173 lines
5.0 KiB
Ruby
173 lines
5.0 KiB
Ruby
FROM alpine:3.7
|
|
|
|
RUN apk add --no-cache \
|
|
bash \
|
|
bzip2 \
|
|
coreutils \
|
|
curl \
|
|
gcc \
|
|
go \
|
|
linux-headers \
|
|
make \
|
|
musl-dev \
|
|
perl \
|
|
tzdata \
|
|
\
|
|
# explicitly using gnupg1 instead of gnupg (which is 2.x) due to an arm32v6 bug (likely related to our arm64v8 hardware)
|
|
# SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPC, si_addr=0xf7b79394} ---
|
|
# (in dirmngr)
|
|
gnupg1
|
|
|
|
# pub 1024D/ACC9965B 2006-12-12
|
|
# Key fingerprint = C9E9 416F 76E6 10DB D09D 040F 47B7 0C55 ACC9 965B
|
|
# uid Denis Vlasenko <vda.linux@googlemail.com>
|
|
# sub 1024g/2C766641 2006-12-12
|
|
RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
|
|
|
|
ENV BUSYBOX_VERSION 1.28.0
|
|
|
|
RUN set -ex; \
|
|
tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \
|
|
curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
|
|
curl -fL -o busybox.tar.bz2.sign "https://busybox.net/downloads/$tarball.sign"; \
|
|
gpg --batch --decrypt --output busybox.tar.bz2.txt busybox.tar.bz2.sign; \
|
|
awk '$1 == "SHA1:" && $2 ~ /^[0-9a-f]+$/ && $3 == "'"$tarball"'" { print $2, "*busybox.tar.bz2" }' busybox.tar.bz2.txt > busybox.tar.bz2.sha1; \
|
|
test -s busybox.tar.bz2.sha1; \
|
|
sha1sum -c busybox.tar.bz2.sha1; \
|
|
mkdir -p /usr/src/busybox; \
|
|
tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \
|
|
rm busybox.tar.bz2*
|
|
|
|
WORKDIR /usr/src/busybox
|
|
|
|
# https://www.mail-archive.com/toybox@lists.landley.net/msg02528.html
|
|
# https://www.mail-archive.com/toybox@lists.landley.net/msg02526.html
|
|
RUN sed -i 's/^struct kconf_id \*$/static &/g' scripts/kconfig/zconf.hash.c_shipped
|
|
|
|
# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
|
|
# see http://wiki.musl-libc.org/wiki/Building_Busybox
|
|
RUN set -ex; \
|
|
\
|
|
setConfs=' \
|
|
CONFIG_FEATURE_SUID=y \
|
|
CONFIG_AR=y \
|
|
CONFIG_FEATURE_AR_CREATE=y \
|
|
CONFIG_FEATURE_AR_LONG_FILENAMES=y \
|
|
CONFIG_LAST_SUPPORTED_WCHAR=0 \
|
|
CONFIG_STATIC=y \
|
|
'; \
|
|
\
|
|
unsetConfs=' \
|
|
CONFIG_FEATURE_SYNC_FANCY \
|
|
\
|
|
CONFIG_FEATURE_HAVE_RPC \
|
|
CONFIG_FEATURE_INETD_RPC \
|
|
CONFIG_FEATURE_UTMP \
|
|
CONFIG_FEATURE_WTMP \
|
|
'; \
|
|
\
|
|
make defconfig; \
|
|
\
|
|
for conf in $unsetConfs; do \
|
|
sed -i \
|
|
-e "s!^$conf=.*\$!# $conf is not set!" \
|
|
.config; \
|
|
done; \
|
|
\
|
|
for confV in $setConfs; do \
|
|
conf="${confV%=*}"; \
|
|
sed -i \
|
|
-e "s!^$conf=.*\$!$confV!" \
|
|
-e "s!^# $conf is not set\$!$confV!" \
|
|
.config; \
|
|
if ! grep -q "^$confV\$" .config; then \
|
|
echo "$confV" >> .config; \
|
|
fi; \
|
|
done; \
|
|
\
|
|
make oldconfig; \
|
|
\
|
|
# trust, but verify
|
|
for conf in $unsetConfs; do \
|
|
! grep -q "^$conf=" .config; \
|
|
done; \
|
|
for confV in $setConfs; do \
|
|
grep -q "^$confV\$" .config; \
|
|
done;
|
|
|
|
RUN set -ex \
|
|
&& make -j "$(nproc)" \
|
|
busybox \
|
|
&& ./busybox --help \
|
|
&& mkdir -p rootfs/bin \
|
|
&& ln -vL busybox rootfs/bin/ \
|
|
&& chroot rootfs /bin/busybox --install /bin
|
|
|
|
# grab a simplified getconf port from Alpine we can statically compile
|
|
RUN set -x \
|
|
&& aportsVersion="v$(cat /etc/alpine-release)" \
|
|
&& curl -fsSL \
|
|
"http://git.alpinelinux.org/cgit/aports/plain/main/musl/getconf.c?h=${aportsVersion}" \
|
|
-o /usr/src/getconf.c \
|
|
&& gcc -o rootfs/bin/getconf -static -Os /usr/src/getconf.c \
|
|
&& chroot rootfs /bin/getconf _NPROCESSORS_ONLN
|
|
|
|
# download a few extra files from buildroot (/etc/passwd, etc)
|
|
RUN set -ex; \
|
|
buildrootVersion='2017.11.1'; \
|
|
mkdir -p rootfs/etc; \
|
|
for f in passwd shadow group; do \
|
|
curl -fL -o "rootfs/etc/$f" "https://git.busybox.net/buildroot/plain/system/skeleton/etc/$f?id=$buildrootVersion"; \
|
|
done; \
|
|
# set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt)
|
|
curl -fL -o buildroot-device-table.txt "https://git.busybox.net/buildroot/plain/system/device_table.txt?id=$buildrootVersion"; \
|
|
awk ' \
|
|
!/^#/ { \
|
|
if ($2 != "d" && $2 != "f") { \
|
|
printf "error: unknown type \"%s\" encountered in line %d: %s\n", $2, NR, $0 > "/dev/stderr"; \
|
|
exit 1; \
|
|
} \
|
|
sub(/^\/?/, "rootfs/", $1); \
|
|
if ($2 == "d") { \
|
|
printf "mkdir -p %s\n", $1; \
|
|
} \
|
|
printf "chmod %s %s\n", $3, $1; \
|
|
} \
|
|
' buildroot-device-table.txt | sh -eux; \
|
|
rm buildroot-device-table.txt
|
|
|
|
# create missing home directories
|
|
RUN set -ex \
|
|
&& cd rootfs \
|
|
&& for userHome in $(awk -F ':' '{ print $3 ":" $4 "=" $6 }' etc/passwd); do \
|
|
user="${userHome%%=*}"; \
|
|
home="${userHome#*=}"; \
|
|
home="./${home#/}"; \
|
|
if [ ! -d "$home" ]; then \
|
|
mkdir -p "$home"; \
|
|
chown "$user" "$home"; \
|
|
chmod 755 "$home"; \
|
|
fi; \
|
|
done
|
|
|
|
# test and make sure it works
|
|
RUN chroot rootfs /bin/sh -xec 'true'
|
|
|
|
# ensure correct timezone (UTC)
|
|
RUN set -ex; \
|
|
ln -vL /usr/share/zoneinfo/UTC rootfs/etc/localtime; \
|
|
[ "$(chroot rootfs date +%Z)" = 'UTC' ]
|
|
|
|
# test and make sure DNS works too
|
|
RUN cp -L /etc/resolv.conf rootfs/etc/ \
|
|
&& chroot rootfs /bin/sh -xec 'nslookup google.com' \
|
|
&& rm rootfs/etc/resolv.conf
|
|
|
|
ADD ./curl_builder.sh .
|
|
RUN mkdir -p rootfs/usr/bin; \
|
|
./curl_builder.sh; \
|
|
cp /usr/local/bin/curl rootfs/usr/bin/curl
|
|
|
|
ADD ./server.go .
|
|
RUN go build -ldflags "-linkmode external -extldflags -static" -o rootfs/usr/bin/helloserver server.go
|