stagex/packages/ca-certificates/Containerfile

FROM scratch AS base

ENV SRC_1_VERSION=NSS_3_100_RTM
ENV SRC_1_HASH=4d96bd539f4719e9ace493757afbe4a23ee8579de1c97fbebc50bba3c12e8c1e
ENV SRC_1_FILE=certdata.txt
ENV SRC_1_SITE=https://hg.mozilla.org/projects/nss/raw-file/${SRC_1_VERSION}/lib/ckfw/builtins/${SRC_1_FILE}

ENV SRC_2_VERSION=20240315
ENV SRC_2_HASH=0a6f1ac76c722353492a44c365afb74638971beb4de4349cee0c881db1b8f6df
ENV SRC_2_FILE=ca-certificates-${SRC_2_VERSION}.tar.gz
ENV SRC_2_SITE=https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/${SRC_2_VERSION}/${SRC_2_FILE}

FROM base AS fetch
ADD --checksum=sha256:${SRC_1_HASH} ${SRC_1_SITE} /
ADD --checksum=sha256:${SRC_2_HASH} ${SRC_2_SITE} /

FROM fetch AS build
COPY --from=stagex/busybox . /
COPY --from=stagex/binutils . /
COPY --from=stagex/make . /
COPY --from=stagex/musl . /
COPY --from=stagex/gcc . /
COPY --from=stagex/openssl . /
COPY --from=stagex/perl . /
RUN tar -xf ca-certificates-${SRC_2_VERSION}.tar.gz
WORKDIR /ca-certificates-${SRC_2_VERSION}
ADD *.patch .
RUN --network=none <<-EOF
	set -eux
	patch -p1 < remove-timestamp.patch
	rm -f ./certdata.txt
	mv ../certdata.txt ./certdata.txt
	make
EOF

FROM build AS install
RUN --network=none make install DESTDIR=/rootfs
RUN --network=none mv cert.pem /rootfs/etc/ssl/certs/ca-certificates.crt

FROM stagex/filesystem AS package
COPY --from=install /rootfs/. /
feat: remove locally hosted ca-certificates 2024-05-20 14:06:29 +00:00			`FROM scratch AS base`
first pass at determinism 2023-12-16 23:50:40 +00:00
feat: remove locally hosted ca-certificates 2024-05-20 14:06:29 +00:00			`ENV SRC_1_VERSION=NSS_3_100_RTM`
			`ENV SRC_1_HASH=4d96bd539f4719e9ace493757afbe4a23ee8579de1c97fbebc50bba3c12e8c1e`
			`ENV SRC_1_FILE=certdata.txt`
			`ENV SRC_1_SITE=https://hg.mozilla.org/projects/nss/raw-file/${SRC_1_VERSION}/lib/ckfw/builtins/${SRC_1_FILE}`

			`ENV SRC_2_VERSION=20240315`
			`ENV SRC_2_HASH=0a6f1ac76c722353492a44c365afb74638971beb4de4349cee0c881db1b8f6df`
			`ENV SRC_2_FILE=ca-certificates-${SRC_2_VERSION}.tar.gz`
			`ENV SRC_2_SITE=https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/${SRC_2_VERSION}/${SRC_2_FILE}`

			`FROM base AS fetch`
			`ADD --checksum=sha256:${SRC_1_HASH} ${SRC_1_SITE} /`
			`ADD --checksum=sha256:${SRC_2_HASH} ${SRC_2_SITE} /`

			`FROM fetch AS build`
fix: normalize all versions and --from names 2024-02-15 15:22:38 +00:00			`COPY --from=stagex/busybox . /`
feat: remove locally hosted ca-certificates 2024-05-20 14:06:29 +00:00			`COPY --from=stagex/binutils . /`
			`COPY --from=stagex/make . /`
			`COPY --from=stagex/musl . /`
			`COPY --from=stagex/gcc . /`
			`COPY --from=stagex/openssl . /`
			`COPY --from=stagex/perl . /`
			`RUN tar -xf ca-certificates-${SRC_2_VERSION}.tar.gz`
Ensure that all WORKDIRs are absolute 2024-08-26 01:18:52 +00:00			`WORKDIR /ca-certificates-${SRC_2_VERSION}`
fix: remove timestamp from ca-certificates 2024-05-21 07:24:56 +00:00			`ADD *.patch .`
feat: remove locally hosted ca-certificates 2024-05-20 14:06:29 +00:00			`RUN --network=none <<-EOF`
			`set -eux`
fix: remove timestamp from ca-certificates 2024-05-21 07:24:56 +00:00			`patch -p1 < remove-timestamp.patch`
feat: remove locally hosted ca-certificates 2024-05-20 14:06:29 +00:00			`rm -f ./certdata.txt`
			`mv ../certdata.txt ./certdata.txt`
			`make`
			`EOF`

fix as->AS casing 2024-08-08 07:47:42 +00:00			`FROM build AS install`
feat: remove locally hosted ca-certificates 2024-05-20 14:06:29 +00:00			`RUN --network=none make install DESTDIR=/rootfs`
			`RUN --network=none mv cert.pem /rootfs/etc/ssl/certs/ca-certificates.crt`
first pass at determinism 2023-12-16 23:50:40 +00:00
feat: remove locally hosted ca-certificates 2024-05-20 14:06:29 +00:00			`FROM stagex/filesystem AS package`
feat: normalize fs/env across all non-bootstrap packages 2024-03-01 18:30:23 +00:00			`COPY --from=install /rootfs/. /`