first pass at determinism

This commit is contained in:
Lance Vick 2023-12-16 15:50:40 -08:00
parent 63c3219e75
commit a5163aefcc
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
29 changed files with 504 additions and 273 deletions

View File

@ -121,7 +121,39 @@ make clean reproduce
make sign
```
## Packaging
Every package should have a minimum of 5 stages as follows
* base
* based on busybox or bootstrap
* Runs as unprivileged user 1000 (user)
* Sets environment to be shared with fetch, build, and install stages
* Imports dependencies for fetch, build, and install stages
* fetch
* Based on "base"
* Runs as unprivileged user 1000 (user)
* Has internet access
* Obtains any needed source files from the internet
* Verifies sources against hardcoded hashes
* build
* Based on "fetch"
* Runs as unprivileged user 1000 (user)
* Extract sources
* Apply any patches as needed
* Build any artifacts as needed
* install
* Based on "build"
* Elevates privileges to user 0:0 (root)
* Installs all files in /home/user/rootfs owned by root
* Sets all timestamps in /home/user/rootfs to @0 (Unix Epoch)
* package
* Based on scratch
* Copies /home/user/rootfs from "install" to /
* Sets runtime user/perms/env as needed
## Sponsors
- Turnkey
- Distrust
- Mysten Labs

View File

@ -5,8 +5,9 @@ FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/m4:latest as m4
FROM ${REGISTRY}/perl:latest as perl
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/busybox:latest as base
FROM busybox as base
ENV SRC_SITE https://ftp.gnu.org/gnu/autoconf
ENV SRC_VERSION 2.71
ENV SRC_HASH f14c83cfebcc9427f2c3cea7258bd90df972d92eb26752da4ddad81c87a0faa4
@ -30,11 +31,15 @@ ENV M4=/usr/bin/m4
RUN set -eux; \
./configure \
--prefix=/usr; \
make;
RUN make DESTDIR=/home/user/rootfs install
COPY --from=perl . /home/user/rootfs/
make
from build as install
USER 0:0
RUN make DESTDIR=/rootfs install
COPY --from=perl . /rootfs/
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ENTRYPOINT ["/usr/bin/autoreconf"]
CMD ["--version"]

View File

@ -1,5 +1,4 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
@ -7,14 +6,19 @@ FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/perl:latest as perl
FROM ${REGISTRY}/autoconf:latest as autoconf
FROM ${REGISTRY}/m4:latest as m4
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://ftp.gnu.org/gnu/automake
ENV SRC_VERSION=1.16.5
ENV SRC_HASH=f01d58cd6d9d77fbdca9eb4bbd5ead1988228fdb73d6f7a201f5f8d6b118b469
FROM base as fetch
RUN wget ${SRC_SITE}/automake-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} automake-${SRC_VERSION}.tar.xz" | sha256sum -c
RUN tar -xf automake-${SRC_VERSION}.tar.xz
FROM fetch as build
WORKDIR automake-${SRC_VERSION}
COPY --from=gcc . /
COPY --from=binutils . /
@ -27,11 +31,15 @@ RUN set -eux; \
./configure \
--prefix=/usr; \
make;
RUN make DESTDIR=/home/user/rootfs install
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
COPY --from=perl . /home/user/rootfs/
FROM build as install
USER 0:0
RUN make DESTDIR=/rootfs install
COPY --from=musl /usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1
COPY --from=perl . /rootfs/
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ENTRYPOINT ["/usr/bin/automake"]
CMD ["--version"]

View File

@ -3,8 +3,9 @@ from ${REGISTRY}/binutils as binutils
from ${REGISTRY}/gcc as gcc
from ${REGISTRY}/musl as musl
from ${REGISTRY}/make as make
from ${REGISTRY}/busybox as busybox
from ${REGISTRY}/busybox as base
FROM busybox as base
ENV SRC_SITE=https://ftp.gnu.org/gnu/bash
ENV SRC_VERSION=5.2.21
ENV SRC_HASH=c8e31bdc59b69aaffc5b36509905ba3e5cbb12747091d27b4b977f078560d5b8
@ -23,6 +24,7 @@ COPY --from=binutils . /
COPY --from=make . /
COPY --from=musl . /
RUN set -eux; \
mkdir -p /home/user/rootfs/lib; \
./configure \
--build=x86_64-unknown-linux-musl \
--host=x86_64-unknown-linux-musl \
@ -35,11 +37,14 @@ RUN set -eux; \
--without-curses \
--without-bash-malloc; \
make
RUN make DESTDIR=/home/user/rootfs install
RUN ls -Rlah /home/user/rootfs
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
FROM build as install
USER 0:0
RUN make DESTDIR=/rootfs install
COPY --from=musl /usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ENTRYPOINT ["/bin/bash"]
CMD ["--version"]

View File

@ -1,13 +1,17 @@
ARG REGISTRY=local
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/bootstrap:latest as build
FROM ${REGISTRY}/bootstrap:latest as bootstrap
FROM bootstrap as base
ENV SRC_SITE https://ftp.gnu.org/gnu/binutils
ENV SRC_VERSION 2.41
ENV SRC_HASH ae9a5789e23459e59606e6714723f2d3ffc31c03174191ef0d015bdf06007450
FROM base as fetch
RUN wget ${SRC_SITE}/binutils-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} binutils-${SRC_VERSION}.tar.xz" | sha256sum -c
FROM fetch as build
RUN tar -xf binutils-${SRC_VERSION}.tar.xz
WORKDIR binutils-${SRC_VERSION}
RUN set -ex; \
@ -43,11 +47,15 @@ RUN set -ex; \
--enable-threads \
--with-mmap \
--with-pic; \
make -j "$(nproc)"; \
make DESTDIR="/home/user/rootfs" install;
make -j "$(nproc)"
FROM build as install
USER 0:0
RUN make DESTDIR="/rootfs" install;
COPY --from=musl /usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ENTRYPOINT ["/bin/ld"]
CMD ["--version"]

View File

@ -4,5 +4,6 @@ FROM seed as fetch
RUN set -ex; \
apk update; \
apk add gcc g++ libc-dev make linux-headers patch
RUN find / -exec touch -hcd "@0" "{}" +
FROM fetch as package

View File

@ -1,13 +1,16 @@
ARG REGISTRY=local
FROM ${REGISTRY}/bootstrap as base
FROM ${REGISTRY}/bootstrap as bootstrap
FROM bootstrap as base
ENV SRC_SITE=https://busybox.net/downloads
ENV SRC_VERSION=1.35.0
ENV SRC_HASH=faeeb244c35a348a334f4a59e44626ee870fb07b6884d68c10ae8bc19f83a694
ENV SRC_FILE=busybox-${SRC_VERSION}.tar.bz2
ENV KCONFIG_NOTIMESTAMP=1
FROM base as fetch
RUN set -eux; \
wget ${SRC_SITE}/${SRC_FILE}; \
wget ${SRC_SITE}/${SRC_FILE}
echo "${SRC_HASH} ${SRC_FILE}" | sha256sum -c
FROM fetch as build
@ -50,24 +53,30 @@ RUN set -eux; \
done; \
for confV in $setConfs; do \
grep -q "^$confV\$" .config; \
done
done; \
make
RUN make
RUN cp busybox /
FROM build as install
USER 0:0
RUN set -eux; \
mkdir -p /rootfs/bin; \
cp busybox /rootfs/bin; \
cd /rootfs; \
mkdir -p home/user var/tmp etc tmp lib bin; \
/bin/busybox --install -s bin; \
echo "user:x:1000:" > etc/group; \
echo "user:x:1000:1000::/home/user:/bin/sh" > etc/passwd; \
ln -sT /lib lib64; \
chown -R 1000:1000 /rootfs/home/user /tmp /var/tmp; \
find . -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build busybox /
RUN ["/busybox","mkdir","/bin"]
RUN ["/busybox","--install","-s","/bin"]
RUN echo "user:x:1000:" > /etc/group
RUN echo "user:x:1000:1000::/home/user:/bin/sh" > /etc/passwd
RUN mkdir -p /home/user /tmp /lib /var/tmp
RUN ln -sT /lib /lib64
RUN chown -R 1000:1000 /home/user /tmp /var/tmp
COPY --from=install /rootfs /
WORKDIR /home/user
USER 1000:1000
ENTRYPOINT ["/bin/sh"]
ENV TZ=UTC
ENV LANG=C.UTF-8
ENV SOURCE_DATE_EPOCH=1
ENV KCONFIG_NOTIMESTAMP=1
ENV PS1="busybox$ "

View File

@ -1,2 +1,9 @@
FROM ${REGISTRY}/busybox:latest as base
FROM base as install
USER 0:0
COPY cacert.pem /rootfs/etc/ssl/certs/ca-certificates.crt
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY cacert.pem /etc/ssl/certs/ca-certificates.crt
COPY --from=install /rootfs /

View File

@ -1,5 +1,4 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
@ -8,16 +7,13 @@ FROM ${REGISTRY}/ninja:latest as ninja
FROM ${REGISTRY}/openssl:latest as openssl
FROM ${REGISTRY}/linux-headers:latest as linux-headers
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://cmake.org/files
ENV SRC_VERSION=3.27.8
ENV SRC_HASH=fece24563f697870fbb982ea8bf17482c9d5f855d8c9bf0b82463d76c9e8d0cc
COPY --from=curl . /
RUN curl -O ${SRC_SITE}/v3.27/cmake-${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} cmake-${SRC_VERSION}.tar.gz" | sha256sum -c
RUN tar -xf cmake-${SRC_VERSION}.tar.gz
WORKDIR cmake-${SRC_VERSION}
COPY --from=binutils . /
COPY --from=ninja . /
COPY --from=musl . /
@ -25,6 +21,13 @@ COPY --from=make . /
COPY --from=linux-headers . /
COPY --from=gcc . /
FROM base as fetch
RUN curl -O ${SRC_SITE}/v3.27/cmake-${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} cmake-${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build
RUN tar -xf cmake-${SRC_VERSION}.tar.gz
WORKDIR cmake-${SRC_VERSION}
RUN set -eux; \
./bootstrap \
--prefix=/usr \
@ -36,15 +39,19 @@ RUN set -eux; \
--no-system-jsoncpp \
--generator=Ninja; \
ninja
RUN DESTDIR=/home/user/rootfs bin/cmake -P cmake_install.cmake
COPY --from=musl /lib/* /home/user/rootfs/lib/
COPY --from=musl /usr/lib/* /home/user/rootfs/usr/lib/
COPY --from=gcc /usr/lib/* /home/user/rootfs/usr/lib/
COPY --from=gcc /usr/lib64/* /home/user/rootfs/usr/lib/
COPY --from=openssl /usr/lib/* /home/user/rootfs/usr/lib/
FROM build as install
USER 0:0
RUN DESTDIR=/rootfs bin/cmake -P cmake_install.cmake
COPY --from=musl /lib/* /rootfs/lib/
COPY --from=musl /usr/lib/* /rootfs/usr/lib/
COPY --from=gcc /usr/lib/* /rootfs/usr/lib/
COPY --from=gcc /usr/lib64/* /rootfs/usr/lib/
COPY --from=openssl /usr/lib/* /rootfs/usr/lib/
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
USER 100:100
ENTRYPOINT ["/usr/bin/cmake"]
CMD ["--version"]

View File

@ -1,27 +1,29 @@
ARG REGISTRY=local
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/openssl:latest as openssl
FROM ${REGISTRY}/ca-certificates:latest as ca-certificates
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://curl.se/download
ENV SRC_VERSION=8.4.0
ENV SRC_HASH=16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d
RUN wget ${SRC_SITE}/curl-${SRC_VERSION}.tar.xz
RUN echo wget ${SRC_SITE}/curl-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} curl-${SRC_VERSION}.tar.xz" | sha256sum -c
RUN tar -xf curl-${SRC_VERSION}.tar.xz
WORKDIR curl-${SRC_VERSION}
COPY --from=binutils . /
COPY --from=make . /
COPY --from=musl . /
COPY --from=gcc . /
COPY --from=openssl . /
FROM base as fetch
RUN wget ${SRC_SITE}/curl-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} curl-${SRC_VERSION}.tar.xz" | sha256sum -c
FROM fetch as build
RUN tar -xf curl-${SRC_VERSION}.tar.xz
WORKDIR curl-${SRC_VERSION}
RUN set -eux; \
./configure \
--build=x86_64-linux-musl \
@ -34,13 +36,17 @@ RUN set -eux; \
--with-openssl \
--enable-static-link; \
make
RUN make install DESTDIR=/home/user/rootfs
COPY --from=musl . /home/user/rootfs/
COPY --from=openssl . /home/user/rootfs/
COPY --from=ca-certificates . /home/user/rootfs/
FROM build as install
USER 0:0
RUN make install DESTDIR=/rootfs
COPY --from=musl . /rootfs/
COPY --from=openssl . /rootfs/
COPY --from=ca-certificates . /rootfs/
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
USER 100:100
ENTRYPOINT ["/usr/bin/curl"]
CMD ["--version"]

View File

@ -1,7 +1,9 @@
ARG REGISTRY=local
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/bootstrap:latest as bootstrap
FROM ${REGISTRY}/bootstrap:latest as base
FROM bootstrap as base
ENV VERSION 12.2.0
ENV SRC_FILE gcc-$VERSION.tar.xz
ENV SRC_SITE https://mirrors.kernel.org/gnu/gcc/gcc-${VERSION}
@ -55,23 +57,26 @@ RUN set -eux; \
--enable-languages=c,c++ \
--enable-link-serialization=2 \
--enable-linker-build-id; \
make -j "$(nproc)"; \
make DESTDIR=/home/user/rootfs/ install-strip; \
ln -s gcc /home/user/rootfs/usr/bin/cc
COPY --from=musl /lib/* /home/user/rootfs/lib/
make -j "$(nproc)"
FROM ${REGISTRY}/binutils:latest as binutils
FROM scratch as test
COPY --from=busybox . /
FROM build as install
USER 0:0
RUN set -eux; \
make DESTDIR=/rootfs/ install-strip; \
ln -s gcc /rootfs/usr/bin/cc
COPY --from=musl /lib/* /rootfs/lib/
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM busybox as test
COPY --from=binutils . /
COPY --from=musl . /
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ADD test.c .
RUN set -eux; \
gcc test.c -static -o main; \
./main | grep "Success"
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=build /rootfs /
ENTRYPOINT ["/usr/bin/gcc"]
CMD ["--version"]

View File

@ -4,90 +4,100 @@ FROM ${REGISTRY}/bash:latest as bash
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/busybox:${BUSYBOX_VERSION} as base
FROM ${REGISTRY}/busybox:${BUSYBOX_VERSION} as busybox
FROM busybox as base
ENV GOOS=linux
ENV CGO_ENABLED=0
ENV VERSION=1.21.4
ENV SRC_SITE=https://storage.googleapis.com/golang
ENV SRC_HASH=e25c9ab72d811142b7f41ff6da5165fec2d1be5feec3ef2c66bc0bdecb431489
ENV VERSION_BOOTSTRAP_2=1.19.11
ENV SRC_SITE_BOOTSTRAP_2=https://storage.googleapis.com/golang
ENV SRC_HASH_BOOTSTRAP_2=e25c9ab72d811142b7f41ff6da5165fec2d1be5feec3ef2c66bc0bdecb431489
ENV VERSION_BOOTSTRAP_1=1.4-bootstrap-20171003
ENV SRC_SITE_BOOTSTRAP_1=https://dl.google.com/go
ENV SRC_HASH_BOOTSTRAP_1=f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52
COPY --from=gcc . /
COPY --from=gcc . /
COPY --from=bash . /
COPY --from=musl . /
RUN rm /bin/ar
COPY --from=binutils . /
FROM base as build-stage1
ENV GO_SITE=https://dl.google.com/go
ENV GO_VERSION=1.4-bootstrap-20171003
ENV GO_HASH=f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52
ENV GOROOT_FINAL=/home/user/go-stage1
FROM base as fetch
RUN set -eux; \
wget ${SRC_SITE_BOOTSTRAP_1}/go${VERSION_BOOTSTRAP_1}.tar.gz; \
echo "${SRC_HASH_BOOTSTRAP_1} go${VERSION_BOOTSTRAP_1}.tar.gz" | sha256sum -c; \
wget ${SRC_SITE_BOOTSTRAP_2}/go${VERSION_BOOTSTRAP_2}.src.tar.gz; \
echo "${SRC_HASH_BOOTSTRAP_2} go${VERSION_BOOTSTRAP_2}.src.tar.gz" | sha256sum -c; \
wget ${SRC_SITE}/go${VERSION}.src.tar.gz; \
echo "${SRC_HASH} go${VERSION}.src.tar.gz" | sha256sum -c
FROM fetch as build
ENV GOROOT_FINAL=/home/user/go-bootstrap-1
ENV GOROOT=${GOROOT_FINAL}
ENV DEST=${GOROOT_FINAL}
ENV GOBIN=${GOROOT_FINAL}/bin
RUN wget ${GO_SITE}/go${GO_VERSION}.tar.gz
RUN echo "${GO_HASH} go${GO_VERSION}.tar.gz" | sha256sum -c
RUN tar -xzf go${GO_VERSION}.tar.gz
WORKDIR go
RUN set -eux; \
tar -xzf go${VERSION_BOOTSTRAP_1}.tar.gz; \
mv go go-bootstrap-1-src
WORKDIR go-bootstrap-1-src
RUN set -eux; \
cd src; \
bash make.bash; \
cd ..; \
mkdir -p ${DEST}; \
cp -R bin lib pkg src ${DEST}
FROM base as build-stage2
COPY --from=build-stage1 /home/user/go-stage1 go-stage1
ENV GO_VERSION=1.19.11
ENV GO_HASH=e25c9ab72d811142b7f41ff6da5165fec2d1be5feec3ef2c66bc0bdecb431489
ENV GO_SITE=https://storage.googleapis.com/golang
ENV GO11MODULE=off
ENV GOROOT_BOOTSTRAP=/home/user/go-stage1
ENV GOROOT_FINAL=/home/user/go-stage2
ENV GOROOT_BOOTSTRAP=/home/user/go-bootstrap-1
ENV GOROOT_FINAL=/home/user/go-bootstrap-2
ENV GOROOT=${GOROOT_FINAL}
ENV DEST=${GOROOT_FINAL}
ENV GOBIN=${GOROOT_FINAL}/bin
RUN wget ${GO_SITE}/go${GO_VERSION}.src.tar.gz
RUN echo "${GO_HASH} go${GO_VERSION}.src.tar.gz" | sha256sum -c
RUN tar -xvzf go${GO_VERSION}.src.tar.gz
WORKDIR go
RUN set -eux; \
tar -xzf go${VERSION_BOOTSTRAP_2}.tar.gz; \
mv go go-bootstrap-2-src
WORKDIR go-bootstrap-2-src
RUN set -eux; \
cd src; \
bash make.bash; \
cd ..; \
mkdir -p ${DEST}; \
cp -R bin lib pkg src ${DEST}
FROM base as build
COPY --from=build-stage2 /home/user/go-stage2 go-stage2
ENV GO_VERSION=1.21.4
ENV GO_HASH=47b26a83d2b65a3c1c1bcace273b69bee49a7a7b5168a7604ded3d26a37bd787
ENV GO_SITE=https://storage.googleapis.com/golang
ENV GOPROXY=off
ENV GOTOOLCHAIN=local
ENV GOFLAGS=-mod=vendor
ENV GO11MODULE=on
ENV GOROOT_BOOTSTRAP=/home/user/go-stage2
ENV GOROOT_BOOTSTRAP=/home/user/go-bootstrap-2
ENV GOROOT_FINAL="/lib/go"
ENV GOBIN=${GOROOT_FINAL}/bin
ENV GOROOT=/home/user/go-stage2
ENV DEST=/home/user/rootfs
RUN wget ${GO_SITE}/go${GO_VERSION}.src.tar.gz
RUN echo "${GO_HASH} go${GO_VERSION}.src.tar.gz" | sha256sum -c
RUN tar -xvzf go${GO_VERSION}.src.tar.gz
WORKDIR go
ENV GOROOT=/home/user/go-bootstrap-2
RUN set -eux; \
tar -xzf go${VERSION}.src.tar.gz; \
mv go go-src
WORKDIR go-src
RUN set -eux; \
cd src; \
bash make.bash; \
cd ..; \
mkdir -p ${DEST}; \
cp -R bin lib pkg src ${DEST}
FROM build as install
USER 0:0
RUN set -eux; \
mkdir -p /rootfs; \
cp -R bin lib pkg src /rootfs; \
find /rootfs -exec touch -hcd "@0" "{}" +
FROM base as test
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ADD test.go .
RUN set -eux; \
go build test.go; \
./test | grep "Success"
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
USER 100:100
ENTRYPOINT ["/bin/go"]
CMD ["version"]

View File

@ -1,5 +1,4 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
@ -7,31 +6,40 @@ FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/m4:latest as m4
FROM ${REGISTRY}/bash:latest as bash
FROM ${REGISTRY}/sed:latest as sed
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://ftp.gnu.org/gnu/libtool
ENV SRC_VERSION=2.4.6
ENV SRC_HASH=7c87a8c2c8c0fc9cd5019e402bed4292462d00a718a7cd5f11218153bf28b26f
RUN wget ${SRC_SITE}/libtool-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} libtool-${SRC_VERSION}.tar.xz" | sha256sum -c
RUN tar -xf libtool-${SRC_VERSION}.tar.xz
WORKDIR libtool-${SRC_VERSION}
COPY --from=gcc . /
COPY --from=binutils . /
COPY --from=make . /
COPY --from=musl . /
COPY --from=m4 . /
FROM base as fetch
RUN wget ${SRC_SITE}/libtool-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} libtool-${SRC_VERSION}.tar.xz" | sha256sum -c
FROM fetch as build
RUN tar -xf libtool-${SRC_VERSION}.tar.xz
WORKDIR libtool-${SRC_VERSION}
RUN set -eux; \
./configure \
--prefix=/usr; \
make;
RUN make DESTDIR=/home/user/rootfs install
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
COPY --from=bash . /home/user/rootfs
COPY --from=sed . /home/user/rootfs
RUN ln -s /bin/bash /home/user/rootfs/bin/sh
FROM build as install
USER 0:0
RUN make DESTDIR=/rootfs install
COPY --from=musl /usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1
COPY --from=bash . /rootfs
COPY --from=sed . /rootfs
RUN ln -s /bin/bash /rootfs/bin/sh
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ENTRYPOINT ["/usr/bin/libtool"]
CMD ["--version"]

View File

@ -1,5 +1,4 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox as busybox
FROM ${REGISTRY}/gcc as gcc
FROM ${REGISTRY}/binutils as binutils
FROM ${REGISTRY}/musl as musl
@ -7,15 +6,12 @@ FROM ${REGISTRY}/make as make
FROM ${REGISTRY}/autoconf as autoconf
FROM ${REGISTRY}/automake as automake
FROM ${REGISTRY}/libtool as libtool
FROM ${REGISTRY}/busybox as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://github.com/libunwind/libunwind/releases/download
ENV SRC_VERSION=1.7.2
ENV SRC_HASH=a18a6a24307443a8ace7a8acc2ce79fbbe6826cd0edf98d6326d0225d6a5d6e6
RUN wget ${SRC_SITE}/v${SRC_VERSION}/libunwind-${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} libunwind-${SRC_VERSION}.tar.gz" | sha256sum -c
RUN tar -xf libunwind-${SRC_VERSION}.tar.gz
WORKDIR libunwind-${SRC_VERSION}
COPY --from=gcc . /
COPY --from=make . /
COPY --from=musl . /
@ -23,6 +19,14 @@ COPY --from=binutils . /
COPY --from=autoconf . /
COPY --from=automake . /
COPY --from=libtool . /
FROM base as fetch
RUN wget ${SRC_SITE}/v${SRC_VERSION}/libunwind-${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} libunwind-${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build
RUN tar -xf libunwind-${SRC_VERSION}.tar.gz
WORKDIR libunwind-${SRC_VERSION}
RUN set -eux; \
./configure \
--build=x86_64-unknown-linux-musl \
@ -35,7 +39,12 @@ RUN set -eux; \
--disable-tests \
--infodir=/usr/share/info || cat config.log; \
make;
RUN make DESTDIR=/home/user/rootfs install
FROM build as install
USER 0:0
RUN set -eux; \
make DESTDIR=/rootfs install; \
find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /

View File

@ -1,5 +1,4 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
@ -10,15 +9,12 @@ FROM ${REGISTRY}/libtool:latest as libtool
FROM ${REGISTRY}/pkgconf:latest as pkgconf
FROM ${REGISTRY}/python:latest as python
FROM ${REGISTRY}/m4:latest as m4
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://gitlab.gnome.org/GNOME/libxml2/-/archive
ENV SRC_VERSION=2.12.1
ENV SRC_HASH=1090e62c5a1900429f63e4681263b96e7829876ccbc66cf2d9266cd589f67286
RUN wget ${SRC_SITE}/v${SRC_VERSION}/libxml2-v${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} libxml2-v${SRC_VERSION}.tar.gz" | sha256sum -c
RUN tar -xf libxml2-v${SRC_VERSION}.tar.gz
WORKDIR libxml2-v${SRC_VERSION}
COPY --from=gcc . /
COPY --from=binutils . /
COPY --from=make . /
@ -29,7 +25,14 @@ COPY --from=automake . /
COPY --from=pkgconf . /
COPY --from=libtool . /
COPY --from=m4 . /
RUN ls -lah
FROM base as fetch
RUN wget ${SRC_SITE}/v${SRC_VERSION}/libxml2-v${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} libxml2-v${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build
RUN tar -xf libxml2-v${SRC_VERSION}.tar.gz
WORKDIR libxml2-v${SRC_VERSION}
RUN set -eux; \
sh autogen.sh; \
./configure \
@ -40,9 +43,13 @@ RUN set -eux; \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info; \
make;
RUN make DESTDIR=/home/user/rootfs install
RUN ls -Rlah /home/user/rootfs
make
FROM build as install
USER 0:0
RUN set -eux; \
make DESTDIR=/rootfs install; \
find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /

View File

@ -1,21 +1,27 @@
ARG REGISTRY=local
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/bootstrap:latest as build
FROM ${REGISTRY}/bootstrap:latest as base
ENV SRC_SITE https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/
ENV SRC_VERSION 6.6
ENV SRC_HASH d926a06c63dd8ac7df3f86ee1ffc2ce2a3b81a2d168484e76b5b389aba8e56d0
FROM base as fetch
RUN wget ${SRC_SITE}/linux-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} linux-${SRC_VERSION}.tar.xz" | sha256sum -c
FROM fetch as build
RUN tar -xf linux-${SRC_VERSION}.tar.xz
WORKDIR linux-${SRC_VERSION}
RUN set -ex; \
make headers; \
RUN make headers
FROM build as install
USER 0:0
RUN set -eux; \
mkdir -p /rootfs/usr; \
cp -a usr/include /rootfs/usr/; \
find /rootfs/usr/include/ ! -iname "*.h" -type f -exec rm -v {} \+; \
rm -rf /rootfs/usr/include/drm;
rm -rf /rootfs/usr/include/drm; \
find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /rootfs /
COPY --from=install /rootfs /

View File

@ -9,7 +9,9 @@ FROM ${REGISTRY}/py-setuptools as py-setuptools
FROM ${REGISTRY}/cmake as cmake
FROM ${REGISTRY}/ninja as ninja
FROM ${REGISTRY}/curl as curl
FROM ${REGISTRY}/busybox as base
FROM ${REGISTRY}/busybox as busybox
FROM busybox as base
ARG VERSION
ENV VERSION=${VERSION}
ENV SRC_VERSION=${VERSION}
@ -70,17 +72,20 @@ RUN set -eux; \
-DLLVM_LINK_LLVM_DYLIB=ON \
-DLLVM_USE_PERF=ON; \
cmake --build build; \
python3 llvm/utils/lit/setup.py build
python3 llvm/utils/lit/setup.py build;
FROM build as install
USER 0:0
RUN set -eux; \
export DESTDIR="/home/user/rootfs/"; \
cmake --install build; \
python3 llvm/utils/lit/setup.py install --root="$DESTDIR"
COPY --from=musl /lib/* /home/user/rootfs/lib/
COPY --from=gcc /usr/lib/* /home/user/rootfs/usr/lib/
COPY --from=gcc /usr/lib64/* /home/user/rootfs/usr/lib/
DESTDIR="/rootfs" cmake --install build; \
python3 llvm/utils/lit/setup.py install --root="/rootfs"
COPY --from=musl /lib/* /rootfs/lib/
COPY --from=gcc /usr/lib/* /rootfs/usr/lib/
COPY --from=gcc /usr/lib64/* /rootfs/usr/lib/
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
USER 100:100
ENTRYPOINT ["/usr/bin/llc"]
CMD ["--version"]

View File

@ -1,11 +1,11 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
COPY --from=gcc . /
COPY --from=binutils . /
COPY --from=make . /
@ -13,19 +13,26 @@ COPY --from=musl . /
ENV SRC_SITE=https://ftp.gnu.org/gnu/m4
ENV SRC_VERSION=1.4.19
ENV SRC_HASH=63aede5c6d33b6d9b13511cd0be2cac046f2e70fd0a07aa9573a04a82783af96
RUN wget ${SRC_SITE}/m4-${SRC_VERSION}.tar.xz
FROM base as fetch
RUN wget ${SRC_SITE}/m4-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} m4-${SRC_VERSION}.tar.xz" | sha256sum -c
FROM fetch as build
RUN tar -xf m4-${SRC_VERSION}.tar.xz
WORKDIR m4-${SRC_VERSION}
RUN set -eux; \
./configure \
--prefix=/usr; \
make;
RUN make DESTDIR=/home/user/rootfs install
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
FROM build as install
USER 0:0
RUN make DESTDIR=/rootfs install
COPY --from=musl /usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ENTRYPOINT ["/usr/bin/m4"]
CMD ["--version"]

View File

@ -1,13 +1,17 @@
ARG REGISTRY=local
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/bootstrap:latest as build
FROM ${REGISTRY}/bootstrap:latest as bootstrap
FROM bootstrap as base
ENV SRC_SITE https://ftp.gnu.org/gnu/make
ENV SRC_VERSION 4.4
ENV SRC_HASH 581f4d4e872da74b3941c874215898a7d35802f03732bdccee1d4a7979105d18
FROM base as fetch
RUN wget ${SRC_SITE}/make-${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} make-${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build
RUN tar -xf make-${SRC_VERSION}.tar.gz
WORKDIR make-${SRC_VERSION}
RUN set -ex; \
@ -19,11 +23,15 @@ RUN set -ex; \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--disable-nls; \
make -j "$(nproc)"; \
make DESTDIR="/rootfs" install;
make -j "$(nproc)"
FROM build as install
USER 0:0
RUN make DESTDIR="/rootfs" install
COPY --from=musl /usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /rootfs /
COPY --from=install /rootfs /
ENTRYPOINT ["/usr/bin/make"]
CMD ["--version"]

View File

@ -1,6 +1,7 @@
ARG REGISTRY=local
FROM ${REGISTRY}/bootstrap:latest as build
FROM ${REGISTRY}/bootstrap:latest as bootstrap
FROM bootstrap as base
ENV SRC_SITE http://musl.libc.org
ENV SRC_VERSION 1.2.4
ENV SRC_HASH 7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039
@ -8,8 +9,11 @@ ENV CFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security"
ENV CXXFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security -D_GLIBCXX_ASSERTIONS=1 -D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS=1 -D_LIBCPP_ENABLE_HARDENED_MODE=1"
ENV LDFLAGS="-Wl,--as-needed,-O1,--sort-common -Wl,-soname,libc.musl-x86_64.so.1"
FROM base as fetch
RUN wget ${SRC_SITE}/releases/musl-$SRC_VERSION.tar.gz
RUN echo "${SRC_HASH} musl-${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build
RUN tar -xzf musl-${SRC_VERSION}.tar.gz
WORKDIR musl-${SRC_VERSION}
ADD lfs64.patch .
