Add Dockerfile and Compose service to build ZBM images

- Dockerfile creates a basic Void installation with components necessary
  to install ZFSBootMenu and run generate-zbm, including a script at
  /zbm-build.sh that runs by default and automates the build.

- The compose service builds the image and then starts it by
  bind-mounting the containing repo (at path ../..) at /zbm in the
  container.

Co-authored-by: Andrew J. Hesford <[email protected]>

Author: t-oster

contrib/docker/.gitignore

@@ -0,0 +1,4 @@
+config.yaml
+build
+hostid
+zpool.cache

contrib/docker/Dockerfile

@@ -0,0 +1,26 @@
+# This Dockerfile creates a container that will create an EFI executable and
+# separate kernel/initramfs components from a ZFSBootMenu repository. The
+# container will pre-populate its /zbm directory with a clone of the master
+# branch of the upstream ZFSBootMenu branch and build the images from that.
+#
+# To use a different ZFSBootMenu repository or version, bind-mound the
+# repository you want on /zbm inside the container.
+
+# Use the official Void Linux container
+FROM voidlinux/voidlinux:latest
+
+# Ensure everything is up-to-date
+RUN xbps-install -Suy xbps && xbps-install -uy
+
+# Install components necessary to build the image
+RUN xbps-query -Rp run_depends zfsbootmenu | xargs xbps-install -y
+RUN xbps-install -y linux linux-headers zfs gummiboot-efistub
+
+# Copy the build script
+COPY zbm-build.sh /zbm-build.sh
+
+# To replace the default ZFSBootMenu tree, bind-mount over /zbm
+VOLUME /zbm
+
+# Make sure a configuration exists or copy the default, then create the images
+CMD /zbm-build.sh

contrib/docker/README.md

@@ -0,0 +1,117 @@
+# Containerized Image Building
+
+Files in this directory provide a means for creating a container that is
+capable of building ZFSBootMenu kernel and initramfs components as well as a
+standalone UEFI bundle. The container image is built atop Void Linux and
+provides the basic components necessary to build an image from an arbitrary
+ZFSBootMenu repository, including a build script that runs by default when the
+container is started.
+
+These images build and run with both Docker and Podman. Podman is recommended
+as it provides daemon-free container management and allows containers to run as
+unprivileged users. Sample commands below refer to the `podman` command.
+However, because `podman` and `docker` have compatible command-line interfaces,
+the commands should work just as well by substituting `docker` for `podman`.
+
+# Creating a ZFSBootMenu Builder Image
+
+The provided `Dockerfile` automates creation of the ZFSBootMenu builder image.
+From this directory, simply run
+
+```sh
+podman build -t zbm .
+```
+
+to create an image named `zbm`. (Podman automatically prepends `localhost` and
+appends `:latest` to unqualified tags, so the full image name will be
+`localhost/zbm:latest`.) Any suitable tag may be substituted for `zbm`.
+
+The resulting image contains all ZFSBootMenu prerequisites. Hard dependencies
+of ZFSBootMenu are determined by querying the Void Linux `zfsbootmenu` package,
+which will generally provide up-to-date information. In rare cases, a build
+from the master branch may introduce new requirements that are not reflected in
+the latest release version packaged for Void; manually editing the `Dockerfile`
+to add new dependencies may be necessary until a new release is packaged.
+
+The builder image does **not** contain a ZFSBootMenu installation or a copy of
+the upstream git repository. Instead, the image contains a build script,
+installed as `/zbm-build.sh`, that runs by default. The script ensures that a
+ZFSBootMenu repository is available in a running container and invokes
+`generate-zbm` to build images.
+
+# Running a ZFSBootMenu Builder Container
+
+When running a container from the ZFSBootMenu builder image, it is generally
+expected that some compatible volume (generally, a local directory) will be
+bind-mounted as a volume at the path `/zbm` inside the container. This volume
+may either be empty or contain a pre-existing ZFSBootMenu source tree.
+Specifically, if the volume is not empty, it must contain the following
+components of the ZFSBootMenu repository:
+
+- `90zfsbootmenu`, the Dracut module encapsulating ZFSBootMenu functionality;
+- `bin/generate-zbm`, the executable script that creates ZFSBootMenu images;
+- `contrib/docker`, providing either `config.yaml` or `config.yaml.default`.
+
+If the build script finds the volume mounted at `/zbm` empty, it will install
+the `git` package and clone the master branch of the upstream ZFSBootMenu
+repository. This makes the image capable of producing default images without
+needing a local clone of the repository. To build anything but the head commit
+of the upstream master branch, clone the repository, checkout an aribtrary
+commit or make local changes, and mount that repository at `/zbm`.
+
+## Contents of `contrib/docker`
+
+The build script expects to find a valid ZFSBootMenu configuration file at
+`/zbm/contrib/docker/config.yaml` within the container. If this file does not
+exist, the file `/zbm/contrib/docker/config.yaml.default` will be copied to the
+expected location. At least one of these files must exist or the build script
+will fail. The default configuration will store images in the directory
+`contrib/docker/build`, which will be created by `generate-zbm` if it does not
+already exist.
+
+Builder containers do not have access to local files `/etc/zfs/zpool.cache` or
+`/etc/hostid`. If one or both of these components are desired in the output
+image (for example, to ensure consistency with the build host), copy the
+desired files to `contrib/docker/zpool.cache` or `contrib/docker/hostid`,
+respectively. If the build script finds these files, it will copy them into the
+container where the ZFSBootMenu Dracut module expects to find them. If one of
+these files is missing, any corresponding file already installed in the
+container will be *removed*.
+
+## Build Examples
+
+To use the previously created `zbm` image to produce ZFSBootMenu files from the
+default configuration using a local ZFSBootMenu repository `/sw/zfsbootmenu`,
+simply run
+
+```sh
+podman run -v /sw/zfsbootmenu:/zbm /zbm
+```
+
+After some console output, the container should terminate and the directory
+`/sw/zfsbootmenu/contrib/docker/build` should contain the UEFI bundle
+`vmlinuz.EFI` as well as the components `vmlinuz-bootmenu` (a stock Void Linux
+kernel) and corresponding ZFSBootMenu initramfs `initramfs-bootmenu.img`.
+
+In the default configuration, the ZFSBootMenu images probably contain an
+arbitrary `/etc/hostid` that likely does not agree with the corresponding file
+on the host. To make sure that the hostid within the images remains consistent
+with the build host, first copy the file from the host to the `contrib/docker`
+directory:
+
+```sh
+cp /etc/hostid /sw/zfsbootmenu/contrib/docker/hostid
+podman run -v /sw/zfsbootmenu:/zbm /zbm
+```
+
+# Using Docker Compose
+
+The file `docker-compose.yml` defines a Docker Compose service that will create
+a ZFSBootMenu builder image and mount the parent repository (at path `../..`)
+at `/zbm` in the build container. To use this service, simply run
+
+```sh
+docker-compose up
+```
+
+from this directory.

