FROM scratch AS base
ARG ARCH=x86_64
ENV VERSION=1.2.4
ENV SRC_FILE=musl-${VERSION}.tar.gz
ENV SRC_SITE=http://musl.libc.org/releases/${SRC_FILE}
ENV SRC_HASH=7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039
ENV CFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security"
ENV CXXFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security -D_GLIBCXX_ASSERTIONS=1 -D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS=1 -D_LIBCPP_ENABLE_HARDENED_MODE=1"
ENV LDFLAGS="-Wl,--as-needed,-O1,--sort-common -Wl,-soname,libc.musl-${ARCH}.so.1"

FROM base AS fetch
ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .

FROM fetch AS build
COPY --from=stagex/stage3 . /
RUN tar -xzf ${SRC_FILE}
WORKDIR /musl-${VERSION}
ADD *.patch .
RUN --network=none <<-EOF
	set -eux; \
	patch -p1 < lfs64.patch
	patch -p1 < lfs64-2.patch
	patch -p1 < relr-typedefs.patch
	./configure \
		--build=${ARCH}-linux-musl \
		--host=${ARCH}-linux-musl \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--localstatedir=/var \
		--enable-debug
	make -j "$(nproc)"
EOF

FROM build AS install
RUN --network=none <<-EOF
	set -eux
	make DESTDIR=/rootfs install
	mkdir -p /rootfs/usr/bin /rootfs/usr/lib
    rm -rf /rootfs/lib
	ln -sf /usr/lib/ld-musl-${ARCH}.so.1 /rootfs/usr/bin/ldd
	mv -f /rootfs/usr/lib/libc.so /rootfs/usr/lib/ld-musl-${ARCH}.so.1
	ln -sf ld-musl-${ARCH}.so.1 /rootfs/usr/lib/libc.musl-${ARCH}.so.1
	ln -sf /usr/lib/ld-musl-${ARCH}.so.1 /rootfs/usr/lib/libc.so
EOF

FROM stagex/filesystem AS package
COPY --from=install /rootfs/. /