Add separate unstable/stable versions and initial jq-based templating engine

[tianon]

Fixes #93

See also docker-library/php#1052 (and linked PRs).

[tianon]

Useful diff (with faked `wget --spider` to find the old tarballs so it can actually be meaningful):

```diff $ diff -u <(bashbrew cat busybox) <(bashbrew cat <(./generate-stackbrew-library.sh)) --- /dev/fd/63 2021-01-11 11:58:00.552315401 -0800 +++ /dev/fd/62 2021-01-11 11:58:00.556315290 -0800 @@ -20,26 +20,50 @@ s390x-GitCommit: 3b209b3a9e405592d2974623104963406d609022 s390x-GitFetch: refs/heads/dist-s390x -Tags: 1.33.0-uclibc, 1.33-uclibc, 1-uclibc, uclibc +Tags: 1.32.1-uclibc, 1.32-uclibc, 1-uclibc, stable-uclibc, uclibc Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le -Directory: uclibc +Directory: stable/uclibc -Tags: 1.33.0-glibc, 1.33-glibc, 1-glibc, glibc +Tags: 1.32.1-glibc, 1.32-glibc, 1-glibc, stable-glibc, glibc Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x -Directory: glibc +Directory: stable/glibc -Tags: 1.33.0-musl, 1.33-musl, 1-musl, musl +Tags: 1.32.1-musl, 1.32-musl, 1-musl, stable-musl, musl Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x -Directory: musl +Directory: stable/musl -Tags: 1.33.0, 1.33, 1, latest +Tags: 1.32.1, 1.32, 1, stable, latest Architectures: amd64, arm32v5, arm32v6, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x -amd64-Directory: uclibc -arm32v5-Directory: uclibc -arm32v6-Directory: musl -arm32v7-Directory: uclibc -arm64v8-Directory: uclibc -i386-Directory: uclibc -mips64le-Directory: uclibc -ppc64le-Directory: glibc -s390x-Directory: glibc +amd64-Directory: stable/uclibc +arm32v5-Directory: stable/uclibc +arm32v6-Directory: stable/musl +arm32v7-Directory: stable/uclibc +arm64v8-Directory: stable/uclibc +i386-Directory: stable/uclibc +mips64le-Directory: stable/uclibc +ppc64le-Directory: stable/glibc +s390x-Directory: stable/glibc + +Tags: 1.33.0-uclibc, 1.33-uclibc, unstable-uclibc +Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le +Directory: unstable/uclibc + +Tags: 1.33.0-glibc, 1.33-glibc, unstable-glibc +Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x +Directory: unstable/glibc + +Tags: 1.33.0-musl, 1.33-musl, unstable-musl +Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x +Directory: unstable/musl + +Tags: 1.33.0, 1.33, unstable +Architectures: amd64, arm32v5, arm32v6, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x +amd64-Directory: unstable/uclibc +arm32v5-Directory: unstable/uclibc +arm32v6-Directory: unstable/musl +arm32v7-Directory: unstable/uclibc +arm64v8-Directory: unstable/uclibc +i386-Directory: unstable/uclibc +mips64le-Directory: unstable/uclibc +ppc64le-Directory: unstable/glibc +s390x-Directory: unstable/glibc ```

(I also tested by putting unstable back down to 1.32.0 and verified that it goes away appropriately.)

