diff --git a/.bashrc b/.bashrc index 34a7aca..4867e36 100644 --- a/.bashrc +++ b/.bashrc @@ -1,3 +1,3 @@ -alias k9s='sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/k9s"' -alias kubectl='function _kubectl(){ sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/kubectl $@"; };_kubectl' -alias talosctl='function _talosctl(){ sops exec-file --no-fifo ~/stack/secrets/production.talosconfig "TALOSCONFIG={} /usr/bin/talosctl $@"; };_talosctl' +alias k9s='function _k9s(){ sops exec-file --no-fifo "${HOME}/stack/secrets/production.kubeconfig" "KUBECONFIG={} /usr/bin/k9s $*"; };_k9s' +alias kubectl='function _kubectl(){ sops exec-file --no-fifo "${HOME}/stack/secrets/production.kubeconfig" "KUBECONFIG={} /usr/bin/kubectl $*"; };_kubectl' +alias talosctl='function _talosctl(){ sops exec-file --no-fifo "${HOME}/stack/secrets/production.talosconfig" "TALOSCONFIG={} /usr/bin/talosctl $*"; };_talosctl' diff --git a/Makefile b/Makefile index a33fe85..89fecbf 100644 --- a/Makefile +++ b/Makefile @@ -47,8 +47,8 @@ update-tools: ./src/make/update.sh .PHONY: shell -shell: out/tools-image.digest - $(call run-container, -v $${PWD}:/home/user/stack:rw, $(shell cat $<), /bin/bash) +shell: build-tools load-tools + $(call run-container, -v $${PWD}:/home/user/stack:rw, $(REGISTRY)/tools:latest, /bin/bash) .PHONY: credentials credentials: \ @@ -147,6 +147,12 @@ build-%: images/tools/Containerfile | out cd images/tools $(call build-container,$*,$(VERSION),$<,$(SOURCE_DATE_EPOCH),$(REVISION)) +load-%: build-% + $(call import-container,$*) + +push-%: build-% load-% + docker push $(REGISTRY)/$*:$(VERSION) + out/tools-image.digest: out build-tools .PHONY: plan diff --git a/images/radicale/Containerfile b/images/radicale/Containerfile new file mode 100644 index 0000000..d7e7408 --- /dev/null +++ b/images/radicale/Containerfile @@ -0,0 +1,115 @@ +FROM stagex/core-busybox@sha256:cac5d773db1c69b832d022c469ccf5f52daf223b91166e6866d42d6983a3b374 AS busybox +FROM stagex/core-bzip2@sha256:57e9b2b4fea6718bbe463a10e44f5cffbaad2fecada2f8f7733189c1a28be2a4 AS bzip2 +FROM stagex/core-filesystem@sha256:2aaaea601e1725a8292c4c28e723db5761d892b869556f9b05c0983ba11fe30e AS filesystem +FROM stagex/core-gcc@sha256:125bd6306e7f37e57d377d5a189c0e499388aff42b22cc79acee6097357c617f AS gcc +FROM stagex/core-libffi@sha256:9acd18e59ca11fa727670725e69a976d96f85a00704dea6ad07870bff2bd4e8b AS libffi +FROM stagex/core-libunwind@sha256:4f3ead61255c1e58e7dc43a33043f297f8730ec88e068a4460e5fff09e503781 AS libunwind +FROM stagex/core-musl@sha256:d5f86324920cfc7fc34f0163502784b73161543ba0a312030a3ddff3ef8ab2f8 AS musl +FROM stagex/core-ncurses@sha256:6602a073bf9a408d1ed7c20ccc98fca974cd307fb8d1da6381fbca684a08169c AS ncurses +FROM stagex/core-openssl@sha256:8670a22fb76965f31bda1b61cd75ae39a96e1008deffe289a5d94ee4337b1cb2 AS openssl +FROM stagex/core-py-build@sha256:625b7c06114188524e8789ca5010444e13878c26e75645184b60256c0b586669 AS py-build +FROM stagex/core-py-dateutil@sha256:56a4aaeab67622b66607ec4621527039ee017e696dce3a510a12e0b5e31a5d05 AS py-dateutil +FROM stagex/core-py-flit@sha256:4f6007293e3ae1ac94ec97be03ce964321e3f0ad7311b527caa157f5fa2aa914 AS py-flit +FROM stagex/core-py-gpep517@sha256:1d4942c56e8f1651e2e7632ae2f2901a7573ed7e8184cb645348ab3b2d4a2f99 AS py-gpep517 +FROM stagex/core-py-installer@sha256:935c066ff446e3f2b2b269ce1d51a63c34596caceddc1abad2771c5003703625 AS py-installer +FROM stagex/core-py-pep517@sha256:678f8fe52d5d9944ba281f878f111b474b250899293676b851557623107763a5 AS py-pep517 +FROM stagex/core-py-setuptools@sha256:3558195868ec830242e047b22729b8a849336899dc105957843c9c4e75baacf0 AS py-setuptools +FROM stagex/core-py-toml@sha256:e8712e27a2e9d17f78892a4e4dd4f3823e86469143bd4eac2294d0e323f985d0 AS py-toml +FROM stagex/core-py-wheel@sha256:b5eded3ce06adbdd70ef452e7b7d07afbf0f23a2f8d6850b9511cc3f66c898c1 AS py-wheel +FROM stagex/core-python@sha256:5c5d86d66a9ebe4144154035230714b79c65227d9702fa2c2191a0451168014e AS python +FROM stagex/core-sqlite3@sha256:d8908d5a6c205639e6a408a92e7086edf3604f930775ee058a250e96b89255a2 AS sqlite3 +FROM stagex/core-zlib@sha256:b35b643642153b1620093cfe2963f5fa8e4d194fb2344a5786da5717018976c2 AS zlib +FROM stagex/pallet-python@sha256:2af6ef9ca77e667753b06cf85176ba1df7704b6d42a94d97ef5e217c6423955d AS pallet-python +FROM stagex/pallet-rust@sha256:81c39a3b42b0336e439aee3c90e9e1e4da1d32425451e7222198a978eb8c2623 AS pallet-rust +FROM stagex/user-linux-pam@sha256:dfa0f1699d18674c005b2ad860d56773dc7049ab6bcd1d6b07190ad993fd9e83 AS linux-pam +FROM stagex/user-py-bcrypt@sha256:d9d3cc2a2da4cd7ef89aa1b72553a87d41e6d8495415521d929e6ed4e38b7fdc AS py-bcrypt +FROM stagex/user-py-defusedxml@sha256:66577196a2c483ed5ef87dec43580b7e5843d4c06984ef2e3637e95bb902bf1c AS py-defusedxml +FROM stagex/user-py-ldap3@sha256:005726d9c3f4177a58d0c283c6ae248fb11c3b505025ce62a66da787055286ff AS py-ldap3 +FROM stagex/user-py-pam@sha256:9e3c8bf9d53d7652374fac20805318e7627f26f756217051e99b728b3373d859 AS py-pam +FROM stagex/user-py-passlib@sha256:d210aa185483dcffe4c15c72cf2efd5286e3551fb65025418d76ac567d745205 AS py-passlib +FROM stagex/user-py-pika@sha256:873d754f559b8072774176319d9efd7c7cee13d2dfeedf9fbc9f971470c1a985 AS py-pika +FROM stagex/user-py-pyasn1@sha256:826ddae08316596c758aa92d8ba15ced7b0b3f3601a9b7570fd95e4e09dbebaf AS py-pyasn1 +FROM stagex/user-py-pytz@sha256:d02fa1f128e27aa49040d35196c519c3633744e7fad7dfb13eb459a42957dc18 AS py-pytz +FROM stagex/user-py-requests@sha256:1d26793e53751887149b7ae48fb999f4e923e2d3a9c5dbec8e2bf5ee784a8a30 AS py-requests +FROM stagex/user-py-semantic-version@sha256:a03536939d365c0ed70214742631ff95a927c6a37dcc021872237b8575cd69d9 AS py-semantic-version +FROM stagex/user-py-setuptools-rust@sha256:694280bc5053b41dd11c3c0634988517dd3aa65dc86fafb16d8f1f38b4136a19 AS py-setuptools-rust +FROM stagex/user-py-setuptools-scm@sha256:9d1c56c43bc007a6f492a438c538013c367b7fe9dff388f998b560a148cf8817 AS py-setuptools-scm +FROM stagex/user-py-six@sha256:fb4cf37afcdc52a751e484dcd87b307e31d089a8b5824a0dc0df4da0a07a14a6 AS py-six +FROM stagex/user-py-vobject@sha256:c125fce2223592724816654b5a3400698d4adaba41f34065df31e9a98fcc9464 AS py-vobject +FROM stagex/user-py-waitress@sha256:271930c65e8399fcd4168470caa65ac7f44f942457d8828a6a20ff1557d9ffee AS py-waitress + +# radicale +FROM scratch AS build-radicale +COPY --from=pallet-python . / +COPY --from=py-bcrypt . / +COPY --from=py-build . / +COPY --from=py-defusedxml . / +COPY --from=py-installer . / +COPY --from=py-ldap3 . / +COPY --from=py-passlib . / +COPY --from=py-pep517 . / +COPY --from=py-pika . / +COPY --from=py-setuptools . / +COPY --from=py-toml . / +COPY --from=py-vobject . / +COPY --from=py-wheel . / +ADD \ + --checksum=sha256:dcbfb7ab0b2f89cab0f566ea179d768a5016597b0c1f177431a123de57509b3b \ + https://github.com/Kozea/Radicale/archive/refs/tags/v3.5.4.tar.gz \ + / +RUN tar zxvf /v3.5.4.tar.gz +WORKDIR /Radicale-3.5.4/ +RUN --network=none <<-EOF + set -eu + python -m build --wheel --no-isolation + python -m installer --destdir=/rootfs dist/*.whl + install -vDm 644 config -t /rootfs/etc/radicale/ + install -vDm 644 rights -t /rootfs/etc/radicale/ + touch users + install -vDm 644 users -t /rootfs/etc/radicale/ + install -vDm 644 radicale.wsgi -t /rootfs/usr/share/radicale/radicale.wsgi + install -vDm 644 CHANGELOG.md -t /rootfs/usr/share/doc/radicale/CHANGELOG.md + install -vDm 644 DOCUMENTATION.md -t /rootfs/usr/share/doc/radicale/DOCUMENTATION.md + install -vDm 644 README.md -t /rootfs/usr/share/doc/radicale/README.md + install -vDm 644 COPYING.md /rootfs/usr/share/licenses/radicale/COPYING.md + find /rootfs | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf +EOF + +FROM filesystem AS py-radicale +LABEL org.opencontainers.image.version=3.5.4 +LABEL org.opencontainers.image.licenses=GPL-3.0-or-later +COPY --from=build-radicale /rootfs / + +FROM filesystem AS radicale +LABEL org.opencontainers.image.authors="Distrust Team " +LABEL org.opencontainers.image.vendor="Distrust LLC" +LABEL org.opencontainers.image.source=https://git.distrust.co/public/stack/src/branch/main/images/radicale/Containerfile +COPY --from=busybox . / +COPY --from=gcc . / +COPY --from=musl . / +COPY --from=python . / +COPY --from=openssl . / +COPY --from=zlib . / +COPY --from=bzip2 . / +COPY --from=ncurses . / +COPY --from=sqlite3 . / +COPY --from=libffi . / +COPY --from=libunwind . / +COPY --from=linux-pam . / +COPY --from=py-bcrypt . / +COPY --from=py-dateutil . / +COPY --from=py-defusedxml . / +COPY --from=py-ldap3 . / +COPY --from=py-pam . / +COPY --from=py-passlib . / +COPY --from=py-pika . / +COPY --from=py-pyasn1 . / +COPY --from=py-radicale . / +COPY --from=py-requests . / +COPY --from=py-six . / +COPY --from=py-toml . / +COPY --from=py-vobject . / +EXPOSE 5232 +VOLUME /var/lib/radicale +ENTRYPOINT [ "/usr/bin/radicale" ] +CMD [ "--hosts", "0.0.0.0:5232,[::]:5232" ] diff --git a/kustomizations/radicale/README.md b/kustomizations/radicale/README.md new file mode 100644 index 0000000..d6cf228 --- /dev/null +++ b/kustomizations/radicale/README.md @@ -0,0 +1,13 @@ +# Radicale + +## Creating an account + +Currently to create a radicale account you will need to generate and hash a password with `htpasswd` and `bcrypt`. + +You can generate your password using a password manager or `openssl` with at least 32 characters. + +```sh +htpasswd -Bn @distrust.co +``` + +You will then need to add the output to users.enc.yaml which is encrypted with SOPS diff --git a/kustomizations/radicale/files/config b/kustomizations/radicale/files/config new file mode 100644 index 0000000..f3dae5f --- /dev/null +++ b/kustomizations/radicale/files/config @@ -0,0 +1,13 @@ +[server] +hosts = 0.0.0.0:5232 + +[auth] +type = htpasswd +htpasswd_filename = /config/user +htpasswd_encryption = bcrypt + +[rights] +type = owner_only + +[storage] +filesystem_folder = /var/lib/radicale/collections diff --git a/kustomizations/radicale/ingress.yaml b/kustomizations/radicale/ingress.yaml new file mode 100644 index 0000000..9b9d800 --- /dev/null +++ b/kustomizations/radicale/ingress.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: radicale-ingress + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + cert-manager.io/cluster-issuer: letsencrypt + external-dns.alpha.kubernetes.io/hostname: radicale.distrust.co + nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" + nginx.ingress.kubernetes.io/proxy-buffers-number: "8" +spec: + ingressClassName: nginx + tls: + - hosts: + - radicale.distrust.co + secretName: radicale-tls + rules: + - host: radicale.distrust.co + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: radicale + port: + number: 5232 diff --git a/kustomizations/radicale/kustomization.yaml b/kustomizations/radicale/kustomization.yaml new file mode 100644 index 0000000..295b71f --- /dev/null +++ b/kustomizations/radicale/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +labels: + - pairs: + app.kubernetes.io/name: radicale + includeSelectors: true +resources: +- ./statefulset.yaml +- ./service.yaml +- ./serviceaccount.yaml +- ./ingress.yaml +generators: +- secret-generator.yaml +configMapGenerator: + - name: radicale + files: + - config=files/config +images: + - name: radicale + newName: git.distrust.co/public/radicale + digest: sha256:53c80b2dea5a854e945288659284c26f57f8a0db4e73abb04c7150dbf795f72b diff --git a/kustomizations/radicale/secret-generator.yaml b/kustomizations/radicale/secret-generator.yaml new file mode 100644 index 0000000..df6261d --- /dev/null +++ b/kustomizations/radicale/secret-generator.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: radicale-secrets +files: + - ./users.enc.yaml diff --git a/kustomizations/radicale/service.yaml b/kustomizations/radicale/service.yaml new file mode 100644 index 0000000..ed469f3 --- /dev/null +++ b/kustomizations/radicale/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: radicale +spec: + type: ClusterIP + ports: + - port: 5232 + targetPort: http + protocol: TCP + name: http diff --git a/kustomizations/radicale/serviceaccount.yaml b/kustomizations/radicale/serviceaccount.yaml new file mode 100644 index 0000000..6bb69e3 --- /dev/null +++ b/kustomizations/radicale/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: radicale +automountServiceAccountToken: true diff --git a/kustomizations/radicale/statefulset.yaml b/kustomizations/radicale/statefulset.yaml new file mode 100644 index 0000000..d3e8b15 --- /dev/null +++ b/kustomizations/radicale/statefulset.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: radicale +spec: + template: + spec: + serviceAccountName: radicale + securityContext: + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 1000 + containers: + - name: radicale + image: radicale + env: + - name: RADICALE_CONFIG + value: /config/config + ports: + - name: http + containerPort: 5232 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: "RuntimeDefault" + capabilities: + drop: + - ALL + volumeMounts: + - name: config + mountPath: /config/config + subPath: config + - name: user + mountPath: /config/user + subPath: users + - name: radicale + mountPath: /var/lib/radicale + volumes: + - name: config + configMap: + name: radicale + items: + - key: config + path: config + - name: user + secret: + optional: true + secretName: radicale-users + items: + - key: users + path: users + volumeClaimTemplates: + - metadata: + name: radicale + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 5Gi diff --git a/kustomizations/radicale/users.enc.yaml b/kustomizations/radicale/users.enc.yaml new file mode 100644 index 0000000..fa51c86 --- /dev/null +++ b/kustomizations/radicale/users.enc.yaml @@ -0,0 +1,33 @@ +apiVersion: ENC[AES256_GCM,data:WhA=,iv:Z/tFagnlvoAXt9yfp0aoRsZn78vPEKjl2OTqitQMjWo=,tag:1IYJWqgbknS61DXy4ppiug==,type:str] +kind: ENC[AES256_GCM,data:abMLEKUb,iv:e5Vq7fKAWwtZA88jPKR+tjmHevoDtduH9S8pQ1WanS4=,tag:8sDhvGn2Ob8Ap8RxZqjdXA==,type:str] +type: ENC[AES256_GCM,data:v/+vuXQ7,iv:N3q4jTPZBUm35gDeWZ5W5Q3ndZzWofTofi3Rv2/8GKY=,tag:l63mR0fmE1Self9J8vMI+w==,type:str] +metadata: + name: ENC[AES256_GCM,data:c0G89GGAPwPLp0dETOo=,iv:8PNpVILLyVCEgn97mO975+khTXZSzEWkSnsfDTjqbI4=,tag:AuOLzcVdRPOyBNlWoRVW8g==,type:str] +stringData: + users: ENC[AES256_GCM,data:rveIHF6gebDe92Ela+zICvOo8JhBJp8BkRb63pmKQEjEuCwCQN2xV326KA4c7T9rtL3VkNmgIVzyLMBhdN5FCtzpEZeyuSPaKSQta9A261gnFVxY5YqbgEXYs/iVq7Qtp7nSNL7f8E0RFZnM67N+D8jEkIyyYhUQt64Ec2TVVGX2lWpcoWgaA2MGGjdITzfc+AWqe8I+FwL0wmh4hbXrYRJH3yjYYiOoV0mQYhhFn0V8HZEzK/1tbO0Qrjxt5U0SBoBkjwEO/GtC4avl58RCtCv/xIeGRExEPGQTCNNH11w2I05p/Z0LVxhCUHY=,iv:jx4HbBWirtFUrZWaKT/mQaOxfhpggTeFdmOwQBFv52c=,tag:qO2bKZWyDK55I6WnCSaqOg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-08-04T22:04:26Z" + mac: ENC[AES256_GCM,data:yfDs8c7MPML1XD4O2IfUXJg3QT+cdknNw/RuG12FlwJ7uoB2B2EvTwJJh6FNfuBVGY3Ed4nHwCTdIva+nJyOYWt9rfGqettfn4hHbVXLQ0B82JSexLXGKs9RtVY1mG4vzk3N575v3+A82RtssCSF/O/puij9qrjnkpLk6YbqLMo=,iv:BrobW9hDUkTbKRQBqfkeeNExMOqbrjdupDvSzCn9WRQ=,tag:w8EJq0LG3pWaUqKZGAJtgg==,type:str] + pgp: + - created_at: "2025-07-13T06:51:55Z" + enc: "-----BEGIN PGP MESSAGE-----\n\nhQIMA82rPM2mSf/aARAAjtuwpAk5OCIRUXTwig8V+Md3mzZ5B/mXaEipSL+bz8aK\nNro9p82GsnMIgHS7qpMwcc53NSNL0wmju3tcB/TaFsRVot1QTcIraPP2saDx02Mm\nwKg0pcqDk55X+htHY1iYZS9JO1bVz7EmJjPsfcEdvBm2JNCjZeNToy7mnjFWBBlu\nOqX0V2qrWcm3lG2HMBUGOHQ8o3iC7OWBTIKSDMx8dJb7L4NlB3LxtfsibmsrvOk1\nAtUXKf6DjjRcRV3LiVFFhswPfbUx9uYrNLQM3g2J5jxyoWHVCLdVqsBGe03zxmlA\niAglRbYNbhayoWH/1j/10VbtEuRSURKtCPWysaOr+u/UOWpbRi0S3WTkx2E603wC\nk2msofhS8iQv8Dp2Y5zcdFvLnWpCzdXFWPedLE08fKKHkht40Pdh8rq09Y8eepAT\nHUvuaJSfG1/RZX3IRoyHTyFmVrRF1ZEPDxcMKD8Kx3Vn7dfXVO3Bxx7dBTyY4UzO\nVzx8KJBulCib2jDY0CqBNL50Kgy935rHhBRUlx4MBxhSKnkKHIiXYalINZUxHUxn\nYzztQbxLnOgb94z2dEPEu6xxgSLC40XNY65SzwtEKHkR7QNkyRqm1VXbT6tEpYRg\nVgDKZgBWLQ68G+DDkDbUCkGy4w3umMSfuX8rlNEUG9C0Kk5CXffyKqA8J3+T97bS\nXAGZYbFMTTgpa1Z/vnmAfsr/CUvAUflkgtvJH7wxXVL41a/12IQ/kx1mxMxh3JjS\n0R2phlMwSy5ct1scgJQZIc+fvgjMthNl1b5XqnWE0eRwVduKpi3/uzCZhzXd\n=tMGM\n-----END PGP MESSAGE----- " + fp: 6B61ECD76088748C70590D55E90A401336C8AAA9 + - created_at: "2025-07-13T06:51:55Z" + enc: "-----BEGIN PGP MESSAGE-----\n\nhQIMAw95Vf08z8oUARAAzSCXQxhGwwO1cQjgpy539UqhS/3SDqB2c2fAm8rvKMEq\nE8dtU5/Oc5FRhRRWEIP9XeDJlPz9rDn4E3KYa0ZYNUchl75ItHID6oBg3OOSZmIN\nciVaffQXyRa6pRCjeaQU9VZY67FBbCueBbCe/mYyGZQMfHg4Y2asOIr3qOgYIgnC\nsAZoG2NT+9deabzLY8irLTAM5IMbO59ulM0H7j0IdTLB9D7u+fU7EMg9jQb/J9ha\nIITSh7jGhpNbtJ0neRyUnX26r50JeLY4b1UCAd1HjA5Rycgrx1rXoZbmGB4dFZ0V\nZiIaGBe/8BF5GGXkHJgO/Y5g+jfpmO6HYV5NrCB049nd82YowK9LkgMNp3V1vPn6\n5RxWsVSV29CyplO6rEq9lH2VHB1HLkboOomklVDyG9mo+jbY3TL/Ak4nWfx+96rV\nJSyAadEtC+HcXN5ECDO+F7uAEDi0isdWF97xgARvjyDezEEyxTA8xWsIpL8LRWjZ\nIBlihxlpyQJ13WSFP6tAp60wO83LLJiC9rvuIBmrCUwKb+LtxUqrWtZnZ8yIsCXk\nV1xqGixSigR3RJvbSzICKdMDuhs+cghiurTkKNE2QG9+NQeees2DUIqURjRM//Av\n6hEJxjH/bJ2JlA1/YIkYkMxc9WpKRXmitVaHpkoFumphVIfA4CbQZo/Nv2LbatDS\nXAHAUl75H53Hf3awGph4kOoykimetr8i14bVM0Kr/jdAxcvJkanScej2huzTHzQK\nywl3clswBKzhfCBFejdhrrZoKsT1h7Mf23FEwhwP4aMcVZe+iSqoifWXKRM5\n=jFLv\n-----END PGP MESSAGE----- " + fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72 + - created_at: "2025-07-13T06:51:55Z" + enc: "-----BEGIN PGP MESSAGE-----\n\nhF4Dr/MjkOzuuRESAQdAEpot/CyllATM3Ycyb5dvalqAbJBHskFKLR7nbFc6Z2kw\nR2XDTbHQ51WSv7teBei+gA9elRjrsx5RfUSh/mC/WrOZvnn4NyHf6cDkjtd3EO1I\n0lwBT732FGcKQEE7CZXoc/AwtCd66OYqwdYiiMm29LuVcW71UlrGkLFPyqQ+y2jb\nFl00rVXjHLLXFzcEfZf5+JFoPv3JM+h8nXQZEkpKI6Ykw9ZcxagoZyyySYdqtw==\n=ZP5M\n-----END PGP MESSAGE----- " + fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA + - created_at: "2025-07-13T06:51:55Z" + enc: "-----BEGIN PGP MESSAGE-----\n\nhQIMA5Wf+FyJ+zFJAQ/7BIqCa7lsEE4tyhxoiA6DBO9/+xP4LlA/CPPCu4zWLb2T\nzy0axtIWtdSAWecWXm0vQ9B+YB0Jbhb69Qj1mrjCgGyM8ckduBxvYlT1qbGREJCW\nCtFqiAvWcDAsKZ3BOxA4GsqU4aGK9KMOZCcFGQx9Bg8CFpOx7gbMFb+VkziA/Dgx\nFGvBmNvtqqdqV7yViUxvYAwb7Buik8e77FCyBc5fxdjGU34/x7AD0jPJcN3Ac0n0\nzqGBaM9ivs3G2R4rq2JVfWOdj/qmrH/P0CWDN8cOB7H37+IpvIjs80RIjguB4OFo\nHxJFviuQ9LGpw8IKj2161iSccuAwhOpHdOLS8C6yzw7SJZncwCDeLlQWVhJb99ae\nTq23m68KYTkpM6cIT5iG4k/grgkKvqk82YNkMCktPBwsEQ/wxOH9ZQ9Ry1LRtmIF\nBUH33sASnt3A3IAavYQucAcOkYsQJFlaLbeVoVS8J7nXA6xRzv9qaJeeulVIaBpc\nfwSP6mI8mscrSp24F14EcP3n5W6Gr68oEw2qdUi3CFLtr+Ih8T2REWzOJYDIArCM\ncY/tS1WVDDikmzS9aNcEt0okPz6HNaKu7qONby3L9XxSDxZYg4tmV/ZiWIZuvVwL\n6iipL+wYMYk3ot066ewoLqOeZcZH/04P9QgoNwnUaSqsfaIQfPJZCngyCEKdYNXS\nXAGIFLlG48rAKmE7OYuOFQeuwgNpdFb07kaWw64NKTRxTkw0hZjm87CHfdZ3CPnX\nJp04LP46X74s+SiWmfHM5W21Ub68Li4l135DA3CKiOn+Sq04Q5xh0giSZWHG\n=ikQP\n-----END PGP MESSAGE----- " + fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D + - created_at: "2025-07-13T06:51:55Z" + enc: "-----BEGIN PGP MESSAGE-----\n\nhQIMA8KRInHl7Vz+AQ//blhfF6tdUKH+4HWC2p0hhCBwzZ/eGcDBvk66N4Yvo7w5\nk38fd/kI0EqKecagLNlScnS8mRwhjAaKwUGUjyWYQ5CkVEtb+SG2fAnEU57ju3xV\nei5P1lBfkcKPR5uSC9vXO/oCg7XHN9fAi67yh1paBhN7azjplm8BGunhFD7PzULO\nb+g9xa1ueC2c4UpLd4rf55Us10tFJ/Id3QK5FhbB1L+Mae+Wjs0sxRN2qPmkiAvu\nilaPw7PfnztNs3bj6/pzyH1EdaeRIiZzoC+0e9LiA6bBkj4tSfAWEHH84uFYDv98\ngfSe5Lp5DEpoZSy2ecx3XOtCPSKGv8FfeVfwb4EZ/EyYRJDEkOAkEDPIlQs9agy0\nFYOiovwAjVAU2Y/IC5q0lVH4WQZGY/k+EVeu9ZAMHkZ1/TDIxva/WsMM91ja5uWC\nLMRUXJ1TO/LjNI1T9XI20bKkl2WOj0Y/1YVOoJAxTbnkXzsn1xU7Qe7DiehYKl+d\nOE+dNjN/D4DR5NmEfTPmsNEX6Z3sK1GyEOxw19/JM3QHIdjoKw3a15hQjxmM/ksH\nKNEu0YQ/l7CDDnVT7MLDpjx1luoMQ9eW3I3hMAZgxkjkmTk2xeNYTAvDLFmKk2D8\n7MFogZB2o2giaBgFgWB+9KCgzipHSlnIQd//BSvwtL1/GFILSPzLEfOWAXv2zE7S\nXAHdCNhyj7n7zQDwDb5V84QxbUne/D22RY4NpJybMfrXuKW9n2fOD4wxiWZnl6hD\nieC1qFcETi20i2LzC2M3uJAz/LHVpyLaNNaaIDMZF3gme1yKe3/u46z1WJhX\n=LEyb\n-----END PGP MESSAGE----- " + fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/src/make/macros.mk b/src/make/macros.mk index 68036cf..1479e72 100644 --- a/src/make/macros.mk +++ b/src/make/macros.mk @@ -48,3 +48,7 @@ define build-container $(dir $3) \ | tar -C out/image/$(1) -mx endef + +define import-container + tar -C out/image/$(1) -cf - . | docker load +endef