-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
182 lines (162 loc) · 6.91 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
# global args
ARG __BUILD_DIR__="/build"
ARG __WORK_DIR__="/work"
ARG WHOIS_VERSION="5.5.12"
FROM fscm/centos:stream-9 as build
ARG __BUILD_DIR__
ARG __WORK_DIR__
ARG WHOIS_VERSION
ARG __USER__="root"
ARG __SOURCE_DIR__="${__WORK_DIR__}/src"
ENV \
LANG="C.utf8" \
LC_ALL="C.utf8"
USER "${__USER__}"
COPY "LICENSE" "${__WORK_DIR__}"/
WORKDIR "${__WORK_DIR__}"
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN \
# build env
echo '--> setting build env' && \
set +h && \
export __NPROC__="$(getconf _NPROCESSORS_ONLN || echo 1)" && \
#export DCACHE_LINESIZE="$(getconf LEVEL1_DCACHE_LINESIZE || echo 64)" && \
export DCACHE_LINESIZE="64" && \
export __MARCH__="$(case `arch` in x86_64*) echo x86-64;; aarch64) echo armv8-a;; esac)" && \
export MAKEFLAGS="--silent --no-print-directory --jobs ${__NPROC__}" && \
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig && \
# build structure
echo '--> creating build structure' && \
for folder in 'bin'; do \
install --directory --owner="${__USER__}" --group="${__USER__}" --mode=0755 "${__BUILD_DIR__}/usr/${folder}"; \
done && \
for folder in '/tmp' "${__WORK_DIR__}"; do \
install --directory --owner="${__USER__}" --group="${__USER__}" --mode=1777 "${__BUILD_DIR__}${folder}"; \
done && \
# dependencies
echo '--> instaling dependencies' && \
dnf --quiet makecache --refresh && \
dnf --assumeyes --quiet --setopt=install_weak_deps='no' install \
binutils \
ca-certificates \
curl \
diffutils \
file \
findutils \
gcc \
gettext \
gzip \
jq \
make \
perl-autodie \
perl-interpreter \
perl-lib \
perl-open \
perl-FindBin \
rsync \
tar \
xz \
> /dev/null && \
# musl
echo '--> installing musl libc' && \
install --directory "${__SOURCE_DIR__}/musl/_build" && \
curl --silent --location --retry 3 "https://musl.libc.org/releases/musl-latest.tar.gz" \
| tar xz --no-same-owner --strip-components=1 -C "${__SOURCE_DIR__}/musl" && \
cd "${__SOURCE_DIR__}/musl/_build" && \
../configure \
CFLAGS="-fPIC -O2 -g0 -s -w -pipe -march=${__MARCH__} -mtune=generic -DNDEBUG -DCLS=${__DCACHE_LINESIZE__}" \
--prefix='/usr/local' \
--disable-debug \
--disable-shared \
--enable-wrapper=all \
--enable-static \
> /dev/null && \
make > /dev/null && \
make install > /dev/null && \
# Applications linked against all musl public header files and crt files are allowed to
# omit copyright notice and permission notice otherwise required by the license.
# This is documented in the "COPYRIGHT" file.
# https://git.musl-libc.org/cgit/musl/tree/COPYRIGHT
cd ~- && \
rm -rf "${__SOURCE_DIR__}/musl" && \
# libxcrypt
echo '--> installing libxcrypt' && \
install --directory "${__SOURCE_DIR__}/libxcrypt/_build" && \
LIBXCRYPT_URL="$(curl --silent --location --retry 3 'https://api.github.com/repos/besser82/libxcrypt/releases/latest' \
| jq -r '.assets[] | select(.content_type=="application/x-xz") | .browser_download_url')" && \
curl --silent --location --retry 3 "${LIBXCRYPT_URL}" \
| tar xJ --no-same-owner --strip-components=1 -C "${__SOURCE_DIR__}/libxcrypt" && \
cd "${__SOURCE_DIR__}/libxcrypt/_build" && \
../configure \
CC="musl-gcc -static --static" \
CFLAGS="-fPIC -O2 -g0 -s -w -pipe -march=${__MARCH__} -mtune=generic -DNDEBUG -DCLS=${__DCACHE_LINESIZE__}" \
--quiet \
--prefix='/usr/local' \
--includedir='/usr/local/include' \
--libdir='/usr/local/lib' \
--sysconfdir='/etc' \
--enable-fast-install \
--enable-hashes='all' \
--enable-obsolete-api='glibc' \
--enable-silent-rules \
--enable-static \
--disable-failure-tokens \
--disable-shared && \
make > /dev/null && \
make install > /dev/null && \
install --directory --owner="${__USER__}" --group="${__USER__}" --mode=0755 "${__BUILD_DIR__}/licenses/libxcrypt" && \
(cd .. && find ./ -type f -a \( -iname '*LICENS*' -o -iname '*COPYING*' \) -exec cp --parents {} "${__BUILD_DIR__}/licenses/libxcrypt" ';') && \
cd ~- && \
rm -rf "${__SOURCE_DIR__}/libxcrypt" && \
# whois (mkpasswd)
echo '--> installing whois (mkpasswd)' && \
install --directory "${__SOURCE_DIR__}/whois" && \
curl --silent --location --retry 3 "https://github.com/rfc1036/whois/archive/v${WHOIS_VERSION}/whois-${WHOIS_VERSION}.tar.gz" \
| tar xz --no-same-owner --strip-components=1 -C "${__SOURCE_DIR__}/whois" && \
cd "${__SOURCE_DIR__}/whois" && \
make \
CC="musl-gcc -static --static" \
CFLAGS="-fPIC -O2 -g0 -s -w -pipe -march=${__MARCH__} -mtune=generic -DNDEBUG -DCLS=${__DCACHE_LINESIZE__} -DHAVE_GETOPT_LONG" \
mkpasswd \
> /dev/null && \
install --owner="${__USER__}" --group="${__USER__}" --mode=0755 --target-directory="${__BUILD_DIR__}/usr/bin" './mkpasswd' && \
install --directory --owner="${__USER__}" --group="${__USER__}" --mode=0755 "${__BUILD_DIR__}/licenses/whois" && \
find ./ -type f -a \( -iname '*LICENS*' -o -iname '*COPYING*' \) -exec cp --parents {} "${__BUILD_DIR__}/licenses/whois" ';' && \
cd ~- && \
rm -rf "${__SOURCE_DIR__}/whois" && \
# stripping
echo '--> stripping binaries' && \
find "${__BUILD_DIR__}"/usr/bin -type f -not -links +1 -exec strip --strip-all {} ';' && \
# licenses
echo '--> project licenses' && \
install --owner="${__USER__}" --group="${__USER__}" --mode=0644 --target-directory="${__BUILD_DIR__}/licenses" "${__WORK_DIR__}/LICENSE" && \
# check version
echo '--> mkpasswd version' && \
chroot "${__BUILD_DIR__}" /usr/bin/mkpasswd --version && \
arch && \
# done
echo '--> all done!'
FROM scratch
ARG __BUILD_DIR__
ARG __WORK_DIR__
ARG WHOIS_VERSION
LABEL \
maintainer="Frederico Martins <https://hub.docker.com/u/fscm/>" \
vendor="fscm" \
cmd="docker container run --rm --interactive --tty fscm/mkpasswd" \
params="--volume $$PWD:${__WORK_DIR__}:rw" \
org.label-schema.schema-version="1.0" \
org.label-schema.name="fscm/mkpasswd" \
org.label-schema.description="A small image that can be used to run the mkpasswd tool" \
org.label-schema.url="https://github.com/rfc1036/whois/" \
org.label-schema.vcs-url="https://github.com/fscm/docker-mkpasswd/" \
org.label-schema.vendor="fscm" \
org.label-schema.version=${WHOIS_VERSION} \
org.label-schema.docker.cmd="docker container run --interactive --rm --tty fscm/mkpasswd" \
org.label-schema.docker.cmd.test="docker container run --interactive --rm --tty fscm/mkpasswd --version" \
org.label-schema.docker.params="--volume $$PWD:${__WORK_DIR__}:rw"
COPY --from=build "${__BUILD_DIR__}" "/"
VOLUME ["${__WORK_DIR__}"]
WORKDIR "${__WORK_DIR__}"
ENTRYPOINT ["/usr/bin/mkpasswd"]
#CMD ["--help"]