ARG IMAGE_VERSION FROM docker.io/rockdrilla/angie-conv:${IMAGE_VERSION}-base AS base ## --- FROM base AS tools SHELL [ "/bin/sh", "-ec" ] COPY /scripts/* /usr/local/sbin/ COPY /scripts-extra/* /usr/local/sbin/ ## current HEAD: "main: don't use secure_getenv", December 14, 2024 ENV CATATONIT_COMMIT=56579adbb42c0c7ad94fc12d844b38fc5b37b3ce # ARG CATATONIT_BASE_URI='https://codeload.github.com/openSUSE/catatonit/tar.gz' # ARG CATATONIT_URI="${CATATONIT_BASE_URI}/${CATATONIT_COMMIT}" ARG CATATONIT_BASE_URI='https://github.com/openSUSE/catatonit/archive' ARG CATATONIT_URI="${CATATONIT_BASE_URI}/${CATATONIT_COMMIT}.tar.gz" ## current HEAD: "initial commit ", May 27, 2025 ENV OVERLAYDIRS_COMMIT=4ba42acfea72bbb378808bbf033396cd6a0e3d22 ARG OVERLAYDIRS_BASE_URI='https://git.krd.sh/krd/overlaydirs/archive' ARG OVERLAYDIRS_URI="${OVERLAYDIRS_BASE_URI}/${OVERLAYDIRS_COMMIT}.tar.gz" # hadolint ignore=DL3020 ADD "${CATATONIT_URI}" /tmp/catatonit.tar.gz # hadolint ignore=DL3020 ADD "${OVERLAYDIRS_URI}" /tmp/overlaydirs.tar.gz RUN pkg='build-essential debhelper musl-dev autoconf autoconf-archive libxxhash-dev' ; \ apt-install.sh ${pkg} ; \ DEB_HOST_GNU_TYPE=$(dpkg-architecture -q DEB_HOST_GNU_TYPE) ; \ export HOSTCC="${DEB_HOST_GNU_TYPE}-gcc" ; \ DEB_TARGET_GNU_TYPE=$(dpkg-architecture -q DEB_TARGET_GNU_TYPE) ; \ DEB_TARGET_MUSL_TYPE=$(printf '%s' "${DEB_TARGET_GNU_TYPE}" | sed -E 's/-gnu$/-musl/') ; \ CFLAGS_LTO="-flto=2 -fuse-linker-plugin -ffat-lto-objects -flto-partition=none" ; \ CFLAGS_COMMON="-O2 -g -pipe -fPIE -fstack-protector-strong -fstack-clash-protection -fcf-protection" ; \ CPPFLAGS="-Wall -Wextra -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2" ; \ ## build catatonit d=/tmp/catatonit ; \ rm -rf "$d" ; \ mkdir -p "$d" ; \ ( \ cd "$d" ; \ tar --strip-components=1 -xf /tmp/catatonit.tar.gz ; \ commit_abbrev=$(printf '%s' "${CATATONIT_COMMIT}" | cut -c1-8) ; \ sed -i "s/+dev/+git.${commit_abbrev}/" configure.ac ; \ export CC="${DEB_TARGET_MUSL_TYPE}-gcc" ; \ export CFLAGS="${CFLAGS_LTO} ${CFLAGS_COMMON} ${CPPFLAGS}" ; \ export LDFLAGS="-static-pie -Wl,-z,relro -Wl,-z,now" ; \ autoreconf -fiv ; \ ./configure ; \ make -j1 ; \ ls -l catatonit ; \ # "${DEB_TARGET_GNU_TYPE}-strip" --strip-debug --strip-unneeded catatonit ; \ strip --strip-debug --strip-unneeded catatonit ; \ ls -l catatonit ; \ cp catatonit /usr/local/bin/ ; \ ) ; \ rm -rf "$d" ; \ ## build overlaydirs d=/tmp/overlaydirs ; \ rm -rf "$d" ; \ mkdir -p "$d" ; \ ( \ cd "$d" ; \ tar --strip-components=1 -xf /tmp/overlaydirs.tar.gz ; \ export CROSS="${DEB_TARGET_GNU_TYPE}-" ; \ export CFLAGS_COMMON CPPFLAGS ; \ make -j1 clean build RELMODE=1 ; \ ls -l overlaydirs ; \ cp overlaydirs /usr/local/bin/ ; \ ) ; \ rm -rf "$d" ; \ ## cleanup apt-remove.sh ${pkg} ; \ apt-clean.sh ## --- ## not actually used; only for reference FROM base AS python-ext-no-binary SHELL [ "/bin/sh", "-ec" ] COPY /scripts/* /usr/local/sbin/ COPY /scripts-extra/* /usr/local/sbin/ COPY /requirements.txt /tmp/ ENV DEV_PACKAGES='libyaml-dev' # markupsafe, psutil ENV CIBUILDWHEEL=1 # pyyaml ENV PYYAML_FORCE_CYTHON=1 RUN w=$(mktemp -d) ; : "${w:?}" ; \ { apt-mark showauto ; apt-mark showmanual ; } | sort -uV > "$w/t0" ; \ printf '%s\n' ${DEV_PACKAGES} | sort -uV > "$w/t1" ; \ apt-install.sh ${DEV_PACKAGES} ; \ { apt-mark showauto ; apt-mark showmanual ; } | sort -uV > "$w/t2" ; \ set +e ; \ grep -Fxv -f "$w/t0" "$w/t2" > "$w/t3" ; \ grep -Fxv -f "$w/t1" "$w/t3" > "$w/t4" ; \ grep -Ev -e '-(dev|doc)$' "$w/t4" > "${PYTHON_SITE_PACKAGES}/apt-deps.txt" ; \ set -e ; \ rm -rf "$w/" ; unset w ; \ apt-install.sh build-essential ; \ pip-env.sh pip install 'cython~=3.0.12' ; \ pip-env.sh pip install --no-binary :all: -r /tmp/requirements.txt ; \ pip-env.sh pip uninstall -y 'cython' ; \ python-rm-cache.sh "${PYTHON_SITE_PACKAGES}" ; \ rm -rf \ "${PYTHON_SITE_PACKAGES}/psutil/tests" \ ; \ find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \ echo ; \ find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -printf '%p\0' \ | sed -zE '/rust/d' \ | xargs -0r strip --strip-debug --strip-unneeded ; \ echo ; \ find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \ apt-remove.sh build-essential ; \ apt-clean.sh ## avoid changing already present packages RUN rm -rfv \ /usr/local/bin/pip \ /usr/local/bin/pip3* \ ; \ find "${PYTHON_SITE_PACKAGES}/" -mindepth 1 -maxdepth 1 -printf '%P\0' \ | sed -zEn \ -e '/^pip(|-.+\.dist-info)$/p' \ | env -C "${PYTHON_SITE_PACKAGES}" xargs -0r rm -rf ## --- FROM base AS python-ext SHELL [ "/bin/sh", "-ec" ] COPY /scripts/* /usr/local/sbin/ COPY /scripts-extra/* /usr/local/sbin/ COPY /requirements.txt /tmp/ RUN apt-install.sh binutils ; \ pip-env.sh pip install -r /tmp/requirements.txt ; \ python-rm-cache.sh "${PYTHON_SITE_PACKAGES}" ; \ rm -rf \ "${PYTHON_SITE_PACKAGES}/psutil/tests" \ ; \ find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \ echo ; \ find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -printf '%p\0' \ | sed -zE '/rust/d' \ | xargs -0r strip --strip-debug --strip-unneeded ; \ echo ; \ find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \ apt-remove.sh binutils ; \ apt-clean.sh ## avoid changing already present packages RUN rm -rfv \ /usr/local/bin/pip \ /usr/local/bin/pip3* \ ; \ find "${PYTHON_SITE_PACKAGES}/" -mindepth 1 -maxdepth 1 -printf '%P\0' \ | sed -zEn \ -e '/^pip(|-.+\.dist-info)$/p' \ | env -C "${PYTHON_SITE_PACKAGES}" xargs -0r rm -rf ## --- FROM base AS deps SHELL [ "/bin/sh", "-ec" ] COPY /Dockerfile.deps /usr/local/share/ COPY --from=tools /usr/local/bin/catatonit /usr/local/bin/ COPY --from=tools /usr/local/bin/overlaydirs /usr/local/bin/ ## Python: site-packages COPY --from=python-ext /usr/local/bin/ /usr/local/bin/ COPY --from=python-ext /${PYTHON_SITE_PACKAGES}/ /${PYTHON_SITE_PACKAGES}/ COPY /scripts/* /usr/local/sbin/ ## install missing dependencies for Python site-packages RUN f="${PYTHON_SITE_PACKAGES}/apt-deps.txt" ; \ [ -s "$f" ] || exit 0 ; \ xargs -a "$f" apt-install.sh ; \ apt-clean.sh RUN find /usr/local/sbin/ ! -type d -ls -delete