From 2bafad8aabdf5411e5c13d6c707a7badfd83f3bd Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Thu, 8 Feb 2024 03:51:42 -0800
Subject: [PATCH] inject SOURCE_DATE_EPOCH as build arg

---
 src/core/musl/Containerfile | 69 +++++++++++++++++++------------------
 src/macros.mk               |  1 +
 2 files changed, 37 insertions(+), 33 deletions(-)

diff --git a/src/core/musl/Containerfile b/src/core/musl/Containerfile
index e73d9e3..94bf349 100644
--- a/src/core/musl/Containerfile
+++ b/src/core/musl/Containerfile
@@ -1,47 +1,50 @@
-FROM stagex/stage3 as base
-ENV SRC_SITE http://musl.libc.org
-ENV SRC_VERSION 1.2.4
+FROM scratch as base
+ARG ARCH=x86_64
+ENV VERSION 1.2.4
+ENV SRC_FILE musl-${VERSION}.tar.gz
+ENV SRC_SITE http://musl.libc.org/${SRC_FILE}
 ENV SRC_HASH 7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039
 ENV CFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security"
 ENV CXXFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security -D_GLIBCXX_ASSERTIONS=1 -D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS=1 -D_LIBCPP_ENABLE_HARDENED_MODE=1"
 ENV LDFLAGS="-Wl,--as-needed,-O1,--sort-common -Wl,-soname,libc.musl-${ARCH}.so.1"
 
 FROM base as fetch
-WORKDIR ${HOME}
-RUN wget ${SRC_SITE}/releases/musl-$SRC_VERSION.tar.gz
-RUN echo "${SRC_HASH}  musl-${SRC_VERSION}.tar.gz" | sha256sum -c
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
 
 FROM fetch as build
-RUN tar -xzf musl-${SRC_VERSION}.tar.gz
-WORKDIR musl-${SRC_VERSION}
+COPY --from=stagex/stage3 . /
+RUN tar -xzf ${SRC_FILE}
+WORKDIR musl-${VERSION}
 ADD *.patch .
-RUN set -eux; \
-    patch -p1 < lfs64.patch; \
-    patch -p1 < lfs64-2.patch; \
-    patch -p1 < relr-typedefs.patch; \
-    ./configure \
-        --build=${ARCH}-linux-musl \
-        --host=${ARCH}-linux-musl \
-        --prefix=/usr \
-        --sysconfdir=/etc \
-        --mandir=/usr/share/man \
-        --infodir=/usr/share/info \
-        --localstatedir=/var \
-        --enable-debug; \
-    make
+RUN --network=none <<-EOF
+	set -eux; \
+	patch -p1 < lfs64.patch
+	patch -p1 < lfs64-2.patch
+	patch -p1 < relr-typedefs.patch
+	./configure \
+		--build=${ARCH}-linux-musl \
+		--host=${ARCH}-linux-musl \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var \
+		--enable-debug
+	make
+EOF
 
 FROM build as install
-USER 0:0
-RUN set -eux; \
-    make DESTDIR=/rootfs install; \
-    mkdir -p /rootfs/usr/bin; \
-    printf "%s\n%s\n" '#!/bin/sh' 'exec /lib/ld-musl-${ARCH}.so.1 --list "$@"' \
-        > /rootfs/usr/bin/ldd; \
-    chmod 755 /rootfs/usr/bin/ldd; \
-    mv -f /rootfs/usr/lib/libc.so /rootfs/lib/ld-musl-${ARCH}.so.1; \
-    ln -sf ld-musl-${ARCH}.so.1 /rootfs/lib/libc.musl-${ARCH}.so.1; \
-    ln -sf ../../lib/ld-musl-${ARCH}.so.1 /rootfs/usr/lib/libc.so; \
-    find /rootfs -exec touch -hcd "@0" "{}" +
+RUN --network=none <<-EOF
+	set -eux
+	make DESTDIR=/rootfs install
+	mkdir -p /rootfs/usr/bin
+	printf "%s\n%s\n" '#!/bin/sh' 'exec /lib/ld-musl-${ARCH}.so.1 --list "$@"' \
+		> /rootfs/usr/bin/ldd; \
+	chmod 755 /rootfs/usr/bin/ldd
+	mv -f /rootfs/usr/lib/libc.so /rootfs/lib/ld-musl-${ARCH}.so.1
+	ln -sf ld-musl-${ARCH}.so.1 /rootfs/lib/libc.musl-${ARCH}.so.1
+	ln -sf ../../lib/ld-musl-${ARCH}.so.1 /rootfs/usr/lib/libc.so
+EOF
 
 FROM scratch as package
 COPY --from=install /rootfs /
diff --git a/src/macros.mk b/src/macros.mk
index 2be0b8c..67258e1 100644
--- a/src/macros.mk
+++ b/src/macros.mk
@@ -36,6 +36,7 @@ define build
 			build \
 			--ulimit nofile=2048:16384 \
 			--tag $(REGISTRY)/$(NAME):$(VERSION) \
+			--build-arg SOURCE_DATE_EPOCH=1 \
 			--build-arg REGISTRY=$(REGISTRY) \
 			--build-arg CORES=$(shell nproc --all) \
 			--platform $(PLATFORM) \