github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-11-02 00:48:32 +00:00
Code Issues Projects Releases Wiki Activity

Move base images directory to top level

Browse Source 
These are standalone, better to have them at the top.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack
2017-01-24 18:55:23 +00:00
parent f27c3ff5ed
commit f8e0a3d61c
93 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
base/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
hash

10
base/Makefile Normal file
View File

@@ -0,0 +1,10 @@
DIRS = $(shell find . -type d -depth 1)
.PHONY: clean dirs $(DIRS)
push: $(DIRS)
$(DIRS):
$(MAKE) -C $@
clean:
rm -f hash

13
base/alpine-aws/Dockerfile Normal file
View File

@@ -0,0 +1,13 @@
FROM alpine:3.5
RUN \
apk update && apk upgrade && \
apk add --no-cache \
curl \
e2fsprogs \
jq \
python3 \
syslinux \
&& true
RUN pip3 install -U awscli

29
base/alpine-aws/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=alpine-aws
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c '(pip list && cat /lib/apk/db/installed) | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

26
base/alpine-base/Dockerfile Normal file
View File

@@ -0,0 +1,26 @@
FROM alpine:3.5
COPY repositories /etc/apk/
RUN \
apk update && apk upgrade -a && \
apk add --no-cache \
busybox-initscripts \
chrony \
cifs-utils \
curl \
dhcpcd \
e2fsprogs \
e2fsprogs-extra \
fuse \
git \
hvtools \
iptables \
jq \
openrc \
openssh-client \
sfdisk \
strace \
sysklogd \
xz \
&& true

31
base/alpine-base/Makefile Normal file
View File

@@ -0,0 +1,31 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=alpine-base
default: push
hash: Dockerfile repositories
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker run --rm $(IMAGE):build cat /lib/apk/db/installed | grep -E '^(P|V)' | \
awk '/^P/{printf substr($$1, 3),$$0;next} /^V/{print " " substr($$1, 3);next}' | sort > packages
docker rmi -f $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi -f $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

50
base/alpine-base/packages Normal file
View File

@@ -0,0 +1,50 @@
alpine-baselayout 3.0.4-r0
alpine-keys 1.3-r0
apk-tools 2.6.8-r1
busybox 1.25.1-r0
busybox-initscripts 3.0-r8
ca-certificates 20161130-r0
chrony 2.4-r0
cifs-utils 6.6-r0
curl 7.52.1-r0
dhcpcd 6.11.5-r0
e2fsprogs 1.43.3-r0
e2fsprogs-extra 1.43.3-r0
e2fsprogs-libs 1.43.3-r0
expat 2.2.0-r0
fuse 2.9.7-r0
git 2.11.0-r0
hvtools 4.4.15-r0
iptables 1.6.0-r0
jq 1.5-r3
keyutils-libs 1.5.9-r1
krb5-conf 1.0-r1
krb5-libs 1.14.3-r1
libblkid 2.28.2-r1
libc-utils 0.7-r1
libcap 2.25-r1
libcom_err 1.43.3-r0
libcurl 7.52.1-r0
libfdisk 2.28.2-r1
libmnl 1.0.4-r0
libnftnl-libs 1.0.7-r0
libressl2.4-libcrypto 2.4.4-r0
libressl2.4-libssl 2.4.4-r0
libsmartcols 2.28.2-r1
libssh2 1.7.0-r2
libuuid 2.28.2-r1
libverto 0.2.5-r0
musl 1.1.15-r5
musl-utils 1.1.15-r5
oniguruma 6.1.3-r0
openrc 0.21.7-r3
openssh-client 7.4_p1-r0
pcre 8.39-r0
scanelf 1.1.6-r0
sfdisk 2.28.2-r1
strace 4.14-r0
sysklogd 1.5.1-r0
talloc 2.1.8-r0
xz 5.2.2-r1
xz-libs 5.2.2-r1
zlib 1.2.8-r2

1
base/alpine-base/repositories Normal file
View File

@@ -0,0 +1 @@
http://dl-cdn.alpinelinux.org/alpine/v3.5/main

34
base/alpine-build-c/Dockerfile Normal file
View File

@@ -0,0 +1,34 @@
FROM alpine:3.5
RUN \
apk update && apk upgrade && \
apk add \
alpine-sdk \
argp-standalone \
automake \
bash \
bc \
binutils-dev \
bison \
cmake \
curl \
flex \
gmp-dev \
gtk+2.0-dev \
gtk+-dev \
groff \
installkernel \
kmod \
libelf-dev \
linux-headers \
ncurses-dev \
perl-dev \
python-dev \
sed \
slang-dev \
squashfs-tools \
syslinux \
unzip \
util-linux-dev \
vim \
xz \
&& true

29
base/alpine-build-c/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=alpine-build-c
default: push
hash:
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

788
base/alpine-build-ebpf/100-musl-compat.patch Normal file
View File

@@ -0,0 +1,788 @@
--- a/lib/system.h
+++ b/lib/system.h
@@ -68,6 +68,16 @@ extern int crc32_file (int fd, uint32_t
#define gettext_noop(Str) Str
+#ifndef TEMP_FAILURE_RETRY
+#define TEMP_FAILURE_RETRY(expression) \
+ (__extension__ \
+ ({ long int __result; \
+ do __result = (long int) (expression); \
+ while (__result == -1L && errno == EINTR); \
+ __result; }))
+#endif
+
+#define error(status, errno, ...) err(status, __VA_ARGS__)
static inline ssize_t __attribute__ ((unused))
pwrite_retry (int fd, const void *buf, size_t len, off_t off)
--- a/lib/color.c
+++ b/lib/color.c
@@ -32,7 +32,7 @@
#endif
#include <argp.h>
-#include <error.h>
+#include <err.h>
#include <libintl.h>
#include <stdlib.h>
#include <string.h>
--- a/lib/xmalloc.c
+++ b/lib/xmalloc.c
@@ -30,7 +30,7 @@
# include <config.h>
#endif
-#include <error.h>
+#include <err.h>
#include <libintl.h>
#include <stddef.h>
#include <stdlib.h>
--- a/src/addr2line.c
+++ b/src/addr2line.c
@@ -23,7 +23,7 @@
#include <argp.h>
#include <assert.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <inttypes.h>
#include <libdwfl.h>
--- a/src/ar.c
+++ b/src/ar.c
@@ -22,7 +22,7 @@
#include <argp.h>
#include <assert.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <libintl.h>
--- a/src/arlib2.c
+++ b/src/arlib2.c
@@ -20,7 +20,7 @@
# include <config.h>
#endif
-#include <error.h>
+#include <err.h>
#include <libintl.h>
#include <limits.h>
#include <string.h>
--- a/src/arlib.c
+++ b/src/arlib.c
@@ -21,7 +21,7 @@
#endif
#include <assert.h>
-#include <error.h>
+#include <err.h>
#include <gelf.h>
#include <libintl.h>
#include <stdio.h>
--- a/src/elfcmp.c
+++ b/src/elfcmp.c
@@ -23,7 +23,7 @@
#include <argp.h>
#include <assert.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <locale.h>
#include <libintl.h>
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -24,7 +24,7 @@
#include <assert.h>
#include <byteswap.h>
#include <endian.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <inttypes.h>
--- a/src/findtextrel.c
+++ b/src/findtextrel.c
@@ -23,7 +23,7 @@
#include <argp.h>
#include <assert.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <libdw.h>
--- a/src/i386_ld.c
+++ b/src/i386_ld.c
@@ -20,7 +20,7 @@
#endif
#include <assert.h>
-#include <error.h>
+#include <err.h>
#include <libintl.h>
#include <stdlib.h>
#include <string.h>
--- a/src/ld.c
+++ b/src/ld.c
@@ -21,7 +21,7 @@
#include <argp.h>
#include <assert.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <libelf.h>
#include <libintl.h>
--- a/src/ldgeneric.c
+++ b/src/ldgeneric.c
@@ -23,7 +23,7 @@
#include <ctype.h>
#include <dlfcn.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <fnmatch.h>
#include <gelf.h>
--- a/src/ldlex.c
+++ b/src/ldlex.c
@@ -1106,7 +1106,7 @@ char *ldtext;
#include <assert.h>
#include <ctype.h>
#include <elf.h>
-#include <error.h>
+#include <err.h>
#include <inttypes.h>
#include <libintl.h>
#include <stdbool.h>
--- a/src/ldscript.c
+++ b/src/ldscript.c
@@ -95,7 +95,7 @@
#endif
#include <assert.h>
-#include <error.h>
+#include <err.h>
#include <libintl.h>
#include <stdbool.h>
#include <stdint.h>
@@ -106,7 +106,7 @@
#include <system.h>
#include <ld.h>
-/* The error handler. */
+/* The err.handler. */
static void yyerror (const char *s);
/* Some helper functions we need to construct the data structures
--- a/src/nm.c
+++ b/src/nm.c
@@ -26,7 +26,7 @@
#include <ctype.h>
#include <dwarf.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <inttypes.h>
--- a/src/objdump.c
+++ b/src/objdump.c
@@ -21,7 +21,7 @@
#endif
#include <argp.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <inttypes.h>
#include <libintl.h>
--- a/src/ranlib.c
+++ b/src/ranlib.c
@@ -24,7 +24,7 @@
#include <argp.h>
#include <assert.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <libintl.h>
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -25,7 +25,7 @@
#include <ctype.h>
#include <dwarf.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <inttypes.h>
--- a/src/size.c
+++ b/src/size.c
@@ -21,7 +21,7 @@
#endif
#include <argp.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <inttypes.h>
--- a/src/stack.c
+++ b/src/stack.c
@@ -18,7 +18,7 @@
#include <config.h>
#include <assert.h>
#include <argp.h>
-#include <error.h>
+#include <err.h>
#include <stdlib.h>
#include <inttypes.h>
#include <stdio.h>
--- a/src/strings.c
+++ b/src/strings.c
@@ -25,7 +25,7 @@
#include <ctype.h>
#include <endian.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <inttypes.h>
--- a/src/strip.c
+++ b/src/strip.c
@@ -24,7 +24,7 @@
#include <assert.h>
#include <byteswap.h>
#include <endian.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <libelf.h>
--- a/src/unstrip.c
+++ b/src/unstrip.c
@@ -31,7 +31,7 @@
#include <argp.h>
#include <assert.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <fnmatch.h>
#include <libintl.h>
--- a/tests/addrscopes.c
+++ b/tests/addrscopes.c
@@ -25,7 +25,7 @@
#include <stdio_ext.h>
#include <locale.h>
#include <stdlib.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
--- a/tests/allregs.c
+++ b/tests/allregs.c
@@ -21,7 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <error.h>
+#include <err.h>
#include <locale.h>
#include <argp.h>
#include <assert.h>
--- a/tests/backtrace.c
+++ b/tests/backtrace.c
@@ -24,7 +24,7 @@
#include <dirent.h>
#include <stdlib.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <unistd.h>
#include <dwarf.h>
#ifdef __linux__
--- a/tests/backtrace-data.c
+++ b/tests/backtrace-data.c
@@ -27,7 +27,7 @@
#include <dirent.h>
#include <stdlib.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <unistd.h>
#include <dwarf.h>
#if defined(__x86_64__) && defined(__linux__)
--- a/tests/buildid.c
+++ b/tests/buildid.c
@@ -23,7 +23,7 @@
#include ELFUTILS_HEADER(elf)
#include ELFUTILS_HEADER(dwelf)
#include <stdio.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
--- a/tests/debugaltlink.c
+++ b/tests/debugaltlink.c
@@ -23,7 +23,7 @@
#include ELFUTILS_HEADER(dw)
#include ELFUTILS_HEADER(dwelf)
#include <stdio.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
--- a/tests/debuglink.c
+++ b/tests/debuglink.c
@@ -21,7 +21,7 @@
#include <errno.h>
#include ELFUTILS_HEADER(dwelf)
#include <stdio.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
--- a/tests/dwfl-addr-sect.c
+++ b/tests/dwfl-addr-sect.c
@@ -23,7 +23,7 @@
#include <stdio_ext.h>
#include <stdlib.h>
#include <string.h>
-#include <error.h>
+#include <err.h>
#include <locale.h>
#include <argp.h>
#include ELFUTILS_HEADER(dwfl)
--- a/tests/dwfl-bug-addr-overflow.c
+++ b/tests/dwfl-bug-addr-overflow.c
@@ -20,7 +20,7 @@
#include <inttypes.h>
#include <stdio.h>
#include <stdio_ext.h>
-#include <error.h>
+#include <err.h>
#include <locale.h>
#include ELFUTILS_HEADER(dwfl)
--- a/tests/dwfl-bug-fd-leak.c
+++ b/tests/dwfl-bug-fd-leak.c
@@ -24,7 +24,7 @@
#include <dirent.h>
#include <stdlib.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <unistd.h>
#include <dwarf.h>
#include <sys/resource.h>
--- a/tests/dwfl-bug-getmodules.c
+++ b/tests/dwfl-bug-getmodules.c
@@ -18,7 +18,7 @@
#include <config.h>
#include ELFUTILS_HEADER(dwfl)
-#include <error.h>
+#include <err.h>
static const Dwfl_Callbacks callbacks =
{
--- a/tests/dwfllines.c
+++ b/tests/dwfllines.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <error.h>
+#include <err.h>
int
main (int argc, char *argv[])
--- a/tests/dwflmodtest.c
+++ b/tests/dwflmodtest.c
@@ -23,7 +23,7 @@
#include <stdio_ext.h>
#include <stdlib.h>
#include <string.h>
-#include <error.h>
+#include <err.h>
#include <locale.h>
#include <argp.h>
#include ELFUTILS_HEADER(dwfl)
--- a/tests/dwfl-report-elf-align.c
+++ b/tests/dwfl-report-elf-align.c
@@ -20,7 +20,7 @@
#include <inttypes.h>
#include <stdio.h>
#include <stdio_ext.h>
-#include <error.h>
+#include <err.h>
#include <locale.h>
#include <string.h>
#include <stdlib.h>
--- a/tests/dwflsyms.c
+++ b/tests/dwflsyms.c
@@ -25,7 +25,7 @@
#include <stdio.h>
#include <stdio_ext.h>
#include <stdlib.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
static const char *
--- a/tests/early-offscn.c
+++ b/tests/early-offscn.c
@@ -19,7 +19,7 @@
#endif
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <stdio.h>
--- a/tests/ecp.c
+++ b/tests/ecp.c
@@ -20,7 +20,7 @@
#endif
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <stdlib.h>
--- a/tests/find-prologues.c
+++ b/tests/find-prologues.c
@@ -25,7 +25,7 @@
#include <stdio_ext.h>
#include <locale.h>
#include <stdlib.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
#include <fnmatch.h>
--- a/tests/funcretval.c
+++ b/tests/funcretval.c
@@ -25,7 +25,7 @@
#include <stdio_ext.h>
#include <locale.h>
#include <stdlib.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
#include <fnmatch.h>
--- a/tests/funcscopes.c
+++ b/tests/funcscopes.c
@@ -25,7 +25,7 @@
#include <stdio_ext.h>
#include <locale.h>
#include <stdlib.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
#include <fnmatch.h>
--- a/tests/line2addr.c
+++ b/tests/line2addr.c
@@ -26,7 +26,7 @@
#include <locale.h>
#include <stdlib.h>
#include <string.h>
-#include <error.h>
+#include <err.h>
static void
--- a/tests/low_high_pc.c
+++ b/tests/low_high_pc.c
@@ -25,7 +25,7 @@
#include <stdio_ext.h>
#include <locale.h>
#include <stdlib.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
#include <fnmatch.h>
--- a/tests/md5-sha1-test.c
+++ b/tests/md5-sha1-test.c
@@ -19,7 +19,7 @@
#endif
#include <string.h>
-#include <error.h>
+#include <err.h>
#include "md5.h"
#include "sha1.h"
--- a/tests/rdwrmmap.c
+++ b/tests/rdwrmmap.c
@@ -19,7 +19,7 @@
#endif
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
--- a/tests/saridx.c
+++ b/tests/saridx.c
@@ -17,7 +17,7 @@
#include <config.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <stdio.h>
--- a/tests/sectiondump.c
+++ b/tests/sectiondump.c
@@ -18,7 +18,7 @@
#include <config.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <inttypes.h>
--- a/tests/varlocs.c
+++ b/tests/varlocs.c
@@ -25,7 +25,7 @@
#include <dwarf.h>
#include <stdio.h>
#include <stdlib.h>
-#include <error.h>
+#include <err.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
--- a/libelf/libelf.h
+++ b/libelf/libelf.h
@@ -29,6 +29,7 @@
#ifndef _LIBELF_H
#define _LIBELF_H 1
+#include <fcntl.h>
#include <stdint.h>
#include <sys/types.h>
--- a/libasm/asm_end.c
+++ b/libasm/asm_end.c
@@ -32,7 +32,7 @@
#endif
#include <assert.h>
-#include <error.h>
+#include <err.h>
#include <libintl.h>
#include <stdio.h>
#include <stdlib.h>
--- a/libasm/asm_newscn.c
+++ b/libasm/asm_newscn.c
@@ -32,7 +32,7 @@
#endif
#include <assert.h>
-#include <error.h>
+#include <err.h>
#include <libintl.h>
#include <stdlib.h>
#include <string.h>
--- a/libcpu/i386_gendis.c
+++ b/libcpu/i386_gendis.c
@@ -31,7 +31,7 @@
# include <config.h>
#endif
-#include <error.h>
+#include <err.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
--- a/libcpu/i386_lex.c
+++ b/libcpu/i386_lex.c
@@ -578,7 +578,7 @@ char *i386_text;
#endif
#include <ctype.h>
-#include <error.h>
+#include <err.h>
#include <libintl.h>
#include <system.h>
--- a/libcpu/i386_lex.l
+++ b/libcpu/i386_lex.l
@@ -31,7 +31,7 @@
#endif
#include <ctype.h>
-#include <error.h>
+#include <err.h>
#include <libintl.h>
#include <system.h>
--- a/libcpu/i386_parse.c
+++ b/libcpu/i386_parse.c
@@ -107,7 +107,7 @@
#include <assert.h>
#include <ctype.h>
#include <errno.h>
-#include <error.h>
+#include <err.h>
#include <inttypes.h>
#include <libintl.h>
#include <math.h>
--- a/libdw/libdw_alloc.c
+++ b/libdw/libdw_alloc.c
@@ -31,7 +31,7 @@
# include <config.h>
#endif
-#include <error.h>
+#include <err.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/param.h>
@@ -74,5 +74,5 @@ __attribute ((noreturn, visibility ("hid
__libdw_oom (void)
{
while (1)
- error (EXIT_FAILURE, ENOMEM, "libdw");
+ err (EXIT_FAILURE, "libdw: out of memory");
}
--- a/libebl/eblopenbackend.c
+++ b/libebl/eblopenbackend.c
@@ -32,7 +32,7 @@
#include <assert.h>
#include <dlfcn.h>
-#include <error.h>
+#include <err.h>
#include <libelfP.h>
#include <dwarf.h>
#include <stdlib.h>
--- a/src/ldlex.l
+++ b/src/ldlex.l
@@ -23,7 +23,7 @@
#include <assert.h>
#include <ctype.h>
#include <elf.h>
-#include <error.h>
+#include <err.h>
#include <inttypes.h>
#include <libintl.h>
#include <stdbool.h>
--- a/libebl/eblwstrtab.c
+++ b/libebl/eblwstrtab.c
@@ -305,7 +305,7 @@ copystrings (struct Ebl_WStrent *nodep,
/* Process the current node. */
nodep->offset = *offsetp;
- *freep = wmempcpy (*freep, nodep->string, nodep->len);
+ *freep = wmemcpy (*freep, nodep->string, nodep->len) + nodep->len;
*offsetp += nodep->len * sizeof (wchar_t);
for (subs = nodep->next; subs != NULL; subs = subs->next)
--- a/libdwfl/dwfl_error.c
+++ b/libdwfl/dwfl_error.c
@@ -140,6 +140,7 @@ __libdwfl_seterrno (Dwfl_Error error)
const char *
dwfl_errmsg (int error)
{
+ static __thread char s[64] = "";
if (error == 0 || error == -1)
{
int last_error = global_error;
@@ -154,7 +155,8 @@ dwfl_errmsg (int error)
switch (error &~ 0xffff)
{
case OTHER_ERROR (ERRNO):
- return strerror_r (error & 0xffff, "bad", 0);
+ strerror_r (error & 0xffff, s, sizeof(s));
+ return s;
case OTHER_ERROR (LIBELF):
return elf_errmsg (error & 0xffff);
case OTHER_ERROR (LIBDW):
--- a/libdwfl/libdwfl.h
+++ b/libdwfl/libdwfl.h
@@ -31,6 +31,27 @@
#include "libdw.h"
#include <stdio.h>
+#include <unistd.h>
+#include <alloca.h>
+#include <string.h>
+
+#ifndef TEMP_FAILURE_RETRY
+#define TEMP_FAILURE_RETRY(expression) \
+ (__extension__ \
+ ({ long int __result; \
+ do __result = (long int) (expression); \
+ while (__result == -1L && errno == EINTR); \
+ __result; }))
+#endif
+
+#ifndef strndupa
+#define strndupa(s, n) \
+ (__extension__ ({const char *__in = (s); \
+ size_t __len = strnlen (__in, (n)) + 1; \
+ char *__out = (char *) alloca (__len); \
+ __out[__len-1] = '\0'; \
+ (char *) memcpy (__out, __in, __len-1);}))
+#endif
/* Handle for a session using the library. */
typedef struct Dwfl Dwfl;
--- a/libdwfl/find-debuginfo.c
+++ b/libdwfl/find-debuginfo.c
@@ -372,7 +372,7 @@ dwfl_standard_find_debuginfo (Dwfl_Modul
/* If FILE_NAME is a symlink, the debug file might be associated
with the symlink target name instead. */
- char *canon = canonicalize_file_name (file_name);
+ char *canon = realpath (file_name, NULL);
if (canon != NULL && strcmp (file_name, canon))
fd = find_debuginfo_in_path (mod, canon,
debuglink_file, debuglink_crc,
--- a/libdwfl/dwfl_build_id_find_elf.c
+++ b/libdwfl/dwfl_build_id_find_elf.c
@@ -94,7 +94,7 @@ __libdwfl_open_by_build_id (Dwfl_Module
{
if (*file_name != NULL)
free (*file_name);
- *file_name = canonicalize_file_name (name);
+ *file_name = realpath (name, NULL);
if (*file_name == NULL)
{
*file_name = name;
--- a/libelf/elf_getarsym.c
+++ b/libelf/elf_getarsym.c
@@ -297,7 +297,7 @@ elf_getarsym (Elf *elf, size_t *ptr)
arsym[cnt].as_off = (*u32)[cnt];
arsym[cnt].as_hash = _dl_elf_hash (str_data);
- str_data = rawmemchr (str_data, '\0') + 1;
+ str_data = memchr (str_data, '\0', SIZE_MAX) + 1;
}
/* At the end a special entry. */

44
base/alpine-build-ebpf/Dockerfile Normal file
View File

@@ -0,0 +1,44 @@
FROM alpine:3.5
RUN apk update && apk upgrade -a && \
apk add --no-cache \
argp-standalone \
autoconf \
automake \
bison \
build-base \
clang \
clang-dev \
cmake \
curl \
flex-dev \
fts-dev \
gettext-dev \
git \
iperf \
libedit-dev \
libtool \
llvm \
llvm-dev \
llvm-static \
luajit-dev \
m4 \
python \
zlib-dev \
&& true
WORKDIR /build
COPY . ./
COPY Dockerfile /
COPY error.h /usr/include/
COPY cdefs.h /usr/include/sys/
ENV ELFUTILS_VERSION=0.165
RUN curl -sSL -O https://fedorahosted.org/releases/e/l/elfutils/0.165/elfutils-$ELFUTILS_VERSION.tar.bz2
RUN cat elfutils-$ELFUTILS_VERSION.tar.bz2 | tar xjf - && \
cd elfutils-$ELFUTILS_VERSION && \
patch -p1 < ../100-musl-compat.patch && \
patch -p0 < ../decl.patch && \
patch -p0 < ../intl.patch
ENV BCC_COMMIT=d4fc95d92ec9bace9bd607dfd1833e9e06457486
RUN git clone https://github.com/iovisor/bcc.git && cd bcc && git checkout $BCC_COMMIT
RUN cd bcc && patch -p0 < ../bcc-gnuism.patch
ENV LJSYSCALL_COMMIT=0b266e8f4f751ae894299d24a2d40d16c6cf856f
RUN git clone https://github.com/justincormack/ljsyscall.git && cd ljsyscall && git checkout $LJSYSCALL_COMMIT

29
base/alpine-build-ebpf/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=alpine-build-ebpf
default: push
hash: Dockerfile *.patch cdefs.h error.h
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'cat /Dockerfile /build/*.patch /build/*.h /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

27
base/alpine-build-ebpf/bcc-gnuism.patch Normal file
View File

@@ -0,0 +1,27 @@
--- src/cc/usdt.h-orig
+++ src/cc/usdt.h
@@ -86,6 +86,24 @@
ArgumentParser(const char *arg) : arg_(arg), cur_pos_(0) {}
};
+#undef REG_A
+#undef REG_B
+#undef REG_C
+#undef REG_D
+#undef REG_SI
+#undef REG_DI
+#undef REG_BP
+#undef REG_SP
+#undef REG_8
+#undef REG_9
+#undef REG_10
+#undef REG_11
+#undef REG_12
+#undef REG_13
+#undef REG_14
+#undef REG_15
+#undef REG_RIP
+
class ArgumentParser_x64 : public ArgumentParser {
enum Register {
REG_A,

628
base/alpine-build-ebpf/cdefs.h Normal file
View File

@@ -0,0 +1,628 @@
/* $NetBSD: cdefs.h,v 1.129 2016/12/27 21:52:01 christos Exp $ */
/* * Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Berkeley Software Design, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)cdefs.h 8.8 (Berkeley) 1/9/95
*/
#ifndef _SYS_CDEFS_H_
#define _SYS_CDEFS_H_
#ifdef _KERNEL_OPT
#include "opt_diagnostic.h"
#endif
/*
* Macro to test if we're using a GNU C compiler of a specific vintage
* or later, for e.g. features that appeared in a particular version
* of GNU C. Usage:
*
* #if __GNUC_PREREQ__(major, minor)
* ...cool feature...
* #else
* ...delete feature...
* #endif
*/
#ifdef __GNUC__
#define __GNUC_PREREQ__(x, y) \
((__GNUC__ == (x) && __GNUC_MINOR__ >= (y)) || \
(__GNUC__ > (x)))
#else
#define __GNUC_PREREQ__(x, y) 0
#endif
#ifdef __GNUC__
#define __strict_weak_alias(alias,sym) \
__unused static __typeof__(alias) *__weak_alias_##alias = &sym; \
__weak_alias(alias,sym)
#else
#define __strict_weak_alias(alias,sym) __weak_alias(alias,sym)
#endif
/*
* Optional marker for size-optimised MD calling convention.
*/
#ifndef __compactcall
#define __compactcall
#endif
/*
* The __CONCAT macro is used to concatenate parts of symbol names, e.g.
* with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
* The __CONCAT macro is a bit tricky -- make sure you don't put spaces
* in between its arguments. __CONCAT can also concatenate double-quoted
* strings produced by the __STRING macro, but this only works with ANSI C.
*/
#define ___STRING(x) __STRING(x)
#define ___CONCAT(x,y) __CONCAT(x,y)
#if __STDC__ || defined(__cplusplus)
#define __P(protos) protos /* full-blown ANSI C */
#define __CONCAT(x,y) x ## y
#define __STRING(x) #x
#define __const const /* define reserved names to standard */
#define __signed signed
#define __volatile volatile
#if defined(__cplusplus) || defined(__PCC__)
#define __inline inline /* convert to C++/C99 keyword */
#else
#if !defined(__GNUC__) && !defined(__lint__)
#define __inline /* delete GCC keyword */
#endif /* !__GNUC__ && !__lint__ */
#endif /* !__cplusplus */
#else /* !(__STDC__ || __cplusplus) */
#define __P(protos) () /* traditional C preprocessor */
#define __CONCAT(x,y) x/**/y
#define __STRING(x) "x"
#ifndef __GNUC__
#define __const /* delete pseudo-ANSI C keywords */
#define __inline
#define __signed
#define __volatile
#endif /* !__GNUC__ */
/*
* In non-ANSI C environments, new programs will want ANSI-only C keywords
* deleted from the program and old programs will want them left alone.
* Programs using the ANSI C keywords const, inline etc. as normal
* identifiers should define -DNO_ANSI_KEYWORDS.
*/
#ifndef NO_ANSI_KEYWORDS
#define const __const /* convert ANSI C keywords */
#define inline __inline
#define signed __signed
#define volatile __volatile
#endif /* !NO_ANSI_KEYWORDS */
#endif /* !(__STDC__ || __cplusplus) */
/*
* Used for internal auditing of the NetBSD source tree.
*/
#ifdef __AUDIT__
#define __aconst __const
#else
#define __aconst
#endif
/*
* Compile Time Assertion.
*/
#ifdef __COUNTER__
#define __CTASSERT(x) __CTASSERT0(x, __ctassert, __COUNTER__)
#else
#define __CTASSERT(x) __CTASSERT99(x, __INCLUDE_LEVEL__, __LINE__)
#define __CTASSERT99(x, a, b) __CTASSERT0(x, __CONCAT(__ctassert,a), \
__CONCAT(_,b))
#endif
#define __CTASSERT0(x, y, z) __CTASSERT1(x, y, z)
#define __CTASSERT1(x, y, z) typedef char y ## z[/*CONSTCOND*/(x) ? 1 : -1] __unused
/*
* The following macro is used to remove const cast-away warnings
* from gcc -Wcast-qual; it should be used with caution because it
* can hide valid errors; in particular most valid uses are in
* situations where the API requires it, not to cast away string
* constants. We don't use *intptr_t on purpose here and we are
* explicit about unsigned long so that we don't have additional
* dependencies.
*/
#define __UNCONST(a) ((void *)(unsigned long)(const void *)(a))
/*
* The following macro is used to remove the volatile cast-away warnings
* from gcc -Wcast-qual; as above it should be used with caution
* because it can hide valid errors or warnings. Valid uses include
* making it possible to pass a volatile pointer to memset().
* For the same reasons as above, we use unsigned long and not intptr_t.
*/
#define __UNVOLATILE(a) ((void *)(unsigned long)(volatile void *)(a))
/*
* GCC2 provides __extension__ to suppress warnings for various GNU C
* language extensions under "-ansi -pedantic".
*/
#if !__GNUC_PREREQ__(2, 0)
#define __extension__ /* delete __extension__ if non-gcc or gcc1 */
#endif
/*
* GCC1 and some versions of GCC2 declare dead (non-returning) and
* pure (no side effects) functions using "volatile" and "const";
* unfortunately, these then cause warnings under "-ansi -pedantic".
* GCC2 uses a new, peculiar __attribute__((attrs)) style. All of
* these work for GNU C++ (modulo a slight glitch in the C++ grammar
* in the distribution version of 2.5.5).
*
* GCC defines a pure function as depending only on its arguments and
* global variables. Typical examples are strlen and sqrt.
*
* GCC defines a const function as depending only on its arguments.
* Therefore calling a const function again with identical arguments
* will always produce the same result.
*
* Rounding modes for floating point operations are considered global
* variables and prevent sqrt from being a const function.
*
* Calls to const functions can be optimised away and moved around
* without limitations.
*/
#if !__GNUC_PREREQ__(2, 0) && !defined(__lint__)
#define __attribute__(x)
#endif
#if __GNUC_PREREQ__(2, 5)
#define __dead __attribute__((__noreturn__))
#elif defined(__GNUC__)
#define __dead __volatile
#else
#define __dead
#endif
#if __GNUC_PREREQ__(2, 96)
#define __pure __attribute__((__pure__))
#elif defined(__GNUC__)
#define __pure __const
#else
#define __pure
#endif
#if __GNUC_PREREQ__(2, 5)
#define __constfunc __attribute__((__const__))
#else
#define __constfunc
#endif
#if __GNUC_PREREQ__(3, 0)
#define __noinline __attribute__((__noinline__))
#else
#define __noinline /* nothing */
#endif
#if __GNUC_PREREQ__(3, 0)
#define __always_inline __attribute__((__always_inline__))
#else
#define __always_inline /* nothing */
#endif
#if __GNUC_PREREQ__(4, 1)
#define __returns_twice __attribute__((__returns_twice__))
#else
#define __returns_twice /* nothing */
#endif
#if __GNUC_PREREQ__(4, 5)
#define __noclone __attribute__((__noclone__))
#else
#define __noclone /* nothing */
#endif
/*
* __unused: Note that item or function might be unused.
*/
#if __GNUC_PREREQ__(2, 7) || defined(__lint__)
#define __unused __attribute__((__unused__))
#else
#define __unused /* delete */
#endif
/*
* __used: Note that item is needed, even if it appears to be unused.
*/
#if __GNUC_PREREQ__(3, 1)
#define __used __attribute__((__used__))
#else
#define __used __unused
#endif
/*
* __diagused: Note that item is used in diagnostic code, but may be
* unused in non-diagnostic code.
*/
#if (defined(_KERNEL) && defined(DIAGNOSTIC)) \
|| (!defined(_KERNEL) && !defined(NDEBUG))
#define __diagused /* empty */
#else
#define __diagused __unused
#endif
/*
* __debugused: Note that item is used in debug code, but may be
* unused in non-debug code.
*/
#if defined(DEBUG)
#define __debugused /* empty */
#else
#define __debugused __unused
#endif
#if __GNUC_PREREQ__(3, 1)
#define __noprofile __attribute__((__no_instrument_function__))
#else
#define __noprofile /* nothing */
#endif
#if __GNUC_PREREQ__(4, 6) || defined(__clang__)
#define __unreachable() __builtin_unreachable()
#else
#define __unreachable() do {} while (/*CONSTCOND*/0)
#endif
#if defined(__cplusplus)
#define __BEGIN_EXTERN_C extern "C" {
#define __END_EXTERN_C }
#define __static_cast(x,y) static_cast<x>(y)
#else
#define __BEGIN_EXTERN_C
#define __END_EXTERN_C
#define __static_cast(x,y) (x)y
#endif
#if __GNUC_PREREQ__(4, 0)
# define __dso_public __attribute__((__visibility__("default")))
# define __dso_hidden __attribute__((__visibility__("hidden")))
# define __BEGIN_PUBLIC_DECLS \
_Pragma("GCC visibility push(default)") __BEGIN_EXTERN_C
# define __END_PUBLIC_DECLS __END_EXTERN_C _Pragma("GCC visibility pop")
# define __BEGIN_HIDDEN_DECLS \
_Pragma("GCC visibility push(hidden)") __BEGIN_EXTERN_C
# define __END_HIDDEN_DECLS __END_EXTERN_C _Pragma("GCC visibility pop")
#else
# define __dso_public
# define __dso_hidden
# define __BEGIN_PUBLIC_DECLS __BEGIN_EXTERN_C
# define __END_PUBLIC_DECLS __END_EXTERN_C
# define __BEGIN_HIDDEN_DECLS __BEGIN_EXTERN_C
# define __END_HIDDEN_DECLS __END_EXTERN_C
#endif
#if __GNUC_PREREQ__(4, 2)
# define __dso_protected __attribute__((__visibility__("protected")))
#else
# define __dso_protected
#endif
#define __BEGIN_DECLS __BEGIN_PUBLIC_DECLS
#define __END_DECLS __END_PUBLIC_DECLS
/*
* Non-static C99 inline functions are optional bodies. They don't
* create global symbols if not used, but can be replaced if desirable.
* This differs from the behavior of GCC before version 4.3. The nearest
* equivalent for older GCC is `extern inline'. For newer GCC, use the
* gnu_inline attribute additionally to get the old behavior.
*
* For C99 compilers other than GCC, the C99 behavior is expected.
*/
#if defined(__GNUC__) && defined(__GNUC_STDC_INLINE__)
#define __c99inline extern __attribute__((__gnu_inline__)) __inline
#elif defined(__GNUC__)
#define __c99inline extern __inline
#elif defined(__STDC_VERSION__)
#define __c99inline __inline
#endif
#if defined(__lint__)
#define __packed __packed
#define __aligned(x) /* delete */
#define __section(x) /* delete */
#elif __GNUC_PREREQ__(2, 7) || defined(__PCC__)
#define __packed __attribute__((__packed__))
#define __aligned(x) __attribute__((__aligned__(x)))
#define __section(x) __attribute__((__section__(x)))
#elif defined(_MSC_VER)
#define __packed /* ignore */
#else
#define __packed error: no __packed for this compiler
#define __aligned(x) error: no __aligned for this compiler
#define __section(x) error: no __section for this compiler
#endif
/*
* C99 defines the restrict type qualifier keyword, which was made available
* in GCC 2.92.
*/
#if defined(__lint__)
#define __restrict /* delete __restrict when not supported */
#elif __STDC_VERSION__ >= 199901L
#define __restrict restrict
#elif __GNUC_PREREQ__(2, 92)
#define __restrict __restrict__
#else
#define __restrict /* delete __restrict when not supported */
#endif
/*
* C99 defines __func__ predefined identifier, which was made available
* in GCC 2.95.
*/
#if !(__STDC_VERSION__ >= 199901L)
#if __GNUC_PREREQ__(2, 6)
#define __func__ __PRETTY_FUNCTION__
#elif __GNUC_PREREQ__(2, 4)
#define __func__ __FUNCTION__
#else
#define __func__ ""
#endif
#endif /* !(__STDC_VERSION__ >= 199901L) */
#if defined(_KERNEL)
#if defined(NO_KERNEL_RCSIDS)
#undef __KERNEL_RCSID
#define __KERNEL_RCSID(_n, _s) /* nothing */
#endif /* NO_KERNEL_RCSIDS */
#endif /* _KERNEL */
#if !defined(_STANDALONE) && !defined(_KERNEL)
#if defined(__GNUC__) || defined(__PCC__)
#define __RENAME(x) ___RENAME(x)
#elif defined(__lint__)
#define __RENAME(x) __symbolrename(x)
#else
#error "No function renaming possible"
#endif /* __GNUC__ */
#else /* _STANDALONE || _KERNEL */
#define __RENAME(x) no renaming in kernel/standalone environment
#endif
/*
* A barrier to stop the optimizer from moving code or assume live
* register values. This is gcc specific, the version is more or less
* arbitrary, might work with older compilers.
*/
#if __GNUC_PREREQ__(2, 95)
#define __insn_barrier() __asm __volatile("":::"memory")
#else
#define __insn_barrier() /* */
#endif
/*
* GNU C version 2.96 adds explicit branch prediction so that
* the CPU back-end can hint the processor and also so that
* code blocks can be reordered such that the predicted path
* sees a more linear flow, thus improving cache behavior, etc.
*
* The following two macros provide us with a way to use this
* compiler feature. Use __predict_true() if you expect the expression
* to evaluate to true, and __predict_false() if you expect the
* expression to evaluate to false.
*
* A few notes about usage:
*
* * Generally, __predict_false() error condition checks (unless
* you have some _strong_ reason to do otherwise, in which case
* document it), and/or __predict_true() `no-error' condition
* checks, assuming you want to optimize for the no-error case.
*
* * Other than that, if you don't know the likelihood of a test
* succeeding from empirical or other `hard' evidence, don't
* make predictions.
*
* * These are meant to be used in places that are run `a lot'.
* It is wasteful to make predictions in code that is run
* seldomly (e.g. at subsystem initialization time) as the
* basic block reordering that this affects can often generate
* larger code.
*/
#if __GNUC_PREREQ__(2, 96)
#define __predict_true(exp) __builtin_expect((exp) != 0, 1)
#define __predict_false(exp) __builtin_expect((exp) != 0, 0)
#else
#define __predict_true(exp) (exp)
#define __predict_false(exp) (exp)
#endif
/*
* Compiler-dependent macros to declare that functions take printf-like
* or scanf-like arguments. They are null except for versions of gcc
* that are known to support the features properly (old versions of gcc-2
* didn't permit keeping the keywords out of the application namespace).
*/
#if __GNUC_PREREQ__(2, 7)
#define __printflike(fmtarg, firstvararg) \
__attribute__((__format__ (__printf__, fmtarg, firstvararg)))
#ifndef __syslog_attribute__
#define __syslog__ __printf__
#endif
#define __sysloglike(fmtarg, firstvararg) \
__attribute__((__format__ (__syslog__, fmtarg, firstvararg)))
#define __scanflike(fmtarg, firstvararg) \
__attribute__((__format__ (__scanf__, fmtarg, firstvararg)))
#define __format_arg(fmtarg) __attribute__((__format_arg__ (fmtarg)))
#else
#define __printflike(fmtarg, firstvararg) /* nothing */
#define __scanflike(fmtarg, firstvararg) /* nothing */
#define __sysloglike(fmtarg, firstvararg) /* nothing */
#define __format_arg(fmtarg) /* nothing */
#endif
/*
* Macros for manipulating "link sets". Link sets are arrays of pointers
* to objects, which are gathered up by the linker.
*
* Object format-specific code has provided us with the following macros:
*
* __link_set_add_text(set, sym)
* Add a reference to the .text symbol `sym' to `set'.
*
* __link_set_add_rodata(set, sym)
* Add a reference to the .rodata symbol `sym' to `set'.
*
* __link_set_add_data(set, sym)
* Add a reference to the .data symbol `sym' to `set'.
*
* __link_set_add_bss(set, sym)
* Add a reference to the .bss symbol `sym' to `set'.
*
* __link_set_decl(set, ptype)
* Provide an extern declaration of the set `set', which
* contains an array of pointers to type `ptype'. This
* macro must be used by any code which wishes to reference
* the elements of a link set.
*
* __link_set_start(set)
* This points to the first slot in the link set.
*
* __link_set_end(set)
* This points to the (non-existent) slot after the last
* entry in the link set.
*
* __link_set_count(set)
* Count the number of entries in link set `set'.
*
* In addition, we provide the following macros for accessing link sets:
*
* __link_set_foreach(pvar, set)
* Iterate over the link set `set'. Because a link set is
* an array of pointers, pvar must be declared as "type **pvar",
* and the actual entry accessed as "*pvar".
*
* __link_set_entry(set, idx)
* Access the link set entry at index `idx' from set `set'.
*/
#define __link_set_foreach(pvar, set) \
for (pvar = __link_set_start(set); pvar < __link_set_end(set); pvar++)
#define __link_set_entry(set, idx) (__link_set_start(set)[idx])
/*
* Return the natural alignment in bytes for the given type
*/
#if __GNUC_PREREQ__(4, 1)
#define __alignof(__t) __alignof__(__t)
#else
#define __alignof(__t) (sizeof(struct { char __x; __t __y; }) - sizeof(__t))
#endif
/*
* Return the number of elements in a statically-allocated array,
* __x.
*/
#define __arraycount(__x) (sizeof(__x) / sizeof(__x[0]))
#ifndef __ASSEMBLER__
/* __BIT(n): nth bit, where __BIT(0) == 0x1. */
#define __BIT(__n) \
(((uintmax_t)(__n) >= NBBY * sizeof(uintmax_t)) ? 0 : \
((uintmax_t)1 << (uintmax_t)((__n) & (NBBY * sizeof(uintmax_t) - 1))))
/* __BITS(m, n): bits m through n, m < n. */
#define __BITS(__m, __n) \
((__BIT(MAX((__m), (__n)) + 1) - 1) ^ (__BIT(MIN((__m), (__n))) - 1))
#endif /* !__ASSEMBLER__ */
/* find least significant bit that is set */
#define __LOWEST_SET_BIT(__mask) ((((__mask) - 1) & (__mask)) ^ (__mask))
#define __PRIuBIT PRIuMAX
#define __PRIuBITS __PRIuBIT
#define __PRIxBIT PRIxMAX
#define __PRIxBITS __PRIxBIT
#define __SHIFTOUT(__x, __mask) (((__x) & (__mask)) / __LOWEST_SET_BIT(__mask))
#define __SHIFTIN(__x, __mask) ((__x) * __LOWEST_SET_BIT(__mask))
#define __SHIFTOUT_MASK(__mask) __SHIFTOUT((__mask), (__mask))
/*
* Only to be used in other headers that are included from both c or c++
* NOT to be used in code.
*/
#ifdef __cplusplus
#define __CAST(__dt, __st) static_cast<__dt>(__st)
#else
#define __CAST(__dt, __st) ((__dt)(__st))
#endif
#define __CASTV(__dt, __st) __CAST(__dt, __CAST(void *, __st))
#define __CASTCV(__dt, __st) __CAST(__dt, __CAST(const void *, __st))
#define __USE(a) ((void)(a))
#define __type_mask(t) (/*LINTED*/sizeof(t) < sizeof(intmax_t) ? \
(~((1ULL << (sizeof(t) * NBBY)) - 1)) : 0ULL)
#ifndef __ASSEMBLER__
static __inline long long __zeroll(void) { return 0; }
static __inline unsigned long long __zeroull(void) { return 0; }
#else
#define __zeroll() (0LL)
#define __zeroull() (0ULL)
#endif
#define __negative_p(x) (!((x) > 0) && ((x) != 0))
#define __type_min_s(t) ((t)((1ULL << (sizeof(t) * NBBY - 1))))
#define __type_max_s(t) ((t)~((1ULL << (sizeof(t) * NBBY - 1))))
#define __type_min_u(t) ((t)0ULL)
#define __type_max_u(t) ((t)~0ULL)
#define __type_is_signed(t) (/*LINTED*/__type_min_s(t) + (t)1 < (t)1)
#define __type_min(t) (__type_is_signed(t) ? __type_min_s(t) : __type_min_u(t))
#define __type_max(t) (__type_is_signed(t) ? __type_max_s(t) : __type_max_u(t))
#define __type_fit_u(t, a) (/*LINTED*/!__negative_p(a) && \
(uintmax_t)((a) + __zeroull()) <= (uintmax_t)__type_max_u(t))
#define __type_fit_s(t, a) (/*LINTED*/__negative_p(a) ? \
((intmax_t)((a) + __zeroll()) >= (intmax_t)__type_min_s(t)) : \
((intmax_t)((a) + __zeroll()) >= (intmax_t)0 && \
(intmax_t)((a) + __zeroll()) <= (intmax_t)__type_max_s(t)))
/*
* return true if value 'a' fits in type 't'
*/
#define __type_fit(t, a) (__type_is_signed(t) ? \
__type_fit_s(t, a) : __type_fit_u(t, a))
#endif /* !_SYS_CDEFS_H_ */

23
base/alpine-build-ebpf/decl.patch Normal file
View File

@@ -0,0 +1,23 @@
--- libelf/elf.h-orig
+++ libelf/elf.h
@@ -21,7 +21,9 @@
#include <features.h>
-__BEGIN_DECLS
+#ifdef __cplusplus
+extern "C" {
+#endif
/* Standard ELF types. */
@@ -3553,6 +3555,8 @@
#define R_TILEGX_NUM 130
-__END_DECLS
+#ifdef __cplusplus
+}
+#endif
#endif /* elf.h */

29
base/alpine-build-ebpf/error.h Normal file
View File

@@ -0,0 +1,29 @@
# include <stdio.h>
# include <stdarg.h>
# include <stdlib.h>
# include <string.h>
static void error_at_line(int status, int errnum, const char *filename,
unsigned int linenum, const char *format, ...)
{
va_list ap;
fflush(stdout);
if (filename != NULL)
fprintf(stderr, "%s:%u: ", filename, linenum);
va_start(ap, format);
vfprintf(stderr, format, ap);
va_end(ap);
if (errnum != 0)
fprintf(stderr, ": %s", strerror(errnum));
fprintf(stderr, "\n");
if (status != 0)
exit(status);
}
#define error(status, errnum, format...) \
error_at_line(status, errnum, NULL, 0, format)

11
base/alpine-build-ebpf/intl.patch Normal file
View File

@@ -0,0 +1,11 @@
--- libelf/Makefile.am-orig
+++ libelf/Makefile.am
@@ -95,7 +95,7 @@
libelf_pic_a_SOURCES =
am_libelf_pic_a_OBJECTS = $(libelf_a_SOURCES:.c=.os)
-libelf_so_LDLIBS = -lz
+libelf_so_LDLIBS = -lz -lintl
if USE_LOCKS
libelf_so_LDLIBS += -lpthread
endif

17
base/alpine-build-ebpf/temp_failure.patch Normal file
View File

@@ -0,0 +1,17 @@
--- lib/system.h-orig
+++ lib/system.h
@@ -70,6 +70,14 @@
#define gettext_noop(Str) Str
+#ifndef TEMP_FAILURE_RETRY
+# define TEMP_FAILURE_RETRY(expression) \
+ (__extension__ \
+ ({ long int __result; \
+ do __result = (long int) (expression); \
+ while (__result == -1L && errno == EINTR); \
+ __result; }))
+#endif
#define pwrite_retry(fd, buf, len, off) \
TEMP_FAILURE_RETRY (pwrite (fd, buf, len, off))

17
base/alpine-build-toybox/Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
FROM alpine:3.5
RUN \
apk update && apk upgrade && \
apk add \
automake \
bash \
build-base \
git \
&& true
COPY . .
# 0.7.2
ENV LDFLAGS=--static
RUN git clone https://github.com/landley/toybox.git && \
cd toybox && git checkout b27d5d9ad0c56014d8661d91f69ee498bbbe4cf9 && \
make defconfig
WORKDIR /toybox
ENTRYPOINT ["/build.sh"]

29
base/alpine-build-toybox/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=alpine-build-toybox
default: push
hash: Dockerfile build.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint sh $(IMAGE):build -c 'cat /Dockerfile /build.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

11
base/alpine-build-toybox/build.sh Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
FILES=$@
make $FILES > /dev/null
[ $# -eq 0 ] && FILES=toybox
# TODO symlinks if just use toybox
mkdir -p /out/bin
mv $FILES /out/bin
printf "FROM scratch\nCOPY bin/ bin/\n" > /out/Dockerfile
cd /out
tar cf - .

10
base/alpine-efi/Dockerfile Normal file
View File

@@ -0,0 +1,10 @@
FROM alpine:3.5
RUN \
apk update && apk upgrade && \
apk add --no-cache \
binutils \
gummiboot \
mtools \
xorriso \
&& true

29
base/alpine-efi/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=alpine-efi
default: push
hash:
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

9
base/alpine-qemu/Dockerfile Normal file
View File

@@ -0,0 +1,9 @@
FROM alpine:3.5
RUN \
apk update && apk upgrade && \
apk add --no-cache \
qemu-img \
qemu-system-arm \
qemu-system-x86_64 \
&& true

29
base/alpine-qemu/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=alpine-qemu
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

4
base/binfmt/.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
dev
proc
sys
usr

3
base/binfmt/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM scratch
COPY . ./
CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"]

54
base/binfmt/Makefile Normal file
View File

@@ -0,0 +1,54 @@
# Tag da39a3ee5e6b4b0d3255bfef95601890afd80709
QEMU_IMAGE=mobylinux/qemu-user-static@sha256:6c022f700dc6c263c9107c08aa29b4eae3b43b7b7594b7be3e421f69b51f53e5
QEMU_FILES=qemu-arm qemu-aarch64 qemu-ppc64le
QEMU_BINARIES=$(addprefix usr/bin/,$(QEMU_FILES))
# Tag: 56f72369b2100961d418cd8a614a6019bb53dc9c
GO_COMPILE=mobylinux/go-compile@sha256:98eb2ded03c6bb717b5b19c5723f221b00e85c18352c042d0c8470a4fb32ea24
BINFMT_BINARY=usr/bin/binfmt
# Tag: alpine:3.5
SHA_IMAGE=alpine@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
IMAGE=binfmt
.PHONY: tag push clean container
default: push
$(QEMU_BINARIES):
mkdir -p $(dir $@)
docker run --rm --net=none $(QEMU_IMAGE) tar cf - $@ | tar xf -
$(BINFMT_BINARY): main.go
mkdir -p $(dir $@)
tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(GO_COMPILE) -o $@ | tar xf -
DIRS=dev proc sys
$(DIRS):
mkdir -p $@
DEPS=$(DIRS) $(QEMU_BINARIES) $(BINFMT_BINARY) etc/binfmt.d/00_moby.conf
container: Dockerfile $(DEPS)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
hash: Dockerfile $(DEPS)
find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
push: hash container
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash container
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -rf hash $(DIRS) usr
.DELETE_ON_ERROR:

3
base/binfmt/etc/binfmt.d/00_moby.conf Normal file
View File

@@ -0,0 +1,3 @@
:qemu-aarch64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-aarch64:CF
:qemu-arm:M:0:\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:CF
:qemu-ppc64le:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00:/usr/bin/qemu-ppc64le:CF

93
base/binfmt/main.go Normal file
View File

@@ -0,0 +1,93 @@
package main
import (
"bytes"
"flag"
"fmt"
"io/ioutil"
"log"
"os"
"path/filepath"
"syscall"
)
var (
dir string
mount string
)
func init() {
flag.StringVar(&dir, "dir", "/etc/binfmt.d", "directory with config files")
flag.StringVar(&mount, "mount", "/proc/sys/fs/binfmt_misc", "binfmt_misc mount point")
}
func binfmt(line []byte) error {
register := filepath.Join(mount, "register")
file, err := os.OpenFile(register, os.O_WRONLY, 0)
if err != nil {
e, ok := err.(*os.PathError)
if ok && e.Err == syscall.ENOENT {
return fmt.Errorf("ENOENT opening %s is it mounted?", register)
}
if ok && e.Err == syscall.EPERM {
return fmt.Errorf("EPERM opening %s check permissions?", register)
}
return fmt.Errorf("Cannot open %s: %s", register, err)
}
defer file.Close()
// short writes should not occur on sysfs, cannot usefully recover
_, err = file.Write(line)
if err != nil {
e, ok := err.(*os.PathError)
if ok && e.Err == syscall.EEXIST {
// clear existing entry
split := bytes.SplitN(line[1:], []byte(":"), 2)
if len(split) == 0 {
return fmt.Errorf("Cannot determine arch from: %s", line)
}
arch := filepath.Join(mount, string(split[0]))
clear, err := os.OpenFile(arch, os.O_WRONLY, 0)
if err != nil {
return fmt.Errorf("Cannot open %s: %s", arch, err)
}
defer clear.Close()
_, err = clear.Write([]byte("-1"))
if err != nil {
return fmt.Errorf("Cannot write to %s: %s", arch, err)
}
_, err = file.Write(line)
if err != nil {
return fmt.Errorf("Cannot write to %s: %s", register, err)
}
return nil
}
return fmt.Errorf("Cannot write to %s: %s", register, err)
}
return nil
}
func main() {
flag.Parse()
files, err := ioutil.ReadDir(dir)
if err != nil {
log.Fatalf("Cannot read directory %s: %s", dir, err)
}
for _, file := range files {
contents, err := ioutil.ReadFile(filepath.Join(dir, file.Name()))
if err != nil {
log.Fatalf("Cannot read file %s: %s", file.Name(), err)
}
lines := bytes.Split(contents, []byte("\n"))
for _, line := range lines {
if len(line) == 0 {
continue
}
err = binfmt(line)
if err != nil {
log.Fatal(err)
}
}
}
}

15
base/c-compile/Dockerfile Normal file
View File

@@ -0,0 +1,15 @@
FROM alpine:3.5
RUN \
apk update && apk upgrade && \
apk add \
curl \
gcc \
git \
libc-dev \
linux-headers \
util-linux-dev \
&& true
COPY compile.sh /usr/bin/
ENTRYPOINT ["/usr/bin/compile.sh"]

29
base/c-compile/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=c-compile
default: push
hash: Dockerfile compile.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat /lib/apk/db/installed /usr/bin/compile.sh | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

56
base/c-compile/compile.sh Executable file
View File

@@ -0,0 +1,56 @@
#!/bin/sh
# This is designed to compile a single package to a single binary
# so it makes some assumptions about things to simplify config
# to output a single binary (in a tarball) just use -o file
# use --docker to output a tarball for input to docker build -
set -e
usage() {
echo "Usage: -o file"
exit 1
}
[ $# = 0 ] && usage
while [ $# -gt 0 ]
do
flag="$1"
case "$flag" in
-o)
[ $# -eq 1 ] && usage
out="$2"
mkdir -p "$(dirname $2)"
shift
;;
-l*)
LIBS="$LIBS $1"
shift
;;
*)
echo "Unknown option $1"
exit 1
esac
shift
done
[ -z "$out" ] && usage
package=$(basename "$out")
dir="/src/$package"
mkdir -p $dir
# untar input
tar xf - -C $dir
(
cd $dir
CFILES=$(find . -name '*.c')
cc -static -O2 -Wall -Werror -o ../../$out $CFILES $LIBS
)
tar cf - $out
exit 0

4
base/ca-certificates/Dockerfile Normal file
View File

@@ -0,0 +1,4 @@
FROM debian:testing
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -yq upgrade && apt-get install -yq ca-certificates

29
base/ca-certificates/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=debian:testing
IMAGE=ca-certificates
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'cat /etc/ssl/certs/ca-certificates.crt | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

4
base/check-config/Dockerfile Normal file
View File

@@ -0,0 +1,4 @@
FROM alpine:3.5
RUN apk update && apk upgrade && apk add --no-cache bash
ADD https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh /usr/bin/check-config.sh
ENTRYPOINT ["/bin/bash", "/usr/bin/check-config.sh"]

29
base/check-config/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=check-config
default: push
hash:
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat /usr/bin/check-config.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

3
base/check-kernel-config/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM alpine:3.5
ADD check-kernel-config.sh /usr/bin/check-kernel-config.sh
ENTRYPOINT ["/bin/sh", "/usr/bin/check-kernel-config.sh"]

29
base/check-kernel-config/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=check-kernel-config
default: push
hash: Dockerfile check-kernel-config.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat /usr/bin/check-kernel-config.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

53
base/check-kernel-config/check-kernel-config.sh Executable file
View File

@@ -0,0 +1,53 @@
#!/bin/sh
set -e
echo "starting kernel config sanity test with /proc/config.gz"
# decompress /proc/config.gz from the Moby host
zcat /proc/config.gz > unzipped_config
kernelVersion="$(uname -r)"
kernelMajor="${kernelVersion%%.*}"
kernelMinor="${kernelVersion#$kernelMajor.}"
kernelMinor="${kernelMinor%%.*}"
# Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
# Positive cases
cat unzipped_config | grep CONFIG_BUG=y
cat unzipped_config | grep CONFIG_DEBUG_KERNEL=y
cat unzipped_config | grep CONFIG_DEBUG_RODATA=y
cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR=y
cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR_STRONG=y
cat unzipped_config | grep CONFIG_STRICT_DEVMEM=y
cat unzipped_config | grep CONFIG_SYN_COOKIES=y
cat unzipped_config | grep CONFIG_DEBUG_CREDENTIALS=y
cat unzipped_config | grep CONFIG_DEBUG_NOTIFIERS=y
cat unzipped_config | grep CONFIG_DEBUG_LIST=y
cat unzipped_config | grep CONFIG_SECCOMP=y
cat unzipped_config | grep CONFIG_SECCOMP_FILTER=y
cat unzipped_config | grep CONFIG_SECURITY=y
cat unzipped_config | grep CONFIG_SECURITY_YAMA=y
cat unzipped_config | grep CONFIG_PANIC_ON_OOPS=y
cat unzipped_config | grep CONFIG_DEBUG_SET_MODULE_RONX=y
# Conditional on kernel version
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
cat unzipped_config | grep CONFIG_IO_STRICT_DEVMEM=y
cat unzipped_config | grep CONFIG_UBSAN=y
fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then
cat unzipped_config | grep CONFIG_SLAB_FREELIST_RANDOM=y
fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then
cat unzipped_config | grep CONFIG_HARDENED_USERCOPY=y
fi
# Negative cases
cat unzipped_config | grep 'CONFIG_ACPI_CUSTOM_METHOD is not set'
cat unzipped_config | grep 'CONFIG_COMPAT_BRK is not set'
cat unzipped_config | grep 'CONFIG_DEVKMEM is not set'
cat unzipped_config | grep 'CONFIG_COMPAT_VDSO is not set'
cat unzipped_config | grep 'CONFIG_KEXEC is not set'
cat unzipped_config | grep 'CONFIG_HIBERNATION is not set'
cat unzipped_config | grep 'CONFIG_LEGACY_PTYS is not set'

19
base/containerd/Dockerfile Normal file
View File

@@ -0,0 +1,19 @@
FROM golang:1.7-alpine3.5
RUN \
apk update && apk upgrade -a && \
apk add --no-cache \
gcc \
git \
libc-dev \
make \
&& true
ENV CONTAINERD_COMMIT=3b79682548339895fcf9976f60ddea8abc5fc97e
RUN mkdir -p $GOPATH/src/github.com/docker && \
cd $GOPATH/src/github.com/docker && \
git clone https://github.com/docker/containerd.git
WORKDIR $GOPATH/src/github.com/docker/containerd
RUN git checkout $CONTAINERD_COMMIT
RUN make binaries GO_GCFLAGS="-buildmode pie --ldflags '-extldflags \"-fno-PIC -static\"'"
RUN cp bin/containerd bin/ctr bin/containerd-shim /usr/bin/
WORKDIR /
COPY . .

29
base/containerd/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=golang:1.7-alpine3.5
IMAGE=containerd
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

8
base/go-compile/Dockerfile Normal file
View File

@@ -0,0 +1,8 @@
FROM golang:1.7-alpine3.5
RUN apk update && apk add --no-cache build-base git
RUN go get -u github.com/golang/lint/golint
COPY compile.sh /usr/bin/
ENTRYPOINT ["/usr/bin/compile.sh"]

29
base/go-compile/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=golang:1.7-alpine3.5
IMAGE=go-compile
default: push
hash: Dockerfile compile.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat /usr/local/go/bin/go /lib/apk/db/installed /go/bin/golint /usr/bin/compile.sh | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

61
base/go-compile/compile.sh Executable file
View File

@@ -0,0 +1,61 @@
#!/bin/sh
# This is designed to compile a single package to a single binary
# so it makes some assumptions about things to simplify config
# to output a single binary (in a tarball) just use -o file
# use --docker to output a tarball for input to docker build -
set -e
usage() {
echo "Usage: -o file"
exit 1
}
[ $# = 0 ] && usage
while [ $# -gt 1 ]
do
flag="$1"
case "$flag" in
-o)
out="$2"
mkdir -p "$(dirname $2)"
shift
;;
*)
echo "Unknown option $1"
exit 1
esac
shift
done
[ $# -gt 0 ] && usage
[ -z "$out" ] && usage
package=$(basename "$out")
dir="$GOPATH/src/$package"
mkdir -p $dir
# untar input
tar xf - -C $dir
cd $dir
# lint before building
>&2 echo "gofmt..."
test -z $(gofmt -s -l .| grep -v .pb. | grep -v */vendor/ | tee /dev/stderr)
>&2 echo "govet..."
test -z $(go tool vet -printf=false . 2>&1 | grep -v */vendor/ | tee /dev/stderr)
>&2 echo "golint..."
test -z $(find . -type f -name "*.go" -not -path "*/vendor/*" -not -name "*.pb.*" -exec golint {} \; | tee /dev/stderr)
>&2 echo "go build..."
go build -o $out -buildmode pie --ldflags '-extldflags "-fno-PIC -static"' "$package"
tar cf - $out

4
base/guestfs/Dockerfile Normal file
View File

@@ -0,0 +1,4 @@
FROM debian:jessie
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -yq upgrade && apt-get install -yq libguestfs-tools syslinux linux-image-amd64 vim

29
base/guestfs/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=debian:jessie
IMAGE=guestfs
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'apt list --installed 2>/dev/null | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

10
base/mkimage-gce/Dockerfile Normal file
View File

@@ -0,0 +1,10 @@
# Tag: 8719f0f33b3cf9d59a62be64a42220978ac96486
FROM mobylinux/guestfs@sha256:c7229f01c1a54270d2bc3597c30121628c18db211ed32fb7202823b6eaa4f853
WORKDIR /tmp/image
COPY . .
COPY make-gce /usr/bin
CMD [ "/usr/bin/make-gce" ]

27
base/mkimage-gce/Makefile Normal file
View File

@@ -0,0 +1,27 @@
.PHONY: tag push
IMAGE=mkimage-gce
default: push
hash: Dockerfile make-gce syslinux.cfg
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c "(cat $^; apt list --installed 2>/dev/null) | sha1sum" | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

25
base/mkimage-gce/make-gce Executable file
View File

@@ -0,0 +1,25 @@
#!/bin/sh
set -e
# input is a tarball of vmlinuz64 and initrd.img on stdin
# output is a compressed tarball of a raw disk image on stdout
mkdir -p files
tar xf - -C files
cp syslinux.cfg files
tar cf files.tar -C files .
virt-make-fs --size=1G --type=ext4 --partition files.tar disk.raw
guestfish -a disk.raw -m /dev/sda1 <<EOF
upload /usr/lib/SYSLINUX/mbr.bin /mbr.bin
copy-file-to-device /mbr.bin /dev/sda size:440
rm /mbr.bin
extlinux /
part-set-bootable /dev/sda 1 true
EOF
tar cf - disk.raw | gzip -9

5
base/mkimage-gce/syslinux.cfg Normal file
View File

@@ -0,0 +1,5 @@
DEFAULT linux
LABEL linux
KERNEL /vmlinuz64
INITRD /initrd.img
APPEND earlyprintk=ttyS0,115200 console=ttyS0,115200 mobyplatform=gcp vsyscall=emulate

16
base/mkimage-iso-bios/Dockerfile Normal file
View File

@@ -0,0 +1,16 @@
FROM alpine:3.4
RUN \
apk update && apk upgrade && \
apk add --no-cache \
cdrkit \
syslinux \
&& true
WORKDIR /tmp/iso
COPY isolinux.cfg ./isolinux/
COPY make-iso /usr/bin
CMD [ "/usr/bin/make-iso" ]

29
base/mkimage-iso-bios/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.4
IMAGE=mkimage-iso-bios
default: push
hash:
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - Dockerfile make-iso isolinux.cfg | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

5
base/mkimage-iso-bios/isolinux.cfg Normal file
View File

@@ -0,0 +1,5 @@
DEFAULT linux
LABEL linux
KERNEL /vmlinuz64
INITRD /initrd.img
APPEND earlyprintk=serial console=ttyS0 console=tty1

19
base/mkimage-iso-bios/make-iso Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/sh
# input is a tarball of vmlinuz64 and initrd.img on stdin
# output is an iso on stdout
cp /usr/share/syslinux/isolinux.bin ./isolinux/
cp /usr/share/syslinux/ldlinux.c32 ./isolinux/
tar xf -
genisoimage -o ../mobylinux-bios.iso -l -J -R \
-c isolinux/boot.cat \
-b isolinux/isolinux.bin \
-no-emul-boot -boot-load-size 4 -boot-info-table \
-V MobyLinux .
isohybrid ../mobylinux-bios.iso
cat ../mobylinux-bios.iso