@ -26,17 +30,20 @@ RUN set -eux; \
--infodir=/usr/share/info \
--localstatedir=/var \
--enable-debug; \
make;
make
FROM build as install
USER 0:0
RUN set -eux; \
make DESTDIR=/home/user/rootfs install; \
mkdir -p /home/user/rootfs/usr/bin; \
make DESTDIR=/rootfs install; \
mkdir -p /rootfs/usr/bin; \
printf "%s\n%s\n" '#!/bin/sh' 'exec /lib/ld-musl-x86_64.so.1 --list "$@"' \
> /home/user/rootfs/usr/bin/ldd; \
chmod 755 /home/user/rootfs/usr/bin/ldd; \
mv -f /home/user/rootfs/usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1; \
ln -sf ld-musl-x86_64.so.1 /home/user/rootfs/lib/libc.musl-x86_64.so.1; \
ln -sf ../../lib/ld-musl-x86_64.so.1 /home/user/rootfs/usr/lib/libc.so;
> /rootfs/usr/bin/ldd; \
chmod 755 /rootfs/usr/bin/ldd; \
mv -f /rootfs/usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1; \
ln -sf ld-musl-x86_64.so.1 /rootfs/lib/libc.musl-x86_64.so.1; \
ln -sf ../../lib/ld-musl-x86_64.so.1 /rootfs/usr/lib/libc.so; \
find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /

View File

@ -1,42 +1,48 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/openssl:latest as openssl
FROM ${REGISTRY}/python:latest as python
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://github.com/martine/ninja/archive/
ENV SRC_VERSION=1.9.0
ENV SRC_HASH=5d7ec75828f8d3fd1a0c2f31b5b0cea780cdfe1031359228c428c1a48bfcd5b9
RUN wget ${SRC_SITE}/v${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} v${SRC_VERSION}.tar.gz" | sha256sum -c
RUN tar -xf v${SRC_VERSION}.tar.gz
WORKDIR ninja-${SRC_VERSION}
ADD fix-musl.patch .
RUN patch -p1 < fix-musl.patch
COPY --from=binutils . /
COPY --from=make . /
COPY --from=python . /
COPY --from=musl . /
COPY --from=gcc . /
FROM base as fetch
RUN wget ${SRC_SITE}/v${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} v${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build
RUN tar -xf v${SRC_VERSION}.tar.gz
WORKDIR ninja-${SRC_VERSION}
ADD fix-musl.patch .
RUN patch -p1 < fix-musl.patch
# HACK: figure out why gcc package puts these in the wrong path at install time
COPY --from=gcc /usr/lib64/* /usr/lib/
RUN set -eux; \
python3 ./configure.py --bootstrap; \
mkdir -p /home/user/rootfs/usr/bin/; \
cp ninja /home/user/rootfs/usr/bin/
python3 ./configure.py --bootstrap
FROM build as install
USER 0:0
RUN set -eux; \
mkdir -p /rootfs/usr/bin/; \
cp ninja /rootfs/usr/bin/
# HACK: figure out why gcc package puts these in the wrong path at install time
COPY --from=gcc /usr/lib64/* /home/user/rootfs/usr/lib/
COPY --from=musl . /home/user/rootfs/
COPY --from=gcc /usr/lib64/* /rootfs/usr/lib/
COPY --from=musl . /rootfs/
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
USER 100:100
ENTRYPOINT ["/usr/bin/ninja"]
CMD ["--version"]

View File

@ -1,24 +1,28 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/perl:latest as perl
FROM ${REGISTRY}/linux-headers:latest as linux-headers
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://www.openssl.org/source
ENV SRC_VERSION=3.0.12
ENV SRC_HASH=f93c9e8edde5e9166119de31755fc87b4aa34863662f67ddfcba14d0b6b69b61
COPY --from=gcc . /
COPY --from=binutils . /
COPY --from=make . /
COPY --from=musl . /
COPY --from=perl . /
COPY --from=linux-headers . /
ENV SRC_SITE=https://www.openssl.org/source
ENV SRC_VERSION=3.0.12
ENV SRC_HASH=f93c9e8edde5e9166119de31755fc87b4aa34863662f67ddfcba14d0b6b69b61
FROM base as fetch
RUN wget ${SRC_SITE}/openssl-${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} openssl-${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build
RUN tar -xf openssl-${SRC_VERSION}.tar.gz
WORKDIR openssl-${SRC_VERSION}
RUN set -eux; \
@ -41,11 +45,16 @@ RUN set -eux; \
no-seed \
no-weak-ssl-ciphers \
linux-x86_64; \
make; \
make DESTDIR=/home/user/rootfs install
make
FROM build as install
USER 0:0
RUN set -eux; \
make DESTDIR=/rootfs install; \
find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
USER 100:100
ENTRYPOINT ["/usr/bin/openssl"]
CMD ["version"]

View File

@ -1,22 +1,26 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://www.cpan.org/src/5.0
ENV SRC_VERSION=5.38.0
ENV SRC_HASH=eca551caec3bc549a4e590c0015003790bdd1a604ffe19cc78ee631d51f7072e
RUN wget ${SRC_SITE}/perl-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} perl-${SRC_VERSION}.tar.xz" | sha256sum -c
RUN tar -xf perl-${SRC_VERSION}.tar.xz
WORKDIR perl-${SRC_VERSION}
COPY --from=gcc . /
COPY --from=binutils . /
COPY --from=make . /
COPY --from=musl . /
FROM base as fetch
RUN wget ${SRC_SITE}/perl-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} perl-${SRC_VERSION}.tar.xz" | sha256sum -c
FROM fetch as build
RUN tar -xf perl-${SRC_VERSION}.tar.xz
WORKDIR perl-${SRC_VERSION}
RUN set -eux; \
./Configure \
-des \
@ -45,12 +49,18 @@ RUN set -eux; \
-Ud_fpos64_t \
-Ud_off64_t \
-Dusenm; \
make; \
make DESTDIR=/home/user/rootfs install
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
make
FROM build as install
USER 0:0
RUN set -eux; \
make DESTDIR=/rootfs install; \
mkdir -p /rootfs/lib
COPY --from=musl /usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
USER 100:100
ENTRYPOINT ["/usr/bin/perl"]
CMD ["--version"]

View File

@ -1,31 +1,38 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://distfiles.ariadne.space/pkgconf/
ENV SRC_VERSION=1.6.3
ENV SRC_HASH=61f0b31b0d5ea0e862b454a80c170f57bad47879c0c42bd8de89200ff62ea210
RUN wget ${SRC_SITE}/pkgconf-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} pkgconf-${SRC_VERSION}.tar.xz" | sha256sum -c
RUN tar -xf pkgconf-${SRC_VERSION}.tar.xz
WORKDIR pkgconf-${SRC_VERSION}
COPY --from=gcc . /
COPY --from=binutils . /
COPY --from=make . /
COPY --from=musl . /
FROM base as fetch
RUN wget ${SRC_SITE}/pkgconf-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} pkgconf-${SRC_VERSION}.tar.xz" | sha256sum -c
RUN tar -xf pkgconf-${SRC_VERSION}.tar.xz
WORKDIR pkgconf-${SRC_VERSION}
RUN set -eux; \
./configure \
--prefix=/usr; \
make;
RUN make DESTDIR=/home/user/rootfs install
RUN ln -s pkgconf /home/user/rootfs/usr/bin/pkg-config
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
make
FROM build as install
USER 0:0
RUN set -eux; \
make DESTDIR=/rootfs install; \
ln -s pkgconf /rootfs/usr/bin/pkg-config
COPY --from=musl /usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ENTRYPOINT ["/usr/bin/pkgconf"]
CMD ["--version"]

View File

@ -1,20 +1,28 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/python:latest as python
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://pypi.io/packages/source/s/setuptools
ENV SRC_VERSION=68.2.2
ENV SRC_HASH=4ac1475276d2f1c48684874089fefcd83bd7162ddaafb81fac866ba0db282a87
COPY --from=python . /
FROM base as fetch
RUN wget ${SRC_SITE}/setuptools-${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} setuptools-${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build
RUN tar -xzf setuptools-${SRC_VERSION}.tar.gz
WORKDIR setuptools-${SRC_VERSION}
COPY --from=python . /
RUN set -eux; \
python3 setup.py build; \
python3 setup.py install --root=/home/user/rootfs; \
ls -Rlah /home/user/rootfs
python3 setup.py build
FROM build as install
USER 0:0
RUN set -eux; \
python3 setup.py install --root=/rootfs; \
find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /

View File

@ -1,24 +1,28 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/openssl:latest as openssl
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://www.python.org/ftp/python
ENV SRC_VERSION=3.12.0
ENV SRC_HASH=795c34f44df45a0e9b9710c8c71c15c671871524cd412ca14def212e8ccb155d
RUN wget ${SRC_SITE}/${SRC_VERSION}/Python-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} Python-${SRC_VERSION}.tar.xz" | sha256sum -c
RUN tar -xf Python-${SRC_VERSION}.tar.xz
WORKDIR Python-${SRC_VERSION}
COPY --from=gcc . /
COPY --from=binutils . /
COPY --from=make . /
COPY --from=musl . /
COPY --from=openssl . /
FROM base as fetch
RUN wget ${SRC_SITE}/${SRC_VERSION}/Python-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} Python-${SRC_VERSION}.tar.xz" | sha256sum -c
FROM fetch as build
RUN tar -xf Python-${SRC_VERSION}.tar.xz
WORKDIR Python-${SRC_VERSION}
RUN set -eux; \
./configure \
--build="x86_64-linux-musl" \
@ -30,13 +34,18 @@ RUN set -eux; \
--with-lto \
--with-computed-gotos \
--without-ensurepip; \
make; \
make DESTDIR=/home/user/rootfs install
RUN ln -s /usr/bin/python3 /home/user/rootfs/usr/bin/python
COPY --from=musl . /home/user/rootfs/
make
FROM build as install
USER 0:0
RUN set -eux; \
make DESTDIR=/rootfs install; \
ln -s /usr/bin/python3 /rootfs/usr/bin/python
COPY --from=musl . /rootfs/
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
USER 100:100
ENTRYPOINT ["/usr/bin/python"]
CMD ["--version"]

View File

@ -17,8 +17,9 @@ FROM ${REGISTRY}/zlib as zlib
FROM ${REGISTRY}/openssl as openssl
FROM ${REGISTRY}/pkgconf as pkgconf
FROM ${REGISTRY}/llvm:${LLVM_VERSION} as llvm
FROM ${REGISTRY}/busybox as busybox
FROM ${REGISTRY}/busybox as base
FROM busybox as base
ENV BOOTSTRAP_VERSION=1.54.0
ENV SRC_SITE=https://static.rust-lang.org/dist
ENV MRUSTC_VERSION=16d744fd62e74a2d4356df864b5850bf782918da
@ -101,20 +102,20 @@ RUN make -f minicargo.mk LLVM_CONFIG=/usr/bin/llvm-config output/rustc
RUN make -f minicargo.mk LLVM_CONFIG=/usr/bin/llvm-config output/cargo
RUN make -C run_rustc LLVM_CONFIG=/usr/bin/llvm-config
RUN set -eux; \
mkdir -p /home/user/rootfs/usr/bin /home/user/rootfs/usr/lib; \
cp -R run_rustc/output/prefix/* /home/user/rootfs/; \
rm /home/user/rootfs/bin/rustc; \
mv /home/user/rootfs/bin/rustc_binary /home/user/rootfs/usr/bin/rustc; \
mv /home/user/rootfs/bin/cargo /home/user/rootfs/usr/bin/; \
mv /home/user/rootfs/lib/rustlib /home/user/rootfs/usr/lib/rustlib; \
mv /home/user/rootfs/usr/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_driver.so /home/user/rootfs/usr/lib/
COPY --from=musl /lib/* /home/user/rootfs/lib/
COPY --from=gcc /usr/lib/* /home/user/rootfs/usr/lib/
COPY --from=gcc /usr/lib64/* /home/user/rootfs/usr/lib/
mkdir -p /rootfs/usr/bin /rootfs/usr/lib; \
cp -R run_rustc/output/prefix/* /rootfs/; \
rm /rootfs/bin/rustc; \
mv /rootfs/bin/rustc_binary /rootfs/usr/bin/rustc; \
mv /rootfs/bin/cargo /rootfs/usr/bin/; \
mv /rootfs/lib/rustlib /rootfs/usr/lib/rustlib; \
mv /rootfs/usr/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_driver.so /rootfs/usr/lib/
COPY --from=musl /lib/* /rootfs/lib/
COPY --from=gcc /usr/lib/* /rootfs/usr/lib/
COPY --from=gcc /usr/lib64/* /rootfs/usr/lib/
FROM scratch as bootstrap-package
USER 100:100
COPY --from=bootstrap-build /home/user/rootfs/ /
COPY --from=bootstrap-build /rootfs/ /
ENTRYPOINT ["/usr/bin/rustc"]
CMD ["--version"]
@ -139,7 +140,7 @@ RUN set -eux; \
--release-channel="stable" \
--enable-local-rust \
--local-rust-root="/usr" \
--sysconfdir="/home/user/rootfs/etc" \
--sysconfdir="/rootfs/etc" \
--llvm-root="/usr/lib/llvm${LLVM_VERSION}" \
--disable-docs \
--tools="cargo" \
@ -149,7 +150,7 @@ RUN set -eux; \
--enable-vendor \
--dist-compression-formats=gz \
--python="python3" \
--set="install.prefix=/home/user/rootfs/usr" \
--set="install.prefix=/rootfs/usr" \
--set="build.extended=true" \
--set="rust.musl-root=/usr" \
--set="rust.backtrace-on-ice=true" \
@ -167,14 +168,18 @@ RUN set -eux; \
--set="target.x86_64-unknown-linux-musl.ar=ar" \
--set="target.x86_64-unknown-linux-musl.linker=cc"; \
python3 x.py dist
FROM build as install
USER 0:0
RUN python3 x.py install
COPY --from=musl /lib/* /home/user/rootfs/lib/
COPY --from=gcc /usr/lib/* /home/user/rootfs/usr/lib/
COPY --from=gcc /usr/lib64/* /home/user/rootfs/usr/lib/
COPY --from=llvm /usr/lib/* /home/user/rootfs/usr/lib/
COPY --from=musl /lib/* /rootfs/lib/
COPY --from=gcc /usr/lib/* /rootfs/usr/lib/
COPY --from=gcc /usr/lib64/* /rootfs/usr/lib/
COPY --from=llvm /usr/lib/* /rootfs/usr/lib/
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
USER 100:100
COPY --from=build /home/user/rootfs/ /
COPY --from=install /rootfs/ /
ENTRYPOINT ["/usr/bin/rustc"]
CMD ["--version"]

View File

@ -1,31 +1,39 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/bash:latest as bash
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://ftp.gnu.org/gnu/sed
ENV SRC_VERSION=4.9
ENV SRC_HASH=6e226b732e1cd739464ad6862bd1a1aba42d7982922da7a53519631d24975181
RUN wget ${SRC_SITE}/sed-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} sed-${SRC_VERSION}.tar.xz" | sha256sum -c
RUN tar -xf sed-${SRC_VERSION}.tar.xz
WORKDIR sed-${SRC_VERSION}
COPY --from=gcc . /
COPY --from=binutils . /
COPY --from=make . /
COPY --from=musl . /
FROM base as fetch
RUN wget ${SRC_SITE}/sed-${SRC_VERSION}.tar.xz
RUN echo "${SRC_HASH} sed-${SRC_VERSION}.tar.xz" | sha256sum -c
FROM fetch as build
RUN tar -xf sed-${SRC_VERSION}.tar.xz
WORKDIR sed-${SRC_VERSION}
RUN set -eux; \
./configure \
--prefix=/; \
make;
RUN make DESTDIR=/home/user/rootfs install
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
make
FROM build as install
USER 0:0
RUN make DESTDIR=/rootfs install
COPY --from=musl /usr/lib/libc.so /rootfs/lib/ld-musl-x86_64.so.1
RUN find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /
ENTRYPOINT ["/bin/sed"]
CMD ["--version"]

View File

@ -1,20 +1,24 @@
ARG REGISTRY=local
FROM ${REGISTRY}/busybox:latest as busybox
FROM ${REGISTRY}/gcc:latest as gcc
FROM ${REGISTRY}/binutils:latest as binutils
FROM ${REGISTRY}/musl:latest as musl
FROM ${REGISTRY}/make:latest as make
FROM ${REGISTRY}/busybox:latest as busybox
FROM busybox as build
FROM busybox as base
ENV SRC_SITE=https://www.zlib.net/
ENV SRC_VERSION=1.3
ENV SRC_HASH=ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e
COPY --from=gcc . /
COPY --from=binutils . /
COPY --from=make . /
COPY --from=musl . /
ENV SRC_SITE=https://www.zlib.net/
ENV SRC_VERSION=1.3
ENV SRC_HASH=ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e
FROM base as fetch
RUN wget ${SRC_SITE}/zlib-${SRC_VERSION}.tar.gz
RUN echo "${SRC_HASH} zlib-${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build
RUN tar -xf zlib-${SRC_VERSION}.tar.gz
WORKDIR zlib-${SRC_VERSION}
RUN set -eux; \
@ -22,8 +26,13 @@ RUN set -eux; \
--prefix=/usr \
--libdir=/lib \
--shared; \
make;
RUN make DESTDIR=/home/user/rootfs install
make
FROM build as install
USER 0:0
RUN set -eux; \
make DESTDIR=/rootfs install; \
find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package
COPY --from=build /home/user/rootfs /
COPY --from=install /rootfs /