pkg: Convert rngd to a multi-stage build

This allows us to get rid of the ./base/rng-tools Use c-compile to compile it Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2025-07-21 10:09:07 +00:00 · 2017-04-23 14:06:55 +01:00 · 2017-04-23 14:06:55 +01:00 · 8d1eb49fa7
commit 8d1eb49fa7
parent 60a12f1c52
4 changed files with 44 additions and 100 deletions
--- a/base/rng-tools/Dockerfile
+++ b/base/rng-tools/Dockerfile
@ -1,33 +0,0 @@
-FROM alpine:3.5
-RUN \
-  apk update && apk upgrade && \
-  apk add \
-  argp-standalone \
-  curl \
-  gcc \
-  linux-headers \
-  make \
-  musl-dev \
-  patch \
-  && true
-
-COPY . /
-
-ENV pkgname=rng-tools pkgver=5
-
-RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz
-RUN sha256sum -c sha256sums
-RUN zcat $pkgname-$pkgver.tar.gz | tar xf -
-
-RUN cd $pkgname-$pkgver && for p in ../*.patch; do cat $p | patch -p1; done
-
-RUN cd $pkgname-$pkgver && \
-  export LIBS="-largp" && \
-  LDFLAGS=-static ./configure \
-    --prefix=/usr \
-    --libexecdir=/usr/lib/rng-tools \
-    --sysconfdir=/etc \
-    --disable-silent-rules && \
-  make && \
-  make DESTDIR=/ install && \
-  strip /usr/sbin/rngd
--- a/base/rng-tools/Makefile
+++ b/base/rng-tools/Makefile
@ -1,29 +0,0 @@
-.PHONY: tag push
-
-BASE=alpine:3.5
-IMAGE=rng-tools
-
-default: push
-
-hash: Dockerfile fix-textrels-on-PIC-x86.patch sha256sums
-	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
-	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
-	docker run --rm $(IMAGE):build sh -c 'cat /Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
-
-push: hash
-	docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
-		(docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \
-		 docker push linuxkit/$(IMAGE):$(shell cat hash))
-	docker rmi $(IMAGE):build
-	rm -f hash
-
-tag: hash
-	docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
-		docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)
-	docker rmi $(IMAGE):build
-	rm -f hash
-
-clean:
-	rm -f hash
-
-.DELETE_ON_ERROR:
--- a/pkg/rngd/Dockerfile
+++ b/pkg/rngd/Dockerfile
@ -1,3 +1,33 @@
-FROM scratch
-COPY . ./
+FROM linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d@sha256:473fd283a090d3546e93915adacf00c69a23ff615c95c968c4a40e8723985853 AS rng-build
+
+COPY . /
+
+ENV pkgname=rng-tools pkgver=5
+RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz
+RUN sha256sum -c sha256sums
+RUN zcat $pkgname-$pkgver.tar.gz | tar xf -
+
+RUN cd $pkgname-$pkgver && for p in ../*.patch; do cat $p | patch -p1; done
+
+RUN cd $pkgname-$pkgver && \
+  export LIBS="-largp" && \
+  LDFLAGS=-static ./configure \
+    --prefix=/usr \
+    --libexecdir=/usr/lib/rng-tools \
+    --sysconfdir=/etc \
+    --disable-silent-rules && \
+  make && \
+  make DESTDIR=/ install && \
+  strip /usr/sbin/rngd
+RUN mkdir -p /tmp/dev /tmp/proc /tmp/sys
+
+
+FROM linuxkit/tini:6714d66b82b5397f497b2aa05764096ed1ffe7d7@sha256:ba594b96af6195737ce2df702196d7adea2cafde554e18940ee14ad575d27f3b
+ENTRYPOINT []
+WORKDIR /
+COPY --from=rng-build usr/sbin/rngd usr/sbin/rngd
+# Can't create directories, so copy empty dirs from previous context
+COPY --from=rng-build tmp/dev dev
+COPY --from=rng-build tmp/proc proc
+COPY --from=rng-build tmp/sys sys
 CMD ["/bin/tini", "/usr/sbin/rngd", "-f"]
--- a/pkg/rngd/Makefile
+++ b/pkg/rngd/Makefile
@ -1,50 +1,26 @@
-RNG_TOOLS_IMAGE=linuxkit/rng-tools:d77676ea6ae229b779868e5eff4600f59b0eb0d8@sha256:61cafe4075e1223a110d8569961bbf9ec0ab64abd4abb04c1677d7ecd7078383
-RNGD_BINARY=usr/sbin/rngd
-
-TINI_IMAGE=linuxkit/tini:da0e068f8b537b81f817439a52f63e8f6d91cca3@sha256:bdca5e6703c9553d890c79a4a094e2f05df87f09f6bd5bef26c06d6cba56c112
-TINI_BINARY=bin/tini
-
-.PHONY: tag push clean container
+.PHONY: tag push
 default: push

-$(TINI_BINARY):
-	mkdir -p $(dir $@)
-	docker run --rm --net=none $(TINI_IMAGE) tar cf - $@ | tar xf -
-
-$(RNGD_BINARY):
-	mkdir -p $(dir $@)
-	docker run --rm --net=none $(RNG_TOOLS_IMAGE) tar cf - $@ | tar xf -
-
-SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
-
 IMAGE=rngd
+SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
+DEPS=Dockerfile Makefile

-DIRS=dev proc sys
-$(DIRS):
-	mkdir -p $@
-
-DEPS=$(DIRS) $(TINI_BINARY) $(RNGD_BINARY)
-
-container: Dockerfile $(DEPS)
-	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
-
-hash: Dockerfile $(DEPS)
+hash: $(DEPS)
 	find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash

-push: hash container
+tag: hash
 	docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
-		(docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \
-		 docker push linuxkit/$(IMAGE):$(shell cat hash))
-	docker rmi $(IMAGE):build
-	rm -f hash
+		(docker build --no-cache -t $(IMAGE):build . && \
+		 docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))

-tag: hash container
+push: tag
 	docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
-		docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)
-	docker rmi $(IMAGE):build
+		docker push linuxkit/$(IMAGE):$(shell cat hash)
 	rm -f hash
+	docker rmi $(IMAGE):build || true

 clean:
-	rm -rf hash $(DIRS) usr bin
+	rm -f hash
+	docker rmi $(IMAGE):build || true

 .DELETE_ON_ERROR: