begin work on keyfork

Makefile

@@ -52,13 +52,3 @@ digests.txt:
 
 out/graph.svg: Makefile
 	$(MAKE) -Bnd | make2graph | dot -Tsvg -o graph.svg
-
-src/packages.mk: out/sxctl/index.json $(shell find packages/*/Containerfile | tr '\n' ' ')
-	env -C out/sxctl tar -cf - . | docker load
-	docker run \
-		--rm \
-		--volume .:/src \
-		--user $(shell id -u):$(shell id -g) \
-		stagex/sxctl -baseDir=/src gen make
-	touch $@
-

packages/eudev/Containerfile

@@ -0,0 +1,36 @@
+FROM scratch AS base
+ENV VERSION=3.2.14
+ENV SRC_HASH=8da4319102f24abbf7fff5ce9c416af848df163b29590e666d334cc1927f006f
+ENV SRC_FILE=eudev-${VERSION}.tar.gz
+ENV SRC_SITE=https://github.com/eudev-project/eudev/releases/download/v${VERSION}/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/musl . /
+
+COPY --from=stagex/linux-headers . /
+COPY --from=stagex/make . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/gperf . /
+
+# HACK: figure out why gcc package puts these in the wrong path at install time
+COPY --from=stagex/gcc /usr/lib64/* /usr/lib/
+
+RUN --network=none tar -xf ${SRC_FILE}
+WORKDIR eudev-${VERSION}
+RUN --network=none <<EOF
+set -eux
+./configure
+make
+EOF
+
+FROM build AS install
+RUN --network=none DESTDIR=/rootfs make install
+RUN --network=none find /rootfs -exec touch -hcd "@0" "{}" +
+
+FROM scratch AS package
+COPY --from=install /rootfs /

packages/gmp/Containerfile

@@ -0,0 +1,35 @@
+FROM scratch AS base
+# https://gmplib.org/download/gmp/gmp-6.3.0.tar.xz
+ENV VERSION=6.3.0
+ENV SRC_HASH=a3c2b80201b89e68616f4ad30bc66aee4927c3ce50e33929ca819d5c43538898
+ENV SRC_FILE=gmp-${VERSION}.tar.xz
+ENV SRC_SITE=https://gmplib.org/download/gmp/${SRC_FILE}
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/make . /
+COPY --from=stagex/perl . /
+COPY --from=stagex/autoconf . /
+COPY --from=stagex/automake . /
+COPY --from=stagex/libtool . /
+COPY --from=stagex/m4 . /
+COPY --from=stagex/gcc . /
+
+RUN --network=none tar -xf ${SRC_FILE}
+WORKDIR gmp-${VERSION}
+RUN --network=none <<EOF
+set -eux
+./configure --prefix=/usr
+make
+EOF
+
+FROM build AS install
+RUN --network=none DESTDIR=/rootfs make install
+RUN --network=none find /rootfs -exec touch -hcd "@0" "{}" +
+
+FROM scratch AS package
+COPY --from=install /rootfs /

packages/gperf/Containerfile

@@ -0,0 +1,31 @@
+FROM scratch AS base
+ENV VERSION=3.1
+ENV SRC_HASH=588546b945bba4b70b6a3a616e80b4ab466e3f33024a352fc2198112cdbb3ae2
+ENV SRC_FILE=gperf-${VERSION}.tar.gz
+ENV SRC_SITE=http://ftp.gnu.org/pub/gnu/gperf/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/musl . /
+
+COPY --from=stagex/make . /
+COPY --from=stagex/gcc . /
+
+RUN --network=none tar -xf ${SRC_FILE}
+WORKDIR gperf-${VERSION}
+RUN --network=none <<EOF
+set -eux
+./configure
+make
+EOF
+
+FROM build AS install
+RUN --network=none DESTDIR=/rootfs make install
+RUN --network=none find /rootfs -exec touch -hcd "@0" "{}" +
+
+FROM scratch AS package
+COPY --from=install /rootfs /

packages/keyfork/Containerfile

@@ -0,0 +1,96 @@
+ARG RUST_VERSION=1.76.0
+
+FROM scratch AS base
+ENV VERSION=0.1.0
+# https://git.distrust.co/public/keyfork/archive/keyfork-v0.1.0.tar.gz
+ENV SRC_HASH=f6104056538f846a9575e8e407a1e5bb938eac47b3852de4c7359a6972abdcda
+ENV SRC_FILE=keyfork-v${VERSION}.tar.gz
+ENV SRC_SITE=https://git.distrust.co/public/keyfork/archive/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM stagex/rust:${RUST_VERSION} AS rust
+FROM fetch AS rust-fetch
+
+COPY --from=stagex/busybox . /
+COPY --from=stagex/musl . /
+COPY --from=rust . /
+
+COPY --from=stagex/gcc . /
+COPY --from=stagex/llvm . /
+COPY --from=stagex/libunwind . /
+COPY --from=stagex/openssl . /
+COPY --from=stagex/zlib . /
+
+# NOTE: Necessary for `cargo fetch`, but CA trust is not relied upon
+COPY --from=stagex/ca-certificates . /
+
+# HACK: gcc puts things in /usr/lib64 
+COPY --from=stagex/gcc /usr/lib64/* /usr/lib/
+
+RUN --network=none <<EOF
+set -eux
+mkdir keyfork
+tar xf ${SRC_FILE}
+EOF
+
+WORKDIR keyfork
+
+ADD <<EOF /.cargo/config.toml
+[registries.distrust]
+index = "https://git.distrust.co/public/_cargo-index.git"
+EOF
+
+RUN cargo fetch 
+
+FROM rust-fetch AS build
+
+# Rust build deps
+
+COPY --from=stagex/binutils . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/llvm . /
+COPY --from=stagex/make . /
+COPY --from=stagex/musl . /
+
+# Keyfork build deps
+
+COPY --from=stagex/clang . /
+COPY --from=stagex/linux-headers . /
+COPY --from=stagex/gmp . /
+COPY --from=stagex/nettle . /
+COPY --from=stagex/pcsc-lite . /
+COPY --from=stagex/pkgconf . /
+
+ENV RUST_BACKTRACE=1
+ENV RUSTFLAGS='-C target-feature=-crt-static -C codegen-units=1'
+ENV GIT_REVISION=d338ed98cbb7dd1e9de9340ae9486880dfcb389a
+
+RUN --network=none cargo build --frozen --release --bin keyfork
+
+FROM scratch AS install
+
+COPY --from=stagex/busybox . /
+
+COPY --from=stagex/busybox . /rootfs
+COPY --from=stagex/libunwind . /rootfs
+COPY --from=stagex/gcc . /rootfs
+COPY --from=stagex/musl . /rootfs
+
+# HACK: gcc puts things in /usr/lib64 
+COPY --from=stagex/gcc /usr/lib64/* /rootfs/usr/lib/
+
+COPY --from=stagex/gmp . /rootfs
+COPY --from=stagex/nettle . /rootfs
+COPY --from=stagex/pcsc-lite . /rootfs
+
+COPY --from=build keyfork/target/release/keyfork /rootfs/usr/bin/keyfork
+RUN --network=none find /rootfs -exec touch -hcd "@0" "{}" +
+
+FROM scratch AS package
+
+COPY --from=install /rootfs /
+
+ENTRYPOINT ["/usr/bin/keyfork"]
+CMD ["--version"]

packages/nettle/Containerfile

@@ -0,0 +1,39 @@
+FROM scratch AS base
+ENV VERSION=3.9.1_release_20230601
+ENV SRC_HASH=7278dd8fb89cae88552e1dc4a6294f1c62a8a9548a18f635515242f389797fed
+ENV SRC_FILE=nettle-nettle_${VERSION}.tar.gz
+ENV SRC_SITE=https://git.lysator.liu.se/nettle/nettle/-/archive/nettle_${VERSION}/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/make . /
+COPY --from=stagex/perl . /
+COPY --from=stagex/autoconf . /
+COPY --from=stagex/automake . /
+COPY --from=stagex/libtool . /
+COPY --from=stagex/m4 . /
+COPY --from=stagex/gcc . /
+
+COPY --from=stagex/gmp . /
+
+RUN --network=none tar -xf ${SRC_FILE}
+WORKDIR nettle-nettle_${VERSION}
+RUN --network=none <<EOF
+set -eux
+ls
+autoreconf -vfi
+./configure --prefix=/usr --libdir=/usr/lib --enable-public-key
+make
+EOF
+
+FROM build AS install
+RUN --network=none DESTDIR=/rootfs make install
+RUN --network=none find /rootfs -exec touch -hcd "@0" "{}" +
+
+FROM scratch AS package
+COPY --from=install /rootfs /

packages/pcsc-lite/Containerfile

@@ -16,6 +16,8 @@ COPY --from=stagex/binutils . /
 COPY --from=stagex/make . /
 COPY --from=stagex/perl . /
 COPY --from=stagex/flex . /
+COPY --from=stagex/pkgconf . /
+COPY --from=stagex/eudev . /
 RUN tar -xvf $SRC_FILE
 WORKDIR pcsc-lite-${VERSION}
 RUN --network=none <<-EOF
@@ -36,7 +38,6 @@ RUN --network=none <<-EOF
 		--disable-libsystemd \
 		--disable-polkit \
 		--disable-strict \
-        --disable-libudev \
 		--enable-static
 	make
 EOF

src/packages.mk

@@ -738,7 +738,7 @@ out/openssl/index.json: \
 pcsc-lite: out/pcsc-lite/index.json
 out/pcsc-lite/index.json: \
 	packages/pcsc-lite/Containerfile \
-	out/binutils/index.json \
+	# out/binutils/index.json \
 	out/busybox/index.json \
 	out/flex/index.json \
 	out/gcc/index.json \
@@ -957,3 +957,38 @@ out/zlib/index.json: \
 	out/musl/index.json
 	$(call build,zlib)
 
+.PHONY: openrc
+openrc: out/openrc/index.json
+out/openrc/index.json: \
+	packages/openrc/Containerfile
+	$(call build,openrc)
+
+.PHONY: eudev
+eudev: out/eudev/index.json
+out/eudev/index.json: \
+	packages/eudev/Containerfile
+	$(call build,eudev)
+
+.PHONY: gperf
+gperf: out/gperf/index.json
+out/gperf/index.json: \
+	packages/gperf/Containerfile
+	$(call build,gperf)
+
+.PHONY: nettle
+nettle: out/nettle/index.json
+out/nettle/index.json: \
+	packages/nettle/Containerfile
+	$(call build,nettle)
+
+.PHONY: gmp
+gmp: out/gmp/index.json
+out/gmp/index.json: \
+	packages/gmp/Containerfile
+	$(call build,gmp)
+
+.PHONY: keyfork
+keyfork: out/keyfork/index.json
+out/keyfork/index.json: \
+	packages/keyfork/Containerfile
+	$(call build,keyfork)