├── .conform.yaml ├── .dockerignore ├── .github ├── renovate.json └── workflows │ ├── ci.yaml │ ├── slack-notify.yaml │ └── weekly.yaml ├── .gitignore ├── .kres.yaml ├── LICENSE ├── Makefile ├── Pkgfile ├── README.md ├── abseil └── pkg.yaml ├── argp-standalone └── pkg.yaml ├── autoconf └── pkg.yaml ├── automake └── pkg.yaml ├── base ├── fhs-validator.sh └── pkg.yaml ├── bash └── pkg.yaml ├── bc └── pkg.yaml ├── bison └── pkg.yaml ├── bzip2 └── pkg.yaml ├── cmake └── pkg.yaml ├── coreutils └── pkg.yaml ├── curl └── pkg.yaml ├── deps.png ├── diffutils └── pkg.yaml ├── dtc └── pkg.yaml ├── dwarfutils └── pkg.yaml ├── elfutils ├── patches │ └── musl-macros.patch └── pkg.yaml ├── expat └── pkg.yaml ├── fakeroot ├── patches │ ├── fakeroot-no64.patch │ ├── fix-shell.patch │ └── no-docs.patch └── pkg.yaml ├── findutils └── pkg.yaml ├── flex └── pkg.yaml ├── gawk └── pkg.yaml ├── gettext └── pkg.yaml ├── git └── pkg.yaml ├── gmp └── pkg.yaml ├── gnutls └── pkg.yaml ├── gperf └── pkg.yaml ├── grep └── pkg.yaml ├── gzip └── pkg.yaml ├── hack ├── release.sh └── release.toml ├── libbpf └── pkg.yaml ├── libffi └── pkg.yaml ├── libnl └── pkg.yaml ├── libtasn1 └── pkg.yaml ├── libtool └── pkg.yaml ├── libunistring └── pkg.yaml ├── libuv └── pkg.yaml ├── m4 └── pkg.yaml ├── meson └── pkg.yaml ├── mpc └── pkg.yaml ├── mpfr └── pkg.yaml ├── musl-fts ├── patches │ └── argp-standalone-1.3-musl-fix-inline.patch └── pkg.yaml ├── musl-obstack └── pkg.yaml ├── musl-utils └── pkg.yaml ├── ncurses ├── patches │ └── reproducibility.patch └── pkg.yaml ├── nettle └── pkg.yaml ├── ninja └── pkg.yaml ├── pahole └── pkg.yaml ├── patch └── pkg.yaml ├── perl ├── patches │ └── reproducible-build-date.patch └── pkg.yaml ├── pkg-config └── pkg.yaml ├── policycoreutils ├── patches │ └── musl-fts.patch └── pkg.yaml ├── protobuf └── pkg.yaml ├── protoc-gen-go-grpc └── pkg.yaml ├── protoc-gen-go └── pkg.yaml ├── pyelftools └── pkg.yaml ├── python-build └── pkg.yaml ├── python-flit_core └── pkg.yaml ├── python-gpep517 └── pkg.yaml ├── python-installer └── pkg.yaml ├── python-jinja2 └── pkg.yaml ├── python-markupsafe └── pkg.yaml ├── python-packaging └── pkg.yaml ├── python-setuptools └── pkg.yaml ├── python3 ├── patches │ └── musl-find_library.patch └── pkg.yaml ├── rhash ├── patches │ └── byteorder.patch └── pkg.yaml ├── secilc ├── patches │ └── disable-manpages.patch └── pkg.yaml ├── sed └── pkg.yaml ├── swig └── pkg.yaml ├── texinfo └── pkg.yaml ├── tools-ca-certificates └── pkg.yaml ├── tools-cpio ├── patches │ └── gcc-10.patch └── pkg.yaml ├── tools-kmod └── pkg.yaml ├── tools-libcap └── pkg.yaml ├── tools-libselinux ├── patches │ ├── 0001-libselinux-exclude-requirement-for-etc-selinux.patch │ ├── musl-lstat.patch │ └── selabel-digest-uninit.patch └── pkg.yaml ├── tools-libsepol ├── patches │ └── dont-build-utils.patch └── pkg.yaml ├── tools-openssl └── pkg.yaml ├── tools-pcre2 └── pkg.yaml ├── tools-squashfs-tools ├── patches │ └── fix-compat.patch └── pkg.yaml ├── tools-tar └── pkg.yaml ├── tools-util-linux └── pkg.yaml ├── tools-xz └── pkg.yaml ├── tools-zlib └── pkg.yaml ├── tools-zstd └── pkg.yaml └── tools └── pkg.yaml /.conform.yaml: -------------------------------------------------------------------------------- 1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. 2 | # 3 | # Generated on 2024-03-27T10:42:24Z by kres latest. 4 | 5 | policies: 6 | - type: commit 7 | spec: 8 | dco: true 9 | gpg: 10 | required: true 11 | identity: 12 | gitHubOrganization: siderolabs 13 | spellcheck: 14 | locale: US 15 | maximumOfOneCommit: true 16 | header: 17 | length: 89 18 | imperative: true 19 | case: lower 20 | invalidLastCharacters: . 21 | body: 22 | required: true 23 | conventional: 24 | types: 25 | - chore 26 | - docs 27 | - perf 28 | - refactor 29 | - style 30 | - test 31 | - release 32 | scopes: 33 | - .* 34 | - type: license 35 | spec: 36 | root: . 37 | skipPaths: 38 | - .git/ 39 | - testdata/ 40 | includeSuffixes: 41 | - .go 42 | excludeSuffixes: 43 | - .pb.go 44 | - .pb.gw.go 45 | header: | 46 | // This Source Code Form is subject to the terms of the Mozilla Public 47 | // License, v. 2.0. If a copy of the MPL was not distributed with this 48 | // file, You can obtain one at http://mozilla.org/MPL/2.0/. 49 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. 2 | # 3 | # Generated on 2023-11-02T12:25:12Z by kres a0777d5-dirty. 4 | 5 | * 6 | !README.md 7 | !pkg.yaml 8 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "description": "THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.", 4 | "prHeader": "Update Request | Renovate Bot", 5 | "extends": [ 6 | ":dependencyDashboard", 7 | ":gitSignOff", 8 | ":semanticCommitScopeDisabled", 9 | "schedule:earlyMondays" 10 | ], 11 | "customManagers": [ 12 | { 13 | "customType": "regex", 14 | "versioningTemplate": "{{#if versioning}}{{versioning}}{{else}}semver{{/if}}", 15 | "fileMatch": [ 16 | "Pkgfile" 17 | ], 18 | "matchStrings": [ 19 | "# renovate: datasource=(?.*?)(?:\\s+extractVersion=(?.+?))?(?:\\s+versioning=(?.+?))?\\s+depName=(?.+?)?\\s(?:.*_(?:version|VERSION):\\s+(?.*))?(?:(\\s)?.*_(?:ref|REF):\\s+(?.*))?" 20 | ] 21 | }, 22 | { 23 | "customType": "regex", 24 | "datasourceTemplate": "github-tags", 25 | "depNameTemplate": "siderolabs/bldr", 26 | "versioningTemplate": "semver", 27 | "fileMatch": [ 28 | "Pkgfile" 29 | ], 30 | "matchStrings": [ 31 | "ghcr.io\\/siderolabs\\/bldr:(?v.*)" 32 | ] 33 | } 34 | ], 35 | "packageRules": [ 36 | { 37 | "groupName": "dependencies", 38 | "matchUpdateTypes": [ 39 | "major", 40 | "minor", 41 | "patch", 42 | "pin", 43 | "digest" 44 | ] 45 | }, 46 | { 47 | "enabled": false, 48 | "matchFileNames": [ 49 | "Dockerfile" 50 | ] 51 | }, 52 | { 53 | "enabled": false, 54 | "matchFileNames": [ 55 | ".github/workflows/*.yaml" 56 | ] 57 | }, 58 | { 59 | "versioning": "regex:^(?\\d+)\\.(?\\d+)\\.?(?\\d+)?$", 60 | "matchPackageNames": [ 61 | "golang/go", 62 | "mirror/ncurses", 63 | "PCRE2Project/pcre2", 64 | "plougher/squashfs-tools", 65 | "SELinuxProject/selinux", 66 | "git://git.savannah.gnu.org/make.git", 67 | "git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git", 68 | "git://git.savannah.gnu.org/automake.git", 69 | "git://git.savannah.gnu.org/bison.git", 70 | "git://git.savannah.gnu.org/coreutils.git", 71 | "git://git.savannah.gnu.org/diffutils.git", 72 | "git://sourceware.org/git/elfutils.git", 73 | "git://git.savannah.gnu.org/gettext.git", 74 | "git://git.savannah.gnu.org/gperf.git", 75 | "git://git.savannah.gnu.org/grep.git", 76 | "git://git.savannah.gnu.org/gzip.git", 77 | "git://git.kernel.org/pub/scm/devel/pahole/pahole.git", 78 | "git://git.savannah.gnu.org/patch.git", 79 | "https://gitlab.freedesktop.org/pkg-config/pkg-config.git", 80 | "git://git.savannah.gnu.org/sed.git", 81 | "git://git.savannah.gnu.org/texinfo.git", 82 | "git://git.kernel.org/pub/scm/libs/libcap/libcap.git", 83 | "git://git.savannah.gnu.org/autoconf.git", 84 | "git://git.savannah.gnu.org/bash.git", 85 | "https://gitlab.kitware.com/cmake/cmake.git" 86 | ] 87 | }, 88 | { 89 | "versioning": "regex:^(?\\d{4})(?\\d{2})(?\\d{2})\\.?(?\\d+)?$", 90 | "matchPackageNames": [ 91 | "abseil/abseil-cpp" 92 | ] 93 | }, 94 | { 95 | "versioning": "regex:^(?\\d+)\\.?(?\\d+)?\\.?(?\\d+)?$", 96 | "matchPackageNames": [ 97 | "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git", 98 | "systemd/systemd" 99 | ] 100 | }, 101 | { 102 | "versioning": "regex:^(?\\d+)\\.(?\\d+)", 103 | "matchPackageNames": [ 104 | "protocolbuffers/protobuf" 105 | ] 106 | }, 107 | { 108 | "versioning": "regex:^(?\\d+)_(?\\d+)_?(?\\d+)?$", 109 | "matchPackageNames": [ 110 | "curl/curl", 111 | "libexpat/libexpat", 112 | "file/file", 113 | "git://git.savannah.gnu.org/cpio.git", 114 | "git://git.savannah.gnu.org/tar.git" 115 | ] 116 | }, 117 | { 118 | "versioning": "regex:^(?\\d+)\\.(?\\d[02468]+)\\.(?\\d+)$", 119 | "matchPackageNames": [ 120 | "Perl/perl5" 121 | ] 122 | } 123 | ], 124 | "separateMajorMinor": false 125 | } 126 | -------------------------------------------------------------------------------- /.github/workflows/ci.yaml: -------------------------------------------------------------------------------- 1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. 2 | # 3 | # Generated on 2025-03-07T10:00:01Z by kres d88db2f. 4 | 5 | name: default 6 | concurrency: 7 | group: ${{ github.head_ref || github.run_id }} 8 | cancel-in-progress: true 9 | "on": 10 | push: 11 | branches: 12 | - main 13 | - release-* 14 | tags: 15 | - v* 16 | pull_request: 17 | branches: 18 | - main 19 | - release-* 20 | jobs: 21 | default: 22 | permissions: 23 | actions: read 24 | contents: write 25 | issues: read 26 | packages: write 27 | pull-requests: read 28 | runs-on: 29 | - self-hosted 30 | - pkgs 31 | if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) 32 | outputs: 33 | labels: ${{ steps.retrieve-pr-labels.outputs.result }} 34 | steps: 35 | - name: gather-system-info 36 | id: system-info 37 | uses: kenchan0130/actions-system-info@v1.3.0 38 | continue-on-error: true 39 | - name: print-system-info 40 | run: | 41 | MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024)) 42 | 43 | OUTPUTS=( 44 | "CPU Core: ${{ steps.system-info.outputs.cpu-core }}" 45 | "CPU Model: ${{ steps.system-info.outputs.cpu-model }}" 46 | "Hostname: ${{ steps.system-info.outputs.hostname }}" 47 | "NodeName: ${NODE_NAME}" 48 | "Kernel release: ${{ steps.system-info.outputs.kernel-release }}" 49 | "Kernel version: ${{ steps.system-info.outputs.kernel-version }}" 50 | "Name: ${{ steps.system-info.outputs.name }}" 51 | "Platform: ${{ steps.system-info.outputs.platform }}" 52 | "Release: ${{ steps.system-info.outputs.release }}" 53 | "Total memory: ${MEMORY_GB} GB" 54 | ) 55 | 56 | for OUTPUT in "${OUTPUTS[@]}";do 57 | echo "${OUTPUT}" 58 | done 59 | continue-on-error: true 60 | - name: checkout 61 | uses: actions/checkout@v4 62 | - name: Unshallow 63 | run: | 64 | git fetch --prune --unshallow 65 | - name: Set up Docker Buildx 66 | id: setup-buildx 67 | uses: docker/setup-buildx-action@v3 68 | with: 69 | append: | 70 | - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 71 | platforms: linux/arm64 72 | driver: remote 73 | endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 74 | - name: Build 75 | if: github.event_name == 'pull_request' 76 | run: | 77 | make 78 | - name: Login to registry 79 | if: github.event_name != 'pull_request' 80 | uses: docker/login-action@v3 81 | with: 82 | password: ${{ secrets.GITHUB_TOKEN }} 83 | registry: ghcr.io 84 | username: ${{ github.repository_owner }} 85 | - name: Push to registry 86 | if: github.event_name != 'pull_request' 87 | run: | 88 | make PUSH=true 89 | - name: Retrieve PR labels 90 | id: retrieve-pr-labels 91 | uses: actions/github-script@v7 92 | with: 93 | retries: "3" 94 | script: | 95 | if (context.eventName != "pull_request") { return "[]" } 96 | 97 | const resp = await github.rest.issues.get({ 98 | issue_number: context.issue.number, 99 | owner: context.repo.owner, 100 | repo: context.repo.repo, 101 | }) 102 | 103 | return resp.data.labels.map(label => label.name) 104 | - name: release-notes 105 | if: startsWith(github.ref, 'refs/tags/') 106 | run: | 107 | make release-notes 108 | - name: Release 109 | if: startsWith(github.ref, 'refs/tags/') 110 | uses: crazy-max/ghaction-github-release@v2 111 | with: 112 | body_path: _out/RELEASE_NOTES.md 113 | draft: "true" 114 | reproducibility: 115 | runs-on: 116 | - self-hosted 117 | - pkgs 118 | if: contains(fromJSON(needs.default.outputs.labels), 'integration/reproducibility') 119 | needs: 120 | - default 121 | steps: 122 | - name: gather-system-info 123 | id: system-info 124 | uses: kenchan0130/actions-system-info@v1.3.0 125 | continue-on-error: true 126 | - name: print-system-info 127 | run: | 128 | MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024)) 129 | 130 | OUTPUTS=( 131 | "CPU Core: ${{ steps.system-info.outputs.cpu-core }}" 132 | "CPU Model: ${{ steps.system-info.outputs.cpu-model }}" 133 | "Hostname: ${{ steps.system-info.outputs.hostname }}" 134 | "NodeName: ${NODE_NAME}" 135 | "Kernel release: ${{ steps.system-info.outputs.kernel-release }}" 136 | "Kernel version: ${{ steps.system-info.outputs.kernel-version }}" 137 | "Name: ${{ steps.system-info.outputs.name }}" 138 | "Platform: ${{ steps.system-info.outputs.platform }}" 139 | "Release: ${{ steps.system-info.outputs.release }}" 140 | "Total memory: ${MEMORY_GB} GB" 141 | ) 142 | 143 | for OUTPUT in "${OUTPUTS[@]}";do 144 | echo "${OUTPUT}" 145 | done 146 | continue-on-error: true 147 | - name: checkout 148 | uses: actions/checkout@v4 149 | - name: Unshallow 150 | run: | 151 | git fetch --prune --unshallow 152 | - name: Set up Docker Buildx 153 | id: setup-buildx 154 | uses: docker/setup-buildx-action@v3 155 | with: 156 | append: | 157 | - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 158 | platforms: linux/arm64 159 | driver: remote 160 | endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 161 | - name: reproducibility-test 162 | run: | 163 | make reproducibility-test 164 | -------------------------------------------------------------------------------- /.github/workflows/slack-notify.yaml: -------------------------------------------------------------------------------- 1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. 2 | # 3 | # Generated on 2024-11-25T17:37:38Z by kres 232fe63. 4 | 5 | name: slack-notify 6 | "on": 7 | workflow_run: 8 | workflows: 9 | - default 10 | - weekly 11 | types: 12 | - completed 13 | jobs: 14 | slack-notify: 15 | runs-on: 16 | - self-hosted 17 | - generic 18 | if: github.event.workflow_run.conclusion != 'skipped' 19 | steps: 20 | - name: Get PR number 21 | id: get-pr-number 22 | if: github.event.workflow_run.event == 'pull_request' 23 | env: 24 | GH_TOKEN: ${{ github.token }} 25 | run: | 26 | echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT 27 | - name: Slack Notify 28 | uses: slackapi/slack-github-action@v2 29 | with: 30 | method: chat.postMessage 31 | payload: | 32 | { 33 | "channel": "proj-talos-maintainers", 34 | "attachments": [ 35 | { 36 | "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}", 37 | "fallback": "test", 38 | "blocks": [ 39 | { 40 | "type": "section", 41 | "fields": [ 42 | { 43 | "type": "mrkdwn", 44 | "text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.get-pr-number.outputs.pull_request_number, github.event.workflow_run.display_title) || format('*Build:* {0} (`{1}`)\n<{2}/commit/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, github.sha, github.event.workflow_run.display_title) }}" 45 | }, 46 | { 47 | "type": "mrkdwn", 48 | "text": "*Status:*\n`${{ github.event.workflow_run.conclusion }}`" 49 | } 50 | ] 51 | }, 52 | { 53 | "type": "section", 54 | "fields": [ 55 | { 56 | "type": "mrkdwn", 57 | "text": "*Author:*\n`${{ github.actor }}`" 58 | }, 59 | { 60 | "type": "mrkdwn", 61 | "text": "*Event:*\n`${{ github.event.workflow_run.event }}`" 62 | } 63 | ] 64 | }, 65 | { 66 | "type": "divider" 67 | }, 68 | { 69 | "type": "actions", 70 | "elements": [ 71 | { 72 | "type": "button", 73 | "text": { 74 | "type": "plain_text", 75 | "text": "Logs" 76 | }, 77 | "url": "${{ github.event.workflow_run.html_url }}" 78 | }, 79 | { 80 | "type": "button", 81 | "text": { 82 | "type": "plain_text", 83 | "text": "Commit" 84 | }, 85 | "url": "${{ github.event.repository.html_url }}/commit/${{ github.sha }}" 86 | } 87 | ] 88 | } 89 | ] 90 | } 91 | ] 92 | } 93 | token: ${{ secrets.SLACK_BOT_TOKEN }} 94 | -------------------------------------------------------------------------------- /.github/workflows/weekly.yaml: -------------------------------------------------------------------------------- 1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. 2 | # 3 | # Generated on 2025-03-07T10:00:01Z by kres d88db2f. 4 | 5 | name: weekly 6 | concurrency: 7 | group: ${{ github.head_ref || github.run_id }} 8 | cancel-in-progress: true 9 | "on": 10 | schedule: 11 | - cron: 30 1 * * 1 12 | jobs: 13 | reproducibility: 14 | runs-on: 15 | - self-hosted 16 | - pkgs 17 | steps: 18 | - name: gather-system-info 19 | id: system-info 20 | uses: kenchan0130/actions-system-info@v1.3.0 21 | continue-on-error: true 22 | - name: print-system-info 23 | run: | 24 | MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024)) 25 | 26 | OUTPUTS=( 27 | "CPU Core: ${{ steps.system-info.outputs.cpu-core }}" 28 | "CPU Model: ${{ steps.system-info.outputs.cpu-model }}" 29 | "Hostname: ${{ steps.system-info.outputs.hostname }}" 30 | "NodeName: ${NODE_NAME}" 31 | "Kernel release: ${{ steps.system-info.outputs.kernel-release }}" 32 | "Kernel version: ${{ steps.system-info.outputs.kernel-version }}" 33 | "Name: ${{ steps.system-info.outputs.name }}" 34 | "Platform: ${{ steps.system-info.outputs.platform }}" 35 | "Release: ${{ steps.system-info.outputs.release }}" 36 | "Total memory: ${MEMORY_GB} GB" 37 | ) 38 | 39 | for OUTPUT in "${OUTPUTS[@]}";do 40 | echo "${OUTPUT}" 41 | done 42 | continue-on-error: true 43 | - name: checkout 44 | uses: actions/checkout@v4 45 | - name: Unshallow 46 | run: | 47 | git fetch --prune --unshallow 48 | - name: Set up Docker Buildx 49 | id: setup-buildx 50 | uses: docker/setup-buildx-action@v3 51 | with: 52 | append: | 53 | - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 54 | platforms: linux/arm64 55 | driver: remote 56 | endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 57 | - name: reproducibility-test 58 | run: | 59 | make reproducibility-test 60 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. 2 | # 3 | # Generated on 2023-11-02T12:25:12Z by kres a0777d5-dirty. 4 | 5 | _out 6 | -------------------------------------------------------------------------------- /.kres.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: pkgfile.Build 3 | spec: 4 | targets: 5 | - tools 6 | - tools-ca-certificates 7 | - tools-cpio 8 | - tools-kmod 9 | - tools-libcap 10 | - tools-libselinux 11 | - tools-libsepol 12 | - tools-openssl 13 | - tools-pcre2 14 | - tools-squashfs-tools 15 | - tools-tar 16 | - tools-util-linux 17 | - tools-xz 18 | - tools-zlib 19 | - tools-zstd 20 | reproducibleTargetName: tools 21 | --- 22 | kind: common.Renovate 23 | spec: 24 | packageRules: 25 | - matchPackageNames: 26 | - golang/go 27 | - mirror/ncurses 28 | - PCRE2Project/pcre2 29 | - plougher/squashfs-tools 30 | - SELinuxProject/selinux 31 | - git://git.savannah.gnu.org/make.git 32 | - git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git 33 | - git://git.savannah.gnu.org/automake.git 34 | - git://git.savannah.gnu.org/bison.git 35 | - git://git.savannah.gnu.org/coreutils.git 36 | - git://git.savannah.gnu.org/diffutils.git 37 | - git://sourceware.org/git/elfutils.git 38 | - git://git.savannah.gnu.org/gettext.git 39 | - git://git.savannah.gnu.org/gperf.git 40 | - git://git.savannah.gnu.org/grep.git 41 | - git://git.savannah.gnu.org/gzip.git 42 | - git://git.kernel.org/pub/scm/devel/pahole/pahole.git 43 | - git://git.savannah.gnu.org/patch.git 44 | - https://gitlab.freedesktop.org/pkg-config/pkg-config.git 45 | - git://git.savannah.gnu.org/sed.git 46 | - git://git.savannah.gnu.org/texinfo.git 47 | - git://git.kernel.org/pub/scm/libs/libcap/libcap.git 48 | - git://git.savannah.gnu.org/autoconf.git 49 | - git://git.savannah.gnu.org/bash.git 50 | - https://gitlab.kitware.com/cmake/cmake.git 51 | versioning: 'regex:^(?\d+)\.(?\d+)\.?(?\d+)?$' 52 | - matchPackageNames: 53 | - abseil/abseil-cpp 54 | versioning: 'regex:^(?\d{4})(?\d{2})(?\d{2})\.?(?\d+)?$' 55 | - matchPackageNames: 56 | - git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git 57 | - systemd/systemd 58 | versioning: 'regex:^(?\d+)\.?(?\d+)?\.?(?\d+)?$' 59 | - matchPackageNames: 60 | - protocolbuffers/protobuf 61 | versioning: 'regex:^(?\d+)\.(?\d+)' 62 | - matchPackageNames: 63 | - curl/curl 64 | - libexpat/libexpat 65 | - file/file 66 | - git://git.savannah.gnu.org/cpio.git 67 | - git://git.savannah.gnu.org/tar.git 68 | versioning: 'regex:^(?\d+)_(?\d+)_?(?\d+)?$' 69 | - matchPackageNames: 70 | - Perl/perl5 71 | versioning: 'regex:^(?\d+)\.(?\d[02468]+)\.(?\d+)$' 72 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Mozilla Public License Version 2.0 2 | ================================== 3 | 4 | 1. Definitions 5 | -------------- 6 | 7 | 1.1. "Contributor" 8 | means each individual or legal entity that creates, contributes to 9 | the creation of, or owns Covered Software. 10 | 11 | 1.2. "Contributor Version" 12 | means the combination of the Contributions of others (if any) used 13 | by a Contributor and that particular Contributor's Contribution. 14 | 15 | 1.3. "Contribution" 16 | means Covered Software of a particular Contributor. 17 | 18 | 1.4. "Covered Software" 19 | means Source Code Form to which the initial Contributor has attached 20 | the notice in Exhibit A, the Executable Form of such Source Code 21 | Form, and Modifications of such Source Code Form, in each case 22 | including portions thereof. 23 | 24 | 1.5. "Incompatible With Secondary Licenses" 25 | means 26 | 27 | (a) that the initial Contributor has attached the notice described 28 | in Exhibit B to the Covered Software; or 29 | 30 | (b) that the Covered Software was made available under the terms of 31 | version 1.1 or earlier of the License, but not also under the 32 | terms of a Secondary License. 33 | 34 | 1.6. "Executable Form" 35 | means any form of the work other than Source Code Form. 36 | 37 | 1.7. "Larger Work" 38 | means a work that combines Covered Software with other material, in 39 | a separate file or files, that is not Covered Software. 40 | 41 | 1.8. "License" 42 | means this document. 43 | 44 | 1.9. "Licensable" 45 | means having the right to grant, to the maximum extent possible, 46 | whether at the time of the initial grant or subsequently, any and 47 | all of the rights conveyed by this License. 48 | 49 | 1.10. "Modifications" 50 | means any of the following: 51 | 52 | (a) any file in Source Code Form that results from an addition to, 53 | deletion from, or modification of the contents of Covered 54 | Software; or 55 | 56 | (b) any new file in Source Code Form that contains any Covered 57 | Software. 58 | 59 | 1.11. "Patent Claims" of a Contributor 60 | means any patent claim(s), including without limitation, method, 61 | process, and apparatus claims, in any patent Licensable by such 62 | Contributor that would be infringed, but for the grant of the 63 | License, by the making, using, selling, offering for sale, having 64 | made, import, or transfer of either its Contributions or its 65 | Contributor Version. 66 | 67 | 1.12. "Secondary License" 68 | means either the GNU General Public License, Version 2.0, the GNU 69 | Lesser General Public License, Version 2.1, the GNU Affero General 70 | Public License, Version 3.0, or any later versions of those 71 | licenses. 72 | 73 | 1.13. "Source Code Form" 74 | means the form of the work preferred for making modifications. 75 | 76 | 1.14. "You" (or "Your") 77 | means an individual or a legal entity exercising rights under this 78 | License. For legal entities, "You" includes any entity that 79 | controls, is controlled by, or is under common control with You. For 80 | purposes of this definition, "control" means (a) the power, direct 81 | or indirect, to cause the direction or management of such entity, 82 | whether by contract or otherwise, or (b) ownership of more than 83 | fifty percent (50%) of the outstanding shares or beneficial 84 | ownership of such entity. 85 | 86 | 2. License Grants and Conditions 87 | -------------------------------- 88 | 89 | 2.1. Grants 90 | 91 | Each Contributor hereby grants You a world-wide, royalty-free, 92 | non-exclusive license: 93 | 94 | (a) under intellectual property rights (other than patent or trademark) 95 | Licensable by such Contributor to use, reproduce, make available, 96 | modify, display, perform, distribute, and otherwise exploit its 97 | Contributions, either on an unmodified basis, with Modifications, or 98 | as part of a Larger Work; and 99 | 100 | (b) under Patent Claims of such Contributor to make, use, sell, offer 101 | for sale, have made, import, and otherwise transfer either its 102 | Contributions or its Contributor Version. 103 | 104 | 2.2. Effective Date 105 | 106 | The licenses granted in Section 2.1 with respect to any Contribution 107 | become effective for each Contribution on the date the Contributor first 108 | distributes such Contribution. 109 | 110 | 2.3. Limitations on Grant Scope 111 | 112 | The licenses granted in this Section 2 are the only rights granted under 113 | this License. No additional rights or licenses will be implied from the 114 | distribution or licensing of Covered Software under this License. 115 | Notwithstanding Section 2.1(b) above, no patent license is granted by a 116 | Contributor: 117 | 118 | (a) for any code that a Contributor has removed from Covered Software; 119 | or 120 | 121 | (b) for infringements caused by: (i) Your and any other third party's 122 | modifications of Covered Software, or (ii) the combination of its 123 | Contributions with other software (except as part of its Contributor 124 | Version); or 125 | 126 | (c) under Patent Claims infringed by Covered Software in the absence of 127 | its Contributions. 128 | 129 | This License does not grant any rights in the trademarks, service marks, 130 | or logos of any Contributor (except as may be necessary to comply with 131 | the notice requirements in Section 3.4). 132 | 133 | 2.4. Subsequent Licenses 134 | 135 | No Contributor makes additional grants as a result of Your choice to 136 | distribute the Covered Software under a subsequent version of this 137 | License (see Section 10.2) or under the terms of a Secondary License (if 138 | permitted under the terms of Section 3.3). 139 | 140 | 2.5. Representation 141 | 142 | Each Contributor represents that the Contributor believes its 143 | Contributions are its original creation(s) or it has sufficient rights 144 | to grant the rights to its Contributions conveyed by this License. 145 | 146 | 2.6. Fair Use 147 | 148 | This License is not intended to limit any rights You have under 149 | applicable copyright doctrines of fair use, fair dealing, or other 150 | equivalents. 151 | 152 | 2.7. Conditions 153 | 154 | Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted 155 | in Section 2.1. 156 | 157 | 3. Responsibilities 158 | ------------------- 159 | 160 | 3.1. Distribution of Source Form 161 | 162 | All distribution of Covered Software in Source Code Form, including any 163 | Modifications that You create or to which You contribute, must be under 164 | the terms of this License. You must inform recipients that the Source 165 | Code Form of the Covered Software is governed by the terms of this 166 | License, and how they can obtain a copy of this License. You may not 167 | attempt to alter or restrict the recipients' rights in the Source Code 168 | Form. 169 | 170 | 3.2. Distribution of Executable Form 171 | 172 | If You distribute Covered Software in Executable Form then: 173 | 174 | (a) such Covered Software must also be made available in Source Code 175 | Form, as described in Section 3.1, and You must inform recipients of 176 | the Executable Form how they can obtain a copy of such Source Code 177 | Form by reasonable means in a timely manner, at a charge no more 178 | than the cost of distribution to the recipient; and 179 | 180 | (b) You may distribute such Executable Form under the terms of this 181 | License, or sublicense it under different terms, provided that the 182 | license for the Executable Form does not attempt to limit or alter 183 | the recipients' rights in the Source Code Form under this License. 184 | 185 | 3.3. Distribution of a Larger Work 186 | 187 | You may create and distribute a Larger Work under terms of Your choice, 188 | provided that You also comply with the requirements of this License for 189 | the Covered Software. If the Larger Work is a combination of Covered 190 | Software with a work governed by one or more Secondary Licenses, and the 191 | Covered Software is not Incompatible With Secondary Licenses, this 192 | License permits You to additionally distribute such Covered Software 193 | under the terms of such Secondary License(s), so that the recipient of 194 | the Larger Work may, at their option, further distribute the Covered 195 | Software under the terms of either this License or such Secondary 196 | License(s). 197 | 198 | 3.4. Notices 199 | 200 | You may not remove or alter the substance of any license notices 201 | (including copyright notices, patent notices, disclaimers of warranty, 202 | or limitations of liability) contained within the Source Code Form of 203 | the Covered Software, except that You may alter any license notices to 204 | the extent required to remedy known factual inaccuracies. 205 | 206 | 3.5. Application of Additional Terms 207 | 208 | You may choose to offer, and to charge a fee for, warranty, support, 209 | indemnity or liability obligations to one or more recipients of Covered 210 | Software. However, You may do so only on Your own behalf, and not on 211 | behalf of any Contributor. You must make it absolutely clear that any 212 | such warranty, support, indemnity, or liability obligation is offered by 213 | You alone, and You hereby agree to indemnify every Contributor for any 214 | liability incurred by such Contributor as a result of warranty, support, 215 | indemnity or liability terms You offer. You may include additional 216 | disclaimers of warranty and limitations of liability specific to any 217 | jurisdiction. 218 | 219 | 4. Inability to Comply Due to Statute or Regulation 220 | --------------------------------------------------- 221 | 222 | If it is impossible for You to comply with any of the terms of this 223 | License with respect to some or all of the Covered Software due to 224 | statute, judicial order, or regulation then You must: (a) comply with 225 | the terms of this License to the maximum extent possible; and (b) 226 | describe the limitations and the code they affect. Such description must 227 | be placed in a text file included with all distributions of the Covered 228 | Software under this License. Except to the extent prohibited by statute 229 | or regulation, such description must be sufficiently detailed for a 230 | recipient of ordinary skill to be able to understand it. 231 | 232 | 5. Termination 233 | -------------- 234 | 235 | 5.1. The rights granted under this License will terminate automatically 236 | if You fail to comply with any of its terms. However, if You become 237 | compliant, then the rights granted under this License from a particular 238 | Contributor are reinstated (a) provisionally, unless and until such 239 | Contributor explicitly and finally terminates Your grants, and (b) on an 240 | ongoing basis, if such Contributor fails to notify You of the 241 | non-compliance by some reasonable means prior to 60 days after You have 242 | come back into compliance. Moreover, Your grants from a particular 243 | Contributor are reinstated on an ongoing basis if such Contributor 244 | notifies You of the non-compliance by some reasonable means, this is the 245 | first time You have received notice of non-compliance with this License 246 | from such Contributor, and You become compliant prior to 30 days after 247 | Your receipt of the notice. 248 | 249 | 5.2. If You initiate litigation against any entity by asserting a patent 250 | infringement claim (excluding declaratory judgment actions, 251 | counter-claims, and cross-claims) alleging that a Contributor Version 252 | directly or indirectly infringes any patent, then the rights granted to 253 | You by any and all Contributors for the Covered Software under Section 254 | 2.1 of this License shall terminate. 255 | 256 | 5.3. In the event of termination under Sections 5.1 or 5.2 above, all 257 | end user license agreements (excluding distributors and resellers) which 258 | have been validly granted by You or Your distributors under this License 259 | prior to termination shall survive termination. 260 | 261 | ************************************************************************ 262 | * * 263 | * 6. Disclaimer of Warranty * 264 | * ------------------------- * 265 | * * 266 | * Covered Software is provided under this License on an "as is" * 267 | * basis, without warranty of any kind, either expressed, implied, or * 268 | * statutory, including, without limitation, warranties that the * 269 | * Covered Software is free of defects, merchantable, fit for a * 270 | * particular purpose or non-infringing. The entire risk as to the * 271 | * quality and performance of the Covered Software is with You. * 272 | * Should any Covered Software prove defective in any respect, You * 273 | * (not any Contributor) assume the cost of any necessary servicing, * 274 | * repair, or correction. This disclaimer of warranty constitutes an * 275 | * essential part of this License. No use of any Covered Software is * 276 | * authorized under this License except under this disclaimer. * 277 | * * 278 | ************************************************************************ 279 | 280 | ************************************************************************ 281 | * * 282 | * 7. Limitation of Liability * 283 | * -------------------------- * 284 | * * 285 | * Under no circumstances and under no legal theory, whether tort * 286 | * (including negligence), contract, or otherwise, shall any * 287 | * Contributor, or anyone who distributes Covered Software as * 288 | * permitted above, be liable to You for any direct, indirect, * 289 | * special, incidental, or consequential damages of any character * 290 | * including, without limitation, damages for lost profits, loss of * 291 | * goodwill, work stoppage, computer failure or malfunction, or any * 292 | * and all other commercial damages or losses, even if such party * 293 | * shall have been informed of the possibility of such damages. This * 294 | * limitation of liability shall not apply to liability for death or * 295 | * personal injury resulting from such party's negligence to the * 296 | * extent applicable law prohibits such limitation. Some * 297 | * jurisdictions do not allow the exclusion or limitation of * 298 | * incidental or consequential damages, so this exclusion and * 299 | * limitation may not apply to You. * 300 | * * 301 | ************************************************************************ 302 | 303 | 8. Litigation 304 | ------------- 305 | 306 | Any litigation relating to this License may be brought only in the 307 | courts of a jurisdiction where the defendant maintains its principal 308 | place of business and such litigation shall be governed by laws of that 309 | jurisdiction, without reference to its conflict-of-law provisions. 310 | Nothing in this Section shall prevent a party's ability to bring 311 | cross-claims or counter-claims. 312 | 313 | 9. Miscellaneous 314 | ---------------- 315 | 316 | This License represents the complete agreement concerning the subject 317 | matter hereof. If any provision of this License is held to be 318 | unenforceable, such provision shall be reformed only to the extent 319 | necessary to make it enforceable. Any law or regulation which provides 320 | that the language of a contract shall be construed against the drafter 321 | shall not be used to construe this License against a Contributor. 322 | 323 | 10. Versions of the License 324 | --------------------------- 325 | 326 | 10.1. New Versions 327 | 328 | Mozilla Foundation is the license steward. Except as provided in Section 329 | 10.3, no one other than the license steward has the right to modify or 330 | publish new versions of this License. Each version will be given a 331 | distinguishing version number. 