33 lines
920 B
Docker
33 lines
920 B
Docker
FROM scratch AS base
|
|
ARG ARCH=x86_64
|
|
ENV VERSION=1.2
|
|
ENV SRC_HASH=3b8cf51548dfc49b7efe035e191ff5e1963ebc4fe8f6064a5eefc5343eaf78a5
|
|
ENV SRC_FILE=samurai-${VERSION}.tar.gz
|
|
ENV SRC_SITE=https://github.com/michaelforney/samurai/releases/download/${VERSION}/${SRC_FILE}
|
|
|
|
FROM base AS fetch
|
|
ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} ${SRC_FILE}
|
|
|
|
FROM fetch AS build
|
|
COPY --from=stagex/musl . /
|
|
COPY --from=stagex/gcc . /
|
|
COPY --from=stagex/busybox . /
|
|
COPY --from=stagex/binutils . /
|
|
COPY --from=stagex/make . /
|
|
COPY --from=stagex/pkgconf . /
|
|
RUN tar -xf ${SRC_FILE}
|
|
WORKDIR samurai-${VERSION}
|
|
COPY *.patch .
|
|
RUN --network=none <<-EOF
|
|
set -eux
|
|
patch -p1 CVE-2021-30218.patch
|
|
patch -p1 CVE-2021-30219.patch
|
|
make CFLAGS="-O2" CC=gcc -j "$(nproc)"
|
|
EOF
|
|
|
|
FROM build AS install
|
|
RUN make DESTDIR=/rootfs install
|
|
RUN find /rootfs -exec touch -hcd "@0" "{}" +
|
|
|
|
FROM stagex/filesystem AS package
|
|
COPY --from=install /rootfs/. /
|