--- /dev/null
+# Copyright (C) 2014 W. Trevor King <wking@tremily.us>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+FROM ${NAMESPACE}/gentoo-layman:${TAG}
+MAINTAINER ${MAINTAINER}
+#VOLUME ["${PORTAGE}:/usr/portage:ro", "${PORTAGE}/distfiles:/usr/portage/distfiles:rw"]
+RUN layman --add wtk
+RUN echo '=net-proxy/package-cache-9999 ~amd64' >> /etc/portage/package.accept_keywords
+RUN emerge -v net-proxy/package-cache
+RUN eselect news read new
+RUN rc-update add package-cache default
+RUN echo 'PORT="80"' > /etc/conf.d/package-cache
+RUN echo 'PC_OPTS="-vvv"' >> /etc/conf.d/package-cache
+
+# Linux doesn't support user and group namespacing yet
+Run echo 'PC_USER="root"' >> /etc/conf.d/package-cache
+Run echo 'PC_GROUP="root"' >> /etc/conf.d/package-cache
+
+# Container networking happens automatically
+RUN sed -i 's/need net$/use net/' /etc/init.d/*
+
+CMD rc default && tail -F /var/log/messages
+EXPOSE 80
--- /dev/null
+Run this [package-cache][] image with:
+
+ $ docker run -d -name package-cache-0 -v /var/cache/package-cache-0:/usr/portage -p 4000:80 wking/package-cache
+
+[volume-mounting][volume-mount] your content under the container's
+`/usr/portage`. Then setup you host firewall to intercept outgoing
+connections to [distfiles.gentoo.org][] and redirect them to the
+package cacher. Use [jq][] to extract the package-cache IP address:
+
+ # CACHE_IP=$(docker inspect package-cache-0 |
+ > jq -r '.[0].NetworkSettings.IPAddress')
+
+And add a destination address translation rule, using [dig][] to list
+IP addresses for the source:
+
+ # for SOURCE_IP in $(dig +short distfiles.gentoo.org);
+ > do
+ > iptables --table nat --append PREROUTING --protocol tcp \
+ > --in-interface docker0 ! --source "${CACHE_IP}" \
+ > --destination "${SOURCE_IP}" \
+ > --match tcp --destination-port 80 \
+ > --jump DNAT --to-destination "${CACHE_IP}:80" ;
+ > done
+
+To remove those entries later, repeat the command with `--delete`
+instead of `--append`. You may need to list the `SOURCE_IP` values
+explicitly if the DNS entries have changed. Run:
+
+ # iptables --table nat --list PREROUTING --numeric
+
+to list the entries. See `iptables(8)` and `iptables-extensions(8)`
+for more details.
+
+[package-cache]: http://blog.tremily.us/posts/package-cache/
+[volume-mount]: http://docs.docker.io/en/latest/use/working_with_volumes/
+[distfiles.gentoo.org]: http://distfiles.gentoo.org/
+[jq]: http://stedolan.github.io/jq/
+[dig]: ftp://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/man.dig.html
projects / dockerfile.git / commitdiff