BackTrackZ/container-golang
BackTrackZ/container-golang
1
0
Fork 0
mirror of https://github.com/docker-library/golang.git synced 2025-02-06 14:09:39 +00:00
Code

Merge pull request #521 from infosiftr/copy-link-redux

Browse Source 
Work around `COPY --link` limitations by pre-creating full filesystem tree
This commit is contained in:
Tianon Gravi 2024-06-13 15:43:06 -07:00 committed by GitHub
commit 1a33f8b8a3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 144 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
1.21/alpine3.19/Dockerfile generated
View File

@ -11,6 +11,7 @@ ENV PATH /usr/local/go/bin:$PATH
ENV GOLANG_VERSION 1.21.11 ENV GOLANG_VERSION 1.21.11
RUN set -eux; \ RUN set -eux; \
now="$(date '+%s')"; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
ca-certificates \ ca-certificates \
gnupg \ gnupg \
@ -75,8 +76,11 @@ RUN set -eux; \
# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) # save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
export SOURCE_DATE_EPOCH; \ export SOURCE_DATE_EPOCH; \
touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
# for logging validation/edification # for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
# sanity check (detected value should be older than our wall clock)
[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
\ \
if [ "$arch" = 'armv7' ]; then \ if [ "$arch" = 'armv7' ]; then \
[ -s /usr/local/go/go.env ]; \ [ -s /usr/local/go/go.env ]; \
@ -88,17 +92,23 @@ RUN set -eux; \
} >> /usr/local/go/go.env; \ } >> /usr/local/go/go.env; \
after="$(go env GOARM)"; [ "$after" = '7' ]; \ after="$(go env GOARM)"; [ "$after" = '7' ]; \
# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) # (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
touch -t "$date" /usr/local/go/go.env /usr/local/go; \
fi; \ fi; \
\ \
# ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
mkdir /target /target/usr /target/usr/local; \
mv -vT /usr/local/go /target/usr/local/go; \
ln -svfT /target/usr/local/go /usr/local/go; \
touch -t "$touchy" /target/usr/local /target/usr /target; \
\
apk del --no-network .fetch-deps; \ apk del --no-network .fetch-deps; \
\ \
# smoke test # smoke test
go version; \ go version; \
# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) # make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
epoch="$(stat -c '%Y' /usr/local/go)"; \ epoch="$(stat -c '%Y' /target/usr/local/go)"; \
[ "$SOURCE_DATE_EPOCH" = "$epoch" ] [ "$SOURCE_DATE_EPOCH" = "$epoch" ]; \
find /target -newer /target/usr/local/go -exec sh -c 'ls -ld "$@" && exit "$#"' -- '{}' +
FROM alpine:3.19 FROM alpine:3.19
@ -112,6 +122,7 @@ ENV GOTOOLCHAIN=local
ENV GOPATH /go ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=build --link /usr/local/go/ /usr/local/go/ # (see notes above about "COPY --link")
COPY --from=build --link /target/ /
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH WORKDIR $GOPATH

21
1.21/alpine3.20/Dockerfile generated
View File

@ -11,6 +11,7 @@ ENV PATH /usr/local/go/bin:$PATH
ENV GOLANG_VERSION 1.21.11 ENV GOLANG_VERSION 1.21.11
RUN set -eux; \ RUN set -eux; \
now="$(date '+%s')"; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
ca-certificates \ ca-certificates \
gnupg \ gnupg \
@ -75,8 +76,11 @@ RUN set -eux; \
# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) # save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
export SOURCE_DATE_EPOCH; \ export SOURCE_DATE_EPOCH; \
touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
# for logging validation/edification # for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
# sanity check (detected value should be older than our wall clock)
[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
\ \
if [ "$arch" = 'armv7' ]; then \ if [ "$arch" = 'armv7' ]; then \
[ -s /usr/local/go/go.env ]; \ [ -s /usr/local/go/go.env ]; \
@ -88,17 +92,23 @@ RUN set -eux; \
} >> /usr/local/go/go.env; \ } >> /usr/local/go/go.env; \
after="$(go env GOARM)"; [ "$after" = '7' ]; \ after="$(go env GOARM)"; [ "$after" = '7' ]; \
# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) # (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
touch -t "$date" /usr/local/go/go.env /usr/local/go; \
fi; \ fi; \
\ \
# ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
mkdir /target /target/usr /target/usr/local; \
mv -vT /usr/local/go /target/usr/local/go; \
ln -svfT /target/usr/local/go /usr/local/go; \
touch -t "$touchy" /target/usr/local /target/usr /target; \
\
apk del --no-network .fetch-deps; \ apk del --no-network .fetch-deps; \
\ \
# smoke test # smoke test
go version; \ go version; \
# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) # make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
epoch="$(stat -c '%Y' /usr/local/go)"; \ epoch="$(stat -c '%Y' /target/usr/local/go)"; \
[ "$SOURCE_DATE_EPOCH" = "$epoch" ] [ "$SOURCE_DATE_EPOCH" = "$epoch" ]; \
find /target -newer /target/usr/local/go -exec sh -c 'ls -ld "$@" && exit "$#"' -- '{}' +
FROM alpine:3.20 FROM alpine:3.20
@ -112,6 +122,7 @@ ENV GOTOOLCHAIN=local
ENV GOPATH /go ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=build --link /usr/local/go/ /usr/local/go/ # (see notes above about "COPY --link")
COPY --from=build --link /target/ /
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH WORKDIR $GOPATH

21
1.21/bookworm/Dockerfile generated
View File

@ -11,6 +11,7 @@ ENV PATH /usr/local/go/bin:$PATH
ENV GOLANG_VERSION 1.21.11 ENV GOLANG_VERSION 1.21.11
RUN set -eux; \ RUN set -eux; \
now="$(date '+%s')"; \
arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
url=; \ url=; \
case "$arch" in \ case "$arch" in \
@ -69,8 +70,11 @@ RUN set -eux; \
# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) # save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
export SOURCE_DATE_EPOCH; \ export SOURCE_DATE_EPOCH; \
touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
# for logging validation/edification # for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
# sanity check (detected value should be older than our wall clock)
[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
\ \
if [ "$arch" = 'armhf' ]; then \ if [ "$arch" = 'armhf' ]; then \
[ -s /usr/local/go/go.env ]; \ [ -s /usr/local/go/go.env ]; \
@ -82,15 +86,21 @@ RUN set -eux; \
} >> /usr/local/go/go.env; \ } >> /usr/local/go/go.env; \
after="$(go env GOARM)"; [ "$after" = '7' ]; \ after="$(go env GOARM)"; [ "$after" = '7' ]; \
# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) # (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
touch -t "$date" /usr/local/go/go.env /usr/local/go; \
fi; \ fi; \
\ \
# ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
mkdir /target /target/usr /target/usr/local; \
mv -vT /usr/local/go /target/usr/local/go; \
ln -svfT /target/usr/local/go /usr/local/go; \
touch -t "$touchy" /target/usr/local /target/usr /target; \
\
# smoke test # smoke test
go version; \ go version; \
# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) # make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
epoch="$(stat -c '%Y' /usr/local/go)"; \ epoch="$(stat -c '%Y' /target/usr/local/go)"; \
[ "$SOURCE_DATE_EPOCH" = "$epoch" ] [ "$SOURCE_DATE_EPOCH" = "$epoch" ]; \
find /target -newer /target/usr/local/go -exec sh -c 'ls -ld "$@" && exit "$#"' -- '{}' +
FROM buildpack-deps:bookworm-scm FROM buildpack-deps:bookworm-scm
@ -114,6 +124,7 @@ ENV GOTOOLCHAIN=local
ENV GOPATH /go ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=build --link /usr/local/go/ /usr/local/go/ # (see notes above about "COPY --link")
COPY --from=build --link /target/ /
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH WORKDIR $GOPATH

21
1.21/bullseye/Dockerfile generated
View File

@ -11,6 +11,7 @@ ENV PATH /usr/local/go/bin:$PATH
ENV GOLANG_VERSION 1.21.11 ENV GOLANG_VERSION 1.21.11
RUN set -eux; \ RUN set -eux; \
now="$(date '+%s')"; \
arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
url=; \ url=; \
case "$arch" in \ case "$arch" in \
@ -69,8 +70,11 @@ RUN set -eux; \
# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) # save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
export SOURCE_DATE_EPOCH; \ export SOURCE_DATE_EPOCH; \
touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
# for logging validation/edification # for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
# sanity check (detected value should be older than our wall clock)
[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
\ \
if [ "$arch" = 'armhf' ]; then \ if [ "$arch" = 'armhf' ]; then \
[ -s /usr/local/go/go.env ]; \ [ -s /usr/local/go/go.env ]; \
@ -82,15 +86,21 @@ RUN set -eux; \
} >> /usr/local/go/go.env; \ } >> /usr/local/go/go.env; \
after="$(go env GOARM)"; [ "$after" = '7' ]; \ after="$(go env GOARM)"; [ "$after" = '7' ]; \
# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) # (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
touch -t "$date" /usr/local/go/go.env /usr/local/go; \
fi; \ fi; \
\ \
# ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
mkdir /target /target/usr /target/usr/local; \
mv -vT /usr/local/go /target/usr/local/go; \
ln -svfT /target/usr/local/go /usr/local/go; \
touch -t "$touchy" /target/usr/local /target/usr /target; \
\
# smoke test # smoke test
go version; \ go version; \
# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) # make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
epoch="$(stat -c '%Y' /usr/local/go)"; \ epoch="$(stat -c '%Y' /target/usr/local/go)"; \
[ "$SOURCE_DATE_EPOCH" = "$epoch" ] [ "$SOURCE_DATE_EPOCH" = "$epoch" ]; \
find /target -newer /target/usr/local/go -exec sh -c 'ls -ld "$@" && exit "$#"' -- '{}' +
FROM buildpack-deps:bullseye-scm FROM buildpack-deps:bullseye-scm
@ -114,6 +124,7 @@ ENV GOTOOLCHAIN=local
ENV GOPATH /go ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=build --link /usr/local/go/ /usr/local/go/ # (see notes above about "COPY --link")
COPY --from=build --link /target/ /
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH WORKDIR $GOPATH