[tianon]

Here's a better way to view the diff of the individual Dockerfile.builder files:

Diff:

```diff diff --git a/glibc/Dockerfile b/unstable/glibc/Dockerfile similarity index 100% rename from glibc/Dockerfile rename to unstable/glibc/Dockerfile diff --git a/glibc/Dockerfile.builder b/unstable/glibc/Dockerfile.builder similarity index 74% rename from glibc/Dockerfile.builder rename to unstable/glibc/Dockerfile.builder index 0d96020..05747b9 100644 --- a/glibc/Dockerfile.builder +++ b/unstable/glibc/Dockerfile.builder @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:buster-slim RUN set -eux; \ @@ -18,11 +24,13 @@ RUN set -eux; \ RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B ENV BUSYBOX_VERSION 1.33.0 +ENV BUSYBOX_SHA256 d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd RUN set -eux; \ tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \ - curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \ curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \ + curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \ + echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \ gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \ mkdir -p /usr/src/busybox; \ tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \ @@ -30,16 +38,15 @@ RUN set -eux; \ WORKDIR /usr/src/busybox -# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input) RUN set -eux; \ \ setConfs=' \ CONFIG_AR=y \ CONFIG_FEATURE_AR_CREATE=y \ CONFIG_FEATURE_AR_LONG_FILENAMES=y \ +# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input) CONFIG_LAST_SUPPORTED_WCHAR=0 \ -# As long as we rely on libnss, we have to have libc.so anyhow, so -# we've removed CONFIG_STATIC here for now... :cry: +# As long as we rely on libnss (see below), we have to have libc.so anyhow, so we've removed CONFIG_STATIC here... :cry: '; \ \ unsetConfs=' \ @@ -73,30 +80,32 @@ RUN set -eux; \ done; \ for confV in $setConfs; do \ grep -q "^$confV\$" .config; \ - done; + done RUN set -eux; \ - make -j "$(nproc)" \ - busybox \ - ; \ + nproc="$(nproc)"; \ + make -j "$nproc" busybox; \ ./busybox --help; \ mkdir -p rootfs/bin; \ ln -vL busybox rootfs/bin/; \ \ - ln -vL "$(which getconf)" rootfs/bin/getconf; \ +# copy "getconf" from Debian + getconf="$(which getconf)"; \ + ln -vL "$getconf" rootfs/bin/getconf; \ \ # hack hack hack hack hack -# with glibc, static busybox uses libnss for DNS resolution :( +# with glibc, busybox (static or not) uses libnss for DNS resolution :( mkdir -p rootfs/etc; \ cp /etc/nsswitch.conf rootfs/etc/; \ mkdir -p rootfs/lib; \ ln -sT lib rootfs/lib64; \ + gccMultiarch="$(gcc -print-multiarch)"; \ set -- \ rootfs/bin/busybox \ rootfs/bin/getconf \ - /lib/"$(gcc -print-multiarch)"/libnss*.so.* \ + /lib/"$gccMultiarch"/libnss*.so.* \ # libpthread is part of glibc: https://stackoverflow.com/a/11210463/433558 - /lib/"$(gcc -print-multiarch)"/libpthread*.so.* \ + /lib/"$gccMultiarch"/libpthread*.so.* \ ; \ while [ "$#" -gt 0 ]; do \ f="$1"; shift; \ @@ -109,29 +118,43 @@ RUN set -eux; \ cp -v "$f" "rootfs/lib/$fn"; \ fi; \ fi; \ - set -- "$@" $(ldd "$f" | awk ' \ + ldd="$(ldd "$f" | awk ' \ $1 ~ /^\// { print $1; next } \ $2 == "=>" && $3 ~ /^\// { print $3; next } \ - '); \ + ')"; \ + set -- "$@" $ldd; \ done; \ - \ chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \ \ chroot rootfs /bin/busybox --install /bin -# download a few extra files from buildroot (/etc/passwd, etc) +# install a few extra files from buildroot (/etc/passwd, etc) RUN set -eux; \ buildrootVersion='2020.11.1'; \ - mkdir -p rootfs/etc; \ - for f in passwd shadow group; do \ - curl -fL -o "rootfs/etc/$f" "https://git.busybox.net/buildroot/plain/system/skeleton/etc/$f?id=$buildrootVersion"; \ + for file in \ + system/device_table.txt \ + system/skeleton/etc/group \ + system/skeleton/etc/passwd \ + system/skeleton/etc/shadow \ + ; do \ + dir="$(dirname "$file")"; \ + mkdir -p "../buildroot/$dir"; \ + curl -fL -o "../buildroot/$file" "https://git.busybox.net/buildroot/plain/$file?id=$buildrootVersion"; \ + [ -s "../buildroot/$file" ]; \ done; \ + \ + mkdir -p rootfs/etc; \ + ln -vL \ + ../buildroot/system/skeleton/etc/group \ + ../buildroot/system/skeleton/etc/passwd \ + ../buildroot/system/skeleton/etc/shadow \ + rootfs/etc/ \ + ; \ # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907 grep -E '^root::' rootfs/etc/shadow; \ sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \ grep -E '^root:[*]:' rootfs/etc/shadow; \ # set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt) - curl -fL -o buildroot-device-table.txt "https://git.busybox.net/buildroot/plain/system/device_table.txt?id=$buildrootVersion"; \ awk ' \ !/^#/ { \ if ($2 != "d" && $2 != "f") { \ @@ -144,8 +167,7 @@ RUN set -eux; \ } \ printf "chmod %s %s\n", $3, $1; \ } \ - ' buildroot-device-table.txt | bash -Eeuo pipefail -x; \ - rm buildroot-device-table.txt + ' ../buildroot/system/device_table.txt | sh -eux # create missing home directories RUN set -eux; \ diff --git a/musl/Dockerfile b/unstable/musl/Dockerfile similarity index 100% rename from musl/Dockerfile rename to unstable/musl/Dockerfile diff --git a/musl/Dockerfile.builder b/unstable/musl/Dockerfile.builder similarity index 78% rename from musl/Dockerfile.builder rename to unstable/musl/Dockerfile.builder index 5307afe..b4b2eb8 100644 --- a/musl/Dockerfile.builder +++ b/unstable/musl/Dockerfile.builder @@ -1,6 +1,13 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.12 -RUN apk add --no-cache \ +RUN set -eux; \ + apk add --no-cache \ bzip2 \ coreutils \ curl \ @@ -9,7 +16,8 @@ RUN apk add --no-cache \ linux-headers \ make \ musl-dev \ - tzdata + tzdata \ + ; # pub 1024D/ACC9965B 2006-12-12 # Key fingerprint = C9E9 416F 76E6 10DB D09D 040F 47B7 0C55 ACC9 965B @@ -18,11 +26,13 @@ RUN apk add --no-cache \ RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B ENV BUSYBOX_VERSION 1.33.0 +ENV BUSYBOX_SHA256 d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd RUN set -eux; \ tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \ - curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \ curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \ + curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \ + echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \ gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \ mkdir -p /usr/src/busybox; \ tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \ @@ -30,18 +40,13 @@ RUN set -eux; \ WORKDIR /usr/src/busybox -# https://www.mail-archive.com/toybox@lists.landley.net/msg02528.html -# https://www.mail-archive.com/toybox@lists.landley.net/msg02526.html -RUN sed -i 's/^struct kconf_id \*$/static &/g' scripts/kconfig/zconf.hash.c_shipped - -# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input) -# see https://wiki.musl-libc.org/wiki/Building_Busybox RUN set -eux; \ \ setConfs=' \ CONFIG_AR=y \ CONFIG_FEATURE_AR_CREATE=y \ CONFIG_FEATURE_AR_LONG_FILENAMES=y \ +# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input) CONFIG_LAST_SUPPORTED_WCHAR=0 \ CONFIG_STATIC=y \ '; \ @@ -49,6 +54,7 @@ RUN set -eux; \ unsetConfs=' \ CONFIG_FEATURE_SYNC_FANCY \ \ +# see https://wiki.musl-libc.org/wiki/Building_Busybox CONFIG_FEATURE_HAVE_RPC \ CONFIG_FEATURE_INETD_RPC \ CONFIG_FEATURE_UTMP \ @@ -82,40 +88,53 @@ RUN set -eux; \ done; \ for confV in $setConfs; do \ grep -q "^$confV\$" .config; \ - done; + done RUN set -eux; \ - make -j "$(nproc)" \ - busybox \ - ; \ + nproc="$(nproc)"; \ + make -j "$nproc" busybox; \ ./busybox --help; \ mkdir -p rootfs/bin; \ ln -vL busybox rootfs/bin/; \ - chroot rootfs /bin/busybox --install /bin - -# grab a simplified getconf port from Alpine we can statically compile -RUN set -eux; \ + \ +# copy simplified getconf port from Alpine aportsVersion="v$(cat /etc/alpine-release)"; \ curl -fsSL \ "https://git.alpinelinux.org/cgit/aports/plain/main/musl/getconf.c?h=${aportsVersion}" \ -o /usr/src/getconf.c \ ; \ gcc -o rootfs/bin/getconf -static -Os /usr/src/getconf.c; \ - chroot rootfs /bin/getconf _NPROCESSORS_ONLN + chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \ + \ + chroot rootfs /bin/busybox --install /bin -# download a few extra files from buildroot (/etc/passwd, etc) +# install a few extra files from buildroot (/etc/passwd, etc) RUN set -eux; \ buildrootVersion='2020.11.1'; \ - mkdir -p rootfs/etc; \ - for f in passwd shadow group; do \ - curl -fL -o "rootfs/etc/$f" "https://git.busybox.net/buildroot/plain/system/skeleton/etc/$f?id=$buildrootVersion"; \ + for file in \ + system/device_table.txt \ + system/skeleton/etc/group \ + system/skeleton/etc/passwd \ + system/skeleton/etc/shadow \ + ; do \ + dir="$(dirname "$file")"; \ + mkdir -p "../buildroot/$dir"; \ + curl -fL -o "../buildroot/$file" "https://git.busybox.net/buildroot/plain/$file?id=$buildrootVersion"; \ + [ -s "../buildroot/$file" ]; \ done; \ + \ + mkdir -p rootfs/etc; \ + ln -vL \ + ../buildroot/system/skeleton/etc/group \ + ../buildroot/system/skeleton/etc/passwd \ + ../buildroot/system/skeleton/etc/shadow \ + rootfs/etc/ \ + ; \ # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907 grep -E '^root::' rootfs/etc/shadow; \ sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \ grep -E '^root:[*]:' rootfs/etc/shadow; \ # set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt) - curl -fL -o buildroot-device-table.txt "https://git.busybox.net/buildroot/plain/system/device_table.txt?id=$buildrootVersion"; \ awk ' \ !/^#/ { \ if ($2 != "d" && $2 != "f") { \ @@ -128,8 +147,7 @@ RUN set -eux; \ } \ printf "chmod %s %s\n", $3, $1; \ } \ - ' buildroot-device-table.txt | sh -eux; \ - rm buildroot-device-table.txt + ' ../buildroot/system/device_table.txt | sh -eux # create missing home directories RUN set -eux; \ diff --git a/uclibc/Dockerfile b/unstable/uclibc/Dockerfile similarity index 100% rename from uclibc/Dockerfile rename to unstable/uclibc/Dockerfile diff --git a/uclibc/Dockerfile.builder b/unstable/uclibc/Dockerfile.builder similarity index 90% rename from uclibc/Dockerfile.builder rename to unstable/uclibc/Dockerfile.builder index a49785b..9241357 100644 --- a/uclibc/Dockerfile.builder +++ b/unstable/uclibc/Dockerfile.builder @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:buster-slim RUN set -eux; \ @@ -8,8 +14,14 @@ RUN set -eux; \ gcc \ gnupg dirmngr \ make \ - \ -# buildroot + ; \ + rm -rf /var/lib/apt/lists/* + +# grab/use buildroot for its uClibc toolchain + +RUN set -eux; \ + apt-get update; \ + apt-get install -y \ bc \ cpio \ dpkg-dev \ @@ -23,8 +35,6 @@ RUN set -eux; \ ; \ rm -rf /var/lib/apt/lists/* -# we grab buildroot for it's uClibc toolchain - # pub 1024D/59C36319 2009-01-15 # Key fingerprint = AB07 D806 D2CE 741F B886 EE50 B025 BA8B 59C3 6319 # uid Peter Korsgaard @@ -186,11 +196,13 @@ ENV PATH /usr/src/buildroot/output/host/usr/bin:$PATH RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B ENV BUSYBOX_VERSION 1.33.0 +ENV BUSYBOX_SHA256 d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd RUN set -eux; \ tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \ - curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \ curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \ + curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \ + echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \ gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \ mkdir -p /usr/src/busybox; \ tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \ @@ -198,13 +210,13 @@ RUN set -eux; \ WORKDIR /usr/src/busybox -# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input) RUN set -eux; \ \ setConfs=' \ CONFIG_AR=y \ CONFIG_FEATURE_AR_CREATE=y \ CONFIG_FEATURE_AR_LONG_FILENAMES=y \ +# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input) CONFIG_LAST_SUPPORTED_WCHAR=0 \ CONFIG_STATIC=y \ '; \ @@ -240,19 +252,19 @@ RUN set -eux; \ done; \ for confV in $setConfs; do \ grep -q "^$confV\$" .config; \ - done; + done RUN set -eux; \ - make -j "$(nproc)" \ - CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)-" \ - busybox \ - ; \ + nproc="$(nproc)"; \ + CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)"; \ + export CROSS_COMPILE="$CROSS_COMPILE-"; \ + make -j "$nproc" busybox; \ ./busybox --help; \ mkdir -p rootfs/bin; \ ln -vL busybox rootfs/bin/; \ \ +# copy "getconf" from buildroot ln -vL ../buildroot/output/target/usr/bin/getconf rootfs/bin/; \ - \ chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \ \ chroot rootfs /bin/busybox --install /bin @@ -260,11 +272,12 @@ RUN set -eux; \ # install a few extra files from buildroot (/etc/passwd, etc) RUN set -eux; \ mkdir -p rootfs/etc; \ - for f in passwd shadow group; do \ - ln -vL \ - "../buildroot/system/skeleton/etc/$f" \ - "rootfs/etc/$f"; \ - done; \ + ln -vL \ + ../buildroot/system/skeleton/etc/group \ + ../buildroot/system/skeleton/etc/passwd \ + ../buildroot/system/skeleton/etc/shadow \ + rootfs/etc/ \ + ; \ # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907 grep -E '^root::' rootfs/etc/shadow; \ sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \ @@ -282,7 +295,7 @@ RUN set -eux; \ } \ printf "chmod %s %s\n", $3, $1; \ } \ - ' ../buildroot/system/device_table.txt | bash -Eeuo pipefail -x + ' ../buildroot/system/device_table.txt | sh -eux # create missing home directories RUN set -eux; \ ```