JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dockerfile: fix linking newuidmap and newgidmap (partially reverts #1405) 

* Existing releases v0.3.0...v0.7.1 use newuidmap dynamically linked with musl

* #1405 attempted to link newuidmap statically with glibc, but it was actually dynamically linked by accident and was never used as the external base.
Switching from musl (Alpine) to glibc (Debian) is just because we don't have `cross.sh` for Alpine.
We could fix the script to link the binary statically, but statically linked binary doesn't work on Alpine because of "Cannot determine your user name." error.

* This commit reverts #1405 for newuidmap, and build the stage with `--platform=$TARGETPLATFORM`.
In future we should port over `cross.sh` to Alpine and use `--platform=$BUILDPLATFORM`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
v0.8
Akihiro Suda 2020-05-19 11:56:29 +09:00
parent 9380d34799
commit f026da9f1a
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Dockerfile
View File

@ -259,24 +259,18 @@ VOLUME /var/lib/buildkit
# newuidmap & newgidmap binaries (shadow-uidmap 4.7-r1) shipped with alpine:3.11 cannot be executed without CAP_SYS_ADMIN,
# because the binaries are built without libcap-dev.
# So we need to build the binaries with libcap enabled.
FROM --platform=$BUILDPLATFORM debian:10 AS idmap
RUN apt-get update && apt-get install --no-install-recommends -y automake autopoint bison ca-certificates curl file gettext git gcc libcap-dev libtool make
FROM alpine:3.11 AS idmap
RUN apk add --no-cache autoconf automake build-base byacc gettext gettext-dev gcc git libcap-dev libtool libxslt
RUN git clone https://github.com/shadow-maint/shadow.git /shadow
WORKDIR /shadow
ARG SHADOW_VERSION
RUN git checkout $SHADOW_VERSION
ARG TARGETPLATFORM
RUN curl -o /cross.sh https://raw.githubusercontent.com/AkihiroSuda/tonistiigi-binfmt/c0f14b94cdb5b6de0afd1c4b5118891b1174fefc/binfmt/scripts/cross.sh && \
chmod +x /cross.sh && \
/cross.sh install gcc pkgconf libcap-dev | sh
RUN CC=$(/cross.sh cross-prefix)-gcc LD=$(/cross.sh cross-prefix)-ld ./autogen.sh --disable-nls --disable-man --without-audit --without-selinux --without-acl --without-attr --without-tcb --without-nscd \
RUN ./autogen.sh --disable-nls --disable-man --without-audit --without-selinux --without-acl --without-attr --without-tcb --without-nscd \
&& make \
&& cp src/newuidmap src/newgidmap /usr/bin \
&& file /usr/bin/newuidmap | grep "statically linked" \
&& file /usr/bin/newgidmap | grep "statically linked"
&& cp src/newuidmap src/newgidmap /usr/bin
# Rootless mode.
FROM --platform=$TARGETPLATFORM alpine:3.11 AS rootless
FROM alpine:3.11 AS rootless
RUN apk add --no-cache fuse3 git xz
COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap
COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap