diff --git a/distroless/base/22.03-lts/Dockerfile b/distroless/base/22.03-lts/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..12a05e272b4af30a790879800e3128541b9b2b4f --- /dev/null +++ b/distroless/base/22.03-lts/Dockerfile @@ -0,0 +1,25 @@ +FROM openeuler/openeuler:22.03-lts AS builder + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=22.03-LTS +ARG BUILD_ROOT=/var/tmp/containers/distroless/openEuler-docker-rootfs + +COPY build.sh /tmp/ + +RUN set -eux; \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi; \ + yum -y install wget xz; \ + bash -x /tmp/build.sh $VERSION $BUILDARCH $BUILD_ROOT + +FROM scratch + +COPY --from=builder /var/tmp/containers/distroless/openEuler-docker-rootfs/ / +COPY --from=builder /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem +COPY --from=builder /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt + +CMD ["bash"] diff --git a/distroless/base/22.03-lts/build.sh b/distroless/base/22.03-lts/build.sh new file mode 100644 index 0000000000000000000000000000000000000000..2e934d2ecca6fc9adffd4d336ed52fe45c6c512e --- /dev/null +++ b/distroless/base/22.03-lts/build.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +current_dir=$(realpath "$(dirname "$0")") +repo_array=("20.03-LTS" "20.03-LTS-SP1" "20.03-LTS-SP2" "20.03-LTS-SP3" "20.03-LTS-SP4" "20.09" "21.03" "21.09" "22.03-LTS" "22.03-LTS-SP1" "22.03-LTS-SP2" "22.03-LTS-SP3" "22.09" "23.03" "23.09" "24.03-LTS") +if [ $# -ne 3 ] +then + echo Usage: base_image_build.sh version arch buildroot + exit 0 +else + # check if the repo version is valid + if [[ "${repo_array[@]}" =~ $1 ]]; then + version=$1 + else + echo invalid repo version in openEuler + exit 0 + fi + # check if the arch is valid + if [ $2 != "x86_64" ] && [ $2 != "aarch64" ]; then + echo Support arch: x86_64 and aarch64 + exit 0 + else + arch=$2 + fi + buildroot=$3 +fi + +# set repo here +rpmrepo=https://repo.huaweicloud.com/openeuler/openEuler-${version}/everything/${arch}/Packages/ + +# download necessary rpm package +wget -q -r -l1 -nd -A 'filesystem-[0-9]*.rpm' "${rpmrepo}" &> /dev/null +wget -q -r -l1 -nd -A 'ca-certificates-[0-9]*.rpm' "${rpmrepo}" &> /dev/null +wget -q -r -l1 -nd -A 'glibc-[0-9]*.rpm' "${rpmrepo}" &> /dev/null + +# install glibc ca-certificates +rpm -ivh --nodeps --noscripts -r "${buildroot}" 'filesystem-[0-9]*.rpm' +rpm -ivh --nodeps --noscripts -r "${buildroot}" 'ca-certificates-[0-9]*.rpm' +rpm -ivh --nodeps --noscripts -r "${buildroot}" 'glibc-[0-9]*.rpm' + +# add nonroot user's home +mkdir "${buildroot}"/home/nonroot + +# add nonroot user in /etc/passwd +cat >> ${buildroot:?}/etc/passwd << EOF +nonroot:x:65532:65532:nonroot:/home/nonroot:/sbin/nologin +EOF + +# add nonroot entries in /etc/group +cat >> ${buildroot:?}/etc/group << EOF +nonroot:x:65532: +EOF + +# modify home directory permission, owner and owner group of nonroot +groupadd -g 65532 nonroot +useradd nonroot -u 65532 -g nonroot +chmod 700 "${buildroot}"/home/nonroot +chown -R nonroot:nonroot "${buildroot}"/home/nonroot +userdel -r nonroot + +# add os-release +cat > "${buildroot:?