forked from tianon/gosu
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
46 lines (37 loc) · 1.52 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
FROM golang:1.23.0-bookworm
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
arch-test \
file \
; \
rm -rf /var/lib/apt/lists/*
# note: we cannot add "-s" here because then "govulncheck" does not work (see SECURITY.md); the ~0.2MiB increase (as of 2022-12-16, Go 1.18) is worth it
ENV BUILD_FLAGS="-v -trimpath -ldflags '-d -w'"
RUN set -eux; \
{ \
echo '#!/usr/bin/env bash'; \
echo 'set -Eeuo pipefail -x'; \
echo 'eval "go build $BUILD_FLAGS -o /go/bin/gosu-$ARCH"'; \
echo 'file "/go/bin/gosu-$ARCH"'; \
echo 'if arch-test "$ARCH"; then'; \
# there's a fun QEMU + Go 1.18+ bug that causes our binaries (especially on ARM arches) to hang indefinitely *sometimes*, hence the "timeout" and looping here
echo ' try() { for (( i = 0; i < 30; i++ )); do if timeout 1s "$@"; then return 0; fi; done; return 1; }'; \
echo ' try "/go/bin/gosu-$ARCH" --version'; \
echo ' try "/go/bin/gosu-$ARCH" nobody id'; \
echo ' try "/go/bin/gosu-$ARCH" nobody ls -l /proc/self/fd'; \
echo 'fi'; \
} > /usr/local/bin/gosu-build-and-test.sh; \
chmod +x /usr/local/bin/gosu-build-and-test.sh
# disable CGO for ALL THE THINGS (to help ensure no libc)
ENV CGO_ENABLED 0
WORKDIR /go/src/github.com/tianon/gosu
COPY go.mod go.sum ./
RUN set -eux; \
go mod download; \
go mod verify
COPY *.go ./
# gosu-$(dpkg --print-architecture)
RUN ARCH=amd64 GOARCH=amd64 gosu-build-and-test.sh
RUN ARCH=arm64 GOARCH=arm64 gosu-build-and-test.sh
RUN set -eux; ls -lAFh /go/bin/gosu-*; file /go/bin/gosu-*