initial commit
This commit is contained in:
commit
4a29600d5f
|
@ -0,0 +1,69 @@
|
|||
ifeq ($(NOCACHE), 1)
|
||||
CACHE_BUST=$(shell date)
|
||||
NOCACHE_FLAG=--no-cache
|
||||
else
|
||||
CACHE_BUST=0
|
||||
NOCACHE_FLAG=
|
||||
endif
|
||||
export CACHE_BUST
|
||||
export NOCACHE_FLAG
|
||||
|
||||
# Build package with chosen $(BUILDER)
|
||||
# Supported BUILDERs: docker
|
||||
# Usage: $(call build,core/$(NAME),$(VERSION),$(TARGET),$(EXTRA_ARGS))
|
||||
# Notes:
|
||||
# - Packages are expected to use the following layer names in order:
|
||||
# - "fetch": [optional] obtain any artifacts from the internet.
|
||||
# - "build": [optional] do any required build work
|
||||
# - "package": [required] scratch layer exporting artifacts for distribution
|
||||
# - "test": [optional] define any tests
|
||||
# - Packages may prefix layer names with "text-" if more than one is desired
|
||||
# - VERSION will be set as a build-arg if defined, otherwise it is "latest"
|
||||
# - TARGET defaults to "package"
|
||||
# - EXTRA_ARGS will be blindly injected
|
||||
# - packages may also define a "test" layer
|
||||
# - the ulimit line is to workaround a bug in patch when the nofile limit is too large:
|
||||
# https://savannah.gnu.org/bugs/index.php?62958
|
||||
# TODO:
|
||||
# - try to disable networking on fetch layers with something like:
|
||||
# $(if $(filter fetch,$(lastword $(subst -, ,$(TARGET)))),,--network=none)
|
||||
# - actually output OCI files for each build (vs plain tar)
|
||||
# - output manifest.txt of all tar/digest hashes for an easy git diff
|
||||
# - support buildah and podman
|
||||
|
||||
define build
|
||||
$(eval NAME := $(1))
|
||||
$(eval VERSION := $(if $(2),$(2),latest))
|
||||
$(eval TARGET := $(if $(3),$(3),package))
|
||||
$(eval TEMPFILE := out/.$(notdir $(basename $@)).tmp.tar)
|
||||
$(eval BUILD_CMD := \
|
||||
DOCKER_BUILDKIT=1 \
|
||||
BUILDKIT_MULTI_PLATFORM=1 \
|
||||
SOURCE_DATE_EPOCH=1 \
|
||||
docker \
|
||||
build \
|
||||
--ulimit nofile=2048:16384 \
|
||||
--tag sui \
|
||||
--build-arg CACHE_BUST="$(CACHE_BUST)" \
|
||||
--build-arg SOURCE_DATE_EPOCH=1 \
|
||||
--build-arg CORES=$(shell nproc --all) \
|
||||
--progress=plain \
|
||||
$(if $(filter latest,$(VERSION)),,--build-arg VERSION=$(VERSION)) \
|
||||
--output type=oci,rewrite-timestamp=true,force-compression=true,name=$(NAME),annotation.org.opencontainers.image.revision=$(REVISION),annotation.org.opencontainers.image.version=$(VERSION),tar=false,dest=out/$(NAME) \
|
||||
--target $(TARGET) \
|
||||
$(NOCACHE_FLAG) \
|
||||
-f packages/$(NAME)/Containerfile \
|
||||
packages/$(NAME) \
|
||||
)
|
||||
$(eval TIMESTAMP := $(shell TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ"))
|
||||
mkdir -p out/ \
|
||||
&& echo $(TIMESTAMP) $(BUILD_CMD) start >> out/build.log \
|
||||
&& rm -rf out/$(NAME) \
|
||||
&& $(BUILD_CMD) \
|
||||
&& echo $(TIMESTAMP) $(BUILD_CMD) end >> out/build.log;
|
||||
endef
|
||||
|
||||
.PHONY: sui
|
||||
sui: out/sui/index.json
|
||||
out/sui/index.json: packages/sui/Containerfile
|
||||
$(call build,sui)
|
|
@ -0,0 +1,25 @@
|
|||
# Sui Reproducible Builds
|
||||
|
||||
Uses the [StageX] software distribution for ensuring a reproducible toolchain.
|
||||
|
||||
## Building
|
||||
|
||||
```sh
|
||||
make sui
|
||||
```
|
||||
|
||||
## Starting Sui
|
||||
|
||||
The Sui container can be imported by running:
|
||||
|
||||
```sh
|
||||
env -C out/sui tar -c . | docker load
|
||||
```
|
||||
|
||||
To make sure Sui starts properly, run:
|
||||
|
||||
```sh
|
||||
docker run sui
|
||||
```
|
||||
|
||||
The version should be printed.
|
|
@ -0,0 +1,83 @@
|
|||
ARG RUST_VERSION=1.76.0
|
||||
|
||||
FROM scratch AS base
|
||||
ENV NETWORK=mainnet
|
||||
ENV VERSION=1.17.3
|
||||
# https://codeload.github.com/MystenLabs/sui/zip/refs/tags/mainnet-v1.17.3
|
||||
ENV SRC_SITE=https://codeload.github.com/MystenLabs/sui/tar.gz/refs/tags
|
||||
ENV SRC_HASH=0ca2c1480c33b24849ee1fb95f70999aed2c68450c4f6ffac253eefaa91a82ed
|
||||
|
||||
FROM base AS fetch
|
||||
ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE}/${NETWORK}-v${VERSION} sui.tar.gz
|
||||
|
||||
FROM stagex/rust:${RUST_VERSION} AS rust
|
||||
FROM fetch AS rust-fetch
|
||||
|
||||
COPY --from=stagex/busybox . /
|
||||
COPY --from=stagex/musl . /
|
||||
COPY --from=rust . /
|
||||
|
||||
COPY --from=stagex/gcc . /
|
||||
COPY --from=stagex/llvm . /
|
||||
COPY --from=stagex/libunwind . /
|
||||
COPY --from=stagex/openssl . /
|
||||
COPY --from=stagex/zlib . /
|
||||
|
||||
# NOTE: Necessary for `cargo fetch`, but CA trust is not relied upon
|
||||
COPY --from=stagex/ca-certificates . /
|
||||
|
||||
# HACK: gcc puts things in /usr/lib64
|
||||
COPY --from=stagex/gcc /usr/lib64/* /usr/lib/
|
||||
|
||||
RUN --network=none <<EOF
|
||||
set -eux
|
||||
tar xf sui.tar.gz
|
||||
mv sui-${NETWORK}-v${VERSION} sui
|
||||
EOF
|
||||
|
||||
WORKDIR sui
|
||||
|
||||
RUN cargo fetch
|
||||
|
||||
FROM rust-fetch AS build
|
||||
|
||||
# Rust build deps
|
||||
|
||||
COPY --from=stagex/binutils . /
|
||||
COPY --from=stagex/gcc . /
|
||||
COPY --from=stagex/llvm . /
|
||||
COPY --from=stagex/make . /
|
||||
COPY --from=stagex/musl . /
|
||||
|
||||
# Sui build deps
|
||||
|
||||
COPY --from=stagex/clang . /
|
||||
COPY --from=stagex/linux-headers . /
|
||||
|
||||
ENV RUST_BACKTRACE=1
|
||||
ENV RUSTFLAGS='-C target-feature=-crt-static -C codegen-units=1'
|
||||
ENV GIT_REVISION=d338ed98cbb7dd1e9de9340ae9486880dfcb389a
|
||||
|
||||
RUN --network=none cargo build --frozen --release --bin sui-node
|
||||
|
||||
FROM scratch AS install
|
||||
|
||||
COPY --from=stagex/busybox . /
|
||||
|
||||
COPY --from=stagex/busybox . /rootfs
|
||||
COPY --from=stagex/libunwind . /rootfs
|
||||
COPY --from=stagex/gcc . /rootfs
|
||||
COPY --from=stagex/musl . /rootfs
|
||||
|
||||
# HACK: gcc puts things in /usr/lib64
|
||||
COPY --from=stagex/gcc /usr/lib64/* /rootfs/usr/lib/
|
||||
|
||||
COPY --from=build sui/target/release/sui-node /rootfs/usr/bin/sui-node
|
||||
RUN --network=none find /rootfs -exec touch -hcd "@0" "{}" +
|
||||
|
||||
FROM scratch AS package
|
||||
|
||||
COPY --from=install /rootfs /
|
||||
|
||||
ENTRYPOINT ["/usr/bin/sui-node"]
|
||||
CMD ["--version"]
|
Loading…
Reference in New Issue