FROM stagex/user-alsa-lib:sx2025.02.0@sha256:5e29d15860ea2f01b7b4a614d2ffbc6bb41b87b8892138a93b4adca206105593 AS user-alsa-lib FROM stagex/core-bash:sx2025.02.0@sha256:ae98e66f8623629151d79fd2b574442778b50bd37511dea8da4237d4c18ce04c AS core-bash FROM stagex/core-bc:sx2025.02.0@sha256:8f0a8d3e86a2221f5179a1817f482013dbc5b5f8f985c1a3404a6f3975c5eda9 AS core-bc FROM stagex/core-busybox:sx2025.02.0@sha256:01b31cc07543733fbf6889e596427af943aba2780bc2f514a3d30bb290da7e2a AS core-busybox FROM stagex/user-ccid:sx2025.02.0@sha256:a2ab2199974a60fc711e881e8cda43007bd39482213fd9fa50c9580e027d6fa8 AS user-ccid FROM stagex/user-cpio:sx2025.02.0@sha256:d8837d12a89ef7e35c72115a7919224a3246a2e17a685b684628cc03957726ac AS user-cpio FROM stagex/core-curl:sx2025.02.0@sha256:b65975066d7b2256c51601749d947fa54ce9a23d4f2b46f4de7daf6f11f9730f AS core-curl FROM stagex/user-dtc:sx2025.02.0@sha256:39231aa3e2ca4e3ac46aa7faea4e7aee5733f425c35ae5ca83e54ce5b3629f89 AS user-dtc FROM stagex/user-eudev:sx2025.02.0@sha256:292ece79a82c2d2dc422d44a0d4e65dd6dde0304566a40f286e8e2ff62b59c52 AS user-eudev FROM stagex/user-flashtools:sx2025.02.0@sha256:1d3aa7c7e6f061e2f738b9bf01d9584786c9b96ae5f0e84d302278ae687a58cc AS user-flashtools FROM stagex/core-gcc:sx2025.02.0@sha256:02896413375c15cbff666fbab7c534caefc8936d53e167a6ea457a05c27e8096 AS core-gcc FROM stagex/user-glib:sx2025.02.0@sha256:b7e6e23e3d95b95f1e9183f3571bba21ebc2304c3ce5b545962651d29706f901 AS user-glib FROM stagex/core-gmp:sx2025.02.0@sha256:bb8b3e57bbbd105b049f1ab097927f7b33bc25e47b5407dd4e55b259ec5a9a14 AS core-gmp FROM stagex/user-gpg:sx2025.02.0@sha256:df188d540aa18e8b9684941bff9a591270765141f0ad5a87a0e1d7cd9961da7a AS user-gpg FROM stagex/user-grub:sx2025.02.0@sha256:f2a574d88520fbc37ac233e3380d6cc89ce969e0abd36626fb04179355cf1d92 AS user-grub FROM stagex/user-icepick:sx2025.02.0@sha256:341262fbc019ae8ce3940fe9bb940810c3cef90ba2e7969a5b28aebc4730593d AS user-icepick FROM stagex/user-ipxe:sx2025.02.0@sha256:bac91399972e5a12b534ee92ac6be103a9d28758c609926f168924eb9a175e4b AS user-ipxe FROM stagex/user-jq:sx2025.02.0@sha256:c6b5baceb4c171859d7a75c2919f12558fee7951db3fd87dae76076ac9d85fda AS user-jq FROM stagex/user-keyfork:sx2025.02.0@sha256:16fc7cf733c3654bf92bc4beb2b8d254e0cfdf7a82f1dbe1be4e7acb1e82e29e AS user-keyfork FROM stagex/user-libaio:sx2025.02.0@sha256:6ec20e9f3a77c555a6bfcecd5b3461740fc6d3faa9a0f81b97ca3606819ef26b AS user-libaio FROM stagex/user-libassuan:sx2025.02.0@sha256:3aa891c65990114ba697d1bcf90c51515947daf932ce96d8861658391206c8c7 AS user-libassuan FROM stagex/core-libffi:sx2025.02.0@sha256:8b22d8fa8aa4da590fcc7257aba1b6a2eb74598f5f60a95900050bf00ce470ac AS core-libffi FROM stagex/user-libgcrypt:sx2025.02.0@sha256:2281a0b1093d2bc60f4208f3a34f7e01440c3dac31f122ed9b42a2417d4085c8 AS user-libgcrypt FROM stagex/user-libgpg-error:sx2025.02.0@sha256:902cfc4a40cc69e003dec008f4bbf86338f5984847d11f0d422f06a797e656b4 AS user-libgpg-error FROM stagex/user-libksba:sx2025.02.0@sha256:e6b7bd3a005a881b545b6b4066dc6392d741e1f062718428f9115db1a1edf23a AS user-libksba