deterministic docker support

lrvick · lrvick · commit fc6eeb6bd75e · 2024-01-15T22:16:40.000-08:00
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,2 @@
+*
+!target
diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,24 @@
-FROM local/stage0 as stage0
-
-FROM debian as fetch
-RUN apt update && apt install -y curl gcc
-ADD . live-bootstrap
-WORKDIR live-bootstrap
-RUN ./download-distfiles.sh
-RUN mv target/ /rootfs/
-
 FROM scratch as build
-COPY --from=fetch /rootfs .
-ENV PATH=/bin
+ADD target/ /
 RUN ["/bootstrap-seeds/POSIX/x86/kaem-optional-seed"]
+
+FROM build as install
+ENV PATH=/bin:/usr/sbin:/usr/bin
+RUN set -eux; \
+    rm -rf /usr/lib/python*/__pycache__; \
+    mkdir -p /rootfs/etc /rootfs/home/user; \
+    cp -R $(ls -d /etc/* | grep -v '\(resolv.conf\|hosts\)') /rootfs/etc/; \
+    cp -R lib usr bin var /rootfs/; \
+    echo "user:x:1000:" > /rootfs/etc/group; \
+    echo "user:x:1000:1000::/home/user:/bin/bash" > /rootfs/etc/passwd; \
+    find /rootfs -exec touch -hcd "@0" "{}" +
+
+FROM scratch as package
+COPY --from=install /rootfs /
+USER 1000:1000
+ENTRYPOINT ["/bin/bash"]
+ENV TZ=UTC
+ENV LANG=C.UTF-8
+ENV SOURCE_DATE_EPOCH=1
+ENV KCONFIG_NOTIMESTAMP=1
+ENV PS1="bootstrap$ "
diff --git a/rootfs.py b/rootfs.py
@@ -157,6 +157,9 @@ def check_types():
     else:
         args.target_size = 0
 
+    if args.docker:
+        args.external_sources = True
+
     # Swap file size validation
     if args.qemu or args.bare_metal:
         args.swap = (int(str(args.swap).rstrip('gGmM')) *
@@ -209,9 +212,13 @@ def bootstrap(args, generator, target, size):
         arch = stage0_arch_map.get(args.arch, args.arch)
         init = os.path.join(os.sep, 'bootstrap-seeds', 'POSIX', arch, 'kaem-optional-seed')
         print(generator.target_dir, init)
-        run('env', '-i', 'DOCKER_BUILDKIT=1', 'docker', 'build',
+        run('env', '-i', 'DOCKER_BUILDKIT=1', 'SOURCE_DATE_EPOCH=1',
+                                                 'docker', 'build',
+                                                 '--build-arg=SOURCE_DATE_EPOCH=1',
                                                  '--progress=plain',
-                                                 '-t', 'local/live',
+                                                 '--platform=linux/amd64',
+                                                 '--target=package',
+                                                 '-t', 'local/live-bootstrap',
                                                  '.')
 
     elif args.bwrap:
