From f11460b89e88fcd45544c8cf38622be988b6434f Mon Sep 17 00:00:00 2001 From: Martin Tzvetanov Grigorov Date: Fri, 7 Apr 2023 12:28:31 +0300 Subject: [PATCH 01/33] Add support for multiplatform to the Docker images Signed-off-by: Martin Tzvetanov Grigorov Try with redhat-actions/buildah-build and redhat-actions/push-to-registry Signed-off-by: Martin Tzvetanov Grigorov Signed-off-by: Marcel Bargull --- .../workflows/base-glibc-busybox-bash.yaml | 4 +- .github/workflows/base-glibc-debian-bash.yaml | 71 ++++++++++--------- .../base-glibc-busybox-bash/Dockerfile.test | 8 ++- images/base-glibc-busybox-bash/install-pkgs | 21 +++--- images/base-glibc-debian-bash/Dockerfile.test | 6 +- 5 files changed, 61 insertions(+), 49 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index fc037a2b..e43426ab 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -14,7 +14,7 @@ on: jobs: build: name: Build & Push - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 env: # The base image is not intended to change often and should be used with # version tags or checksum IDs, but not via "latest". @@ -24,7 +24,7 @@ jobs: DEBIAN_VERSION: '10.9' steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build id: buildah-build diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 539aa6a9..acd8af31 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -1,4 +1,4 @@ -name: 'Build & Push: base-glibc-debian-bash' +name: 'Build & Push: base-glibc-debian-bash 2' on: push: branches: @@ -14,19 +14,24 @@ on: jobs: build: name: Build & Push - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 env: # The base image is not intended to change often and should be used with # version tags or checksum IDs, but not via "latest". - IMAGE_VERSION: '2.1.0' + IMAGE_VERSION: '3.0.0' IMAGE_NAME: base-glibc-debian-bash - DEBIAN_VERSION: '10.9' + DEBIAN_VERSION: '10.12' steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - - name: Build - id: buildah-build + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + + - name: Calculate tags and labels + id: calculate run: | set -xeu cd 'images/${{ env.IMAGE_NAME }}' @@ -44,10 +49,10 @@ jobs: debian="$( run cat /etc/debian_version | sed '1!d' )" bash="$( run bash --version | sed '1!d' )" buildah rm "${container}" - - container="$( buildah from "${image_id}" )" - buildah config --label=glibc="${glibc}" "${container}" - buildah config --label=debian="${debian}" "${container}" + labels=" + glibc=${glibc} + debian=${debian} + " glibc_version="$( printf %s "${glibc}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" debian_version="$( printf %s "${debian}" | sed -E 's|/|_|g' )" @@ -57,18 +62,21 @@ jobs: ${{ env.IMAGE_VERSION }}_${glibc_version}_${debian_version}_${bash_version} latest " + + echo "tags=$( echo ${tags} )" >> $GITHUB_OUTPUT + echo "labels=$( echo ${labels} )" >> $GITHUB_OUTPUT - image_id="$( buildah commit "${container}" )" - buildah rm "${container}" - image_name='${{ env.IMAGE_NAME }}' - - for tag in ${tags} ; do - buildah tag "${image_id}" \ - "${image_name}":"${tag}" - done - - echo "::set-output name=image::${image_name}" - echo "::set-output name=tags::$( echo ${tags} )" + - name: Build multiarch image + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ env.IMAGE_NAME }} + tags: ${{ steps.calculate.outputs.tags }} + labels: ${{ steps.calculate.outputs.labels }} + archs: amd64,arm64 + build-args: | + debian_version=${{ env.DEBIAN_VERSION }} + containerfiles: | + ./images/${{ env.IMAGE_NAME }}/Dockerfile - name: Test run: | @@ -92,9 +100,8 @@ jobs: run: | # FIX upstream: Quay.io does not support immutable images currently. # => Try to use the REST API to check for duplicate tags. - response=$( - curl -H "Authorization: Bearer $TOKEN" \ - -sL \ + respone="$( + curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \ 'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image' ) @@ -121,22 +128,22 @@ jobs: env: TOKEN: ${{ secrets.secrets.QUAY_BIOCONDA_TOKEN }} - - if: ${{ github.ref == 'refs/heads/main' }} - name: Push + - name: Push To quay.io + id: push-to-quay uses: redhat-actions/push-to-registry@v2 with: - image: ${{ steps.buildah-build.outputs.image }} - tags: ${{ steps.buildah-build.outputs.tags }} + image: ${{ env.IMAGE_NAME }} + tags: ${{ steps.calculate.outputs.tags }} registry: ${{ secrets.QUAY_BIOCONDA_REPO }} username: ${{ secrets.QUAY_BIOCONDA_USERNAME }} password: ${{ secrets.QUAY_BIOCONDA_TOKEN }} - + - if: ${{ github.ref == 'refs/heads/main' }} name: Test Pushed run: | - image='${{ steps.buildah-build.outputs.image }}' + image='${{ env.IMAGE_NAME }}' ids="$( - for tag in ${{ steps.buildah-build.outputs.tags }} ; do + for tag in ${{ steps.calculate.outputs.tags }} ; do buildah images --quiet --no-trunc "${image}:${tag}" done )" diff --git a/images/base-glibc-busybox-bash/Dockerfile.test b/images/base-glibc-busybox-bash/Dockerfile.test index d1f8e5d9..29a8702b 100644 --- a/images/base-glibc-busybox-bash/Dockerfile.test +++ b/images/base-glibc-busybox-bash/Dockerfile.test @@ -17,9 +17,11 @@ RUN [ "$( sh -lc 'printf world' )" = 'world' ] \ printf '' \ > /usr/local/env-activate.sh -COPY --from=debian:9-slim /lib/x86_64-linux-gnu/libz.so* /lib/x86_64-linux-gnu/ -RUN wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh \ +COPY --from=debian:9-slim /lib/*-linux-gnu/libz.so* /lib/*-linux-gnu/ +RUN ARCH=$(uname -m) \ && \ - sh ./Miniconda3-latest-Linux-x86_64.sh -bp /opt/conda \ + wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-${ARCH}.sh \ + && \ + sh ./Miniconda3-latest-Linux-${ARCH}.sh -bp /opt/conda \ && \ /opt/conda/bin/conda info --all diff --git a/images/base-glibc-busybox-bash/install-pkgs b/images/base-glibc-busybox-bash/install-pkgs index 7a9a14fe..37add888 100755 --- a/images/base-glibc-busybox-bash/install-pkgs +++ b/images/base-glibc-busybox-bash/install-pkgs @@ -1,6 +1,7 @@ #! /bin/sh set -xeu +ARCH=$(uname -m) prepare_remove_docs() { # remove lintian and docs (apart from copyright) @@ -41,7 +42,7 @@ prepare() { # Update gconv-modules accordingly. # NOTE: When adding/removing any, check required dyn. linked libs! - local gconv_path='./usr/lib/x86_64-linux-gnu/gconv' + local gconv_path="./usr/lib/${ARCH}-linux-gnu/gconv" local gconv_modules_regex='UTF-\w+|UNICODE|ISO8859-(1|2|15)|CP125(0|1|2)|MACINTOSH' local gconv_modules_file_tmp='./.tmp.gconv-modules' @@ -65,7 +66,7 @@ prepare() { bash ) rm -rf ./usr/share/locale # Add custom rpath for libtinfo (see below) to bash binaries. - local new_rpath='/lib/x86_64-linux-gnu/terminfo:/usr/lib/x86_64-linux-gnu/terminfo' + local new_rpath="/lib/${ARCH}-linux-gnu/terminfo:/usr/lib/${ARCH}-linux-gnu/terminfo" add_rpath ./bin/bash "${new_rpath}" add_rpath ./usr/bin/clear_console "${new_rpath}" ;; @@ -73,20 +74,20 @@ prepare() { libtinfo6 ) # Move libtinfo libraries to a custom path to ensure it is not # unintentionally used in downstream images. - find ./usr/lib/x86_64-linux-gnu -type f \ + find ./usr/lib/${ARCH}-linux-gnu -type f \ | { while read binary ; do - add_rpath "${binary}" '/lib/x86_64-linux-gnu/terminfo' + add_rpath "${binary}" "/lib/${ARCH}-linux-gnu/terminfo" done } - mv ./lib/x86_64-linux-gnu ./temp - mkdir ./lib/x86_64-linux-gnu - mv ./temp ./lib/x86_64-linux-gnu/terminfo + mv ./lib/${ARCH}-linux-gnu ./temp + mkdir ./lib/${ARCH}-linux-gnu + mv ./temp ./lib/${ARCH}-linux-gnu/terminfo - mv ./usr/lib/x86_64-linux-gnu ./temp - mkdir ./usr/lib/x86_64-linux-gnu - mv ./temp ./usr/lib/x86_64-linux-gnu/terminfo + mv ./usr/lib/${ARCH}-linux-gnu ./temp + mkdir ./usr/lib/${ARCH}-linux-gnu + mv ./temp ./usr/lib/${ARCH}-linux-gnu/terminfo ;; libc-bin | \ libgcc1 | \ diff --git a/images/base-glibc-debian-bash/Dockerfile.test b/images/base-glibc-debian-bash/Dockerfile.test index 30bdfa7f..229abb48 100644 --- a/images/base-glibc-debian-bash/Dockerfile.test +++ b/images/base-glibc-debian-bash/Dockerfile.test @@ -28,8 +28,10 @@ RUN apt-get update -qq \ ca-certificates \ wget \ && \ - wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh \ + ARCH=$(uname -m) \ && \ - sh ./Miniconda3-latest-Linux-x86_64.sh -bp /opt/conda \ + wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-${ARCH}.sh \ + && \ + sh ./Miniconda3-latest-Linux-${ARCH}.sh -bp /opt/conda \ && \ /opt/conda/bin/conda info --all From 57ea1dc17f2b43e722c001ecada4e1c3e7e3dc76 Mon Sep 17 00:00:00 2001 From: Martin Tzvetanov Grigorov Date: Mon, 10 Apr 2023 15:33:14 +0300 Subject: [PATCH 02/33] Make busybox image multiarch Signed-off-by: Martin Tzvetanov Grigorov Signed-off-by: Marcel Bargull --- .../workflows/base-glibc-busybox-bash.yaml | 66 +++++++++++-------- .github/workflows/base-glibc-debian-bash.yaml | 20 +++--- 2 files changed, 50 insertions(+), 36 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index e43426ab..165f7785 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -18,7 +18,7 @@ jobs: env: # The base image is not intended to change often and should be used with # version tags or checksum IDs, but not via "latest". - IMAGE_VERSION: '2.1.0' + IMAGE_VERSION: '3.0.0' IMAGE_NAME: base-glibc-busybox-bash BUSYBOX_VERSION: '1.32.1' DEBIAN_VERSION: '10.9' @@ -26,8 +26,13 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Build - id: buildah-build + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + + - name: Calculate tags and labels + id: calculate run: | set -xeu cd 'images/${{ env.IMAGE_NAME }}' @@ -49,11 +54,12 @@ jobs: bash="$( run bash --version | sed '1!d' )" buildah rm "${container}" - container="$( buildah from "${image_id}" )" - buildah config --label=glibc="${glibc}" "${container}" - buildah config --label=busybox="${busybox}" "${container}" - buildah config --label=deb-list="${deb_list}" "${container}" - buildah config --label=pkg-list="${pkg_list}" "${container}" + labels=" + glibc="${glibc}" + busybox="${busybox}" + deb-list="${deb_list}" + pkg-list="${pkg_list}" + " glibc_version="$( printf %s "${glibc}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" busybox_version="$( printf %s "${busybox}" | sed -E '1 s/.*v([0-9.]*[0-9]).*/\1/' )" @@ -64,23 +70,29 @@ jobs: latest " - image_id="$( buildah commit "${container}" )" - buildah rm "${container}" - image_name='${{ env.IMAGE_NAME }}' - - for tag in ${tags} ; do - buildah tag "${image_id}" \ - "${image_name}":"${tag}" - done + echo "tags=$( echo ${tags} )" >> $GITHUB_OUTPUT + echo "labels=$( echo ${labels} )" >> $GITHUB_OUTPUT - echo "::set-output name=image::${image_name}" - echo "::set-output name=tags::$( echo ${tags} )" + - name: Build multiarch image + id: build + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ env.IMAGE_NAME }} + tags: ${{ steps.calculate.outputs.tags }} + labels: ${{ steps.calculate.outputs.labels }} + archs: amd64,arm64 + build-args: | + busybox_version=${{ env.BUSYBOX_VERSION }} + debian_version=${{ env.DEBIAN_VERSION }} + context: ./images/${{ env.IMAGE_NAME }} + containerfiles: | + ./images/${{ env.IMAGE_NAME }}/Dockerfile - name: Test run: | - image='${{ steps.buildah-build.outputs.image }}' + image='${{ env.IMAGE_NAME }}' ids="$( - for tag in ${{ steps.buildah-build.outputs.tags }} ; do + for tag in ${{ steps.calculate.outputs.tags }} ; do buildah images --quiet --no-trunc "${image}:${tag}" done )" @@ -99,8 +111,8 @@ jobs: # FIX upstream: Quay.io does not support immutable images currently. # => Try to use the REST API to check for duplicate tags. respone="$( - curl -sL \ - 'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image' + curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \ + 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/image' )" existing_tags="$( @@ -115,7 +127,7 @@ jobs: "${respone}" exit 1 } - for tag in ${{ steps.buildah-build.outputs.tags }} ; do + for tag in ${{ steps.calculate.outputs.tags }} ; do if [ \! "${tag}" = latest ] ; then if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then printf 'Tag %s already exists!