initial commit
This commit is contained in:
commit
4a29600d5f
|
@ -0,0 +1,69 @@
|
||||||
|
ifeq ($(NOCACHE), 1)
|
||||||
|
CACHE_BUST=$(shell date)
|
||||||
|
NOCACHE_FLAG=--no-cache
|
||||||
|
else
|
||||||
|
CACHE_BUST=0
|
||||||
|
NOCACHE_FLAG=
|
||||||
|
endif
|
||||||
|
export CACHE_BUST
|
||||||
|
export NOCACHE_FLAG
|
||||||
|
|
||||||
|
# Build package with chosen $(BUILDER)
|
||||||
|
# Supported BUILDERs: docker
|
||||||
|
# Usage: $(call build,core/$(NAME),$(VERSION),$(TARGET),$(EXTRA_ARGS))
|
||||||
|
# Notes:
|
||||||
|
# - Packages are expected to use the following layer names in order:
|
||||||
|
# - "fetch": [optional] obtain any artifacts from the internet.
|
||||||
|
# - "build": [optional] do any required build work
|
||||||
|
# - "package": [required] scratch layer exporting artifacts for distribution
|
||||||
|
# - "test": [optional] define any tests
|
||||||
|
# - Packages may prefix layer names with "text-" if more than one is desired
|
||||||
|
# - VERSION will be set as a build-arg if defined, otherwise it is "latest"
|
||||||
|
# - TARGET defaults to "package"
|
||||||
|
# - EXTRA_ARGS will be blindly injected
|
||||||
|
# - packages may also define a "test" layer
|
||||||
|
# - the ulimit line is to workaround a bug in patch when the nofile limit is too large:
|
||||||
|
# https://savannah.gnu.org/bugs/index.php?62958
|
||||||
|
# TODO:
|
||||||
|
# - try to disable networking on fetch layers with something like:
|
||||||
|
# $(if $(filter fetch,$(lastword $(subst -, ,$(TARGET)))),,--network=none)
|
||||||
|
# - actually output OCI files for each build (vs plain tar)
|
||||||
|
# - output manifest.txt of all tar/digest hashes for an easy git diff
|
||||||
|
# - support buildah and podman
|
||||||
|
|
||||||
|
define build
|
||||||
|
$(eval NAME := $(1))
|
||||||
|
$(eval VERSION := $(if $(2),$(2),latest))
|
||||||
|
$(eval TARGET := $(if $(3),$(3),package))
|
||||||
|
$(eval TEMPFILE := out/.$(notdir $(basename $@)).tmp.tar)
|
||||||
|
$(eval BUILD_CMD := \
|
||||||
|
DOCKER_BUILDKIT=1 \
|
||||||
|
BUILDKIT_MULTI_PLATFORM=1 \
|
||||||
|
SOURCE_DATE_EPOCH=1 \
|
||||||
|
docker \
|
||||||
|
build \
|
||||||
|
--ulimit nofile=2048:16384 \
|
||||||
|
--tag sui \
|
||||||
|
--build-arg CACHE_BUST="$(CACHE_BUST)" \
|
||||||
|
--build-arg SOURCE_DATE_EPOCH=1 \
|
||||||
|
--build-arg CORES=$(shell nproc --all) \
|
||||||
|
--progress=plain \
|
||||||
|
$(if $(filter latest,$(VERSION)),,--build-arg VERSION=$(VERSION)) \
|
||||||
|
--output type=oci,rewrite-timestamp=true,force-compression=true,name=$(NAME),annotation.org.opencontainers.image.revision=$(REVISION),annotation.org.opencontainers.image.version=$(VERSION),tar=false,dest=out/$(NAME) \
|
||||||
|
--target $(TARGET) \
|
||||||
|
$(NOCACHE_FLAG) \
|
||||||
|
-f packages/$(NAME)/Containerfile \
|
||||||
|
packages/$(NAME) \
|
||||||
|
)
|
||||||
|
$(eval TIMESTAMP := $(shell TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ"))
|
||||||
|
mkdir -p out/ \
|
||||||
|
&& echo $(TIMESTAMP) $(BUILD_CMD) start >> out/build.log \
|
||||||
|
&& rm -rf out/$(NAME) \
|
||||||
|
&& $(BUILD_CMD) \
|
||||||
|
&& echo $(TIMESTAMP) $(BUILD_CMD) end >> out/build.log;
|
||||||
|
endef
|
||||||
|
|
||||||
|
.PHONY: sui
|
||||||
|
sui: out/sui/index.json
|
||||||
|
out/sui/index.json: packages/sui/Containerfile
|
||||||
|
$(call build,sui)
|
|
@ -0,0 +1,25 @@
|
||||||
|
# Sui Reproducible Builds
|
||||||
|
|
||||||
|
Uses the [StageX] software distribution for ensuring a reproducible toolchain.
|
||||||
|
|
||||||
|
## Building
|
||||||
|
|
||||||
|
```sh
|
||||||
|
make sui
|
||||||
|
```
|
||||||
|
|
||||||
|
## Starting Sui
|
||||||
|
|
||||||
|
The Sui container can be imported by running:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
env -C out/sui tar -c . | docker load
|
||||||
|
```
|
||||||
|
|
||||||
|
To make sure Sui starts properly, run:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker run sui
|
||||||
|
```
|
||||||
|
|
||||||
|
The version should be printed.
|
|
@ -0,0 +1,83 @@
|
||||||
|
ARG RUST_VERSION=1.76.0
|
||||||
|
|
||||||
|
FROM scratch AS base
|
||||||
|
ENV NETWORK=mainnet
|
||||||
|
ENV VERSION=1.17.3
|
||||||
|
# https://codeload.github.com/MystenLabs/sui/zip/refs/tags/mainnet-v1.17.3
|
||||||
|
ENV SRC_SITE=https://codeload.github.com/MystenLabs/sui/tar.gz/refs/tags
|
||||||
|
ENV SRC_HASH=0ca2c1480c33b24849ee1fb95f70999aed2c68450c4f6ffac253eefaa91a82ed
|
||||||
|
|
||||||
|
FROM base AS fetch
|
||||||
|
ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE}/${NETWORK}-v${VERSION} sui.tar.gz
|
||||||
|
|
||||||
|
FROM stagex/rust:${RUST_VERSION} AS rust
|
||||||
|
FROM fetch AS rust-fetch
|
||||||
|
|
||||||
|
COPY --from=stagex/busybox . /
|
||||||
|
COPY --from=stagex/musl . /
|
||||||
|
COPY --from=rust . /
|
||||||
|
|
||||||
|
COPY --from=stagex/gcc . /
|
||||||
|
COPY --from=stagex/llvm . /
|
||||||
|
COPY --from=stagex/libunwind . /
|
||||||
|
COPY --from=stagex/openssl . /
|
||||||
|
COPY --from=stagex/zlib . /
|
||||||
|
|
||||||
|
# NOTE: Necessary for `cargo fetch`, but CA trust is not relied upon
|
||||||
|
COPY --from=stagex/ca-certificates . /
|
||||||
|
|
||||||
|
# HACK: gcc puts things in /usr/lib64
|
||||||
|
COPY --from=stagex/gcc /usr/lib64/* /usr/lib/
|
||||||
|
|
||||||
|
RUN --network=none <<EOF
|
||||||
|
set -eux
|
||||||
|
tar xf sui.tar.gz
|
||||||
|
mv sui-${NETWORK}-v${VERSION} sui
|
||||||
|
EOF
|
||||||
|
|
||||||
|
WORKDIR sui
|
||||||
|
|
||||||
|
RUN cargo fetch
|
||||||
|
|
||||||
|
FROM rust-fetch AS build
|
||||||
|
|
||||||
|
# Rust build deps
|
||||||
|
|
||||||
|
COPY --from=stagex/binutils . /
|
||||||
|
COPY --from=stagex/gcc . /
|
||||||
|
COPY --from=stagex/llvm . /
|
||||||
|
COPY --from=stagex/make . /
|
||||||
|
COPY --from=stagex/musl . /
|
||||||
|
|
||||||
|
# Sui build deps
|
||||||
|
|
||||||
|
COPY --from=stagex/clang . /
|
||||||
|
COPY --from=stagex/linux-headers . /
|
||||||
|
|
||||||
|
ENV RUST_BACKTRACE=1
|
||||||
|
ENV RUSTFLAGS='-C target-feature=-crt-static -C codegen-units=1'
|
||||||
|
ENV GIT_REVISION=d338ed98cbb7dd1e9de9340ae9486880dfcb389a
|
||||||
|
|
||||||
|
RUN --network=none cargo build --frozen --release --bin sui-node
|
||||||
|
|
||||||
|
FROM scratch AS install
|
||||||
|
|
||||||
|
COPY --from=stagex/busybox . /
|
||||||
|
|
||||||
|
COPY --from=stagex/busybox . /rootfs
|
||||||
|
COPY --from=stagex/libunwind . /rootfs
|
||||||
|
COPY --from=stagex/gcc . /rootfs
|
||||||
|
COPY --from=stagex/musl . /rootfs
|
||||||
|
|
||||||
|
# HACK: gcc puts things in /usr/lib64
|
||||||
|
COPY --from=stagex/gcc /usr/lib64/* /rootfs/usr/lib/
|
||||||
|
|
||||||
|
COPY --from=build sui/target/release/sui-node /rootfs/usr/bin/sui-node
|
||||||
|
RUN --network=none find /rootfs -exec touch -hcd "@0" "{}" +
|
||||||
|
|
||||||
|
FROM scratch AS package
|
||||||
|
|
||||||
|
COPY --from=install /rootfs /
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/bin/sui-node"]
|
||||||
|
CMD ["--version"]
|
Loading…
Reference in New Issue