feat: package swtpm & deps

packages/expect/Containerfile

@@ -0,0 +1,48 @@
+FROM scratch AS base
+ENV VERSION=5.45.4
+ENV SRC_HASH=49a7da83b0bdd9f46d04a04deec19c7767bb9a323e40c4781f89caf760b92c34
+ENV SRC_FILE=expect${VERSION}.tar.gz
+ENV SRC_SITE=https://downloads.sourceforge.net/project/expect/Expect/${VERSION}/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} ${SRC_FILE}
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/make . /
+COPY --from=stagex/perl . /
+COPY --from=stagex/automake . /
+COPY --from=stagex/autoconf . /
+COPY --from=stagex/m4 . /
+COPY --from=stagex/pkgconf . /
+COPY --from=stagex/tcl . /
+RUN tar -xvf $SRC_FILE
+WORKDIR /expect${VERSION}
+ADD *.patch .
+RUN --network=none <<-EOF
+    set -eux
+    patch -Np0 -i expect-5.45-format-security.patch
+    patch -Np1 -i expect-c99.patch
+    patch -Np1 -i expect-configure-c99.patch
+    autoreconf -vif
+    ./configure \
+        --build=x86_64-unknown-linux-musl \
+        --host=x86_64-unknown-linux-musl \
+        --prefix=/usr/ \
+        --sysconfdir=/etc \
+        --localstatedir=/var \
+        --mandir=/usr/share/man \
+        --with-tcl=/usr/lib \
+        --with-tclinclude=/usr/include \
+        --disable-rpath
+        make -j "$(nproc)"
+EOF
+
+FROM build AS install
+RUN --network=none make DESTDIR=/rootfs install
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /

packages/expect/expect-5.45-format-security.patch

@@ -0,0 +1,13 @@
+--- exp_clib.c.orig	2017-03-24 10:34:37.269183513 -0400
++++ exp_clib.c	2017-03-24 10:34:41.171117943 -0400
+@@ -1938,8 +1938,8 @@
+      char *str;
+ {
+   if (exp_is_debugging) {
+-    fprintf(stderr,str);
+-    if (exp_logfile) fprintf(exp_logfile,str);
++    fprintf(stderr, "%s", str);
++    if (exp_logfile) fprintf(exp_logfile, "%s", str);
+   }
+ }
+ 

packages/expect/expect-c99.patch

@@ -0,0 +1,24 @@
+Adjustments for compatibility with the currrent (Tcl 8.4.0+) channel
+implementation.
+
+diff --git a/exp_chan.c b/exp_chan.c
+index c92e26b6fbd02305..944200a63b102672 100644
+--- a/exp_chan.c
++++ b/exp_chan.c
+@@ -60,7 +60,7 @@ void			exp_background_channelhandler _ANSI_ARGS_((ClientData,
+ 
+ Tcl_ChannelType expChannelType = {
+     "exp",				/* Type name. */
+-    ExpBlockModeProc,			/* Set blocking/nonblocking mode.*/
++    TCL_CHANNEL_VERSION_2,
+     ExpCloseProc,			/* Close proc. */
+     ExpInputProc,			/* Input proc. */
+     ExpOutputProc,			/* Output proc. */
+@@ -70,6 +70,7 @@ Tcl_ChannelType expChannelType = {
+     ExpWatchProc,			/* Initialize notifier. */
+     ExpGetHandleProc,			/* Get OS handles out of channel. */
+     NULL,				/* Close2 proc */
++    ExpBlockModeProc,			/* Set blocking/nonblocking mode.*/
+ };
+ 
+ typedef struct ThreadSpecificData {

packages/expect/expect-configure-c99.patch

@@ -0,0 +1,200 @@
+Avoid calling exit without declaring the function.
+
+Add missing <string.h> include for memcpy.
+
+Use AC_TYPE_SIGNAL to fix REARM_SIG check.  Add missing includes.
+
+Fix various implicit int return types of main.
+
+Submitted upstream here: <https://sourceforge.net/p/expect/patches/24/#6759>
+
+diff --git a/configure.in b/configure.in
+index 51558fa14d2bcf7e..055c88fbd8797eaa 100755
+--- a/configure.in
++++ b/configure.in
+@@ -452,7 +452,11 @@ AC_CHECK_FUNC(siglongjmp, AC_DEFINE(HAVE_SIGLONGJMP))
+ # because Unixware 2.0 handles it specially and refuses to compile
+ # autoconf's automatic test that is a call with no arguments
+ AC_MSG_CHECKING([for memcpy])
+-AC_TRY_LINK(,[
++AC_TRY_LINK([
++#ifdef HAVE_STRING_H
++#include <string.h>
++#endif
++],[
+ char *s1, *s2;
+ memcpy(s1,s2,0);
+ ],
+@@ -469,6 +473,7 @@ memcpy(s1,s2,0);
+ AC_MSG_CHECKING([if WNOHANG requires _POSIX_SOURCE])
+ AC_TRY_RUN([
+ #include <sys/wait.h>
++int
+ main() {
+ #ifndef WNOHANG
+ 	return 0;
+@@ -489,6 +494,7 @@ rm -rf wnohang
+ AC_TRY_RUN([
+ #include <stdio.h>
+ #include <sys/wait.h>
++int
+ main() {
+ #ifdef WNOHANG
+ 	FILE *fp = fopen("wnohang","w");
+@@ -527,16 +533,21 @@ else
+   AC_DEFINE(SELECT_MASK_TYPE, fd_set)
+ fi
+ 
+-dnl # Check for the data type of the function used in signal(). This
+-dnl # must be before the test for rearming.
+-dnl # echo checking return type of signal handlers
+-dnl AC_HEADER_EGREP([(void|sighandler_t).*signal], signal.h, retsigtype=void,AC_DEFINE(RETSIGTYPE, int) retsigtype=int)
++AC_TYPE_SIGNAL
+ 
+ # FIXME: check if alarm exists
+ AC_MSG_CHECKING([if signals need to be re-armed])
+ AC_TRY_RUN([
+ #include <signal.h>
+-#define RETSIGTYPE $retsigtype
++#ifdef HAVE_STDLIB_H
++# include <stdlib.h>
++#endif
++#ifdef HAVE_UNISTD_H
++# include <unistd.h>
++#endif
++#ifndef NO_SYS_WAIT_H
++# include <sys/wait.h>
++#endif
+ 
+ int signal_rearms = 0;
+ 
+@@ -553,6 +564,7 @@ int n;
+ signal_rearms++;
+ }
+ 
++int
+ main()
+ {
+ 	signal(SIGINT,parent_sigint_handler);
+@@ -714,10 +726,11 @@ fi
+ AC_MSG_CHECKING([for struct sgttyb])
+ AC_TRY_RUN([
+ #include <sgtty.h>
++int
+ main()
+ {
+   struct sgttyb tmp;
+-  exit(0);
++  return 0;
+ }],
+         AC_MSG_RESULT(yes)
+         AC_DEFINE(HAVE_SGTTYB)
+@@ -738,10 +751,11 @@ if test $mach -eq 0 ; then
+   # pty_termios.c is set up to handle pty_termio.
+   AC_MSG_CHECKING([for struct termio])
+   AC_TRY_RUN([#include <termio.h>
++  int
+   main()
+   {
+     struct termio tmp;
+-    exit(0);
++    return 0;
+   }],
+         AC_DEFINE(HAVE_TERMIO)
+         PTY_TYPE=termios
+@@ -760,10 +774,11 @@ if test $mach -eq 0 ; then
+ #  include <inttypes.h>
+ #  endif
+ #  include <termios.h>
++  int
+   main()
+   {
+     struct termios tmp;
+-    exit(0);
++    return 0;
+   }],
+         AC_DEFINE(HAVE_TERMIOS)
+         PTY_TYPE=termios
+@@ -782,6 +797,7 @@ AC_TRY_RUN([
+ #include <inttypes.h>
+ #endif
+ #include <termios.h>
++int
+ main() {
+ #if defined(TCGETS) || defined(TCGETA)
+ 	return 0;
+@@ -804,6 +820,7 @@ AC_TRY_RUN([
+ #include <inttypes.h>
+ #endif
+ #include <termios.h>
++int
+ main() {
+ #ifdef TIOCGWINSZ
+ 	return 0;
+@@ -823,6 +840,7 @@ main() {
+ AC_MSG_CHECKING([for Cray-style ptys])
+ SETUID=":"
+ AC_TRY_RUN([
++int
+ main(){
+ #ifdef CRAY
+ 	return 0;
+@@ -878,12 +896,13 @@ AC_MSG_CHECKING([for SV-style timezone])
+ AC_TRY_RUN([
+ extern char *tzname[2];
+ extern int daylight;
++int
+ main()
+ {
+   int *x = &daylight;
+   char **y = tzname;
+ 
+-  exit(0);
++  return 0;
+ }],
+ 	AC_DEFINE(HAVE_SV_TIMEZONE)
+ 	AC_MSG_RESULT(yes),
+diff --git a/tclconfig/tcl.m4 b/tclconfig/tcl.m4
+index 0689cab3da994068..ebe839e5553ba520 100644
+--- a/tclconfig/tcl.m4
++++ b/tclconfig/tcl.m4
+@@ -2400,7 +2400,7 @@ AC_DEFUN([TEA_TIME_HANDLER], [
+ 	AC_TRY_COMPILE([#include <time.h>],
+ 	    [extern long timezone;
+ 	    timezone += 1;
+-	    exit (0);],
++	    return 0;],
+ 	    tcl_cv_timezone_long=yes, tcl_cv_timezone_long=no)])
+     if test $tcl_cv_timezone_long = yes ; then
+ 	AC_DEFINE(HAVE_TIMEZONE_VAR, 1, [Should we use the global timezone variable?])
+@@ -2412,7 +2412,7 @@ AC_DEFUN([TEA_TIME_HANDLER], [
+ 	    AC_TRY_COMPILE([#include <time.h>],
+ 		[extern time_t timezone;
+ 		timezone += 1;
+-		exit (0);],
++		return 0;],
+ 		tcl_cv_timezone_time=yes, tcl_cv_timezone_time=no)])
+ 	if test $tcl_cv_timezone_time = yes ; then
+ 	    AC_DEFINE(HAVE_TIMEZONE_VAR, 1, [Should we use the global timezone variable?])
+@@ -2452,17 +2452,17 @@ AC_DEFUN([TEA_BUGGY_STRTOD], [
+ 		    double value;
+ 		    value = strtod(infString, &term);
+ 		    if ((term != infString) && (term[-1] == 0)) {
+-			exit(1);
++			return 1;
+ 		    }
+ 		    value = strtod(nanString, &term);
+ 		    if ((term != nanString) && (term[-1] == 0)) {
+-			exit(1);
++			return 1;
+ 		    }
+ 		    value = strtod(spaceString, &term);
+ 		    if (term == (spaceString+1)) {
+-			exit(1);
++			return 1;
+ 		    }
+-		    exit(0);
++		    return 0;
+ 		}], tcl_cv_strtod_buggy=ok, tcl_cv_strtod_buggy=buggy,
+ 		    tcl_cv_strtod_buggy=buggy)])
+ 	if test "$tcl_cv_strtod_buggy" = buggy; then

packages/json-glib/Containerfile

@@ -0,0 +1,59 @@
+FROM scratch AS base
+ARG ARCH=x86_64
+ENV VERSION=1.8.0
+ENV SRC_HASH=97ef5eb92ca811039ad50a65f06633f1aae64792789307be7170795d8b319454
+ENV SRC_FILE=json-glib-${VERSION}.tar.xz
+ENV SRC_SITE=https://download.gnome.org/sources/json-glib/1.8/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} ${SRC_FILE}
+
+FROM fetch AS build
+COPY --from=stagex/python . /
+COPY --from=stagex/zlib . /
+COPY --from=stagex/bzip2 . /
+COPY --from=stagex/pkgconf . /
+COPY --from=stagex/linux-headers . /
+COPY --from=stagex/ncurses . /
+COPY --from=stagex/meson . /
+COPY --from=stagex/busybox . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/make . /
+COPY --from=stagex/cmake . /
+COPY --from=stagex/pcre2 . /
+COPY --from=stagex/python . /
+COPY --from=stagex/bison . /
+COPY --from=stagex/flex . /
+COPY --from=stagex/py-packaging . /
+COPY --from=stagex/libxslt . /
+COPY --from=stagex/libffi . /
+COPY --from=stagex/xz . /
+COPY --from=stagex/expat . /
+COPY --from=stagex/rhash . /
+COPY --from=stagex/libxml2 . /
+COPY --from=stagex/util-linux . /
+COPY --from=stagex/libxslt . /
+COPY --from=stagex/gettext . /
+COPY --from=stagex/ninja . /
+COPY --from=stagex/glib . /
+RUN tar -xf ${SRC_FILE}
+WORKDIR /json-glib-${VERSION}
+RUN --network=none <<-EOF
+	set -eux
+    meson setup \
+		--default-library=shared \
+		--prefix=/usr \
+		-Dgtk_doc=disabled \
+		. output
+	meson compile -C output
+	meson install --no-rebuild -C output
+EOF
+
+FROM build AS install
+RUN DESTDIR=/rootfs meson install --no-rebuild -C output
+RUN find /rootfs -exec touch -hcd "@0" "{}" +
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /

packages/libtasn1/Containerfile

@@ -0,0 +1,38 @@
+FROM scratch AS base
+ENV VERSION=4.19.0
+ENV SRC_HASH=1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a
+ENV SRC_FILE=libtasn1-${VERSION}.tar.gz
+ENV SRC_SITE=https://ftp.gnu.org/gnu/libtasn1/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} ${SRC_FILE}
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/make . /
+COPY --from=stagex/npth . /
+COPY --from=stagex/libgpg-error . /
+RUN tar -xvf $SRC_FILE
+WORKDIR /libtasn1-${VERSION}
+RUN --network=none <<-EOF
+	set -eux
+	./configure \
+		--build=x86_64-unknown-linux-musl \
+		--host=x86_64-unknown-linux-musl \
+		--prefix=/usr/ \
+		--bindir=/usr/bin \
+        --sysconfdir=/etc \
+        --localstatedir=/var \
+		--mandir=/usr/share/man \
+        --disable-static
+	make -j "$(nproc)"
+EOF
+
+FROM build AS install
+RUN --network=none make DESTDIR=/rootfs install
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /

packages/libtpms/Containerfile

@@ -0,0 +1,45 @@
+FROM scratch AS base
+ARG ARCH=x86_64
+ENV VERSION=0.9.6
+ENV SRC_HASH=2807466f1563ebe45fdd12dd26e501e8a0c4fbb99c7c428fbb508789efd221c0
+ENV SRC_FILE=v${VERSION}.tar.gz
+ENV SRC_SITE=https://github.com/stefanberger/libtpms/archive/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/make . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/m4 . /
+COPY --from=stagex/perl . /
+COPY --from=stagex/autoconf . /
+COPY --from=stagex/automake . /
+COPY --from=stagex/pkgconf . /
+COPY --from=stagex/libtool . /
+COPY --from=stagex/openssl . /
+COPY --from=stagex/libtasn1 . /
+RUN tar -xf ${SRC_FILE}
+WORKDIR /libtpms-${VERSION}
+RUN --network=none <<-EOF
+    set -ex
+    NOCONFIGURE=1 ./autogen.sh
+    ./configure \
+        --build=${ARCH}-linux-musl \
+        --host=${ARCH}-linux-musl \
+        --prefix=/usr \
+        --libdir=/usr/lib \
+        --with-openssl \
+        --with-tss-user=root \
+        --with-tss-group=root
+    make -j "$(nproc)"
+EOF
+
+FROM build AS install
+RUN --network=none make DESTDIR="/rootfs" install
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /

packages/socat/Containerfile

@@ -0,0 +1,31 @@
+FROM scratch AS base
+ENV VERSION=1.8.0.0
+ENV SRC_HASH=6010f4f311e5ebe0e63c77f78613d264253680006ac8979f52b0711a9a231e82
+ENV SRC_FILE=socat-${VERSION}.tar.gz
+ENV SRC_SITE=http://www.dest-unreach.org/socat/download/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} ${SRC_FILE}
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/make . /
+RUN tar -xvf $SRC_FILE
+WORKDIR /socat-${VERSION}
+RUN --network=none <<-EOF
+	set -eux
+	./configure \
+		--build=x86_64-unknown-linux-musl \
+		--host=x86_64-unknown-linux-musl \
+		--prefix=/usr/
+	make -j "$(nproc)"
+EOF
+
+FROM build AS install
+RUN --network=none make DESTDIR=/rootfs install
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /

packages/swtpm/Containerfile

@@ -0,0 +1,60 @@
+FROM scratch AS base
+ARG ARCH=x86_64
+ENV VERSION=0.9.0
+ENV SRC_HASH=9679ca171e8aaa3c4e4053e8bc1d10c8dabf0220bd4b16aba78743511c25f731
+ENV SRC_FILE=v${VERSION}.tar.gz
+ENV SRC_SITE=https://github.com/stefanberger/swtpm/archive/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/make . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/m4 . /
+COPY --from=stagex/perl . /
+COPY --from=stagex/autoconf . /
+COPY --from=stagex/automake . /
+COPY --from=stagex/pkgconf . /
+COPY --from=stagex/libtool . /
+COPY --from=stagex/openssl . /
+COPY --from=stagex/libtasn1 . /
+COPY --from=stagex/libtpms . /
+COPY --from=stagex/libffi . /
+COPY --from=stagex/zlib . /
+COPY --from=stagex/pcre2 . /
+COPY --from=stagex/gmp . /
+COPY --from=stagex/glib . /
+COPY --from=stagex/json-glib . /
+COPY --from=stagex/bash . /
+COPY --from=stagex/expect . /
+COPY --from=stagex/gettext . /
+COPY --from=stagex/gawk . /
+COPY --from=stagex/socat . /
+COPY --from=stagex/python . /
+COPY --from=stagex/libseccomp . /
+COPY --from=stagex/linux-headers . /
+RUN tar -xf ${SRC_FILE}
+WORKDIR /swtpm-${VERSION}
+RUN --network=none <<-EOF
+    set -ex
+    NOCONFIGURE=1 ./autogen.sh
+    ./configure \
+        --build=${ARCH}-linux-musl \
+        --host=${ARCH}-linux-musl \
+        --prefix=/usr \
+        --libdir=/usr/lib \
+        --with-openssl \
+        --with-tss-user=root \
+        --with-tss-group=root
+    make -j "$(nproc)"
+EOF
+
+FROM build AS install
+RUN --network=none make DESTDIR="/rootfs" install
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /

packages/tcl/Containerfile

@@ -31,7 +31,7 @@ RUN --network=none <<-EOF
 EOF
 
 FROM build AS install
-RUN --network=none make DESTDIR=/rootfs install
+RUN --network=none make DESTDIR=/rootfs install install-private-headers
 
 FROM stagex/filesystem AS package
 COPY --from=install /rootfs/. /