From 93443e27854cb8dbc62140202bc130d944eb884a Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Thu, 9 Nov 2023 04:14:02 -0800 Subject: [PATCH] build go with localy built bash/busybox --- Makefile | 3 +++ packages/busybox/Dockerfile | 17 +++++++++-------- packages/glibc/Dockerfile | 31 +++++++++++++++++++++++++++++++ packages/go/Dockerfile | 36 ++++++++++++++++++------------------ 4 files changed, 61 insertions(+), 26 deletions(-) create mode 100644 packages/glibc/Dockerfile diff --git a/Makefile b/Makefile index 77b75e3..ccefb5a 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,9 @@ out/gcc.oci.tgz: docker build -f packages/gcc/Dockerfile -t ocirep/gcc . +out/glibc.oci.tgz: + docker build -f packages/glibc/Dockerfile -t ocirep/glibc . + out/bash.oci.tgz: docker build -f packages/bash/Dockerfile -t ocirep/bash . diff --git a/packages/busybox/Dockerfile b/packages/busybox/Dockerfile index bd22705..8766fec 100644 --- a/packages/busybox/Dockerfile +++ b/packages/busybox/Dockerfile @@ -48,16 +48,17 @@ RUN set -eux; \ done RUN make -RUN cp ./busybox / +RUN cp busybox / FROM scratch -COPY --from=build /busybox . +COPY --from=build busybox / RUN ["/busybox","mkdir","/bin"] RUN ["/busybox","--install","-s","/bin"] -RUN echo "nogroup:*:100:nobody" > /etc/group -RUN echo "nobody:*:100:100:::" > /etc/passwd -RUN mkdir /tmp -RUN chown -R 100:100 /tmp -WORKDIR /tmp -USER 100:100 +RUN echo "user:x:1000:" > /etc/group +RUN echo "user:x:1000:1000::/home/user:/bin/sh" > /etc/passwd +RUN mkdir -p /home/user /tmp /lib +RUN ln -sT /lib /lib64 +RUN chown -R 1000:1000 /home/user /tmp +WORKDIR /home/user +USER 1000:1000 ENTRYPOINT ["/bin/sh"] diff --git a/packages/glibc/Dockerfile b/packages/glibc/Dockerfile new file mode 100644 index 0000000..556704b --- /dev/null +++ b/packages/glibc/Dockerfile @@ -0,0 +1,31 @@ +FROM library/gcc@sha256:ca38f292fe1ad0933f0122a657f9c644ed1f0a9e1aa336abcc83d420ad487e28 as build + +#HACK: actually build this from scratch +RUN set -eux; \ + mkdir -p rootfs/lib; \ + gccMultiarch="$(gcc -print-multiarch)"; \ + set -- \ + /lib/"$gccMultiarch"/libnss*.so.* \ + /lib/"$gccMultiarch"/libm.so.* \ + /lib/"$gccMultiarch"/libpthread*.so.* \ + ; \ + while [ "$#" -gt 0 ]; do \ + f="$1"; shift; \ + fn="$(basename "$f")"; \ + if [ -e "rootfs/$fn" ]; then continue; fi; \ + if [ "${f#rootfs/}" = "$f" ]; then \ + if [ "${fn#ld-}" = "$fn" ]; then \ + ln -vL "$f" "rootfs/$fn"; \ + else \ + cp -v "$f" "rootfs/$fn"; \ + fi; \ + fi; \ + ldd="$(ldd "$f" | awk ' \ + $1 ~ /^\// { print $1; next } \ + $2 == "=>" && $3 ~ /^\// { print $3; next } \ + ')"; \ + set -- "$@" $ldd; \ + done + +FROM scratch +COPY --from=build rootfs/ / diff --git a/packages/go/Dockerfile b/packages/go/Dockerfile index aa319ed..b26f997 100644 --- a/packages/go/Dockerfile +++ b/packages/go/Dockerfile @@ -1,14 +1,14 @@ -ARG GCC_IMAGE=library/gcc@sha256:ca38f292fe1ad0933f0122a657f9c644ed1f0a9e1aa336abcc83d420ad487e28 -#FROM ocirep/busybox:latest as busybox -FROM library/busybox:latest as busybox +FROM ocirep/busybox:latest as busybox FROM ocirep/bash:latest as bash +FROM ocirep/glibc:latest as glibc +FROM library/gcc@sha256:ca38f292fe1ad0933f0122a657f9c644ed1f0a9e1aa336abcc83d420ad487e28 as gcc -FROM ${GCC_IMAGE} as stage1 +FROM gcc as stage1 ENV GO_SITE=https://dl.google.com/go ENV GO_VERSION=1.4-bootstrap-20171003 ENV GO_HASH=f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52 ENV GOOS=linux -ENV GOROOT_FINAL="/opt/go-stage1" +ENV GOROOT_FINAL="/home/user/go-stage1" ENV GOROOT="${GOROOT_FINAL}" ENV GOBIN="${GOROOT_FINAL}/bin" ENV CGO_ENABLED=0 @@ -22,14 +22,15 @@ RUN cd go \ && cp -R bin lib pkg src ${GOROOT_FINAL} FROM busybox as stage2 -COPY --from=stage1 /opt/go-stage1 /opt/go-stage1 +COPY --from=stage1 /home/user/go-stage1 go-stage1 COPY --from=bash bash /bin/bash +COPY --from=glibc . /lib ENV GO_VERSION=1.19.11 ENV GO_HASH=e25c9ab72d811142b7f41ff6da5165fec2d1be5feec3ef2c66bc0bdecb431489 -ENV GOROOT_BOOTSTRAP=/opt/go-stage1 +ENV GOROOT_BOOTSTRAP=/home/user/go-stage1 ENV GO_SITE=https://storage.googleapis.com/golang ENV GOOS=linux -ENV GOROOT_FINAL=/opt/go-stage2 +ENV GOROOT_FINAL=/home/user/go-stage2 ENV GOROOT="${GOROOT_FINAL}" ENV GOBIN="${GOROOT_FINAL}/bin" ENV GO11MODULE=off @@ -39,25 +40,24 @@ RUN echo "${GO_HASH} go${GO_VERSION}.src.tar.gz" | sha256sum -c RUN tar -xvzf go${GO_VERSION}.src.tar.gz RUN cd go/src \ && /bin/bash make.bash - RUN cd go \ && mkdir -p ${GOROOT_FINAL} \ && cp -R bin lib pkg src ${GOROOT_FINAL} - FROM busybox as stage3 -COPY --from=stage2 /opt/go-stage2 /opt/go-stage2 +COPY --from=stage2 /home/user/go-stage2 go-stage2 COPY --from=bash bash /bin/bash +COPY --from=glibc . /lib ENV GO_VERSION=1.21.4 ENV GO_HASH=47b26a83d2b65a3c1c1bcace273b69bee49a7a7b5168a7604ded3d26a37bd787 -ENV GOROOT_BOOTSTRAP=/opt/go-stage2 +ENV GOROOT_BOOTSTRAP=/home/user/go-stage2 ENV GO_SITE=https://storage.googleapis.com/golang ENV GOOS=linux ENV GOPROXY=off ENV GOTOOLCHAIN=local ENV GOFLAGS=-mod=vendor -ENV GOROOT_FINAL="/opt/go" -ENV GOROOT=/opt/go-stage2 +ENV GOROOT_FINAL="/lib/go" +ENV GOROOT=/home/user/go-stage2 ENV GOBIN="${GOROOT_FINAL}/bin" ENV GO11MODULE=on ENV CGO_ENABLED=0 @@ -65,13 +65,13 @@ RUN wget ${GO_SITE}/go${GO_VERSION}.src.tar.gz RUN echo "${GO_HASH} go${GO_VERSION}.src.tar.gz" | sha256sum -c RUN tar -xvzf go${GO_VERSION}.src.tar.gz RUN cd go/src \ - && ./make.bash + && /bin/bash make.bash RUN cd go \ - && mkdir -p ${GOROOT_FINAL} \ - && cp -R bin lib pkg src ${GOROOT_FINAL} + && mkdir -p ../go-stage3 \ + && cp -R bin lib pkg src ../go-stage3 FROM scratch -COPY --from=stage3 /opt/go / +COPY --from=stage3 /home/user/go-stage3 / USER 100:100 ENTRYPOINT ["/bin/go"] CMD ["version"]