Neur0toxine/docker-golang-alpine
1
0
Fork 0
mirror of https://github.com/Neur0toxine/docker-golang-alpine.git synced 2024-11-21 20:46:05 +03:00
Code Issues Packages Projects Releases Wiki Activity

add nofacessat2 build for go 1.18, update readme

Browse Source
This commit is contained in:
Pavel 2022-10-28 16:07:33 +03:00
parent 2064b6e1a4
commit 3a5799aafa
9 changed files with 70 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/buildx.yml vendored
View File

@ -28,15 +28,12 @@ jobs:
- path: 1.18 - path: 1.18
tags: "1.18" tags: "1.18"
platforms: linux/amd64,linux/arm64,linux/386 platforms: linux/amd64,linux/arm64,linux/386
- path: 1.18-3.13 - path: 1.18-nofaccessat2
tags: "1.18-3.13" tags: "1.18-nofaccessat2"
platforms: linux/amd64,linux/arm64,linux/386 platforms: linux/amd64,linux/arm64,linux/386
- path: 1.19 - path: 1.19
tags: "1.19" tags: "1.19"
platforms: linux/amd64,linux/arm64,linux/386 platforms: linux/amd64,linux/arm64,linux/386
- path: 1.19-3.13
tags: "1.19-3.13"
platforms: linux/amd64,linux/arm64,linux/386
- path: 1.19-nofaccessat2 - path: 1.19-nofaccessat2
tags: "1.19-nofaccessat2" tags: "1.19-nofaccessat2"
platforms: linux/amd64,linux/arm64,linux/386 platforms: linux/amd64,linux/arm64,linux/386

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
.DS_Store .DS_Store
temp temp
.vscode

5
.vscode/settings.json vendored
View File

@ -1,5 +0,0 @@
{
"yaml.schemas": {
"https://json.schemastore.org/github-workflow.json": "./.github/workflows/hadolint.yml"
}
}

104
1.18-3.13/Dockerfile
View File

@ -1,104 +0,0 @@
FROM alpine:3.13
ENV PATH /usr/local/go/bin:$PATH
RUN set -eux; \
apk add --no-cache ca-certificates jq curl; \
([ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf); \
apk add --no-cache --virtual .fetch-deps gnupg; \
arch="$(apk --print-arch)"; \
export GOVERSION="$(curl -fsSL 'https://go.dev/dl/?mode=json&include=1.18' | jq -r '.[0].version')"; \
case "$arch" in \
'x86_64') \
export GOAMD64='v1' GOARCH='amd64' GOOS='linux'; \
;; \
'armhf') \
export GOARCH='arm' GOARM='6' GOOS='linux'; \
;; \
'armv7') \
export GOARCH='arm' GOARM='7' GOOS='linux'; \
;; \
'aarch64') \
export GOARCH='arm64' GOOS='linux'; \
;; \
'x86') \
export GOARCH='386' GOOS='linux' CGO_CFLAGS="-fno-stack-protector"; \
;; \
'ppc64le') \
export GOARCH='ppc64le' GOOS='linux'; \
;; \
's390x') \
export GOARCH='s390x' GOOS='linux'; \
;; \
*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
esac; \
# https://github.com/golang/go/issues/38536#issuecomment-616897960
url="https://dl.google.com/go/$GOVERSION.src.tar.gz"; \
# the precompiled binaries published by Go upstream are not compatible with Alpine, so we always build from source here 😅
\
wget -O go.tgz.asc "$url.asc"; \
wget -O go.tgz "$url"; \
\
# https://github.com/golang/go/issues/14739#issuecomment-324767697
GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
# https://www.google.com/linuxrepositories/
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; \
# let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998 D857 78BD 6547 3CB3 BD13'; \
gpg --batch --verify go.tgz.asc go.tgz; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" go.tgz.asc; \
\
tar -C /usr/local -xzf go.tgz; \
rm go.tgz; \
\
apk add --no-cache --virtual .build-deps \
bash \
gcc \
go \
musl-dev \
; \
\
export GOCACHE='/tmp/gocache'; \
\
( \
cd /usr/local/go/src; \
# set GOROOT_BOOTSTRAP + GOHOST* such that we can build Go successfully
export GOROOT_BOOTSTRAP="$(go env GOROOT)" GOHOSTOS="$GOOS" GOHOSTARCH="$GOARCH"; \
./make.bash; \
); \
\
apk del --no-network .build-deps; \
\
# remove a few intermediate / bootstrapping files the official binary release tarballs do not contain
rm -rf \
/usr/local/go/pkg/*/cmd \
/usr/local/go/pkg/bootstrap \
/usr/local/go/pkg/obj \
/usr/local/go/pkg/tool/*/api \
/usr/local/go/pkg/tool/*/go_bootstrap \
/usr/local/go/src/cmd/dist/dist \
"$GOCACHE" \
; \
\
apk del --no-network .fetch-deps; \
\
go version
ENV GOPATH /go
ENV PATH $GOPATH/bin:$PATH
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
WORKDIR $GOPATH
RUN set -eux; \
apk add --no-cache bash make git gcc libc-dev dumb-init && \
go install github.com/go-delve/delve/cmd/dlv@latest && \
go install github.com/cosmtrek/air@latest && \
go install github.com/jstemmer/go-junit-report@latest && \
go install github.com/axw/gocov/gocov@latest && \
chmod -R 777 "$GOPATH" && \
curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \
mv ./merge-junit-v0.1.4-x86_64-unknown-linux-musl/merge-junit /usr/bin/merge-junit && \
rm -rf /merge-junit-v0.1.4-x86_64-unknown-linux-musl
WORKDIR /
ENTRYPOINT ["/usr/bin/dumb-init", "--"]

31
1.18-nofaccessat2/Dockerfile Normal file
View File

@ -0,0 +1,31 @@
FROM golang:1.18-alpine
COPY disable_faccessat2.patch /tmp/disable_faccessat2.patch
RUN set -eux; \
apk add --no-cache --virtual .build-deps gcc make patch git alpine-sdk coreutils cmake sudo && \
mkdir -p /var/cache/distfiles && \
chmod a+w /var/cache/distfiles && \
git clone --depth 1 --branch "v$(cat /etc/alpine-release)" git://git.alpinelinux.org/aports /tmp/aports && \
cd /tmp/aports/main/musl && \
mv /tmp/disable_faccessat2.patch /tmp/aports/main/musl/ && \
sed -i -E 's/\thandle-aux-at_base.patch/\thandle-aux-at_base.patch\n\tdisable_faccessat2.patch/' APKBUILD && \
adduser -G abuild -g "Alpine Package Builder" -s /bin/ash -D builder && \
echo "builder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
chown -R builder:abuild /tmp/aports && \
sudo -u builder sh -c 'abuild checksum && abuild-keygen -an && abuild -r' && \
find /home/builder -type f -name '*.apk' -exec apk add --allow-untrusted --no-cache {} \;; \
sudo -u builder sh -c 'abuild clean && abuild cleancache' && \
apk del --no-network .build-deps && \
deluser builder && \
rm -rf /home/builder /var/cache/distfiles /tmp/aports
RUN set -eux; \
apk add --no-cache bash make git gcc libc-dev jq curl dumb-init && \
go install github.com/go-delve/delve/cmd/dlv@latest && \
go install github.com/cosmtrek/air@latest && \
go install github.com/jstemmer/go-junit-report@latest && \
go install github.com/axw/gocov/gocov@latest && \
chmod -R 777 "$GOPATH" && \
curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \
mv ./merge-junit-v0.1.4-x86_64-unknown-linux-musl/merge-junit /usr/bin/merge-junit && \
rm -rf /merge-junit-v0.1.4-x86_64-unknown-linux-musl
WORKDIR /
ENTRYPOINT ["/usr/bin/dumb-init", "--"]

23
1.18-nofaccessat2/disable_faccessat2.patch Normal file
View File

@ -0,0 +1,23 @@
--- v1.2.3/src/unistd/faccessat.c 2022-04-07 20:12:40.000000000 +0300
+++ v1.2.1/src/unistd/faccessat.c 2020-08-04 07:21:09.000000000 +0300
@@ -25,17 +25,12 @@
int faccessat(int fd, const char *filename, int amode, int flag)
{
- if (flag) {
- int ret = __syscall(SYS_faccessat2, fd, filename, amode, flag);
- if (ret != -ENOSYS) return __syscall_ret(ret);
- }
+ if (!flag || (flag==AT_EACCESS && getuid()==geteuid() && getgid()==getegid()))
+ return syscall(SYS_faccessat, fd, filename, amode, flag);
- if (flag & ~AT_EACCESS)
+ if (flag != AT_EACCESS)
return __syscall_ret(-EINVAL);
- if (!flag || (getuid()==geteuid() && getgid()==getegid()))
- return syscall(SYS_faccessat, fd, filename, amode);
-
char stack[1024];
sigset_t set;
pid_t pid;

10
1.18-nofaccessat2/faccessat2-test.c Normal file
View File

@ -0,0 +1,10 @@
#include <unistd.h>
#include <fcntl.h>
int main() {
// TODO: Use this code to test resulting images.
// Should not call faccessat2 under the hood.
faccessat(0, "/", R_OK, AT_EACCESS);
return 0;
}

