197 lines
6.6 KiB
Docker
197 lines
6.6 KiB
Docker
ARG IMAGE_VERSION
|
|
FROM docker.io/rockdrilla/angie-conv:${IMAGE_VERSION}-base AS base
|
|
|
|
## ---
|
|
|
|
FROM base AS tools
|
|
SHELL [ "/bin/sh", "-ec" ]
|
|
|
|
COPY /scripts/* /usr/local/sbin/
|
|
COPY /scripts-extra/* /usr/local/sbin/
|
|
|
|
## current HEAD: "main: don't use secure_getenv", December 14, 2024
|
|
ENV CATATONIT_COMMIT=56579adbb42c0c7ad94fc12d844b38fc5b37b3ce
|
|
|
|
# ARG CATATONIT_BASE_URI='https://codeload.github.com/openSUSE/catatonit/tar.gz'
|
|
# ARG CATATONIT_URI="${CATATONIT_BASE_URI}/${CATATONIT_COMMIT}"
|
|
|
|
ARG CATATONIT_BASE_URI='https://github.com/openSUSE/catatonit/archive'
|
|
ARG CATATONIT_URI="${CATATONIT_BASE_URI}/${CATATONIT_COMMIT}.tar.gz"
|
|
|
|
## current HEAD: "initial commit ", May 27, 2025
|
|
ENV OVERLAYDIRS_COMMIT=4ba42acfea72bbb378808bbf033396cd6a0e3d22
|
|
|
|
ARG OVERLAYDIRS_BASE_URI='https://git.krd.sh/krd/overlaydirs/archive'
|
|
ARG OVERLAYDIRS_URI="${OVERLAYDIRS_BASE_URI}/${OVERLAYDIRS_COMMIT}.tar.gz"
|
|
|
|
# hadolint ignore=DL3020
|
|
ADD "${CATATONIT_URI}" /tmp/catatonit.tar.gz
|
|
# hadolint ignore=DL3020
|
|
ADD "${OVERLAYDIRS_URI}" /tmp/overlaydirs.tar.gz
|
|
|
|
RUN pkg='build-essential debhelper musl-dev autoconf autoconf-archive libxxhash-dev' ; \
|
|
apt-install.sh ${pkg} ; \
|
|
DEB_HOST_GNU_TYPE=$(dpkg-architecture -q DEB_HOST_GNU_TYPE) ; \
|
|
export HOSTCC="${DEB_HOST_GNU_TYPE}-gcc" ; \
|
|
DEB_TARGET_GNU_TYPE=$(dpkg-architecture -q DEB_TARGET_GNU_TYPE) ; \
|
|
DEB_TARGET_MUSL_TYPE=$(printf '%s' "${DEB_TARGET_GNU_TYPE}" | sed -E 's/-gnu$/-musl/') ; \
|
|
CFLAGS_LTO="-flto=2 -fuse-linker-plugin -ffat-lto-objects -flto-partition=none" ; \
|
|
CFLAGS_COMMON="-O2 -g -pipe -fPIE -fstack-protector-strong -fstack-clash-protection -fcf-protection" ; \
|
|
CPPFLAGS="-Wall -Wextra -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2" ; \
|
|
## build catatonit
|
|
d=/tmp/catatonit ; \
|
|
rm -rf "$d" ; \
|
|
mkdir -p "$d" ; \
|
|
( \
|
|
cd "$d" ; \
|
|
tar --strip-components=1 -xf /tmp/catatonit.tar.gz ; \
|
|
commit_abbrev=$(printf '%s' "${CATATONIT_COMMIT}" | cut -c1-8) ; \
|
|
sed -i "s/+dev/+git.${commit_abbrev}/" configure.ac ; \
|
|
export CC="${DEB_TARGET_MUSL_TYPE}-gcc" ; \
|
|
export CFLAGS="${CFLAGS_LTO} ${CFLAGS_COMMON} ${CPPFLAGS}" ; \
|
|
export LDFLAGS="-static-pie -Wl,-z,relro -Wl,-z,now" ; \
|
|
autoreconf -fiv ; \
|
|
./configure ; \
|
|
make -j1 ; \
|
|
ls -l catatonit ; \
|
|
# "${DEB_TARGET_GNU_TYPE}-strip" --strip-debug --strip-unneeded catatonit ; \
|
|
strip --strip-debug --strip-unneeded catatonit ; \
|
|
ls -l catatonit ; \
|
|
cp catatonit /usr/local/bin/ ; \
|
|
) ; \
|
|
rm -rf "$d" ; \
|
|
## build overlaydirs
|
|
d=/tmp/overlaydirs ; \
|
|
rm -rf "$d" ; \
|
|
mkdir -p "$d" ; \
|
|
( \
|
|
cd "$d" ; \
|
|
tar --strip-components=1 -xf /tmp/overlaydirs.tar.gz ; \
|
|
export CROSS="${DEB_TARGET_GNU_TYPE}-" ; \
|
|
export CFLAGS_COMMON CPPFLAGS ; \
|
|
make -j1 clean build RELMODE=1 ; \
|
|
ls -l overlaydirs ; \
|
|
cp overlaydirs /usr/local/bin/ ; \
|
|
) ; \
|
|
rm -rf "$d" ; \
|
|
## cleanup
|
|
apt-remove.sh ${pkg} ; \
|
|
apt-clean.sh
|
|
|
|
## ---
|
|
|
|
## not actually used; only for reference
|
|
|
|
FROM base AS python-ext-no-binary
|
|
SHELL [ "/bin/sh", "-ec" ]
|
|
|
|
COPY /scripts/* /usr/local/sbin/
|
|
COPY /scripts-extra/* /usr/local/sbin/
|
|
|
|
COPY /requirements.txt /tmp/
|
|
|
|
ENV DEV_PACKAGES='libyaml-dev'
|
|
# markupsafe, psutil
|
|
ENV CIBUILDWHEEL=1
|
|
# pyyaml
|
|
ENV PYYAML_FORCE_CYTHON=1
|
|
|
|
RUN w=$(mktemp -d) ; : "${w:?}" ; \
|
|
{ apt-mark showauto ; apt-mark showmanual ; } | sort -uV > "$w/t0" ; \
|
|
printf '%s\n' ${DEV_PACKAGES} | sort -uV > "$w/t1" ; \
|
|
apt-install.sh ${DEV_PACKAGES} ; \
|
|
{ apt-mark showauto ; apt-mark showmanual ; } | sort -uV > "$w/t2" ; \
|
|
set +e ; \
|
|
grep -Fxv -f "$w/t0" "$w/t2" > "$w/t3" ; \
|
|
grep -Fxv -f "$w/t1" "$w/t3" > "$w/t4" ; \
|
|
grep -Ev -e '-(dev|doc)$' "$w/t4" > "${PYTHON_SITE_PACKAGES}/apt-deps.txt" ; \
|
|
set -e ; \
|
|
rm -rf "$w/" ; unset w ; \
|
|
apt-install.sh build-essential ; \
|
|
pip-env.sh pip install 'cython~=3.0.12' ; \
|
|
pip-env.sh pip install --no-binary :all: -r /tmp/requirements.txt ; \
|
|
pip-env.sh pip uninstall -y 'cython' ; \
|
|
python-rm-cache.sh "${PYTHON_SITE_PACKAGES}" ; \
|
|
rm -rf \
|
|
"${PYTHON_SITE_PACKAGES}/psutil/tests" \
|
|
; \
|
|
find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \
|
|
echo ; \
|
|
find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -printf '%p\0' \
|
|
| sed -zE '/rust/d' \
|
|
| xargs -0r strip --strip-debug --strip-unneeded ; \
|
|
echo ; \
|
|
find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \
|
|
apt-remove.sh build-essential ; \
|
|
apt-clean.sh
|
|
|
|
## avoid changing already present packages
|
|
RUN rm -rfv \
|
|
/usr/local/bin/pip \
|
|
/usr/local/bin/pip3* \
|
|
; \
|
|
find "${PYTHON_SITE_PACKAGES}/" -mindepth 1 -maxdepth 1 -printf '%P\0' \
|
|
| sed -zEn \
|
|
-e '/^pip(|-.+\.dist-info)$/p' \
|
|
| env -C "${PYTHON_SITE_PACKAGES}" xargs -0r rm -rf
|
|
|
|
## ---
|
|
|
|
FROM base AS python-ext
|
|
SHELL [ "/bin/sh", "-ec" ]
|
|
|
|
COPY /scripts/* /usr/local/sbin/
|
|
COPY /scripts-extra/* /usr/local/sbin/
|
|
|
|
COPY /requirements.txt /tmp/
|
|
|
|
RUN apt-install.sh binutils ; \
|
|
pip-env.sh pip install -r /tmp/requirements.txt ; \
|
|
python-rm-cache.sh "${PYTHON_SITE_PACKAGES}" ; \
|
|
rm -rf \
|
|
"${PYTHON_SITE_PACKAGES}/psutil/tests" \
|
|
; \
|
|
find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \
|
|
echo ; \
|
|
find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -printf '%p\0' \
|
|
| sed -zE '/rust/d' \
|
|
| xargs -0r strip --strip-debug --strip-unneeded ; \
|
|
echo ; \
|
|
find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \
|
|
apt-remove.sh binutils ; \
|
|
apt-clean.sh
|
|
|
|
## avoid changing already present packages
|
|
RUN rm -rfv \
|
|
/usr/local/bin/pip \
|
|
/usr/local/bin/pip3* \
|
|
; \
|
|
find "${PYTHON_SITE_PACKAGES}/" -mindepth 1 -maxdepth 1 -printf '%P\0' \
|
|
| sed -zEn \
|
|
-e '/^pip(|-.+\.dist-info)$/p' \
|
|
| env -C "${PYTHON_SITE_PACKAGES}" xargs -0r rm -rf
|
|
|
|
## ---
|
|
|
|
FROM base AS deps
|
|
SHELL [ "/bin/sh", "-ec" ]
|
|
|
|
COPY /Dockerfile.deps /usr/local/share/
|
|
|
|
COPY --from=tools /usr/local/bin/catatonit /usr/local/bin/
|
|
COPY --from=tools /usr/local/bin/overlaydirs /usr/local/bin/
|
|
|
|
## Python: site-packages
|
|
COPY --from=python-ext /usr/local/bin/ /usr/local/bin/
|
|
COPY --from=python-ext /${PYTHON_SITE_PACKAGES}/ /${PYTHON_SITE_PACKAGES}/
|
|
|
|
COPY /scripts/* /usr/local/sbin/
|
|
|
|
## install missing dependencies for Python site-packages
|
|
RUN f="${PYTHON_SITE_PACKAGES}/apt-deps.txt" ; \
|
|
[ -s "$f" ] || exit 0 ; \
|
|
xargs -a "$f" apt-install.sh ; \
|
|
apt-clean.sh
|
|
|
|
RUN find /usr/local/sbin/ ! -type d -ls -delete
|