Compare commits
2 Commits
984ac07d63
...
b823d29aef
Author | SHA1 | Date |
---|---|---|
Lance Vick | b823d29aef | |
Lance Vick | 2bafad8aab |
|
@ -256,6 +256,7 @@ ADD --checksum=sha256:f4a245b94124b377d8b49646bf421f9155d36aa7614b6ebf83705d3ffc
|
||||||
ADD --checksum=sha256:dd172acb53867a68012f94c17389401b2f274a1aa5ae8f84cbfb8b7e383ea8d3 http://ixpeering.dl.sourceforge.net/project/lzmautils/xz-5.4.1.tar.bz2 ./
|
ADD --checksum=sha256:dd172acb53867a68012f94c17389401b2f274a1aa5ae8f84cbfb8b7e383ea8d3 http://ixpeering.dl.sourceforge.net/project/lzmautils/xz-5.4.1.tar.bz2 ./
|
||||||
ADD --checksum=sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 https://zlib.net/fossils/zlib-1.2.13.tar.gz ./
|
ADD --checksum=sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 https://zlib.net/fossils/zlib-1.2.13.tar.gz ./
|
||||||
|
|
||||||
|
# HACK: stage0 tar is currently incompatible with symlinks and github tgz files
|
||||||
#FROM base as extract
|
#FROM base as extract
|
||||||
#COPY --from=stagex/stage0 . /
|
#COPY --from=stagex/stage0 . /
|
||||||
#COPY --from=fetch distfiles/live-bootstrap.tgz .
|
#COPY --from=fetch distfiles/live-bootstrap.tgz .
|
||||||
|
@ -268,14 +269,11 @@ ADD --checksum=sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f8
|
||||||
# echo "" > lrvick-live-bootstrap-fc6eeb6/steps/lwext4-1.0.0-lb1/files/fiwix-file-list.txt
|
# echo "" > lrvick-live-bootstrap-fc6eeb6/steps/lwext4-1.0.0-lb1/files/fiwix-file-list.txt
|
||||||
#EOF
|
#EOF
|
||||||
#RUN --network=none ./extract.kaem
|
#RUN --network=none ./extract.kaem
|
||||||
|
|
||||||
# temporary hack as above tar is incompatible with symliks and github tgz files
|
|
||||||
FROM debian@sha256:bac353db4cc04bc672b14029964e686cd7bad56fe34b51f432c1a1304b9928da as extract
|
FROM debian@sha256:bac353db4cc04bc672b14029964e686cd7bad56fe34b51f432c1a1304b9928da as extract
|
||||||
COPY --from=fetch distfiles/live-bootstrap.tgz .
|
COPY --from=fetch distfiles/live-bootstrap.tgz .
|
||||||
RUN <<-EOF
|
RUN --network=none tar -xvf live-bootstrap.tgz
|
||||||
tar -xvf live-bootstrap.tgz
|
# HACK: fixed in live-bootstrap upstream and can be dropped on next source bump
|
||||||
echo "" > lrvick-live-bootstrap-fc6eeb6/steps/lwext4-1.0.0-lb1/files/fiwix-file-list.txt
|
RUN echo "" > lrvick-live-bootstrap-fc6eeb6/steps/lwext4-1.0.0-lb1/files/fiwix-file-list.txt
|
||||||
EOF
|
|
||||||
|
|
||||||
FROM base as build
|
FROM base as build
|
||||||
USER 0:0
|
USER 0:0
|
||||||
|
@ -313,12 +311,22 @@ COPY <<-EOF install.kaem
|
||||||
cp -R lib usr bin var etc /rootfs/
|
cp -R lib usr bin var etc /rootfs/
|
||||||
rm /rootfs/etc/hosts
|
rm /rootfs/etc/hosts
|
||||||
rm /rootfs/etc/resolv.conf
|
rm /rootfs/etc/resolv.conf
|
||||||
|
# HACK: This has been fixed upstream and can be dropped on next source bump
|
||||||
|
rm -rf /usr/lib/python*/__pycache__;
|
||||||
EOF
|
EOF
|
||||||
SHELL ["/x86/bin/kaem","--verbose","--strict","--file"]
|
SHELL ["/x86/bin/kaem","--verbose","--strict","--file"]
|
||||||
RUN --network=none ./install.kaem
|
RUN --network=none ./install.kaem
|
||||||
|
|
||||||
|
# HACK: Zero out timestamps
|
||||||
|
# We can drop this when either of the following happens:
|
||||||
|
# - buildkit 0.13+ w/ "rewrite-timestamps=true" feature ships in stable Docker
|
||||||
|
# - a "find/touch" tool ships with stage0
|
||||||
|
FROM debian@sha256:bac353db4cc04bc672b14029964e686cd7bad56fe34b51f432c1a1304b9928da as touch
|
||||||
|
COPY --from=install /rootfs /rootfs
|
||||||
|
RUN --network=none find /rootfs -exec touch -hcd "@0" "{}" +
|
||||||
|
|
||||||
FROM scratch as package
|
FROM scratch as package
|
||||||
COPY --from=install /rootfs /
|
COPY --from=touch /rootfs /
|
||||||
USER 1000:1000
|
USER 1000:1000
|
||||||
ENTRYPOINT ["/bin/bash"]
|
ENTRYPOINT ["/bin/bash"]
|
||||||
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|
|
@ -1,24 +1,26 @@
|
||||||
FROM stagex/stage3 as base
|
FROM scratch as base
|
||||||
ENV SRC_SITE http://musl.libc.org
|
ARG ARCH=x86_64
|
||||||
ENV SRC_VERSION 1.2.4
|
ENV VERSION 1.2.4
|
||||||
|
ENV SRC_FILE musl-${VERSION}.tar.gz
|
||||||
|
ENV SRC_SITE http://musl.libc.org/${SRC_FILE}
|
||||||
ENV SRC_HASH 7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039
|
ENV SRC_HASH 7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039
|
||||||
ENV CFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security"
|
ENV CFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security"
|
||||||
ENV CXXFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security -D_GLIBCXX_ASSERTIONS=1 -D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS=1 -D_LIBCPP_ENABLE_HARDENED_MODE=1"
|
ENV CXXFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security -D_GLIBCXX_ASSERTIONS=1 -D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS=1 -D_LIBCPP_ENABLE_HARDENED_MODE=1"
|
||||||
ENV LDFLAGS="-Wl,--as-needed,-O1,--sort-common -Wl,-soname,libc.musl-${ARCH}.so.1"
|
ENV LDFLAGS="-Wl,--as-needed,-O1,--sort-common -Wl,-soname,libc.musl-${ARCH}.so.1"
|
||||||
|
|
||||||
FROM base as fetch
|
FROM base as fetch
|
||||||
WORKDIR ${HOME}
|
ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
|
||||||
RUN wget ${SRC_SITE}/releases/musl-$SRC_VERSION.tar.gz
|
|
||||||
RUN echo "${SRC_HASH} musl-${SRC_VERSION}.tar.gz" | sha256sum -c
|
|
||||||
|
|
||||||
FROM fetch as build
|
FROM fetch as build
|
||||||
RUN tar -xzf musl-${SRC_VERSION}.tar.gz
|
COPY --from=stagex/stage3 . /
|
||||||
WORKDIR musl-${SRC_VERSION}
|
RUN tar -xzf ${SRC_FILE}
|
||||||
|
WORKDIR musl-${VERSION}
|
||||||
ADD *.patch .
|
ADD *.patch .
|
||||||
RUN set -eux; \
|
RUN --network=none <<-EOF
|
||||||
patch -p1 < lfs64.patch; \
|
set -eux; \
|
||||||
patch -p1 < lfs64-2.patch; \
|
patch -p1 < lfs64.patch
|
||||||
patch -p1 < relr-typedefs.patch; \
|
patch -p1 < lfs64-2.patch
|
||||||
|
patch -p1 < relr-typedefs.patch
|
||||||
./configure \
|
./configure \
|
||||||
--build=${ARCH}-linux-musl \
|
--build=${ARCH}-linux-musl \
|
||||||
--host=${ARCH}-linux-musl \
|
--host=${ARCH}-linux-musl \
|
||||||
|
@ -27,21 +29,22 @@ RUN set -eux; \
|
||||||
--mandir=/usr/share/man \
|
--mandir=/usr/share/man \
|
||||||
--infodir=/usr/share/info \
|
--infodir=/usr/share/info \
|
||||||
--localstatedir=/var \
|
--localstatedir=/var \
|
||||||
--enable-debug; \
|
--enable-debug
|
||||||
make
|
make
|
||||||
|
EOF
|
||||||
|
|
||||||
FROM build as install
|
FROM build as install
|
||||||
USER 0:0
|
RUN --network=none <<-EOF
|
||||||
RUN set -eux; \
|
set -eux
|
||||||
make DESTDIR=/rootfs install; \
|
make DESTDIR=/rootfs install
|
||||||
mkdir -p /rootfs/usr/bin; \
|
mkdir -p /rootfs/usr/bin
|
||||||
printf "%s\n%s\n" '#!/bin/sh' 'exec /lib/ld-musl-${ARCH}.so.1 --list "$@"' \
|
printf "%s\n%s\n" '#!/bin/sh' 'exec /lib/ld-musl-${ARCH}.so.1 --list "$@"' \
|
||||||
> /rootfs/usr/bin/ldd; \
|
> /rootfs/usr/bin/ldd; \
|
||||||
chmod 755 /rootfs/usr/bin/ldd; \
|
chmod 755 /rootfs/usr/bin/ldd
|
||||||
mv -f /rootfs/usr/lib/libc.so /rootfs/lib/ld-musl-${ARCH}.so.1; \
|
mv -f /rootfs/usr/lib/libc.so /rootfs/lib/ld-musl-${ARCH}.so.1
|
||||||
ln -sf ld-musl-${ARCH}.so.1 /rootfs/lib/libc.musl-${ARCH}.so.1; \
|
ln -sf ld-musl-${ARCH}.so.1 /rootfs/lib/libc.musl-${ARCH}.so.1
|
||||||
ln -sf ../../lib/ld-musl-${ARCH}.so.1 /rootfs/usr/lib/libc.so; \
|
ln -sf ../../lib/ld-musl-${ARCH}.so.1 /rootfs/usr/lib/libc.so
|
||||||
find /rootfs -exec touch -hcd "@0" "{}" +
|
EOF
|
||||||
|
|
||||||
FROM scratch as package
|
FROM scratch as package
|
||||||
COPY --from=install /rootfs /
|
COPY --from=install /rootfs /
|
||||||
|
|
|
@ -36,6 +36,7 @@ define build
|
||||||
build \
|
build \
|
||||||
--ulimit nofile=2048:16384 \
|
--ulimit nofile=2048:16384 \
|
||||||
--tag $(REGISTRY)/$(NAME):$(VERSION) \
|
--tag $(REGISTRY)/$(NAME):$(VERSION) \
|
||||||
|
--build-arg SOURCE_DATE_EPOCH=1 \
|
||||||
--build-arg REGISTRY=$(REGISTRY) \
|
--build-arg REGISTRY=$(REGISTRY) \
|
||||||
--build-arg CORES=$(shell nproc --all) \
|
--build-arg CORES=$(shell nproc --all) \
|
||||||
--platform $(PLATFORM) \
|
--platform $(PLATFORM) \
|
||||||
|
|
Reference in New Issue