21
base/mksh/Dockerfile Normal file
View File

@@ -0,0 +1,21 @@
FROM alpine:3.5
RUN \
apk update && apk upgrade && \
apk add \
curl \
gcc \
groff \
make \
musl-dev \
&& true
COPY . /
ENV VERSION=mksh-R54
RUN curl -O -sSL https://github.com/MirBSD/mksh/archive/$VERSION.tar.gz
RUN zcat $VERSION.tar.gz | tar xvf -
ENV LDFLAGS=-static
RUN cd mksh-$VERSION && sh ./Build.sh && strip mksh && install -c -s -o root -g bin -m 555 mksh /bin/mksh

29
base/mksh/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=mksh
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint sh $(IMAGE):build -c 'cat /Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

6
base/pad4/Dockerfile Normal file
View File

@@ -0,0 +1,6 @@
FROM alpine:3.5
COPY . /
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["/pad4.sh"]

29
base/pad4/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=pad4
default: push
hash: Dockerfile pad4.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat Dockerfile pad4.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

28
base/pad4/pad4.sh Executable file
View File

@@ -0,0 +1,28 @@
#!/bin/sh
set -e
cd /tmp
cat > initrd.img
SIZE=$(stat -c "%s" initrd.img)
SIZE4=$(( $SIZE / 4 \* 4 ))
DIFF=$(( $SIZE - $SIZE4 ))
[ $DIFF -ne 0 ] && DIFF=$(( 4 - $DIFF ))
dd if=/dev/zero bs=1 count=$DIFF of=zeropad 2>/dev/null
cat zeropad >> initrd.img
SIZE=$(stat -c "%s" initrd.img)
SIZE4=$(( $SIZE / 4 \* 4 ))
DIFF=$(( $SIZE - $SIZE4 ))
if [ $DIFF -ne 0 ]
then
echo "Bad alignment" >2
exit 1
fi
cat initrd.img

1
base/perf/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
/bin

35
base/perf/Dockerfile Normal file
View File

@@ -0,0 +1,35 @@
FROM alpine:3.4
RUN \
apk update && apk upgrade && \
apk add \
argp-standalone \
automake \
bc \
binutils-dev \
bison \
build-base \
curl \
flex \
libelf-dev \
linux-headers \
sed \
tar \
util-linux-dev \
xz \
&& true
ARG KERNEL_VERSION=4.9.3
# get kernel source and extract it under /linux
ENV KERNEL_SOURCE=https://www.kernel.org/pub/linux/kernel/v4.x/linux-${KERNEL_VERSION}.tar.xz
RUN curl -fsSL -o linux-${KERNEL_VERSION}.tar.xz ${KERNEL_SOURCE}
RUN cat linux-${KERNEL_VERSION}.tar.xz | tar --absolute-names -xJ && mv /linux-${KERNEL_VERSION} /linux
RUN mkdir -p /build/perf && \
make -C /linux/tools/perf O=/build/perf LDFLAGS=-static
WORKDIR /build/perf
CMD ["tar", "cf", "-", "perf"]

12
base/perf/Makefile Normal file
View File

@@ -0,0 +1,12 @@
BASE=alpine:3.4
DEPS=Dockerfile
bin/perf: $(DEPS)
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
mkdir -p $(dir $@)
BUILD=$$( docker build -q . ) && \
docker run --rm --net=none $$BUILD | tar xf - -C bin
clean:
rm -rf bin

1
base/perf/README.md Normal file
View File

@@ -0,0 +1 @@
Builds a statically linked version of the Linux kernel `perf` utility. You may want to/need to adjust the kernel version in the `Dockerfile` to match your kernel.

9
base/pinata-iptables/Dockerfile Normal file
View File

@@ -0,0 +1,9 @@
# Tag: alpine
FROM ocaml/opam@sha256:2d15235a8150d49353533848c8a2c326996558d57872acec59de35f8965dab4d
RUN sudo apk add m4
RUN opam install --use-internal-solver ocamlfind astring syslog -y
WORKDIR /app
ADD . /app
RUN sudo chown -R opam /app
RUN opam config exec -- ocamlfind ocamlopt -package unix,astring,syslog -linkpkg -o iptables main.ml
CMD ["tar", "cf", "-", "iptables"]

12
base/pinata-iptables/Makefile Normal file
View File

@@ -0,0 +1,12 @@
BASE=ocaml/opam:alpine
IMAGE=pinata-iptables
# OCaml builds are non deterministic so do not generate a hash
default: Dockerfile main.ml
docker pull $(BASE)
BUILD=$$( docker build -q . ) && \
[ -n "$$BUILD" ] && \
echo "Built $$BUILD" && \
docker tag $$BUILD mobylinux/$(IMAGE):latest
docker push mobylinux/$(IMAGE):latest

94
base/pinata-iptables/main.ml Normal file
View File

@@ -0,0 +1,94 @@
(* ocamlfind ocamlopt -package unix,astring -linkpkg -o iptables iptables.ml *)
(*
--wait -t nat -I DOCKER-INGRESS -p tcp --dport 80 -j DNAT --to-destination 172.18.0.2:80
--wait -t nat -D DOCKER-INGRESS -p tcp --dport 80 -j DNAT --to-destination 172.18.0.2:80
*)
let _iptables = "/sbin/iptables"
let _proxy = "/usr/bin/slirp-proxy"
let _pid_dir = "/var/run/service-port-opener"
type port = {
proto: string;
dport: string; (* host port *)
ip: string; (* container ip *)
port: string; (* container port *)
}
let syslog = Syslog.openlog ~facility:`LOG_SECURITY "iptables-wrapper"
let logf fmt =
Printf.ksprintf (fun s ->
Syslog.syslog syslog `LOG_INFO s
) fmt
let pid_filename { proto; dport; ip; port } =
Printf.sprintf "%s/%s.%s.%s.%s.pid" _pid_dir proto dport ip port
let insert ({ proto; dport; ip; port } as p) =
let filename = pid_filename p in
logf "insert: creating a proxy for %s" filename;
let args = [ _proxy; "-proto"; proto; "-container-ip"; ip; "-container-port"; port; "-host-ip"; "0.0.0.0"; "-host-port"; dport; "-i"; "-no-local-ip" ] in
let pid = Unix.fork () in
if pid == 0 then begin
logf "binary = %s args = %s" _proxy (String.concat "; " args);
(* Close the vast number of fds I've inherited from docker *)
(* TODO(djs55): revisit, possibly by filing a docker/docker issue *)
for i = 0 to 1023 do
let fd : Unix.file_descr = Obj.magic i in
try Unix.close fd with Unix.Unix_error(Unix.EBADF, _, _) -> ()
done;
let null = Unix.openfile "/dev/null" [ Unix.O_RDWR ] 0 in
Unix.dup2 null Unix.stdin;
Unix.dup2 null Unix.stdout;
Unix.dup2 null Unix.stderr;
(try Unix.execv _proxy (Array.of_list args) with e -> logf "Failed with %s" (Printexc.to_string e));
exit 1
end else begin
(* write pid to a file (not atomically) *)
let oc = open_out filename in
output_string oc (string_of_int pid);
close_out oc
end
let delete ({ proto; dport; ip; port } as p) =
let filename = pid_filename p in
logf "delete: removing a proxy for %s" filename;
(* read the pid from a file *)
try
let ic = open_in filename in
let pid = int_of_string (input_line ic) in
logf "Sending SIGTERM to %d" pid;
Unix.kill pid Sys.sigterm;
Unix.unlink filename
with e ->
logf "delete: failed to remove proxy for %s: %s" filename (Printexc.to_string e);
()
let parse_ip_port ip_port = match Astring.String.cut ~sep:":" ip_port with
| None ->
failwith ("Failed to parse <ip:port>:" ^ ip_port)
| Some (ip, port) ->
ip, port
let _ =
( try Unix.mkdir _pid_dir 0o0755 with Unix.Unix_error(Unix.EEXIST, _, _) -> () );
let port_forwarding =
try
let ic = open_in "/Database/native/port-forwarding" in
bool_of_string (String.trim (input_line ic))
with _ -> false in
logf "port_forwarding=%b intercepted arguments [%s]" port_forwarding (String.concat "; " (Array.to_list Sys.argv));
if port_forwarding then begin
match Array.to_list Sys.argv with
| [ _; "--wait"; "-t"; "nat"; "-I"; "DOCKER-INGRESS"; "-p"; proto; "--dport"; dport; "-j"; "DNAT"; "--to-destination"; ip_port ] ->
let ip, port = parse_ip_port ip_port in
insert { proto; dport; ip; port }
| [ _; "--wait"; "-t"; "nat"; "-D"; "DOCKER-INGRESS"; "-p"; proto; "--dport"; dport; "-j"; "DNAT"; "--to-destination"; ip_port ] ->
let ip, port = parse_ip_port ip_port in
delete { proto; dport; ip; port }
| _ ->
()
end;
Unix.execv _iptables Sys.argv

8
base/qemu-user-static/Dockerfile Normal file
View File

@@ -0,0 +1,8 @@
FROM alpine:edge
RUN \
apk update && apk upgrade && \
apk add \
qemu-aarch64 \
qemu-arm \
qemu-ppc64le \
&& true

29
base/qemu-user-static/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:edge
IMAGE=qemu-user-static
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'apt list --installed 2>/dev/null | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

23
base/riddler/Dockerfile Normal file
View File

@@ -0,0 +1,23 @@
FROM golang:1.7-alpine
RUN \
apk update && apk upgrade && \
apk add \
docker \
gcc \
git \
jq \
linux-headers \
musl-dev \
&& true
COPY Dockerfile /
COPY riddler.sh /usr/bin/
RUN git clone https://github.com/jessfraz/riddler.git /go/src/github.com/jessfraz/riddler
WORKDIR /go/src/github.com/jessfraz/riddler
RUN git checkout 23befa0b232877b5b502b828e24161d801bd67f6
RUN go build -o /usr/bin/riddler .
ENTRYPOINT ["/usr/bin/riddler.sh"]

29
base/riddler/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=golang:1.7-alpine
IMAGE=riddler
default: push
hash: Dockerfile riddler.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --entrypoint=/bin/sh --rm $(IMAGE):build -c 'cat /Dockerfile /usr/bin/riddler.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):latest && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

28
base/riddler/riddler.sh Executable file
View File

@@ -0,0 +1,28 @@
#!/bin/sh
set -e
# riddler always adds the apparmor options if this is not present
EXTRA_OPTIONS="--security-opt apparmor=unconfined"
ARGS="$@"
CONTAINER=$(docker create $EXTRA_OPTIONS $ARGS)
riddler $CONTAINER > /dev/null
docker rm $CONTAINER > /dev/null
# unfixed known issues
# noNewPrivileges is always set by riddler, but that is fine for our use cases
# These fixes should be removed when riddler is fixed
# process.rlimits, just a constant at present, not useful
# memory swappiness is too big by default
# remove user namespaces
# --read-only sets /dev ro
# /sysfs ro unless privileged - cannot detect so will do if grant all caps
#
cat config.json | \
jq 'del(.process.rlimits)' | \
jq 'del (.linux.resources.memory.swappiness)' | \
jq 'del(.linux.uidMappings) | del(.linux.gidMappings) | .linux.namespaces = (.linux.namespaces|map(select(.type!="user")))' | \
jq 'if .root.readonly==true then .mounts = (.mounts|map(if .destination=="/dev" then .options |= .+ ["ro"] else . end)) else . end' | \
jq '.mounts = if .process.capabilities | length != 38 then (.mounts|map(if .destination=="/sys" then .options |= .+ ["ro"] else . end)) else . end'