FROM stagex/user-libqrencode:sx2025.02.0@sha256:e6ed8097b670b0ea79018a50efc0cdde3968a2165b9ff3b7b96af92fc8a43b45 AS user-libqrencode FROM stagex/user-libseccomp:sx2025.02.0@sha256:632684b54847814367247b8d1247832fa56bb0dd8300495c342b0585cca47c10 AS user-libseccomp FROM stagex/user-libslirp:sx2025.02.0@sha256:29d98f357f98f91e634659b945ccbe834d37f4c9c7e243aeb8d47ed438df741d AS user-libslirp FROM stagex/user-libtpms:sx2025.02.0@sha256:09b410b27db7e3adbf61019fbdb6bb09fad597cb32de37f869b2f157332c771b AS user-libtpms FROM stagex/core-libunwind:sx2025.02.0@sha256:ce594ad617278d675db6a9b851fda8988e1f3969849ece0d9cf97192436168d5 AS core-libunwind FROM stagex/user-libusb:sx2025.02.0@sha256:b78ca9194fdb8dfb7b7177d16a156fac21e6c9822a0c35a17841400bc1a27f68 AS user-libusb FROM stagex/core-libzstd:sx2025.02.0@sha256:23cd975a27e218c5398efd17e1f8c491d31969ab674d3468dbf8b75ba40611ad AS core-libzstd FROM stagex/user-linux-airgap:sx2025.02.0@sha256:a2dbeace3ce085ba487e88b3968fea1ec29ce392f691d28c4b183e1ed9c0df4d AS user-linux-airgap FROM stagex/user-lzo:sx2025.02.0@sha256:b71c2944073f3fbc1fe543b9e4dfc4f59ec013a763a6209ded77b8f8bd0a33b4 AS user-lzo FROM stagex/user-mtools:sx2025.02.0@sha256:ea76e5f82f9833274a4438e9706779afd9b1c0b197c984c9d54c9887163ffb42 AS user-mtools FROM stagex/core-musl:sx2025.02.0@sha256:23d0614f60449015add2369959c89a6ea08e208302773b9a0811ce1195afc3a4 AS core-musl FROM stagex/user-nettle:sx2025.02.0@sha256:e346d2c60a16e34f0f914a82f22357e5dade255f9ef8c2be006564847ce64ac5 AS user-nettle FROM stagex/user-npth:sx2025.02.0@sha256:82462e0c12a8d3e3196ea8b3a647e75efd6d1cc0a84b091a0bb844e0c623d9be AS user-npth FROM stagex/user-numactl:sx2025.02.0@sha256:b89612d78567874127522af2c73d5d0a7d5fffbb37bf4b2193affa679d7f367c AS user-numactl FROM stagex/user-openpgp-card-tools:sx2025.02.0@sha256:77d9f2d949548c22badbf29ff8e43a3329ef568c77c66ddbde8d9e2e2dfecb1b AS user-openpgp-card-tools FROM stagex/user-opensc:sx2025.02.0@sha256:985c0ea0d7ca91b0ed3b2f72c736b75f6d8a392e826f62859f2056a7222f7b75 AS user-opensc FROM stagex/core-openssl:sx2025.02.0@sha256:b3371fba4b4c61ddd02d97e81d0406d122a552a59f474d23822b099874690af0 AS core-openssl FROM stagex/user-pcsc-lite:sx2025.02.0@sha256:825708912c41d93dd38230f6f481f5876acb5b2959461504bdaa02a942f8c7b4 AS user-pcsc-lite FROM stagex/user-pcsc-tools:sx2025.02.0@sha256:dc609b2eb7ba44f877b481633baa86873e99739573f81fe10d5485eb5a1b4f9d AS user-pcsc-tools FROM stagex/user-qemu:sx2025.02.0@sha256:47653f32fb5874d91969a4b206e8f46f26f056dc2adfc88758d57208a6659b03 AS user-qemu FROM stagex/user-canokey-qemu:sx2025.02.0@sha256:aba3be44d4b0da2f4ee52fdc2e2cd5b4f6dd05162323015745d2fd194d3074a7 AS user-canokey-qemu FROM stagex/user-seabios:sx2025.02.0@sha256:03eeb1344ad5f94dccdedbb3379906b272b62e246972e9334011746c79f234cf AS user-seabios FROM stagex/user-sops:sx2025.02.0@sha256:1eb6f16dcae77f43dddfed09d471a4aca7db3773e7de5352278c3d334927b0dd AS user-sops FROM stagex/core-zlib:sx2025.02.0@sha256:15860e0789afa0f3ed1bd4e9d771ecb34fbab399064f6aa69c05e71cb8822156 AS core-zlib FROM