\n' "${tag}" @@ -128,8 +140,8 @@ jobs: name: Push uses: redhat-actions/push-to-registry@v2 with: - image: ${{ steps.buildah-build.outputs.image }} - tags: ${{ steps.buildah-build.outputs.tags }} + image: ${{ steps.build.outputs.image }} + tags: ${{ steps.calculate.outputs.tags }} registry: ${{ secrets.QUAY_BIOCONDA_REPO }} username: ${{ secrets.QUAY_BIOCONDA_USERNAME }} password: ${{ secrets.QUAY_BIOCONDA_TOKEN }} @@ -137,9 +149,9 @@ jobs: - if: ${{ github.ref == 'refs/heads/main' }} name: Test Pushed run: | - image='${{ steps.buildah-build.outputs.image }}' + image='${{ env.IMAGE_NAME }}' ids="$( - for tag in ${{ steps.buildah-build.outputs.tags }} ; do + for tag in ${{ steps.calculate.outputs.tags }} ; do buildah images --quiet --no-trunc "${image}:${tag}" done )" diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index acd8af31..11d7ca65 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -1,4 +1,4 @@ -name: 'Build & Push: base-glibc-debian-bash 2' +name: 'Build & Push: base-glibc-debian-bash' on: push: branches: @@ -20,7 +20,7 @@ jobs: # version tags or checksum IDs, but not via "latest". IMAGE_VERSION: '3.0.0' IMAGE_NAME: base-glibc-debian-bash - DEBIAN_VERSION: '10.12' + DEBIAN_VERSION: '10.9' steps: - uses: actions/checkout@v3 @@ -67,6 +67,7 @@ jobs: echo "labels=$( echo ${labels} )" >> $GITHUB_OUTPUT - name: Build multiarch image + id: build uses: redhat-actions/buildah-build@v2 with: image: ${{ env.IMAGE_NAME }} @@ -102,8 +103,8 @@ jobs: # => Try to use the REST API to check for duplicate tags. respone="$( curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \ - 'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image' - ) + 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/image' + )" existing_tags="$( printf %s "${response}" \ @@ -117,7 +118,7 @@ jobs: "${respone}" exit 1 } - for tag in ${{ steps.buildah-build.outputs.tags }} ; do + for tag in ${{ steps.calculate.outputs.tags }} ; do if [ \! "${tag}" = latest ] ; then if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then printf 'Tag %s already exists!\n' "${tag}" @@ -128,20 +129,21 @@ jobs: env: TOKEN: ${{ secrets.secrets.QUAY_BIOCONDA_TOKEN }} - - name: Push To quay.io + - if: ${{ github.ref == 'refs/heads/main' }} + name: Push To quay.io id: push-to-quay uses: redhat-actions/push-to-registry@v2 with: - image: ${{ env.IMAGE_NAME }} + image: ${{ steps.build.outputs.image }} tags: ${{ steps.calculate.outputs.tags }} registry: ${{ secrets.QUAY_BIOCONDA_REPO }} username: ${{ secrets.QUAY_BIOCONDA_USERNAME }} password: ${{ secrets.QUAY_BIOCONDA_TOKEN }} - + - if: ${{ github.ref == 'refs/heads/main' }} name: Test Pushed run: | - image='${{ env.IMAGE_NAME }}' + image='${{ steps.build.outputs.image }}' ids="$( for tag in ${{ steps.calculate.outputs.tags }} ; do buildah images --quiet --no-trunc "${image}:${tag}" From 22d53642da92b5c595299a227bb4cab614162cc2 Mon Sep 17 00:00:00 2001 From: Martin Tzvetanov Grigorov Date: Thu, 13 Apr 2023 10:49:06 +0300 Subject: [PATCH 03/33] Do not use ${{ steps.build.outputs.tags }} in 'for' loops Its value is newline separated and breaks the loop syntax Fix the name of a step - it is steps.build.outputs.image, not buildah-build anymore Signed-off-by: Martin Tzvetanov Grigorov Signed-off-by: Marcel Bargull --- .github/workflows/base-glibc-busybox-bash.yaml | 2 +- .github/workflows/base-glibc-debian-bash.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index 165f7785..49760ed8 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -90,7 +90,7 @@ jobs: - name: Test run: | - image='${{ env.IMAGE_NAME }}' + image='${{ steps.build.outputs.image }}' ids="$( for tag in ${{ steps.calculate.outputs.tags }} ; do buildah images --quiet --no-trunc "${image}:${tag}" diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 11d7ca65..7b81969e 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -81,9 +81,9 @@ jobs: - name: Test run: | - image='${{ steps.buildah-build.outputs.image }}' + image='${{ steps.build.outputs.image }}' ids="$( - for tag in ${{ steps.buildah-build.outputs.tags }} ; do + for tag in ${{ steps.calculate.outputs.tags }} ; do buildah images --quiet --no-trunc "${image}:${tag}" done )" From fc8d5b2d8a87b5cf414007b3ea9c250f6d962c31 Mon Sep 17 00:00:00 2001 From: Martin Tzvetanov Grigorov Date: Thu, 13 Apr 2023 10:56:32 +0300 Subject: [PATCH 04/33] Add debugging (set -x) to `Check Tags` job Signed-off-by: Martin Tzvetanov Grigorov Signed-off-by: Marcel Bargull --- .github/workflows/base-glibc-debian-bash.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 7b81969e..03bb891b 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -99,9 +99,10 @@ jobs: - name: Check Tags run: | + set -x # FIX upstream: Quay.io does not support immutable images currently. # => Try to use the REST API to check for duplicate tags. - respone="$( + response="$( curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \ 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/image' )" @@ -115,7 +116,7 @@ jobs: 'Could not get list of image tags.' \ 'Does the repository exist on Quay.io?' \ 'Quay.io REST API response was:' \ - "${respone}" + "${response}" exit 1 } for tag in ${{ steps.calculate.outputs.tags }} ; do From b95dc5016626e4ca96954b81c31f7ffe382222c2 Mon Sep 17 00:00:00 2001 From: Martin Tzvetanov Grigorov Date: Wed, 4 Oct 2023 15:24:10 +0300 Subject: [PATCH 05/33] Update actions/checkout to v4 Signed-off-by: Martin Tzvetanov Grigorov Signed-off-by: Marcel Bargull --- .github/workflows/base-glibc-busybox-bash.yaml | 2 +- .github/workflows/base-glibc-debian-bash.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index 49760ed8..1a5a5179 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -24,7 +24,7 @@ jobs: DEBIAN_VERSION: '10.9' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v2 diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 03bb891b..2c26964e 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -23,7 +23,7 @@ jobs: DEBIAN_VERSION: '10.9' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v2 From b1188fab74140bb838125d05aa3e9b2f91d0b103 Mon Sep 17 00:00:00 2001 From: Martin Tzvetanov Grigorov Date: Thu, 5 Oct 2023 10:04:43 +0300 Subject: [PATCH 06/33] Use archive.debian.org for Debian:9 Signed-off-by: Martin Tzvetanov Grigorov Signed-off-by: Marcel Bargull --- images/base-glibc-busybox-bash/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index 1c877de2..4318f846 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -15,6 +15,9 @@ FROM "debian:${debian_version}-slim" AS build_base # (or not want) to include. # Use old Debian version to ensure compatible (low glibc requirement) binaries. FROM debian:9-slim AS busybox_builder +RUN echo "deb http://archive.debian.org/debian/ stretch main contrib non-free" > /etc/apt/sources.list +RUN echo "deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free" >> /etc/apt/sources.list +RUN echo "deb http://archive.debian.org/debian-security stretch/updates main contrib non-free" >> /etc/apt/sources.list RUN apt-get update && \ apt-get install -y \ bzip2 curl ca-certificates tar gcc gnupg dirmngr make From fe1b44fffeb6c33b277acc6562733e6b84c4d100 Mon Sep 17 00:00:00 2001 From: Martin Tzvetanov Grigorov Date: Tue, 10 Oct 2023 12:28:54 +0300 Subject: [PATCH 07/33] Use ubuntu-22.04 Docker action image for all workflows Signed-off-by: Martin Tzvetanov Grigorov Signed-off-by: Marcel Bargull --- .github/workflows/base-glibc-busybox-bash.yaml | 2 +- .github/workflows/base-glibc-debian-bash.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index 1a5a5179..81940c1d 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -14,7 +14,7 @@ on: jobs: build: name: Build & Push - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 env: # The base image is not intended to change often and should be used with # version tags or checksum IDs, but not via "latest". diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 2c26964e..48e6e7a4 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -14,7 +14,7 @@ on: jobs: build: name: Build & Push - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 env: # The base image is not intended to change often and should be used with # version tags or checksum IDs, but not via "latest". From ede10ebd170caeacb6e4c57489587c51af9fa4ce Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Sat, 14 Oct 2023 21:38:35 +0200 Subject: [PATCH 08/33] Use single line for pkg-/deb-list labels Signed-off-by: Marcel Bargull --- .github/workflows/base-glibc-busybox-bash.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index 81940c1d..a65fe340 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -47,8 +47,8 @@ jobs: container="$( buildah from "${image_id}" )" run() { buildah run "${container}" "${@}" ; } - deb_list="$( run cat /.deb.lst )" - pkg_list="$( run cat /.pkg.lst )" + deb_list="$( run cat /.deb.lst | tr '\n' '|' )" + pkg_list="$( run cat /.pkg.lst | tr '\n' '|' )" glibc="$( run sh -c 'exec "$( find /lib -name libc.so.6 -print -quit )"' | sed '1!d' )" busybox="$( run busybox | sed '1!d' )" bash="$( run bash --version | sed '1!d' )" @@ -57,8 +57,8 @@ jobs: labels=" glibc="${glibc}" busybox="${busybox}" - deb-list="${deb_list}" - pkg-list="${pkg_list}" + deb-list="${deb_list%|}" + pkg-list="${pkg_list%|}" " glibc_version="$( printf %s "${glibc}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" From 8e34e37ebdce06ed76c9601b32a254eb3f38dc33 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Sat, 14 Oct 2023 21:44:14 +0200 Subject: [PATCH 09/33] Fix typo --- .github/workflows/base-glibc-busybox-bash.yaml | 6 +++--- .github/workflows/base-glibc-debian-bash.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index a65fe340..fcb1f05c 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -110,13 +110,13 @@ jobs: run: | # FIX upstream: Quay.io does not support immutable images currently. # => Try to use the REST API to check for duplicate tags. - respone="$( + response="$( curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \ 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/image' )" existing_tags="$( - printf %s "${respone}" \ + printf %s "${response}" \ | jq -r '.images[].tags[]' )" \ || { @@ -124,7 +124,7 @@ jobs: 'Could not get list of image tags.' \ 'Does the repository exist on Quay.io?' \ 'Quay.io REST API response was:' \ - "${respone}" + "${response}" exit 1 } for tag in ${{ steps.calculate.outputs.tags }} ; do diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 48e6e7a4..8ede29c6 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -62,7 +62,7 @@ jobs: ${{ env.IMAGE_VERSION }}_${glibc_version}_${debian_version}_${bash_version} latest " - + echo "tags=$( echo ${tags} )" >> $GITHUB_OUTPUT echo "labels=$( echo ${labels} )" >> $GITHUB_OUTPUT From 805a158f8a6e85a6691a832982cc162974230624 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Sat, 14 Oct 2023 21:51:46 +0200 Subject: [PATCH 10/33] Use Miniforge download/install for tests Signed-off-by: Marcel Bargull --- images/base-glibc-busybox-bash/Dockerfile.test | 7 +++---- images/base-glibc-debian-bash/Dockerfile.test | 9 +++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/images/base-glibc-busybox-bash/Dockerfile.test b/images/base-glibc-busybox-bash/Dockerfile.test index 29a8702b..ec206d12 100644 --- a/images/base-glibc-busybox-bash/Dockerfile.test +++ b/images/base-glibc-busybox-bash/Dockerfile.test @@ -17,11 +17,10 @@ RUN [ "$( sh -lc 'printf world' )" = 'world' ] \ printf '' \ > /usr/local/env-activate.sh -COPY --from=debian:9-slim /lib/*-linux-gnu/libz.so* /lib/*-linux-gnu/ -RUN ARCH=$(uname -m) \ +RUN arch=$(uname -m) \ && \ - wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-${ARCH}.sh \ + wget "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-${arch}.sh" \ && \ - sh ./Miniconda3-latest-Linux-${ARCH}.sh -bp /opt/conda \ + sh ./Miniforge3-Linux-${arch}.sh -bp /opt/conda \ && \ /opt/conda/bin/conda info --all diff --git a/images/base-glibc-debian-bash/Dockerfile.test b/images/base-glibc-debian-bash/Dockerfile.test index 229abb48..0a929b19 100644 --- a/images/base-glibc-debian-bash/Dockerfile.test +++ b/images/base-glibc-debian-bash/Dockerfile.test @@ -24,14 +24,15 @@ RUN locale -a | grep -i 'c\.utf-\?8' \ RUN apt-get update -qq \ && \ - apt-get install --yes --no-install-recommends \ + DEBIAN_FRONTEND=noninteractive \ + apt-get install --yes --no-install-recommends \ ca-certificates \ wget \ && \ - ARCH=$(uname -m) \ + arch=$(uname -m) \ && \ - wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-${ARCH}.sh \ + wget "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-${arch}.sh" \ && \ - sh ./Miniconda3-latest-Linux-${ARCH}.sh -bp /opt/conda \ + sh ./Miniforge3-Linux-${arch}.sh -bp /opt/conda \ && \ /opt/conda/bin/conda info --all From d395185615391e540127a1a4692dedc280708bf2 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 09:16:37 +0200 Subject: [PATCH 11/33] Restructure busybox-build Signed-off-by: Marcel Bargull --- images/base-glibc-busybox-bash/Dockerfile | 10 +- images/base-glibc-busybox-bash/build-busybox | 182 +++++++++++++------ 2 files changed, 137 insertions(+), 55 deletions(-) diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index 4318f846..bd2bed46 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -20,10 +20,12 @@ RUN echo "deb http://archive.debian.org/debian/ stretch-proposed-updates main co RUN echo "deb http://archive.debian.org/debian-security stretch/updates main contrib non-free" >> /etc/apt/sources.list RUN apt-get update && \ apt-get install -y \ - bzip2 curl ca-certificates tar gcc gnupg dirmngr make -COPY build-busybox /usr/local/bin + bzip2 curl ca-certificates tar gcc gnupg dirmngr make patch + +WORKDIR /build +COPY build-busybox ./ ARG busybox_version -RUN build-busybox "${busybox_version}" /busybox +RUN ./build-busybox "${busybox_version}" FROM build_base AS rootfs_builder @@ -32,7 +34,7 @@ WORKDIR /rootfs COPY --from=target_base / ./ RUN find . -samefile ./bin/busybox -delete -COPY --from=busybox_builder /busybox/busybox ./ +COPY --from=busybox_builder /build/busybox ./ RUN mkdir -p \ ./bin ./usr/bin \ ./sbin ./usr/sbin \ diff --git a/images/base-glibc-busybox-bash/build-busybox b/images/base-glibc-busybox-bash/build-busybox index 7221a0da..40ae7429 100755 --- a/images/base-glibc-busybox-bash/build-busybox +++ b/images/base-glibc-busybox-bash/build-busybox @@ -1,54 +1,134 @@ #! /bin/sh set -xeu -version="${1}" -shift -work="${1}" -shift - -mkdir -p "${work}" -cd "${work}" - -curl -L \ - "https://busybox.net/downloads/busybox-${busybox_version}.tar.bz2" \ - | tar -xjf- --strip-components=1 - -make defconfig -mv .config .defconfig -# Set CONFIG_SUBST_WCHAR=0 for better Unicode support and remove big components. -printf %s\\n \ - CONFIG_AR=y \ - CONFIG_FEATURE_AR_CREATE=y \ - CONFIG_FEATURE_AR_LONG_FILENAMES=y \ - CONFIG_SUBST_WCHAR=0 \ - CONFIG_RPM=n \ - CONFIG_RPM2CPIO=n \ - CONFIG_FSCK_MINIX=n \ - CONFIG_MKFS_MINIX=n \ - CONFIG_BC=n \ - CONFIG_DC=n \ - CONFIG_HDPARM=n \ - CONFIG_HEXEDIT=n \ - CONFIG_I2CGET=n \ - CONFIG_I2CSET=n \ - CONFIG_I2CDUMP=n \ - CONFIG_I2CDETECT=n \ - CONFIG_I2CTRANSFER=n \ - CONFIG_DNSD=n \ - CONFIG_FTPD=n \ - CONFIG_HTTPD=n \ - CONFIG_TCPSVD=n \ - CONFIG_UDPSVD=n \ - CONFIG_UDHCPD=n \ - CONFIG_SH_IS_ASH=n \ - CONFIG_SH_IS_NONE=y \ - CONFIG_SHELL_ASH=n \ - CONFIG_ASH=n \ - CONFIG_HUSH=n \ - CONFIG_SHELL_HUSH=n \ - | cat - .defconfig \ - > .config -# make still asks for choosing a although CONFIG_SH_IS_NONE=y is set!? -printf \\n | make oldconfig - -make -j "$( nproc )" busybox +download() { + curl -L \ + "https://busybox.net/downloads/busybox-${version}.tar.bz2" \ + | tar -xjf- --strip-components=1 +} + +patch() { + case "${version}" in 1.36.* ) + # Small fix to let it build with older glibc versions. + curl --location \ + 'https://git.busybox.net/busybox/patch/miscutils/seedrng.c?id=200a9669fbf6f06894e4243cccc9fc11a1a6073a' \ + 'https://git.busybox.net/busybox/patch/miscutils/seedrng.c?id=cb57abb46f06f4ede8d9ccbdaac67377fdf416cf' \ + | command patch --strip=1 + esac + + # Add support for running busybox wget without OpenSSL under QEMU. + # (NB: If we run into other QEMU+BusyBox problems that needs debugging: That + # vfork issue might affect other BusyBox parts, so check for it first.) + command patch --strip=1 <<'EOP' +From e7b57533ffcd5842fa93f5aa96949b3eaed54b67 Mon Sep 17 00:00:00 2001 +From: Marcel Bargull +Date: Sat, 14 Oct 2023 22:58:42 +0200 +Subject: [PATCH] wget: don't assume vfork blocking for openssl exec + +Under QEMU, busybox wget fails to fallback to busybox ssl_client in case +openssl s_client can't be executed because QEMU's vfork does not block. +Ref.: https://man7.org/linux/man-pages/man2/vfork.2.html#VERSIONS + +Signed-off-by: Marcel Bargull +--- + networking/wget.c | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/networking/wget.c b/networking/wget.c +index 9ec0e67b9..4bcc26e86 100644 +--- a/networking/wget.c ++++ b/networking/wget.c +@@ -683,3 +683,9 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) + int pid; +- IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) ++ ++# if ENABLE_FEATURE_WGET_HTTPS ++ struct fd_pair status; ++ int exec_errno = 0; ++ ++ xpiped_pair(status); ++# endif + +@@ -701,2 +707,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) + ++# if ENABLE_FEATURE_WGET_HTTPS ++ close(status.rd); ++ if (fcntl(status.wr, F_SETFD, FD_CLOEXEC) != 0) ++ bb_simple_perror_msg_and_die("fcntl"); ++# endif + close(sp[0]); +@@ -743,5 +754,8 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) + BB_EXECVP(argv[0], argv); ++ exec_errno = errno; + xmove_fd(3, 2); + # if ENABLE_FEATURE_WGET_HTTPS +- child_failed = 1; ++ if (write(status.wr, &exec_errno, sizeof(exec_errno)) != sizeof(exec_errno)) ++ bb_simple_perror_msg_and_die("write"); ++ close(status.wr); + xfunc_die(); +@@ -758,3 +772,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) + # if ENABLE_FEATURE_WGET_HTTPS +- if (child_failed) { ++ close(status.wr); ++ if (read(status.rd, &exec_errno, sizeof(exec_errno)) == -1) ++ bb_simple_perror_msg_and_die("read"); ++ close(status.rd); ++ if (exec_errno) { + close(sp[0]); +EOP +} + +config() { + make defconfig + mv .config .defconfig + # Set CONFIG_SUBST_WCHAR=0 for better Unicode support and remove big components. + printf %s\\n \ + CONFIG_AR=y \ + CONFIG_FEATURE_AR_CREATE=y \ + CONFIG_FEATURE_AR_LONG_FILENAMES=y \ + CONFIG_SUBST_WCHAR=0 \ + CONFIG_RPM=n \ + CONFIG_RPM2CPIO=n \ + CONFIG_FSCK_MINIX=n \ + CONFIG_MKFS_MINIX=n \ + CONFIG_BC=n \ + CONFIG_DC=n \ + CONFIG_HDPARM=n \ + CONFIG_HEXEDIT=n \ + CONFIG_I2CGET=n \ + CONFIG_I2CSET=n \ + CONFIG_I2CDUMP=n \ + CONFIG_I2CDETECT=n \ + CONFIG_I2CTRANSFER=n \ + CONFIG_DNSD=n \ + CONFIG_FTPD=n \ + CONFIG_HTTPD=n \ + CONFIG_TCPSVD=n \ + CONFIG_UDPSVD=n \ + CONFIG_UDHCPD=n \ + CONFIG_SH_IS_ASH=n \ + CONFIG_SH_IS_NONE=y \ + CONFIG_SHELL_ASH=n \ + CONFIG_ASH=n \ + CONFIG_HUSH=n \ + CONFIG_SHELL_HUSH=n \ + | cat - .defconfig \ + > .config + # make still asks which shell to use for sh although CONFIG_SH_IS_NONE=y is set!? + printf \\n | make oldconfig +} + +build() { + make -j "$( nproc )" busybox +} + +main() { + version="${1}" + download + patch + config + build +} + +main "${@}" From ac21046264c17547eab400981da4e201998e8b3d Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 11:33:32 +0200 Subject: [PATCH 12/33] Use only main+securtiy updates for Debian 9 Signed-off-by: Marcel Bargull --- images/base-glibc-busybox-bash/Dockerfile | 12 ++++++++---- images/base-glibc-debian-bash/Dockerfile | 7 +++++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index bd2bed46..0d3a65ef 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -9,16 +9,20 @@ ARG debian_version=10.8 FROM "busybox:${busybox_version}-glibc" AS target_base FROM "debian:${debian_version}-slim" AS build_base +RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ + '/ stretch/ { /-updates/d ; s,/(deb|security)\.,/archive., }' \ + /etc/apt/sources.list # Build busybox ourselves to have more fine-grained control over what we want # (or not want) to include. # Use old Debian version to ensure compatible (low glibc requirement) binaries. FROM debian:9-slim AS busybox_builder -RUN echo "deb http://archive.debian.org/debian/ stretch main contrib non-free" > /etc/apt/sources.list -RUN echo "deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free" >> /etc/apt/sources.list -RUN echo "deb http://archive.debian.org/debian-security stretch/updates main contrib non-free" >> /etc/apt/sources.list -RUN apt-get update && \ +RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ + '/ stretch/ { /-updates/d ; s,/(deb|security)\.,/archive., }' \ + /etc/apt/sources.list \ + && \ + apt-get update && \ apt-get install -y \ bzip2 curl ca-certificates tar gcc gnupg dirmngr make patch diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index 377e3476..21ea9e33 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -1,8 +1,11 @@ ARG debian_version=10.8 FROM "debian:${debian_version}-slim" - -RUN apt-get update -qq \ +RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ + '/ stretch/ { /-updates/d ; s,/(deb|security)\.,/archive., }' \ + /etc/apt/sources.list + && \ + apt-get update -qq \ && \ apt-get install --yes \ --no-install-recommends \ From a75717f69b89ccc7db28ea93ded072853122cf2a Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 11:59:40 +0200 Subject: [PATCH 13/33] Adjust package installs for Debian 12 --- images/base-glibc-busybox-bash/install-pkgs | 73 ++++++++++++--------- 1 file changed, 41 insertions(+), 32 deletions(-) diff --git a/images/base-glibc-busybox-bash/install-pkgs b/images/base-glibc-busybox-bash/install-pkgs index 37add888..5876196e 100755 --- a/images/base-glibc-busybox-bash/install-pkgs +++ b/images/base-glibc-busybox-bash/install-pkgs @@ -1,7 +1,7 @@ #! /bin/sh set -xeu -ARCH=$(uname -m) +arch=$(uname -m) prepare_remove_docs() { # remove lintian and docs (apart from copyright) @@ -42,59 +42,71 @@ prepare() { # Update gconv-modules accordingly. # NOTE: When adding/removing any, check required dyn. linked libs! - local gconv_path="./usr/lib/${ARCH}-linux-gnu/gconv" - local gconv_modules_regex='UTF-\w+|UNICODE|ISO8859-(1|2|15)|CP125(0|1|2)|MACINTOSH' - local gconv_modules_file_tmp='./.tmp.gconv-modules' - - mv "${gconv_path}"/gconv-modules "${gconv_modules_file_tmp}" + local gconv_path="./usr/lib/${arch}-linux-gnu/gconv" + local gconv_modules_regex + if [ -e "${gconv_path}/gconv-modules.d/gconv-modules-extra.conf" ] ; then + gconv_modules_regex="$( + sed -nE 's/^module\s+\S+\s+\S+\s+(\S+)\s+.