fix(build): set GOTOOLCHAIN="auto" for alpine

This also refactors Dockerfile.alpine-tracee-make splitting it in stages to improve caching and reduce image size. Oportunistically, this also changes the previous and Dockerfile.alpine-tracee-container to use TARGETARCH docker arg instead of checking uname -m.
aquasecurity · Aug 29, 2024 · 9e9852f · 9e9852f
1 parent 82ac17b
commit 9e9852f
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 63 deletions.
diff --git a/builder/Dockerfile.alpine-tracee-container b/builder/Dockerfile.alpine-tracee-container
@@ -2,6 +2,7 @@
 # Creates the official tracee containers.
 #
 
+ARG TARGETARCH
 ARG BTFHUB=0
 ARG FLAVOR=tracee-ebpf-core
 
@@ -38,8 +39,7 @@ RUN apk --no-cache update && \
 # install OPA
 
 # ARG OPA_VERSION
-# RUN altarch=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
-# curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_${altarch}_static && \
+# RUN curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_${TARGETARCH}_static && \
 # chmod 755 /usr/bin/opa
 
 # Stage 2: Copy the OPA binary from the OPA extractor
@@ -102,9 +102,8 @@ RUN apk --no-cache update && \
 
 # install GO
 ARG GO_VERSION
-RUN altarch=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
-    curl -L -o go${GO_VERSION}.linux-${altarch}.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-${altarch}.tar.gz && \
-    tar -C /usr/local -xzf go${GO_VERSION}.linux-${altarch}.tar.gz && \
+RUN curl -L -o go${GO_VERSION}.linux-${TARGETARCH}.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz && \
+    tar -C /usr/local -xzf go${GO_VERSION}.linux-${TARGETARCH}.tar.gz && \
     echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile && \
     echo 'export GOROOT=/usr/local/go' >> /etc/profile && \
     echo 'export GOPATH=$HOME/go' >> /etc/profile && \

diff --git a/builder/Dockerfile.alpine-tracee-make b/builder/Dockerfile.alpine-tracee-make
@@ -1,41 +1,24 @@
+# Creates a local docker building environment (alpine)
+
 #
-# Creates a local docker building environment (alpine).
+# alpine-base: install necessary packages and tools
 #
 
-FROM alpine:3.19
+FROM alpine:3.19 AS alpine-base
+LABEL AS=alpine-base
+USER root
 
-ARG uid=1000
-ARG gid=1000
+ARG TARGETARCH
 
 # install needed environment
-
 RUN apk --no-cache update && \
-    apk --no-cache add sudo coreutils findutils && \
-    apk --no-cache add bash git curl rsync && \
-    apk --no-cache add clang14 llvm14 && \
-    apk --no-cache add musl-dev libc6-compat && \
-    apk --no-cache add go make gcc && \
-    apk --no-cache add linux-headers && \
-    apk --no-cache add elfutils-dev && \
-    apk --no-cache add libelf-static && \
-    apk --no-cache add zlib-static && \
-    apk --no-cache add zstd-static && \
-    rm -f /usr/bin/cc && \
-    rm -f /usr/bin/clang && \
-    rm -f /usr/bin/clang++ && \
-    rm -f /usr/bin/llc && \
-    rm -f /usr/bin/lld && \
-    rm -f /usr/bin/clangd && \
-    rm -f /usr/bin/clang-format && \
-    rm -f /usr/bin/llvm-strip && \
-    rm -f /usr/bin/llvm-config && \
-    rm -f /usr/bin/ld.lld && \
-    rm -f /usr/bin/llvm-ar && \
-    rm -f /usr/bin/llvm-nm && \
-    rm -f /usr/bin/llvm-objcopy && \
-    rm -f /usr/bin/llvm-objdump && \
-    rm -f /usr/bin/llvm-readelf && \
-    rm -f /usr/bin/opt && \
+    apk --no-cache add sudo coreutils findutils bash git curl rsync && \
+    apk --no-cache add clang14 llvm14 musl-dev libc6-compat make gcc linux-headers elfutils-dev libelf-static zlib-static zstd-static
+
+# set up symlinks for Clang and LLVM tools
+RUN rm -f /usr/bin/cc /usr/bin/clang /usr/bin/clang++ /usr/bin/llc /usr/bin/lld /usr/bin/clangd \
+          /usr/bin/clang-format /usr/bin/llvm-strip /usr/bin/llvm-config /usr/bin/ld.lld /usr/bin/llvm-ar \
+          /usr/bin/llvm-nm /usr/bin/llvm-objcopy /usr/bin/llvm-objdump /usr/bin/llvm-readelf /usr/bin/opt && \
     ln -s /usr/lib/llvm14/bin/clang /usr/bin/cc && \
     ln -s /usr/lib/llvm14/bin/clang /usr/bin/clang && \
     ln -s /usr/lib/llvm14/bin/clang++ /usr/bin/clang++ && \
@@ -54,51 +37,55 @@ RUN apk --no-cache update && \
     ln -s /usr/lib/llvm14/bin/opt /usr/bin/opt
 
 # install bpftool from btfhub
-
 RUN cd /tmp && \
     git clone https://github.com/aquasecurity/btfhub.git && \
     cd ./btfhub && \
     ./3rdparty/bpftool.sh
 
 # install OPA
-
-RUN altarch=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
-    curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/v0.63.0/opa_linux_${altarch}_static && \
+RUN curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/v0.63.0/opa_linux_${TARGETARCH}_static && \
     chmod 755 /usr/bin/opa
 
-# extra tools for testing things
+# install extra tools for testing things
+RUN apk --no-cache add man-pages man-pages-posix bash-completion vim iproute2 vlan bridge-utils net-tools \
+    netcat-openbsd iputils wget lynx w3m stress-ng
 
-RUN apk --no-cache add man-pages man-pages-posix bash-completion vim && \
-    apk --no-cache add iproute2 vlan bridge-utils net-tools && \
-    apk --no-cache add netcat-openbsd iputils && \
-    apk --no-cache add wget lynx w3m && \
-    apk --no-cache add stress-ng
+#
+# go-setup: install Go and Go tools
+#
 
-# install staticcheck
+FROM alpine-base AS go-setup
+LABEL AS=go-setup
+USER root
 
-RUN GOROOT=/usr/lib/go GOPATH=$HOME/go \
-    go install honnef.co/go/tools/cmd/[email protected] && \
-    cp $HOME/go/bin/staticcheck /usr/bin/
+ARG GO_VERSION=1.22.0
+ENV GOPATH=/go
+ENV GOROOT=/usr/local/go
+ENV GOTOOLCHAIN="auto"
+ENV PATH=${GOPATH}/bin:${GOROOT}/bin:$PATH
 
-# install goimports-reviser
+# install Go
+RUN curl -L -o go${GO_VERSION}.linux-${TARGETARCH}.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz && \
+    tar -C /usr/local -xzf go${GO_VERSION}.linux-${TARGETARCH}.tar.gz && \
+    rm go${GO_VERSION}.linux-${TARGETARCH}.tar.gz
 
-RUN GOROOT=/usr/lib/go GOPATH=$HOME/go \
+# install Go tools
+RUN go install honnef.co/go/tools/cmd/[email protected] && \
     go install github.com/incu6us/goimports-reviser/v3@latest && \
-    cp $HOME/go/bin/goimports-reviser /usr/bin/
-
-# install revive
-
-RUN GOROOT=/usr/lib/go GOPATH=$HOME/go \
     go install github.com/mgechev/revive@e33fb87 && \
-    cp $HOME/go/bin/revive /usr/bin/
+    go install github.com/kisielk/errcheck@latest
 
-# install errcheck
+#
+# user-setup: configure user environment and permissions
+#
 
-RUN GOROOT=/usr/lib/go GOPATH=$HOME/go \
-    go install github.com/kisielk/errcheck@latest && \
-    cp $HOME/go/bin/errcheck /usr/bin/
+FROM go-setup AS user-setup
+LABEL AS=user-setup
+USER root
 
 # allow TRACEE* and LIBBPFGO* environment variables through sudo
+ARG uid=1000
+ARG gid=1000
 
 RUN echo "Defaults env_keep += \"LANG LC_* HOME EDITOR PAGER GIT_PAGER MAN_PAGER\"" > /etc/sudoers && \
     echo "Defaults env_keep += \"LIBBPFGO* TRACEE*\"" >> /etc/sudoers && \
@@ -107,7 +94,6 @@ RUN echo "Defaults env_keep += \"LANG LC_* HOME EDITOR PAGER GIT_PAGER MAN_PAGER
     chmod 0440 /etc/sudoers
 
 # prepare tracee user to be $UID:$GID host equivalent
-
 RUN export uid=$uid gid=$gid && \
     mkdir -p /home/tracee && \
     echo "tracee:x:${uid}:${gid}:Tracee,,,:/home/tracee:/bin/bash" >> /etc/passwd && \
@@ -119,6 +105,14 @@ RUN export uid=$uid gid=$gid && \
     echo "set -o vi" >> /home/tracee/.bashrc && \
     ln -s /home/tracee/.bashrc /home/tracee/.profile
 
+# adjust permissions
+RUN chown -R tracee:tracee ${GOPATH}
+
+#
+# tracee-env: last stage for tracee building environment
+#
+
+FROM user-setup AS tracee-env
 USER tracee
 ENV HOME=/home/tracee
 WORKDIR /tracee