-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
59 lines (54 loc) · 1.83 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
FROM alpine:3 as builder
RUN set -eux; \
apk add --no-cache \
curl \
file \
;
COPY map-TARGETPLATFORM.sh /bin/map-TARGETPLATFORM
ARG TARGETPLATFORM
RUN set -eux; \
TOYBOXARCH=$(map-TARGETPLATFORM); \
curl -sSLO --tlsv1.3 --remote-time \
"https://landley.net/toybox/bin/toybox-${TOYBOXARCH}"; \
file "toybox-${TOYBOXARCH}" | grep -E 'ELF.+executable.+stripped'; \
mv "toybox-${TOYBOXARCH}" /bin/toybox; \
chmod +x /bin/toybox;
RUN set -eux; \
# setup some directories under /build for the next step
for d in etc bin sbin usr/bin usr/sbin; do mkdir -p "/build/${d}"; done; \
# install all the symlinks toybox wants and toybox itself, both under /build
for target in $(/bin/toybox --long); do \
ln -s /bin/toybox "/build/${target}"; \
done; \
cp -p /bin/toybox /build/bin/; \
# create a nonroot user account and install its /home directory to /build
adduser -s /bin/sh -S -D nonroot; \
cp -pR /home /root /build/; \
# copy some useful resource from /etc to /build/
cp -pR \
#/etc/ca-certificates.conf \
#/etc/ca-certificates/ \
#/etc/ssl/ \
#/etc/ssl*.*/ \
/etc/passwd \
/etc/shadow \
/etc/group \
/etc/profile \
/etc/profile.d \
/build/etc/ \
; \
# fix entries in the password file so they use what toybox provides
sed -i 's#/sbin/nologin#/bin/false#; s#/bin/ash#/bin/sh#' /build/etc/passwd; \
# create an /etc/os-release file
TOYBOX_VERSION=$(toybox --version); \
printf '%s\n' \
"NAME=\"toybox ${TOYBOX_VERSION##* }\"" \
'ID=toybox' \
"VERSION_ID=${TOYBOX_VERSION##* }" \
"PRETTY_NAME=\"toybox ${TOYBOX_VERSION##* } $(map-TARGETPLATFORM)\"" \
'HOME_URL="https://landley.net/toybox"' \
'BUG_REPORT_URL="https://github.com/landley/toybox/issues"' \
| tee /build/etc/os-release;
FROM scratch
COPY --from=builder /build/. /.
CMD ["/bin/sh"]