-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathDockerfile
127 lines (123 loc) · 3.59 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
FROM alpine:3.6
# gpg: key 64EA74AB: public key "Chet Ramey <chet@cwru.edu>" imported
ENV _BASH_GPG_KEY 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
# https://ftp.gnu.org/gnu/bash/?C=M;O=D
ENV _BASH_VERSION 3.0
ENV _BASH_PATCH_LEVEL 16
# https://ftp.gnu.org/gnu/bash/bash-3.1-patches/?C=M;O=D
ENV _BASH_LATEST_PATCH 22
# prefixed with "_" since "$BASH..." have meaning in Bash parlance
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
bison \
ca-certificates \
coreutils \
dpkg-dev dpkg \
gcc \
gnupg \
libc-dev \
make \
ncurses-dev \
openssl \
patch \
tar \
; \
\
version="$_BASH_VERSION"; \
if [ "$_BASH_PATCH_LEVEL" -gt 0 ]; then \
version="$version.$_BASH_PATCH_LEVEL"; \
fi; \
wget -O bash.tar.gz "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz"; \
wget -O bash.tar.gz.sig "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz.sig"; \
\
if [ "$_BASH_LATEST_PATCH" -gt "$_BASH_PATCH_LEVEL" ]; then \
mkdir -p bash-patches; \
first="$(printf '%03d' "$(( _BASH_PATCH_LEVEL + 1 ))")"; \
last="$(printf '%03d' "$_BASH_LATEST_PATCH")"; \
for patch in $(seq -w "$first" "$last"); do \
url="https://ftp.gnu.org/gnu/bash/bash-$_BASH_VERSION-patches/bash${_BASH_VERSION//./}-$patch"; \
wget -O "bash-patches/$patch" "$url"; \
wget -O "bash-patches/$patch.sig" "$url.sig"; \
done; \
fi; \
\
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$_BASH_GPG_KEY"; \
gpg --batch --verify bash.tar.gz.sig bash.tar.gz; \
rm bash.tar.gz.sig; \
if [ -d bash-patches ]; then \
for sig in bash-patches/*.sig; do \
p="${sig%.sig}"; \
gpg --batch --verify "$sig" "$p"; \
rm "$sig"; \
done; \
fi; \
rm -rf "$GNUPGHOME"; \
\
mkdir -p /usr/src/bash; \
tar \
--extract \
--file=bash.tar.gz \
--strip-components=1 \
--directory=/usr/src/bash \
; \
rm bash.tar.gz; \
\
if [ -d bash-patches ]; then \
for p in bash-patches/*; do \
patch \
--directory=/usr/src/bash \
--input="$(readlink -f "$p")" \
--strip=0 \
; \
rm "$p"; \
done; \
rmdir bash-patches; \
fi; \
\
cd /usr/src/bash; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
# update "config.guess" and "config.sub" to get more aggressively inclusive architecture support
for f in config.guess config.sub; do \
wget -O "support/$f" "https://git.savannah.gnu.org/cgit/config.git/plain/$f?id=7d3d27baf8107b630586c962c057e22149653deb"; \
done; \
./configure \
--build="$gnuArch" \
--enable-readline \
--with-curses \
# musl does not implement brk/sbrk (they simply return -ENOMEM)
# bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
--without-bash-malloc \
|| { \
cat >&2 config.log; \
false; \
}; \
# parallel jobs workaround borrowed from Alpine :)
make y.tab.c; make builtins/libbuiltins.a; \
make -j "$(nproc)"; \
make install; \
cd /; \
rm -r /usr/src/bash; \
\
# delete a few installed bits for smaller image size
rm -r \
/usr/local/share/locale \
; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --no-cache --virtual .bash-rundeps $runDeps; \
apk del .build-deps; \
\
[ "$(which bash)" = '/usr/local/bin/bash' ]; \
bash --version; \
# for some reason, 3.0.xx manifests as 3.00.xx (hence the extra "0" added in the following check)
[ "$(bash -c 'echo "${BASH_VERSION%%[^0-9.]*}"')" = "${_BASH_VERSION}0.$_BASH_LATEST_PATCH" ];
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["bash"]