diff --git a/1.20/alpine3.18/Dockerfile b/1.20/alpine3.18/Dockerfile index e593c445..f34d1692 100644 --- a/1.20/alpine3.18/Dockerfile +++ b/1.20/alpine3.18/Dockerfile @@ -4,16 +4,19 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 - -RUN apk add --no-cache ca-certificates +FROM alpine:3.18 AS build ENV PATH /usr/local/go/bin:$PATH ENV GOLANG_VERSION 1.20.13 RUN set -eux; \ - apk add --no-cache --virtual .fetch-deps gnupg; \ + apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + gnupg \ +# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp) + tar \ + ; \ arch="$(apk --print-arch)"; \ url=; \ case "$arch" in \ @@ -69,6 +72,12 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ if [ -n "$build" ]; then \ apk add --no-cache --virtual .build-deps \ bash \ @@ -102,13 +111,31 @@ RUN set -eux; \ /usr/local/go/src/cmd/dist/dist \ "$GOCACHE" \ ; \ + \ +# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful) + date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ + touch -t "$date" /usr/local/.go-date-stamp; \ + find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$date" '{}' +; \ + rm /usr/local/.go-date-stamp; \ + touch -t "$date" /usr/local; \ fi; \ \ apk del --no-network .fetch-deps; \ \ - go version +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM alpine:3.18 + +RUN apk add --no-cache ca-certificates + +ENV GOLANG_VERSION 1.20.13 ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.20/alpine3.19/Dockerfile b/1.20/alpine3.19/Dockerfile index 26ee4bbc..93e3f3e9 100644 --- a/1.20/alpine3.19/Dockerfile +++ b/1.20/alpine3.19/Dockerfile @@ -4,16 +4,19 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 - -RUN apk add --no-cache ca-certificates +FROM alpine:3.19 AS build ENV PATH /usr/local/go/bin:$PATH ENV GOLANG_VERSION 1.20.13 RUN set -eux; \ - apk add --no-cache --virtual .fetch-deps gnupg; \ + apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + gnupg \ +# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp) + tar \ + ; \ arch="$(apk --print-arch)"; \ url=; \ case "$arch" in \ @@ -69,6 +72,12 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ if [ -n "$build" ]; then \ apk add --no-cache --virtual .build-deps \ bash \ @@ -102,13 +111,31 @@ RUN set -eux; \ /usr/local/go/src/cmd/dist/dist \ "$GOCACHE" \ ; \ + \ +# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful) + date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ + touch -t "$date" /usr/local/.go-date-stamp; \ + find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$date" '{}' +; \ + rm /usr/local/.go-date-stamp; \ + touch -t "$date" /usr/local; \ fi; \ \ apk del --no-network .fetch-deps; \ \ - go version +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM alpine:3.19 + +RUN apk add --no-cache ca-certificates + +ENV GOLANG_VERSION 1.20.13 ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.20/bookworm/Dockerfile b/1.20/bookworm/Dockerfile index c9e6749f..0187bcc6 100644 --- a/1.20/bookworm/Dockerfile +++ b/1.20/bookworm/Dockerfile @@ -4,19 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM buildpack-deps:bookworm-scm - -# install cgo-related dependencies -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - g++ \ - gcc \ - libc6-dev \ - make \ - pkg-config \ - ; \ - rm -rf /var/lib/apt/lists/* +FROM buildpack-deps:bookworm-scm AS build ENV PATH /usr/local/go/bin:$PATH @@ -89,10 +77,18 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ if [ -n "$build" ]; then \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends golang-go; \ +# TODO consider CGO_ENABLED=0 instead of installing gcc (probably doesn't matter much as this whole block is 1.20-only and I *think* newer versions already *do* default to cgo-disabled for builds, but maybe that's just for the dist/release builds) + apt-get install -y --no-install-recommends gcc; \ \ export GOCACHE='/tmp/gocache'; \ \ @@ -118,11 +114,39 @@ RUN set -eux; \ /usr/local/go/src/cmd/dist/dist \ "$GOCACHE" \ ; \ + \ +# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful) + date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ + touch -t "$date" /usr/local/.go-date-stamp; \ + find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$date" '{}' +; \ + rm /usr/local/.go-date-stamp; \ + touch -t "$date" /usr/local; \ fi; \ \ - go version +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM buildpack-deps:bookworm-scm + +# install cgo-related dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + g++ \ + gcc \ + libc6-dev \ + make \ + pkg-config \ + ; \ + rm -rf /var/lib/apt/lists/* + +ENV GOLANG_VERSION 1.20.13 ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.20/bullseye/Dockerfile b/1.20/bullseye/Dockerfile index 9acdba1d..ef26c010 100644 --- a/1.20/bullseye/Dockerfile +++ b/1.20/bullseye/Dockerfile @@ -4,19 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM buildpack-deps:bullseye-scm - -# install cgo-related dependencies -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - g++ \ - gcc \ - libc6-dev \ - make \ - pkg-config \ - ; \ - rm -rf /var/lib/apt/lists/* +FROM buildpack-deps:bullseye-scm AS build ENV PATH /usr/local/go/bin:$PATH @@ -89,6 +77,12 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ if [ -n "$build" ]; then \ savedAptMark="$(apt-mark showmanual)"; \ # add backports for newer go version for bootstrap build: https://github.com/golang/go/issues/44505 @@ -99,6 +93,8 @@ RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends -t "$VERSION_CODENAME-backports" golang-go; \ ); \ +# TODO consider CGO_ENABLED=0 instead of installing gcc (probably doesn't matter much as this whole block is 1.20-only and I *think* newer versions already *do* default to cgo-disabled for builds, but maybe that's just for the dist/release builds) + apt-get install -y --no-install-recommends gcc; \ \ export GOCACHE='/tmp/gocache'; \ \ @@ -124,11 +120,39 @@ RUN set -eux; \ /usr/local/go/src/cmd/dist/dist \ "$GOCACHE" \ ; \ + \ +# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful) + date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ + touch -t "$date" /usr/local/.go-date-stamp; \ + find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$date" '{}' +; \ + rm /usr/local/.go-date-stamp; \ + touch -t "$date" /usr/local; \ fi; \ \ - go version +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM buildpack-deps:bullseye-scm + +# install cgo-related dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + g++ \ + gcc \ + libc6-dev \ + make \ + pkg-config \ + ; \ + rm -rf /var/lib/apt/lists/* + +ENV GOLANG_VERSION 1.20.13 ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.21/alpine3.18/Dockerfile b/1.21/alpine3.18/Dockerfile index ee194d01..d82fec1d 100644 --- a/1.21/alpine3.18/Dockerfile +++ b/1.21/alpine3.18/Dockerfile @@ -4,16 +4,19 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 - -RUN apk add --no-cache ca-certificates +FROM alpine:3.18 AS build ENV PATH /usr/local/go/bin:$PATH ENV GOLANG_VERSION 1.21.6 RUN set -eux; \ - apk add --no-cache --virtual .fetch-deps gnupg; \ + apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + gnupg \ +# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp) + tar \ + ; \ arch="$(apk --print-arch)"; \ url=; \ case "$arch" in \ @@ -69,15 +72,32 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ apk del --no-network .fetch-deps; \ \ - go version +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM alpine:3.18 + +RUN apk add --no-cache ca-certificates + +ENV GOLANG_VERSION 1.21.6 # don't auto-upgrade the gotoolchain # https://github.com/docker-library/golang/issues/472 ENV GOTOOLCHAIN=local ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.21/alpine3.19/Dockerfile b/1.21/alpine3.19/Dockerfile index 37edf8cc..d5add579 100644 --- a/1.21/alpine3.19/Dockerfile +++ b/1.21/alpine3.19/Dockerfile @@ -4,16 +4,19 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 - -RUN apk add --no-cache ca-certificates +FROM alpine:3.19 AS build ENV PATH /usr/local/go/bin:$PATH ENV GOLANG_VERSION 