104
1.19-3.13/Dockerfile
View File

@ -1,104 +0,0 @@
FROM alpine:3.13
ENV PATH /usr/local/go/bin:$PATH
RUN set -eux; \
apk add --no-cache ca-certificates jq curl; \
([ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf); \
apk add --no-cache --virtual .fetch-deps gnupg; \
arch="$(apk --print-arch)"; \
export GOVERSION="$(curl -fsSL 'https://go.dev/dl/?mode=json&include=1.19' | jq -r '.[0].version')"; \
case "$arch" in \
'x86_64') \
export GOAMD64='v1' GOARCH='amd64' GOOS='linux'; \
;; \
'armhf') \
export GOARCH='arm' GOARM='6' GOOS='linux'; \
;; \
'armv7') \
export GOARCH='arm' GOARM='7' GOOS='linux'; \
;; \
'aarch64') \
export GOARCH='arm64' GOOS='linux'; \
;; \
'x86') \
export GOARCH='386' GOOS='linux' CGO_CFLAGS="-fno-stack-protector"; \
;; \
'ppc64le') \
export GOARCH='ppc64le' GOOS='linux'; \
;; \
's390x') \
export GOARCH='s390x' GOOS='linux'; \
;; \
*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
esac; \
# https://github.com/golang/go/issues/38536#issuecomment-616897960
url="https://dl.google.com/go/$GOVERSION.src.tar.gz"; \
# the precompiled binaries published by Go upstream are not compatible with Alpine, so we always build from source here 😅
\
wget -O go.tgz.asc "$url.asc"; \
wget -O go.tgz "$url"; \
\
# https://github.com/golang/go/issues/14739#issuecomment-324767697
GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
# https://www.google.com/linuxrepositories/
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; \
# let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998 D857 78BD 6547 3CB3 BD13'; \
gpg --batch --verify go.tgz.asc go.tgz; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" go.tgz.asc; \
\
tar -C /usr/local -xzf go.tgz; \
rm go.tgz; \
\
apk add --no-cache --virtual .build-deps \
bash \
gcc \
go \
musl-dev \
; \
\
export GOCACHE='/tmp/gocache'; \
\
( \
cd /usr/local/go/src; \
# set GOROOT_BOOTSTRAP + GOHOST* such that we can build Go successfully
export GOROOT_BOOTSTRAP="$(go env GOROOT)" GOHOSTOS="$GOOS" GOHOSTARCH="$GOARCH"; \
./make.bash; \
); \
\
apk del --no-network .build-deps; \
\
# remove a few intermediate / bootstrapping files the official binary release tarballs do not contain
rm -rf \
/usr/local/go/pkg/*/cmd \
/usr/local/go/pkg/bootstrap \
/usr/local/go/pkg/obj \
/usr/local/go/pkg/tool/*/api \
/usr/local/go/pkg/tool/*/go_bootstrap \
/usr/local/go/src/cmd/dist/dist \
"$GOCACHE" \
; \
\
apk del --no-network .fetch-deps; \
\
go version
ENV GOPATH /go
ENV PATH $GOPATH/bin:$PATH
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
WORKDIR $GOPATH
RUN set -eux; \
apk add --no-cache bash make git gcc libc-dev dumb-init && \
go install github.com/go-delve/delve/cmd/dlv@latest && \
go install github.com/cosmtrek/air@latest && \
go install github.com/jstemmer/go-junit-report@latest && \
go install github.com/axw/gocov/gocov@latest && \
chmod -R 777 "$GOPATH" && \
curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \
mv ./merge-junit-v0.1.4-x86_64-unknown-linux-musl/merge-junit /usr/bin/merge-junit && \
rm -rf /merge-junit-v0.1.4-x86_64-unknown-linux-musl
WORKDIR /
ENTRYPOINT ["/usr/bin/dumb-init", "--"]

4
README.md
View File

@ -8,7 +8,8 @@ A minimal Dockerfile based on Go 1.16, 1.17, 1.18 and alpine with dumb-init and
## What's included ## What's included
- Go 1.16 / 1.17 / 1.18 - Go 1.16 / 1.17 / 1.18 / 1.19
- images with patched musl to disable `faccessat2` syscall (workaround for CI systems with docker & seccomp filter bug, [see this](https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2))
- bash - bash
- make - make
- git - git
@ -19,6 +20,7 @@ A minimal Dockerfile based on Go 1.16, 1.17, 1.18 and alpine with dumb-init and
- air - air
- delve - delve
- gocov - gocov
- merge-junit
- go-junit-report - go-junit-report
- dumb-init - dumb-init