21
1.22/alpine3.19/Dockerfile generated
View File

@ -11,6 +11,7 @@ ENV PATH /usr/local/go/bin:$PATH
ENV GOLANG_VERSION 1.22.4 ENV GOLANG_VERSION 1.22.4
RUN set -eux; \ RUN set -eux; \
now="$(date '+%s')"; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
ca-certificates \ ca-certificates \
gnupg \ gnupg \
@ -75,8 +76,11 @@ RUN set -eux; \
# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) # save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
export SOURCE_DATE_EPOCH; \ export SOURCE_DATE_EPOCH; \
touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
# for logging validation/edification # for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
# sanity check (detected value should be older than our wall clock)
[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
\ \
if [ "$arch" = 'armv7' ]; then \ if [ "$arch" = 'armv7' ]; then \
[ -s /usr/local/go/go.env ]; \ [ -s /usr/local/go/go.env ]; \
@ -88,17 +92,23 @@ RUN set -eux; \
} >> /usr/local/go/go.env; \ } >> /usr/local/go/go.env; \
after="$(go env GOARM)"; [ "$after" = '7' ]; \ after="$(go env GOARM)"; [ "$after" = '7' ]; \
# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) # (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
touch -t "$date" /usr/local/go/go.env /usr/local/go; \
fi; \ fi; \
\ \
# ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
mkdir /target /target/usr /target/usr/local; \
mv -vT /usr/local/go /target/usr/local/go; \
ln -svfT /target/usr/local/go /usr/local/go; \
touch -t "$touchy" /target/usr/local /target/usr /target; \
\
apk del --no-network .fetch-deps; \ apk del --no-network .fetch-deps; \
\ \
# smoke test # smoke test
go version; \ go version; \
# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) # make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
epoch="$(stat -c '%Y' /usr/local/go)"; \ epoch="$(stat -c '%Y' /target/usr/local/go)"; \
[ "$SOURCE_DATE_EPOCH" = "$epoch" ] [ "$SOURCE_DATE_EPOCH" = "$epoch" ]; \
find /target -newer /target/usr/local/go -exec sh -c 'ls -ld "$@" && exit "$#"' -- '{}' +
FROM alpine:3.19 FROM alpine:3.19
@ -112,6 +122,7 @@ ENV GOTOOLCHAIN=local
ENV GOPATH /go ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=build --link /usr/local/go/ /usr/local/go/ # (see notes above about "COPY --link")
COPY --from=build --link /target/ /
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH WORKDIR $GOPATH

21
1.22/alpine3.20/Dockerfile generated
View File

@ -11,6 +11,7 @@ ENV PATH /usr/local/go/bin:$PATH
ENV GOLANG_VERSION 1.22.4 ENV GOLANG_VERSION 1.22.4
RUN set -eux; \ RUN set -eux; \
now="$(date '+%s')"; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
ca-certificates \ ca-certificates \
gnupg \ gnupg \
@ -75,8 +76,11 @@ RUN set -eux; \
# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) # save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
export SOURCE_DATE_EPOCH; \ export SOURCE_DATE_EPOCH; \
touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
# for logging validation/edification # for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
# sanity check (detected value should be older than our wall clock)
[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
\ \
if [ "$arch" = 'armv7' ]; then \ if [ "$arch" = 'armv7' ]; then \
[ -s /usr/local/go/go.env ]; \ [ -s /usr/local/go/go.env ]; \
@ -88,17 +92,23 @@ RUN set -eux; \
} >> /usr/local/go/go.env; \ } >> /usr/local/go/go.env; \
after="$(go env GOARM)"; [ "$after" = '7' ]; \ after="$(go env GOARM)"; [ "$after" = '7' ]; \
# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) # (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
touch -t "$date" /usr/local/go/go.env /usr/local/go; \
fi; \ fi; \
\ \
# ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
mkdir /target /target/usr /target/usr/local; \
mv -vT /usr/local/go /target/usr/local/go; \
ln -svfT /target/usr/local/go /usr/local/go; \
touch -t "$touchy" /target/usr/local /target/usr /target; \
\
apk del --no-network .fetch-deps; \ apk del --no-network .fetch-deps; \
\ \
# smoke test # smoke test
go version; \ go version; \
# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) # make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
epoch="$(stat -c '%Y' /usr/local/go)"; \ epoch="$(stat -c '%Y' /target/usr/local/go)"; \
[ "$SOURCE_DATE_EPOCH" = "$epoch" ] [ "$SOURCE_DATE_EPOCH" = "$epoch" ]; \
find /target -newer /target/usr/local/go -exec sh -c 'ls -ld "$@" && exit "$#"' -- '{}' +
FROM alpine:3.20 FROM alpine:3.20
@ -112,6 +122,7 @@ ENV GOTOOLCHAIN=local
ENV GOPATH /go ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=build --link /usr/local/go/ /usr/local/go/ # (see notes above about "COPY --link")
COPY --from=build --link /target/ /
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH WORKDIR $GOPATH

21
1.22/bookworm/Dockerfile generated
View File

@ -11,6 +11,7 @@ ENV PATH /usr/local/go/bin:$PATH
ENV GOLANG_VERSION 1.22.4 ENV GOLANG_VERSION 1.22.4
RUN set -eux; \ RUN set -eux; \
now="$(date '+%s')"; \
arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
url=; \ url=; \
case "$arch" in \ case "$arch" in \
@ -69,8 +70,11 @@ RUN set -eux; \
# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) # save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
export SOURCE_DATE_EPOCH; \ export SOURCE_DATE_EPOCH; \
touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
# for logging validation/edification # for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
# sanity check (detected value should be older than our wall clock)
[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
\ \
if [ "$arch" = 'armhf' ]; then \ if [ "$arch" = 'armhf' ]; then \
[ -s /usr/local/go/go.env ]; \ [ -s /usr/local/go/go.env ]; \
@ -82,15 +86,21 @@ RUN set -eux; \
} >> /usr/local/go/go.env; \ } >> /usr/local/go/go.env; \
after="$(go env GOARM)"; [ "$after" = '7' ]; \ after="$(go env GOARM)"; [ "$after" = '7' ]; \
# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) # (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
touch -t "$date" /usr/local/go/go.env /usr/local/go; \
fi; \ fi; \
\ \
# ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
mkdir /target /target/usr /target/usr/local; \
mv -vT /usr/local/go /target/usr/local/go; \
ln -svfT /target/usr/local/go /usr/local/go; \
touch -t "$touchy" /target/usr/local /target/usr /target; \
\
# smoke test # smoke test
go version; \ go version; \
# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) # make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
epoch="$(stat -c '%Y' /usr/local/go)"; \ epoch="$(stat -c '%Y' /target/usr/local/go)"; \
[ "$SOURCE_DATE_EPOCH" = "$epoch" ] [ "$SOURCE_DATE_EPOCH" = "$epoch" ]; \
find /target -newer /target/usr/local/go -exec sh -c 'ls -ld "$@" && exit "$#"' -- '{}' +
FROM buildpack-deps:bookworm-scm FROM buildpack-deps:bookworm-scm
@ -114,6 +124,7 @@ ENV GOTOOLCHAIN=local
ENV GOPATH /go ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=build --link /usr/local/go/ /usr/local/go/ # (see notes above about "COPY --link")
COPY --from=build --link /target/ /
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH WORKDIR $GOPATH

21
1.22/bullseye/Dockerfile generated
View File

@ -11,6 +11,7 @@ ENV PATH /usr/local/go/bin:$PATH
ENV GOLANG_VERSION 1.22.4 ENV GOLANG_VERSION 1.22.4
RUN set -eux; \ RUN set -eux; \
now="$(date '+%s')"; \
arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
url=; \ url=; \
case "$arch" in \ case "$arch" in \
@ -69,8 +70,11 @@ RUN set -eux; \
# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) # save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
export SOURCE_DATE_EPOCH; \ export SOURCE_DATE_EPOCH; \
touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
# for logging validation/edification # for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
# sanity check (detected value should be older than our wall clock)
[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
\ \
if [ "$arch" = 'armhf' ]; then \ if [ "$arch" = 'armhf' ]; then \
[ -s /usr/local/go/go.env ]; \ [ -s /usr/local/go/go.env ]; \
@ -82,15 +86,21 @@ RUN set -eux; \
} >> /usr/local/go/go.env; \ } >> /usr/local/go/go.env; \
after="$(go env GOARM)"; [ "$after" = '7' ]; \ after="$(go env GOARM)"; [ "$after" = '7' ]; \
# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) # (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
touch -t "$date" /usr/local/go/go.env /usr/local/go; \
fi; \ fi; \
\ \
# ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
mkdir /target /target/usr /target/usr/local; \
mv -vT /usr/local/go /target/usr/local/go; \
ln -svfT /target/usr/local/go /usr/local/go; \
touch -t "$touchy" /target/usr/local /target/usr /target; \
\
# smoke test # smoke test
go version; \ go version; \
# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) # make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
epoch="$(stat -c '%Y' /usr/local/go)"; \ epoch="$(stat -c '%Y' /target/usr/local/go)"; \
[ "$SOURCE_DATE_EPOCH" = "$epoch" ] [ "$SOURCE_DATE_EPOCH" = "$epoch" ]; \
find /target -newer /target/usr/local/go -exec sh -c 'ls -ld "$@" && exit "$#"' -- '{}' +
FROM buildpack-deps:bullseye-scm FROM buildpack-deps:bullseye-scm
@ -114,6 +124,7 @@ ENV GOTOOLCHAIN=local
ENV GOPATH /go ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=build --link /usr/local/go/ /usr/local/go/ # (see notes above about "COPY --link")
COPY --from=build --link /target/ /
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH WORKDIR $GOPATH