1.21.6 RUN set -eux; \ - apk add --no-cache --virtual .fetch-deps gnupg; \ + apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + gnupg \ +# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp) + tar \ + ; \ arch="$(apk --print-arch)"; \ url=; \ case "$arch" in \ @@ -69,15 +72,32 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ apk del --no-network .fetch-deps; \ \ - go version +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM alpine:3.19 + +RUN apk add --no-cache ca-certificates + +ENV GOLANG_VERSION 1.21.6 # don't auto-upgrade the gotoolchain # https://github.com/docker-library/golang/issues/472 ENV GOTOOLCHAIN=local ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.21/bookworm/Dockerfile b/1.21/bookworm/Dockerfile index 7caa3642..835bcc5f 100644 --- a/1.21/bookworm/Dockerfile +++ b/1.21/bookworm/Dockerfile @@ -4,19 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM buildpack-deps:bookworm-scm - -# install cgo-related dependencies -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - g++ \ - gcc \ - libc6-dev \ - make \ - pkg-config \ - ; \ - rm -rf /var/lib/apt/lists/* +FROM buildpack-deps:bookworm-scm AS build ENV PATH /usr/local/go/bin:$PATH @@ -78,13 +66,40 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ - go version +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM buildpack-deps:bookworm-scm + +# install cgo-related dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + g++ \ + gcc \ + libc6-dev \ + make \ + pkg-config \ + ; \ + rm -rf /var/lib/apt/lists/* + +ENV GOLANG_VERSION 1.21.6 # don't auto-upgrade the gotoolchain # https://github.com/docker-library/golang/issues/472 ENV GOTOOLCHAIN=local ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.21/bullseye/Dockerfile b/1.21/bullseye/Dockerfile index 00b5cebb..b876b864 100644 --- a/1.21/bullseye/Dockerfile +++ b/1.21/bullseye/Dockerfile @@ -4,19 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM buildpack-deps:bullseye-scm - -# install cgo-related dependencies -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - g++ \ - gcc \ - libc6-dev \ - make \ - pkg-config \ - ; \ - rm -rf /var/lib/apt/lists/* +FROM buildpack-deps:bullseye-scm AS build ENV PATH /usr/local/go/bin:$PATH @@ -78,13 +66,40 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ - go version +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM buildpack-deps:bullseye-scm + +# install cgo-related dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + g++ \ + gcc \ + libc6-dev \ + make \ + pkg-config \ + ; \ + rm -rf /var/lib/apt/lists/* + +ENV GOLANG_VERSION 1.21.6 # don't auto-upgrade the gotoolchain # https://github.com/docker-library/golang/issues/472 ENV GOTOOLCHAIN=local ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.22-rc/alpine3.18/Dockerfile b/1.22-rc/alpine3.18/Dockerfile index 81c54072..d3e7d6a4 100644 --- a/1.22-rc/alpine3.18/Dockerfile +++ b/1.22-rc/alpine3.18/Dockerfile @@ -4,16 +4,19 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 - -RUN apk add --no-cache ca-certificates +FROM alpine:3.18 AS build ENV PATH /usr/local/go/bin:$PATH ENV GOLANG_VERSION 1.22rc1 RUN set -eux; \ - apk add --no-cache --virtual .fetch-deps gnupg; \ + apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + gnupg \ +# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp) + tar \ + ; \ arch="$(apk --print-arch)"; \ url=; \ case "$arch" in \ @@ -69,15 +72,32 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ apk del --no-network .fetch-deps; \ \ - go version +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM alpine:3.18 + +RUN apk add --no-cache ca-certificates + +ENV GOLANG_VERSION 1.22rc1 # don't auto-upgrade the gotoolchain # https://github.com/docker-library/golang/issues/472 ENV GOTOOLCHAIN=local ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.22-rc/alpine3.19/Dockerfile b/1.22-rc/alpine3.19/Dockerfile index f9049f85..afef0c01 100644 --- a/1.22-rc/alpine3.19/Dockerfile +++ b/1.22-rc/alpine3.19/Dockerfile @@ -4,16 +4,19 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 - -RUN apk add --no-cache ca-certificates +FROM alpine:3.19 AS build ENV PATH /usr/local/go/bin:$PATH ENV GOLANG_VERSION 1.22rc1 RUN set -eux; \ - apk add --no-cache --virtual .fetch-deps gnupg; \ + apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + gnupg \ +# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp) + tar \ + ; \ arch="$(apk --print-arch)"; \ url=; \ case "$arch" in \ @@ -69,15 +72,32 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ apk del --no-network .fetch-deps; \ \ - go version +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM alpine:3.19 + +RUN apk add --no-cache ca-certificates + +ENV GOLANG_VERSION 1.22rc1 # don't auto-upgrade the gotoolchain # https://github.com/docker-library/golang/issues/472 ENV GOTOOLCHAIN=local ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.22-rc/bookworm/Dockerfile b/1.22-rc/bookworm/Dockerfile index e10376a4..d9123b64 100644 --- a/1.22-rc/bookworm/Dockerfile +++ b/1.22-rc/bookworm/Dockerfile @@ -4,19 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM buildpack-deps:bookworm-scm - -# install cgo-related dependencies -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - g++ \ - gcc \ - libc6-dev \ - make \ - pkg-config \ - ; \ - rm -rf /var/lib/apt/lists/* +FROM buildpack-deps:bookworm-scm AS build ENV PATH /usr/local/go/bin:$PATH @@ -78,13 +66,40 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ - go version +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM buildpack-deps:bookworm-scm + +# install cgo-related dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + g++ \ + gcc \ + libc6-dev \ + make \ + pkg-config \ + ; \ + rm -rf /var/lib/apt/lists/* + +ENV GOLANG_VERSION 1.22rc1 # don't auto-upgrade the gotoolchain # https://github.com/docker-library/golang/issues/472 ENV GOTOOLCHAIN=local ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/1.22-rc/bullseye/Dockerfile b/1.22-rc/bullseye/Dockerfile index f25a8acd..cd0bcccb 100644 --- a/1.22-rc/bullseye/Dockerfile +++ b/1.22-rc/bullseye/Dockerfile @@ -4,19 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM buildpack-deps:bullseye-scm - -# install cgo-related dependencies -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - g++ \ - gcc \ - libc6-dev \ - make \ - pkg-config \ - ; \ - rm -rf /var/lib/apt/lists/* +FROM buildpack-deps:bullseye-scm AS build ENV PATH /usr/local/go/bin:$PATH @@ -78,13 +66,40 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ - go version +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +FROM buildpack-deps:bullseye-scm + +# install cgo-related dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + g++ \ + gcc \ + libc6-dev \ + make \ + pkg-config \ + ; \ + rm -rf /var/lib/apt/lists/* + +ENV GOLANG_VERSION 1.22rc1 # don't auto-upgrade the gotoolchain # https://github.com/docker-library/golang/issues/472 ENV GOTOOLCHAIN=local ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/Dockerfile-linux.template b/Dockerfile-linux.template index 4949149e..427579e3 100644 --- a/Dockerfile-linux.template +++ b/Dockerfile-linux.template @@ -14,23 +14,9 @@ is_alpine and sometimes_build_from_source -}} {{ if is_alpine then ( -}} -FROM alpine:{{ alpine_version }} - -RUN apk add --no-cache ca-certificates +FROM alpine:{{ alpine_version }} AS build {{ ) else ( -}} -FROM buildpack-deps:{{ env.variant }}-scm - -# install cgo-related dependencies -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - g++ \ - gcc \ - libc6-dev \ - make \ - pkg-config \ - ; \ - rm -rf /var/lib/apt/lists/* +FROM buildpack-deps:{{ env.variant }}-scm AS build {{ ) end -}} ENV PATH /usr/local/go/bin:$PATH @@ -74,7 +60,12 @@ ENV GOLANG_VERSION {{ .version }} -}} RUN set -eux; \ {{ if is_alpine then ( -}} - apk add --no-cache --virtual .fetch-deps gnupg; \ + apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + gnupg \ +# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp) + tar \ + ; \ arch="$(apk --print-arch)"; \ {{ ) else ( -}} arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ @@ -142,6 +133,12 @@ RUN set -eux; \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ +# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below) + SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \ + export SOURCE_DATE_EPOCH; \ +# for logging validation/edification + date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \ + \ {{ if sometimes_build_from_source then ( -}} if [ -n "$build" ]; then \ {{ if is_alpine then ( -}} @@ -166,6 +163,8 @@ RUN set -eux; \ apt-get install -y --no-install-recommends -t "$VERSION_CODENAME-backports" golang-go; \ ); \ {{ ) end -}} +# TODO consider CGO_ENABLED=0 instead of installing gcc (probably doesn't matter much as this whole block is 1.20-only and I *think* newer versions already *do* default to cgo-disabled for builds, but maybe that's just for the dist/release builds) + apt-get install -y --no-install-recommends gcc; \ {{ ) end -}} \ export GOCACHE='/tmp/gocache'; \ @@ -202,6 +201,13 @@ RUN set -eux; \ /usr/local/go/src/cmd/dist/dist \ "$GOCACHE" \ ; \ + \ +# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful) + date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ + touch -t "$date" /usr/local/.go-date-stamp; \ + find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$date" '{}' +; \ + rm /usr/local/.go-date-stamp; \ + touch -t "$date" /usr/local; \ {{ if [ "1.20" ] | index(env.version) then "" elif .arches["arm32v7"].url // "" | contains("armv6") then ( -}} elif [ "$arch" = {{ os_arches["arm32v7"] | @sh }} ]; then \ [ -s /usr/local/go/go.env ]; \ @@ -212,6 +218,9 @@ RUN set -eux; \ echo {{ "GOARM=\(.arches["arm32v7"].env["GOARM"])" | @sh }}; \ } >> /usr/local/go/go.env; \ after="$(go env GOARM)"; [ "$after" = {{ .arches["arm32v7"].env["GOARM"] | @sh }} ]; \ +# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful) + date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \ + touch -t "$date" /usr/local/go/go.env /usr/local/go; \ {{ ) else "" end -}} fi; \ \ @@ -220,7 +229,33 @@ RUN set -eux; \ apk del --no-network .fetch-deps; \ \ {{ ) else "" end -}} - go version +# smoke test + go version; \ +# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test) + epoch="$(stat -c '%Y' /usr/local/go)"; \ + [ "$SOURCE_DATE_EPOCH" = "$epoch" ] + +{{ if is_alpine then ( -}} +FROM alpine:{{ alpine_version }} + +RUN apk add --no-cache ca-certificates +{{ ) else ( -}} +FROM buildpack-deps:{{ env.variant }}-scm + +# install cgo-related dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + g++ \ + gcc \ + libc6-dev \ + make \ + pkg-config \ + ; \ + rm -rf /var/lib/apt/lists/* +{{ ) end -}} + +ENV GOLANG_VERSION {{ .version }} {{ if [ "1.20" ] | index(env.version | rtrimstr("-rc")) then "" else ( -}} # don't auto-upgrade the gotoolchain @@ -229,6 +264,7 @@ ENV GOTOOLCHAIN=local {{ ) end -}} ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=build --link /usr/local/go/ /usr/local/go/ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" WORKDIR $GOPATH diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index eadf2b69..f734c361 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -65,6 +65,7 @@ Maintainers: Tianon Gravi (@tianon), Joseph Ferguson (@yosifkit), Johan Euphrosine (@proppy) GitRepo: https://github.com/docker-library/golang.git +Builder: buildkit EOH # prints "$2$1$3$1...$N" @@ -131,7 +132,7 @@ for version; do ;; *) - variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$dir/Dockerfile")" + variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$dir/Dockerfile" | sort -u)" # TODO this needs to handle multi-parents (we get lucky that they're the same) variantArches="${parentRepoToArches[$variantParent]}" ;; esac @@ -183,6 +184,9 @@ for version; do GitCommit: $commit Directory: $dir EOE - [ -z "$constraints" ] || echo "Constraints: $constraints" + if [ -n "$constraints" ]; then + echo 'Builder: classic' + echo "Constraints: $constraints" + fi done done