    # no more args left
+    if [[ "${1:-}" == "" ]]; then
+        break
+    fi
+
+    # consume --, the remaining args will be in the $@ array
+    if [[ "$1" == "--" ]]; then
+        shift
+        break
+    fi
 
-# done!
-# you should now have the binary in your current working directory
+    # append and consume Docker arg
+    docker_run_args+=("$1")
+    shift
+done
+
+# finally, we can run the build container
+# we run the build as an unprivileged user to a) make sure that the build process does not require root permissions and b) make the resulting binary writable to the current user
+exec docker run -u "$(id -u):$(id -g)" --platform "$docker_platform" --rm -i "${docker_run_args[@]}" -w /ws -v "$repo_root_dir":/ws -v "$orig_cwd":/ws/out "$image_name" "$@"

scripts/install-dependencies.sh

@@ -0,0 +1,31 @@
+#! /bin/bash
+
+set -euo pipefail
+
+wget https://github.com/libfuse/libfuse/releases/download/fuse-3.15.0/fuse-3.15.0.tar.xz
+echo "70589cfd5e1cff7ccd6ac91c86c01be340b227285c5e200baa284e401eea2ca0  fuse-3.15.0.tar.xz" | sha256sum -c -
+tar xf fuse-3.*.tar.xz
+pushd fuse-3*/
+patch -p1 < /tmp/patches/libfuse/mount.c.diff
+mkdir build
+cd build
+meson setup --prefix=/usr ..
+meson configure --default-library static
+ninja -v install
+popd
+rm -r fuse-*
+
+# Minimize binary size
+export CFLAGS="-ffunction-sections -fdata-sections -Os"
+
+wget "https://github.com/vasi/squashfuse/archive/e51978c.tar.gz"
+echo "f544029ad30d8fbde4e4540c574b8cdc6d38b94df025a98d8551a9441f07d341  e51978c.tar.gz" | sha256sum -c -
+tar xf e51978c.tar.gz
+pushd squashfuse-*/
+./autogen.sh
+./configure CFLAGS="${CFLAGS} -no-pie" LDFLAGS=-static
+make -j"$(nproc)"
+make install
+/usr/bin/install -c -m 644 ./*.h '/usr/local/include/squashfuse'
+popd
+rm -r e51978c* squashfuse*