21
Dockerfile-linux.template
View File

@ -51,6 +51,7 @@ ENV GOLANG_VERSION {{ .version }}
end end
-}} -}}
RUN set -eux; \ RUN set -eux; \
now="$(date '+%s')"; \
{{ if is_alpine then ( -}} {{ if is_alpine then ( -}}
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
ca-certificates \ ca-certificates \
@ -107,8 +108,11 @@ RUN set -eux; \
# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) # save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
export SOURCE_DATE_EPOCH; \ export SOURCE_DATE_EPOCH; \
touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
# for logging validation/edification # for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
# sanity check (detected value should be older than our wall clock)
[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
\ \
{{ if .arches["arm32v7"].url // "" | contains("armv6") then ( -}} {{ if .arches["arm32v7"].url // "" | contains("armv6") then ( -}}
if [ "$arch" = {{ os_arches["arm32v7"] | @sh }} ]; then \ if [ "$arch" = {{ os_arches["arm32v7"] | @sh }} ]; then \
@ -121,11 +125,16 @@ RUN set -eux; \
} >> /usr/local/go/go.env; \ } >> /usr/local/go/go.env; \
after="$(go env GOARM)"; [ "$after" = {{ .arches["arm32v7"].env["GOARM"] | @sh }} ]; \ after="$(go env GOARM)"; [ "$after" = {{ .arches["arm32v7"].env["GOARM"] | @sh }} ]; \
# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) # (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
touch -t "$date" /usr/local/go/go.env /usr/local/go; \
fi; \ fi; \
\ \
{{ ) else "" end -}} {{ ) else "" end -}}
# ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
mkdir /target /target/usr /target/usr/local; \
mv -vT /usr/local/go /target/usr/local/go; \
ln -svfT /target/usr/local/go /usr/local/go; \
touch -t "$touchy" /target/usr/local /target/usr /target; \
\
{{ if is_alpine then ( -}} {{ if is_alpine then ( -}}
apk del --no-network .fetch-deps; \ apk del --no-network .fetch-deps; \
\ \
@ -133,8 +142,9 @@ RUN set -eux; \
# smoke test # smoke test
go version; \ go version; \
# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) # make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
epoch="$(stat -c '%Y' /usr/local/go)"; \ epoch="$(stat -c '%Y' /target/usr/local/go)"; \
[ "$SOURCE_DATE_EPOCH" = "$epoch" ] [ "$SOURCE_DATE_EPOCH" = "$epoch" ]; \
find /target -newer /target/usr/local/go -exec sh -c 'ls -ld "$@" && exit "$#"' -- '{}' +
{{ if is_alpine then ( -}} {{ if is_alpine then ( -}}
FROM alpine:{{ alpine_version }} FROM alpine:{{ alpine_version }}
@ -164,6 +174,7 @@ ENV GOTOOLCHAIN=local
ENV GOPATH /go ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=build --link /usr/local/go/ /usr/local/go/ # (see notes above about "COPY --link")
COPY --from=build --link /target/ /
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH WORKDIR $GOPATH