stagex/user-sequoia-sq:sx2025.02.0@sha256:48b9a0f425604f46a0587e6dcbf81576f32145363dcfbdb86a9c46af659996a6 AS user-sequoia-sq FROM stagex/user-sequoia-sq-wot:sx2025.02.0@sha256:aeedcfbe20ff38937a0157fa2047a831f187a53deb319d8bee7848cf52b0cd5f AS user-sequoia-sq-wot FROM stagex/user-swtpm:sx2025.02.0@sha256:a13468396caeba89123a414500364967ac90af9541bf01b84821db487d7c7cc9 AS user-swtpm FROM stagex/user-syslinux:sx2025.02.0@sha256:b5e74e7384e6b1f21641296e5188073b65761724a91ae55ecaba9b7164de8c3a AS user-syslinux FROM stagex/user-tpm2-tools:sx2025.02.0@sha256:bf5d0c4b62dda736043843a5c59d1ed7c7aaf5e50cbcdb3976025e03384eb709 AS user-tpm2-tools FROM stagex/user-tpm2-tss:sx2025.02.0@sha256:816caefc95cadd4b0eaeccd0c2ee45a6093ff49ca8fa49dd3970284629523fd7 AS user-tpm2-tss FROM stagex/user-util-linux:sx2025.02.0@sha256:bf03b1aaa92a3877f2d2a35d2c27cf453f95545bc7c355b7d4971b58eddbf7a3 AS user-util-linux FROM stagex/user-xorriso:sx2025.02.0@sha256:f3b9f1eebdbc6f2e62a9d4345abb87ea81219fc4afdbdc0412a8a2110282a1a1 AS user-xorriso FROM stagex/core-xz:sx2025.02.0@sha256:34824f16967f6bd8ecf24c320e36dfc9cd58d5746d3c524e1b896ebdf5a2e760 AS core-xz FROM stagex/user-yq:sx2025.02.0@sha256:9aba3b01cc7d78bc78853121cdcd430a67f543eebae30220f233659039ce6e54 AS user-yq FROM stagex/core-zlib:sx2025.02.0@sha256:15860e0789afa0f3ed1bd4e9d771ecb34fbab399064f6aa69c05e71cb8822156 AS core-zlib FROM scratch AS base ARG VERSION development ARG GIT_TIMESTAMP null ARG GIT_AUTHOR null ARG GIT_REF null ARG GIT_PUBKEY null COPY --from=core-busybox . / COPY --from=core-musl . / COPY --from=core-xz . / COPY --from=user-xorriso . / COPY --from=user-cpio . / COPY --from=user-mtools . / COPY --from=user-grub . / FROM base as dev COPY --from=core-gcc . / COPY --from=core-zlib . / COPY --from=user-glib . / COPY --from=user-alsa-lib . / COPY --from=user-lzo . / COPY --from=user-dtc . / COPY --from=user-numactl . / COPY --from=user-libaio . / COPY --from=user-libseccomp . / COPY --from=core-libffi . / COPY --from=core-libzstd . / COPY --from=user-libslirp . / COPY --from=user-seabios . / COPY --from=user-ipxe . / COPY --from=user-qemu . / COPY --from=user-canokey-qemu . / COPY --from=user-swtpm . / COPY --from=core-openssl . / COPY --from=core-curl . / COPY --from=user-libtpms . / COPY --from=user-tpm2-tss . / COPY --from=user-tpm2-tools . / FROM base AS build ## Kernel COPY --from=user-linux-airgap /bzImage iso/boot/vmlinuz ## Initramfs COPY --from=core-busybox . initramfs COPY --from=user-eudev . initramfs COPY --from=core-musl . initramfs COPY --from=core-zlib . initramfs COPY --from=user-npth . initramfs COPY --from=user-libksba . initramfs COPY --from=user-libgpg-error . initramfs COPY --from=user-libassuan . initramfs COPY --from=user-libgcrypt . initramfs COPY --from=core-bash . initramfs COPY --from=user-gpg . initramfs COPY --from=user-jq . initramfs COPY --from=user-yq . initramfs COPY --from=core-bc . initramfs COPY --from=user-flashtools . initramfs COPY --from=core-curl . initramfs COPY --from=user-tpm2-tools . initramfs COPY --from=user-tpm2-tss . initramfs COPY --from=core-openssl . initramfs COPY --from=user-libusb . initramfs COPY --from=user-ccid . initramfs COPY --from=user-pcsc-lite . initramfs COPY --from=user-pcsc-tools . initramfs COPY --from=user-libqrencode . initramfs COPY --from=core-gmp . initramfs COPY --from=core-libunwind . initramfs COPY --from=user-nettle . initramfs COPY --from=user-opensc . initramfs COPY --from=user-util-linux . initramfs COPY --from=user-sops . initramfs COPY --from=core-gcc /usr/lib/libgcc* initramfs/usr/lib/ COPY --from=user-openpgp-card-tools . initramfs COPY --from=user-sequoia-sq . initramfs COPY --from=user-sequoia-sq-wot . initramfs COPY --from=user-keyfork . initramfs COPY --from=user-icepick . initramfs COPY rootfs/ initramfs COPY <<-EOF initramfs/etc/environment export VERSION="$VERSION" export GIT_TIMESTAMP="$GIT_TIMESTAMP" export GIT_AUTHOR="$GIT_AUTHOR" export GIT_REF="$GIT_REF" export GIT_PUBKEY="$GIT_PUBKEY" EOF RUN <<-EOF set -eux cd initramfs find . -exec touch -hcd "@0" "{}" + find . -print0 \ | sort -z \ | cpio \ --null \ --create \ --verbose \ --reproducible \ --format=newc \ | gzip --best \ > ../iso/boot/initramfs EOF ## Grub (EFI Boot) COPY config/grub.cfg iso/boot/grub/grub.cfg COPY config/grub_early.cfg grub_early.cfg RUN <<-EOF set -eux mkdir -p efi/boot grub-mkimage \ --config="grub_early.cfg" \ --prefix="/boot/grub" \ --output="efi/boot/bootx64.efi" \ --format="x86_64-efi" \ --compression="xz" \ all_video \ disk \ part_gpt \ part_msdos \ linux \ normal \ configfile \ search \ search_label \ efi_gop \ fat \ iso9660 \ gzio \ serial \ terminal find efi -exec touch -hcd "@0" "{}" + mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 :: mcopy -i iso/boot/grub/efi.img -ms efi :: touch -md "@0" iso/boot/grub/efi.img EOF ## Syslinux (BIOS Boot) COPY config/syslinux.cfg iso/boot/syslinux/ COPY --from=user-syslinux \ /usr/share/syslinux/isohdpfx.bin \ /usr/share/syslinux/isolinux.bin \ /usr/share/syslinux/ldlinux.c32 \ /usr/share/syslinux/libutil.c32 \ /usr/share/syslinux/libcom32.c32 \ /usr/share/syslinux/mboot.c32 \ iso/boot/syslinux/ ## Build Hybrid EFI/BIOS ISO FROM build AS install ENV SOURCE_DATE_EPOCH=1 RUN <<-EOF set -eux dd if=/dev/zero bs=1M count=10 >> user.img mformat -v user -i user.img -N 0 :: find iso -exec touch -hcd "@0" "{}" + xorrisofs \ -output airgap.iso \ -full-iso9660-filenames \ -joliet \ -rational-rock \ -sysid LINUX \ -volid "airgap" \ -isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \ -eltorito-boot boot/syslinux/isolinux.bin \ -eltorito-catalog boot/syslinux/boot.cat \ -no-emul-boot \ -boot-load-size 4 \ -boot-info-table \ -eltorito-alt-boot \ -e boot/grub/efi.img \ -no-emul-boot \ -isohybrid-gpt-basdat \ -follow-links \ -append_partition 3 0xb user.img \ iso/ EOF ## Minimal Autorun SD card image COPY sdcard sdcard RUN <<-EOF set -eux dd if=/dev/zero of=sdcard.img bs=1M count=32 mformat -v external -i sdcard.img :: mcopy -i sdcard.img -s sdcard/* :: EOF FROM scratch AS package COPY --from=install /sdcard.img / COPY --from=install /airgap.iso /