Reworked Travis CI to produce ARM images

.travis.yml

@@ -1,7 +1,23 @@
-language: generic
+sudo: required
 services:
   - docker
-install:
+branches:
-  - docker build .
+  only:
+    - master
+env:
+  global:
+    - DOCKER_BUILD=qmcgaw/private-internet-access
+  matrix:
+    - ARCH=armhf
+      BASE_IMAGE=arm32v6/alpine
+      TARGET_IMAGE=${DOCKER_BUILD}:${ARCH}
+    - ARCH=aarch64
+      BASE_IMAGE=arm64v8/alpine
+      TARGET_IMAGE=${DOCKER_BUILD}:${ARCH}
+script:
+  - docker run --rm --privileged multiarch/qemu-user-static:register --reset
+  - docker build -t ${TARGET_IMAGE} --build-arg BASE_IMAGE=${BASE_IMAGE} --build-arg VCF=${TRAVIS_COMMIT} --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") .
+  - '[ "${TRAVIS_PULL_REQUEST}" = "false" ] && echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin || false'
+  - '[ "${TRAVIS_PULL_REQUEST}" = "false" ] && docker push ${DOCKER_BUILD} || false'
 after_script:
   - "curl -X POST https://hooks.microbadger.com/images/qmcgaw/private-internet-access/tQFy7AxtSUNANPe6aoVChYdsI_I="

Dockerfile

@@ -1,6 +1,6 @@
-ARG ALPINE_VERSION=3.9
+ARG BASE_IMAGE
 
-FROM alpine:${ALPINE_VERSION}
+FROM ${BASE_IMAGE:-alpine}:3.9
 ARG BUILD_DATE
 ARG VCS_REF
 LABEL org.label-schema.schema-version="1.0.0-rc1" \

Dockerfile.arm32v6

@@ -1,67 +0,0 @@
-ARG ALPINE_VERSION=3.9
-
-FROM arm32v6/alpine:${ALPINE_VERSION}
-ARG BUILD_DATE
-ARG VCS_REF
-LABEL org.label-schema.schema-version="1.0.0-rc1" \
-      maintainer="quentin.mcgaw@gmail.com" \
-      org.label-schema.build-date=$BUILD_DATE \
-      org.label-schema.vcs-ref=$VCS_REF \
-      org.label-schema.vcs-url="https://github.com/qdm12/private-internet-access-docker" \
-      org.label-schema.url="https://github.com/qdm12/private-internet-access-docker" \
-      org.label-schema.vcs-description="VPN client to tunnel to private internet access servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux" \
-      org.label-schema.vcs-usage="https://github.com/qdm12/private-internet-access-docker/blob/master/README.md#setup" \
-      org.label-schema.docker.cmd="docker run -d --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
-      org.label-schema.docker.cmd.devel="docker run -it --rm --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
-      org.label-schema.docker.params="REGION=PIA region,PROTOCOL=udp/tcp,ENCRYPTION=strong/normal,BLOCK_MALICIOUS=on/off,BLOCK_NSA=on/off,UNBLOCK=allowed hostnames,USER=PIA user,PASSWORD=PIA password,EXTRA_SUBNETS=extra subnets to allow on the firewall,NONROOT=yes/no" \
-      org.label-schema.version="" \
-      image-size="16.9MB" \
-      ram-usage="13MB to 80MB" \
-      cpu-usage="Low to Medium"
-ENV USER= \
-    PASSWORD= \
-    ENCRYPTION=strong \
-    PROTOCOL=udp \
-    REGION="CA Montreal" \
-    BLOCK_MALICIOUS=off \
-    BLOCK_NSA=off \
-    UNBLOCK= \
-    EXTRA_SUBNETS= \
-    NONROOT=no
-ENTRYPOINT /entrypoint.sh
-HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
-RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
-    wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \
-            https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \
-            https://www.privateinternetaccess.com/openvpn/openvpn-tcp.zip \
-            https://www.privateinternetaccess.com/openvpn/openvpn-strong-tcp.zip && \
-    mkdir -p /openvpn/target && \
-    unzip -q openvpn.zip -d /openvpn/udp-normal && \
-    unzip -q openvpn-strong.zip -d /openvpn/udp-strong && \
-    unzip -q openvpn-tcp.zip -d /openvpn/tcp-normal && \
-    unzip -q openvpn-strong-tcp.zip -d /openvpn/tcp-strong && \
-    apk del -q --progress --purge unzip && \
-    rm -rf /*.zip /var/cache/apk/* /etc/unbound/unbound.conf /usr/sbin/unbound-anchor /usr/sbin/unbound-checkconf /usr/sbin/unbound-control /usr/sbin/unbound-control-setup /usr/sbin/unbound-host && \
-    adduser nonrootuser -D -H --uid 1000 && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/named.root.updated -O /etc/unbound/root.hints && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/root.key.updated -O /etc/unbound/root.key && \
-    cd /tmp && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-hostnames.updated -O malicious-hostnames && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/nsa-hostnames.updated -O nsa-hostnames && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-ips.updated -O malicious-ips && \
-    while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-malicious.conf; done < malicious-hostnames && \
-    while read ip; do echo "private-address: $ip" >> blocks-malicious.conf; done < malicious-ips && \
-    tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
-    while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-nsa.conf; done < nsa-hostnames && \
-    tar -cjf /etc/unbound/blocks-nsa.bz2 blocks-nsa.conf && \
-    rm -f /tmp/*
-COPY unbound.conf /etc/unbound/unbound.conf
-COPY entrypoint.sh healthcheck.sh /
-RUN chown nonrootuser -R /etc/unbound && \
-    chmod 700 /etc/unbound && \
-    chmod 500 /entrypoint.sh healthcheck.sh && \
-    chmod 400 \
-        /etc/unbound/root.hints \
-        /etc/unbound/root.key \
-        /etc/unbound/unbound.conf \
-        /etc/unbound/*.bz2

Dockerfile.arm64v8

@@ -1,67 +0,0 @@
-ARG ALPINE_VERSION=3.9
-
-FROM arm64v8/alpine:${ALPINE_VERSION}
-ARG BUILD_DATE
-ARG VCS_REF
-LABEL org.label-schema.schema-version="1.0.0-rc1" \
-      maintainer="quentin.mcgaw@gmail.com" \
-      org.label-schema.build-date=$BUILD_DATE \
-      org.label-schema.vcs-ref=$VCS_REF \
-      org.label-schema.vcs-url="https://github.com/qdm12/private-internet-access-docker" \
-      org.label-schema.url="https://github.com/qdm12/private-internet-access-docker" \
-      org.label-schema.vcs-description="VPN client to tunnel to private internet access servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux" \
-      org.label-schema.vcs-usage="https://github.com/qdm12/private-internet-access-docker/blob/master/README.md#setup" \
-      org.label-schema.docker.cmd="docker run -d --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
-      org.label-schema.docker.cmd.devel="docker run -it --rm --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
-      org.label-schema.docker.params="REGION=PIA region,PROTOCOL=udp/tcp,ENCRYPTION=strong/normal,BLOCK_MALICIOUS=on/off,BLOCK_NSA=on/off,UNBLOCK=allowed hostnames,USER=PIA user,PASSWORD=PIA password,EXTRA_SUBNETS=extra subnets to allow on the firewall,NONROOT=yes/no" \
-      org.label-schema.version="" \
-      image-size="19.2MB" \
-      ram-usage="13MB to 80MB" \
-      cpu-usage="Low to Medium"
-ENV USER= \
-    PASSWORD= \
-    ENCRYPTION=strong \
-    PROTOCOL=udp \
-    REGION="CA Montreal" \
-    BLOCK_MALICIOUS=off \
-    BLOCK_NSA=off \
-    UNBLOCK= \
-    EXTRA_SUBNETS= \
-    NONROOT=no
-ENTRYPOINT /entrypoint.sh
-HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
-RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
-    wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \
-            https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \
-            https://www.privateinternetaccess.com/openvpn/openvpn-tcp.zip \
-            https://www.privateinternetaccess.com/openvpn/openvpn-strong-tcp.zip && \
-    mkdir -p /openvpn/target && \
-    unzip -q openvpn.zip -d /openvpn/udp-normal && \
-    unzip -q openvpn-strong.zip -d /openvpn/udp-strong && \
-    unzip -q openvpn-tcp.zip -d /openvpn/tcp-normal && \
-    unzip -q openvpn-strong-tcp.zip -d /openvpn/tcp-strong && \
-    apk del -q --progress --purge unzip && \
-    rm -rf /*.zip /var/cache/apk/* /etc/unbound/unbound.conf /usr/sbin/unbound-anchor /usr/sbin/unbound-checkconf /usr/sbin/unbound-control /usr/sbin/unbound-control-setup /usr/sbin/unbound-host && \
-    adduser nonrootuser -D -H --uid 1000 && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/named.root.updated -O /etc/unbound/root.hints && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/root.key.updated -O /etc/unbound/root.key && \
-    cd /tmp && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-hostnames.updated -O malicious-hostnames && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/nsa-hostnames.updated -O nsa-hostnames && \
-    wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-ips.updated -O malicious-ips && \
-    while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-malicious.conf; done < malicious-hostnames && \
-    while read ip; do echo "private-address: $ip" >> blocks-malicious.conf; done < malicious-ips && \
-    tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
-    while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-nsa.conf; done < nsa-hostnames && \
-    tar -cjf /etc/unbound/blocks-nsa.bz2 blocks-nsa.conf && \
-    rm -f /tmp/*
-COPY unbound.conf /etc/unbound/unbound.conf
-COPY entrypoint.sh healthcheck.sh /
-RUN chown nonrootuser -R /etc/unbound && \
-    chmod 700 /etc/unbound && \
-    chmod 500 /entrypoint.sh healthcheck.sh && \
-    chmod 400 \
-        /etc/unbound/root.hints \
-        /etc/unbound/root.key \
-        /etc/unbound/unbound.conf \
-        /etc/unbound/*.bz2

README.md

@@ -75,16 +75,8 @@
     modprobe tun
     ```
 
-1. **ONLY IF YOU HAVE AN ARM DEVICE, depending on your cpu architecture:**
+1. **IF YOU HAVE AN ARM DEVICE, depending on your cpu architecture:** replace `qmcgaw/private-internet-access`
-
+   with either `qmcgaw/private-internet-access:armhf` (32 bit) or `qmcgaw/private-internet-access:aarch64` (64 bit).
-    ```sh
-    # ARM 32 bit V6
-    docker build -t qmcgaw/private-internet-access https://github.com/qdm12/private-internet-access-docker.git -f Dockerfile.arm32v6
-    # ARM 64 bit v8
-    docker build -t qmcgaw/private-internet-access https://github.com/qdm12/private-internet-access-docker.git -f Dockerfile.arm64v8
-    ```
-
-    I will rework the CI pipeline to build ARM images later.
 
 1. Launch the container with: