diff --git a/.drone.yml b/.drone.yml index b5643be..8d8b0c8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,41 +1,76 @@ -pipeline: - build: - image: spritsail/docker-build - volumes: [ '/var/run/docker.sock:/var/run/docker.sock' ] - repo: ppass-dev - make: true +--- +kind: pipeline +name: build-amd64 - test-bin: - image: spritsail/docker-test - volumes: [ '/var/run/docker.sock:/var/run/docker.sock' ] +platform: + os: linux + arch: amd64 + +steps: +- name: build + pull: always + image: spritsail/docker-build + settings: + make: true + repo: ppass-dev + +- name: test-bin + pull: always + image: spritsail/docker-test + settings: repo: ppass-dev run: | curl --version && xmlstarlet --version - test: - image: spritsail/docker-test - volumes: [ '/var/run/docker.sock:/var/run/docker.sock' ] - repo: ppass-dev - curl: ':32400/identity' +- name: test + pull: always + image: spritsail/docker-test + settings: + curl: :32400/identity delay: 5 - retry: 10 pipe: | xmlstarlet sel -t -v "/MediaContainer/@version" | grep -qw "$(label io.spritsail.version.plex | cut -d- -f1)" + repo: ppass-dev + retry: 10 - publish: - image: spritsail/docker-publish - volumes: [ '/var/run/docker.sock:/var/run/docker.sock' ] - secrets: [ docker_username, docker_password, microbadger_token ] - when: { branch: [ pass ], event: [ push, tag, deployment ] } +- name: publish + pull: always + image: spritsail/docker-publish + settings: from: ppass-dev repo: spritsail/plex-media-server tags: - - 'plexpass' - - '%label io.spritsail.version.plex | %prefix plexpass | %remsuf [0-9a-f]+$ | %auto 2' + - plexpass + - "%label io.spritsail.version.plex | %prefix plexpass | %remsuf [0-9a-f]+$ | %auto 2" + environment: + DOCKER_PASSWORD: + from_secret: docker_password + DOCKER_USERNAME: + from_secret: docker_username + when: + branch: + - pass + event: + - push + - tag - notify: - image: spritsail/notify - when: { status: [ success, failure ] } - secrets: [ webhook_url, notify_token ] +- name: notify + pull: always + image: spritsail/notify + environment: + NOTIFY_TOKEN: + from_secret: notify_token + WEBHOOK_URL: + from_secret: webhook_url + when: + status: + - success + - failure + +--- +kind: signature +hmac: 9ccac4af6a5a1f3849f3593741c44df1564956093fc038f628fa500973969b43 + +... diff --git a/Dockerfile b/Dockerfile index 2eef468..bc357c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ ARG PLEX_VER=1.16.5.1488-deeb86e7f ARG PLEX_SHA=e46c4db05ef9402447246e92e3f5ed808eb11389 -ARG LIBGCC1_VER=8.3.0-6 ARG XMLSTAR_VER=1.6.1 ARG CURL_VER=curl-7_65_1 ARG ZLIB_VER=1.2.11 @@ -10,14 +9,40 @@ FROM spritsail/debian-builder:buster-slim as builder ARG PLEX_VER ARG PLEX_SHA -ARG LIBGCC1_VER -ARG LIBXML2_VER=v2.9.8 -ARG LIBXSLT_VER=v1.1.32 +ARG LIBXML2_VER=v2.9.9 +ARG LIBXSLT_VER=v1.1.33 ARG XMLSTAR_VER ARG LIBRE_VER ARG CURL_VER ARG ZLIB_VER +ARG PREFIX=/prefix + +WORKDIR /plex + +# Fetch Plex and required libraries +RUN curl -fsSL -o plexmediaserver.deb https://downloads.plex.tv/plex-media-server-new/${PLEX_VER}/debian/plexmediaserver_${PLEX_VER}_amd64.deb \ + && echo "$PLEX_SHA plexmediaserver.deb" | sha1sum -c - \ + && dpkg-deb -x plexmediaserver.deb . \ + \ + && rm -r \ + etc/ lib/ usr/sbin/ usr/share/ \ + plexmediaserver.deb \ + \ + && cd usr/lib/plexmediaserver \ + && rm \ + lib/libcrypto.so* \ + lib/libcurl.so* \ + lib/libssl.so* \ + lib/libxml2.so* \ + lib/libxslt.so* \ + lib/libexslt.so* \ + Resources/start.sh \ + # Place shared libraries in usr/lib so they can be actually shared + && mv lib/*.so* lib/dri ../ \ + && rmdir lib \ + && cp /lib/x86_64-linux-gnu/libgcc_s.so.1 ../ + # Download and build zlib WORKDIR /tmp/zlib RUN curl -sSf https://www.zlib.net/zlib-$ZLIB_VER.tar.xz \ @@ -25,14 +50,14 @@ RUN curl -sSf https://www.zlib.net/zlib-$ZLIB_VER.tar.xz \ && ./configure \ --prefix=/usr \ --shared \ - && make DESTDIR=/prefix install + && make DESTDIR=$PREFIX install # Download and build libxml2 WORKDIR /tmp/libxml2 RUN git clone https://gitlab.gnome.org/GNOME/libxml2.git --branch $LIBXML2_VER --depth 1 . \ && ./autogen.sh \ --prefix=/usr \ - --with-zlib=/prefix/usr \ + --with-zlib=$PREFIX/usr \ --without-catalog \ --without-docbook \ --without-ftp \ @@ -42,19 +67,18 @@ RUN git clone https://gitlab.gnome.org/GNOME/libxml2.git --branch $LIBXML2_VER - --without-legacy \ --without-modules \ --without-python \ - && make DESTDIR=/prefix install + && make DESTDIR=$PREFIX install # Download and build libxslt WORKDIR /tmp/libxslt RUN git clone https://gitlab.gnome.org/GNOME/libxslt.git --branch $LIBXSLT_VER --depth 1 . \ && ./autogen.sh \ --prefix=/usr \ - --with-zlib=/prefix/usr \ --with-libxml-src="../libxml2" \ --without-crypto \ --without-plugins \ --without-python \ - && make DESTDIR=/prefix install + && make DESTDIR=$PREFIX install # Download and build xmlstarlet ADD xmlstarlet-*.patch /tmp @@ -65,9 +89,9 @@ RUN git clone git://git.code.sf.net/p/xmlstar/code --branch $XMLSTAR_VER --depth && ./configure \ --prefix=/usr \ --disable-build-docs \ - --with-libxml-prefix=/prefix/usr \ - --with-libxslt-prefix=/prefix/usr \ - && make DESTDIR=/prefix install + --with-libxml-prefix=$PREFIX/usr \ + --with-libxslt-prefix=$PREFIX/usr \ + && make DESTDIR=$PREFIX install # Download and build LibreSSL as a cURL dependency WORKDIR /tmp/libressl @@ -89,7 +113,7 @@ RUN git clone https://github.com/curl/curl.git --branch $CURL_VER --depth 1 . \ --enable-versioned-symbols \ --enable-threaded-resolver \ --with-ssl \ - --with-zlib=/prefix/usr \ + --with-zlib=$PREFIX/usr \ --disable-crypto-auth \ --disable-curldebug \ --disable-dependency-tracking \ @@ -115,46 +139,24 @@ RUN git clone https://github.com/curl/curl.git --branch $CURL_VER --depth 1 . \ --without-libpsl \ --without-librtmp \ --without-winidn \ - && make DESTDIR=/prefix install + && make DESTDIR=$PREFIX install -WORKDIR /prefix +WORKDIR $PREFIX -# Fetch Plex and required libraries -RUN curl -fsSL http://ftp.de.debian.org/debian/pool/main/g/gcc-${LIBGCC1_VER:0:1}/libgcc1_${LIBGCC1_VER}_amd64.deb | dpkg-deb -x - . \ - && curl -fsSL -o plexmediaserver.deb https://downloads.plex.tv/plex-media-server-new/${PLEX_VER}/debian/plexmediaserver_${PLEX_VER}_amd64.deb \ - \ - && echo "$PLEX_SHA plexmediaserver.deb" | sha1sum -c - \ - && dpkg-deb -x plexmediaserver.deb . \ - \ - && cd usr/lib/plexmediaserver \ - && rm -f \ - "Plex Media Server Tests" \ - MigratePlexServerConfig.sh \ - lib/libcrypto.so* \ - lib/libcurl.so* \ - lib/libssl.so* \ - lib/libxml2.so* \ - lib/libxslt.so* \ - lib/libz.so* \ - Resources/start.sh \ - # Place shared libraries in usr/lib so they can be actually shared - && mv lib/* ../ +RUN mkdir -p /output/usr/lib /output/usr/bin \ + && mv usr/lib/*.so* \ + /plex/usr/lib/* \ + /output/usr/lib \ + && mv usr/bin/curl /output/usr/bin \ + && mv usr/bin/xml /output/usr/bin/xmlstarlet # Strip all unneeded symbols for optimum size -RUN find -exec sh -c 'file "{}" | grep -q ELF && strip --strip-debug "{}"' \; \ +RUN find /output -exec sh -c 'file "{}" | grep -q ELF && strip --strip-debug "{}"' \; \ # Disable executable stack in all libraries. This should already be the case # but it seems libgnsdk is not playing along && apt-get -y update \ && apt-get -y install execstack \ - && execstack -c usr/lib/*.so* \ - \ - && mkdir -p /output/usr/lib /output/usr/bin \ - && mv lib/x86_64-linux-gnu/*.so* \ - usr/lib/plexmediaserver \ - usr/lib/*.so* \ - /output/usr/lib \ - && mv usr/bin/curl /output/usr/bin \ - && mv usr/bin/xml /output/usr/bin/xmlstarlet + && execstack -c /output/usr/lib/*.so* ADD entrypoint /output/usr/local/bin/ ADD *.sh /output/usr/local/bin/ @@ -165,8 +167,6 @@ RUN chmod +x /output/usr/local/bin/* FROM spritsail/libressl:$LIBRE_VER ARG PLEX_VER -ARG LIBSTDCPP_VER -ARG LIBGCC1_VER ARG CURL_VER ARG XMLSTAR_VER @@ -178,8 +178,6 @@ LABEL maintainer="Spritsail " \ org.label-schema.version=${PLEX_VER} \ io.spritsail.version.plex=${PLEX_VER} \ io.spritsail.version.curl=${CURL_VER} \ - io.spritsail.version.libgcc1=${LIBGCC1_VER} \ - io.spritsail.version.libstdcpp=${LIBSTDCPP_VER} \ io.spritsail.version.xmlstarlet=${XMLSTAR_VER} WORKDIR /usr/lib/plexmediaserver