33
base/rng-tools/Dockerfile Normal file
View File

@@ -0,0 +1,33 @@
FROM alpine:3.5
RUN \
apk update && apk upgrade && \
apk add \
argp-standalone \
curl \
gcc \
linux-headers \
make \
musl-dev \
patch \
&& true
COPY . /
ENV pkgname=rng-tools pkgver=5
RUN curl -O -sSL http://downloads.sourceforge.net/project/gkernel/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz
RUN sha256sum -c sha256sums
RUN zcat $pkgname-$pkgver.tar.gz | tar xf -
RUN cd $pkgname-$pkgver && for p in ../*.patch; do cat $p | patch -p1; done
RUN cd $pkgname-$pkgver && \
export LIBS="-largp" && \
LDFLAGS=-static ./configure \
--prefix=/usr \
--libexecdir=/usr/lib/rng-tools \
--sysconfdir=/etc \
--disable-silent-rules && \
make && \
make DESTDIR=/ install && \
strip /usr/sbin/rngd

29
base/rng-tools/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=rng-tools
default: push
hash: Dockerfile fix-textrels-on-PIC-x86.patch sha256sums
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'cat /Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

50
base/rng-tools/fix-textrels-on-PIC-x86.patch Normal file
View File

@@ -0,0 +1,50 @@
--- rng-tools/rdrand_asm.S
+++ rng-tools/rdrand_asm.S
@@ -49,6 +49,7 @@
ret
ENDPROC(x86_rdrand_nlong)
+#define INIT_PIC()
#define SETPTR(var,ptr) leaq var(%rip),ptr
#define PTR0 %rdi
#define PTR1 %rsi
@@ -84,7 +85,16 @@
ret
ENDPROC(x86_rdrand_nlong)
+#if defined(__PIC__)
+#undef __i686 /* gcc builtin define gets in our way */
+#define INIT_PIC() \
+ call __i686.get_pc_thunk.bx ; \
+ addl $_GLOBAL_OFFSET_TABLE_, %ebx
+#define SETPTR(var,ptr) leal (var)@GOTOFF(%ebx),ptr
+#else
+#define INIT_PIC()
#define SETPTR(var,ptr) movl $(var),ptr
+#endif
#define PTR0 %eax
#define PTR1 %edx
#define PTR2 %ecx
@@ -101,6 +111,7 @@
movl 8(%ebp), %eax
movl 12(%ebp), %edx
#endif
+ INIT_PIC()
SETPTR(aes_round_keys, PTR2)
@@ -166,6 +177,17 @@
#endif
ret
ENDPROC(x86_aes_mangle)
+
+#if defined(__i386__) && defined(__PIC__)
+ .section .gnu.linkonce.t.__i686.get_pc_thunk.bx,"ax",@progbits
+.globl __i686.get_pc_thunk.bx
+ .hidden __i686.get_pc_thunk.bx
+ .type __i686.get_pc_thunk.bx,@function
+__i686.get_pc_thunk.bx:
+ movl (%esp), %ebx
+ ret
+#endif
+

1
base/rng-tools/sha256sums Normal file
View File

@@ -0,0 +1 @@
60a102b6603bbcce2da341470cad42eeaa9564a16b4490e7867026ca11a3078e rng-tools-5.tar.gz

5
base/rngd/.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
bin
dev
proc
sys
usr

3
base/rngd/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM scratch
COPY . ./
CMD ["/bin/tini", "/usr/sbin/rngd", "-f"]

53
base/rngd/Makefile Normal file
View File

@@ -0,0 +1,53 @@
# Tag: b6aed437bad8f1f4471b11f1affe3420eaf5d42f
RNG_TOOLS_IMAGE=mobylinux/rng-tools@sha256:8e74e6a39b072ebee65ee4b83ebf224787afb473ea250c897dd24fa43b387d06
RNGD_BINARY=usr/sbin/rngd
# Tag 6b25b62f4d893de8721fd2581411039b17e8a253
TINI_IMAGE=mobylinux/tini@sha256:39b4a459018ffc155a9fcbbf952fa625c77f5a8d7599b326eade529d3dc723fc
TINI_BINARY=bin/tini
.PHONY: tag push clean container
default: push
$(TINI_BINARY):
mkdir -p $(dir $@)
docker run --rm --net=none $(TINI_IMAGE) tar cf - $@ | tar xf -
$(RNGD_BINARY):
mkdir -p $(dir $@)
docker run --rm --net=none $(RNG_TOOLS_IMAGE) tar cf - $@ | tar xf -
# Tag: alpine:3.5
SHA_IMAGE=alpine@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
IMAGE=rngd
DIRS=dev proc sys
$(DIRS):
mkdir -p $@
DEPS=$(DIRS) $(TINI_BINARY) $(RNGD_BINARY)
container: Dockerfile $(DEPS)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
hash: Dockerfile $(DEPS)
find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
push: hash container
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash container
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -rf hash $(DIRS) usr bin
.DELETE_ON_ERROR:

23
base/runc/Dockerfile Normal file
View File

@@ -0,0 +1,23 @@
FROM golang:1.7-alpine3.5
RUN \
apk update && apk upgrade -a && \
apk add --no-cache \
bash \
gcc \
git \
libc-dev \
libseccomp-dev \
linux-headers \
make \
&& true
ENV RUNC_COMMIT=51371867a01c467f08af739783b8beafc154c4d7
RUN mkdir -p $GOPATH/src/github.com/opencontainers && \
cd $GOPATH/src/github.com/opencontainers && \
git clone https://github.com/opencontainers/runc.git
WORKDIR $GOPATH/src/github.com/opencontainers/runc
RUN git checkout $RUNC_COMMIT
# TODO static pie, currently no easy way to change build options
RUN make static BUILDTAGS="seccomp"
RUN cp runc /usr/bin/
WORKDIR /
COPY . .

29
base/runc/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=golang:1.7-alpine3.5
IMAGE=runc
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

6
base/tar2initrd/Dockerfile Normal file
View File

@@ -0,0 +1,6 @@
FROM alpine:3.5
COPY . /
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["/tar2initrd.sh"]

29
base/tar2initrd/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=tar2initrd
default: push
hash: Dockerfile tar2initrd.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat Dockerfile tar2initrd.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

34
base/tar2initrd/tar2initrd.sh Executable file
View File

@@ -0,0 +1,34 @@
#!/bin/sh
set -e
mkdir -p /tmp/input
cd /tmp/input
tar xf -
find . | cpio -H newc -o | gzip -9 > ../initrd.img
cd /tmp
SIZE=$(stat -c "%s" initrd.img)
SIZE4=$(( $SIZE / 4 \* 4 ))
DIFF=$(( $SIZE - $SIZE4 ))
[ $DIFF -ne 0 ] && DIFF=$(( 4 - $DIFF ))
dd if=/dev/zero bs=1 count=$DIFF of=zeropad 2>/dev/null
cat zeropad >> initrd.img
SIZE=$(stat -c "%s" initrd.img)
SIZE4=$(( $SIZE / 4 \* 4 ))
DIFF=$(( $SIZE - $SIZE4 ))
if [ $DIFF -ne 0 ]
then
echo "Bad alignment" >2
exit 1
fi
cat initrd.img

3
base/test/.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
etc/ssl
bin/mksh
bin/sh

3
base/test/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM scratch
COPY . ./
CMD ["/bin/sh", "/bin/test.sh"]

60
base/test/Makefile Normal file
View File

@@ -0,0 +1,60 @@
# Tag b784b685b2c39b9bed4d58a989d06d8f0281b87c
MKSH_IMAGE=mobylinux/mksh@sha256:b3ca9febef294d002894b91e0ce0f794235db73a3024be3cae16d34022913de3
MKSH_BINARY=bin/mksh
SH_BINARY=bin/sh
# Tag: e091a05fbf7c5e16f18b23602febd45dd690ba2f
CACERT_IMAGE=mobylinux/ca-certificates@sha256:a4e217ab2036bc128dc57a639a25fd285dbd68c47f9a46a91f1a9afab2bab3d3
CACERT_FILE=etc/ssl/certs/ca-certificates.crt
TEST_SCRIPT=bin/test.sh
MOBY_WHALE=etc/moby
.PHONY: tag push clean container
default: push
$(MKSH_BINARY):
mkdir -p $(dir $@)
docker run --rm --net=none $(MKSH_IMAGE) tar cf - $@ | tar xf -
$(SH_BINARY): $(MKSH_BINARY)
mv $(MKSH_BINARY) $(SH_BINARY)
$(CACERT_FILE):
mkdir -p $(dir $@)
docker run --rm --net=none $(CACERT_IMAGE) tar cf - $@ | tar xf -
# Tag: alpine:3.5
SHA_IMAGE=alpine@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
IMAGE=test
DIRS=dev proc sys
$(DIRS):
mkdir -p $@
DEPS=$(DIRS) $(SH_BINARY) $(CACERT_FILE) $(TEST_SCRIPT) $(MOBY_WHALE)
container: Dockerfile $(DEPS)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
hash: Dockerfile $(DEPS)
find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
push: hash container
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash container
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -rf hash $(DIRS) $(MKSH_BINARY) etc/ssl
.DELETE_ON_ERROR:

15
base/test/bin/test.sh Executable file
View File

@@ -0,0 +1,15 @@
#!/bin/sh
set -ex
docker version
docker info
docker ps
DOCKER_CONTENT_TRUST=1 docker pull alpine:3.5
docker run --rm alpine true
docker pull armhf/alpine
docker run --rm armhf/alpine uname -a
docker swarm init
docker run mobylinux/check-config@sha256:4282f589d5a72004c3991c0412e45ba0ab6bb8c0c7d97dc40dabc828700e99ab
docker run mobylinux/check-kernel-config@sha256:6821a7bce30bd013a6cc190d171228f9b02359e9c792858005f401ab15357575
cat /etc/moby

10
base/test/etc/moby Normal file
View File

@@ -0,0 +1,10 @@
## .
## ## ## ==
## ## ## ## ## ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
\______ o __/
\ \ __/
\____\_______/

16
base/tini/Dockerfile Normal file
View File

@@ -0,0 +1,16 @@
FROM alpine:3.5
RUN \
apk update && apk upgrade && \
apk add \
cmake \
gcc \
make \
musl-dev \
vim \
&& true
COPY . /
ENV TINI_VERSION=0.13.0
ADD https://github.com/krallin/tini/archive/v${TINI_VERSION}.tar.gz tini-${TINI_VERSION}.tar.gz
RUN zcat tini-${TINI_VERSION}.tar.gz | tar xvf -
RUN cd tini-${TINI_VERSION} && cmake . && make && cp -a tini-static /bin/tini

29
base/tini/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=tini
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint sh $(IMAGE):build -c 'cat /Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

29
base/toybox-media/Makefile Normal file
View File

@@ -0,0 +1,29 @@
.PHONY: tag push
# Tag: bec336327b738df1e225bd845f416762a6b12dfc
BASE=mobylinux/alpine-build-toybox@sha256:54c813bcdd13c1108bb69ffdc9f3c0135db94625f1e57a885277717703bbf22b
IMAGE=toybox-media
default: push
hash:
docker run --rm $(BASE) ls tar sh find sha1sum | \
docker build -q -t $(IMAGE):build -
docker run --rm $(IMAGE):build tar cf - bin | docker run -i $(IMAGE):build sha1sum -b - > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR: