From e516b456982666fd67c334a1c9b8cafd08672474 Mon Sep 17 00:00:00 2001 From: Andrei Dziahel Date: Fri, 3 Oct 2025 13:59:12 +0200 Subject: [PATCH] fix: update rest of the Dockerfiles with the generator --- 9.10/_cabal-install.deb11.yaml | 3 + 9.10/_cabal-install.deb12.yaml | 3 + 9.10/bookworm/Dockerfile | 8 +- 9.10/bullseye/Dockerfile | 8 +- 9.10/slim-bookworm/Dockerfile | 8 +- 9.10/slim-bullseye/Dockerfile | 197 +++++++++++++++++--------------- 9.4/_cabal-install.yaml | 3 + 9.4/_ghc.yaml | 5 + 9.4/_globals.yaml | 9 ++ 9.4/bullseye.yaml | 13 +++ 9.4/bullseye/Dockerfile | 144 +++++++++++++++++++++++ 9.4/slim-bullseye.yaml | 13 +++ 9.4/slim-bullseye/Dockerfile | 144 +++++++++++++++++++++++ 9.6/_cabal-install.yaml | 3 + 9.6/_ghc.yaml | 5 + 9.6/_globals.yaml | 9 ++ 9.6/bullseye.yaml | 13 +++ 9.6/bullseye/Dockerfile | 201 ++++++++++++++++---------------- 9.6/slim-bullseye.yaml | 13 +++ 9.6/slim-bullseye/Dockerfile | 203 +++++++++++++++++---------------- 9.8/_cabal-install.yaml | 3 + 9.8/_ghc.yaml | 5 + 9.8/_globals.yaml | 9 ++ 9.8/bullseye.yaml | 9 ++ 9.8/bullseye/Dockerfile | 197 +++++++++++++++++--------------- 9.8/slim-bullseye.yaml | 9 ++ 9.8/slim-bullseye/Dockerfile | 197 +++++++++++++++++--------------- README.md | 6 +- generate.sh | 24 ++++ 29 files changed, 971 insertions(+), 493 deletions(-) create mode 100644 9.10/_cabal-install.deb11.yaml create mode 100644 9.10/_cabal-install.deb12.yaml create mode 100644 9.4/_cabal-install.yaml create mode 100644 9.4/_ghc.yaml create mode 100644 9.4/_globals.yaml create mode 100644 9.4/bullseye.yaml create mode 100644 9.4/bullseye/Dockerfile create mode 100644 9.4/slim-bullseye.yaml create mode 100644 9.4/slim-bullseye/Dockerfile create mode 100644 9.6/_cabal-install.yaml create mode 100644 9.6/_ghc.yaml create mode 100644 9.6/_globals.yaml create mode 100644 9.6/bullseye.yaml create mode 100644 9.6/slim-bullseye.yaml create mode 100644 9.8/_cabal-install.yaml create mode 100644 9.8/_ghc.yaml create mode 100644 9.8/_globals.yaml create mode 100644 9.8/bullseye.yaml create mode 100644 9.8/slim-bullseye.yaml create mode 100755 generate.sh diff --git a/9.10/_cabal-install.deb11.yaml b/9.10/_cabal-install.deb11.yaml new file mode 100644 index 0000000..ca8620e --- /dev/null +++ b/9.10/_cabal-install.deb11.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": '5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + "x86_64": '41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' diff --git a/9.10/_cabal-install.deb12.yaml b/9.10/_cabal-install.deb12.yaml new file mode 100644 index 0000000..23bbd2f --- /dev/null +++ b/9.10/_cabal-install.deb12.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": 'f763fb2af2bc1ff174b7361a7d51109a585954f87a0e14f86d144f3bce28f7a9' + "x86_64": '73a463306c771e18ca22c0a9469176ffab0138ec5925adb5364ef47174e1adc5' diff --git a/9.10/bookworm/Dockerfile b/9.10/bookworm/Dockerfile index 6b9a52e..5b94c67 100644 --- a/9.10/bookworm/Dockerfile +++ b/9.10/bookworm/Dockerfile @@ -25,8 +25,8 @@ RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.10.2 -ARG GHC_RELEASE_KEY=88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4 +ARG GHC='9.10.2' +ARG GHC_RELEASE_KEY='88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - GHC_URL="https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-$ARCH-deb11-linux.tar.xz"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='0188ca098abdaf71eb0804d0f35311f405da489137d8d438bfaa43b8d1e3f1b0' + ;; + 'x86_64') + GHC_SHA256='2fe2c3e0a07e4782530e8bf83eeda8ff6935e40d5450c1809abcdc6182c9c848' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.4/_cabal-install.yaml b/9.4/_cabal-install.yaml new file mode 100644 index 0000000..ca8620e --- /dev/null +++ b/9.4/_cabal-install.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": '5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + "x86_64": '41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' diff --git a/9.4/_ghc.yaml b/9.4/_ghc.yaml new file mode 100644 index 0000000..f31e1d0 --- /dev/null +++ b/9.4/_ghc.yaml @@ -0,0 +1,5 @@ +version: "9.4.8" +release_key: "88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4" +sha256sum: + "aarch64": '278e287e1ee624712b9c6d7803d1cf915ca1cce56e013b0a16215eb8dfeb1531' + "x86_64": '2743629d040f3213499146cb5154621d6f25e85271019afc9b9009e04d66bf6c' diff --git a/9.4/_globals.yaml b/9.4/_globals.yaml new file mode 100644 index 0000000..a6d67e6 --- /dev/null +++ b/9.4/_globals.yaml @@ -0,0 +1,9 @@ +stack: + version: "3.3.1" + release_key: "C5705533DA4F78D8664B5DC0575159689BEFB442" + sha256sum: + "aarch64": 'bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + "x86_64": '88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' +cabal_install: + version: "3.14.1.1" + release_key: "EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF" diff --git a/9.4/bullseye.yaml b/9.4/bullseye.yaml new file mode 100644 index 0000000..dd37c20 --- /dev/null +++ b/9.4/bullseye.yaml @@ -0,0 +1,13 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +overrides: + ghc: + "aarch64": + # GHC 9.4.8 doesn't have a deb11 bindist for aarch64 for some reason, so we're using the deb10 one instead + url: "https://downloads.haskell.org/~ghc/9.4.8/ghc-9.4.8-aarch64-deb10-linux.tar.xz" +_globals: !include '_globals.yaml' diff --git a/9.4/bullseye/Dockerfile b/9.4/bullseye/Dockerfile new file mode 100644 index 0000000..ee9d577 --- /dev/null +++ b/9.4/bullseye/Dockerfile @@ -0,0 +1,144 @@ +FROM debian:bullseye + +ENV LANG=C.UTF-8 + +# common haskell + stack dependencies +RUN <&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + + stack --version; +EOT + +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' + +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS + # confirm we are verifying SHA256SUMS that matches the release + sha256 + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + + cabal --version +EOT + +ARG GHC='9.4.8' +ARG GHC_RELEASE_KEY='88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4' + +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + + "/opt/ghc/$GHC/bin/ghc" --version +EOT + +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH + +CMD ["ghci"] diff --git a/9.4/slim-bullseye.yaml b/9.4/slim-bullseye.yaml new file mode 100644 index 0000000..5f8f987 --- /dev/null +++ b/9.4/slim-bullseye.yaml @@ -0,0 +1,13 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye-slim' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +overrides: + ghc: + "aarch64": + # GHC 9.4.8 doesn't have a deb11 bindist for aarch64 for some reason, so we're using the deb10 one instead + url: "https://downloads.haskell.org/~ghc/9.4.8/ghc-9.4.8-aarch64-deb10-linux.tar.xz" +_globals: !include '_globals.yaml' diff --git a/9.4/slim-bullseye/Dockerfile b/9.4/slim-bullseye/Dockerfile new file mode 100644 index 0000000..db65579 --- /dev/null +++ b/9.4/slim-bullseye/Dockerfile @@ -0,0 +1,144 @@ +FROM debian:bullseye-slim + +ENV LANG=C.UTF-8 + +# common haskell + stack dependencies +RUN <&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + + stack --version; +EOT + +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' + +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS + # confirm we are verifying SHA256SUMS that matches the release + sha256 + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + + cabal --version +EOT + +ARG GHC='9.4.8' +ARG GHC_RELEASE_KEY='88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4' + +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + + "/opt/ghc/$GHC/bin/ghc" --version +EOT + +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH + +CMD ["ghci"] diff --git a/9.6/_cabal-install.yaml b/9.6/_cabal-install.yaml new file mode 100644 index 0000000..ca8620e --- /dev/null +++ b/9.6/_cabal-install.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": '5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + "x86_64": '41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' diff --git a/9.6/_ghc.yaml b/9.6/_ghc.yaml new file mode 100644 index 0000000..1461e4e --- /dev/null +++ b/9.6/_ghc.yaml @@ -0,0 +1,5 @@ +version: "9.6.7" +release_key: "8C961469C8FDC968718D6245AC7DE836C5DF907D" +sha256sum: + "aarch64": '3cfa843687856de304a946dbe849a497c4fdad021f0275628b8ca7b55ccf8082' + "x86_64": 'fc6a6247d1831745c67b27d6212f6911c35a933043f3b6851724e2e01484d077' diff --git a/9.6/_globals.yaml b/9.6/_globals.yaml new file mode 100644 index 0000000..a6d67e6 --- /dev/null +++ b/9.6/_globals.yaml @@ -0,0 +1,9 @@ +stack: + version: "3.3.1" + release_key: "C5705533DA4F78D8664B5DC0575159689BEFB442" + sha256sum: + "aarch64": 'bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + "x86_64": '88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' +cabal_install: + version: "3.14.1.1" + release_key: "EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF" diff --git a/9.6/bullseye.yaml b/9.6/bullseye.yaml new file mode 100644 index 0000000..83613f9 --- /dev/null +++ b/9.6/bullseye.yaml @@ -0,0 +1,13 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +overrides: + ghc: + "aarch64": + # GHC 9.6.7 doesn't have a deb11 bindist for aarch64 for some reason, so we're using the deb10 one instead + url: "https://downloads.haskell.org/~ghc/9.6.7/ghc-9.6.7-aarch64-deb10-linux.tar.xz" +_globals: !include '_globals.yaml' diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index 7b0cf8f..83aea5a 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -3,7 +3,8 @@ FROM debian:bullseye ENV LANG=C.UTF-8 # common haskell + stack dependencies -RUN apt-get update && \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.6.7 -ARG GHC_RELEASE_KEY=8C961469C8FDC968718D6245AC7DE836C5DF907D +ARG GHC='9.6.7' +ARG GHC_RELEASE_KEY='8C961469C8FDC968718D6245AC7DE836C5DF907D' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='3cfa843687856de304a946dbe849a497c4fdad021f0275628b8ca7b55ccf8082' + GHC_URL='https://downloads.haskell.org/~ghc/9.6.7/ghc-9.6.7-aarch64-deb10-linux.tar.xz' + ;; + 'x86_64') + GHC_SHA256='fc6a6247d1831745c67b27d6212f6911c35a933043f3b6851724e2e01484d077' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.6/slim-bullseye.yaml b/9.6/slim-bullseye.yaml new file mode 100644 index 0000000..cee7681 --- /dev/null +++ b/9.6/slim-bullseye.yaml @@ -0,0 +1,13 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye-slim' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +overrides: + ghc: + "aarch64": + # GHC 9.6.7 doesn't have a deb11 bindist for aarch64 for some reason, so we're using the deb10 one instead + url: "https://downloads.haskell.org/~ghc/9.6.7/ghc-9.6.7-aarch64-deb10-linux.tar.xz" +_globals: !include '_globals.yaml' diff --git a/9.6/slim-bullseye/Dockerfile b/9.6/slim-bullseye/Dockerfile index 3a7f96e..4eeb808 100644 --- a/9.6/slim-bullseye/Dockerfile +++ b/9.6/slim-bullseye/Dockerfile @@ -3,7 +3,8 @@ FROM debian:bullseye-slim ENV LANG=C.UTF-8 # common haskell + stack dependencies -RUN apt-get update && \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.6.7 -ARG GHC_RELEASE_KEY=8C961469C8FDC968718D6245AC7DE836C5DF907D +ARG GHC='9.6.7' +ARG GHC_RELEASE_KEY='8C961469C8FDC968718D6245AC7DE836C5DF907D' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - # remove profiling support to save space - find "/opt/ghc/$GHC/" \( -name "*_p.a" -o -name "*.p_hi" \) -type f -delete; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='3cfa843687856de304a946dbe849a497c4fdad021f0275628b8ca7b55ccf8082' + GHC_URL='https://downloads.haskell.org/~ghc/9.6.7/ghc-9.6.7-aarch64-deb10-linux.tar.xz' + ;; + 'x86_64') + GHC_SHA256='fc6a6247d1831745c67b27d6212f6911c35a933043f3b6851724e2e01484d077' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.8/_cabal-install.yaml b/9.8/_cabal-install.yaml new file mode 100644 index 0000000..ca8620e --- /dev/null +++ b/9.8/_cabal-install.yaml @@ -0,0 +1,3 @@ +sha256sum: + "aarch64": '5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + "x86_64": '41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' diff --git a/9.8/_ghc.yaml b/9.8/_ghc.yaml new file mode 100644 index 0000000..6140f87 --- /dev/null +++ b/9.8/_ghc.yaml @@ -0,0 +1,5 @@ +version: "9.8.4" +release_key: "FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD" +sha256sum: + "aarch64": '310204daf2df6ad16087be94b3498ca414a0953b29e94e8ec8eb4a5c9bf603d3' + "x86_64": 'af151db8682b8c763f5a44f960f65453d794c95b60f151abc82dbdefcbe6f8ad' diff --git a/9.8/_globals.yaml b/9.8/_globals.yaml new file mode 100644 index 0000000..a6d67e6 --- /dev/null +++ b/9.8/_globals.yaml @@ -0,0 +1,9 @@ +stack: + version: "3.3.1" + release_key: "C5705533DA4F78D8664B5DC0575159689BEFB442" + sha256sum: + "aarch64": 'bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + "x86_64": '88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' +cabal_install: + version: "3.14.1.1" + release_key: "EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF" diff --git a/9.8/bullseye.yaml b/9.8/bullseye.yaml new file mode 100644 index 0000000..4e3cc20 --- /dev/null +++ b/9.8/bullseye.yaml @@ -0,0 +1,9 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +_globals: !include '_globals.yaml' + diff --git a/9.8/bullseye/Dockerfile b/9.8/bullseye/Dockerfile index afbf65f..7726fdf 100644 --- a/9.8/bullseye/Dockerfile +++ b/9.8/bullseye/Dockerfile @@ -3,7 +3,8 @@ FROM debian:bullseye ENV LANG=C.UTF-8 # common haskell + stack dependencies -RUN apt-get update && \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.8.4 -ARG GHC_RELEASE_KEY=FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD +ARG GHC='9.8.4' +ARG GHC_RELEASE_KEY='FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - GHC_URL="https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-$ARCH-deb11-linux.tar.xz"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='310204daf2df6ad16087be94b3498ca414a0953b29e94e8ec8eb4a5c9bf603d3' + ;; + 'x86_64') + GHC_SHA256='af151db8682b8c763f5a44f960f65453d794c95b60f151abc82dbdefcbe6f8ad' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.8/slim-bullseye.yaml b/9.8/slim-bullseye.yaml new file mode 100644 index 0000000..d60aeff --- /dev/null +++ b/9.8/slim-bullseye.yaml @@ -0,0 +1,9 @@ +--- +distro: + codename: 'bullseye' + abbr: 'deb11' + image: 'debian:bullseye-slim' +ghc: !include '_ghc.yaml' +cabal_install: !include '_cabal-install.yaml' +_globals: !include '_globals.yaml' + diff --git a/9.8/slim-bullseye/Dockerfile b/9.8/slim-bullseye/Dockerfile index 2ffc0a5..9e47cd5 100644 --- a/9.8/slim-bullseye/Dockerfile +++ b/9.8/slim-bullseye/Dockerfile @@ -3,7 +3,8 @@ FROM debian:bullseye-slim ENV LANG=C.UTF-8 # common haskell + stack dependencies -RUN apt-get update && \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$STACK_URL" -o stack.tar.gz; \ - echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ - gpgconf --kill all; \ - \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ - stack config set system-ghc --global true; \ - stack config set install-ghc --global false; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + STACK_SHA256='bdd618ea5a9c921417727011f2ecd78987dffa5cee5e741108baf65a9b5b58ab' + ;; + 'x86_64') + STACK_SHA256='88d7e517342c125b0a098d9d578fe53e590618ae4b2427283a27408a1ebd06d8' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" exit 1 ; + esac + curl -sSL "$STACK_URL" -o stack.tar.gz + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check + + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY" + gpg --batch --verify stack.tar.gz.asc stack.tar.gz + gpgconf --kill all + + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack" + stack config set system-ghc --global true + stack config set install-ghc --global false + + rm -rf /tmp/* + stack --version; +EOT -ARG CABAL_INSTALL=3.12.1.0 -ARG CABAL_INSTALL_RELEASE_KEY=1E07C9A1A3088BAD47F74A3E227EE1942B0BDB95 +ARG CABAL_INSTALL='3.14.1.1' +ARG CABAL_INSTALL_RELEASE_KEY='EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - CABAL_INSTALL_TAR="cabal-install-$CABAL_INSTALL-$ARCH-linux-deb11.tar.xz"; \ - CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/$CABAL_INSTALL_TAR"; \ - CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ +RUN <&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ - esac; \ - curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ - echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ - \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ - curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ - gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + case "$ARCH" in + 'aarch64') + CABAL_INSTALL_SHA256='5e8c47a055d5b744741039a7061ee43ec7d080d1251784e7a4cd836403e42523' + ;; + 'x86_64') + CABAL_INSTALL_SHA256='41b85bb25fa654e4b79169014b9142fe696ff35e002e043caa0e52d65204ba8a' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; + esac + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check + + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL" + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig" + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY" + gpg --batch --verify SHA256SUMS.sig SHA256SUMS # confirm we are verifying SHA256SUMS that matches the release + sha256 - grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS; \ - gpgconf --kill all; \ - \ - tar -xf cabal-install.tar.gz -C /usr/local/bin; \ - \ - rm -rf /tmp/*; \ - \ + grep "$CABAL_INSTALL_SHA256 $CABAL_INSTALL_TAR" SHA256SUMS + gpgconf --kill all; + + tar -xf cabal-install.tar.gz -C /usr/local/bin + + rm -rf /tmp/* + cabal --version +EOT -ARG GHC=9.8.4 -ARG GHC_RELEASE_KEY=FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD +ARG GHC='9.8.4' +ARG GHC_RELEASE_KEY='FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD' -RUN set -eux; \ - cd /tmp; \ - ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ - GHC_URL="https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-$ARCH-deb11-linux.tar.xz"; \ +RUN <&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ - esac; \ - curl -sSL "$GHC_URL" -o ghc.tar.xz; \ - echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ - \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ - gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ - gpgconf --kill all; \ - \ - tar xf ghc.tar.xz; \ - cd "ghc-$GHC-$ARCH-unknown-linux"; \ - ./configure --prefix "/opt/ghc/$GHC"; \ - make install; \ - \ - rm -rf /tmp/*; \ - \ + case "$ARCH" in + 'aarch64') + GHC_SHA256='310204daf2df6ad16087be94b3498ca414a0953b29e94e8ec8eb4a5c9bf603d3' + ;; + 'x86_64') + GHC_SHA256='af151db8682b8c763f5a44f960f65453d794c95b60f151abc82dbdefcbe6f8ad' + ;; + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; + esac + curl -sSL "$GHC_URL" -o ghc.tar.xz + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check + + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY" + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz + gpgconf --kill all + + tar xf ghc.tar.xz + cd "ghc-$GHC-$ARCH-unknown-linux" + ./configure --prefix "/opt/ghc/$GHC" + make install + + rm -rf /tmp/* + "/opt/ghc/$GHC/bin/ghc" --version +EOT ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/README.md b/README.md index f4a1a97..8f3ea4c 100644 --- a/README.md +++ b/README.md @@ -102,12 +102,12 @@ Now, check the created/updated `Dockerfile` and commit it to the VCS. You can build and run the images locally with something like: ```bash -$ docker build -t haskell-local 9.2/buster && docker run -it haskell-local bash +$ docker build -t haskell-local 9.12/bookworm && docker run -it haskell-local bash ``` ### Updating The Images -This invovles a 2 step process. +This involves a 2-step process. 1. Update the images in the docker-haskell repository. 2. Update the [official images repo](https://github.com/docker-library/official-images/blob/master/library/haskell) to use the new git commit sha. @@ -123,7 +123,7 @@ When a new version of Cabal, Stack or GHC is released the images need to be upda ##### GHC 1. Replace the old and new GHC version globally eg. `9.4.3` becomes `9.4.4`. This will update both Dockerfiles **and the github actions**. -2. Obtain the new sha256 for the new GHC binary distribution via https://downloads.haskell.org/~ghc/9.4.4/SHA256SUMS . Look for the sha for the `.tar.xz` supported versions (currently `x86_64-deb10` + `aarch64-deb10`). +2. Get the new sha256 for the new GHC binary distribution via https://downloads.haskell.org/~ghc/9.4.4/SHA256SUMS . Look for the sha for the `.tar.xz` supported versions (currently `x86_64-deb10` + `aarch64-deb10`). 3. Replace globally the old sha256 for these with the new one obtained in step 2. 4. Update the PGP key if the person doing the release has changed. You can build the image locally at this point to see if it works or not. If it fails you need to update the PGP key. You need to find the key from the person doing the release on the ubuntu keyserver. See below for known releasers. diff --git a/generate.sh b/generate.sh new file mode 100755 index 0000000..7a007e4 --- /dev/null +++ b/generate.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -e +set -o pipefail + +main() { + if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 + fi + local script_dir + script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) + cd "$script_dir" || exit 1 + local abs_data_file + abs_data_file=$(realpath "$1") + local abs_output_file + abs_output_file=$(realpath "$2") + local template_path + template_path=$(realpath ./template/Dockerfile.jinja) + # run the generator + pushd generator || exit 1 + stack run -- -t "$template_path" --data-file "$abs_data_file" > "$abs_output_file" + popd || exit 1 +} +main "$@"