public
/
stagex
Archived
5
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: public:b823d29aef17b379ea2287f45b8aa8a10caf590b
Branches Tags
public:main
public:kernel
public:ryan/rust-1.75.0-fix
public:nodejs
public:gen_initramfs
public:stage3-wget
public:zig
public:feat/update-readme
public:feat/add-sops
public:fsb
..
compare: public:984ac07d6301166038d68b8c3cf709bd37313030
Branches Tags
public:kernel
public:ryan/rust-1.75.0-fix
public:main
public:nodejs
public:gen_initramfs
public:stage3-wget
public:zig
public:feat/update-readme
public:feat/add-sops
public:fsb

No commits in common. "b823d29aef17b379ea2287f45b8aa8a10caf590b" and "984ac07d6301166038d68b8c3cf709bd37313030" have entirely different histories.
b823d29aef ... 984ac07d63

3 changed files with 40 additions and 52 deletions
Show Stats Expand all files Collapse all files

22
src/bootstrap/stage1/Containerfile
View File

@ -256,7 +256,6 @@ ADD --checksum=sha256:f4a245b94124b377d8b49646bf421f9155d36aa7614b6ebf83705d3ffc
ADD --checksum=sha256:dd172acb53867a68012f94c17389401b2f274a1aa5ae8f84cbfb8b7e383ea8d3 http://ixpeering.dl.sourceforge.net/project/lzmautils/xz-5.4.1.tar.bz2 ./ ADD --checksum=sha256:dd172acb53867a68012f94c17389401b2f274a1aa5ae8f84cbfb8b7e383ea8d3 http://ixpeering.dl.sourceforge.net/project/lzmautils/xz-5.4.1.tar.bz2 ./
ADD --checksum=sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 https://zlib.net/fossils/zlib-1.2.13.tar.gz ./ ADD --checksum=sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 https://zlib.net/fossils/zlib-1.2.13.tar.gz ./
# HACK: stage0 tar is currently incompatible with symlinks and github tgz files
#FROM base as extract #FROM base as extract
#COPY --from=stagex/stage0 . / #COPY --from=stagex/stage0 . /
#COPY --from=fetch distfiles/live-bootstrap.tgz . #COPY --from=fetch distfiles/live-bootstrap.tgz .
@ -269,11 +268,14 @@ ADD --checksum=sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f8
# echo "" > lrvick-live-bootstrap-fc6eeb6/steps/lwext4-1.0.0-lb1/files/fiwix-file-list.txt # echo "" > lrvick-live-bootstrap-fc6eeb6/steps/lwext4-1.0.0-lb1/files/fiwix-file-list.txt
#EOF #EOF
#RUN --network=none ./extract.kaem #RUN --network=none ./extract.kaem
# temporary hack as above tar is incompatible with symliks and github tgz files
FROM debian@sha256:bac353db4cc04bc672b14029964e686cd7bad56fe34b51f432c1a1304b9928da as extract FROM debian@sha256:bac353db4cc04bc672b14029964e686cd7bad56fe34b51f432c1a1304b9928da as extract
COPY --from=fetch distfiles/live-bootstrap.tgz . COPY --from=fetch distfiles/live-bootstrap.tgz .
RUN --network=none tar -xvf live-bootstrap.tgz RUN <<-EOF
# HACK: fixed in live-bootstrap upstream and can be dropped on next source bump tar -xvf live-bootstrap.tgz
RUN echo "" > lrvick-live-bootstrap-fc6eeb6/steps/lwext4-1.0.0-lb1/files/fiwix-file-list.txt echo "" > lrvick-live-bootstrap-fc6eeb6/steps/lwext4-1.0.0-lb1/files/fiwix-file-list.txt
EOF
FROM base as build FROM base as build
USER 0:0 USER 0:0
@ -311,22 +313,12 @@ COPY <<-EOF install.kaem
cp -R lib usr bin var etc /rootfs/ cp -R lib usr bin var etc /rootfs/
rm /rootfs/etc/hosts rm /rootfs/etc/hosts
rm /rootfs/etc/resolv.conf rm /rootfs/etc/resolv.conf
# HACK: This has been fixed upstream and can be dropped on next source bump
rm -rf /usr/lib/python*/__pycache__;
EOF EOF
SHELL ["/x86/bin/kaem","--verbose","--strict","--file"] SHELL ["/x86/bin/kaem","--verbose","--strict","--file"]
RUN --network=none ./install.kaem RUN --network=none ./install.kaem
# HACK: Zero out timestamps
# We can drop this when either of the following happens:
# - buildkit 0.13+ w/ "rewrite-timestamps=true" feature ships in stable Docker
# - a "find/touch" tool ships with stage0
FROM debian@sha256:bac353db4cc04bc672b14029964e686cd7bad56fe34b51f432c1a1304b9928da as touch
COPY --from=install /rootfs /rootfs
RUN --network=none find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package FROM scratch as package
COPY --from=touch /rootfs / COPY --from=install /rootfs /
USER 1000:1000 USER 1000:1000
ENTRYPOINT ["/bin/bash"] ENTRYPOINT ["/bin/bash"]
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

