Refactor from scratch, not busybox
This commit is contained in:
Adam Dodman
parent
5c62506c0e
commit
89a51d5e7e
90
Dockerfile
90
Dockerfile
@ -1,59 +1,47 @@
|
|||||||
FROM busybox:glibc
|
FROM debian:jessie-slim as builder
|
||||||
|
|
||||||
ARG REPO=http://ftp.de.debian.org/debian/pool/main
|
|
||||||
ARG ARCH=amd64
|
|
||||||
|
|
||||||
ARG LIBC6_VER=2.19-18+deb8u9
|
ARG ARCH=x86_64
|
||||||
ARG LIBGCC_VER=4.9.2-10
|
ARG PACKAGES="core/glibc community/busybox"
|
||||||
ARG LIBSSL_VER=1.0.1t-1+deb8u6
|
ARG DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
ARG SU_EXEC_VER=v0.2
|
WORKDIR /output
|
||||||
ARG TINI_VER=v0.14.0
|
|
||||||
|
|
||||||
ADD pkgextract /usr/local/bin/
|
RUN apt-get update -qy && \
|
||||||
|
apt-get install -qy curl build-essential
|
||||||
|
|
||||||
|
# Download and install glibc & busybox from Arch Linux
|
||||||
|
RUN mkdir -p usr/bin usr/lib dev proc root etc && \
|
||||||
|
ln -sv usr/bin bin && \
|
||||||
|
ln -sv usr/bin sbin && \
|
||||||
|
ln -sv usr/lib lib && \
|
||||||
|
ln -sv usr/lib lib64 && \
|
||||||
|
for pkg in $PACKAGES; do \
|
||||||
|
repo=$(echo $pkg | cut -d/ -f1); \
|
||||||
|
name=$(echo $pkg | cut -d/ -f2); \
|
||||||
|
curl -L https://archlinux.org/packages/$repo/$ARCH/$name/download \
|
||||||
|
| tar xJ -C . ; \
|
||||||
|
done && \
|
||||||
|
rm -f .BUILDINFO .INSTALL .PKGINFO .MTREE && \
|
||||||
|
for i in $(bin/busybox --list); do ln -s /bin/busybox bin/$i; done && \
|
||||||
|
rm -rf usr/share usr/include lib/*.a lib/*.o lib/gconv \
|
||||||
|
bin/ldconfig bin/sln bin/localedef bin/nscd
|
||||||
|
|
||||||
|
ARG DESTDIR=/output/libressl
|
||||||
|
|
||||||
WORKDIR /tmp
|
WORKDIR /tmp
|
||||||
RUN mkdir -p /var/lib/dpkg/info && \
|
|
||||||
# Fetch dependencies
|
|
||||||
wget ${REPO}/g/glibc/libc6_${LIBC6_VER}_${ARCH}.deb && \
|
|
||||||
wget ${REPO}/g/glibc/libc6-${ARCH}_${LIBC6_VER}_i386.deb && \
|
|
||||||
wget ${REPO}/g/glibc/multiarch-support_${LIBC6_VER}_${ARCH}.deb && \
|
|
||||||
wget ${REPO}/g/gcc-4.9/libgcc1_${LIBGCC_VER}_${ARCH}.deb && \
|
|
||||||
wget ${REPO}/g/gcc-4.9/gcc-4.9-base_${LIBGCC_VER}_${ARCH}.deb && \
|
|
||||||
wget ${REPO}/o/openssl/libssl1.0.0_${LIBSSL_VER}_${ARCH}.deb && \
|
|
||||||
wget ${REPO}/o/openssl/openssl_${LIBSSL_VER}_${ARCH}.deb && \
|
|
||||||
\
|
|
||||||
# Lie about libc6 being installed
|
|
||||||
dpkg-deb -f libc6_*.deb | sed '/Depends: .*/d' > /var/lib/dpkg/status && \
|
|
||||||
echo "Status: install ok installed" >> /var/lib/dpkg/status && \
|
|
||||||
\
|
|
||||||
# Install multiarch && gcc
|
|
||||||
pkgextract libc6-${ARCH}*.deb && \
|
|
||||||
pkgextract multiarch-support*.deb && \
|
|
||||||
pkgextract gcc-4.9-base*.deb && \
|
|
||||||
pkgextract libgcc1*.deb && \
|
|
||||||
\
|
|
||||||
# Lie about libssl being installed to dpkg
|
|
||||||
dpkg-deb -f libssl1.0*.deb | sed 's|, debconf.*||g' >> /var/lib/dpkg/status && \
|
|
||||||
echo "Status: install ok installed" >> /var/lib/dpkg/status && \
|
|
||||||
# Actually 'install' libssl by extracting the files
|
|
||||||
dpkg-deb -x libssl1.0*.deb / && \
|
|
||||||
# Manually link the library files
|
|
||||||
ln -sfv /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 /lib && \
|
|
||||||
ln -sfv /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /lib && \
|
|
||||||
# Install openssl
|
|
||||||
pkgextract openssl*.deb && \
|
|
||||||
\
|
|
||||||
# Install su-exec & tini
|
|
||||||
mkdir -p /usr/local/bin /sbin && \
|
|
||||||
wget -O /usr/local/bin/su-exec https://github.com/javabean/su-exec/releases/download/${SU_EXEC_VER}/su-exec.${ARCH} && \
|
|
||||||
wget -O /sbin/tini https://github.com/krallin/tini/releases/download/${TINI_VER}/tini-${ARCH} && \
|
|
||||||
chmod +x /usr/local/bin/su-exec /sbin/tini && \
|
|
||||||
\
|
|
||||||
# Cleanup
|
|
||||||
rm -f *.deb && \
|
|
||||||
rm -rf /usr/share && \
|
|
||||||
rm -rf /usr/lib64/gconv # Hopefully this isn't required
|
|
||||||
|
|
||||||
|
# Build and install openssl
|
||||||
|
RUN curl -L https://www.openssl.org/source/openssl-1.1.0e.tar.gz | \
|
||||||
|
tar xz -C /tmp --strip-components=1 && \
|
||||||
|
./config --prefix=/output && \
|
||||||
|
make install_sw && \
|
||||||
|
rm /output/lib/*.a && \
|
||||||
|
rm -r /output/include
|
||||||
|
|
||||||
|
# =============
|
||||||
|
|
||||||
|
FROM scratch
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
ENV LD_LIBRARY_PATH=/lib:/lib/x86_64-linux-gnu:/usr/lib:/usr/lib/x86_64-linux-gnu
|
COPY --from=builder /output/ /
|
||||||
|
CMD ["sh"]
|
||||||
|
|||||||
22
pkgextract
22
pkgextract
@ -1,22 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
set -e
|
|
||||||
|
|
||||||
FPATH="$(realpath $1)"
|
|
||||||
FNAME="$(basename "$FPATH")"
|
|
||||||
|
|
||||||
PKG_NAME="$(echo "$FNAME" | sed 's|_.*||g')"
|
|
||||||
|
|
||||||
# Extract package control files
|
|
||||||
CTRL_PATH="/tmp/${PKG_NAME}-DEBIAN"
|
|
||||||
dpkg-deb -e "$FPATH" "$CTRL_PATH"
|
|
||||||
|
|
||||||
cd "$CTRL_PATH"
|
|
||||||
|
|
||||||
# Rename and move control info files
|
|
||||||
find * -exec mv "{}" "/var/lib/dpkg/info/$PKG_NAME.{}" \;
|
|
||||||
|
|
||||||
cd -
|
|
||||||
# If this fails, there was probably a
|
|
||||||
rmdir "$CTRL_PATH"
|
|
||||||
|
|
||||||
dpkg -i "$FPATH"
|
|
||||||
Loading…
Reference in New Issue
Block a user