contrib/docker/config.yaml.default

@@ -0,0 +1,22 @@
+Global:
+  # Enable image creation
+  ManageImages: true
+  # Make sure to look for dracut configuration in the repo
+  DracutConfDir: /zbm/etc/zfsbootmenu/dracut.conf.d
+Components:
+  # Dump kernel/initramfs components in the tree;
+  # generate-zbm creates this directory if necessary
+  ImageDir: /zbm/contrib/docker/build
+  Enabled: true
+  # Disable versioning, this is usually a one-off creation
+  Versions: false
+  syslinux:
+    Enabled: false
+EFI:
+  ImageDir: /zbm/contrib/docker/build
+  Versions: false
+  Enabled: true
+Kernel:
+  # For the EFI bundle, turn off modesetting to avoid initializing GPUs
+  # Also set loglevel=4 to provide some helpful warning output
+  CommandLine: zfsbootmenu ro loglevel=4 nomodeset

contrib/docker/docker-compose.yml

@@ -0,0 +1,9 @@
+# This builds the ZFSBootMenu builder and then runs it to create images
+version: "2"
+services:
+    zfsbootmenu-compiler:
+        build: "."
+        # Mount the current repo (../..) where the builder expects it
+        # Outputs will be stored in ../../contrib/docker/build
+        volumes:
+            - "../..:/zbm"

contrib/docker/zbm-build.sh

@@ -0,0 +1,47 @@
+#!/bin/sh
+
+error() {
+	echo ERROR: "$@"
+	exit 1
+}
+
+# shellcheck disable=SC2010
+if ls -Aq /zbm | grep -q . >/dev/null 2>&1; then
+	# If /zbm is not empty, make sure it looks like it has what we need
+	[ -d /zbm/90zfsbootmenu ] || error "missing path /zbm/90zfsbootmenu"
+	[ -d /zbm/contrib/docker ] || error "missing path /zbm/contrib/docker"
+	[ -x /zbm/bin/generate-zbm ] || error "missing executable /zbm/bin/generate-zbm"
+else
+	# If /zbm is empty, clone the upstream repo into it
+	xbps-install -Sy git
+	git clone --depth=1 https://github.com/zbm-dev/zfsbootmenu /zbm
+fi
+
+# Make sure that dracut can find the ZFSBootMenu module
+ln -sf /zbm/90zfsbootmenu /usr/lib/dracut/modules.d/90zfsbootmenu
+
+BUILDROOT="/zbm/contrib/docker"
+
+if [ ! -e "${BUILDROOT}/config.yaml" ]; then
+	# If there is no provided config, copy the default
+	cp "${BUILDROOT}/config.yaml.default" "${BUILDROOT}/config.yaml"
+fi
+
+if [ -r "${BUILDROOT}/hostid" ]; then
+	# If a hostid is provided in the build root, use it
+	cp "${BUILDROOT}/hostid" /etc/hostid
+else
+	# Otherwise, make sure there is no hostid file
+	rm -f /etc/hostid
+fi
+
+if [ -r "${BUILDROOT}/zpool.cache" ]; then
+	# If a zpool cache is provided, use it
+	mkdir -p /etc/zfs
+	cp "${BUILDROOT}/zpool.cache" /etc/zfs/zpool.cache
+else
+	# Otherwise, make sure there is no cache file
+	rm -f /etc/zfs/zpool.cache
+fi
+
+exec /zbm/bin/generate-zbm --config "${BUILDROOT}/config.yaml"