From 1c860794d2606c76fc516d3b3674d306ab127e0a Mon Sep 17 00:00:00 2001
From: Joe Groocock <frebib@gmail.com>
Date: Fri, 12 May 2017 11:50:24 +0100
Subject: [PATCH] Build glibc from source- it produces smaller & cleaner libs

---
 Dockerfile | 51 ++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 38 insertions(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9215739..52e6d78 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,9 @@
 FROM debian:jessie-slim as builder
 
 ARG ARCH=x86_64
-ARG PACKAGES="core/glibc"
 ARG DEBIAN_FRONTEND=noninteractive
 
+ARG GLIBC_VER=2.25
 ARG BUSYB_VER=1.26.2
 ARG SU_EXEC_VER=v0.2
 ARG TINI_VER=v0.14.0
@@ -12,24 +12,13 @@ WORKDIR /output
 
 #Set up our dependencies, configure the output filesystem a bit
 RUN apt-get update -qy && \
-    apt-get install -qy curl build-essential && \
+    apt-get install -qy curl build-essential gawk linux-libc-dev && \
     mkdir -p usr/bin usr/lib dev proc root etc && \
     ln -sv usr/bin bin && \
     ln -sv usr/bin sbin && \
     ln -sv usr/lib lib && \
     ln -sv usr/lib lib64
 
-# Removing this :P
-RUN for pkg in $PACKAGES; do \
-        repo=$(echo $pkg | cut -d/ -f1); \
-        name=$(echo $pkg | cut -d/ -f2); \
-        curl -L https://archlinux.org/packages/$repo/$ARCH/$name/download \
-            | tar xJ -C . ; \
-    done && \
-    rm -f .BUILDINFO .INSTALL .PKGINFO .MTREE && \
-    rm -rf usr/share usr/include lib/*.a lib/*.o lib/gconv \
-           bin/ldconfig bin/sln bin/localedef bin/nscd
-
 # Pull busybox and some other utilities
 RUN curl -L https://busybox.net/downloads/binaries/$BUSYB_VER-defconfig-multiarch/busybox-$ARCH > /output/usr/bin/busybox && \
     curl -L https://github.com/javabean/su-exec/releases/download/${SU_EXEC_VER}/su-exec.amd64 > /output/sbin/su-exec && \
@@ -38,6 +27,42 @@ RUN curl -L https://busybox.net/downloads/binaries/$BUSYB_VER-defconfig-multiarc
 
 WORKDIR /tmp
 
+ARG CFLAGS="-Os -pipe -fstack-protector-strong"
+ARG LDFLAGS="-Wl,-O1,--sort-common -Wl,-s"
+
+# Download and build glibc from source
+RUN curl -L https://ftp.gnu.org/gnu/glibc/glibc-$GLIBC_VER.tar.xz | tar xJ && \
+    mkdir -p glibc-build && cd glibc-build && \
+	\
+    echo "slibdir=/lib" >> configparms && \
+    echo "rtlddir=/lib" >> configparms && \
+    echo "sbindir=/bin" >> configparms && \
+    echo "rootsbindir=/bin" >> configparms && \
+	\
+    rm -rf /usr/include/x86_64-linux-gnu/c++ && \
+    ln -sfv /usr/include/x86_64-linux-gnu/* /usr/include && \
+    ../glibc-$GLIBC_VER/configure \
+        --prefix="$(pwd)/root" \
+        --libdir="$(pwd)/root/lib" \
+        --libexecdir=/lib \
+        --with-headers=/usr/include \
+        --enable-add-ons \
+        --enable-obsolete-rpc \
+        --enable-kernel=3.10.0 \
+        --enable-bind-now \
+        --disable-profile \
+        --enable-stackguard-randomization \
+        --enable-stack-protector=strong \
+        --enable-lock-elision \
+        --enable-multi-arch \
+        --disable-werror && \
+    make && make install_root=$(pwd)/out install
+
+# Copy glibc libs & generate ld cache
+RUN cp -r glibc-build/out/lib/*.so /output/lib && \
+    echo '/usr/lib' > /output/etc/ld.so.conf && \
+    ldconfig -r /output
+
 # Build and install openssl
 ARG DESTDIR=/output/libressl
 RUN curl -L https://www.openssl.org/source/openssl-1.1.0e.tar.gz | \