Compare commits
No commits in common. "48726ae4f2d61ece9b697efbe00e0da55de3748e" and "b489017aaa4d18647e4ce1acdc82447f04f9d64f" have entirely different histories.
48726ae4f2
...
b489017aaa
127
Makefile
127
Makefile
|
@ -1,125 +1,40 @@
|
|||
export SOURCE_DATE_EPOCH = 0
|
||||
|
||||
out/bootstrap.oci.tgz:
|
||||
docker build -t imgrep/bootstrap --output type=oci,dest=$@ bootstrap
|
||||
docker build -t imgrep/bootstrap --output type=oci,dest=$@ packages/bootstrap
|
||||
|
||||
out/musl.oci.tgz: \
|
||||
out/bootstrap.oci.tgz
|
||||
docker build -t imgrep/musl --output type=oci,dest=$@ musl
|
||||
docker build -t imgrep/musl --output type=oci,dest=$@ packages/musl
|
||||
|
||||
out/busybox.oci.tgz: \
|
||||
out/bootstrap.oci.tgz
|
||||
docker build -t imgrep/busybox --output type=oci,dest=$@ busybox
|
||||
docker build -t imgrep/busybox --output type=oci,dest=$@ packages/busybox
|
||||
|
||||
out/binutils.oci.tgz: \
|
||||
out/bootstrap.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/binutils --output type=oci,dest=$@ binutils
|
||||
docker build -t imgrep/binutils --output type=oci,dest=$@ packages/binutils
|
||||
|
||||
out/linux-headers.oci.tgz:
|
||||
docker build -t imgrep/linux-headers --output type=oci,dest=$@ linux-headers
|
||||
docker build -t imgrep/linux-headers --output type=oci,dest=$@ packages/linux-headers
|
||||
|
||||
out/gcc.oci.tgz: \
|
||||
out/bootstrap.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/gcc --output type=oci,dest=$@ gcc
|
||||
docker build -t imgrep/gcc --output type=oci,dest=$@ packages/gcc
|
||||
|
||||
out/make.oci.tgz: \
|
||||
out/bootstrap.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/make --output type=oci,dest=$@ make
|
||||
docker build -t imgrep/make --output type=oci,dest=$@ packages/make
|
||||
|
||||
out/ca-certificates.oci.tgz:
|
||||
docker build -t imgrep/ca-certificates --output type=oci,dest=$@ ca-certificates
|
||||
docker build -t imgrep/ca-certificates --output type=oci,dest=$@ packages/ca-certificates
|
||||
|
||||
out/bash.oci.tgz: \
|
||||
out/gcc.oci.tgz
|
||||
docker build -t imgrep/bash --output type=oci,dest=$@ bash
|
||||
|
||||
out/m4.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
out/gcc.oci.tgz \
|
||||
out/binutils.oci.tgz \
|
||||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz
|
||||
docker build -t imgrep/m4 --output type=oci,dest=$@ m4
|
||||
|
||||
out/autoconf.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
out/gcc.oci.tgz \
|
||||
out/binutils.oci.tgz \
|
||||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz \
|
||||
out/perl.oci.tgz \
|
||||
out/m4.oci.tgz
|
||||
docker build -t imgrep/autoconf --output type=oci,dest=$@ autoconf
|
||||
|
||||
out/automake.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
out/gcc.oci.tgz \
|
||||
out/binutils.oci.tgz \
|
||||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz \
|
||||
out/perl.oci.tgz \
|
||||
out/autoconf.oci.tgz \
|
||||
out/m4.oci.tgz
|
||||
docker build -t imgrep/automake --output type=oci,dest=$@ automake
|
||||
|
||||
out/sed.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
out/gcc.oci.tgz \
|
||||
out/binutils.oci.tgz \
|
||||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz
|
||||
docker build -t imgrep/sed --output type=oci,dest=$@ sed
|
||||
|
||||
out/libtool.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
out/gcc.oci.tgz \
|
||||
out/binutils.oci.tgz \
|