*/\1/p' \ + < "${gconv_path}/gconv-modules" \ + | sort -u \ + | tr '\n' '|' \ + | sed 's/|$//' + )" + : > "${gconv_path}/gconv-modules.d/gconv-modules-extra.conf" + else + gconv_modules_regex='UTF-\w+|UNICODE|ISO8859-(1|15)|CP1252|ANSI_X3\.110' + local gconv_modules_file_tmp='./.tmp.gconv-modules' + + mv "${gconv_path}"/gconv-modules "${gconv_modules_file_tmp}" + + grep -E \ + '^\s*$|^#|^(alias\s+.*|module\s+[^\s]+\s+[^\s]+)\s+\<('"${gconv_modules_regex}"')(//|\s)' \ + "${gconv_modules_file_tmp}" \ + | sed -nEe '1N;N;/^(#.*)\n.*\1/{D;D};P;D' | cat -s \ + > "${gconv_path}"/gconv-modules + rm "${gconv_modules_file_tmp}" + fi find "${gconv_path}" \ -mindepth 1 -maxdepth 1 \ + -name '*.so' \ + -type f \ -regextype posix-extended \ ! -regex '.*/('"${gconv_modules_regex}"').so' \ -print -delete - grep -E \ - '^\s*$|^#|^(alias\s+.*|module\s+[^\s]+\s+[^\s]+)\s+\<('"${gconv_modules_regex}"')(//|\s)' \ - "${gconv_modules_file_tmp}" \ - | sed -nEe '1N;N;/^(#.*)\n.*\1/{D;D};P;D' | cat -s \ - > "${gconv_path}"/gconv-modules - rm "${gconv_modules_file_tmp}" iconvconfig --prefix ./ ;; bash ) rm -rf ./usr/share/locale # Add custom rpath for libtinfo (see below) to bash binaries. - local new_rpath="/lib/${ARCH}-linux-gnu/terminfo:/usr/lib/${ARCH}-linux-gnu/terminfo" + local new_rpath="/lib/${arch}-linux-gnu/terminfo:/usr/lib/${arch}-linux-gnu/terminfo" add_rpath ./bin/bash "${new_rpath}" add_rpath ./usr/bin/clear_console "${new_rpath}" ;; - libtinfo5 | \ - libtinfo6 ) + libtinfo* ) # Move libtinfo libraries to a custom path to ensure it is not # unintentionally used in downstream images. - find ./usr/lib/${ARCH}-linux-gnu -type f \ + find ./usr/lib/${arch}-linux-gnu -type f \ | { while read binary ; do - add_rpath "${binary}" "/lib/${ARCH}-linux-gnu/terminfo" + add_rpath "${binary}" "/lib/${arch}-linux-gnu/terminfo" done } - mv ./lib/${ARCH}-linux-gnu ./temp - mkdir ./lib/${ARCH}-linux-gnu - mv ./temp ./lib/${ARCH}-linux-gnu/terminfo + mv ./lib/${arch}-linux-gnu ./temp + mkdir ./lib/${arch}-linux-gnu + mv ./temp ./lib/${arch}-linux-gnu/terminfo - mv ./usr/lib/${ARCH}-linux-gnu ./temp - mkdir ./usr/lib/${ARCH}-linux-gnu - mv ./temp ./usr/lib/${ARCH}-linux-gnu/terminfo + mv ./usr/lib/${arch}-linux-gnu ./temp + mkdir ./usr/lib/${arch}-linux-gnu + mv ./temp ./usr/lib/${arch}-linux-gnu/terminfo ;; libc-bin | \ libgcc1 | \ base-files | \ - gcc-6-base | \ - gcc-8-base | \ - gcc-10-base | \ + gcc-*-base | \ libcrypt1 | \ libgcc-s1 | \ ncurses-base | \ @@ -157,14 +169,11 @@ EOF libgcc1 | \ libcrypt1 | \ libgcc-s1 | \ - libtinfo5 | \ - libtinfo6 | \ + libtinfo* | \ zlib1g ) postinst_ldconfig_trigger ;; - gcc-6-base | \ - gcc-8-base | \ - gcc-10-base | \ + gcc-*-base | \ ncurses-base ) : ;; @@ -271,7 +280,7 @@ main() { # Unconditionally install glibc (package libc6). # Also install dependencies acc. to `apt-cache depends`: # - libgcc1 only consists of libgcc_s.so.1 (+ docs, which we remove). - # - gcc-{6,7,8}-base only has empty directories (+ docs, which we remove). + # - gcc-*-base only has empty directories (+ docs, which we remove). install_with_deps libc6 # libc-bin must be in ${@} for Unicode support (C.UTF-8 locale). From 730f42510a15e9ca48d18405f92d5e91900688a7 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 12:09:45 +0200 Subject: [PATCH 14/33] Tidy up apt-get install calls --- images/base-glibc-busybox-bash/Dockerfile | 8 +++++--- images/base-glibc-debian-bash/Dockerfile | 11 +++++++---- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index 0d3a65ef..892af13f 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -23,8 +23,9 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ /etc/apt/sources.list \ && \ apt-get update && \ - apt-get install -y \ - bzip2 curl ca-certificates tar gcc gnupg dirmngr make patch + DEBIAN_FRONTEND=noninteractive \ + apt-get install --yes --no-install-recommends \ + bzip2 curl ca-certificates tar gcc libc6-dev make patch WORKDIR /build COPY build-busybox ./ @@ -55,7 +56,8 @@ RUN rm -rf ./lib ./lib64 # Install helper tools used by install-pkgs. RUN apt-get update -qq \ && \ - apt-get install --yes --no-install-recommends \ + DEBIAN_FRONTEND=noninteractive \ + apt-get install --yes --no-install-recommends \ patchelf COPY install-pkgs /usr/local/bin diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index 21ea9e33..75a1f888 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -3,11 +3,12 @@ ARG debian_version=10.8 FROM "debian:${debian_version}-slim" RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ '/ stretch/ { /-updates/d ; s,/(deb|security)\.,/archive., }' \ - /etc/apt/sources.list + /etc/apt/sources.list \ && \ apt-get update -qq \ && \ - apt-get install --yes \ + DEBIAN_FRONTEND=noninteractive \ + apt-get install --yes \ --no-install-recommends \ libgl1-mesa-glx \ locales \ @@ -26,7 +27,8 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ 's/\s*rm .*locale-archive$/: &/' \ /var/lib/dpkg/info/locales.prerm \ && \ - apt-get remove --yes \ + DEBIAN_FRONTEND=noninteractive \ + apt-get remove --yes \ locales \ && \ # On Debian 10 (and 11) libgl1-mesa-glx pulls in libgl1-mesa-dri (which in @@ -36,7 +38,8 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ '/^Depends:/ s/, libgl1-mesa-dri\>//g' \ /var/lib/dpkg/status \ && \ - apt-get autoremove --yes \ + DEBIAN_FRONTEND=noninteractive \ + apt-get autoremove --yes \ && \ # Remove apt package lists. rm -rf /var/lib/apt/lists/* \ From 14f8bc3641cd0e6ab69ec978ba625aecec9b760d Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 12:15:23 +0200 Subject: [PATCH 15/33] Support usrmerge in install-pkgs --- images/base-glibc-busybox-bash/install-pkgs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/images/base-glibc-busybox-bash/install-pkgs b/images/base-glibc-busybox-bash/install-pkgs index 5876196e..35c1c81b 100755 --- a/images/base-glibc-busybox-bash/install-pkgs +++ b/images/base-glibc-busybox-bash/install-pkgs @@ -11,6 +11,22 @@ prepare_remove_docs() { } +prepare_usrmerge() { + # If we are on Debian >=12, /bin et al. are symlinks to /usr/ counterparts. + # Since we don't do full apt installs, we accomodate for it here. + if [ -L "${root_fs}/bin" ] ; then + for dir in bin lib* sbin ; do + [ -d "./${dir}" ] || continue + [ -L "./${dir}" ] && continue + mkdir -p ./usr + cp -ral "./${dir}" ./usr/ + rm -rf "./${dir}" + ln -s "usr/${dir}" "${dir}" + done + fi +} + + add_rpath() { local binary="${1}" shift @@ -120,6 +136,7 @@ prepare() { ;; esac prepare_remove_docs + prepare_usrmerge } From e06bbebfa17e28402357b8f604dbde10f98f7b17 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 12:30:22 +0200 Subject: [PATCH 16/33] Build directly on Debian base Signed-off-by: Marcel Bargull --- images/base-glibc-busybox-bash/Dockerfile | 49 ++++++++++++-------- images/base-glibc-busybox-bash/install-pkgs | 50 ++++++++++++++++++++- 2 files changed, 78 insertions(+), 21 deletions(-) diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index 892af13f..ef5c1410 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -3,11 +3,9 @@ ARG debian_version=10.8 # Don't use Debian's busybox package since it only provides a smaller subset of # BusyBox's functions (e.g., no administrative tools like adduser etc.). -# Since we create a glibc image anyway, we can also use "busybox:glibc" as the -# base image, use a the slightly smaller dynamically linked binary and reuse -# base files (e.g., /etc/passwd) from that image. +# Since we create a glibc image anyway, we can also use a the slightly smaller +# dynamically linked binary. -FROM "busybox:${busybox_version}-glibc" AS target_base FROM "debian:${debian_version}-slim" AS build_base RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ '/ stretch/ { /-updates/d ; s,/(deb|security)\.,/archive., }' \ @@ -32,26 +30,37 @@ COPY build-busybox ./ ARG busybox_version RUN ./build-busybox "${busybox_version}" +WORKDIR /busybox-rootfs +RUN mkdir -p ./bin ./sbin ./usr/bin ./usr/sbin \ + && \ + cp -al /build/busybox ./bin/ \ + && \ + cp -al /lib/*-linux-gnu/*.so* ./ \ + && \ + chroot . ./ld-linux-*.so.* --library-path / /bin/busybox --install \ + && \ + rm -rf ./*.so* + FROM build_base AS rootfs_builder +COPY --from=busybox_builder /busybox-rootfs /busybox-rootfs WORKDIR /rootfs -COPY --from=target_base / ./ -RUN find . -samefile ./bin/busybox -delete -COPY --from=busybox_builder /build/busybox ./ -RUN mkdir -p \ - ./bin ./usr/bin \ - ./sbin ./usr/sbin \ - && \ - chroot . /busybox --install \ - && \ - # Somehow (container layers?) busybox does not have the same inode if it's - # directly put at /bin/busybox => hardlink it manually afterwards. - rm ./busybox && ln ./bin/ln ./bin/busybox +RUN mkdir -p ./etc ./home ./opt ./root ./run /tmp ./usr ./var/log \ + && \ + for dir in bin lib sbin ; do \ + mkdir "./usr/${dir}" \ + && \ + if [ -L "/bin" ] ; then \ + ln -s "usr/${dir}" "./${dir}" ; \ + else \ + mkdir "./${dir}" ; \ + fi ; \ + done -# Remove glibc files. They are incomplete and get substituted by `install-pkgs`. -RUN rm -rf ./lib ./lib64 +RUN find /busybox-rootfs -type f \ + -exec sh -c 'cp -al -- "${1}" "./${1#/busybox-rootfs/}"' -- '{}' ';' # Install helper tools used by install-pkgs. RUN apt-get update -qq \ @@ -63,8 +72,10 @@ RUN apt-get update -qq \ COPY install-pkgs /usr/local/bin RUN install-pkgs "$( pwd )" /tmp/work \ bash \ - ncurses-base \ + base-passwd \ libc-bin \ + login \ + ncurses-base \ && \ # Remove contents of /usr/local as downstream images overwrite those. find ./usr/local/ \ diff --git a/images/base-glibc-busybox-bash/install-pkgs b/images/base-glibc-busybox-bash/install-pkgs index 35c1c81b..c6d2f092 100755 --- a/images/base-glibc-busybox-bash/install-pkgs +++ b/images/base-glibc-busybox-bash/install-pkgs @@ -5,7 +5,9 @@ arch=$(uname -m) prepare_remove_docs() { # remove lintian and docs (apart from copyright) - rm -rf ./usr/share/{lintian,man} + rm -rf \ + ./usr/share/lintian \ + ./usr/share/man find ./usr/share/doc/ -type f ! -name copyright -delete find ./usr/share/doc/ -type d -empty -delete } @@ -119,12 +121,31 @@ prepare() { mkdir ./usr/lib/${arch}-linux-gnu mv ./temp ./usr/lib/${arch}-linux-gnu/terminfo ;; + base-passwd ) + # The dependencies libdebconfclient0 (and libselinux1 for Debian>=12) + # are needed for update-passwd, but we ignore them => remove the binary. + rm ./usr/sbin/update-passwd + ;; + login ) + rm -rf ./usr/share/locale + # The following binaries provided by BusyBox or pull in more dependencies + # (PAM, libselinux1, and their dependencies) => remove them. + rm -f \ + ./bin/login \ + ./bin/su \ + ./usr/bin/lastlog \ + ./usr/bin/newgrp \ + ./usr/bin/sg + ;; libc-bin | \ libgcc1 | \ base-files | \ gcc-*-base | \ libcrypt1 | \ libgcc-s1 | \ + libdebconfclient0 | \ + libpcre* | \ + libselinux1 | \ ncurses-base | \ zlib1g ) : @@ -163,6 +184,25 @@ postinst() { chroot ./ sh /base-files-postinst configure rm ./base-files-postinst ;; + base-passwd ) + mkdir -p "${destdir}/etc" + cp -p --remove-destination \ + "${destdir}/usr/share/base-passwd/group.master" \ + ./etc/group + cp -p --remove-destination \ + "${destdir}/usr/share/base-passwd/passwd.master" \ + ./etc/passwd + DPKG_ROOT="$( pwd )" \ + shadowconfig on + ;; + login ) + for file in /var/log/faillog /etc/subuid /etc/subgid ; do + [ -f "./${file}" ] || continue + touch "${file}" + chown 0:0 "${file}" + chmod 644 "${file}" + done + ;; bash ) # Replace BusyBox's sh by Bash rm -f ./bin/sh @@ -183,9 +223,12 @@ postinst() { EOF ;; libc6 | \ + libdebconfclient0 | \ libgcc1 | \ libcrypt1 | \ libgcc-s1 | \ + libpcre* | \ + libselinux1 | \ libtinfo* | \ zlib1g ) postinst_ldconfig_trigger @@ -249,7 +292,10 @@ get_deps() { local ignore_pkgs ignore_pkgs="$( - printf %s\\n base-files '' debianutils dash \ + printf %s\\n \ + base-files '' debianutils dash \ + libdebconfclient0 libselinux1 \ + libaudit1 libpam-modules libpam-runtime libpam0g \ | grep -vFx "$( printf %s\\n "${@}" )" )" [ -f "${root_fs}/.pkg.lst" ] && \ From 581072a2e6c150003ac01b6da1f233f387fccd65 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 13:36:43 +0200 Subject: [PATCH 17/33] Add pwck, grpck, ldd checks and fixes Signed-off-by: Marcel Bargull --- images/base-glibc-busybox-bash/Dockerfile | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index ef5c1410..a871ea76 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -82,6 +82,26 @@ RUN install-pkgs "$( pwd )" /tmp/work \ -mindepth 1 -depth \ -delete +RUN while IFS=: read _ _ uid gid _ home _ ; do \ + [ -n "${home##/var/run/*}" ] || home="${home#/var}" \ + && \ + [ -d "./${home#/}" ] || [ "${home}" = "/nonexistent" ] && continue ; \ + mkdir -p "./${home#/}" \ + && \ + chown "${uid}:${gid}" "./${home#/}" \ + && \ + chmod 775 "./${home#/}" \ + ; done < ./etc/passwd \ + && \ + pwck --read-only --root "$( pwd )" \ + | { ! grep -v -e 'no changes' -e '/nonexistent' ; } \ + && \ + grpck --read-only --root "$( pwd )" \ + && \ + find -xdev -type f \ + | xargs chroot . ldd 2> /dev/null -- \ + | sed -n '/:/h; /not found/{x;p;x;p}' | { ! grep . ; } + # env-activate.sh (+ optionally env-execute) should be overwritten downstream. # - env-activate.sh: # Is sourced (via symlink in /etc/profile.d/) to activate the /usr/local env. From 6e7621b6e5c7a3b8ad78fb37fd15b968508d2331 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 13:44:35 +0200 Subject: [PATCH 18/33] Update to Debian 12.2, BusyBox 1.36.1 Signed-off-by: Marcel Bargull --- .github/workflows/base-glibc-busybox-bash.yaml | 4 ++-- .github/workflows/base-glibc-debian-bash.yaml | 2 +- images/base-glibc-busybox-bash/Dockerfile | 4 +--- images/base-glibc-debian-bash/Dockerfile | 2 +- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index fcb1f05c..ded7f61c 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -20,8 +20,8 @@ jobs: # version tags or checksum IDs, but not via "latest". IMAGE_VERSION: '3.0.0' IMAGE_NAME: base-glibc-busybox-bash - BUSYBOX_VERSION: '1.32.1' - DEBIAN_VERSION: '10.9' + BUSYBOX_VERSION: '1.36.1' + DEBIAN_VERSION: '12.2' steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 8ede29c6..998d074b 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -20,7 +20,7 @@ jobs: # version tags or checksum IDs, but not via "latest". IMAGE_VERSION: '3.0.0' IMAGE_NAME: base-glibc-debian-bash - DEBIAN_VERSION: '10.9' + DEBIAN_VERSION: '12.2' steps: - uses: actions/checkout@v4 diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index a871ea76..3d0dafd2 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -1,11 +1,9 @@ -ARG busybox_version=1.32.1 -ARG debian_version=10.8 - # Don't use Debian's busybox package since it only provides a smaller subset of # BusyBox's functions (e.g., no administrative tools like adduser etc.). # Since we create a glibc image anyway, we can also use a the slightly smaller # dynamically linked binary. +ARG debian_version FROM "debian:${debian_version}-slim" AS build_base RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ '/ stretch/ { /-updates/d ; s,/(deb|security)\.,/archive., }' \ diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index 75a1f888..8f0bea0c 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -1,4 +1,4 @@ -ARG debian_version=10.8 +ARG debian_version FROM "debian:${debian_version}-slim" RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ From e403f065e39b80f4bb5cb52501be0b485623db83 Mon Sep 17 00:00:00 2001 From: mvdbeek Date: Wed, 27 Sep 2023 19:52:24 +0200 Subject: [PATCH 19/33] Extend debian base image with libegl1 and libopengl0 Signed-off-by: Marcel Bargull --- images/base-glibc-debian-bash/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index 8f0bea0c..e54940fd 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -11,6 +11,8 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ apt-get install --yes \ --no-install-recommends \ libgl1-mesa-glx \ + libegl1 \ + libopengl0 \ locales \ openssh-client \ procps \ From faa660de95aa4649306542c31b3a767c6fddf3a8 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 14:02:34 +0200 Subject: [PATCH 20/33] Avoid spamming logs with wget/curl --- images/base-glibc-busybox-bash/Dockerfile.test | 3 ++- images/base-glibc-busybox-bash/build-busybox | 4 ++-- images/base-glibc-debian-bash/Dockerfile.test | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/images/base-glibc-busybox-bash/Dockerfile.test b/images/base-glibc-busybox-bash/Dockerfile.test index ec206d12..feba4402 100644 --- a/images/base-glibc-busybox-bash/Dockerfile.test +++ b/images/base-glibc-busybox-bash/Dockerfile.test @@ -19,7 +19,8 @@ RUN [ "$( sh -lc 'printf world' )" = 'world' ] \ RUN arch=$(uname -m) \ && \ - wget "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-${arch}.sh" \ + wget --quiet \ + "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-${arch}.sh" \ && \ sh ./Miniforge3-Linux-${arch}.sh -bp /opt/conda \ && \ diff --git a/images/base-glibc-busybox-bash/build-busybox b/images/base-glibc-busybox-bash/build-busybox index 40ae7429..db642e9e 100755 --- a/images/base-glibc-busybox-bash/build-busybox +++ b/images/base-glibc-busybox-bash/build-busybox @@ -2,7 +2,7 @@ set -xeu download() { - curl -L \ + curl --location --silent \ "https://busybox.net/downloads/busybox-${version}.tar.bz2" \ | tar -xjf- --strip-components=1 } @@ -10,7 +10,7 @@ download() { patch() { case "${version}" in 1.36.* ) # Small fix to let it build with older glibc versions. - curl --location \ + curl --location --silent \ 'https://git.busybox.net/busybox/patch/miscutils/seedrng.c?id=200a9669fbf6f06894e4243cccc9fc11a1a6073a' \ 'https://git.busybox.net/busybox/patch/miscutils/seedrng.c?id=cb57abb46f06f4ede8d9ccbdaac67377fdf416cf' \ | command patch --strip=1 diff --git a/images/base-glibc-debian-bash/Dockerfile.test b/images/base-glibc-debian-bash/Dockerfile.test index 0a929b19..f2f0bace 100644 --- a/images/base-glibc-debian-bash/Dockerfile.test +++ b/images/base-glibc-debian-bash/Dockerfile.test @@ -31,7 +31,8 @@ RUN apt-get update -qq \ && \ arch=$(uname -m) \ && \ - wget "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-${arch}.sh" \ + wget --quiet \ + "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-${arch}.sh" \ && \ sh ./Miniforge3-Linux-${arch}.sh -bp /opt/conda \ && \ From cbad51277a9dc128e305d463b17927d1d1d83aff Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 14:25:12 +0200 Subject: [PATCH 21/33] Copy workflow changes from base-glibc-busybox-bash --- .github/workflows/base-glibc-debian-bash.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 998d074b..b1022b91 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -49,6 +49,7 @@ jobs: debian="$( run cat /etc/debian_version | sed '1!d' )" bash="$( run bash --version | sed '1!d' )" buildah rm "${container}" + labels=" glibc=${glibc} debian=${debian} @@ -99,7 +100,6 @@ jobs: - name: Check Tags run: | - set -x # FIX upstream: Quay.io does not support immutable images currently. # => Try to use the REST API to check for duplicate tags. response="$( @@ -127,12 +127,9 @@ jobs: fi fi done - env: - TOKEN: ${{ secrets.secrets.QUAY_BIOCONDA_TOKEN }} - if: ${{ github.ref == 'refs/heads/main' }} - name: Push To quay.io - id: push-to-quay + name: Push uses: redhat-actions/push-to-registry@v2 with: image: ${{ steps.build.outputs.image }} @@ -144,12 +141,12 @@ jobs: - if: ${{ github.ref == 'refs/heads/main' }} name: Test Pushed run: | - image='${{ steps.build.outputs.image }}' + image='${{ env.IMAGE_NAME }}' ids="$( for tag in ${{ steps.calculate.outputs.tags }} ; do buildah images --quiet --no-trunc "${image}:${tag}" done - )" + )" ids="$( printf %s "${ids}" | sort -u )" for id in ${ids} ; do podman history "${id}" From 7993ccc8c72ce1f34eb832286363893ae53eedbf Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 14:59:07 +0200 Subject: [PATCH 22/33] Use Quay /tag/ API endpoint --- .github/workflows/base-glibc-busybox-bash.yaml | 6 +++--- .github/workflows/base-glibc-debian-bash.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index ded7f61c..bcb3f52e 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -111,13 +111,13 @@ jobs: # FIX upstream: Quay.io does not support immutable images currently. # => Try to use the REST API to check for duplicate tags. response="$( - curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \ - 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/image' + curl -sL \ + 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/tag/' )" existing_tags="$( printf %s "${response}" \ - | jq -r '.images[].tags[]' + | jq -r '.tags[]|.name' )" \ || { printf %s\\n \ diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index b1022b91..41fe6310 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -103,13 +103,13 @@ jobs: # FIX upstream: Quay.io does not support immutable images currently. # => Try to use the REST API to check for duplicate tags. response="$( - curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \ - 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/image' + curl -sL \ + 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/tag/' )" existing_tags="$( printf %s "${response}" \ - | jq -r '.images[].tags[]' + | jq -r '.tags[]|.name' )" \ || { printf %s\\n \ From 2b9274f7a044432c23b2ec77eaf67ae2e43264ae Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 15:59:30 +0200 Subject: [PATCH 23/33] Test built base images for all platforms --- .github/workflows/base-glibc-busybox-bash.yaml | 14 +++++++------- .github/workflows/base-glibc-debian-bash.yaml | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index bcb3f52e..d5db6e68 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -150,16 +150,16 @@ jobs: name: Test Pushed run: | image='${{ env.IMAGE_NAME }}' - ids="$( + digests="$( for tag in ${{ steps.calculate.outputs.tags }} ; do - buildah images --quiet --no-trunc "${image}:${tag}" - done + buildah manifest inspect "${image}:${tag}" \ + | jq -r '.manifests[]|.digest' + done | sort -u )" - ids="$( printf %s "${ids}" | sort -u )" - for id in ${ids} ; do - podman history "${id}" + for digest in ${digests} ; do + podman history "${image}@${digest}" buildah bud \ - --build-arg=base="${id}" \ + --build-arg=base="${image}@${digest}" \ --file=Dockerfile.test \ "images/${image}" done diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 41fe6310..e0efe57d 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -83,16 +83,16 @@ jobs: - name: Test run: | image='${{ steps.build.outputs.image }}' - ids="$( + digests="$( for tag in ${{ steps.calculate.outputs.tags }} ; do - buildah images --quiet --no-trunc "${image}:${tag}" - done + buildah manifest inspect "${image}:${tag}" \ + | jq -r '.manifests[]|.digest' + done | sort -u )" - ids="$( printf %s "${ids}" | sort -u )" - for id in ${ids} ; do - podman history "${id}" + for digest in ${digests} ; do + podman history "${image}@${digest}" buildah bud \ - --build-arg=base="${id}" \ + --build-arg=base="${image}@${digest}" \ --file=Dockerfile.test \ "images/${image}" done From 7a2e3d6a6fbc792fc09037651942d6ee33898807 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 15:57:20 +0200 Subject: [PATCH 24/33] Fix busybox install Signed-off-by: Marcel Bargull --- images/base-glibc-busybox-bash/Dockerfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index 3d0dafd2..5a3f17d2 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -33,11 +33,13 @@ RUN mkdir -p ./bin ./sbin ./usr/bin ./usr/sbin \ && \ cp -al /build/busybox ./bin/ \ && \ - cp -al /lib/*-linux-gnu/*.so* ./ \ + ldd ./bin/busybox \ + | grep --only-matching --extended-regexp '/lib\S+' \ + | xargs -n1 sh -xc 'mkdir -p ".${1%/*}" && cp -aL "${1}" ".${1%/*}"' -- \ && \ - chroot . ./ld-linux-*.so.* --library-path / /bin/busybox --install \ + chroot . /bin/busybox --install \ && \ - rm -rf ./*.so* + rm -rf ./lib* FROM build_base AS rootfs_builder From 2b5d90d5e5812f2ad32d18b4397719e954f8de7e Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 18:44:41 +0200 Subject: [PATCH 25/33] Get built image IDs via manifest digests Signed-off-by: Marcel Bargull --- .../workflows/base-glibc-busybox-bash.yaml | 18 +++++++++-------- .github/workflows/base-glibc-debian-bash.yaml | 20 ++++++++++--------- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index d5db6e68..748c5ced 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -93,10 +93,11 @@ jobs: image='${{ steps.build.outputs.image }}' ids="$( for tag in ${{ steps.calculate.outputs.tags }} ; do - buildah images --quiet --no-trunc "${image}:${tag}" - done + buildah manifest inspect "${image}:${tag}" \ + | jq -r '.manifests[]|.digest' \ + | xargs -I'{}' buildah images --quiet --filter=digest='{}' + done | sort -u )" - ids="$( printf %s "${ids}" | sort -u )" for id in ${ids} ; do podman history "${id}" buildah bud \ @@ -150,16 +151,17 @@ jobs: name: Test Pushed run: | image='${{ env.IMAGE_NAME }}' - digests="$( + ids="$( for tag in ${{ steps.calculate.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ - | jq -r '.manifests[]|.digest' + | jq -r '.manifests[]|.digest' \ + | xargs -I'{}' buildah images --quiet --filter=digest='{}' done | sort -u )" - for digest in ${digests} ; do - podman history "${image}@${digest}" + for id in ${ids} ; do + podman history "${id}" buildah bud \ - --build-arg=base="${image}@${digest}" \ + --build-arg=base="${id}" \ --file=Dockerfile.test \ "images/${image}" done diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index e0efe57d..75135214 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -78,21 +78,22 @@ jobs: build-args: | debian_version=${{ env.DEBIAN_VERSION }} containerfiles: | - ./images/${{ env.IMAGE_NAME }}/Dockerfile + ./images/${{ env.IMAGE_NAME }}/Dockerfile - name: Test run: | image='${{ steps.build.outputs.image }}' - digests="$( + ids="$( for tag in ${{ steps.calculate.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ - | jq -r '.manifests[]|.digest' + | jq -r '.manifests[]|.digest' \ + | xargs -I'{}' buildah images --quiet --filter=digest='{}' done | sort -u )" - for digest in ${digests} ; do - podman history "${image}@${digest}" + for id in ${ids} ; do + podman history "${id}" buildah bud \ - --build-arg=base="${image}@${digest}" \ + --build-arg=base="${id}" \ --file=Dockerfile.test \ "images/${image}" done @@ -144,10 +145,11 @@ jobs: image='${{ env.IMAGE_NAME }}' ids="$( for tag in ${{ steps.calculate.outputs.tags }} ; do - buildah images --quiet --no-trunc "${image}:${tag}" - done + buildah manifest inspect "${image}:${tag}" \ + | jq -r '.manifests[]|.digest' \ + | xargs -I'{}' buildah images --quiet --filter=digest='{}' + done | sort -u )" - ids="$( printf %s "${ids}" | sort -u )" for id in ${ids} ; do podman history "${id}" buildah bud \ From 8846fa299204051f30163fb00023a8d76bdb20e5 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 20:16:32 +0200 Subject: [PATCH 26/33] Allow backports for Debian 9 (install EGL, OpenGL) Signed-off-by: Marcel Bargull --- images/base-glibc-busybox-bash/Dockerfile | 4 ++-- images/base-glibc-debian-bash/Dockerfile | 22 +++++++++++++++++----- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index 5a3f17d2..70e8173e 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -6,7 +6,7 @@ ARG debian_version FROM "debian:${debian_version}-slim" AS build_base RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ - '/ stretch/ { /-updates/d ; s,/(deb|security)\.,/archive., }' \ + '/ stretch/ { s,-updates,-backports, ; s,/(deb|security)\.,/archive., }' \ /etc/apt/sources.list @@ -15,7 +15,7 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ # Use old Debian version to ensure compatible (low glibc requirement) binaries. FROM debian:9-slim AS busybox_builder RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ - '/ stretch/ { /-updates/d ; s,/(deb|security)\.,/archive., }' \ + '/ stretch/ { s,-updates,-backports, ; s,/(deb|security)\.,/archive., }' \ /etc/apt/sources.list \ && \ apt-get update && \ diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index e54940fd..83e869d7 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -2,16 +2,28 @@ ARG debian_version FROM "debian:${debian_version}-slim" RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ - '/ stretch/ { /-updates/d ; s,/(deb|security)\.,/archive., }' \ + '/ stretch/ { s,-updates,-backports, ; s,/(deb|security)\.,/archive., }' \ /etc/apt/sources.list \ && \ apt-get update -qq \ && \ DEBIAN_FRONTEND=noninteractive \ - apt-get install --yes \ - --no-install-recommends \ - libgl1-mesa-glx \ - libegl1 \ + apt-get install --yes --no-install-recommends \ + $( \ + . /etc/os-release \ + && \ + [ "${VERSION_ID-10}" -lt 10 ] \ + && \ + printf '%s\n' \ + libegl1-mesa \ + libgl1-mesa-glx \ + || \ + printf '%s\n' \ + libegl1 \ + libgl1 \ + libglx-mesa0 \ + ) \ + libglvnd0 \ libopengl0 \ locales \ openssh-client \ From a783cac49346bffb2b10eb82ef32b1bc929e1328 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 20:21:43 +0200 Subject: [PATCH 27/33] Add pwck, grpck, ldd checks to Debian base image Signed-off-by: Marcel Bargull --- images/base-glibc-debian-bash/Dockerfile | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index 83e869d7..b8df2bf0 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -63,6 +63,26 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ -mindepth 1 -depth \ -delete +RUN while IFS=: read _ _ uid gid _ home _ ; do \ + [ -n "${home##/var/run/*}" ] || home="${home#/var}" \ + && \ + [ -d "./${home#/}" ] || [ "${home}" = "/nonexistent" ] && continue ; \ + mkdir -p "./${home#/}" \ + && \ + chown "${uid}:${gid}" "./${home#/}" \ + && \ + chmod 775 "./${home#/}" \ + ; done < ./etc/passwd \ + && \ + pwck --read-only --root "$( pwd )" \ + | { ! grep -v -e 'no changes' -e '/nonexistent' ; } \ + && \ + grpck --read-only --root "$( pwd )" \ + && \ + find -xdev -type f \ + | xargs chroot . ldd 2> /dev/null -- \ + | sed -n '/:/h; /not found/{x;p;x;p}' | { ! grep . ; } + # Bash 4.* did not have default key bindings for control-arrow-key key # combinations. Add some for convenience: RUN >> /etc/inputrc \ From 8b473ba4bbd2951c6001b004fa0307f1d1d1c834 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 21:00:54 +0200 Subject: [PATCH 28/33] Old Buildah does not support --filter=dangling Signed-off-by: Marcel Bargull --- .github/workflows/base-glibc-busybox-bash.yaml | 16 ++++++++++++---- .github/workflows/base-glibc-debian-bash.yaml | 16 ++++++++++++---- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index 748c5ced..e7ff69c1 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -95,9 +95,13 @@ jobs: for tag in ${{ steps.calculate.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ | jq -r '.manifests[]|.digest' \ - | xargs -I'{}' buildah images --quiet --filter=digest='{}' - done | sort -u + | while read id ; do + buildah images --format '{{.ID}}{{.Digest}}' \ + | sed -n "s/${id}//p" + done + done )" + ids="$( printf %s "${ids}" | sort -u )" for id in ${ids} ; do podman history "${id}" buildah bud \ @@ -155,9 +159,13 @@ jobs: for tag in ${{ steps.calculate.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ | jq -r '.manifests[]|.digest' \ - | xargs -I'{}' buildah images --quiet --filter=digest='{}' - done | sort -u + | while read id ; do + buildah images --format '{{.ID}}{{.Digest}}' \ + | sed -n "s/${id}//p" + done + done )" + ids="$( printf %s "${ids}" | sort -u )" for id in ${ids} ; do podman history "${id}" buildah bud \ diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 75135214..01aeaa9f 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -87,9 +87,13 @@ jobs: for tag in ${{ steps.calculate.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ | jq -r '.manifests[]|.digest' \ - | xargs -I'{}' buildah images --quiet --filter=digest='{}' - done | sort -u + | while read id ; do + buildah images --format '{{.ID}}{{.Digest}}' \ + | sed -n "s/${id}//p" + done + done )" + ids="$( printf %s "${ids}" | sort -u )" for id in ${ids} ; do podman history "${id}" buildah bud \ @@ -147,9 +151,13 @@ jobs: for tag in ${{ steps.calculate.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ | jq -r '.manifests[]|.digest' \ - | xargs -I'{}' buildah images --quiet --filter=digest='{}' - done | sort -u + | while read id ; do + buildah images --format '{{.ID}}{{.Digest}}' \ + | sed -n "s/${id}//p" + done + done )" + ids="$( printf %s "${ids}" | sort -u )" for id in ${ids} ; do podman history "${id}" buildah bud \ From a57caae5c7f818fa1173c11f2225eb13c332026e Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Mon, 16 Oct 2023 23:47:17 +0200 Subject: [PATCH 29/33] Simplify base image version scheme Add mutable tag for major version. Drop glibc/busybox/debian versioned tags; versions are stored in labels. Signed-off-by: Marcel Bargull --- .../workflows/base-glibc-busybox-bash.yaml | 21 +++++++++------- .github/workflows/base-glibc-debian-bash.yaml | 25 ++++++++++++------- images/base-glibc-busybox-bash/install-pkgs | 8 +++--- images/base-glibc-debian-bash/Dockerfile | 10 ++++++++ 4 files changed, 42 insertions(+), 22 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index e7ff69c1..e8d9d821 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -18,7 +18,8 @@ jobs: env: # The base image is not intended to change often and should be used with # version tags or checksum IDs, but not via "latest". - IMAGE_VERSION: '3.0.0' + MAJOR_VERSION: 3 + MINOR_VERSION: 0 IMAGE_NAME: base-glibc-busybox-bash BUSYBOX_VERSION: '1.36.1' DEBIAN_VERSION: '12.2' @@ -65,8 +66,8 @@ jobs: busybox_version="$( printf %s "${busybox}" | sed -E '1 s/.*v([0-9.]*[0-9]).*/\1/' )" bash_version="$( printf %s "${bash}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" tags=" - ${{ env.IMAGE_VERSION }} - ${{ env.IMAGE_VERSION }}_${glibc_version}_${busybox_version}_${bash_version} + ${{ env.MAJOR_VERSION }} + ${{ env.MAJOR_VERSION }}.${{ env.MINOR_VERSION }} latest " @@ -133,12 +134,14 @@ jobs: exit 1 } for tag in ${{ steps.calculate.outputs.tags }} ; do - if [ \! "${tag}" = latest ] ; then - if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then - printf 'Tag %s already exists!\n' "${tag}" - exit 1 - fi - fi + case "${tag}" in + latest | '${{ env.MAJOR_VERSION }}' ) ;; + * ) + if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then + printf 'Tag %s already exists!\n' "${tag}" + exit 1 + fi + esac done - if: ${{ github.ref == 'refs/heads/main' }} diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 01aeaa9f..c1be4ef0 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -18,7 +18,8 @@ jobs: env: # The base image is not intended to change often and should be used with # version tags or checksum IDs, but not via "latest". - IMAGE_VERSION: '3.0.0' + MAJOR_VERSION: 3 + MINOR_VERSION: 0 IMAGE_NAME: base-glibc-debian-bash DEBIAN_VERSION: '12.2' @@ -45,6 +46,8 @@ jobs: container="$( buildah from "${image_id}" )" run() { buildah run "${container}" "${@}" ; } + deb_list="$( run cat /.deb.lst | tr '\n' '|' )" + pkg_list="$( run cat /.pkg.lst | tr '\n' '|' )" glibc="$( run sh -c 'exec "$( find /lib -name libc.so.6 -print -quit )"' | sed '1!d' )" debian="$( run cat /etc/debian_version | sed '1!d' )" bash="$( run bash --version | sed '1!d' )" @@ -53,14 +56,16 @@ jobs: labels=" glibc=${glibc} debian=${debian} + deb-list="${deb_list%|}" + pkg-list="${pkg_list%|}" " glibc_version="$( printf %s "${glibc}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" debian_version="$( printf %s "${debian}" | sed -E 's|/|_|g' )" bash_version="$( printf %s "${bash}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" tags=" - ${{ env.IMAGE_VERSION }} - ${{ env.IMAGE_VERSION }}_${glibc_version}_${debian_version}_${bash_version} + ${{ env.MAJOR_VERSION }} + ${{ env.MAJOR_VERSION }}.${{ env.MINOR_VERSION }} latest " @@ -125,12 +130,14 @@ jobs: exit 1 } for tag in ${{ steps.calculate.outputs.tags }} ; do - if [ \! "${tag}" = latest ] ; then - if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then - printf 'Tag %s already exists!\n' "${tag}" - exit 1 - fi - fi + case "${tag}" in + latest | '${{ env.MAJOR_VERSION }}' ) ;; + * ) + if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then + printf 'Tag %s already exists!\n' "${tag}" + exit 1 + fi + esac done - if: ${{ github.ref == 'refs/heads/main' }} diff --git a/images/base-glibc-busybox-bash/install-pkgs b/images/base-glibc-busybox-bash/install-pkgs index c6d2f092..fdb483dd 100755 --- a/images/base-glibc-busybox-bash/install-pkgs +++ b/images/base-glibc-busybox-bash/install-pkgs @@ -154,10 +154,10 @@ prepare() { # Abort if we get an unexpected package. printf %s\\n "\`prepare\` not defined for ${pkg}" >&2 return 1 - ;; - esac - prepare_remove_docs - prepare_usrmerge + ;; + esac + prepare_remove_docs + prepare_usrmerge } diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index b8df2bf0..9dd86ca0 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -63,6 +63,16 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ -mindepth 1 -depth \ -delete +RUN dpkg-query --show --showformat \ + '${db:Status-Status} ${Package}\n' \ + | sed -n 's/:/%3a/g ; s/^installed //p' \ + > /.pkg.lst \ + && \ + dpkg-query --show --showformat \ + '${db:Status-Status} ${Package}_${Version}_${Architecture}\n' \ + | sed -n 's/:/%3a/g ; s/$/.deb/ ; s/^installed //p' \ + > /.deb.lst + RUN while IFS=: read _ _ uid gid _ home _ ; do \ [ -n "${home##/var/run/*}" ] || home="${home#/var}" \ && \ From 2e8ad195f43798a6eea66ec71c5888358564a60a Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Tue, 17 Oct 2023 01:03:59 +0200 Subject: [PATCH 30/33] Fix labels for arm64; stop building twice Signed-off-by: Marcel Bargull --- .../workflows/base-glibc-busybox-bash.yaml | 103 +++++++++--------- .github/workflows/base-glibc-debian-bash.yaml | 99 +++++++++-------- 2 files changed, 103 insertions(+), 99 deletions(-) diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index e8d9d821..38cb8480 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -32,68 +32,69 @@ jobs: with: platforms: arm64 - - name: Calculate tags and labels - id: calculate + - name: Build + id: build run: | set -xeu cd 'images/${{ env.IMAGE_NAME }}' - iidfile="$( mktemp )" - buildah bud --layers \ - --iidfile="${iidfile}" \ - --build-arg=busybox_version="${{ env.BUSYBOX_VERSION }}" \ - --build-arg=debian_version="${{ env.DEBIAN_VERSION }}" - image_id="$( cat "${iidfile}" )" - rm "${iidfile}" - - container="$( buildah from "${image_id}" )" - run() { buildah run "${container}" "${@}" ; } - deb_list="$( run cat /.deb.lst | tr '\n' '|' )" - pkg_list="$( run cat /.pkg.lst | tr '\n' '|' )" - glibc="$( run sh -c 'exec "$( find /lib -name libc.so.6 -print -quit )"' | sed '1!d' )" - busybox="$( run busybox | sed '1!d' )" - bash="$( run bash --version | sed '1!d' )" - buildah rm "${container}" - - labels=" - glibc="${glibc}" - busybox="${busybox}" - deb-list="${deb_list%|}" - pkg-list="${pkg_list%|}" - " - - glibc_version="$( printf %s "${glibc}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" - busybox_version="$( printf %s "${busybox}" | sed -E '1 s/.*v([0-9.]*[0-9]).*/\1/' )" - bash_version="$( printf %s "${bash}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" - tags=" + image_name='${{ env.IMAGE_NAME }}' + tags=' ${{ env.MAJOR_VERSION }} ${{ env.MAJOR_VERSION }}.${{ env.MINOR_VERSION }} latest - " + ' + printf %s\\n \ + "image=${image_name}" \ + "tags=$( echo ${tags} )" \ + >> $GITHUB_OUTPUT - echo "tags=$( echo ${tags} )" >> $GITHUB_OUTPUT - echo "labels=$( echo ${labels} )" >> $GITHUB_OUTPUT + for tag in ${tags} ; do + buildah manifest create "${image_name}:${tag}" + done - - name: Build multiarch image - id: build - uses: redhat-actions/buildah-build@v2 - with: - image: ${{ env.IMAGE_NAME }} - tags: ${{ steps.calculate.outputs.tags }} - labels: ${{ steps.calculate.outputs.labels }} - archs: amd64,arm64 - build-args: | - busybox_version=${{ env.BUSYBOX_VERSION }} - debian_version=${{ env.DEBIAN_VERSION }} - context: ./images/${{ env.IMAGE_NAME }} - containerfiles: | - ./images/${{ env.IMAGE_NAME }}/Dockerfile + for arch in amd64 arm64 ; do + iidfile="$( mktemp )" + buildah bud --layers \ + --arch="${arch}" \ + --iidfile="${iidfile}" \ + --build-arg=busybox_version='${{ env.BUSYBOX_VERSION }}' \ + --build-arg=debian_version='${{ env.DEBIAN_VERSION }}' + image_id="$( cat "${iidfile}" )" + rm "${iidfile}" + + container="$( buildah from "${image_id}" )" + run() { buildah run "${container}" "${@}" ; } + deb_list="$( run cat /.deb.lst | tr '\n' '|' | sed 's/|$//' )" + pkg_list="$( run cat /.pkg.lst | tr '\n' '|' | sed 's/|$//' )" + glibc="$( run sh -c 'exec "$( find -xdev -name libc.so.6 -print -quit )"' | sed '1!d' )" + busybox="$( run busybox | sed '1!d' )" + bash="$( run bash --version | sed '1!d' )" + buildah rm "${container}" + + container="$( buildah from "${image_id}" )" + buildah config \ + --label=glibc="${glibc}" \ + --label=busybox="${busybox}" \ + --label=bash="${bash}" \ + --label=deb-list="${deb_list}" \ + --label=pkg-list="${pkg_list}" \ + "${container}" + + image_id="$( buildah commit "${container}" )" + buildah rm "${container}" + for tag in ${tags} ; do + buildah manifest add \ + "${image_name}:${tag}" \ + "${image_id}" + done + done - name: Test run: | image='${{ steps.build.outputs.image }}' ids="$( - for tag in ${{ steps.calculate.outputs.tags }} ; do + for tag in ${{ steps.build.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ | jq -r '.manifests[]|.digest' \ | while read id ; do @@ -133,7 +134,7 @@ jobs: "${response}" exit 1 } - for tag in ${{ steps.calculate.outputs.tags }} ; do + for tag in ${{ steps.build.outputs.tags }} ; do case "${tag}" in latest | '${{ env.MAJOR_VERSION }}' ) ;; * ) @@ -149,7 +150,7 @@ jobs: uses: redhat-actions/push-to-registry@v2 with: image: ${{ steps.build.outputs.image }} - tags: ${{ steps.calculate.outputs.tags }} + tags: ${{ steps.build.outputs.tags }} registry: ${{ secrets.QUAY_BIOCONDA_REPO }} username: ${{ secrets.QUAY_BIOCONDA_USERNAME }} password: ${{ secrets.QUAY_BIOCONDA_TOKEN }} @@ -159,7 +160,7 @@ jobs: run: | image='${{ env.IMAGE_NAME }}' ids="$( - for tag in ${{ steps.calculate.outputs.tags }} ; do + for tag in ${{ steps.build.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ | jq -r '.manifests[]|.digest' \ | while read id ; do diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index c1be4ef0..f0571986 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -31,65 +31,68 @@ jobs: with: platforms: arm64 - - name: Calculate tags and labels - id: calculate + - name: Build + id: build run: | set -xeu cd 'images/${{ env.IMAGE_NAME }}' - iidfile="$( mktemp )" - buildah bud --layers \ - --iidfile="${iidfile}" \ - --build-arg=debian_version="${{ env.DEBIAN_VERSION }}" - image_id="$( cat "${iidfile}" )" - rm "${iidfile}" - - container="$( buildah from "${image_id}" )" - run() { buildah run "${container}" "${@}" ; } - deb_list="$( run cat /.deb.lst | tr '\n' '|' )" - pkg_list="$( run cat /.pkg.lst | tr '\n' '|' )" - glibc="$( run sh -c 'exec "$( find /lib -name libc.so.6 -print -quit )"' | sed '1!d' )" - debian="$( run cat /etc/debian_version | sed '1!d' )" - bash="$( run bash --version | sed '1!d' )" - buildah rm "${container}" - - labels=" - glibc=${glibc} - debian=${debian} - deb-list="${deb_list%|}" - pkg-list="${pkg_list%|}" - " - - glibc_version="$( printf %s "${glibc}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" - debian_version="$( printf %s "${debian}" | sed -E 's|/|_|g' )" - bash_version="$( printf %s "${bash}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )" - tags=" + image_name='${{ env.IMAGE_NAME }}' + tags=' ${{ env.MAJOR_VERSION }} ${{ env.MAJOR_VERSION }}.${{ env.MINOR_VERSION }} latest - " + ' + printf %s\\n \ + "image=${image_name}" \ + "tags=$( echo ${tags} )" \ + >> $GITHUB_OUTPUT - echo "tags=$( echo ${tags} )" >> $GITHUB_OUTPUT - echo "labels=$( echo ${labels} )" >> $GITHUB_OUTPUT + for tag in ${tags} ; do + buildah manifest create "${image_name}:${tag}" + done - - name: Build multiarch image - id: build - uses: redhat-actions/buildah-build@v2 - with: - image: ${{ env.IMAGE_NAME }} - tags: ${{ steps.calculate.outputs.tags }} - labels: ${{ steps.calculate.outputs.labels }} - archs: amd64,arm64 - build-args: | - debian_version=${{ env.DEBIAN_VERSION }} - containerfiles: | - ./images/${{ env.IMAGE_NAME }}/Dockerfile + for arch in amd64 arm64 ; do + iidfile="$( mktemp )" + buildah bud --layers \ + --arch="${arch}" \ + --iidfile="${iidfile}" \ + --build-arg=debian_version='${{ env.DEBIAN_VERSION }}' + image_id="$( cat "${iidfile}" )" + rm "${iidfile}" + + container="$( buildah from "${image_id}" )" + run() { buildah run "${container}" "${@}" ; } + deb_list="$( run cat /.deb.lst | tr '\n' '|' | sed 's/|$//' )" + pkg_list="$( run cat /.pkg.lst | tr '\n' '|' | sed 's/|$//' )" + glibc="$( run sh -c 'exec "$( find -xdev -name libc.so.6 -print -quit )"' | sed '1!d' )" + debian="$( run cat /etc/debian_version | sed '1!d' )" + bash="$( run bash --version | sed '1!d' )" + buildah rm "${container}" + + container="$( buildah from "${image_id}" )" + buildah config \ + --label=glibc="${glibc}" \ + --label=debian="${debian}" \ + --label=bash="${bash}" \ + --label=deb-list="${deb_list}" \ + --label=pkg-list="${pkg_list}" \ + "${container}" + + image_id="$( buildah commit "${container}" )" + buildah rm "${container}" + for tag in ${tags} ; do + buildah manifest add \ + "${image_name}:${tag}" \ + "${image_id}" + done + done - name: Test run: | image='${{ steps.build.outputs.image }}' ids="$( - for tag in ${{ steps.calculate.outputs.tags }} ; do + for tag in ${{ steps.build.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ | jq -r '.manifests[]|.digest' \ | while read id ; do @@ -129,7 +132,7 @@ jobs: "${response}" exit 1 } - for tag in ${{ steps.calculate.outputs.tags }} ; do + for tag in ${{ steps.build.outputs.tags }} ; do case "${tag}" in latest | '${{ env.MAJOR_VERSION }}' ) ;; * ) @@ -145,7 +148,7 @@ jobs: uses: redhat-actions/push-to-registry@v2 with: image: ${{ steps.build.outputs.image }} - tags: ${{ steps.calculate.outputs.tags }} + tags: ${{ steps.build.outputs.tags }} registry: ${{ secrets.QUAY_BIOCONDA_REPO }} username: ${{ secrets.QUAY_BIOCONDA_USERNAME }} password: ${{ secrets.QUAY_BIOCONDA_TOKEN }} @@ -155,7 +158,7 @@ jobs: run: | image='${{ env.IMAGE_NAME }}' ids="$( - for tag in ${{ steps.calculate.outputs.tags }} ; do + for tag in ${{ steps.build.outputs.tags }} ; do buildah manifest inspect "${image}:${tag}" \ | jq -r '.manifests[]|.digest' \ | while read id ; do From d53f91279fe06c253b486e7241fa07959e2d2327 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Tue, 17 Oct 2023 09:00:21 +0200 Subject: [PATCH 31/33] Parallelize ldd checks Signed-off-by: Marcel Bargull --- images/base-glibc-busybox-bash/Dockerfile | 8 +++++--- images/base-glibc-debian-bash/Dockerfile | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index 70e8173e..b8240cf7 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -98,9 +98,11 @@ RUN while IFS=: read _ _ uid gid _ home _ ; do \ && \ grpck --read-only --root "$( pwd )" \ && \ - find -xdev -type f \ - | xargs chroot . ldd 2> /dev/null -- \ - | sed -n '/:/h; /not found/{x;p;x;p}' | { ! grep . ; } + find \ + -xdev -type f \! -path ./var/\* \! -path ./usr/share/\* \! -name \*.pl \ + | xargs -P0 -n100 sh -c \ + 'chroot . ldd -- "${@}" 2> /dev/null | sed -n "/:/h; /not found/{x;p;x;p}"' -- \ + | { ! grep . ; } # env-activate.sh (+ optionally env-execute) should be overwritten downstream. # - env-activate.sh: diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index 9dd86ca0..cebecb58 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -89,9 +89,11 @@ RUN while IFS=: read _ _ uid gid _ home _ ; do \ && \ grpck --read-only --root "$( pwd )" \ && \ - find -xdev -type f \ - | xargs chroot . ldd 2> /dev/null -- \ - | sed -n '/:/h; /not found/{x;p;x;p}' | { ! grep . ; } + find \ + -xdev -type f \! -path ./var/\* \! -path ./usr/share/\* \! -name \*.pl \ + | xargs -P0 -n100 sh -c \ + 'chroot . ldd -- "${@}" 2> /dev/null | sed -n "/:/h; /not found/{x;p;x;p}"' -- \ + | { ! grep . ; } # Bash 4.* did not have default key bindings for control-arrow-key key # combinations. Add some for convenience: From c32537b038dad7f010f09f55a1c320b30f53dfa1 Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Tue, 17 Oct 2023 09:01:17 +0200 Subject: [PATCH 32/33] Build locales only ones (during apt-get install) Signed-off-by: Marcel Bargull --- images/base-glibc-debian-bash/Dockerfile | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index cebecb58..c0adc292 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -7,6 +7,10 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ && \ apt-get update -qq \ && \ + # Add en_US.UTF-8 locale. + printf '%s\n' 'en_US.UTF-8 UTF-8' \ + >> /etc/locale.gen \ + && \ DEBIAN_FRONTEND=noninteractive \ apt-get install --yes --no-install-recommends \ $( \ @@ -29,13 +33,6 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ openssh-client \ procps \ && \ - # Add en_US.UTF-8 locale. - sed -i \ - 's/^# *\(en_US.UTF-8\)/\1/' \ - /etc/locale.gen \ - && \ - locale-gen \ - && \ # Remove "locales" package, but keep the generated locale. sed -i \ 's/\s*rm .*locale-archive$/: &/' \ From 8bf149c609c489bb846168d3b0cd7ce128a858fa Mon Sep 17 00:00:00 2001 From: Marcel Bargull Date: Tue, 17 Oct 2023 09:04:48 +0200 Subject: [PATCH 33/33] Cross-compile BusyBox Signed-off-by: Marcel Bargull --- .../workflows/base-glibc-busybox-bash.yaml | 10 ++++++- images/base-glibc-busybox-bash/Dockerfile | 30 +++++-------------- .../Dockerfile.busybox | 23 ++++++++++++++ images/base-glibc-busybox-bash/build-busybox | 10 +++++-- 4 files changed, 47 insertions(+), 26 deletions(-) create mode 100644 images/base-glibc-busybox-bash/Dockerfile.busybox diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index 38cb8480..9c0c4169 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -53,12 +53,20 @@ jobs: buildah manifest create "${image_name}:${tag}" done + iidfile="$( mktemp )" + buildah bud \ + --iidfile="${iidfile}" \ + --build-arg=busybox_version='${{ env.BUSYBOX_VERSION }}' \ + --file=Dockerfile.busybox + busybox_image="$( cat "${iidfile}" )" + rm "${iidfile}" + for arch in amd64 arm64 ; do iidfile="$( mktemp )" buildah bud --layers \ --arch="${arch}" \ --iidfile="${iidfile}" \ - --build-arg=busybox_version='${{ env.BUSYBOX_VERSION }}' \ + --build-arg=busybox_image="${busybox_image}" \ --build-arg=debian_version='${{ env.DEBIAN_VERSION }}' image_id="$( cat "${iidfile}" )" rm "${iidfile}" diff --git a/images/base-glibc-busybox-bash/Dockerfile b/images/base-glibc-busybox-bash/Dockerfile index b8240cf7..e875a2d4 100644 --- a/images/base-glibc-busybox-bash/Dockerfile +++ b/images/base-glibc-busybox-bash/Dockerfile @@ -10,28 +10,16 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ /etc/apt/sources.list -# Build busybox ourselves to have more fine-grained control over what we want -# (or not want) to include. -# Use old Debian version to ensure compatible (low glibc requirement) binaries. -FROM debian:9-slim AS busybox_builder -RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ - '/ stretch/ { s,-updates,-backports, ; s,/(deb|security)\.,/archive., }' \ - /etc/apt/sources.list \ - && \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive \ - apt-get install --yes --no-install-recommends \ - bzip2 curl ca-certificates tar gcc libc6-dev make patch - -WORKDIR /build -COPY build-busybox ./ -ARG busybox_version -RUN ./build-busybox "${busybox_version}" +FROM build_base AS rootfs_builder +ARG busybox_image +COPY --from="${busybox_image}" /build /build WORKDIR /busybox-rootfs -RUN mkdir -p ./bin ./sbin ./usr/bin ./usr/sbin \ +RUN arch="$( uname -m )" \ + && \ + mkdir -p ./bin ./sbin ./usr/bin ./usr/sbin \ && \ - cp -al /build/busybox ./bin/ \ + cp -al "/build/busybox.${arch}" ./bin/busybox \ && \ ldd ./bin/busybox \ | grep --only-matching --extended-regexp '/lib\S+' \ @@ -41,10 +29,6 @@ RUN mkdir -p ./bin ./sbin ./usr/bin ./usr/sbin \ && \ rm -rf ./lib* - -FROM build_base AS rootfs_builder - -COPY --from=busybox_builder /busybox-rootfs /busybox-rootfs WORKDIR /rootfs RUN mkdir -p ./etc ./home ./opt ./root ./run /tmp ./usr ./var/log \ diff --git a/images/base-glibc-busybox-bash/Dockerfile.busybox b/images/base-glibc-busybox-bash/Dockerfile.busybox new file mode 100644 index 00000000..fcbd60bd --- /dev/null +++ b/images/base-glibc-busybox-bash/Dockerfile.busybox @@ -0,0 +1,23 @@ +# Build busybox ourselves to have more fine-grained control over what we want +# (or not want) to include. +# Use old Debian version to ensure compatible (low glibc requirement) binaries. +FROM debian:9-slim AS busybox_builder +RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ + '/ stretch/ { s,-updates,-backports, ; s,/(deb|security)\.,/archive., }' \ + /etc/apt/sources.list \ + && \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt-get install --yes --no-install-recommends \ + bzip2 curl ca-certificates tar \ + gcc libc6-dev \ + gcc-aarch64-linux-gnu libc6-dev-arm64-cross \ + make patch + +WORKDIR /build +COPY build-busybox ./ +ARG busybox_version +RUN ./build-busybox \ + "${busybox_version}" \ + x86_64 aarch64 + diff --git a/images/base-glibc-busybox-bash/build-busybox b/images/base-glibc-busybox-bash/build-busybox index db642e9e..902b3375 100755 --- a/images/base-glibc-busybox-bash/build-busybox +++ b/images/base-glibc-busybox-bash/build-busybox @@ -125,10 +125,16 @@ build() { main() { version="${1}" + shift download patch - config - build + for target ; do + export MAKEFLAGS="ARCH=${target} CROSS_COMPILE=${target}-linux-gnu-" + make clean + config + build + cp -al ./busybox "./busybox.${target}" + done } main "${@}"