-
Notifications
You must be signed in to change notification settings - Fork 5
/
hack-my-builds.sh
executable file
·104 lines (90 loc) · 2.96 KB
/
hack-my-builds.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/usr/bin/env bash
set -Eeuo pipefail
echo >&2
echo >&2 'WARNING: this entire tool is deprecated! Please adjust your usage accordingly.'
echo >&2
sleep 2
# uses https://github.com/tianon/rawdns to install pgp-happy-eyeballs in a way that can be used for "curl|bash" in cloud-based CI builds for transparently happy eyeballs
set -x
bip="$(ip address show dev docker0 | awk '$1 == "inet" { print $2; exit }')"
[ -n "$bip" ]
ip="${bip%/*}"
[ -n "$ip" ]
uid="$(id -u)"
_sudo() {
if [ "$uid" = '0' ]; then
"$@"
else
sudo "$@"
fi
}
_sudo sh -xec '
mkdir -p /etc/docker
[ -s /etc/docker/daemon.json ] || echo "{}" > /etc/docker/daemon.json
'
_sudo jq --arg bip "$bip" --arg ip "$ip" '
.bip = $bip
| .dns = [
$ip,
"1.1.1.1",
"1.0.0.1"
]
' /etc/docker/daemon.json \
| sed 's/ /\t/g' \
| _sudo tee /etc/docker/daemon.json.rawdns \
> /dev/null
_sudo mv /etc/docker/daemon.json.rawdns /etc/docker/daemon.json
if [ -d /run/systemd/system ] && command -v systemctl; then
_sudo systemctl --quiet stop docker || :
_sudo systemctl start docker
_sudo systemctl --full --no-pager status docker
else
_sudo service docker stop &> /dev/null || :
_sudo service docker start
fi
docker version > /dev/null
: "${squignixHostname:="$(docker container inspect squignix &> /dev/null && echo 'squignix.docker' || :)"}"
docker rm -vf rawdns &> /dev/null || :
docker run -d \
--restart always \
--name rawdns \
-v /var/run/docker.sock:/var/run/docker.sock \
-p "$ip":53:53/tcp \
-p "$ip":53:53/udp \
--dns 1.1.1.1 \
--dns 1.0.0.1 \
-e squignixHostname="$squignixHostname" \
tianon/rawdns sh -xec '
cat > /rawdns.json <<-EOF
{
EOF
for host in "keyserver.ubuntu.com" "pgp.mit.edu" "pool.sks-keyservers.net"; do
cat >> /rawdns.json <<-EOF
"$host.": { "type": "static", "cnames": [ "pgp-happy-eyeballs.docker" ], "nameservers": [ "127.0.0.1" ] },
EOF
done
cat >> /rawdns.json <<-EOF
"hkps.pool.sks-keyservers.net.": { "type": "forwarding", "nameservers": [ "1.1.1.1", "1.0.0.1", "8.8.8.8", "8.8.4.4" ] },
EOF
# if we have a squignix host, we should use it!
if [ -n "$squignixHostname" ]; then
for host in "deb.debian.org" "snapshot.debian.org" "archive.ubuntu.com" "dl-cdn.alpinelinux.org"; do
cat >> /rawdns.json <<-EOF
"$host.": { "type": "static", "cnames": [ "$squignixHostname" ], "nameservers": [ "127.0.0.1" ] },
EOF
done
fi
cat >> /rawdns.json <<-EOF
"docker.": { "type": "containers", "socket": "unix:///var/run/docker.sock" },
".": { "type": "forwarding", "nameservers": [ "1.1.1.1", "1.0.0.1" ] }
}
EOF
cat /rawdns.json
exec rawdns /rawdns.json
'
docker rm -vf pgp-happy-eyeballs &> /dev/null || :
docker run -d --restart always --name pgp-happy-eyeballs --dns 1.1.1.1 --dns 1.0.0.1 tianon/pgp-happy-eyeballs
# trust, but verify
docker run --rm tianon/network-toolbox:alpine gpg --keyserver fake.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
docker logs rawdns
docker logs pgp-happy-eyeballs