FROM stagex/busybox AS busybox
FROM stagex/musl AS musl
FROM stagex/xorriso AS xorriso
FROM stagex/syslinux AS syslinux
FROM stagex/cpio AS cpio
FROM stagex/linux-airgap AS linux
FROM stagex/mtools AS mtools
FROM stagex/xz AS xz
FROM stagex/eudev AS eudev
FROM stagex/keyfork AS keyfork
FROM stagex/openpgp-card-tools AS openpgp-card-tools
FROM stagex/gpg AS gpg
FROM stagex/bash AS bash
FROM stagex/grub:local AS grub
FROM stagex/npth AS npth
FROM stagex/libksba AS libksba
FROM stagex/libgpg-error AS libgpg-error
FROM stagex/libassuan AS libassuan
FROM stagex/libgcrypt AS libgcrypt
FROM stagex/jq AS jq
FROM stagex/bc AS bc
FROM stagex/git AS git
FROM stagex/zlib AS zlib
FROM stagex/tpm2-tools AS tpm2-tools
FROM stagex/tpm2-tss AS tpm2-tss
FROM stagex/openssl AS openssl
FROM stagex/pcsc-lite AS pcsc-lite
FROM stagex/flashtools AS flashtools
FROM scratch AS base
ARG VERSION development
ARG GIT_TIMESTAMP null
ARG GIT_AUTHOR null
ARG GIT_REF null
ARG GIT_KEY null
COPY --from=busybox . /
COPY --from=musl . /
COPY --from=xorriso . /
COPY --from=cpio . /
COPY --from=mtools . /
COPY --from=xz . /
COPY --from=grub . /
FROM base AS build
## Kernel
COPY --from=linux /bzImage iso/boot/vmlinuz
## Initramfs
COPY --from=busybox . initramfs
COPY --from=eudev . initramfs
COPY --from=musl . initramfs
COPY --from=zlib . initramfs
COPY --from=npth . initramfs
COPY --from=libksba . initramfs
COPY --from=libgpg-error . initramfs
COPY --from=libassuan . initramfs
COPY --from=libgcrypt . initramfs
COPY --from=keyfork . initramfs
COPY --from=bash . initramfs
COPY --from=gpg . initramfs
COPY --from=jq . initramfs
COPY --from=bc . initramfs
COPY --from=git . initramfs
COPY --from=flashtools . initramfs
COPY --from=tpm2-tools . initramfs
COPY --from=tpm2-tss . initramfs
COPY --from=openssl . initramfs
COPY --from=pcsc-lite . initramfs
COPY --from=openpgp-card-tools . initramfs
COPY rootfs/ initramfs
COPY <<-EOF initramfs/etc/environment
export VERSION="$VERSION"
export GIT_TIMESTAMP="$GIT_TIMESTAMP"
export GIT_AUTHOR="$GIT_AUTHOR"
export GIT_REF="$GIT_REF"
export GIT_KEY="$GIT_KEY"
EOF
RUN <<-EOF
cd initramfs
find . -print0 \
| cpio --null --create --verbose --format=newc \
| gzip --best > ../iso/boot/initramfs
EOF
## Grub (EFI Boot)
COPY config/grub.cfg iso/boot/grub/grub.cfg
COPY config/grub_early.cfg grub_early.cfg
RUN <<-EOF
set -eux
mkdir -p efi/boot
grub-mkimage \
--config="grub_early.cfg" \
--prefix="/boot/grub" \
--output="efi/boot/bootx64.efi" \
--format="x86_64-efi" \
--compression="xz" \
all_video \
disk \
part_gpt \
part_msdos \
linux \
normal \
configfile \
search \
search_label \
efi_gop \
fat \
iso9660 \
gzio \
serial \
terminal
mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 ::
mcopy -i iso/boot/grub/efi.img -s efi ::
touch -md "@0" iso/boot/grub/efi.img
EOF
## Syslinux (BIOS Boot)
COPY config/syslinux.cfg iso/boot/syslinux/
COPY --from=syslinux \
/usr/share/syslinux/isohdpfx.bin \
/usr/share/syslinux/isolinux.bin \
/usr/share/syslinux/ldlinux.c32 \
/usr/share/syslinux/libutil.c32 \
/usr/share/syslinux/libcom32.c32 \
/usr/share/syslinux/mboot.c32 \
iso/boot/syslinux/
## Build Hybrid EFI/BIOS ISO
FROM build AS install
RUN xorrisofs \
-output airgap.iso \
-full-iso9660-filenames \
-joliet \
-rational-rock \
-sysid LINUX \
-volid "airgap" \
-isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \
-eltorito-boot boot/syslinux/isolinux.bin \
-eltorito-catalog boot/syslinux/boot.cat \
-no-emul-boot \
-boot-load-size 4 \
-boot-info-table \
-eltorito-alt-boot \
-e boot/grub/efi.img \
-no-emul-boot \
-isohybrid-gpt-basdat \
-follow-links \
iso/
FROM scratch AS package
COPY --from=install /initramfs /initramfs
COPY --from=install /airgap.iso /