Build OCaml iptables package once and push to hub

As the build requires networking, is non repeatable as dependencies
may change, makes sense to make it a static package for now.

Plan is to rewrite in Go anyway at some point see #467

Signed-off-by: Justin Cormack <justin.cormack@docker.com>

alpine/base/pinata-iptables/Makefile

@@ -0,0 +1,12 @@
+BASE=ocaml/opam:alpine
+IMAGE=pinata-iptables
+
+# OCaml builds are non deterministic so do not generate a hash
+
+default: Dockerfile main.ml
+	docker pull $(BASE)
+	BUILD=$$( docker build -q . ) && \
+	[ -n "$$BUILD" ] && \
+	echo "Built $$BUILD" && \
+	docker tag $$BUILD mobylinux/$(IMAGE):latest
+	docker push mobylinux/$(IMAGE):latest

alpine/packages/iptables/.gitignore

@@ -1 +1 @@
-iptables
+usr

alpine/packages/iptables/Makefile

@@ -1,11 +1,13 @@
+# This image is currently just tagged latest as non reproducible
+IPTABLES_IMAGE=mobylinux/pinata-iptables@sha256:4dc27c9515c99dc80c8ec431de2c7db7d382425e5c1de13a560e6ec4c6a52b89
+
 all: usr/local/sbin/iptables
 
-usr/local/sbin/iptables: Dockerfile main.ml
-	mkdir -p usr/local/sbin
-	BUILD=$$( docker build -q . ) && \
-	[ -n "$$BUILD" ] && \
-	echo "Built $$BUILD" && \
-	docker run --rm $$BUILD | tar xf - -C usr/local/sbin
+usr/local/sbin/iptables:
+	mkdir -p $(dir $@)
+	docker run --rm --net=none --log-driver=none $(IPTABLES_IMAGE) | tar xf - -C $(dir $@)
 
 clean:
 	rm -rf usr
+
+.DELETE_ON_ERROR: