deterministic docker support

2026-03-08 04:15:24 +01:00 · 2024-01-15 22:16:40 -08:00 · 2024-01-15 22:16:40 -08:00 · 3e532d3e7d
commit 3e532d3e7d
parent 347a33bd7e
3 changed files with 33 additions and 13 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,2 @@
+*
+!target
--- a/33
+++ b/33
@ -1,13 +1,24 @@
-FROM local/stage0 as stage0
-
-FROM debian as fetch
-RUN apt update && apt install -y curl gcc
-ADD . live-bootstrap
-WORKDIR live-bootstrap
-RUN ./download-distfiles.sh
-RUN mv target/ /rootfs/
-
 FROM scratch as build
-COPY --from=fetch /rootfs .
-ENV PATH=/bin
+ADD target/ /
 RUN ["/bootstrap-seeds/POSIX/x86/kaem-optional-seed"]
+
+FROM build as install
+ENV PATH=/bin:/usr/sbin:/usr/bin
+RUN set -eux; \
+    rm -rf /usr/lib/python*/__pycache__; \
+    mkdir -p /rootfs/etc /rootfs/home/user; \
+    cp -R $(ls -d /etc/* | grep -v '\(resolv.conf\|hosts\)') /rootfs/etc/; \
+    cp -R lib usr bin var /rootfs/; \
+    echo "user:x:1000:" > /rootfs/etc/group; \
+    echo "user:x:1000:1000::/home/user:/bin/bash" > /rootfs/etc/passwd; \
+    find /rootfs -exec touch -hcd "@0" "{}" +
+
+FROM scratch as package
+COPY --from=install /rootfs /
+USER 1000:1000
+ENTRYPOINT ["/bin/bash"]
+ENV TZ=UTC
+ENV LANG=C.UTF-8
+ENV SOURCE_DATE_EPOCH=1
+ENV KCONFIG_NOTIMESTAMP=1
+ENV PS1="bootstrap$ "
--- a/rootfs.py
+++ b/rootfs.py
@ -175,6 +175,9 @@ def main():
    else:
        args.target_size = 0

+    if args.docker:
+        args.external_sources = True
+
    # Swap file size validation
    if args.qemu or args.bare_metal:
        args.swap = (int(str(args.swap).rstrip('gGmM')) *
@ -259,9 +262,13 @@ print(shutil.which('chroot'))
        arch = stage0_arch_map.get(args.arch, args.arch)
        init = os.path.join(os.sep, 'bootstrap-seeds', 'POSIX', arch, 'kaem-optional-seed')
        print(generator.target_dir, init)
-        run('env', '-i', 'DOCKER_BUILDKIT=1', 'docker', 'build',
+        run('env', '-i', 'DOCKER_BUILDKIT=1', 'SOURCE_DATE_EPOCH=1',
+                                                 'docker', 'build',
+                                                 '--build-arg=SOURCE_DATE_EPOCH=1',
                                                 '--progress=plain',
-                                                 '-t', 'local/live',
+                                                 '--platform=linux/amd64',
+                                                 '--target=package',
+                                                 '-t', 'local/live-bootstrap',
                                                 '.')

    elif args.bwrap: