From 1b2d649a17672a47693175bb5126e256f56b225a Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 5 Aug 2025 15:24:36 -0400 Subject: [PATCH] use cpio --- Containerfile | 73 ++++++++++++++++++++------------------------------- Makefile | 7 ++--- 2 files changed, 33 insertions(+), 47 deletions(-) diff --git a/Containerfile b/Containerfile index 51b6fd7..8c6e434 100644 --- a/Containerfile +++ b/Containerfile @@ -15,59 +15,44 @@ FROM stagex/core-git@sha256:7ab36d6183162f0397eba3d5603beceb455982a1f2c122740484 FROM stagex/core-pkgconf@sha256:608b378949cedc86df6350e5ec428b0e114bb7bc46bc33330b51215cc8ac4a68 AS core-pkgconf FROM stagex/core-busybox@sha256:17e496211470fbd77057692619295e32c841e90312e48bce56a171fdb041b0c9 AS core-busybox FROM stagex/user-linux-nitro@sha256:655924404a008c6c70c3411e7b32d6558ac388bcc3a5a02431029e63c93d1985 AS user-linux-nitro +FROM stagex/user-cpio@sha256:05701450a186fa1cb5a8287f7fa4d216e610a15d22c2e3e86d70ac3550d9cd3c AS user-cpio FROM scratch as base -ENV TARGET=x86_64-unknown-linux-musl -ENV RUSTFLAGS="-C target-feature=+crt-static" -ENV CARGOFLAGS="--locked --no-default-features --release --target ${TARGET}" -ENV OPENSSL_STATIC=true -COPY --from=busybox . / -COPY --from=musl . / -COPY --from=libunwind . / -COPY --from=openssl . / -COPY --from=zlib . / -COPY --from=ca-certificates . / -COPY --from=binutils . / -COPY --from=pkgconf . / -COPY --from=git . / -COPY --from=rust . / -COPY --from=gen_initramfs . / -COPY --from=eif_build . / -COPY --from=llvm . / -COPY --from=gcc . / -COPY --from=linux-nitro /bzImage . -COPY --from=linux-nitro /nsm.ko . -COPY --from=linux-nitro /linux.config . +COPY --from=core-busybox . / +COPY --from=core-musl . / +COPY --from=core-libunwind . / +COPY --from=core-openssl . / +COPY --from=core-zlib . / +COPY --from=core-ca-certificates . / +COPY --from=core-binutils . / +COPY --from=core-pkgconf . / +COPY --from=core-git . / +COPY --from=core-rust . / +COPY --from=user-gen_initramfs . / +COPY --from=user-eif_build . / +COPY --from=core-llvm . / +COPY --from=core-gcc . / +COPY --from=user-linux-nitro /bzImage . +COPY --from=user-linux-nitro /linux.config . +COPY --from=user-cpio . / ADD . /src FROM base as build -WORKDIR /src/init -RUN cargo build ${CARGOFLAGS} WORKDIR /build_cpio -RUN cp /src/init/target/${TARGET}/release/init init +COPY --from=local/nit /usr/bin/init /build_cpio/rootfs/init ENV KBUILD_BUILD_TIMESTAMP=1 -COPY <<-EOF initramfs.list - file /init init 0755 0 0 - file /nsm.ko /nsm.ko 0755 0 0 - dir /run 0755 0 0 - dir /tmp 0755 0 0 - dir /etc 0755 0 0 - dir /bin 0755 0 0 - dir /sbin 0755 0 0 - dir /proc 0755 0 0 - dir /sys 0755 0 0 - dir /usr 0755 0 0 - dir /usr/bin 0755 0 0 - dir /usr/sbin 0755 0 0 - dir /dev 0755 0 0 - dir /dev/shm 0755 0 0 - dir /dev/pts 0755 0 0 - nod /dev/console 0600 0 0 c 5 1 -EOF RUN <<-EOF - find . -exec touch -hcd "@0" "{}" + - gen_init_cpio -t 1 initramfs.list > rootfs.cpio + # NOTE: Relative directory is important! + ( \ + cd /build_cpio/rootfs; \ + find . -exec touch -hcd "@0" "{}" + -print0 \ + | sort -z \ + | cpio --null --create --verbose --reproducible --format=newc \ + | gzip --best \ + > ../rootfs.cpio \ + ) + # gen_init_cpio -t 1 initramfs.list > rootfs.cpio touch -hcd "@0" rootfs.cpio EOF WORKDIR /build_eif diff --git a/Makefile b/Makefile index e84ec93..921e1e1 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ REGISTRY := local .DEFAULT_GOAL := .PHONY: default -default: out/enclaveos.tar +default: out/nitro.eif out: mkdir out -out/enclaveos.tar: out \ +out/nitro.eif: out \ $(shell git ls-files \ src/init \ src/aws \ @@ -14,6 +14,7 @@ out/enclaveos.tar: out \ docker build \ --tag $(REGISTRY)/enclaveos \ --progress=plain \ + --no-cache \ --output type=local,rewrite-timestamp=true,dest=out\ -f Containerfile \ src/ @@ -26,4 +27,4 @@ run: out/nitro.eif --memory 512M \ --eif-path out/nitro.eif \ --debug-mode \ - --attach-console \ No newline at end of file + --attach-console