FROM scratch AS base
ARG ARCH=x86_64
ENV VERSION=1.2
ENV SRC_HASH=3b8cf51548dfc49b7efe035e191ff5e1963ebc4fe8f6064a5eefc5343eaf78a5
ENV SRC_FILE=samurai-${VERSION}.tar.gz
ENV SRC_SITE=https://github.com/michaelforney/samurai/releases/download/${VERSION}/${SRC_FILE}

FROM base AS fetch
ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} ${SRC_FILE}

FROM fetch AS build
COPY --from=stagex/musl . /
COPY --from=stagex/gcc . /
COPY --from=stagex/busybox . /
COPY --from=stagex/binutils . /
COPY --from=stagex/make . /
COPY --from=stagex/pkgconf . /
RUN tar -xf ${SRC_FILE}
WORKDIR /samurai-${VERSION}
COPY *.patch .
RUN --network=none <<-EOF
	set -eux
	patch -p1 CVE-2021-30218.patch
	patch -p1 CVE-2021-30219.patch
	make CFLAGS="-O2" CC=gcc -j "$(nproc)"
EOF

FROM build AS install
RUN make DESTDIR=/rootfs install
RUN find /rootfs -exec touch -hcd "@0" "{}" +

FROM stagex/filesystem AS package
COPY --from=install /rootfs/. /