base/Containerfile at main · daemonless/base · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# --------------------------------------------------------------------------
# THIS FILE IS AUTOGENERATED - DO NOT EDIT MANUALLY
#
# Source: Containerfile.j2
# --------------------------------------------------------------------------

ARG BASE_VERSION=15-pkg

# Builder: on amd64, compile s6 from ports with a FreeBSD-14 compat symver patch.
# The FreeBSD 15 pkg for s6 links setgroups() against libsys syscall 596
# (freebsd15_setgroups), which does not exist on FreeBSD 14. Injecting .symver
# via CFLAGS forces setgroups@FBSD_1.0 (syscall 80) so the binaries work on
# FreeBSD 14+15. On aarch64 we skip the compile entirely and use the stock pkg
# in the final stage (see below).
FROM ghcr.io/daemonless/base-core:${BASE_VERSION} AS s6-builder

ARG FREEBSD_ARCH=amd64

COPY patches/fbsd14_compat.h /tmp/fbsd14_compat.h

# amd64 only: build skalibs -> execline -> s6 from ports (dependency order) with
# the compat patch, then `pkg create` them for the final stage. Any other arch
# leaves /tmp/packages empty and the final stage installs the stock s6 pkg.
RUN if [ "${FREEBSD_ARCH}" != "amd64" ]; then mkdir -p /tmp/packages; exit 0; fi; \
    pkg update && pkg install -y \
        FreeBSD-clang FreeBSD-clibs-dev FreeBSD-toolchain FreeBSD-bmake gmake && \
    pkg clean -ay && rm -rf /var/cache/pkg/* /var/db/pkg/repos/* && \
    fetch -qo /tmp/ports.tar.zst \
        "https://download.freebsd.org/ports/ports/ports.tar.zst" && \
    mkdir -p /usr/ports && \
    tar -xf /tmp/ports.tar.zst -C /usr/ports --strip-components=1 \
        ports/devel/skalibs \
        ports/lang/execline \
        ports/sysutils/s6 \
        ports/Mk ports/Templates ports/Keywords && \
    rm /tmp/ports.tar.zst && \
    echo 'CFLAGS+=-include /tmp/fbsd14_compat.h' >> /etc/make.conf && \
    mkdir -p /tmp/packages && \
    make -C /usr/ports/devel/skalibs BATCH=yes USE_PACKAGE_DEPENDS_ONLY=yes install clean && \
    pkg create -o /tmp/packages skalibs && \
    make -C /usr/ports/lang/execline BATCH=yes USE_PACKAGE_DEPENDS_ONLY=yes install clean && \
    pkg create -o /tmp/packages execline && \
    make -C /usr/ports/sysutils/s6   BATCH=yes USE_PACKAGE_DEPENDS_ONLY=yes install clean && \
    pkg create -o /tmp/packages s6 && \
    rm -rf /usr/ports

# Production image
FROM ghcr.io/daemonless/base-core:${BASE_VERSION}

ARG PACKAGES="s6"
ARG VERSION=""
ARG FREEBSD_ARCH=amd64

LABEL org.opencontainers.image.title="FreeBSD Base" \
    org.opencontainers.image.description="FreeBSD base image with s6 supervision" \
    org.opencontainers.image.source="https://github.com/daemonless/base" \
    org.opencontainers.image.url="https://github.com/daemonless/base" \
    org.opencontainers.image.licenses="" \
    org.opencontainers.image.vendor="daemonless" \
    org.opencontainers.image.authors="daemonless" \
    io.daemonless.type="base" \
    io.daemonless.category="Base" \
    io.daemonless.packages="${PACKAGES}"

COPY root/ /

# amd64: install the compat-patched s6 built in the builder stage.
# aarch64 (and any non-amd64): install the stock s6 pkg (no recompile).
COPY --from=s6-builder /tmp/packages/ /tmp/packages/
RUN if [ "${FREEBSD_ARCH}" = "amd64" ]; then \
        pkg add /tmp/packages/skalibs-*.pkg && \
        pkg add /tmp/packages/execline-*.pkg && \
        pkg add /tmp/packages/s6-*.pkg; \
    else \
        pkg update && pkg install -y s6 && \
        pkg clean -ay && rm -rf /var/cache/pkg/* /var/db/pkg/repos/*; \
    fi && \
    rm -rf /tmp/packages

RUN mkdir -p /etc/cont-init.d \
    /etc/services.d \
    /custom-cont-init.d \
    /custom-services.d \
    /run/s6/services

RUN chmod +x /init /healthz /etc/cont-init.d/* 2>/dev/null || true

ENTRYPOINT ["/init"]