}"/etc/os-release << EOF +NAME="openEuler" +VERSION="${version}" +ID="openEuler"ls +VERSION_ID="${version:0:5}" +PRETTY_NAME="openEuler-distroless ${version} ${arch}" +ANSI_COLOR="0;31" +EOF + +# remove packages dependencies +[ -d "${buildroot:?}"/var/lib/dnf ] && rm -rf "${buildroot:?}"/var/lib/dnf/* +[ -d "${buildroot:?}"/var/lib/rpm ] && rm -rf "${buildroot:?}"/var/lib/rpm/* + +# remove boot +rm -rf "${buildroot:?}"/boot + +# only keep en_US locale +cd "${buildroot:?}"/usr/lib/locale;rm -rf $(ls | grep -v en_US | grep -vw C.utf8 ) +rm -rf "${buildroot:?}"/usr/share/locale/* + +# remove man pages and documentation +rm -rf "${buildroot:?}"/usr/share/{man,doc,info,mime} + +# remove ldconfig cache and log +rm -rf "${buildroot:?}"/etc/ld.so.cache +[ -d "${buildroot:?}"/var/cache/ldconfig ] && rm -rf "${buildroot:?}"/var/cache/ldconfig/* +[ -d "${buildroot:?}"/var/log ] && rm -rf "${buildroot:?}"/var/log/*.log + +# keep ca-certificates bep +rm -rf /etc/pki/ca-trust/extracted/java/cacerts /etc/pki/java/cacerts + +# remove rpm file installed +rm -vf $current_dir/*.rpm \ No newline at end of file diff --git a/distroless/meta.yml b/distroless/meta.yml new file mode 100644 index 0000000000000000000000000000000000000000..d85eb746282975a27a0c72b18f5df2a5f3bfd218 --- /dev/null +++ b/distroless/meta.yml @@ -0,0 +1,2 @@ +base-oe2203lts: + path: distroless/base/22.03-lts/Dockerfile \ No newline at end of file diff --git a/go/1.21.1/22.03-lts/Dockerfile b/go/1.21.1/22.03-lts/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..8c5f251d3f199095bad0967796ef301cfc69a1ea --- /dev/null +++ b/go/1.21.1/22.03-lts/Dockerfile @@ -0,0 +1,34 @@ +ARG BASE=openeuler/openeuler:22.03-lts +FROM ${BASE} + +ARG TARGETARCH +ARG LOCAL_PATH=/usr/local + +ENV GOPATH=/go +ENV GOTOOLCHAIN=local +ENV GOLANG_VERSION=1.21.1 +ENV GOROOT=$LOCAL_PATH/go +ENV PATH=$GOPATH/bin:$GOROOT/bin:$PATH + +RUN set -eux; \ + yum update -y && yum -y install g++ gcc glibc-devel make pkg-config findutils ca-certificates && yum clean all; \ + curl -fSL -o ${LOCAL_PATH}/go.tar.gz https://dl.google.com/go/go${GOLANG_VERSION}.linux-${TARGETARCH}.tar.gz; \ + tar -xvf ${LOCAL_PATH}/go.tar.gz -C ${LOCAL_PATH}; \ + rm -f ${LOCAL_PATH}/go.tar.gz + +RUN set -eux; \ + find ${GOROOT}/src -exec touch -r ${GOROOT}/VERSION "{}" \; && \ + touch ${GOROOT}/pkg; \ + find ${GOROOT}/pkg -exec touch -r ${GOROOT}/pkg "{}" \; && \ + mkdir -p ${GOROOT}/bin/linux_${TARGETARCH}; \ + ln -sf ${GOROOT}/bin/go ${GOROOT}/bin/linux_${TARGETARCH}/go; \ + ln -sf ${GOROOT}/bin/gofmt ${GOROOT}/bin/linux_${TARGETARCH}/gofmt + +RUN mkdir -p "$GOPATH/src" "$GOPATH/bin"; \ + chmod -R 1777 "$GOPATH"; \ + yum -y remove g++ gcc glibc-devel make pkg-config findutils; \ + yum clean all + +WORKDIR $GOPATH + +CMD ["go", "version"] \ No newline at end of file diff --git a/go/meta.yml b/go/meta.yml index 4821e4407638b0e806d73e9260ec37bc90d3ab53..4ebcf80d83e309a567f8fc2485db9a5d77f4fd35 100644 --- a/go/meta.yml +++ b/go/meta.yml @@ -1,5 +1,7 @@ 1.17.3-oe2203lts: path: go/1.17.3/22.03-lts/Dockerfile +1.21.1-oe2203lts: + path: go/1.21.1/22.03-lts/Dockerfile 1.21.1-oe2203sp3: path: go/1.21.1/22.03-lts-sp3/Dockerfile 1.22.5-oe2203sp4: