Skip to content

Commit

Permalink
Install TrustedSigning on windows docker images (#255)
Browse files Browse the repository at this point in the history
* Install `TrustedSigning` on windows docker images

* Convert Dockerfiles to unix line endings
  • Loading branch information
staticfloat authored Aug 19, 2024
1 parent 80404cf commit 7ab8e58
Show file tree
Hide file tree
Showing 2 changed files with 68 additions and 62 deletions.
3 changes: 3 additions & 0 deletions windows/package-i686/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,9 @@ RUN powershell -Command "iex ((New-Object System.Net.WebClient).DownloadString('
RUN msiexec.exe /i "https://awscli.amazonaws.com/AWSCLIV2.msi" /quiet /qn && \
setx /M PATH "%PATH%;C:\Program Files\Amazon\AWSCLIV2"

# Install `TrustedSigning` powershell module
RUN powershell -Command "Install-Module -Name TrustedSigning"


# Set default environment variables and setup useful symlinks
# Note that we add an entry for `buildkite-agent` here despite it not being within
Expand Down
127 changes: 65 additions & 62 deletions windows/package-x86_64/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,62 +1,65 @@
# SPDX-License-Identifier: MIT

# See "Full Tag Listing" in https://hub.docker.com/_/microsoft-windows-servercore
ARG WIN_VERSION=ltsc2022
FROM mcr.microsoft.com/windows/servercore:$WIN_VERSION AS MSYS2_download

# We always download x86_64 MSYS2 installer, since our system itself is x86_64.
ARG MSYS2_VERSION=20240507
ARG MSYS2_DOWNLOAD_URL=https://repo.msys2.org/distrib/x86_64/msys2-base-x86_64-${MSYS2_VERSION}.sfx.exe
RUN setx /M PATH "C:\msys64\mingw64\bin;C:\msys64\usr\bin;%PATH%" && \
powershell -Command "Invoke-WebRequest -Uri %MSYS2_DOWNLOAD_URL% -OutFile C:/windows/temp/msys2-base.sfx.exe" && \
C:\windows\temp\msys2-base.sfx.exe x -o"C:"
# NOTE: workaround for "gpg: error reading key: Connection timed out"
RUN bash -l -c "exit 0"
RUN bash -l -c "pacman -Syuu --noconfirm --noprogressbar" && \
bash -l -c "pacman -Syu --needed --noconfirm --noprogressbar" && \
bash -l -c "pacman -Syu --needed --noconfirm --noprogressbar" && \
bash -l -c " \
pacman -S --needed --noconfirm --noprogressbar \
cmake diffutils git m4 make patch tar p7zip curl python3 openssl gnupg2 \
mingw-w64-x86_64-gcc \
" && \
bash -l -c "pacman -Scc --noconfirm" && \
echo ---- [%date% %time%] Pkg install done!
# NOTE: If you hang here >10 min. You may want to `zap` temp files.
# ref: https://github.com/msys2/MSYS2-packages/issues/2305#issuecomment-758162640


# ---- Move to new container, to drop messy build history
ARG WIN_VERSION=ltsc2022
FROM mcr.microsoft.com/windows/servercore:$WIN_VERSION

COPY --from=MSYS2_download C:/msys64 C:/msys64

# Download Windows 10 SDK and install only `signtool.exe`
ARG SDK_URL="https://go.microsoft.com/fwlink/p/?linkid=2196241"
ARG SDK_EXE="C:/windows/temp/winsdksetup.exe"
RUN powershell -Command "\
Invoke-WebRequest -Uri '%SDK_URL%' -OutFile '%SDK_EXE%' -ErrorAction Stop ; \
Start-Process '%SDK_EXE%' -Wait -ArgumentList '/features OptionId.SigningTools', '/q', '/ceip off', '/norestart' ; \
setx /M PATH ('%PATH%;' + (Resolve-Path 'C:/Program Files (x86)/Windows Kits/10/bin/*/x64/')) ; \
Remove-Item '%SDK_EXE%'"

RUN powershell -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://vcredist.com/install.ps1'))"

# Install AWS CLI
RUN msiexec.exe /i "https://awscli.amazonaws.com/AWSCLIV2.msi" /quiet /qn && \
setx /M PATH "%PATH%;C:\Program Files\Amazon\AWSCLIV2"

# Set default environment variables and setup useful symlinks
# Note that we add an entry for `buildkite-agent` here despite it not being within
# the image, because we expect it to be mounted within us in the future.
RUN setx /M PATH "C:\buildkite-agent\bin;C:\msys64\mingw64\bin;C:\msys64\usr\bin;%PATH%" && \
mklink /J C:\msys64\home\ContainerUser C:\Users\ContainerUser && \
setx /M HOME C:\msys64\home\ContainerUser
WORKDIR C:/msys64/home/ContainerUser

# Select the mingw64 environment: https://www.msys2.org/docs/environments/
ENV MSYSTEM=MINGW64

# Default to `bash` for interactive builds
CMD ["bash"]
# SPDX-License-Identifier: MIT

# See "Full Tag Listing" in https://hub.docker.com/_/microsoft-windows-servercore
ARG WIN_VERSION=ltsc2022
FROM mcr.microsoft.com/windows/servercore:$WIN_VERSION AS MSYS2_download

# We always download x86_64 MSYS2 installer, since our system itself is x86_64.
ARG MSYS2_VERSION=20240507
ARG MSYS2_DOWNLOAD_URL=https://repo.msys2.org/distrib/x86_64/msys2-base-x86_64-${MSYS2_VERSION}.sfx.exe
RUN setx /M PATH "C:\msys64\mingw64\bin;C:\msys64\usr\bin;%PATH%" && \
powershell -Command "Invoke-WebRequest -Uri %MSYS2_DOWNLOAD_URL% -OutFile C:/windows/temp/msys2-base.sfx.exe" && \
C:\windows\temp\msys2-base.sfx.exe x -o"C:"
# NOTE: workaround for "gpg: error reading key: Connection timed out"
RUN bash -l -c "exit 0"
RUN bash -l -c "pacman -Syuu --noconfirm --noprogressbar" && \
bash -l -c "pacman -Syu --needed --noconfirm --noprogressbar" && \
bash -l -c "pacman -Syu --needed --noconfirm --noprogressbar" && \
bash -l -c " \
pacman -S --needed --noconfirm --noprogressbar \
cmake diffutils git m4 make patch tar p7zip curl python3 openssl gnupg2 \
mingw-w64-x86_64-gcc \
" && \
bash -l -c "pacman -Scc --noconfirm" && \
echo ---- [%date% %time%] Pkg install done!
# NOTE: If you hang here >10 min. You may want to `zap` temp files.
# ref: https://github.com/msys2/MSYS2-packages/issues/2305#issuecomment-758162640


# ---- Move to new container, to drop messy build history
ARG WIN_VERSION=ltsc2022
FROM mcr.microsoft.com/windows/servercore:$WIN_VERSION

COPY --from=MSYS2_download C:/msys64 C:/msys64

# Download Windows 10 SDK and install only `signtool.exe`
ARG SDK_URL="https://go.microsoft.com/fwlink/p/?linkid=2196241"
ARG SDK_EXE="C:/windows/temp/winsdksetup.exe"
RUN powershell -Command "\
Invoke-WebRequest -Uri '%SDK_URL%' -OutFile '%SDK_EXE%' -ErrorAction Stop ; \
Start-Process '%SDK_EXE%' -Wait -ArgumentList '/features OptionId.SigningTools', '/q', '/ceip off', '/norestart' ; \
setx /M PATH ('%PATH%;' + (Resolve-Path 'C:/Program Files (x86)/Windows Kits/10/bin/*/x64/')) ; \
Remove-Item '%SDK_EXE%'"

RUN powershell -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://vcredist.com/install.ps1'))"

# Install AWS CLI
RUN msiexec.exe /i "https://awscli.amazonaws.com/AWSCLIV2.msi" /quiet /qn && \
setx /M PATH "%PATH%;C:\Program Files\Amazon\AWSCLIV2"

# Install `TrustedSigning` powershell module
RUN powershell -Command "Install-Module -Name TrustedSigning"

# Set default environment variables and setup useful symlinks
# Note that we add an entry for `buildkite-agent` here despite it not being within
# the image, because we expect it to be mounted within us in the future.
RUN setx /M PATH "C:\buildkite-agent\bin;C:\msys64\mingw64\bin;C:\msys64\usr\bin;%PATH%" && \
mklink /J C:\msys64\home\ContainerUser C:\Users\ContainerUser && \
setx /M HOME C:\msys64\home\ContainerUser
WORKDIR C:/msys64/home/ContainerUser

# Select the mingw64 environment: https://www.msys2.org/docs/environments/
ENV MSYSTEM=MINGW64

# Default to `bash` for interactive builds
CMD ["bash"]

0 comments on commit 7ab8e58

Please sign in to comment.