openvmm-deps/Dockerfile at main · microsoft/openvmm-deps · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# syntax=docker/dockerfile:1

ARG HOST_IMAGE=mcr.microsoft.com/azurelinux/base/core:3.0
ARG TARGET_IMAGE=mcr.microsoft.com/azurelinux/base/core:3.0

# Build the musl toolchain
FROM --platform=$BUILDPLATFORM $HOST_IMAGE AS cross-builder
COPY /cross/deps.sh /cross/
RUN /cross/deps.sh
# Download sources. build.sh can do this for us, but then they won't be cached.
# Plus, this allows us to validate a SHA256 checksum instead of just SHA1.
ADD --checksum=sha256:ab66fc2d1c3ec0359b8e08843c9f33b63e8707efdff5e4cc5c200eae24722cbf --link https://ftpmirror.gnu.org/gnu/binutils/binutils-2.33.1.tar.xz sources/
ADD --checksum=sha256:75d5d255a2a273b6e651f82eecfabf6cbcd8eaeae70e86b417384c8f4a58d8d3 --link https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=3d5db9ebe860 /sources/config.sub
ADD --checksum=sha256:a6e21868ead545cf87f0c01f84276e4b5281d672098591c1c896241f09363478 --link https://ftpmirror.gnu.org/gnu/gcc/gcc-11.5.0/gcc-11.5.0.tar.xz /sources/
ADD --checksum=sha256:5275bb04f4863a13516b2f39392ac5e272f5e1bb8057b18aec1c9b79d73d8fb2 --link https://ftpmirror.gnu.org/gnu/gmp/gmp-6.1.2.tar.bz2 /sources/
ADD --checksum=sha256:dc7abf734487553644258a3822cfd429d74656749e309f2b25f09f4282e05588 --link https://ftp.barfooze.de/pub/sabotage/tarballs/linux-headers-4.19.88-2.tar.xz /sources/
ADD --checksum=sha256:6985c538143c1208dcb1ac42cedad6ff52e267b47e5f970183a3e75125b43c2e --link https://ftpmirror.gnu.org/gnu/mpc/mpc-1.1.0.tar.gz /sources/
ADD --checksum=sha256:c05e3f02d09e0e9019384cdd58e0f19c64e6db1fd6f5ecf77b4b1c61ca253acc --link https://ftpmirror.gnu.org/gnu/mpfr/mpfr-4.0.2.tar.bz2 /sources/
ADD --checksum=sha256:a9a118bbe84d8764da0ea0d28b3ab3fae8477fc7e4085d90102b8596fc7c75e4 --link https://musl.libc.org/releases/musl-1.2.5.tar.gz /sources/
# musl-cross-make build system (~v0.9.10)
ADD --link https://github.com/richfelker/musl-cross-make.git#6f3701d08137496d5aac479e3a3977b5ae993c1f /cross/musl-cross-make/
COPY --link /cross /cross
ARG TARGETARCH
ENV TARGETARCH=$TARGETARCH
RUN --network=none /cross/build.sh

# Build the image for installing Mariner packages.
FROM $TARGET_IMAGE AS target-builder
ARG TARGETARCH
ENV TARGETARCH=$TARGETARCH
ENV BUILD_BASE=1
COPY --link pkg /pkg
COPY --link sysroots /sysroots

# Build the image for compiling packages from source.
FROM --platform=$BUILDPLATFORM $HOST_IMAGE AS package-builder
COPY pkg/Tools/deps.sh /pkg/Tools/
RUN /pkg/Tools/deps.sh
COPY --link pkg /pkg
COPY --link sysroots /sysroots
ENV PATH="${PATH}:/opt/cross/bin"
ENV SYSROOT="/sysroot"
ARG TARGETARCH
ENV TARGETARCH=$TARGETARCH
COPY --from=cross-builder --link /opt/cross /opt/cross

# Build base image for dbgrd.
FROM target-builder AS base-dbgrd
RUN /pkg/Tools/build.sh sysroots/dbgrd
# Build dbgrd.
FROM --platform=$BUILDPLATFORM package-builder AS build-dbgrd
COPY --from=base-dbgrd --link /sysroot /sysroot
RUN BUILD_CPIO=1 /pkg/Tools/build.sh sysroots/dbgrd
FROM scratch AS result-dbgrd
COPY --from=build-dbgrd --link /out/sysroot.cpio.gz /dbgrd.cpio.gz

# Build base image for shell.
FROM target-builder AS base-shell
RUN /pkg/Tools/build.sh sysroots/shell
# Build shell.
FROM --platform=$BUILDPLATFORM package-builder AS build-shell
COPY --from=base-shell --link /sysroot /sysroot
RUN BUILD_CPIO=1 /pkg/Tools/build.sh sysroots/shell
FROM scratch AS result-shell
COPY --from=build-shell --link /out/sysroot.cpio.gz /shell.cpio.gz

# Source repositories -- pinned by commit hash.
# linux v6.1.74 (linux-6.1.y)
FROM scratch AS src-linux
ADD --link https://github.com/gregkh/linux.git#8fd7f44624538675abadc73f5a44e95016964d22 /
# llvm-project (release/17.x) -- used by libunwind and sdk
FROM scratch AS src-llvm
ADD --link https://github.com/llvm/llvm-project.git#6009708b4367171ccdbf4b5905cb6a803753fe18 /
# openssl (~3.2.0-dev)
FROM scratch AS src-openssl
ADD --link https://github.com/openssl/openssl.git#27315a978e280a20c7f3ea0bfe05f6c186137625 /
# symcrypt (v103.11.0)
# SymCrypt requires git metadata during its build
FROM scratch AS src-symcrypt
ADD --keep-git-dir=true --link https://github.com/microsoft/symcrypt.git#748c20f1fc486beca1a2679ed06492712cfdc950 /

# Build the sdk.
#
# Note that this pulls from the cross compiler and doesn't use the target
# builder.
FROM --platform=$BUILDPLATFORM package-builder AS build-sdk
RUN ln -s /opt/cross/*-linux-musl /sysroot
RUN --mount=type=bind,from=src-llvm,source=/,target=/pkg/libunwind/src \
    --mount=type=bind,from=src-openssl,source=/,target=/pkg/openssl3/src,rw \
    --mount=type=bind,from=src-symcrypt,source=/,target=/pkg/symcrypt/src,rw \
    /pkg/Tools/build.sh sysroots/sdk
FROM scratch AS result-sdk
COPY --from=build-sdk --link /out/sysroot.tar.gz /sysroot.tar.gz

# Build base image for initrd.
FROM target-builder AS base-initrd
RUN /pkg/Tools/build.sh sysroots/initrd
# Build the Linux initrd.
FROM --platform=$BUILDPLATFORM package-builder AS build-initrd
COPY --from=base-initrd --link /sysroot /sysroot
RUN BUILD_CPIO=1 /pkg/Tools/build.sh sysroots/initrd
FROM scratch AS result-initrd
COPY --from=build-initrd --link /out/sysroot.cpio.gz /initrd

# Build the Linux test package.
FROM --platform=$BUILDPLATFORM package-builder AS build-linux
RUN --mount=type=bind,from=src-linux,source=/,target=/pkg/linux/src \
    /pkg/Tools/build.sh sysroots/linux
FROM scratch AS result-linux
COPY --from=build-linux --link /sysroot/boot /
COPY --from=result-initrd --link / /

FROM --platform=$BUILDPLATFORM package-builder AS result-libunwind
RUN --mount=type=bind,from=src-llvm,source=/,target=/pkg/libunwind/src \
    /pkg/Tools/build.sh pkg/libunwind
RUN find /sysroot

# Build base image for petritools.
FROM target-builder AS base-petritools
RUN /pkg/Tools/build.sh sysroots/petritools
# Build petritools as EROFS image.
FROM --platform=$BUILDPLATFORM package-builder AS build-petritools
COPY --from=base-petritools --link /sysroot /sysroot
RUN BUILD_EROFS=1 /pkg/Tools/build.sh sysroots/petritools
FROM scratch AS result-petritools
COPY --from=build-petritools --link /out/sysroot.erofs /petritools.erofs

# Build the output.
FROM scratch AS output
COPY --from=result-dbgrd --link / /
COPY --from=result-shell --link / /
COPY --from=result-sdk --link / /
COPY --from=result-linux --link / /
COPY --from=result-petritools --link / /