167 lines
5.1 KiB
Docker
167 lines
5.1 KiB
Docker
# Pre-define ARGs to ensure correct scope
|
|
ARG GLIBC_VER=2.29
|
|
ARG BUSYB_VER=1.31.0
|
|
ARG SU_EXEC_VER=0.4
|
|
ARG TINI_VER=0.18.0
|
|
|
|
FROM spritsail/debian-builder as builder
|
|
|
|
ARG GLIBC_VER
|
|
ARG BUSYB_VER
|
|
ARG SU_EXEC_VER
|
|
ARG TINI_VER
|
|
|
|
ARG PREFIX=/output
|
|
WORKDIR $PREFIX
|
|
|
|
#Set up our dependencies, configure the output filesystem a bit
|
|
RUN mkdir -p dev etc home proc root tmp usr/{bin,lib/pkgconfig,lib32} var && \
|
|
# Set up directories in a very confusing but very worky way
|
|
ln -sv usr/lib lib64 && \
|
|
ln -sv usr/lib lib && \
|
|
ln -sv usr/bin bin && \
|
|
ln -sv usr/bin sbin && \
|
|
ln -sv bin usr/sbin
|
|
|
|
WORKDIR /tmp/glibc/build
|
|
|
|
# Download and build glibc from source
|
|
RUN apt install -y bison python3 && \
|
|
curl -fL https://ftp.gnu.org/gnu/glibc/glibc-${GLIBC_VER}.tar.xz \
|
|
| tar xJ --strip-components=1 -C .. && \
|
|
\
|
|
echo "slibdir=/usr/lib" >> configparms && \
|
|
echo "rtlddir=/usr/lib" >> configparms && \
|
|
echo "sbindir=/bin" >> configparms && \
|
|
echo "rootsbindir=/sbin" >> configparms && \
|
|
echo "build-programs=yes" >> configparms && \
|
|
\
|
|
../configure \
|
|
--prefix=/usr \
|
|
--libdir=/usr/lib \
|
|
--libexecdir=/usr/lib \
|
|
--enable-add-ons \
|
|
--enable-obsolete-rpc \
|
|
--enable-kernel=3.10.0 \
|
|
--enable-bind-now \
|
|
--disable-profile \
|
|
--enable-stackguard-randomization \
|
|
--enable-stack-protector=strong \
|
|
--enable-lock-elision \
|
|
--enable-multi-arch \
|
|
--disable-werror && \
|
|
make -j "$(nproc)" && \
|
|
make -j "$(nproc)" install_root="$(pwd)/out" install
|
|
|
|
RUN strip -s out/sbin/ldconfig && \
|
|
# Patch ldd to use sh not bash
|
|
sed -i '1s/.*/#!\/bin\/sh/' out/usr/bin/ldd && \
|
|
sed -i 's/lib64/lib/g' out/usr/bin/ldd && \
|
|
# Copy glibc libs & loader
|
|
cp -d out/usr/lib/*.so* "${PREFIX}/usr/lib" && \
|
|
cp -d out/usr/bin/ldd "${PREFIX}/bin" && \
|
|
cp -d out/sbin/ldconfig "${PREFIX}/sbin" && \
|
|
\
|
|
echo /usr/lib32 > "${PREFIX}/etc/ld.so.conf"
|
|
|
|
WORKDIR /tmp/busybox
|
|
|
|
# Download and build busybox from source
|
|
RUN curl -fL https://busybox.net/downloads/busybox-${BUSYB_VER}.tar.bz2 \
|
|
| tar xj --strip-components=1 && \
|
|
# Use minimal configuration for standalone applets
|
|
make allnoconfig && \
|
|
sed -i -e 's/# CONFIG_PING is not set/CONFIG_PING=y/' \
|
|
-e 's/# CONFIG_FEATURE_FANCY_PING is not set/CONFIG_FEATURE_FANCY_PING=y/' \
|
|
-e 's/# CONFIG_SU is not set/CONFIG_SU=y/' \
|
|
.config && \
|
|
# Build ping and su
|
|
./make_single_applets.sh && \
|
|
cp busybox_PING "${PREFIX}/bin/ping" && \
|
|
cp busybox_SU "${PREFIX}/bin/su" && \
|
|
\
|
|
# Use default configuration
|
|
make defconfig && \
|
|
# Disable `busybox --install` function
|
|
sed -i -e 's/CONFIG_INSTALLER=y/# CONFIG_INSTALLER is not set/' \
|
|
-e 's/CONFIG_PING=y/# CONFIG_PING is not set/' \
|
|
-e 's/CONFIG_SU=y/# CONFIG_SU is not set/' \
|
|
.config && \
|
|
\
|
|
make -j "$(nproc)" && \
|
|
cp busybox "${PREFIX}/bin" && \
|
|
# "Install" busybox, creating symlinks to all binaries it provides
|
|
./busybox --list-full | xargs -i ln -s /bin/busybox "${PREFIX}/{}"
|
|
|
|
WORKDIR /tmp/su-exec
|
|
|
|
# Download and build su-exec from source
|
|
RUN apt-get -y install xxd
|
|
RUN curl -fL https://github.com/frebib/su-exec/archive/v${SU_EXEC_VER}.tar.gz \
|
|
| tar xz --strip-components=1 && \
|
|
make && \
|
|
strip -s su-exec && \
|
|
mv su-exec "${PREFIX}/sbin"
|
|
|
|
WORKDIR /tmp/tini
|
|
|
|
# Download and build tini from source
|
|
ADD tini-gnudef.patch /tmp
|
|
RUN curl -fL https://github.com/krallin/tini/archive/v${TINI_VER}.tar.gz \
|
|
| tar xz --strip-components=1 && \
|
|
patch -p1 < /tmp/tini-gnudef.patch && \
|
|
cmake . && \
|
|
make tini && \
|
|
mv tini "${PREFIX}/sbin"
|
|
|
|
WORKDIR $PREFIX
|
|
|
|
# Generate initial ld.so.cache so ELF binaries work.
|
|
# This is important otherwise everything will error with
|
|
# 'no such file or directory' when looking for libraries
|
|
RUN ${PREFIX}/sbin/ldconfig -r ${PREFIX} && \
|
|
# Copy UTC localtime to output
|
|
cp /usr/share/zoneinfo/Etc/UTC etc/
|
|
|
|
# Add default skeleton configuration files
|
|
COPY skel/ .
|
|
RUN install -dm 1777 tmp && \
|
|
chroot . chmod 755 usr/bin/* sbin/* && \
|
|
# Ensure ping and su have correct permissions
|
|
chroot . chmod 4755 usr/bin/ping usr/bin/su
|
|
|
|
# =============
|
|
|
|
FROM scratch
|
|
|
|
ARG BUSYB_VER
|
|
ARG GLIBC_VER
|
|
ARG SU_EXEC_VER
|
|
ARG TINI_VER
|
|
|
|
LABEL maintainer="Spritsail <busybox@spritsail.io>" \
|
|
org.label-schema.vendor="Spritsail" \
|
|
org.label-schema.name="Busybox" \
|
|
org.label-schema.url="https://github.com/spritsail/busybox" \
|
|
org.label-schema.description="Busybox and GNU libc built from source" \
|
|
org.label-schema.version=${BUSYB_VER}/${GLIBC_VER} \
|
|
io.spritsail.version.busybox=${BUSYB_VER} \
|
|
io.spritsail.version.glibc=${GLIBC_VER} \
|
|
io.spritsail.version.su-exec=${SU_EXEC_VER} \
|
|
io.spritsail.version.tini=${TINI_VER}
|
|
|
|
WORKDIR /
|
|
|
|
SHELL ["/bin/sh", "-exc"]
|
|
|
|
COPY --from=builder /output/ /
|
|
# Workaround for Docker bug (not retaining setuid bit)
|
|
# https://github.com/moby/moby/issues/37830
|
|
RUN chmod 4755 usr/bin/ping usr/bin/su
|
|
|
|
ENV ENV="/etc/profile"
|
|
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
|
|
|
|
ENTRYPOINT ["/sbin/tini" , "--"]
|
|
CMD ["/bin/sh"]
|