69
src/core/musl/Containerfile
View File

@ -1,50 +1,47 @@
FROM scratch as base FROM stagex/stage3 as base
ARG ARCH=x86_64 ENV SRC_SITE http://musl.libc.org
ENV VERSION 1.2.4 ENV SRC_VERSION 1.2.4
ENV SRC_FILE musl-${VERSION}.tar.gz
ENV SRC_SITE http://musl.libc.org/${SRC_FILE}
ENV SRC_HASH 7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039 ENV SRC_HASH 7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039
ENV CFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security" ENV CFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security"
ENV CXXFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security -D_GLIBCXX_ASSERTIONS=1 -D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS=1 -D_LIBCPP_ENABLE_HARDENED_MODE=1" ENV CXXFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security -D_GLIBCXX_ASSERTIONS=1 -D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS=1 -D_LIBCPP_ENABLE_HARDENED_MODE=1"
ENV LDFLAGS="-Wl,--as-needed,-O1,--sort-common -Wl,-soname,libc.musl-${ARCH}.so.1" ENV LDFLAGS="-Wl,--as-needed,-O1,--sort-common -Wl,-soname,libc.musl-${ARCH}.so.1"
FROM base as fetch FROM base as fetch
ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} . WORKDIR ${HOME}
RUN wget ${SRC_SITE}/releases/musl-$SRC_VERSION.tar.gz
RUN echo "${SRC_HASH} musl-${SRC_VERSION}.tar.gz" | sha256sum -c
FROM fetch as build FROM fetch as build
COPY --from=stagex/stage3 . / RUN tar -xzf musl-${SRC_VERSION}.tar.gz
RUN tar -xzf ${SRC_FILE} WORKDIR musl-${SRC_VERSION}
WORKDIR musl-${VERSION}
ADD *.patch . ADD *.patch .
RUN --network=none <<-EOF RUN set -eux; \
set -eux; \ patch -p1 < lfs64.patch; \
patch -p1 < lfs64.patch patch -p1 < lfs64-2.patch; \
patch -p1 < lfs64-2.patch patch -p1 < relr-typedefs.patch; \
patch -p1 < relr-typedefs.patch ./configure \
./configure \ --build=${ARCH}-linux-musl \
--build=${ARCH}-linux-musl \ --host=${ARCH}-linux-musl \
--host=${ARCH}-linux-musl \ --prefix=/usr \
--prefix=/usr \ --sysconfdir=/etc \
--sysconfdir=/etc \ --mandir=/usr/share/man \
--mandir=/usr/share/man \ --infodir=/usr/share/info \
--infodir=/usr/share/info \ --localstatedir=/var \
--localstatedir=/var \ --enable-debug; \
--enable-debug make
make
EOF
FROM build as install FROM build as install
RUN --network=none <<-EOF USER 0:0
set -eux RUN set -eux; \
make DESTDIR=/rootfs install make DESTDIR=/rootfs install; \
mkdir -p /rootfs/usr/bin mkdir -p /rootfs/usr/bin; \
printf "%s\n%s\n" '#!/bin/sh' 'exec /lib/ld-musl-${ARCH}.so.1 --list "$@"' \ printf "%s\n%s\n" '#!/bin/sh' 'exec /lib/ld-musl-${ARCH}.so.1 --list "$@"' \
> /rootfs/usr/bin/ldd; \ > /rootfs/usr/bin/ldd; \
chmod 755 /rootfs/usr/bin/ldd chmod 755 /rootfs/usr/bin/ldd; \
mv -f /rootfs/usr/lib/libc.so /rootfs/lib/ld-musl-${ARCH}.so.1 mv -f /rootfs/usr/lib/libc.so /rootfs/lib/ld-musl-${ARCH}.so.1; \
ln -sf ld-musl-${ARCH}.so.1 /rootfs/lib/libc.musl-${ARCH}.so.1 ln -sf ld-musl-${ARCH}.so.1 /rootfs/lib/libc.musl-${ARCH}.so.1; \
ln -sf ../../lib/ld-musl-${ARCH}.so.1 /rootfs/usr/lib/libc.so ln -sf ../../lib/ld-musl-${ARCH}.so.1 /rootfs/usr/lib/libc.so; \
EOF find /rootfs -exec touch -hcd "@0" "{}" +
FROM scratch as package FROM scratch as package
COPY --from=install /rootfs / COPY --from=install /rootfs /

1
src/macros.mk
View File

@ -36,7 +36,6 @@ define build
build \ build \
--ulimit nofile=2048:16384 \ --ulimit nofile=2048:16384 \
--tag $(REGISTRY)/$(NAME):$(VERSION) \ --tag $(REGISTRY)/$(NAME):$(VERSION) \
--build-arg SOURCE_DATE_EPOCH=1 \
--build-arg REGISTRY=$(REGISTRY) \ --build-arg REGISTRY=$(REGISTRY) \
--build-arg CORES=$(shell nproc --all) \ --build-arg CORES=$(shell nproc --all) \
--platform $(PLATFORM) \ --platform $(PLATFORM) \