||||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz \
|
||||
out/bash.oci.tgz \
|
||||
out/sed.oci.tgz \
|
||||
out/m4.oci.tgz
|
||||
docker build -t imgrep/libtool --output type=oci,dest=$@ libtool
|
||||
|
||||
out/pkgconf.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
out/gcc.oci.tgz \
|
||||
out/binutils.oci.tgz \
|
||||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz \
|
||||
out/libtool.oci.tgz
|
||||
docker build -t imgrep/pkgconf --output type=oci,dest=$@ pkgconf
|
||||
|
||||
out/libxml2.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
out/gcc.oci.tgz \
|
||||
out/binutils.oci.tgz \
|
||||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz \
|
||||
out/bash.oci.tgz \
|
||||
out/python.oci.tgz \
|
||||
out/sed.oci.tgz \
|
||||
out/m4.oci.tgz \
|
||||
out/autoconf.oci.tgz \
|
||||
out/automake.oci.tgz \
|
||||
out/pkgconf.oci.tgz \
|
||||
out/libtool.oci.tgz
|
||||
docker build -t imgrep/libxml2 --output type=oci,dest=$@ libxml2
|
||||
|
||||
out/libunwind.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
out/gcc.oci.tgz \
|
||||
out/binutils.oci.tgz \
|
||||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz \
|
||||
out/bash.oci.tgz \
|
||||
out/autoconf.oci.tgz \
|
||||
out/automake.oci.tgz \
|
||||
out/libtool.oci.tgz
|
||||
docker build -t imgrep/libunwind --output type=oci,dest=$@ libunwind
|
||||
docker build -t imgrep/bash --output type=oci,dest=$@ packages/bash
|
||||
|
||||
out/openssl.oci.tgz: \
|
||||
out/gcc.oci.tgz \
|
||||
|
@ -127,7 +42,7 @@ out/openssl.oci.tgz: \
|
|||
out/busybox.oci.tgz \
|
||||
out/linux-headers.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/openssl --output type=oci,dest=$@ openssl
|
||||
docker build -t imgrep/openssl --output type=oci,dest=$@ packages/openssl
|
||||
|
||||
out/go.oci.tgz: \
|
||||
out/gcc.oci.tgz \
|
||||
|
@ -135,7 +50,7 @@ out/go.oci.tgz: \
|
|||
out/busybox.oci.tgz \
|
||||
out/bash.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/go --output type=oci,dest=$@ go
|
||||
docker build -t imgrep/go --output type=oci,dest=$@ packages/go
|
||||
|
||||
out/perl.oci.tgz: \
|
||||
out/gcc.oci.tgz \
|
||||
|
@ -143,7 +58,7 @@ out/perl.oci.tgz: \
|
|||
out/busybox.oci.tgz \
|
||||
out/make.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/perl --output type=oci,dest=$@ perl
|
||||
docker build -t imgrep/perl --output type=oci,dest=$@ packages/perl
|
||||
|
||||
out/curl.oci.tgz: \
|
||||
out/gcc.oci.tgz \
|
||||
|
@ -153,7 +68,7 @@ out/curl.oci.tgz: \
|
|||
out/binutils.oci.tgz \
|
||||
out/openssl.oci.tgz \
|
||||
out/ca-certificates.oci.tgz
|
||||
docker build -t imgrep/curl --output type=oci,dest=$@ curl
|
||||
docker build -t imgrep/curl --output type=oci,dest=$@ packages/curl
|
||||
|
||||
out/python.oci.tgz: \
|
||||
out/gcc.oci.tgz \
|
||||
|
@ -163,7 +78,7 @@ out/python.oci.tgz: \
|
|||
out/openssl.oci.tgz \
|
||||
out/make.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/python --output type=oci,dest=$@ python
|
||||
docker build -t imgrep/python --output type=oci,dest=$@ packages/python
|
||||
|
||||
out/ninja.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
|
@ -173,7 +88,7 @@ out/ninja.oci.tgz: \
|
|||
out/make.oci.tgz \
|
||||
out/openssl.oci.tgz \
|
||||
out/python.oci.tgz
|
||||
docker build -t imgrep/ninja --output type=oci,dest=$@ ninja
|
||||
docker build -t imgrep/ninja --output type=oci,dest=$@ packages/ninja
|
||||
|
||||
out/cmake.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
|
@ -183,12 +98,12 @@ out/cmake.oci.tgz: \
|
|||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz \
|
||||
out/linux-headers.oci.tgz
|
||||
docker build -t imgrep/cmake --output type=oci,dest=$@ cmake
|
||||
docker build -t imgrep/cmake --output type=oci,dest=$@ packages/cmake
|
||||
|
||||
out/py-setuptools.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
out/python.oci.tgz
|
||||
docker build -t imgrep/py-setuptools --output type=oci,dest=$@ py-setuptools
|
||||
docker build -t imgrep/py-setuptools --output type=oci,dest=$@ packages/py-setuptools
|
||||
|
||||
out/zlib.oci.tgz: \
|
||||
out/busybox.oci.tgz \
|
||||
|
@ -196,7 +111,7 @@ out/zlib.oci.tgz: \
|
|||
out/binutils.oci.tgz \
|
||||
out/musl.oci.tgz \
|
||||
out/make.oci.tgz
|
||||
docker build -t imgrep/zlib --output type=oci,dest=$@ zlib
|
||||
docker build -t imgrep/zlib --output type=oci,dest=$@ packages/zlib
|
||||
|
||||
out/llvm.oci.tgz: \
|
||||
out/gcc.oci.tgz \
|
||||
|
@ -208,7 +123,7 @@ out/llvm.oci.tgz: \
|
|||
out/ninja.oci.tgz \
|
||||
out/busybox.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/llvm --output type=oci,dest=$@ llvm
|
||||
docker build -t imgrep/llvm --output type=oci,dest=$@ packages/llvm
|
||||
|
||||
out/llvm13.oci.tgz: \
|
||||
out/gcc.oci.tgz \
|
||||
|
@ -220,7 +135,7 @@ out/llvm13.oci.tgz: \
|
|||
out/ninja.oci.tgz \
|
||||
out/busybox.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/llvm13 --output type=oci,dest=$@ llvm13
|
||||
docker build -t imgrep/llvm13 --output type=oci,dest=$@ packages/llvm13
|
||||
|
||||
out/rust.oci.tgz: \
|
||||
out/gcc.oci.tgz \
|
||||
|
@ -232,7 +147,7 @@ out/rust.oci.tgz: \
|
|||
out/make.oci.tgz \
|
||||
out/busybox.oci.tgz \
|
||||
out/musl.oci.tgz
|
||||
docker build -t imgrep/rust --output type=oci,dest=$@ rust
|
||||
docker build -t imgrep/rust --output type=oci,dest=$@ packages/rust
|
||||
|
||||
test:
|
||||
docker build -t imgrep/test-c tests/c
|
||||
|
|
118
README.md
118
README.md
|
@ -1,118 +0,0 @@
|
|||
# ImgRep
|
||||
|
||||
Repository of reproducibly built images of common open source Linux toolchains
|
||||
and software with reputation anchored signatures.
|
||||
|
||||
## About
|
||||
|
||||
We have learned a lot of lessons about supply chain integrity over the years,
|
||||
and the greatest of them may be that any system that is complex to review and
|
||||
assigns trust of significant components to single human points of failure, is
|
||||
doomed to have failure.
|
||||
|
||||
Most linux distributions rely on complex package management systems for which
|
||||
only a single implementation exists. They assign package signing privileges to
|
||||
individual maintainers at best. Modern popular distros often fail to even do
|
||||
this, having a central machine somewhere blindly signing all unsigned
|
||||
contributions from the public.
|
||||
|
||||
We will cover an exhaustive comparison of the supply chain strategies of other
|
||||
linux distros elsewhere, but suffice to say while many are pursuing
|
||||
reproducible builds, minimalism, or signing... any one distro delivering on all
|
||||
of these does not seem in the cards any time soon.
|
||||
|
||||
This is generally a human problem. Most distros end up generating a lot of
|
||||
custom tooling for package management, which in turn rapidly grows in
|
||||
complexity to meet demands ranging from hobby desktop systems production
|
||||
servers.
|
||||
|
||||
This complexity demands a lot of cycles to maintain, and this means in practice
|
||||
lowering the barrier to entry to allow any hobbyist to contribute and maintain
|
||||
packages with minimal friction and rarely a requirement of signing keys or
|
||||
mandatory reproducible builds, let alone multiple signed reproduction proofs.
|
||||
|
||||
Suffice to say, we feel every current Linux distribution has single points of
|
||||
human failure, or review complexity, that makes it undesirable for threat
|
||||
models that assume any single human can be hacked or coerced.
|
||||
|
||||
## Building
|
||||
|
||||
### Requirements
|
||||
|
||||
* An OCI building runtime
|
||||
* Currently Docker supported, but will support buildah and podman
|
||||
* Gnu Make
|
||||
|
||||
### Examples
|
||||
|
||||
#### Compile all packages
|
||||
|
||||
```
|
||||
make
|
||||
```
|
||||
|
||||
#### Compile specific package
|
||||
|
||||
```
|
||||
make out/rust.tgz
|
||||
```
|
||||
|
||||
#### Reproduce all changed packages
|
||||
|
||||
```
|
||||
make reproduce
|
||||
```
|
||||
|
||||
#### Reproduce all packages without cache
|
||||
|
||||
```
|
||||
make clean reproduce
|
||||
```
|
||||
|
||||
#### Sign current manifest of package hashes
|
||||
|
||||
```
|
||||
make sign
|
||||
```
|
||||
|
||||
## Goals
|
||||
|
||||
Not all of these goals are realized yet, but should at least help you decide
|
||||
if this project is something you want to contribute to or keep an eye on for
|
||||
the future.
|
||||
|
||||
### Integrity
|
||||
|
||||
* Anyone can reproduce the entire tree with tools from their current distro
|
||||
* Hosted CI servers auto-sign confirmed deterministic builds
|
||||
* Like NixOS
|
||||
* Maintainers sign all package additions/changes
|
||||
* Like Gentoo, Debian, Fedora, Guix
|
||||
* Reviewers locally build and counter-sign all new binary packages
|
||||
* No one does this, as far as we can tell.
|
||||
|
||||
### Reproducibility
|
||||
|
||||
* Trust no single external source of binaries
|
||||
* Bootstrap from two different third party signed distros
|
||||
* Never use external binaries
|
||||
* Bootstrap from 0, always, even if it means going back in time
|
||||
* Go, rust require extensive work to bootstrap all the way back to gcc
|
||||
* Guix is the only distro that does this for rust to our knowledge
|
||||
* Full-Source Bootstrap from x86_64 assembly
|
||||
* Take maximum advantage of the hard won wins by the Guix team
|
||||
* Bootstrap from guile driver reproduced on multiple signed distros
|
||||
|
||||
### Minimalism
|
||||
|
||||
* Based on musl libc
|
||||
* Basis of successful minimal distros like Alpine, Adelie, Talos, Void
|
||||
* Implemented with about 1/4 the code of glibc
|
||||
* Required to produce portable static binaries in some languages
|
||||
* Less prone to buffer overflows
|
||||
* Puts being light, fast, and correct before compatibility
|
||||
* Package using tools you already have
|
||||
* OCI build tool of choice (Docker, Buildah, Podman)
|
||||
* Make (for dependency management)
|
||||
* Prove hashes of bootstrap layer builds match before proceeding
|
||||
* Keep package definitions lean and readable with simple CLI and no magic
|
|
@ -1,34 +0,0 @@
|
|||
FROM imgrep/busybox:latest as busybox
|
||||
FROM imgrep/gcc:latest as gcc
|
||||
FROM imgrep/binutils:latest as binutils
|
||||
FROM imgrep/musl:latest as musl
|
||||
FROM imgrep/make:latest as make
|
||||
FROM imgrep/m4:latest as m4
|
||||
FROM imgrep/perl:latest as perl
|
||||
|
||||
FROM busybox as build
|
||||
ENV SRC_SITE=https://ftp.gnu.org/gnu/autoconf
|
||||
ENV SRC_VERSION=2.71
|
||||
ENV SRC_HASH=f14c83cfebcc9427f2c3cea7258bd90df972d92eb26752da4ddad81c87a0faa4
|
||||
RUN wget ${SRC_SITE}/autoconf-${SRC_VERSION}.tar.xz
|
||||
RUN echo "${SRC_HASH} autoconf-${SRC_VERSION}.tar.xz" | sha256sum -c
|
||||
RUN tar -xf autoconf-${SRC_VERSION}.tar.xz
|
||||
WORKDIR autoconf-${SRC_VERSION}
|
||||
COPY --from=gcc . /
|
||||
COPY --from=binutils . /
|
||||
COPY --from=make . /
|
||||
COPY --from=musl . /
|
||||
COPY --from=m4 . /
|
||||
COPY --from=perl . /
|
||||
ENV M4=/usr/bin/m4
|
||||
RUN set -eux; \
|
||||
./configure \
|
||||
--prefix=/usr; \
|
||||
make;
|
||||
RUN make DESTDIR=/home/user/rootfs install
|
||||
COPY --from=perl . /home/user/rootfs/
|
||||
|
||||
FROM scratch
|
||||
COPY --from=build /home/user/rootfs /
|
||||
ENTRYPOINT ["/usr/bin/autoreconf"]
|
||||
CMD ["--version"]
|
|
@ -1,36 +0,0 @@
|
|||
FROM imgrep/busybox:latest as busybox
|
||||
FROM imgrep/gcc:latest as gcc
|
||||
FROM imgrep/binutils:latest as binutils
|
||||
FROM imgrep/musl:latest as musl
|
||||
FROM imgrep/make:latest as make
|
||||
FROM imgrep/perl:latest as perl
|
||||
FROM imgrep/autoconf:latest as autoconf
|
||||
FROM imgrep/m4:latest as m4
|
||||
|
||||
FROM busybox as build
|
||||
ENV SRC_SITE=https://ftp.gnu.org/gnu/automake
|
||||
ENV SRC_VERSION=1.16.5
|
||||
ENV SRC_HASH=f01d58cd6d9d77fbdca9eb4bbd5ead1988228fdb73d6f7a201f5f8d6b118b469
|
||||
RUN wget ${SRC_SITE}/automake-${SRC_VERSION}.tar.xz
|
||||
RUN echo "${SRC_HASH} automake-${SRC_VERSION}.tar.xz" | sha256sum -c
|
||||
RUN tar -xf automake-${SRC_VERSION}.tar.xz
|
||||
WORKDIR automake-${SRC_VERSION}
|
||||
COPY --from=gcc . /
|
||||
COPY --from=binutils . /
|
||||
COPY --from=make . /
|
||||
COPY --from=musl . /
|
||||
COPY --from=perl . /
|
||||
COPY --from=m4 . /
|
||||
COPY --from=autoconf . /
|
||||
RUN set -eux; \
|
||||
./configure \
|
||||
--prefix=/usr; \
|
||||
make;
|
||||
RUN make DESTDIR=/home/user/rootfs install
|
||||
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
|
||||
COPY --from=perl . /home/user/rootfs/
|
||||
|
||||
FROM scratch
|
||||
COPY --from=build /home/user/rootfs /
|
||||
ENTRYPOINT ["/usr/bin/automake"]
|
||||
CMD ["--version"]
|
|
@ -1,36 +0,0 @@
|
|||
FROM imgrep/busybox:latest as busybox
|
||||
FROM imgrep/gcc:latest as gcc
|
||||
FROM imgrep/binutils:latest as binutils
|
||||
FROM imgrep/musl:latest as musl
|
||||
FROM imgrep/make:latest as make
|
||||
FROM imgrep/m4:latest as m4
|
||||
FROM imgrep/bash:latest as bash
|
||||
FROM imgrep/sed:latest as sed
|
||||
|
||||
FROM busybox as build
|
||||
ENV SRC_SITE=https://ftp.gnu.org/gnu/libtool
|
||||
ENV SRC_VERSION=2.4.6
|
||||
ENV SRC_HASH=7c87a8c2c8c0fc9cd5019e402bed4292462d00a718a7cd5f11218153bf28b26f
|
||||
RUN wget ${SRC_SITE}/libtool-${SRC_VERSION}.tar.xz
|
||||
RUN echo "${SRC_HASH} libtool-${SRC_VERSION}.tar.xz" | sha256sum -c
|
||||
RUN tar -xf libtool-${SRC_VERSION}.tar.xz
|
||||
WORKDIR libtool-${SRC_VERSION}
|
||||
COPY --from=gcc . /
|
||||
COPY --from=binutils . /
|
||||
COPY --from=make . /
|
||||
COPY --from=musl . /
|
||||
COPY --from=m4 . /
|
||||
RUN set -eux; \
|
||||
./configure \
|
||||
--prefix=/usr; \
|
||||
make;
|
||||
RUN make DESTDIR=/home/user/rootfs install
|
||||
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
|
||||
COPY --from=bash . /home/user/rootfs
|
||||
COPY --from=sed . /home/user/rootfs
|
||||
RUN ln -s /usr/bin/bash /home/user/rootfs/bin/sh
|
||||
|
||||
FROM scratch
|
||||
COPY --from=build /home/user/rootfs /
|
||||
ENTRYPOINT ["/usr/bin/libtool"]
|
||||
CMD ["--version"]
|
|
@ -1,41 +0,0 @@
|
|||
FROM imgrep/busybox:latest as busybox
|
||||
FROM imgrep/gcc:latest as gcc
|
||||
FROM imgrep/binutils:latest as binutils
|
||||
FROM imgrep/musl:latest as musl
|
||||
FROM imgrep/make:latest as make
|
||||
FROM imgrep/autoconf:latest as autoconf
|
||||
FROM imgrep/automake:latest as automake
|
||||
FROM imgrep/libtool:latest as libtool
|
||||
|
||||
FROM busybox as build
|
||||
ENV SRC_SITE=https://github.com/libunwind/libunwind/releases/download
|
||||
ENV SRC_VERSION=1.7.2
|
||||
ENV SRC_HASH=a18a6a24307443a8ace7a8acc2ce79fbbe6826cd0edf98d6326d0225d6a5d6e6
|
||||
RUN wget ${SRC_SITE}/v${SRC_VERSION}/libunwind-${SRC_VERSION}.tar.gz
|
||||
RUN echo "${SRC_HASH} libunwind-${SRC_VERSION}.tar.gz" | sha256sum -c
|
||||
RUN tar -xf libunwind-${SRC_VERSION}.tar.gz
|
||||
WORKDIR libunwind-${SRC_VERSION}
|
||||
COPY --from=gcc . /
|
||||
COPY --from=binutils . /
|
||||
COPY --from=make . /
|
||||
COPY --from=musl . /
|
||||
COPY --from=autoconf . /
|
||||
COPY --from=automake . /
|
||||
COPY --from=libtool . /
|
||||
#LDFLAGS="-lucontext" CFLAGS="-fno-stack-protector" \
|
||||
RUN set -eux; \
|
||||
./configure \
|
||||
--build=x86_64-unknown-linux-musl \
|
||||
--host=x86_64-unknown-linux-musl \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc \
|
||||
--mandir=/usr/share/man \
|
||||
--localstatedir=/usr/share/man \
|
||||
--enable-cxx-exceptions \
|
||||
--disable-tests \
|
||||
--infodir=/usr/share/info; \
|
||||
make;
|
||||
RUN make DESTDIR=/home/user/rootfs install
|
||||
|
||||
FROM scratch
|
||||
COPY --from=build /home/user/rootfs /
|
|
@ -1,47 +0,0 @@
|
|||
FROM imgrep/busybox:latest as busybox
|
||||
FROM imgrep/gcc:latest as gcc
|
||||
FROM imgrep/binutils:latest as binutils
|
||||
FROM imgrep/musl:latest as musl
|
||||
FROM imgrep/make:latest as make
|
||||
FROM imgrep/autoconf:latest as autoconf
|
||||
FROM imgrep/automake:latest as automake
|
||||
FROM imgrep/libtool:latest as libtool
|
||||
FROM imgrep/pkgconf:latest as pkgconf
|
||||
FROM imgrep/python:latest as python
|
||||
FROM imgrep/m4:latest as m4
|
||||
|
||||
FROM busybox as build
|
||||
ENV SRC_SITE=https://gitlab.gnome.org/GNOME/libxml2/-/archive
|
||||
ENV SRC_VERSION=2.12.1
|
||||
ENV SRC_HASH=1090e62c5a1900429f63e4681263b96e7829876ccbc66cf2d9266cd589f67286
|
||||
RUN wget ${SRC_SITE}/v${SRC_VERSION}/libxml2-v${SRC_VERSION}.tar.gz
|
||||
RUN echo "${SRC_HASH} libxml2-v${SRC_VERSION}.tar.gz" | sha256sum -c
|
||||
RUN tar -xf libxml2-v${SRC_VERSION}.tar.gz
|
||||
WORKDIR libxml2-v${SRC_VERSION}
|
||||
COPY --from=gcc . /
|
||||
COPY --from=binutils . /
|
||||
COPY --from=make . /
|
||||
COPY --from=musl . /
|
||||
COPY --from=python . /
|
||||
COPY --from=autoconf . /
|
||||
COPY --from=automake . /
|
||||
COPY --from=pkgconf . /
|
||||
COPY --from=libtool . /
|
||||
COPY --from=m4 . /
|
||||
RUN ls -lah
|
||||
RUN set -eux; \
|
||||
sh autogen.sh; \
|
||||
./configure \
|
||||
--build=x86_64-unknown-linux-musl \
|
||||
--host=x86_64-unknown-linux-musl \
|
||||
--target=x86_64-unknown-linux-musl \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc \
|
||||
--mandir=/usr/share/man \
|
||||
--infodir=/usr/share/info; \
|
||||
make;
|
||||
RUN make DESTDIR=/home/user/rootfs install
|
||||
RUN ls -Rlah /home/user/rootfs
|
||||
|
||||
FROM scratch
|
||||
COPY --from=build /home/user/rootfs /
|
|
@ -1,30 +0,0 @@
|
|||
FROM imgrep/busybox:latest as busybox
|
||||
FROM imgrep/gcc:latest as gcc
|
||||
FROM imgrep/binutils:latest as binutils
|
||||
FROM imgrep/musl:latest as musl
|
||||
FROM imgrep/make:latest as make
|
||||
|
||||
FROM busybox as build
|
||||
COPY --from=gcc . /
|
||||
COPY --from=binutils . /
|
||||
COPY --from=make . /
|
||||
COPY --from=musl . /
|
||||
ENV SRC_SITE=https://ftp.gnu.org/gnu/m4
|
||||
ENV SRC_VERSION=1.4.19
|
||||
ENV SRC_HASH=63aede5c6d33b6d9b13511cd0be2cac046f2e70fd0a07aa9573a04a82783af96
|
||||
RUN wget ${SRC_SITE}/m4-${SRC_VERSION}.tar.xz
|
||||
|
||||
RUN echo "${SRC_HASH} m4-${SRC_VERSION}.tar.xz" | sha256sum -c
|
||||
RUN tar -xf m4-${SRC_VERSION}.tar.xz
|
||||
WORKDIR m4-${SRC_VERSION}
|
||||
RUN set -eux; \
|
||||
./configure \
|
||||
--prefix=/usr; \
|
||||
make;
|
||||
RUN make DESTDIR=/home/user/rootfs install
|
||||
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
|
||||
|
||||
FROM scratch
|
||||
COPY --from=build /home/user/rootfs /
|
||||
ENTRYPOINT ["/usr/bin/m4"]
|
||||
CMD ["--version"]
|
|
@ -30,7 +30,7 @@ RUN set -eux; \
|
|||
RUN set -eux; \
|
||||
make DESTDIR=/home/user/rootfs install; \
|
||||
mkdir -p /home/user/rootfs/usr/bin; \
|
||||
printf "%s\n%s\n" '#!/bin/sh' 'exec /lib/ld-musl-x86_64.so.1 --list "\$@"' \
|
||||
printf "%s\n%s\n" '#!/bin/sh' 'exec /lib/$LDSO --list "\$@"' \
|
||||
> /home/user/rootfs/usr/bin/ldd; \
|
||||
chmod 755 /home/user/rootfs/usr/bin/ldd; \
|
||||
mv -f /home/user/rootfs/usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1; \
|
|
@ -1,30 +0,0 @@
|
|||
FROM imgrep/busybox:latest as busybox
|
||||
FROM imgrep/gcc:latest as gcc
|
||||
FROM imgrep/binutils:latest as binutils
|
||||
FROM imgrep/musl:latest as musl
|
||||
FROM imgrep/make:latest as make
|
||||
|
||||
FROM busybox as build
|
||||
ENV SRC_SITE=https://distfiles.ariadne.space/pkgconf/
|
||||
ENV SRC_VERSION=1.6.3
|
||||
ENV SRC_HASH=61f0b31b0d5ea0e862b454a80c170f57bad47879c0c42bd8de89200ff62ea210
|
||||
RUN wget ${SRC_SITE}/pkgconf-${SRC_VERSION}.tar.xz
|
||||
RUN echo "${SRC_HASH} pkgconf-${SRC_VERSION}.tar.xz" | sha256sum -c
|
||||
RUN tar -xf pkgconf-${SRC_VERSION}.tar.xz
|
||||
WORKDIR pkgconf-${SRC_VERSION}
|
||||
COPY --from=gcc . /
|
||||
COPY --from=binutils . /
|
||||
COPY --from=make . /
|
||||
COPY --from=musl . /
|
||||
RUN set -eux; \
|
||||
./configure \
|
||||
--prefix=/usr; \
|
||||
make;
|
||||
RUN make DESTDIR=/home/user/rootfs install
|
||||
RUN ln -s pkgconf /home/user/rootfs/usr/bin/pkg-config
|
||||
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
|
||||
|
||||
FROM scratch
|
||||
COPY --from=build /home/user/rootfs /
|
||||
ENTRYPOINT ["/usr/bin/pkgconf"]
|
||||
CMD ["--version"]
|
|
@ -1,30 +0,0 @@
|
|||
FROM imgrep/busybox:latest as busybox
|
||||
FROM imgrep/gcc:latest as gcc
|
||||
FROM imgrep/binutils:latest as binutils
|
||||
FROM imgrep/musl:latest as musl
|
||||
FROM imgrep/make:latest as make
|
||||
FROM imgrep/bash:latest as bash
|
||||
|
||||
FROM busybox as build
|
||||
ENV SRC_SITE=https://ftp.gnu.org/gnu/sed
|
||||
ENV SRC_VERSION=4.9
|
||||
ENV SRC_HASH=6e226b732e1cd739464ad6862bd1a1aba42d7982922da7a53519631d24975181
|
||||
RUN wget ${SRC_SITE}/sed-${SRC_VERSION}.tar.xz
|
||||
RUN echo "${SRC_HASH} sed-${SRC_VERSION}.tar.xz" | sha256sum -c
|
||||
RUN tar -xf sed-${SRC_VERSION}.tar.xz
|
||||
WORKDIR sed-${SRC_VERSION}
|
||||
COPY --from=gcc . /
|
||||
COPY --from=binutils . /
|
||||
COPY --from=make . /
|
||||
COPY --from=musl . /
|
||||
RUN set -eux; \
|
||||
./configure \
|
||||
--prefix=/; \
|
||||
make;
|
||||
RUN make DESTDIR=/home/user/rootfs install
|
||||
COPY --from=musl /usr/lib/libc.so /home/user/rootfs/lib/ld-musl-x86_64.so.1
|
||||
|
||||
FROM scratch
|
||||
COPY --from=build /home/user/rootfs /
|
||||
ENTRYPOINT ["/bin/sed"]
|
||||
CMD ["--version"]
|
Reference in New Issue