332 | 333 | 10.2. Effect of New Versions 334 | 335 | You may distribute the Covered Software under the terms of the version 336 | of the License under which You originally received the Covered Software, 337 | or under the terms of any subsequent version published by the license 338 | steward. 339 | 340 | 10.3. Modified Versions 341 | 342 | If you create software not governed by this License, and you want to 343 | create a new license for such software, you may create and use a 344 | modified version of this License if you rename the license and remove 345 | any references to the name of the license steward (except to note that 346 | such modified license differs from this License). 347 | 348 | 10.4. Distributing Source Code Form that is Incompatible With Secondary 349 | Licenses 350 | 351 | If You choose to distribute Source Code Form that is Incompatible With 352 | Secondary Licenses under the terms of this version of the License, the 353 | notice described in Exhibit B of this License must be attached. 354 | 355 | Exhibit A - Source Code Form License Notice 356 | ------------------------------------------- 357 | 358 | This Source Code Form is subject to the terms of the Mozilla Public 359 | License, v. 2.0. If a copy of the MPL was not distributed with this 360 | file, You can obtain one at http://mozilla.org/MPL/2.0/. 361 | 362 | If it is not possible or desirable to put the notice in a particular 363 | file, then You may include the notice in a location (such as a LICENSE 364 | file in a relevant directory) where a recipient would be likely to look 365 | for such a notice. 366 | 367 | You may add additional accurate notices of copyright ownership. 368 | 369 | Exhibit B - "Incompatible With Secondary Licenses" Notice 370 | --------------------------------------------------------- 371 | 372 | This Source Code Form is "Incompatible With Secondary Licenses", as 373 | defined by the Mozilla Public License, v. 2.0. 374 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. 2 | # 3 | # Generated on 2025-02-21T15:31:46Z by kres 8a48729. 4 | 5 | # common variables 6 | 7 | SHA := $(shell git describe --match=none --always --abbrev=8 --dirty) 8 | TAG := $(shell git describe --tag --always --dirty --match v[0-9]\*) 9 | ABBREV_TAG := $(shell git describe --tags >/dev/null 2>/dev/null && git describe --tag --always --match v[0-9]\* --abbrev=0 || echo 'undefined') 10 | BRANCH := $(shell git rev-parse --abbrev-ref HEAD) 11 | ARTIFACTS := _out 12 | IMAGE_TAG ?= $(TAG) 13 | OPERATING_SYSTEM := $(shell uname -s | tr '[:upper:]' '[:lower:]') 14 | GOARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') 15 | REGISTRY ?= ghcr.io 16 | USERNAME ?= siderolabs 17 | REGISTRY_AND_USERNAME ?= $(REGISTRY)/$(USERNAME) 18 | KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest 19 | CONFORMANCE_IMAGE ?= ghcr.io/siderolabs/conform:latest 20 | 21 | # source date epoch of first commit 22 | 23 | INITIAL_COMMIT_SHA := $(shell git rev-list --max-parents=0 HEAD) 24 | SOURCE_DATE_EPOCH := $(shell git log $(INITIAL_COMMIT_SHA) --pretty=%ct) 25 | 26 | # sync bldr image with pkgfile 27 | 28 | BLDR_RELEASE := v0.4.1 29 | BLDR_IMAGE := ghcr.io/siderolabs/bldr:$(BLDR_RELEASE) 30 | BLDR := docker run --rm --user $(shell id -u):$(shell id -g) --volume $(PWD):/src --entrypoint=/bldr $(BLDR_IMAGE) --root=/src 31 | 32 | # docker build settings 33 | 34 | BUILD := docker buildx build 35 | PLATFORM ?= linux/amd64,linux/arm64 36 | PROGRESS ?= auto 37 | PUSH ?= false 38 | CI_ARGS ?= 39 | COMMON_ARGS = --file=Pkgfile 40 | COMMON_ARGS += --provenance=false 41 | COMMON_ARGS += --progress=$(PROGRESS) 42 | COMMON_ARGS += --platform=$(PLATFORM) 43 | COMMON_ARGS += --build-arg=SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) 44 | 45 | # targets defines all the available targets 46 | 47 | TARGETS = tools 48 | TARGETS += tools-ca-certificates 49 | TARGETS += tools-cpio 50 | TARGETS += tools-kmod 51 | TARGETS += tools-libcap 52 | TARGETS += tools-libselinux 53 | TARGETS += tools-libsepol 54 | TARGETS += tools-openssl 55 | TARGETS += tools-pcre2 56 | TARGETS += tools-squashfs-tools 57 | TARGETS += tools-tar 58 | TARGETS += tools-util-linux 59 | TARGETS += tools-xz 60 | TARGETS += tools-zlib 61 | TARGETS += tools-zstd 62 | 63 | # help menu 64 | 65 | export define HELP_MENU_HEADER 66 | # Getting Started 67 | 68 | To build this project, you must have the following installed: 69 | 70 | - git 71 | - make 72 | - docker (19.03 or higher) 73 | 74 | ## Creating a Builder Instance 75 | 76 | The build process makes use of experimental Docker features (buildx). 77 | To enable experimental features, add 'experimental: "true"' to '/etc/docker/daemon.json' on 78 | Linux or enable experimental features in Docker GUI for Windows or Mac. 79 | 80 | To create a builder instance, run: 81 | 82 | docker buildx create --name local --use 83 | 84 | If running builds that needs to be cached aggresively create a builder instance with the following: 85 | 86 | docker buildx create --name local --use --config=config.toml 87 | 88 | config.toml contents: 89 | 90 | [worker.oci] 91 | gc = true 92 | gckeepstorage = 50000 93 | 94 | [[worker.oci.gcpolicy]] 95 | keepBytes = 10737418240 96 | keepDuration = 604800 97 | filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"] 98 | [[worker.oci.gcpolicy]] 99 | all = true 100 | keepBytes = 53687091200 101 | 102 | If you already have a compatible builder instance, you may use that instead. 103 | 104 | ## Artifacts 105 | 106 | All artifacts will be output to ./$(ARTIFACTS). Images will be tagged with the 107 | registry "$(REGISTRY)", username "$(USERNAME)", and a dynamic tag (e.g. $(IMAGE):$(IMAGE_TAG)). 108 | The registry and username can be overridden by exporting REGISTRY, and USERNAME 109 | respectively. 110 | 111 | endef 112 | 113 | all: $(TARGETS) ## Builds all targets defined. 114 | 115 | $(ARTIFACTS): ## Creates artifacts directory. 116 | @mkdir -p $(ARTIFACTS) 117 | 118 | .PHONY: clean 119 | clean: ## Cleans up all artifacts. 120 | @rm -rf $(ARTIFACTS) 121 | 122 | target-%: ## Builds the specified target defined in the Pkgfile. The build result will only remain in the build cache. 123 | @$(BUILD) --target=$* $(COMMON_ARGS) $(TARGET_ARGS) $(CI_ARGS) . 124 | 125 | local-%: ## Builds the specified target defined in the Pkgfile using the local output type. The build result will be output to the specified local destination. 126 | @$(MAKE) target-$* TARGET_ARGS="--output=type=local,dest=$(DEST) $(TARGET_ARGS)" 127 | 128 | docker-%: ## Builds the specified target defined in the Pkgfile using the docker output type. The build result will be loaded into Docker. 129 | @$(MAKE) target-$* TARGET_ARGS="$(TARGET_ARGS)" 130 | 131 | reproducibility-test: ## Builds the reproducibility test target 132 | @$(MAKE) reproducibility-test-local-tools 133 | 134 | reproducibility-test-local-%: ## Builds the specified target defined in the Pkgfile using the local output type with and without cahce. The build result will be output to the specified local destination 135 | @rm -rf $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b 136 | @$(MAKE) local-$* DEST=$(ARTIFACTS)/build-a 137 | @$(MAKE) local-$* DEST=$(ARTIFACTS)/build-b TARGET_ARGS="--no-cache" 138 | @touch -ch -t $$(date -d @$(SOURCE_DATE_EPOCH) +%Y%m%d0000) $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b 139 | @diffoscope $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b 140 | @rm -rf $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b 141 | 142 | .PHONY: $(TARGETS) 143 | $(TARGETS): 144 | @$(MAKE) docker-$@ TARGET_ARGS="--tag=$(REGISTRY_AND_USERNAME)/$@:$(TAG) --push=$(PUSH)" 145 | 146 | .PHONY: deps.png 147 | deps.png: ## Generates a dependency graph of the Pkgfile. 148 | @$(BLDR) graph | dot -Tpng -o deps.png 149 | 150 | .PHONY: rekres 151 | rekres: 152 | @docker pull $(KRES_IMAGE) 153 | @docker run --rm --net=host --user $(shell id -u):$(shell id -g) -v $(PWD):/src -w /src -e GITHUB_TOKEN $(KRES_IMAGE) 154 | 155 | .PHONY: help 156 | help: ## This help menu. 157 | @echo "$$HELP_MENU_HEADER" 158 | @grep -E '^[a-zA-Z%_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' 159 | 160 | .PHONY: release-notes 161 | release-notes: $(ARTIFACTS) 162 | @ARTIFACTS=$(ARTIFACTS) ./hack/release.sh $@ $(ARTIFACTS)/RELEASE_NOTES.md $(TAG) 163 | 164 | .PHONY: conformance 165 | conformance: 166 | @docker pull $(CONFORMANCE_IMAGE) 167 | @docker run --rm -it -v $(PWD):/src -w /src $(CONFORMANCE_IMAGE) enforce 168 | 169 | -------------------------------------------------------------------------------- /Pkgfile: -------------------------------------------------------------------------------- 1 | # syntax = ghcr.io/siderolabs/bldr:v0.4.1 2 | 3 | # Sync bldr image with Makefile 4 | 5 | format: v1alpha2 6 | 7 | vars: 8 | TOOLCHAIN_IMAGE: ghcr.io/siderolabs/toolchain:v1.11.0-alpha.0-1-gfa0b147 9 | 10 | # renovate: datasource=github-releases depName=abseil/abseil-cpp 11 | abseil_version: 20250127.1 12 | abseil_sha256: b396401fd29e2e679cace77867481d388c807671dc2acc602a0259eeb79b7811 13 | abseil_sha512: 8312acf0ed74fa28c6397f3e41ada656dbd5ca2bf8db484319d74b144ad19c0ebdc77f7f03436be6c6ca1cde706b9055079233cf0d6b5ada4ca48406f8a55dd8 14 | 15 | # renovate: datasource=github-tags depName=argp-standalone/argp-standalone 16 | argp_standalone_version: 1.5.0 17 | argp_standalone_sha256: c29eae929dfebd575c38174f2c8c315766092cec99a8f987569d0cad3c6d64f6 18 | argp_standalone_sha512: fa2eb61ea00f7a13385e5c1e579dd88471d6ba3a13b6353e924fe71914b90b40688b42a9f1789bc246e03417fee1788b1990753cda8c8d4a544e85f26b63f9e2 19 | 20 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/autoconf.git 21 | autoconf_version: 2.72 22 | autoconf_sha256: ba885c1319578d6c94d46e9b0dceb4014caafe2490e437a0dbca3f270a223f5a 23 | autoconf_sha512: c4e9fbd858666d3e5c3b4fe7f89aa3e8e3a0a00dc7e166f8147d937d911b77ba3ac6a016f9d223ccdd830bc8960b3e60397c0607cc6a1fd2c50c7492839ddd17 24 | 25 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/automake.git 26 | automake_version: 1.17 27 | automake_sha256: 8920c1fc411e13b90bf704ef9db6f29d540e76d232cb3b2c9f4dc4cc599bd990 28 | automake_sha512: 46aba1c9d64a6368b326020803a2999831c1deaf31eaa1c1dfdcfa5138a7f755643294e82a08b6daab3983b31eee725bdb7b9edc4e9a558374c7d1f1b8e854a7 29 | 30 | # renovate: datasource=git-tags extractVersion=^bash-(?.*)$ depName=git://git.savannah.gnu.org/bash.git 31 | bash_version: 5.2.37 32 | bash_sha256: 9599b22ecd1d5787ad7d3b7bf0c59f312b3396d1e281175dd1f8a4014da621ff 33 | bash_sha512: c07e2715cca7c3c8435fcb13aaf2968671f10f9e1fe5edd7c63d7e34fb821c159087b70386e17bdda723d8223057b53810e75eb249b03ebfc847147b06a8101f 34 | 35 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/bison.git 36 | bison_version: 3.8.2 37 | bison_sha256: 9bba0214ccf7f1079c5d59210045227bcf619519840ebfa80cd3849cff5a5bf2 38 | bison_sha512: d4d23af6671406e97257892f90651b67f2ab95219831372be032190b7156c10a3435d457857e677445df8b2327aacccc15344acbbc3808a6f332a93cce23b444 39 | 40 | # renovate: datasource=git-tags extractVersion=^bzip2-(?.*)$ depName=git://sourceware.org/git/bzip2.git 41 | bzip2_version: 1.0.8 42 | bzip2_sha256: ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269 43 | bzip2_sha512: 083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3 44 | 45 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=https://gitlab.kitware.com/cmake/cmake.git 46 | cmake_version: 4.0.2 47 | cmake_sha256: 1c3a82c8ca7cf12e0b17178f9d0c32f7ac773bd5651a98fcfd80fbf4977f8d48 48 | cmake_sha512: 049138ec2a7d690663d431bcb4d8abd22f18ec2c9e0e58092df6bbfe801a30fef9a3b7cbd9fe88c476c0a95c71147a5b31b0494f04be879a86cbaaa4697f613c 49 | 50 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/coreutils.git 51 | coreutils_version: 9.7 52 | coreutils_sha256: e8bb26ad0293f9b5a1fc43fb42ba970e312c66ce92c1b0b16713d7500db251bf 53 | coreutils_sha512: fe81e6ba4fb492095153d5baac1eca8f07ece0957849de746a2a858cf007893cc2ded595a31a5e5d43d13216cc44b9d74a3245d9f23221ecc8cd00f428f27414 54 | 55 | # renovate: datasource=git-tags extractVersion=^release_(?.*)$ depName=git://git.savannah.gnu.org/cpio.git 56 | cpio_version: 2_13 57 | cpio_sha256: e87470d9c984317f658567c03bfefb6b0c829ff17dbf6b0de48d71a4c8f3db88 58 | cpio_sha512: 1e1ca6b3e3e64f206f9d828a152d6b4f8f6974de7a953ff96e02698b1c3c2c777c2111450e6a71c0693e29ca8bc01c3dda9f5e829b8e3221f647414df49dff6a 59 | 60 | # renovate: datasource=github-releases extractVersion=^curl-(?.*)$ depName=curl/curl 61 | curl_version: 8_13_0 62 | curl_sha256: 4a093979a3c2d02de2fbc00549a32771007f2e78032c6faa5ecd2f7a9e152025 63 | curl_sha512: d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d 64 | 65 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/diffutils.git 66 | diffutils_version: 3.12 67 | diffutils_sha256: 7c8b7f9fc8609141fdea9cece85249d308624391ff61dedaf528fcb337727dfd 68 | diffutils_sha512: 10b17cf1dcdfa9ca0e5db91d62c4a079ebe9fd7eafa3aaebd4eb7e6206e4d753f348496622aa281e1bd7f7fcde65ce4a886dcc4acbb59332ef980f224197b4e4 69 | 70 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.kernel.org/pub/scm/utils/dtc/dtc.git 71 | dtc_version: 1.7.2 72 | dtc_sha256: 92d8ca769805ae1f176204230438fe52808f4e1c7944053c9eec0e649b237539 73 | dtc_sha512: 30f3611175a5c29556282f3f2894701a5837eb869608d89d78c280af448bbc3a5b6c83f51c28f991847c0eb7c42aa57599bbc31433f1b3b2c8d162cb2169b91f 74 | 75 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=davea42/libdwarf-code 76 | dwarfutils_version: 0.12.0 77 | dwarfutils_sha256: 444dc1c5176f04d3ebc50341552a8b2ea6c334f8f1868a023a740ace0e6eae9f 78 | dwarfutils_sha512: 64d99bcb1436d3ad1faacc3f43b7b42c80ae236b6de3d66a132a72d452bc220b12de430ec99b827fb051badc683fc237f4f8fa8f7d67749ed5b81284ae5fbd2e 79 | 80 | # renovate: datasource=git-tags extractVersion=^elfutils-(?.*)$ depName=git://sourceware.org/git/elfutils.git 81 | elfutils_version: 0.193 82 | elfutils_sha256: 7857f44b624f4d8d421df851aaae7b1402cfe6bcdd2d8049f15fc07d3dde7635 83 | elfutils_sha512: 557e328e3de0d2a69d09c15a9333f705f3233584e2c6a7d3ce855d06a12dc129e69168d6be64082803630397bd64e1660a8b5324d4f162d17922e10ddb367d76 84 | 85 | # renovate: datasource=github-releases extractVersion=^R_(?.*)$ depName=libexpat/libexpat 86 | expat_version: 2_7_1 87 | expat_sha256: 45c98ae1e9b5127325d25186cf8c511fa814078e9efeae7987a574b482b79b3d 88 | expat_sha512: ea78781ca03367a014afc1bb37c2306883b6f666d7cd90dc84a39c4abc6b7ec261636b8668540aa286c708a41dd02baae8249dc4391306da56431700460a0f23 89 | 90 | # renovate: datasource=git-tags extractVersion=^upstream/(?.*)$ depName=git://salsa.debian.org/clint/fakeroot.git 91 | fakeroot_version: 1.36 92 | fakeroot_sha256: 5128dd5df59955d60453aea1817d2f31c29ffb8b8addcc5d7e200460278a6b0a 93 | fakeroot_sha512: 1ff4cfe8bd4637652027b9e994ed39bf9885d6ea1608050ff21343dc2977c0607c2af235f51376e086ec88ee975da5cb7115a9888ee9437c927426a2eac1bf4b 94 | 95 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/findutils.git 96 | findutils_version: 4.10.0 97 | findutils_sha256: 1387e0b67ff247d2abde998f90dfbf70c1491391a59ddfecb8ae698789f0a4f5 98 | findutils_sha512: b8b683d21cd26c6da4f41c56e83cadbda4780f8610a2bbd4b4e34bb1f339c3209721974b03e076d5eef0331fd876d947b398197aad37c29bbcc2e0405c641b34 99 | 100 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=westes/flex 101 | flex_version: 2.6.4 102 | flex_sha256: e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c45ee995 103 | flex_sha512: e9785f3d620a204b7d20222888917dc065c2036cae28667065bf7862dfa1b25235095a12fd04efdbd09bfd17d3452e6b9ef953a8c1137862ff671c97132a082e 104 | 105 | # renovate: datasource=git-tags extractVersion=^gawk-(?.*)$ depName=git://git.savannah.gnu.org/gawk.git 106 | gawk_version: 5.3.2 107 | gawk_sha256: f8c3486509de705192138b00ef2c00bbbdd0e84c30d5c07d23fc73a9dc4cc9cc 108 | gawk_sha512: 2268150fa35ae049a6ff3d0d0fa110db10477014c25f50e2ab4e3ee5fd60133369d2a994f59db4eb718020a0af5c4003ae7278c63e7fffa72f431ff4a1429e48 109 | 110 | # renovate: datasource=git-refs versioning=git depName=https://github.com/sabotage-linux/gettext-tiny.git 111 | gettext_tiny_ref: 55a8ae9015b7dd5b28e03e93286ab19528cc7e3e 112 | gettext_tiny_sha256: 5ee774b7b6c10cc0dd663c759fa104afb8326176c81f61806317c3d93f2b2c54 113 | gettext_tiny_sha512: 25325db240ab79d112c59d83e975fa466f0e69efb4348ca7b0a170349c761b54170001a49a1660eebf834a8895c11403864db52556253fdcc2af29121c361ba1 114 | 115 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.kernel.org/pub/scm/git/git.git 116 | git_version: 2.49.0 117 | git_sha256: 618190cf590b7e9f6c11f91f23b1d267cd98c3ab33b850416d8758f8b5a85628 118 | git_sha512: 81a16415890305fc6cfd14ade8bee76779feba01f51c5446f40c14211654342c68ef0911859fa6e8e9ff0a718847bb44ee4156d03a19c9165df19ba91e09e1f0 119 | 120 | # official source code uses mercurial https://gmplib.org/devel/repo-usage, so falling back to a GitHub mirror, 121 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=alisw/GMP 122 | gmp_version: 6.2.1 123 | gmp_sha256: fd4829912cddd12f84181c3451cc752be224643e87fac497b69edddadc49b4f2 124 | gmp_sha512: c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84 125 | 126 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/gperf.git 127 | gperf_version: 3.2 128 | gperf_sha256: e0ddadebb396906a3e3e4cac2f697c8d6ab92dffa5d365a5bc23c7d41d30ef62 129 | gperf_sha512: 97addf85e5b6f801f0f7084ec065d0d4a24a07f3fb6e60e2bc57b0f8813bd5db1bb4bed4f51fb96d0a8b278ffde1dfd0e42302cae911a619b95cc3cc46254fb3 130 | 131 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/grep.git 132 | grep_version: 3.11 133 | grep_sha256: 1db2aedde89d0dea42b16d9528f894c8d15dae4e190b59aecc78f5a951276eab 134 | grep_sha512: f254a1905a08c8173e12fbdd4fd8baed9a200217fba9d7641f0d78e4e002c1f2a621152d67027d9b25f0bb2430898f5233dc70909d8464fd13d7dd9298e65c42 135 | 136 | # renovate: datasource=git-tags depName=https://gitlab.com/gnutls/gnutls.git 137 | gnutls_version: 3.8.9 138 | gnutls_sha256: 69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed 139 | gnutls_sha512: b3b201671bf4e75325610a0291d4cd36a669718e22b3685246b64bde97b5bd94f463ab376ed817869869714115f4ff11bdc53c32604bb04a8ff8e10daa6d1fc7 140 | 141 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/gzip.git 142 | gzip_version: 1.14 143 | gzip_sha256: 01a7b881bd220bfdf615f97b8718f80bdfd3f6add385b993dcf6efd14e8c0ac6 144 | gzip_sha512: 82aef53188b3e69b51b7ddab5b8c44a11a5b73c0039b22a315a0c7d244694feab0146748add4265901eb1b4c0cee8a9eb69594995f098830d964091af97079c5 145 | 146 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git 147 | kmod_version: 34.2 148 | kmod_sha256: 5a5d5073070cc7e0c7a7a3c6ec2a0e1780850c8b47b3e3892226b93ffcb9cb54 149 | kmod_sha512: 0e095c45ad61a6c61ce1ad61b9aa10cf5040e688b749f9a933b0e7d12de493c58027a5068b459cbbce05576fc564a22b83a3dbef1e6511b2a3e27034c88afd33 150 | 151 | # renovate: datasource=github-tags depName=libbpf/libbpf 152 | libbpf_version: v1.5.0 153 | libbpf_sha256: 53492aff6dd47e4da04ef5e672d753b9743848bdb38e9d90eafbe190b7983c44 154 | libbpf_sha512: 0cc25addcf5fcee0537d598037feab4bc73a513e6025d8f559bed58fe8850a10fcfeefd1a9dafc5e0bac6202d445944b12811cb7254b9b3be4dd3d2cc1e9419b 155 | 156 | # renovate: datasource=git-tags extractVersion=^libcap-(?.*)$ depName=git://git.kernel.org/pub/scm/libs/libcap/libcap.git 157 | libcap_version: 2.76 158 | libcap_sha256: 629da4ab29900d0f7fcc36227073743119925fd711c99a1689bbf5c9b40c8e6f 159 | libcap_sha512: f9448628ce036a10ce71958b25e5dd31032c4d86d8d34d905d2dfa32890ad443804169d4c6b825fd4bfe260b5de20f046cee958e40268bcadbbe7f7731ae40ad 160 | 161 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=libffi/libffi 162 | libffi_version: 3.4.8 163 | libffi_sha256: bc9842a18898bfacb0ed1252c4febcc7e78fa139fd27fdc7a3e30d9d9356119b 164 | libffi_sha512: 05344c6c1a1a5b44704f6cf99277098d1ea3ac1dc11c2a691c501786a214f76184ec0637135588630db609ce79e49df3dbd00282dd61e7f21137afba70e24ffe 165 | 166 | # renovate datasource=github-releases extractVersion=^libnl(?.*)$ depName=thom311/libnl 167 | libnl_version: 3_7_0 168 | libnl_sha256: 9fe43ccbeeea72c653bdcf8c93332583135cda46a79507bfd0a483bb57f65939 169 | libnl_sha512: 80fbbc079299c90afd2a5eda62e4d4f98bf4ef23958c3ce5101f4ed4d81d783af733213bb3bab15f218555d8460bc2394898f909f4ac024fc27281faec86a041 170 | 171 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=https://gitlab.com/gnutls/libtasn1.git 172 | libtasn1_version: 4.20.0 173 | libtasn1_sha256: 92e0e3bd4c02d4aeee76036b2ddd83f0c732ba4cda5cb71d583272b23587a76c 174 | libtasn1_sha512: 0c0660085f5e80537aa3d65197967029be6cc5e27d7029789713902989c1694fdb49421ae0415b79b953e11893bb4bdaada85f7aff847dd0bb4075c91887e7b4 175 | 176 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/libunistring.git 177 | libunistring_version: 1.1 178 | libunistring_sha256: 827c1eb9cb6e7c738b171745dac0888aa58c5924df2e59239318383de0729b98 179 | libunistring_sha512: 01a4267bbd301ea5c389b17ee918ae5b7d645da8b2c6c6f0f004ff2dead9f8e50cda2c6047358890a5fceadc8820ffc5154879193b9bb8970f3fb1fea1f411d6 180 | 181 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/libtool.git 182 | libtool_version: 2.5.4 183 | libtool_sha256: da8ebb2ce4dcf46b90098daf962cffa68f4b4f62ea60f798d0ef12929ede6adf 184 | libtool_sha512: 60599f5c3168a287fe3a35062fd2e32e0b73433fce820bfd18d28b0e3bd7a8fefde6d6f0505fbbc2d664119ab7c539269184993843289932c895847ea1ab9f04 185 | 186 | # renovate: datasource=github-tags depName=libuv/libuv 187 | libuv_version: v1.51.0 188 | libuv_sha256: 27e55cf7083913bfb6826ca78cde9de7647cded648d35f24163f2d31bb9f51cd 189 | libuv_sha512: cf3ca916fc3a762a194dac86718a5a7fe24f230e34172a48f9b3401ad72fbc1cf21b46ceaba956cdf6783d323e518d40f8632fff965943869819a1c26992a3c1 190 | 191 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/m4.git 192 | m4_version: 1.4.19 193 | m4_sha256: 63aede5c6d33b6d9b13511cd0be2cac046f2e70fd0a07aa9573a04a82783af96 194 | m4_sha512: 47f595845c89709727bda0b3fc78e3188ef78ec818965b395532e7041cabe9e49677ee4aca3d042930095a7f8df81de3da1026b23b6897be471f6cf13ddd512b 195 | 196 | # renovate: datasource=github-releases depName=mesonbuild/meson 197 | meson_version: 1.8.0 198 | meson_sha256: 0a9b23311271519bd03dca12d7d8b0eab582c3a2c5da433d465b6e519dc88e2f 199 | meson_sha512: 345ca35b0c9219f42a46eb2dbda793b46277b2220912124a5054973390138ef1310004e1a90fde37c177d3e7103b209ebf539def2ae597f3d472c35c043bc46b 200 | 201 | # renovate: datasource=git-tags depName=https://gitlab.inria.fr/mpc/mpc.git 202 | mpc_version: 1.3.1 203 | mpc_sha256: ab642492f5cf882b74aa0cb730cd410a81edcdbec895183ce930e706c1c759b8 204 | mpc_sha512: 4bab4ef6076f8c5dfdc99d810b51108ced61ea2942ba0c1c932d624360a5473df20d32b300fc76f2ba4aa2a97e1f275c9fd494a1ba9f07c4cb2ad7ceaeb1ae97 205 | 206 | # renovate: datasource=git-tags depName=https://gitlab.inria.fr/mpfr/mpfr.git 207 | mpfr_version: 4.2.2 208 | mpfr_sha256: b67ba0383ef7e8a8563734e2e889ef5ec3c3b898a01d00fa0a6869ad81c6ce01 209 | mpfr_sha512: eb9e7f51b5385fb349cc4fba3a45ffdf0dd53be6dfc74932dc01258158a10514667960c530c47dd9dfc5aa18be2bd94859d80499844c5713710581e6ac6259a9 210 | 211 | # renovate: datasource=github-tags depName=void-linux/musl-fts 212 | musl_fts_version: v1.2.7 213 | musl_fts_sha256: 49ae567a96dbab22823d045ffebe0d6b14b9b799925e9ca9274d47d26ff482a6 214 | musl_fts_sha512: 949f73b9406b06bd8712c721b4ec89afcb37d4eaef5666cccf3712242d3a57fc0acf3ca994934e0f57c1e92f40521a9370132a21eb6d1957415a83c76bf20feb 215 | 216 | # renovate: datasource=github-tags depName=void-linux/musl-obstack 217 | musl_obstack_version: v1.2.3 218 | musl_obstack_sha256: 9ffb3479b15df0170eba4480e51723c3961dbe0b461ec289744622db03a69395 219 | musl_obstack_sha512: b2bbed19c4ab2714ca794bdcb1a84fad1af964e884d4f3bbe91c9937ca089d92b8472cb05ebe998a9f5c85cb922b9b458db91eff29077bd099942e1ce18e16cc 220 | 221 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=mirror/ncurses 222 | ncurses_version: 6.4 223 | ncurses_sha256: 6931283d9ac87c5073f30b6290c4c75f21632bb4fc3603ac8100812bed248159 224 | ncurses_sha512: 1c2efff87a82a57e57b0c60023c87bae93f6718114c8f9dc010d4c21119a2f7576d0225dab5f0a227c2cfc6fb6bdbd62728e407f35fce5bf351bb50cf9e0fd34 225 | 226 | # renovate: datasource=git-tags extractVersion=^nettle_(?.*)_release.*$ depName=https://git.lysator.liu.se/nettle/nettle.git 227 | nettle_version: 3.10.1 228 | nettle_sha256: b0fcdd7fc0cdea6e80dcf1dd85ba794af0d5b4a57e26397eee3bc193272d9132 229 | nettle_sha512: e8673bbcde9cde859ccae75ed6c9c30591e68a995a7c6d724106cfd67a5a5bd45b3468d742443b6565628849d0fd29505a28ca5ee4e89dd13197cdb51429f96c 230 | 231 | # renovate: datasource=github-releases depName=ninja-build/ninja 232 | ninja_version: v1.12.1 233 | ninja_sha256: 821bdff48a3f683bc4bb3b6f0b5fe7b2d647cf65d52aeb63328c91a6c6df285a 234 | ninja_sha512: d6e6f0e89a4844a69069ff0c7cefc07704a41c7b0c062a57534de87decdde63e27928147b321111b806aa7efa1061f031a1319b074391db61b0cbdccf096954c 235 | 236 | # renovate: datasource=github-releases extractVersion=^openssl-(?.*)$ depName=openssl/openssl 237 | openssl_version: 3.5.0 238 | openssl_sha256: 344d0a79f1a9b08029b0744e2cc401a43f9c90acd1044d09a530b4885a8e9fc0 239 | openssl_sha512: 39cc80e2843a2ee30f3f5de25cd9d0f759ad8de71b0b39f5a679afaaa74f4eb58d285ae50e29e4a27b139b49343ac91d1f05478f96fb0c6b150f16d7b634676f 240 | 241 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.kernel.org/pub/scm/devel/pahole/pahole.git 242 | pahole_version: 1.30 243 | pahole_sha256: 88b93515a09fa6df3ad554660fb115affa97439f3cc4d2fa0049b17c0f325f5c 244 | pahole_sha512: ca345a202fcc48f73ab67953d1448e3e10957f892ac2e96ce7412dce816823f99fe64d583006fdf61a534df906d9691ef54376cbb45bed2853d0142e1a5cd6be 245 | 246 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/patch.git 247 | patch_version: 2.8 248 | patch_sha256: f87cee69eec2b4fcbf60a396b030ad6aa3415f192aa5f7ee84cad5e11f7f5ae3 249 | patch_sha512: d689d696660a662753e8660792733c3be0a94c76abfe7a28b0f9f70300c3a42d6437d081553a59bfde6e1b0d5ee13ed89be48d0b00b6da2cadbfc14a15ada603 250 | 251 | # renovate: datasource=github-releases extractVersion=^pcre2-(?.*)$ depName=PCRE2Project/pcre2 252 | pcre2_version: 10.45 253 | pcre2_sha256: 21547f3516120c75597e5b30a992e27a592a31950b5140e7b8bfde3f192033c4 254 | pcre2_sha512: 4c1f0cf793624516d7eeb15745d6c07c9f678dd2c2b349062c6b614e88bf42262972d133576e85140dee2a882984aaf2d688953fc9c69ec7105b2daaeae89845 255 | 256 | # perl uses even numbered minor versions for stable releases - https://www.cpan.org/src/README.html 257 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=Perl/perl5 258 | perl_version: 5.40.2 259 | perl_sha256: 0551c717458e703ef7972307ab19385edfa231198d88998df74e12226abf563b 260 | perl_sha512: 1324b119e4370bbeb47a343d152f46c637addb0373ff07f0e214aa9d5912c03cd2bd23987a6e86d43453166412d3a03a52e780201941f679ef4186df16590e41 261 | 262 | # renovate: datasource=git-tags extractVersion=^pkg-config-(?.*)$ depName=https://gitlab.freedesktop.org/pkg-config/pkg-config.git 263 | pkg_config_version: 0.29.2 264 | pkg_config_sha256: 6fc69c01688c9458a57eb9a1664c9aba372ccda420a02bf4429fe610e7e7d591 265 | pkg_config_sha512: 4861ec6428fead416f5cbbbb0bbad10b9152967e481d4b0ff2eb396a9f297f552984c9bb72f6864a37dcd8fca1d9ccceda3ef18d8f121938dbe4fdf2b870fe75 266 | 267 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=protocolbuffers/protobuf 268 | protobuf_version: 30.2 269 | protobuf_sha256: fb06709acc393cc36f87c251bb28a5500a2e12936d4346099f2c6240f6c7a941 270 | protobuf_sha512: 555d1b18d175eeaf17f3879f124d33080f490367840d35b34bfc4e4a5b383bf6a1d09f1570acb6af9c53ac4940a14572d46423b6e3dd0c712e7802c986fb6be6 271 | 272 | # renovate: datasource=github-releases depName=protocolbuffers/protobuf-go 273 | protoc_gen_go_version: v1.36.6 274 | protoc_gen_go_sha256: afa2b0e8f86d6da9d09c51ab4270d93c2888327220316982be9db345f523a6a1 275 | protoc_gen_go_sha512: 8da292743722bf7322691b93c6374fd87a11c6d6c87606684f437e089b928842578c7492e57f19effe23b5b01ad415fd0047701026cfe8cbbaa6281722426be0 276 | 277 | # renovate: datasource=github-tags depName=grpc/grpc-go 278 | protoc_gen_go_grpc_version: v1.72.0 279 | protoc_gen_go_grpc_sha256: bfd9b72523f56391aa568b464775a1241f5f38fba8d7f5f1edc1f1d8cde3d2f4 280 | protoc_gen_go_grpc_sha512: 1e685d7367256434dc26c9c0d78b705b3689d6d38f0642387e97e66935a86ef49f11f0d34bed8c08839ce61e067987e6675259980b7737f7a09e9cdbb89c7b1f 281 | 282 | # renovate: datasource=github-tags depName=eliben/pyelftools 283 | pyelftools_version: v0.31 284 | pyelftools_sha256: 24815cbfff9c5f68f5268983f55d969540a087bfdaa73c93f1a88e2a771f80f1 285 | pyelftools_sha512: 7f4ef37da7fda75125cb95ced2f3084848943592eff7deae7ae917508f1cd5281c96960ee3bbc6e503e71a4e2196622cd68cc67e3df1f4cd99b9b675f14fd58c 286 | 287 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=python/cpython 288 | python_version: 3.13.3 289 | python_maj_min_version: 3.13 290 | python_sha256: 40f868bcbdeb8149a3149580bb9bfd407b3321cd48f0be631af955ac92c0e041 291 | python_sha512: f7559b6dceae69f48742af0a6497fbec42cd1e5304f64b6eb9d89222a1171ccf12fa186cc0decabb4e98d05223184967a4a7537754c01083dacdc9073cb1a578 292 | 293 | # renovate: datasource=github-releases depName=pypa/build 294 | python_build_version: 1.2.2.post1 295 | python_build_sha256: 25ae1da38e6d071da0d47d7229d58cef24852388669e89ce7500ec26e6261b58 296 | python_build_sha512: bdf023c6b578ea77c7fc49c71c7d908bcc9ff6b9255b2767e45b09aca0a39a5297d264695a864fe34772e5d8898a18a90f6e262514bf90daf14db762a8bbe4be 297 | 298 | # renovate: datasource=github-tags depName=pypa/flit 299 | python_flit_core_version: 3.12.0 300 | python_flit_core_sha256: c157ff92c01f4bb169182722ff76aadac113926b729215e91909021aa56e2ea3 301 | python_flit_core_sha512: ff6df66dfdae6fdf7b277cc3fbb7c9a569103cbe82a3e3ce6f315ec6adec46be8692eba4549a66b3af537d128e6b57ed8f49316b705636466c25674198503643 302 | 303 | # renovate: datasource=github-tags depName=projg2/gpep517 304 | python_gpep517_version: v16 305 | python_gpep517_sha256: 965ff7cb2217fa03091face01fcb9a2b0205f58be80c8be9ccf832eab7a55414 306 | python_gpep517_sha512: fcd7cb0f98003a8ecb9976cffe3d4140b16e537dbfcfa8e8416569cd7e38e8e9ab359b35c1e22b830dc2711b3c07f8e3113c0f6b73d415ce63ad5f7d76f180c6 307 | 308 | # renovate: datasource=github-tags depName=pypa/installer 309 | python_installer_version: 0.7.0 310 | python_installer_sha256: e1589201863a6b6f570ce2f9994febe54a8d9196e0cc54fd331cd7ffd728fb86 311 | python_installer_sha512: a509c6ea9d88b8527cce0428ca6109077820cb9aa352967a389012bac40f8ec04039ab73710f4fb32b32ed20affd520ce0ba16ba18d9d380ce0af1f51fe8e2c6 312 | 313 | # renovate: datasource=github-releases depName=pallets/jinja 314 | python_jinja2_version: 3.1.6 315 | python_jinja2_sha256: 2074b22a72caa65474902234b320d73463d6d4c223ee49f4b433495758356337 316 | python_jinja2_sha512: a3558f89d9d60676583bfc05e8987e9c486c2335affb71c9733b93040d56a2f97fb036974f1be1bf82c5b0767f482b2e795d58ea35456fcfe7e705f5e6b7a778 317 | 318 | # renovate: datasource=github-releases depName=pallets/markupsafe 319 | python_markupsafe_version: 3.0.2 320 | python_markupsafe_sha256: cd182103704bfafefce25369fd27f14a5f578f078b7f3ddd1ce2cb940b86403a 321 | python_markupsafe_sha512: 4aa536d407b8effe2a749458c6bdc0e860437c522418ac18595498d82b1c7d72aeffe40c82abfe109428406d25a5b2344fe6215b89326773e4551f25ac36630a 322 | 323 | # renovate: datasource=github-releases depName=pypa/packaging 324 | python_packaging_version: 24.2 325 | python_packaging_sha256: c448ea78de5134f5002a2aa2bb62a0fb4714bb4ab2d2b00bce8ed6ca22502d5a 326 | python_packaging_sha512: cab6be7284c6bc2abce7a5bbdc25a40e33378576c5590dad4aef9d835a2205af81ca24af7ae3603d0e4e32f8865d87a621187dae2f86df6ac613c9886d482804 327 | 328 | # renovate: datasource=github-releases extractVersion=^v(?.*)$ depName=pypa/setuptools 329 | python_setuptools_version: 80.3.1 330 | python_setuptools_sha256: 31e2c58dbb67c99c289f51c16d899afedae292b978f8051efaf6262d8212f927 331 | python_setuptools_sha512: be5157aa1f1a7f1e3e11b971ffedac509303d4919d590c1f741dd1c4966c5dc83168b458d3aad66dd9874c7f8f4c8c5bbded6b4dbf6ed91f0d05b1c65229a789 332 | 333 | # renovate: datasource=github-tags depName=rhash/RHash 334 | rhash_version: v1.4.5 335 | rhash_sha256: 6db837e7bbaa7c72c5fd43ca5af04b1d370c5ce32367b9f6a1f7b49b2338c09a 336 | rhash_sha512: 49bd6aa2497efc4871ae31eaca51d2dc78ceb7126311557d5280b14fafe9355eaecad37f0f78f865e4e1dd1aeb506d3301989cd2f9fff7b0091c81978e8c2f2e 337 | 338 | # renovate: datasource=github-tags depName=SELinuxProject/selinux 339 | selinux_version: 3.8.1 340 | libselinux_sha256: ec2d2789f931152d21c1db1eb4bc202ce4eccede34d9be9e360e3b45243cee2c 341 | libselinux_sha512: 646a31dff3b670a530adb9fc2fdc3ca9fe34a58e67e0fac52cc33bc7a01fa63c175987ef254c6c3bc7299cef137bc6f258dc378f4d70ae5c0fa0ece3bef42ab4 342 | libsepol_sha256: 0e78705305f955abd4c0654d37a5477ee26349ab74db9e2b03a7868897ae1ddf 343 | libsepol_sha512: 6a66fbbc25f4ca5f58b07d19a70f3f6c233594ea5bc5a9f5d9f008eb03a83cea84ae0f03329f340b95e4f7135981d06cb9e66a7b3ca2f1494a71bbdcb5a01665 344 | policycoreutils_sha256: eef23196b501d141cb95f5fc52ef1a7289f459b65e4415ea0fe9aeedc5d80ef2 345 | policycoreutils_sha512: e14df87d163eec46a57bb7496db77090bd310554b2af1b68c66d9ef2f160bc4ac17305fb889a5415489baeabfd47946c0e37e6ad4dd14e392529c802ad06290b 346 | secilc_sha256: 3db2974dd9a3c8403ada0392deff267b0398a74b4e7a0b051af76457270848d1 347 | secilc_sha512: 43f9b86d4b10b90dc201c76aee8ad7a89bc7b487a77cb373ed5db7e9efcca88eed9d5ae62e605fd3b2688384580afdca19aa84597c19cb78afcedff6b7e4c33a 348 | 349 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.savannah.gnu.org/sed.git 350 | sed_version: 4.9 351 | sed_sha256: 6e226b732e1cd739464ad6862bd1a1aba42d7982922da7a53519631d24975181 352 | sed_sha512: 36157a4b4a2430cf421b7bd07f1675d680d9f1616be96cf6ad6ee74a9ec0fe695f8d0b1e1f0b008bbb33cc7fcde5e1c456359bbbc63f8aebdd4fedc3982cf6dc 353 | 354 | # renovate: datasource=github-tags depName=plougher/squashfs-tools 355 | squashfs_tools_version: 4.6.1 356 | squashfs_tools_sha256: 94201754b36121a9f022a190c75f718441df15402df32c2b520ca331a107511c 357 | squashfs_tools_sha512: 10e8a4b1e2327e062aef4f85860e76ebcd7a29e4c19e152ff7edec4a38316982b5bcfde4ab69da6bcb931258d264c2b6cb40cb5f635f9e6f6eba1ed5976267cb 358 | 359 | # renovate: datasource=github-tags depName=swig/swig 360 | swig_version: v4.2.1 361 | swig_sha256: 8895878b9215612e73611203dc8f5232c626e4d07ffc4532922f375518f067ca 362 | swig_sha512: 5d653333f73356d4d5ba8b615882e49f33f188bc68d8204352116bc4aca7946ec01ce2e02524c5ce805b98c2219ed05e664120485bf18095c5c0785436487074 363 | 364 | # renovate: datasource=git-tags extractVersion=^release_(?.*)$ depName=git://git.savannah.gnu.org/tar.git 365 | tar_version: 1_34 366 | tar_sha256: 63bebd26879c5e1eea4352f0d03c991f966aeb3ddeb3c7445c902568d5411d28 367 | tar_sha512: 5e77c4a7b49983ad7d15238c2bce28be7a8aa437b4b1815fc00abd13096da308b6bba196cc6e3ed79d85e62823d520ae0d8fcda2d93873842cf84dc3369fc902 368 | 369 | # renovate: datasource=git-tags extractVersion=^texinfo-(?.*)$ depName=git://git.savannah.gnu.org/texinfo.git 370 | texinfo_version: 7.2 371 | texinfo_sha256: 0329d7788fbef113fa82cb80889ca197a344ce0df7646fe000974c5d714363a6 372 | texinfo_sha512: 8e67337ae12a552fc620c43725507a4978710ea6630e98b0f5e98eb3f79a90e191dde5225699aa6217c26f171d277461f76150f0459cd07b40c3234d2f3d89bf 373 | 374 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git 375 | util_linux_version: 2.40.4 376 | util_linux_sha256: 5c1daf733b04e9859afdc3bd87cc481180ee0f88b5c0946b16fdec931975fb79 377 | util_linux_sha512: 0024955056ba7b4c54040a917f9919f49692e57ba6d42d17a6c29c1eefe88bf48b1214a545072b71c468829a63a8f15237f49733e9127c134e11126d1e435124 378 | 379 | # renovate: datasource=github-releases depName=tukaani-project/xz 380 | # NOTE: using 5.4.5 the version debian downgraded to. Ref: https://www.openwall.com/lists/oss-security/2024/03/29/4 381 | xz_version: v5.4.5 382 | xz_sha256: da9dec6c12cf2ecf269c31ab65b5de18e8e52b96f35d5bcd08c12b43e6878803 383 | xz_sha512: 5cbc3b5bb35a9f5773ad657788fe77013471e3b621c5a8149deb7389d48535926e5bed103456fcfe5ecb044b236b1055b03938a6cc877cfc749372b899fc79e5 384 | 385 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=madler/zlib 386 | zlib_version: 1.3.1 387 | zlib_sha256: 9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23 388 | zlib_sha512: 580677aad97093829090d4b605ac81c50327e74a6c2de0b85dd2e8525553f3ddde17556ea46f8f007f89e435493c9a20bc997d1ef1c1c2c23274528e3c46b94f 389 | 390 | # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=facebook/zstd 391 | zstd_version: 1.5.7 392 | zstd_sha256: eb33e51f49a15e023950cd7825ca74a4a2b43db8354825ac24fc1b7ee09e6fa3 393 | zstd_sha512: b4de208f179b68d4c6454139ca60d66ed3ef3893a560d6159a056640f83d3ee67cdf6ffb88971cdba35449dba4b597eaa8b4ae908127ef7fd58c89f40bf9a705 394 | labels: 395 | org.opencontainers.image.source: https://github.com/siderolabs/tools 396 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # tools 2 | 3 | ![Dependency Diagram](/deps.png) 4 | 5 | This repository produces a set of binaries suitable for building a target Linux distribution. 6 | 7 | ## Resources 8 | 9 | - https://gcc.gnu.org/onlinedocs/gccint/Configure-Terms.html 10 | - https://wiki.osdev.org/Target_Triplet 11 | -------------------------------------------------------------------------------- /abseil/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: abseil 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: cmake 6 | - stage: curl 7 | - stage: libuv 8 | - stage: tools-xz 9 | - stage: expat 10 | - stage: rhash 11 | steps: 12 | - sources: 13 | - url: https://github.com/abseil/abseil-cpp/archive/refs/tags/{{ .abseil_version }}.tar.gz 14 | destination: abseil.tar.gz 15 | sha256: "{{ .abseil_sha256 }}" 16 | sha512: "{{ .abseil_sha512 }}" 17 | prepare: 18 | - | 19 | tar -xzf abseil.tar.gz --strip-components=1 20 | 21 | mkdir build 22 | cd build 23 | 24 | # musl >=1.2.4 requires _LARGEFILE64_SOURCE for LFS64 interfaces support: 25 | # https://www.openwall.com/lists/musl/2023/05/02/1 26 | export CFLAGS="-D_LARGEFILE64_SOURCE" 27 | export CXXFLAGS="-D_LARGEFILE64_SOURCE" 28 | 29 | cmake -DABSL_BUILD_TESTING=OFF -DABSL_USE_GOOGLETEST_HEAD=OFF -DCMAKE_CXX_STANDARD=14 .. 30 | build: 31 | - | 32 | cd build 33 | 34 | make -j $(nproc) 35 | install: 36 | - | 37 | cd build 38 | 39 | make DESTDIR=/rootfs install 40 | finalize: 41 | - from: /rootfs 42 | to: / 43 | -------------------------------------------------------------------------------- /argp-standalone/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: argp-standalone 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: patch 6 | - stage: autoconf 7 | - stage: automake 8 | steps: 9 | - sources: 10 | # https://git.alpinelinux.org/aports/tree/main/argp-standalone/APKBUILD 11 | - url: https://github.com/argp-standalone/argp-standalone/archive/refs/tags/{{ .argp_standalone_version }}.tar.gz 12 | destination: argp-standalone.tar.gz 13 | sha256: "{{ .argp_standalone_sha256 }}" 14 | sha512: "{{ .argp_standalone_sha512 }}" 15 | prepare: 16 | - | 17 | tar -xzvf argp-standalone.tar.gz --strip-components=1 18 | 19 | autoreconf -vif 20 | ./configure \ 21 | --prefix=/usr \ 22 | --disable-static \ 23 | CFLAGS="${CFLAGS} -fPIC" 24 | build: 25 | - | 26 | make -j $(nproc) 27 | install: 28 | - | 29 | mkdir -p /rootfs/usr/lib 30 | mkdir -p /rootfs/usr/include 31 | cp -v libargp.a /rootfs/usr/lib 32 | cp -v argp.h /rootfs/usr/include 33 | finalize: 34 | - from: /rootfs 35 | to: / 36 | -------------------------------------------------------------------------------- /autoconf/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: autoconf 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: perl 6 | runtime: yes 7 | - stage: m4 8 | runtime: yes 9 | steps: 10 | - sources: 11 | - url: https://ftp.gnu.org/gnu/autoconf/autoconf-{{ .autoconf_version }}.tar.xz 12 | destination: autoconf.tar.xz 13 | sha256: "{{ .autoconf_sha256 }}" 14 | sha512: "{{ .autoconf_sha512 }}" 15 | prepare: 16 | - | 17 | tar -xJvf autoconf.tar.xz --strip-components=1 18 | mkdir build 19 | cd build 20 | 21 | ../configure \ 22 | --prefix=/usr 23 | build: 24 | - | 25 | cd build 26 | make -j $(nproc) 27 | install: 28 | - | 29 | cd build 30 | make DESTDIR=/rootfs install 31 | finalize: 32 | - from: /rootfs 33 | to: / 34 | -------------------------------------------------------------------------------- /automake/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: automake 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: perl 6 | runtime: yes 7 | - stage: autoconf 8 | steps: 9 | - sources: 10 | - url: https://ftp.gnu.org/gnu/automake/automake-{{ .automake_version }}.tar.xz 11 | destination: automake.tar.xz 12 | sha256: "{{ .automake_sha256 }}" 13 | sha512: "{{ .automake_sha512 }}" 14 | prepare: 15 | - | 16 | tar -xJf automake.tar.xz --strip-components=1 17 | mkdir build 18 | cd build 19 | 20 | ../configure \ 21 | --prefix=/usr 22 | build: 23 | - | 24 | cd build 25 | make -j $(nproc) 26 | install: 27 | - | 28 | cd build 29 | make DESTDIR=/rootfs install 30 | finalize: 31 | - from: /rootfs 32 | to: / 33 | -------------------------------------------------------------------------------- /base/fhs-validator.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # Script to validate the adherence to the FHS and our standards for a package 3 | 4 | set -euo pipefail 5 | 6 | RETVAL=0 7 | 8 | check_dir() { 9 | local ROOTDIR="$1" 10 | local ALLOWED_DIRS="$2" 11 | 12 | for DIR in "$ROOTDIR"/*; do 13 | # Empty directory, no matches. 14 | [ "$DIR" = "$ROOTDIR/*" ] && break 15 | local RELATIVE_DIR=$(basename "$DIR") 16 | 17 | if ! echo "${ALLOWED_DIRS}" | grep -wq "${RELATIVE_DIR}"; then 18 | [ -d "${DIR}" ] && echo "Package validator: ${DIR} is not an allowed directory" || echo "Package validator: ${DIR} is not an allowed file" 19 | RETVAL=1 20 | fi 21 | done 22 | } 23 | 24 | ROOTDIR="${1:-/rootfs}" 25 | 26 | # Test for extra files/directories 27 | # bin, lib and other directories moved to /usr are not allowed 28 | ALLOWED_DIRS="usr etc dev proc sys opt run var root tmp home" 29 | check_dir "$ROOTDIR" "$ALLOWED_DIRS" 30 | echo "Validated /" 31 | 32 | # No need for this test in pkgs which only have files under /etc for example 33 | [ ! -d "${ROOTDIR}/usr" ] && exit $RETVAL 34 | 35 | # Test for extra files/directories in /usr 36 | # lib64 and sbin are not allowed 37 | ALLOWED_USR_DIRS="bin lib share libexec include etc local src var" 38 | check_dir "$ROOTDIR/usr" "$ALLOWED_USR_DIRS" 39 | 40 | # Do not install man pages and locale info for optimal image size 41 | for DIR in $ROOTDIR/usr/man $ROOTDIR/usr/share/man $ROOTDIR/usr/local/man $ROOTDIR/usr/local/share/man \ 42 | $ROOTDIR/usr/share/info $ROOTDIR/usr/share/doc $ROOTDIR/usr/share/locale $ROOTDIR/usr/lib/locale; do 43 | [ -e ${DIR} ] && echo "Package validator: ${DIR} is not an allowed directory (man/info/locale)" && RETVAL=1 44 | done 45 | 46 | echo "Validated /usr" 47 | exit $RETVAL 48 | -------------------------------------------------------------------------------- /base/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: base 2 | variant: scratch 3 | dependencies: 4 | - image: "{{ .TOOLCHAIN_IMAGE }}" 5 | to: /rootfs 6 | finalize: 7 | - from: /pkg/fhs-validator.sh 8 | to: /usr/bin/fhs-validator 9 | - from: /rootfs 10 | to: / 11 | -------------------------------------------------------------------------------- /bash/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: bash 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: patch 6 | runtime: true 7 | - stage: ncurses 8 | runtime: true 9 | steps: 10 | - sources: 11 | - url: https://ftp.gnu.org/gnu/bash/bash-{{ .bash_version }}.tar.gz 12 | destination: bash.tar.gz 13 | sha256: "{{ .bash_sha256 }}" 14 | sha512: "{{ .bash_sha512 }}" 15 | prepare: 16 | - | 17 | tar -xzf bash.tar.gz --strip-components=1 18 | 19 | mkdir build 20 | cd build 21 | 22 | ../configure \ 23 | --prefix=/usr \ 24 | --disable-nls \ 25 | --with-curses \ 26 | --without-bash-malloc 27 | build: 28 | - | 29 | cd build 30 | # parallel build workarounds 31 | make y.tab.c && make builtins/libbuiltins.a 32 | make -j $(nproc) 33 | install: 34 | - | 35 | cd build 36 | make DESTDIR=/rootfs install 37 | finalize: 38 | - from: /rootfs 39 | to: / 40 | -------------------------------------------------------------------------------- /bc/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: bc 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: bash 6 | - stage: texinfo 7 | - stage: perl 8 | steps: 9 | - sources: 10 | - url: https://ftp.gnu.org/gnu/bc/bc-1.07.1.tar.gz 11 | destination: bc.tar.gz 12 | sha256: 62adfca89b0a1c0164c2cdca59ca210c1d44c3ffc46daf9931cf4942664cb02a 13 | sha512: 02126d0db6b6ed06d56cfc292d6f5475ff1e574779d7e69c7809bbb1e13f946f57ea07da2a7666baa092507a951a822044b0970075f75eefe65a5c1999b75d34 14 | prepare: 15 | - | 16 | tar -xzf bc.tar.gz --strip-components=1 17 | 18 | cat > bc/fix-libmath_h << "EOF" 19 | #! /bin/bash 20 | sed -e '1 s/^/{"/' \ 21 | -e 's/$/",/' \ 22 | -e '2,$ s/^/"/' \ 23 | -e '$ d' \ 24 | -i libmath.h 25 | 26 | sed -e '$ s/$/0}/' \ 27 | -i libmath.h 28 | EOF 29 | 30 | sed -i -e '/flex/s/as_fn_error/: ;; # &/' ./configure 31 | 32 | mkdir build 33 | cd build 34 | ../configure \ 35 | --prefix=/usr \ 36 | --with-readline \ 37 | --mandir=/usr/share/man \ 38 | --infodir=/usr/share/info 39 | build: 40 | - | 41 | cd build 42 | make -j $(nproc) 43 | install: 44 | - | 45 | cd build 46 | make DESTDIR=/rootfs install 47 | finalize: 48 | - from: /rootfs 49 | to: / 50 | -------------------------------------------------------------------------------- /bison/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: bison 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: m4 6 | - stage: perl 7 | steps: 8 | - sources: 9 | - url: https://ftp.gnu.org/gnu/bison/bison-{{ .bison_version }}.tar.xz 10 | destination: bison.tar.xz 11 | sha256: "{{ .bison_sha256 }}" 12 | sha512: "{{ .bison_sha512 }}" 13 | prepare: 14 | - | 15 | tar -xJf bison.tar.xz --strip-components=1 16 | mkdir build 17 | cd build 18 | 19 | ../configure \ 20 | --prefix=/usr \ 21 | FORCE_UNSAFE_CONFIGURE=1 22 | build: 23 | - | 24 | cd build 25 | make -j $(nproc) 26 | install: 27 | - | 28 | cd build 29 | make DESTDIR=/rootfs install 30 | finalize: 31 | - from: /rootfs 32 | to: / 33 | -------------------------------------------------------------------------------- /bzip2/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: bzip2 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://sourceware.org/pub/bzip2/bzip2-{{ .bzip2_version }}.tar.gz 8 | destination: bzip2.tar.gz 9 | sha256: "{{ .bzip2_sha256 }}" 10 | sha512: "{{ .bzip2_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xzf bzip2.tar.gz --strip-components=1 14 | build: 15 | - | 16 | make -j $(nproc) 17 | install: 18 | - | 19 | make PREFIX=/rootfs/usr install 20 | finalize: 21 | - from: /rootfs 22 | to: / 23 | -------------------------------------------------------------------------------- /cmake/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: cmake 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: bzip2 6 | - stage: curl 7 | - stage: expat 8 | - stage: libuv 9 | - stage: ncurses 10 | - stage: rhash 11 | - stage: tools-xz 12 | - stage: tools-zlib 13 | steps: 14 | - sources: 15 | - url: https://www.cmake.org/files/v{{ regexReplaceAll ".\\d+$" .cmake_version "${1}" }}/cmake-{{ .cmake_version }}.tar.gz 16 | destination: cmake.tar.gz 17 | sha256: "{{ .cmake_sha256 }}" 18 | sha512: "{{ .cmake_sha512 }}" 19 | env: 20 | CC: gcc 21 | CXX: g++ 22 | prepare: 23 | - | 24 | tar -xzf cmake.tar.gz --strip-components=1 25 | 26 | ./bootstrap \ 27 | --prefix=/usr \ 28 | --no-system-jsoncpp \ 29 | --no-system-libarchive \ 30 | --parallel=$(nproc) \ 31 | -- -DCMAKE_BUILD_TYPE:STRING=Release 32 | build: 33 | - | 34 | make -j $(nproc) 35 | install: 36 | - | 37 | make DESTDIR=/rootfs install 38 | finalize: 39 | - from: /rootfs 40 | to: / 41 | # || (cat Bootstrap.cmk/cmake_bootstrap.log; exit 1) 42 | -------------------------------------------------------------------------------- /coreutils/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: coreutils 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://ftp.gnu.org/gnu/coreutils/coreutils-{{ .coreutils_version }}.tar.xz 8 | destination: coreutils.tar.xz 9 | sha256: "{{ .coreutils_sha256 }}" 10 | sha512: "{{ .coreutils_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xJf coreutils.tar.xz --strip-components=1 14 | mkdir build 15 | cd build 16 | ../configure \ 17 | --prefix=/usr \ 18 | --enable-install-program=hostname \ 19 | FORCE_UNSAFE_CONFIGURE=1 \ 20 | TIME_T_32_BIT_OK=yes 21 | build: 22 | - | 23 | cd build 24 | make -j $(nproc) 25 | install: 26 | - | 27 | cd build 28 | make DESTDIR=/rootfs install 29 | finalize: 30 | - from: /rootfs 31 | to: / 32 | -------------------------------------------------------------------------------- /curl/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: curl 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-openssl 6 | runtime: true 7 | - stage: tools-zlib 8 | runtime: true 9 | - stage: pkg-config 10 | - stage: perl 11 | steps: 12 | - sources: 13 | - url: https://curl.haxx.se/download/curl-{{ .curl_version | replace "_" "." }}.tar.xz 14 | destination: curl.tar.xz 15 | sha256: "{{ .curl_sha256 }}" 16 | sha512: "{{ .curl_sha512 }}" 17 | prepare: 18 | - | 19 | tar -xJf curl.tar.xz --strip-components=1 20 | mkdir build 21 | cd build 22 | 23 | # This is required to avoid "One or more libs available at link-time are not available at run-time". 24 | export PKG_CONFIG_PATH=/usr/lib/pkgconfig 25 | 26 | ../configure \ 27 | --prefix=/usr \ 28 | --disable-static \ 29 | --enable-threaded-resolver \ 30 | --with-ca-bundle=/etc/ssl/certs/ca-certificates \ 31 | --with-zlib \ 32 | --with-ssl \ 33 | --without-libpsl \ 34 | --disable-docs \ 35 | --disable-manual 36 | build: 37 | - | 38 | cd build 39 | make -j $(nproc) 40 | install: 41 | - | 42 | cd build 43 | make DESTDIR=/rootfs install 44 | finalize: 45 | - from: /rootfs 46 | to: / 47 | -------------------------------------------------------------------------------- /deps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/siderolabs/tools/e35234bd94c3c16daf06d00848d7752f5e4c7d15/deps.png -------------------------------------------------------------------------------- /diffutils/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: diffutils 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://ftp.gnu.org/gnu/diffutils/diffutils-{{ .diffutils_version }}.tar.xz 8 | destination: diffutils.tar.xz 9 | sha256: "{{ .diffutils_sha256 }}" 10 | sha512: "{{ .diffutils_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xJf diffutils.tar.xz --strip-components=1 14 | mkdir build 15 | cd build 16 | ../configure \ 17 | --prefix=/usr \ 18 | build: 19 | - | 20 | cd build 21 | make -j $(nproc) 22 | install: 23 | - | 24 | cd build 25 | make DESTDIR=/rootfs install 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /dtc/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: dtc 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: m4 6 | - stage: bison 7 | - stage: flex 8 | - stage: pkg-config 9 | steps: 10 | - sources: 11 | - url: https://mirrors.edge.kernel.org/pub/software/utils/dtc/dtc-{{ .dtc_version }}.tar.xz 12 | destination: dtc.tar.xz 13 | sha256: "{{ .dtc_sha256 }}" 14 | sha512: "{{ .dtc_sha512 }}" 15 | prepare: 16 | - | 17 | tar -xJf dtc.tar.xz --strip-components=1 18 | 19 | sed -i s:-Werror::g Makefile 20 | build: 21 | - | 22 | make -j $(nproc) 23 | install: 24 | - | 25 | make DESTDIR=/rootfs PREFIX=/usr install 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /dwarfutils/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: dwarfutils 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | # https://www.prevanders.net/dwarf.html 8 | - url: https://github.com/davea42/libdwarf-code/releases/download/v{{ .dwarfutils_version }}/libdwarf-{{ .dwarfutils_version }}.tar.xz 9 | destination: dwarfutils.tar.xz 10 | sha256: "{{ .dwarfutils_sha256 }}" 11 | sha512: "{{ .dwarfutils_sha512 }}" 12 | env: 13 | SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }} 14 | prepare: 15 | - | 16 | tar -xvf dwarfutils.tar.xz --strip-components=1 17 | mkdir build 18 | cd build 19 | 20 | ../configure \ 21 | --prefix=/usr \ 22 | --enable-shared \ 23 | --disable-static 24 | build: 25 | - | 26 | cd build 27 | make -j $(nproc) 28 | install: 29 | - | 30 | cd build 31 | make DESTDIR=/rootfs install 32 | finalize: 33 | - from: /rootfs 34 | to: / 35 | -------------------------------------------------------------------------------- /elfutils/patches/musl-macros.patch: -------------------------------------------------------------------------------- 1 | diff -ur elfutils-0.187.orig/lib/libeu.h elfutils-0.187/lib/libeu.h 2 | --- elfutils-0.187.orig/lib/libeu.h 2022-06-16 18:48:12.916472948 +0200 3 | +++ elfutils-0.187/lib/libeu.h 2022-06-16 18:48:54.219839323 +0200 4 | @@ -31,6 +31,18 @@ 5 | 6 | #include 7 | #include 8 | +#include 9 | +#include 10 | +#include 11 | + 12 | +#ifndef TEMP_FAILURE_RETRY 13 | +#define TEMP_FAILURE_RETRY(expression) \ 14 | + (__extension__ \ 15 | + ({ long int __result; \ 16 | + do __result = (long int) (expression); \ 17 | + while (__result == -1L && errno == EINTR); \ 18 | + __result; })) 19 | +#endif 20 | 21 | extern void *xmalloc (size_t) __attribute__ ((__malloc__)); 22 | extern void *xcalloc (size_t, size_t) __attribute__ ((__malloc__)); 23 | diff -ur elfutils-0.187.orig/src/arlib.h elfutils-0.187/src/arlib.h 24 | --- elfutils-0.187.orig/src/arlib.h 2022-06-16 18:48:12.919806284 +0200 25 | +++ elfutils-0.187/src/arlib.h 2022-06-16 18:48:18.879811052 +0200 26 | @@ -29,6 +29,16 @@ 27 | #include 28 | #include 29 | 30 | +#if !defined(ACCESSPERMS) 31 | +# define ACCESSPERMS (S_IRWXU|S_IRWXG|S_IRWXO) /* 0777 */ 32 | +#endif 33 | +#if !defined(ALLPERMS) 34 | +# define ALLPERMS (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO) /* 07777 */ 35 | +#endif 36 | +#if !defined(DEFFILEMODE) 37 | +# define DEFFILEMODE (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)/* 0666*/ 38 | +#endif 39 | + 40 | 41 | /* State of -D/-U flags. */ 42 | extern bool arlib_deterministic_output; 43 | diff -ur elfutils-0.187.orig/src/elfcompress.c elfutils-0.187/src/elfcompress.c 44 | --- elfutils-0.187.orig/src/elfcompress.c 2022-06-16 18:48:12.919806284 +0200 45 | +++ elfutils-0.187/src/elfcompress.c 2022-06-16 18:48:18.879811052 +0200 46 | @@ -37,6 +37,14 @@ 47 | #include "libeu.h" 48 | #include "printversion.h" 49 | 50 | +#if !defined(FNM_EXTMATCH) 51 | +# define FNM_EXTMATCH 0 52 | +#endif 53 | + 54 | +#if !defined(ALLPERMS) 55 | +# define ALLPERMS (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO) /* 07777 */ 56 | +#endif 57 | + 58 | /* Name and version of program. */ 59 | ARGP_PROGRAM_VERSION_HOOK_DEF = print_version; 60 | 61 | diff -ur elfutils-0.187.orig/src/strip.c elfutils-0.187/src/strip.c 62 | --- elfutils-0.187.orig/src/strip.c 2022-06-16 18:48:12.919806284 +0200 63 | +++ elfutils-0.187/src/strip.c 2022-06-16 18:48:18.879811052 +0200 64 | @@ -46,6 +46,14 @@ 65 | #include 66 | #include 67 | 68 | +#if !defined(FNM_EXTMATCH) 69 | +# define FNM_EXTMATCH 0 70 | +#endif 71 | + 72 | +#if !defined(ACCESSPERMS) 73 | +#define ACCESSPERMS (S_IRWXU|S_IRWXG|S_IRWXO) 74 | +#endif 75 | + 76 | typedef uint8_t GElf_Byte; 77 | 78 | /* Name and version of program. */ 79 | -------------------------------------------------------------------------------- /elfutils/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: elfutils 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-zlib 6 | - stage: argp-standalone 7 | - stage: musl-fts 8 | - stage: musl-obstack 9 | - stage: patch 10 | - stage: autoconf 11 | - stage: automake 12 | - stage: pkg-config 13 | steps: 14 | - sources: 15 | - url: https://sourceware.org/elfutils/ftp/{{ .elfutils_version }}/elfutils-{{ .elfutils_version }}.tar.bz2 16 | destination: elfutils.tar.bz2 17 | sha256: "{{ .elfutils_sha256 }}" 18 | sha512: "{{ .elfutils_sha512 }}" 19 | prepare: 20 | - | 21 | tar -xjf elfutils.tar.bz2 --strip-components=1 22 | 23 | patch -p1 < /pkg/patches/musl-macros.patch 24 | 25 | mkdir build 26 | cd build 27 | 28 | ../configure \ 29 | --prefix=/usr \ 30 | --disable-libdebuginfod \ 31 | --disable-debuginfod \ 32 | CFLAGS="${CFLAGS} -fPIC -Wno-error" 33 | build: 34 | - | 35 | cd build 36 | 37 | make -j $(nproc) 38 | install: 39 | - | 40 | cd build 41 | make DESTDIR=/rootfs install 42 | finalize: 43 | - from: /rootfs 44 | to: / 45 | -------------------------------------------------------------------------------- /expat/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: expat 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://github.com/libexpat/libexpat/releases/download/R_{{ .expat_version }}/expat-{{ .expat_version | replace "_" "." }}.tar.bz2 8 | destination: expat.tar.bz2 9 | sha256: "{{ .expat_sha256 }}" 10 | sha512: "{{ .expat_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xjf expat.tar.bz2 --strip-components=1 14 | 15 | ./configure \ 16 | --prefix="/usr" \ 17 | --enable-static 18 | build: 19 | - | 20 | make -j $(nproc) 21 | install: 22 | - | 23 | make DESTDIR=/rootfs install 24 | finalize: 25 | - from: /rootfs 26 | to: / 27 | -------------------------------------------------------------------------------- /fakeroot/patches/fakeroot-no64.patch: -------------------------------------------------------------------------------- 1 | This patch fixes building with musl libc 2 | 3 | https://github.com/void-linux/void-packages/blob/e3ff6da0aa9f378356cec4184580025ddae771de/srcpkgs/fakeroot/patches/fakeroot-no64.patch 4 | 5 | --- a/libfakeroot.c 6 | +++ b/libfakeroot.c 7 | @@ -81,12 +81,14 @@ 8 | #define SEND_STAT64(a,b,c) send_stat64(a,b,c) 9 | #define SEND_GET_STAT(a,b) send_get_stat(a,b) 10 | #define SEND_GET_STAT64(a,b) send_get_stat64(a,b) 11 | +#define SEND_GET_XATTR(a,b,c) send_get_xattr(a,b,c) 12 | #define SEND_GET_XATTR64(a,b,c) send_get_xattr64(a,b,c) 13 | #else 14 | #define SEND_STAT(a,b,c) send_stat(a,b) 15 | #define SEND_STAT64(a,b,c) send_stat64(a,b) 16 | #define SEND_GET_STAT(a,b) send_get_stat(a) 17 | #define SEND_GET_STAT64(a,b) send_get_stat64(a) 18 | +#define SEND_GET_XATTR(a,b,c) send_get_xattr(a,b) 19 | #define SEND_GET_XATTR64(a,b,c) send_get_xattr64(a,b) 20 | #endif 21 | -------------------------------------------------------------------------------- /fakeroot/patches/fix-shell.patch: -------------------------------------------------------------------------------- 1 | Description: Fix shell in fakeroot.in 2 | Use /bin/sh instead of @SHELL@ in fakeroot.in 3 | Author: Juan Picca 4 | Source: Debian 5 | Last-Update: 2024-08-22 by Dmitrii Sharshakov 6 | --- 7 | --- a/scripts/fakeroot.in 8 | +++ b/scripts/fakeroot.in 9 | @@ -1,4 +1,4 @@ 10 | -#!@SHELL@ 11 | +#!/bin/sh 12 | 13 | # This script first starts faked (the daemon), and then it will run 14 | # the requested program with fake root privileges. 15 | -------------------------------------------------------------------------------- /fakeroot/patches/no-docs.patch: -------------------------------------------------------------------------------- 1 | diff --git a/Makefile.am b/Makefile.am 2 | index 46f01eb..4c10cfa 100644 3 | --- a/Makefile.am 4 | +++ b/Makefile.am 5 | @@ -1,6 +1,6 @@ 6 | AUTOMAKE_OPTIONS=foreign 7 | ACLOCAL_AMFLAGS = -I build-aux 8 | -SUBDIRS=doc scripts test 9 | +SUBDIRS=scripts test 10 | 11 | noinst_LTLIBRARIES = libcommunicate.la libmacosx.la libfakeroot_time64.la 12 | libcommunicate_la_SOURCES = communicate.c 13 | -------------------------------------------------------------------------------- /fakeroot/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: fakeroot 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: patch 6 | - stage: autoconf 7 | - stage: automake 8 | - stage: libtool 9 | - stage: tools-libcap 10 | steps: 11 | - sources: 12 | - url: https://salsa.debian.org/clint/fakeroot/-/archive/upstream/{{ .fakeroot_version }}/fakeroot-upstream-{{ .fakeroot_version }}.tar.gz 13 | destination: fakeroot.tar.gz 14 | sha256: "{{ .fakeroot_sha256 }}" 15 | sha512: "{{ .fakeroot_sha512 }}" 16 | prepare: 17 | - | 18 | tar -xzvf fakeroot.tar.gz --strip-components=1 19 | 20 | patch -p1 < /pkg/patches/fix-shell.patch 21 | patch -p1 < /pkg/patches/no-docs.patch 22 | patch -p1 < /pkg/patches/fakeroot-no64.patch 23 | 24 | autoreconf -vif 25 | ./configure \ 26 | --prefix=/usr \ 27 | CFLAGS="${CFLAGS} -fPIC" 28 | build: 29 | - | 30 | make -j $(nproc) 31 | install: 32 | - | 33 | make install DESTDIR=/rootfs PREFIX=/usr 34 | finalize: 35 | - from: /rootfs 36 | to: / 37 | -------------------------------------------------------------------------------- /findutils/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: findutils 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://ftp.gnu.org/gnu/findutils/findutils-{{ .findutils_version }}.tar.xz 8 | destination: findutils.tar.gz 9 | sha256: "{{ .findutils_sha256 }}" 10 | sha512: "{{ .findutils_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xf findutils.tar.gz --strip-components=1 14 | mkdir build 15 | cd build 16 | ../configure \ 17 | --prefix=/usr \ 18 | build: 19 | - | 20 | cd build 21 | make -j $(nproc) 22 | install: 23 | - | 24 | cd build 25 | make DESTDIR=/rootfs install 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /flex/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: flex 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: m4 6 | steps: 7 | - sources: 8 | - url: https://github.com/westes/flex/releases/download/v{{ .flex_version }}/flex-{{ .flex_version }}.tar.gz 9 | destination: flex.tar.gz 10 | sha256: "{{ .flex_sha256 }}" 11 | sha512: "{{ .flex_sha512 }}" 12 | prepare: 13 | - | 14 | tar -xzf flex.tar.gz --strip-components=1 15 | mkdir build 16 | cd build 17 | 18 | sed -i "/math.h/a #include " ../src/flexdef.h 19 | 20 | ../configure \ 21 | --prefix=/usr 22 | build: 23 | - | 24 | cd build 25 | make -j $(nproc) 26 | install: 27 | - | 28 | cd build 29 | make DESTDIR=/rootfs install 30 | finalize: 31 | - from: /rootfs 32 | to: / 33 | -------------------------------------------------------------------------------- /gawk/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: gawk 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://ftp.gnu.org/gnu/gawk/gawk-{{ .gawk_version }}.tar.xz 8 | destination: gawk.tar.xz 9 | sha256: "{{ .gawk_sha256 }}" 10 | sha512: "{{ .gawk_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xJf gawk.tar.xz --strip-components=1 14 | mkdir build 15 | cd build 16 | ../configure \ 17 | --prefix=/usr \ 18 | build: 19 | - | 20 | cd build 21 | make -j $(nproc) 22 | install: 23 | - | 24 | cd build 25 | make DESTDIR=/rootfs install 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /gettext/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: gettext 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://github.com/sabotage-linux/gettext-tiny/archive/{{ .gettext_tiny_ref }}.tar.gz 8 | destination: gettext-tiny.tar.gz 9 | sha256: "{{ .gettext_tiny_sha256 }}" 10 | sha512: "{{ .gettext_tiny_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xzf gettext-tiny.tar.gz --strip-components=1 14 | install: 15 | - | 16 | make LIBINTL=musl DESTDIR=/rootfs prefix=/usr install 17 | finalize: 18 | - from: /rootfs 19 | to: / 20 | -------------------------------------------------------------------------------- /git/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: git 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-zlib 6 | runtime: true 7 | - stage: gettext 8 | - stage: tools-openssl 9 | - stage: curl 10 | runtime: true 11 | - stage: autoconf 12 | steps: 13 | - sources: 14 | - url: https://mirrors.edge.kernel.org/pub/software/scm/git/git-{{ .git_version }}.tar.xz 15 | destination: git.tar.xz 16 | sha256: "{{ .git_sha256 }}" 17 | sha512: "{{ .git_sha512 }}" 18 | prepare: 19 | - | 20 | tar -xJf git.tar.xz --strip-components=1 21 | make configure 22 | ./configure --prefix=/usr 23 | build: 24 | - | 25 | make -j $(nproc) 26 | install: 27 | - | 28 | make DESTDIR=/rootfs install 29 | finalize: 30 | - from: /rootfs 31 | to: / 32 | -------------------------------------------------------------------------------- /gmp/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: gmp 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: m4 6 | steps: 7 | - sources: 8 | - url: https://ftp.gnu.org/gnu/gmp/gmp-{{ .gmp_version }}.tar.xz 9 | destination: gmp.tar.xz 10 | sha256: "{{ .gmp_sha256 }}" 11 | sha512: "{{ .gmp_sha512 }}" 12 | prepare: 13 | - | 14 | tar -xJf gmp.tar.xz --strip-components=1 15 | mkdir build 16 | cd build 17 | ../configure \ 18 | --prefix=/usr \ 19 | --disable-static 20 | build: 21 | - | 22 | cd build 23 | make -j $(nproc) 24 | install: 25 | - | 26 | cd build 27 | make install DESTDIR=/rootfs 28 | finalize: 29 | - from: /rootfs 30 | to: / 31 | -------------------------------------------------------------------------------- /gnutls/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: gnutls 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: nettle 6 | - stage: gmp 7 | - stage: tools-zlib 8 | - stage: texinfo 9 | - stage: pkg-config 10 | - stage: libtasn1 11 | - stage: libunistring 12 | steps: 13 | - sources: 14 | - url: https://www.gnupg.org/ftp/gcrypt/gnutls/v{{ regexReplaceAll ".\\d+$" .gnutls_version "${1}" }}/gnutls-{{ .gnutls_version }}.tar.xz 15 | destination: gnutls.tar.xz 16 | sha256: "{{ .gnutls_sha256 }}" 17 | sha512: "{{ .gnutls_sha512 }}" 18 | prepare: 19 | - | 20 | tar -xf gnutls.tar.xz --strip-components=1 21 | 22 | ./configure \ 23 | --prefix=/usr \ 24 | --enable-ktls \ 25 | --disable-openssl-compatibility \ 26 | --disable-rpath \ 27 | --disable-static \ 28 | --disable-guile \ 29 | --disable-valgrind-tests \ 30 | --without-p11-kit 31 | 32 | build: 33 | - | 34 | make -j $(nproc) DESTDIR=/rootfs 35 | install: 36 | - | 37 | make DESTDIR=/rootfs install 38 | finalize: 39 | - from: /rootfs 40 | to: / 41 | -------------------------------------------------------------------------------- /gperf/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: gperf 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: http://ftp.gnu.org/pub/gnu/gperf/gperf-{{ .gperf_version }}.tar.gz 8 | destination: gperf.tar.gz 9 | sha256: "{{ .gperf_sha256 }}" 10 | sha512: "{{ .gperf_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xzf gperf.tar.gz --strip-components=1 14 | mkdir build 15 | cd build 16 | ../configure \ 17 | --prefix=/usr \ 18 | build: 19 | - | 20 | cd build 21 | make -j $(nproc) 22 | install: 23 | - | 24 | cd build 25 | make DESTDIR=/rootfs install 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /grep/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: grep 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://ftp.gnu.org/gnu/grep/grep-{{ .grep_version }}.tar.xz 8 | destination: grep.tar.xz 9 | sha256: "{{ .grep_sha256 }}" 10 | sha512: "{{ .grep_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xJf grep.tar.xz --strip-components=1 14 | mkdir build 15 | cd build 16 | ../configure \ 17 | --prefix=/usr 18 | build: 19 | - | 20 | cd build 21 | make -j $(nproc) 22 | install: 23 | - | 24 | cd build 25 | make DESTDIR=/rootfs install 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /gzip/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: gzip 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://ftp.gnu.org/gnu/gzip/gzip-{{ .gzip_version }}.tar.xz 8 | destination: gzip.tar.xz 9 | sha256: "{{ .gzip_sha256 }}" 10 | sha512: "{{ .gzip_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xJf gzip.tar.xz --strip-components=1 14 | mkdir build 15 | cd build 16 | ../configure \ 17 | --prefix=/usr 18 | build: 19 | - | 20 | cd build 21 | make -j $(nproc) 22 | install: 23 | - | 24 | cd build 25 | make DESTDIR=/rootfs install 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /hack/release.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. 4 | # 5 | # Generated on 2024-10-17T13:05:59Z by kres 34e72ac. 6 | 7 | set -e 8 | 9 | RELEASE_TOOL_IMAGE="ghcr.io/siderolabs/release-tool:latest" 10 | 11 | function release-tool { 12 | docker pull "${RELEASE_TOOL_IMAGE}" >/dev/null 13 | docker run --rm -w /src -v "${PWD}":/src:ro "${RELEASE_TOOL_IMAGE}" -l -d -n -t "${1}" ./hack/release.toml 14 | } 15 | 16 | function changelog { 17 | if [ "$#" -eq 1 ]; then 18 | (release-tool ${1}; echo; cat CHANGELOG.md) > CHANGELOG.md- && mv CHANGELOG.md- CHANGELOG.md 19 | else 20 | echo 1>&2 "Usage: $0 changelog [tag]" 21 | exit 1 22 | fi 23 | } 24 | 25 | function release-notes { 26 | release-tool "${2}" > "${1}" 27 | } 28 | 29 | function cherry-pick { 30 | if [ $# -ne 2 ]; then 31 | echo 1>&2 "Usage: $0 cherry-pick " 32 | exit 1 33 | fi 34 | 35 | git checkout $2 36 | git fetch 37 | git rebase upstream/$2 38 | git cherry-pick -x $1 39 | } 40 | 41 | function commit { 42 | if [ $# -ne 1 ]; then 43 | echo 1>&2 "Usage: $0 commit " 44 | exit 1 45 | fi 46 | 47 | if is_on_main_branch; then 48 | update_license_files 49 | fi 50 | 51 | git commit -s -m "release($1): prepare release" -m "This is the official $1 release." 52 | } 53 | 54 | function is_on_main_branch { 55 | main_remotes=("upstream" "origin") 56 | branch_names=("main" "master") 57 | current_branch=$(git rev-parse --abbrev-ref HEAD) 58 | 59 | echo "Check current branch: $current_branch" 60 | 61 | for remote in "${main_remotes[@]}"; do 62 | echo "Fetch remote $remote..." 63 | 64 | if ! git fetch --quiet "$remote" &>/dev/null; then 65 | echo "Failed to fetch $remote, skip..." 66 | 67 | continue 68 | fi 69 | 70 | for branch_name in "${branch_names[@]}"; do 71 | if ! git rev-parse --verify "$branch_name" &>/dev/null; then 72 | echo "Branch $branch_name does not exist, skip..." 73 | 74 | continue 75 | fi 76 | 77 | echo "Branch $remote/$branch_name exists, comparing..." 78 | 79 | merge_base=$(git merge-base "$current_branch" "$remote/$branch_name") 80 | latest_main=$(git rev-parse "$remote/$branch_name") 81 | 82 | if [ "$merge_base" = "$latest_main" ]; then 83 | echo "Current branch is up-to-date with $remote/$branch_name" 84 | 85 | return 0 86 | else 87 | echo "Current branch is not on $remote/$branch_name" 88 | 89 | return 1 90 | fi 91 | done 92 | done 93 | 94 | echo "No main or master branch found on any remote" 95 | 96 | return 1 97 | } 98 | 99 | function update_license_files { 100 | script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 101 | parent_dir="$(dirname "$script_dir")" 102 | current_year=$(date +"%Y") 103 | change_date=$(date -v+4y +"%Y-%m-%d" 2>/dev/null || date -d "+4 years" +"%Y-%m-%d" 2>/dev/null || date --date="+4 years" +"%Y-%m-%d") 104 | 105 | # Find LICENSE and .kres.yaml files recursively in the parent directory (project root) 106 | find "$parent_dir" \( -name "LICENSE" -o -name ".kres.yaml" \) -type f | while read -r file; do 107 | temp_file="${file}.tmp" 108 | 109 | if [[ $file == *"LICENSE" ]]; then 110 | if grep -q "^Business Source License" "$file"; then 111 | sed -e "s/The Licensed Work is (c) [0-9]\{4\}/The Licensed Work is (c) $current_year/" \ 112 | -e "s/Change Date: [0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}/Change Date: $change_date/" \ 113 | "$file" >"$temp_file" 114 | else 115 | continue # Not a Business Source License file 116 | fi 117 | elif [[ $file == *".kres.yaml" ]]; then 118 | sed -E 's/^([[:space:]]*)ChangeDate:.*$/\1ChangeDate: "'"$change_date"'"/' "$file" >"$temp_file" 119 | fi 120 | 121 | # Check if the file has changed 122 | if ! cmp -s "$file" "$temp_file"; then 123 | mv "$temp_file" "$file" 124 | echo "Updated: $file" 125 | git add "$file" 126 | else 127 | echo "No changes: $file" 128 | rm "$temp_file" 129 | fi 130 | done 131 | } 132 | 133 | if declare -f "$1" > /dev/null 134 | then 135 | cmd="$1" 136 | shift 137 | $cmd "$@" 138 | else 139 | cat < 5 | Date: Wed, 16 Aug 2017 14:45:27 +0800 6 | Subject: [PATCH] configure: reproducible 7 | 8 | "configure" enforces -U for ar flags, breaking deterministic builds. 9 | The flag was added to fix some vaguely specified "recent POSIX binutil 10 | build problems" in 2015. 11 | 12 | Upstream-Status: Pending 13 | Signed-off-by: Juro Bystricky 14 | 15 | Rebase to 6.1 16 | 17 | Signed-off-by: Hongxu Jia 18 | 19 | --- 20 | configure | 2 +- 21 | 1 file changed, 1 insertion(+), 1 deletion(-) 22 | 23 | diff --git a/configure b/configure 24 | index 421cf859..a1b7840d 100755 25 | --- a/configure 26 | +++ b/configure 27 | @@ -5072,7 +5072,7 @@ else 28 | ;; 29 | (*) 30 | cf_cv_ar_flags=unknown 31 | - for cf_ar_flags in -curvU -curv curv -crv crv -cqv cqv -rv rv 32 | + for cf_ar_flags in -curv curv -crv crv -cqv cqv -rv rv 33 | do 34 | 35 | # check if $ARFLAGS already contains this choice 36 | -------------------------------------------------------------------------------- /ncurses/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: ncurses 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: patch 6 | steps: 7 | - sources: 8 | - url: https://ftp.gnu.org/gnu/ncurses/ncurses-{{ .ncurses_version }}.tar.gz 9 | destination: ncurses.tar.gz 10 | sha256: "{{ .ncurses_sha256 }}" 11 | sha512: "{{ .ncurses_sha512 }}" 12 | env: 13 | SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }} 14 | prepare: 15 | - | 16 | tar -xzf ncurses.tar.gz --strip-components=1 17 | 18 | patch -p1 < /pkg/patches/reproducibility.patch 19 | 20 | mkdir build 21 | cd build 22 | 23 | sed -i s/mawk// ../configure 24 | 25 | ../configure \ 26 | --prefix=/usr \ 27 | --with-shared \ 28 | --without-debug \ 29 | --without-ada \ 30 | --enable-overwrite 31 | build: 32 | - | 33 | cd build 34 | make -j $(nproc) 35 | install: 36 | - | 37 | cd build 38 | make DESTDIR=/rootfs install 39 | finalize: 40 | - from: /rootfs 41 | to: / 42 | -------------------------------------------------------------------------------- /nettle/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: nettle 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: m4 6 | - stage: gmp 7 | steps: 8 | - sources: 9 | - url: https://ftp.gnu.org/gnu/nettle/nettle-{{ .nettle_version }}.tar.gz 10 | destination: nettle.tar.gz 11 | sha256: "{{ .nettle_sha256 }}" 12 | sha512: "{{ .nettle_sha512 }}" 13 | prepare: 14 | - | 15 | tar -xf nettle.tar.gz --strip-components=1 16 | 17 | ./configure \ 18 | --prefix=/usr \ 19 | --enable-shared \ 20 | --enable-static \ 21 | --disable-openssl \ 22 | --enable-fat 23 | build: 24 | - | 25 | make DESTDIR=/rootfs 26 | sed -i -e 's/ \#.*//' ./*.pc 27 | install: 28 | - | 29 | make DESTDIR=/rootfs install 30 | finalize: 31 | - from: /rootfs 32 | to: / 33 | -------------------------------------------------------------------------------- /ninja/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: ninja 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: cmake 6 | - stage: curl 7 | - stage: libuv 8 | - stage: tools-xz 9 | - stage: expat 10 | - stage: rhash 11 | steps: 12 | - sources: 13 | - url: https://github.com/ninja-build/ninja/archive/refs/tags/{{ .ninja_version }}.tar.gz 14 | destination: ninja.tar.gz 15 | sha256: "{{ .ninja_sha256 }}" 16 | sha512: "{{ .ninja_sha512 }}" 17 | prepare: 18 | - | 19 | tar -xzf ninja.tar.gz --strip-components=1 20 | cmake -Bbuild -DBUILD_TESTING=OFF 21 | build: 22 | - | 23 | cmake --build build 24 | install: 25 | - | 26 | install -m755 -D build/ninja /rootfs/usr/bin/ninja 27 | finalize: 28 | - from: /rootfs 29 | to: / 30 | -------------------------------------------------------------------------------- /pahole/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: pahole 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: argp-standalone 6 | - stage: patch 7 | runtime: true 8 | - stage: elfutils 9 | - stage: dwarfutils 10 | - stage: cmake 11 | - stage: pkg-config 12 | runtime: true 13 | - stage: curl 14 | - stage: expat 15 | - stage: libuv 16 | - stage: libbpf 17 | - stage: musl-obstack 18 | - stage: musl-fts 19 | - stage: rhash 20 | - stage: tools-xz 21 | steps: 22 | - sources: 23 | - url: https://git.kernel.org/pub/scm/devel/pahole/pahole.git/snapshot/pahole-{{ .pahole_version }}.tar.gz 24 | destination: pahole.tar.gz 25 | sha256: "{{ .pahole_sha256 }}" 26 | sha512: "{{ .pahole_sha512 }}" 27 | prepare: 28 | - | 29 | tar -xzf pahole.tar.gz --strip-components=1 30 | build: 31 | - | 32 | mkdir build && cd build 33 | 34 | cmake -DCMAKE_INSTALL_PREFIX=/usr \ 35 | -DCMAKE_BUILD_TYPE=Release \ 36 | -DCMAKE_MODULE_PATH=/usr/lib/cmake \ 37 | -DLIBBPF_EMBEDDED=OFF \ 38 | -D__LIB=lib \ 39 | .. 40 | install: 41 | - | 42 | cd build 43 | make DESTDIR=/rootfs install 44 | rm -rf /rootfs/usr/share 45 | mkdir -p /rootfs/usr/lib 46 | mv /rootfs/usr/lib64/* /rootfs/usr/lib/ 47 | rm -r /rootfs/usr/lib64 48 | finalize: 49 | - from: /rootfs 50 | to: / 51 | -------------------------------------------------------------------------------- /patch/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: patch 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://ftp.gnu.org/gnu/patch/patch-{{ .patch_version }}.tar.xz 8 | destination: patch.tar.xz 9 | sha256: "{{ .patch_sha256 }}" 10 | sha512: "{{ .patch_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xJf patch.tar.xz --strip-components=1 14 | mkdir build 15 | cd build 16 | ../configure \ 17 | --prefix=/usr 18 | build: 19 | - | 20 | cd build 21 | make -j $(nproc) 22 | install: 23 | - | 24 | cd build 25 | make DESTDIR=/rootfs install 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /perl/patches/reproducible-build-date.patch: -------------------------------------------------------------------------------- 1 | Don't encode the current timestamp. 2 | 3 | This affects the output of `perl -V`, specifically the message "Compiled 4 | at [...]". 5 | 6 | The 'cf_time' and 'cf_by' values show up in 'config.h' and 7 | in 'Config_heavy.pl'. 8 | 9 | Use the output of 'uname -s' instead of 'uname -a' to avoid recording 10 | the kernel version ('uname -o' leads to directory names like 11 | 'x86_64-gnulinux' instead of 'x86_64-linux', which might cause breakage 12 | down the road.) 13 | 14 | From: https://raw.githubusercontent.com/guix-mirror/guix/master/gnu/packages/patches/perl-reproducible-build-date.patch 15 | 16 | diff --git a/perl.c b/perl.c 17 | index 228a0d8..ed38313 100644 18 | --- a/perl.c 19 | +++ b/perl.c 20 | @@ -1825,6 +1825,7 @@ S_Internals_V(pTHX_ CV *cv) 21 | PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options, 22 | sizeof(non_bincompat_options) - 1, SVs_TEMP)); 23 | 24 | +#define PERL_BUILD_DATE "Jan 1 1970 00:00:00" 25 | #ifndef PERL_BUILD_DATE 26 | # ifdef __DATE__ 27 | # ifdef __TIME__ 28 | 29 | --- a/Configure 1970-01-01 01:00:00.000000000 +0100 30 | +++ b/Configure 2016-10-01 14:47:20.017319739 +0200 31 | @@ -3276,7 +3276,7 @@ $eunicefix tr 32 | : Try to determine whether config.sh was made on this system 33 | case "$config_sh" in 34 | '') 35 | -myuname=`$uname -a 2>/dev/null` 36 | +myuname=`$uname -s 2>/dev/null` 37 | $test -z "$myuname" && myuname=`hostname 2>/dev/null` 38 | # Downcase everything to avoid ambiguity. 39 | # Remove slashes and single quotes so we can use parts of this in 40 | @@ -3845,10 +3845,10 @@ 41 | . ./posthint.sh 42 | 43 | : who configured the system 44 | -cf_time=`LC_ALL=C; LANGUAGE=C; export LC_ALL; export LANGUAGE; $date 2>&1` 45 | +cf_time="1970-01-01" 46 | case "$cf_by" in 47 | "") 48 | - cf_by=`(logname) 2>/dev/null` 49 | + cf_by="guix" 50 | case "$cf_by" in 51 | "") 52 | cf_by=`(whoami) 2>/dev/null` 53 | -------------------------------------------------------------------------------- /perl/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: perl 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: patch 6 | steps: 7 | - sources: 8 | - url: https://www.cpan.org/src/5.0/perl-{{ .perl_version }}.tar.xz 9 | destination: perl.tar.xz 10 | sha256: "{{ .perl_sha256 }}" 11 | sha512: "{{ .perl_sha512 }}" 12 | env: 13 | SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }} 14 | prepare: 15 | - | 16 | tar -xJf perl.tar.xz --strip-components=1 17 | 18 | patch -p1 < /pkg/patches/reproducible-build-date.patch 19 | 20 | ./Configure -des \ 21 | -Dcccdlflags='-fPIC' \ 22 | -Dcccdlflags='-fPIC' \ 23 | -Dccdlflags='-rdynamic' \ 24 | -Dprefix=/usr \ 25 | -Dvendorprefix=/usr \ 26 | -Duselargefiles \ 27 | -Dusethreads \ 28 | -Duseshrplib \ 29 | -Dd_semctl_semun \ 30 | -Ud_csh \ 31 | -Dusenm \ 32 | -Dcf_email=buildkit@buildkitsandbox \ 33 | -Dmydomain=buildkitsandbox 34 | build: 35 | - | 36 | make -j $(nproc) 37 | install: 38 | - | 39 | make DESTDIR=/rootfs install.perl 40 | finalize: 41 | - from: /rootfs 42 | to: / 43 | -------------------------------------------------------------------------------- /pkg-config/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: pkg-config 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://pkg-config.freedesktop.org/releases/pkg-config-{{ .pkg_config_version }}.tar.gz 8 | destination: pkg-config.tar.gz 9 | sha256: "{{ .pkg_config_sha256 }}" 10 | sha512: "{{ .pkg_config_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xzf pkg-config.tar.gz --strip-components=1 14 | mkdir build 15 | cd build 16 | 17 | ../configure \ 18 | --prefix=/usr \ 19 | --with-internal-glib \ 20 | --disable-host-tool 21 | build: 22 | - | 23 | cd build 24 | make -j $(nproc) 25 | install: 26 | - | 27 | cd build 28 | make DESTDIR=/rootfs install 29 | finalize: 30 | - from: /rootfs 31 | to: / 32 | -------------------------------------------------------------------------------- /policycoreutils/patches/musl-fts.patch: -------------------------------------------------------------------------------- 1 | diff --git a/setfiles/Makefile b/setfiles/Makefile 2 | index 84ffb08b..31bc07db 100644 3 | --- a/setfiles/Makefile 4 | +++ b/setfiles/Makefile 5 | @@ -5,8 +5,11 @@ SBINDIR ?= /sbin 6 | MANDIR = $(PREFIX)/share/man 7 | AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) 8 | 9 | -CFLAGS ?= -g -Werror -Wall -W 10 | -override LDLIBS += -lselinux -lsepol -lpthread 11 | +# override with -lfts when building on Musl libc to use fts-standalone 12 | +FTS_LDLIBS ?= 13 | + 14 | +CFLAGS ?= -g -Werror -Wall -W $(FTS_LDLIBS) 15 | +override LDLIBS += -lselinux -lsepol -lpthread $(FTS_LDLIBS) 16 | 17 | ifeq ($(AUDITH), y) 18 | override CFLAGS += -DUSE_AUDIT 19 | -------------------------------------------------------------------------------- /policycoreutils/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: policycoreutils 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: patch 6 | - stage: musl-fts 7 | - stage: tools-pcre2 8 | - stage: tools-libsepol 9 | - stage: tools-libselinux 10 | steps: 11 | - sources: 12 | - url: https://github.com/SELinuxProject/selinux/releases/download/{{ .selinux_version }}/policycoreutils-{{ .selinux_version }}.tar.gz 13 | destination: policycoreutils.tar.gz 14 | sha256: "{{ .policycoreutils_sha256 }}" 15 | sha512: "{{ .policycoreutils_sha512 }}" 16 | prepare: 17 | - | 18 | tar -xzf policycoreutils.tar.gz --strip-components=1 19 | 20 | patch -p1 < /pkg/patches/musl-fts.patch 21 | build: 22 | - | 23 | make -j $(nproc) SUBDIRS=setfiles FTS_LDLIBS="-l:libfts.a -lpcre2-8" 24 | install: 25 | - | 26 | make install DESTDIR=/rootfs SBINDIR=/usr/bin SUBDIRS=setfiles 27 | finalize: 28 | - from: /rootfs 29 | to: / 30 | -------------------------------------------------------------------------------- /protobuf/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: protobuf 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: cmake 6 | - stage: abseil 7 | - stage: curl 8 | - stage: libuv 9 | - stage: tools-xz 10 | - stage: expat 11 | - stage: rhash 12 | steps: 13 | - sources: 14 | - url: https://github.com/protocolbuffers/protobuf/releases/download/v{{ .protobuf_version }}/protobuf-{{ .protobuf_version }}.tar.gz 15 | destination: protobuf.tar.gz 16 | sha256: "{{ .protobuf_sha256 }}" 17 | sha512: "{{ .protobuf_sha512 }}" 18 | prepare: 19 | - | 20 | tar -xzf protobuf.tar.gz --strip-components=1 21 | 22 | cmake . -Dprotobuf_BUILD_TESTS=OFF -Dprotobuf_ABSL_PROVIDER=package -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=lib 23 | build: 24 | - | 25 | make -j $(nproc) 26 | install: 27 | - | 28 | make DESTDIR=/rootfs install 29 | finalize: 30 | - from: /rootfs 31 | to: / 32 | -------------------------------------------------------------------------------- /protoc-gen-go-grpc/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: protoc-gen-go-grpc 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-ca-certificates 6 | steps: 7 | - sources: 8 | - url: https://github.com/grpc/grpc-go/archive/refs/tags/{{ .protoc_gen_go_grpc_version }}.tar.gz 9 | destination: grpc-go.tar.gz 10 | sha256: "{{ .protoc_gen_go_grpc_sha256 }}" 11 | sha512: "{{ .protoc_gen_go_grpc_sha512 }}" 12 | - network: default 13 | prepare: 14 | - | 15 | tar -xzf grpc-go.tar.gz --strip-components=1 16 | - | 17 | cd cmd/protoc-gen-go-grpc 18 | go mod download 19 | - network: none 20 | build: 21 | - | 22 | export GO111MODULE=on 23 | cd cmd/protoc-gen-go-grpc 24 | go build . 25 | install: 26 | - | 27 | mkdir -p /rootfs/usr/bin 28 | mv cmd/protoc-gen-go-grpc/protoc-gen-go-grpc /rootfs/usr/bin 29 | finalize: 30 | - from: /rootfs 31 | to: / 32 | -------------------------------------------------------------------------------- /protoc-gen-go/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: protoc-gen-go 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-ca-certificates 6 | steps: 7 | - sources: 8 | - url: https://github.com/protocolbuffers/protobuf-go/archive/refs/tags/{{ .protoc_gen_go_version }}.tar.gz 9 | destination: protobuf-go.tar.gz 10 | sha256: "{{ .protoc_gen_go_sha256 }}" 11 | sha512: "{{ .protoc_gen_go_sha512 }}" 12 | prepare: 13 | - | 14 | tar -xzf protobuf-go.tar.gz --strip-components=1 15 | build: 16 | - | 17 | export GO111MODULE=on 18 | cd cmd/protoc-gen-go 19 | go build . 20 | install: 21 | - | 22 | mkdir -p /rootfs/usr/bin 23 | mv cmd/protoc-gen-go/protoc-gen-go /rootfs/usr/bin 24 | finalize: 25 | - from: /rootfs 26 | to: / 27 | -------------------------------------------------------------------------------- /pyelftools/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: pyelftools 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: libffi 6 | - stage: python3 7 | - stage: python-setuptools 8 | - stage: tools-zlib 9 | steps: 10 | - sources: 11 | - url: https://github.com/eliben/pyelftools/archive/refs/tags/{{ .pyelftools_version }}.tar.gz 12 | destination: pyelftools.tar.gz 13 | sha256: "{{ .pyelftools_sha256 }}" 14 | sha512: "{{ .pyelftools_sha512 }}" 15 | prepare: 16 | - | 17 | tar -xzf pyelftools.tar.gz --strip-components=1 18 | build: 19 | - | 20 | python3 setup.py build 21 | install: 22 | - | 23 | python3 setup.py install --root=/rootfs 24 | # Determinism: remove all bytecode 25 | find /rootfs -type d -name __pycache__ -print0 | xargs -0 -I {} rm -rf "{}" 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /python-build/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: python-build 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://github.com/pypa/build/archive/refs/tags/{{ .python_build_version }}.tar.gz 8 | destination: python-build.tar.gz 9 | sha256: "{{ .python_build_sha256 }}" 10 | sha512: "{{ .python_build_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xzf python-build.tar.gz --strip-components=1 14 | install: 15 | - | 16 | mkdir -p /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages 17 | cp -rd src/build /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages/ 18 | finalize: 19 | - from: /rootfs 20 | to: / 21 | -------------------------------------------------------------------------------- /python-flit_core/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: python-flit_core 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://github.com/pypa/flit/archive/refs/tags/{{ .python_flit_core_version }}.tar.gz 8 | destination: python_flit_core.tar.gz 9 | sha256: "{{ .python_flit_core_sha256 }}" 10 | sha512: "{{ .python_flit_core_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xzf python_flit_core.tar.gz --strip-components=1 14 | install: 15 | - | 16 | mkdir -p /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages 17 | cp -rd flit_core/flit_core /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages/ 18 | finalize: 19 | - from: /rootfs 20 | to: / 21 | -------------------------------------------------------------------------------- /python-gpep517/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: python-gpep517 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://github.com/projg2/gpep517/archive/refs/tags/{{ .python_gpep517_version }}.tar.gz 8 | destination: python_gpep517.tar.gz 9 | sha256: "{{ .python_gpep517_sha256 }}" 10 | sha512: "{{ .python_gpep517_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xzf python_gpep517.tar.gz --strip-components=1 14 | install: 15 | - | 16 | mkdir -p /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages 17 | cp -rd gpep517 /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages/ 18 | finalize: 19 | - from: /rootfs 20 | to: / 21 | -------------------------------------------------------------------------------- /python-installer/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: python-installer 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://github.com/pypa/installer/archive/refs/tags/{{ .python_installer_version }}.tar.gz 8 | destination: python_installer.tar.gz 9 | sha256: "{{ .python_installer_sha256 }}" 10 | sha512: "{{ .python_installer_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xzf python_installer.tar.gz --strip-components=1 14 | install: 15 | - | 16 | mkdir -p /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages 17 | rm -rf src/installer/_scripts/*.exe 18 | cp -rd src/installer /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages/ 19 | finalize: 20 | - from: /rootfs 21 | to: / 22 | -------------------------------------------------------------------------------- /python-jinja2/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: python-jinja2 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: libffi 6 | - stage: python3 7 | - stage: python-build 8 | - stage: python-gpep517 9 | - stage: python-flit_core 10 | - stage: python-installer 11 | - stage: python-markupsafe 12 | - stage: tools-zlib 13 | steps: 14 | - sources: 15 | - url: https://github.com/pallets/jinja/archive/refs/tags/{{ .python_jinja2_version }}.tar.gz 16 | destination: jinja2.tar.gz 17 | sha256: "{{ .python_jinja2_sha256 }}" 18 | sha512: "{{ .python_jinja2_sha512 }}" 19 | prepare: 20 | - | 21 | tar -xzf jinja2.tar.gz --strip-components=1 22 | build: 23 | - | 24 | python3 -m gpep517 build-wheel --wheel-dir /tmp --output-fd 1 25 | install: 26 | - | 27 | python3 -m installer -d /rootfs /tmp/*.whl 28 | # Determinism: remove all bytecode 29 | find /rootfs -type d -name __pycache__ -print0 | xargs -0 -I {} rm -rf "{}" 30 | test: 31 | - | 32 | python3 -m installer /tmp/*.whl 33 | python3 -c "import jinja2" 34 | finalize: 35 | - from: /rootfs 36 | to: / 37 | -------------------------------------------------------------------------------- /python-markupsafe/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: python-markupsafe 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: libffi 6 | - stage: python3 7 | - stage: python-build 8 | - stage: python-gpep517 9 | - stage: python-flit_core 10 | - stage: python-installer 11 | - stage: python-setuptools 12 | - stage: tools-zlib 13 | steps: 14 | - sources: 15 | - url: https://github.com/pallets/markupsafe/archive/refs/tags/{{ .python_markupsafe_version }}.tar.gz 16 | destination: markupsafe.tar.gz 17 | sha256: "{{ .python_markupsafe_sha256 }}" 18 | sha512: "{{ .python_markupsafe_sha512 }}" 19 | prepare: 20 | - | 21 | tar -xzf markupsafe.tar.gz --strip-components=1 22 | build: 23 | - | 24 | python3 -m gpep517 build-wheel --wheel-dir /tmp --output-fd 1 25 | install: 26 | - | 27 | python3 -m installer -d /rootfs /tmp/*.whl 28 | # Determinism: remove all bytecode 29 | find /rootfs -type d -name __pycache__ -print0 | xargs -0 -I {} rm -rf "{}" 30 | test: 31 | - | 32 | python3 -m installer /tmp/*.whl 33 | python3 -c "import markupsafe" 34 | finalize: 35 | - from: /rootfs 36 | to: / 37 | -------------------------------------------------------------------------------- /python-packaging/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: python-packaging 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://github.com/pypa/packaging/archive/refs/tags/{{ .python_packaging_version }}.tar.gz 8 | destination: packaging.tar.gz 9 | sha256: "{{ .python_packaging_sha256 }}" 10 | sha512: "{{ .python_packaging_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xzf packaging.tar.gz --strip-components=1 14 | install: 15 | - | 16 | mkdir -p /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages 17 | cp -rd src/packaging /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages/ 18 | finalize: 19 | - from: /rootfs 20 | to: / 21 | -------------------------------------------------------------------------------- /python-setuptools/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: python-setuptools 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: libffi 6 | - stage: python3 7 | - stage: tools-zlib 8 | steps: 9 | - sources: 10 | - url: https://pypi.io/packages/source/s/setuptools/setuptools-{{ .python_setuptools_version }}.tar.gz 11 | destination: setuptools.tar.gz 12 | sha256: "{{ .python_setuptools_sha256 }}" 13 | sha512: "{{ .python_setuptools_sha512 }}" 14 | prepare: 15 | - | 16 | tar -xzf setuptools.tar.gz --strip-components=1 17 | build: 18 | - | 19 | python3 setup.py build 20 | install: 21 | - | 22 | python3 setup.py install --root=/rootfs 23 | rm /rootfs/usr/lib/python{{ .python_maj_min_version }}/site-packages/setuptools/*.exe 24 | # Determinism: remove all bytecode 25 | find /rootfs -type d -name __pycache__ -print0 | xargs -0 -I {} rm -rf "{}" 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /python3/patches/musl-find_library.patch: -------------------------------------------------------------------------------- 1 | diff -ru Python-2.7.12.orig/Lib/ctypes/util.py Python-2.7.12/Lib/ctypes/util.py 2 | --- Python-2.7.12.orig/Lib/ctypes/util.py 2016-06-26 00:49:30.000000000 +0300 3 | +++ Python-2.7.12/Lib/ctypes/util.py 2016-11-03 16:05:46.954665040 +0200 4 | @@ -204,6 +204,41 @@ 5 | def find_library(name, is64 = False): 6 | return _get_soname(_findLib_crle(name, is64) or _findLib_gcc(name)) 7 | 8 | + elif True: 9 | + 10 | + # Patched for Alpine Linux / musl - search manually system paths 11 | + def _is_elf(filepath): 12 | + try: 13 | + with open(filepath, 'rb') as fh: 14 | + return fh.read(4) == b'\x7fELF' 15 | + except: 16 | + return False 17 | + 18 | + def find_library(name): 19 | + from glob import glob 20 | + # absolute name? 21 | + if os.path.isabs(name): 22 | + return name 23 | + # special case for libm, libcrypt and libpthread and musl 24 | + if name in ['m', 'crypt', 'pthread']: 25 | + name = 'c' 26 | + elif name in ['libm.so', 'libcrypt.so', 'libpthread.so']: 27 | + name = 'libc.so' 28 | + # search in standard locations (musl order) 29 | + paths = ['/lib', '/usr/local/lib', '/usr/lib'] 30 | + if 'LD_LIBRARY_PATH' in os.environ: 31 | + paths = os.environ['LD_LIBRARY_PATH'].split(':') + paths 32 | + for d in paths: 33 | + f = os.path.join(d, name) 34 | + if _is_elf(f): 35 | + return os.path.basename(f) 36 | + 37 | + prefix = os.path.join(d, 'lib'+name) 38 | + for suffix in ['.so', '.so.*']: 39 | + for f in glob('{0}{1}'.format(prefix, suffix)): 40 | + if _is_elf(f): 41 | + return os.path.basename(f) 42 | + 43 | else: 44 | 45 | def _findSoname_ldconfig(name): 46 | -------------------------------------------------------------------------------- /python3/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: python3 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-zlib 6 | - stage: patch 7 | - stage: libffi 8 | - stage: tools-openssl 9 | - stage: pkg-config 10 | steps: 11 | - sources: 12 | - url: https://www.python.org/ftp/python/{{ .python_version }}/Python-{{ .python_version }}.tar.xz 13 | destination: python.tar.xz 14 | sha256: "{{ .python_sha256 }}" 15 | sha512: "{{ .python_sha512 }}" 16 | env: 17 | SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }} 18 | prepare: 19 | - | 20 | tar -xJf python.tar.xz --strip-components=1 21 | 22 | patch -p1 < /pkg/patches/musl-find_library.patch 23 | 24 | mkdir build 25 | cd build 26 | 27 | ../configure \ 28 | --prefix=/usr \ 29 | --with-ensurepip=install 30 | build: 31 | - | 32 | cd build 33 | make -j $(nproc) 34 | install: 35 | - | 36 | cd build 37 | make DESTDIR=/rootfs install 38 | 39 | # Determinism: remove all bytecode 40 | find /rootfs -type d -name __pycache__ -print0 | xargs -0 -I {} rm -rf "{}" 41 | finalize: 42 | - from: /rootfs 43 | to: / 44 | -------------------------------------------------------------------------------- /rhash/patches/byteorder.patch: -------------------------------------------------------------------------------- 1 | diff --git a/librhash/byte_order.h b/librhash/byte_order.h 2 | index 1ea1096..b248b57 100644 3 | --- a/librhash/byte_order.h 4 | +++ b/librhash/byte_order.h 5 | @@ -4,7 +4,7 @@ 6 | #include "ustd.h" 7 | #include 8 | 9 | -#if defined(__GLIBC__) 10 | +#if defined(__linux__) 11 | # include 12 | #endif 13 | #if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__APPLE__) 14 | -------------------------------------------------------------------------------- /rhash/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: rhash 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-openssl 6 | - stage: patch 7 | steps: 8 | - sources: 9 | - url: https://github.com/rhash/RHash/archive/refs/tags/{{ .rhash_version }}.tar.gz 10 | destination: rhash.tar.gz 11 | sha256: "{{ .rhash_sha256 }}" 12 | sha512: "{{ .rhash_sha512 }}" 13 | prepare: 14 | - | 15 | tar -xzf rhash.tar.gz --strip-components=1 16 | 17 | patch -p1 < /pkg/patches/byteorder.patch 18 | 19 | ./configure \ 20 | --prefix="/usr" \ 21 | --enable-openssl \ 22 | --disable-openssl-runtime 23 | 24 | build: 25 | - | 26 | make -j $(nproc) 27 | install: 28 | - | 29 | make DESTDIR=/rootfs install 30 | make DESTDIR=/rootfs install-lib-headers install-lib-shared install-lib-so-link 31 | finalize: 32 | - from: /rootfs 33 | to: / 34 | -------------------------------------------------------------------------------- /secilc/patches/disable-manpages.patch: -------------------------------------------------------------------------------- 1 | diff --git a/Makefile b/Makefile 2 | index ef7bc8cd..db1fc6c2 100644 3 | --- a/Makefile 4 | +++ b/Makefile 5 | @@ -28,7 +28,7 @@ CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align 6 | override CFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 7 | override LDLIBS += -lsepol 8 | 9 | -all: $(SECILC) $(SECIL2CONF) $(SECIL2TREE) man 10 | +all: $(SECILC) $(SECIL2CONF) $(SECIL2TREE) 11 | 12 | $(SECILC): $(SECILC_OBJS) 13 | $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS) 14 | @@ -56,15 +56,11 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml 15 | $(SECIL2TREE_MANPAGE): $(SECIL2TREE_MANPAGE).xml 16 | $(XMLTO) man $(SECIL2TREE_MANPAGE).xml 17 | 18 | -install: all man 19 | +install: all 20 | -mkdir -p $(DESTDIR)$(BINDIR) 21 | - -mkdir -p $(DESTDIR)$(MANDIR)/man8 22 | install -m 755 $(SECILC) $(DESTDIR)$(BINDIR) 23 | install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR) 24 | install -m 755 $(SECIL2TREE) $(DESTDIR)$(BINDIR) 25 | - install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8 26 | - install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8 27 | - install -m 644 $(SECIL2TREE_MANPAGE) $(DESTDIR)$(MANDIR)/man8 28 | 29 | doc: 30 | $(MAKE) -C docs 31 | -------------------------------------------------------------------------------- /secilc/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: secilc 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: patch 6 | - stage: tools-libsepol 7 | runtime: true 8 | steps: 9 | - sources: 10 | - url: https://github.com/SELinuxProject/selinux/releases/download/{{ .selinux_version }}/secilc-{{ .selinux_version }}.tar.gz 11 | destination: secilc.tar.gz 12 | sha256: "{{ .secilc_sha256 }}" 13 | sha512: "{{ .secilc_sha512 }}" 14 | prepare: 15 | - | 16 | tar -xzf secilc.tar.gz --strip-components=1 17 | patch -p1 < /pkg/patches/disable-manpages.patch 18 | build: 19 | - | 20 | make -j $(nproc) all 21 | install: 22 | - | 23 | make install DESTDIR=/rootfs PREFIX=/usr 24 | finalize: 25 | - from: /rootfs 26 | to: / 27 | -------------------------------------------------------------------------------- /sed/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: sed 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://ftp.gnu.org/gnu/sed/sed-{{ .sed_version }}.tar.xz 8 | destination: sed.tar.xz 9 | sha256: "{{ .sed_sha256 }}" 10 | sha512: "{{ .sed_sha512 }}" 11 | prepare: 12 | - | 13 | tar -xJf sed.tar.xz --strip-components=1 14 | mkdir build 15 | cd build 16 | ../configure \ 17 | --prefix=/usr 18 | build: 19 | - | 20 | cd build 21 | make -j $(nproc) 22 | install: 23 | - | 24 | cd build 25 | make DESTDIR=/rootfs install 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /swig/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: swig 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-zlib 6 | - stage: autoconf 7 | - stage: automake 8 | - stage: tools-pcre2 9 | - stage: bison 10 | steps: 11 | - sources: 12 | - url: https://github.com/swig/swig/archive/refs/tags/{{ .swig_version }}.tar.gz 13 | destination: swig.tar.gz 14 | sha256: "{{ .swig_sha256 }}" 15 | sha512: "{{ .swig_sha512 }}" 16 | prepare: 17 | - | 18 | tar -xzf swig.tar.gz --strip-components=1 19 | 20 | ./autogen.sh 21 | ./configure \ 22 | --prefix=/usr \ 23 | --without-maximum-compile-warnings 24 | build: 25 | - | 26 | make -j $(nproc) 27 | install: 28 | - | 29 | make DESTDIR=/rootfs install 30 | finalize: 31 | - from: /rootfs 32 | to: / 33 | -------------------------------------------------------------------------------- /texinfo/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: texinfo 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: perl 6 | steps: 7 | - sources: 8 | - url: https://ftp.gnu.org/gnu/texinfo/texinfo-{{ .texinfo_version }}.tar.xz 9 | destination: texinfo.tar.xz 10 | sha256: "{{ .texinfo_sha256 }}" 11 | sha512: "{{ .texinfo_sha512 }}" 12 | prepare: 13 | - | 14 | tar -xJf texinfo.tar.xz --strip-components=1 15 | mkdir build 16 | cd build 17 | ../configure \ 18 | --prefix=/usr 19 | build: 20 | - | 21 | cd build 22 | make -j $(nproc) 23 | install: 24 | - | 25 | cd build 26 | make DESTDIR=/rootfs install 27 | finalize: 28 | - from: /rootfs 29 | to: / 30 | -------------------------------------------------------------------------------- /tools-ca-certificates/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: tools-ca-certificates 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | steps: 6 | - sources: 7 | - url: https://curl.se/ca/cacert-2025-02-25.pem 8 | destination: cacert.pem 9 | sha256: 50a6277ec69113f00c5fd45f09e8b97a4b3e32daa35d3a95ab30137a55386cef 10 | sha512: e5fe41820460e6b65e8cd463d1a5f01b7103e1ef66cb75fedc15ebcba3ba6600d77e5e7c2ab94cbb1f11c63b688026a04422bbe2d7a861f7a988f67522ffae3c 11 | install: 12 | - | 13 | install -m644 -D cacert.pem /rootfs/etc/ssl/certs/ca-certificates 14 | test: 15 | - | 16 | fhs-validator /rootfs 17 | finalize: 18 | - from: /rootfs 19 | to: / 20 | -------------------------------------------------------------------------------- /tools-cpio/patches/gcc-10.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/global.c b/src/global.c 2 | index fb3abe9..acf92bc 100644 3 | --- a/src/global.c 4 | +++ b/src/global.c 5 | @@ -184,9 +184,6 @@ unsigned int warn_option = 0; 6 | /* Extract to standard output? */ 7 | bool to_stdout_option = false; 8 | 9 | -/* The name this program was run with. */ 10 | -char *program_name; 11 | - 12 | /* A pointer to either lstat or stat, depending on whether 13 | dereferencing of symlinks is done for input files. */ 14 | int (*xstat) (); 15 | -------------------------------------------------------------------------------- /tools-cpio/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: tools-cpio 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: autoconf 6 | - stage: patch 7 | steps: 8 | - sources: 9 | - url: https://ftp.gnu.org/gnu/cpio/cpio-{{ .cpio_version | replace "_" "." }}.tar.gz 10 | destination: cpio.tar.gz 11 | sha256: "{{ .cpio_sha256 }}" 12 | sha512: "{{ .cpio_sha512 }}" 13 | prepare: 14 | - | 15 | tar -xzf cpio.tar.gz --strip-components=1 16 | 17 | patch -p1 < /pkg/patches/gcc-10.patch 18 | 19 | mkdir build 20 | cd build 21 | ../configure \ 22 | --prefix=/usr 23 | build: 24 | - | 25 | cd build 26 | make -j $(nproc) 27 | install: 28 | - | 29 | cd build 30 | make DESTDIR=/rootfs install 31 | rm -rf /rootfs/usr/share 32 | test: 33 | - | 34 | fhs-validator /rootfs 35 | finalize: 36 | - from: /rootfs 37 | to: / 38 | -------------------------------------------------------------------------------- /tools-kmod/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: tools-kmod 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: meson 6 | - stage: pkg-config 7 | - stage: tools-xz 8 | - stage: tools-zstd 9 | - stage: ninja 10 | - stage: coreutils 11 | steps: 12 | - sources: 13 | - url: https://www.kernel.org/pub/linux/utils/kernel/kmod/kmod-{{ .kmod_version }}.tar.xz 14 | destination: kmod.tar.xz 15 | sha256: "{{ .kmod_sha256 }}" 16 | sha512: "{{ .kmod_sha512 }}" 17 | prepare: 18 | - | 19 | tar -xJf kmod.tar.xz --strip-components=1 20 | 21 | #patch -p1 < /pkg/patches/strndupa.patch 22 | 23 | meson setup --buildtype release \ 24 | -Ddlopen=all \ 25 | -Dzlib=disabled \ 26 | -Dmanpages=false \ 27 | -Dsbindir=bin \ 28 | -Dbashcompletiondir=no \ 29 | -Dfishcompletiondir=no \ 30 | -Dzshcompletiondir=no \ 31 | build/ 32 | build: 33 | - | 34 | meson compile -C build/ 35 | install: 36 | - | 37 | meson install -C build --destdir /rootfs 38 | test: 39 | - | 40 | fhs-validator /rootfs 41 | finalize: 42 | - from: /rootfs 43 | to: / 44 | -------------------------------------------------------------------------------- /tools-libcap/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: tools-libcap 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: bash 6 | - stage: patch 7 | steps: 8 | - sources: 9 | - url: https://kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-{{ .libcap_version }}.tar.xz 10 | destination: libcap.tar.xz 11 | sha256: "{{ .libcap_sha256 }}" 12 | sha512: "{{ .libcap_sha512 }}" 13 | prepare: 14 | - | 15 | tar -xf libcap.tar.xz --strip-components=1 16 | build: 17 | - | 18 | make PREFIX=/usr lib=/usr/lib sbin=/usr/bin -j $(nproc) 19 | install: 20 | - | 21 | make DESTDIR=/rootfs PREFIX=/usr lib=/usr/lib sbin=/usr/bin install 22 | rm -rf /rootfs/usr/share 23 | test: 24 | - | 25 | fhs-validator /rootfs 26 | finalize: 27 | - from: /rootfs 28 | to: / 29 | -------------------------------------------------------------------------------- /tools-libselinux/patches/0001-libselinux-exclude-requirement-for-etc-selinux.patch: -------------------------------------------------------------------------------- 1 | From d759ab08ab7cfa88afb5fcac749b08e8e26aeab3 Mon Sep 17 00:00:00 2001 2 | From: Dmitry Sharshakov 3 | Date: Fri, 4 Oct 2024 21:08:24 +0200 4 | Subject: [PATCH] libselinux: exclude requirement for /etc/selinux 5 | 6 | We don't use this directory in Talos but load a policy embedded in the init binary 7 | 8 | Signed-off-by: Dmitry Sharshakov 9 | --- 10 | src/enabled.c | 4 ---- 11 | src/init.c | 3 --- 12 | 2 files changed, 7 deletions(-) 13 | 14 | diff --git a/src/enabled.c b/src/enabled.c 15 | index fefb0bd9..3e56f981 100644 16 | --- a/src/enabled.c 17 | +++ b/src/enabled.c 18 | @@ -13,11 +13,7 @@ int is_selinux_enabled(void) 19 | /* init_selinuxmnt() gets called before this function. We 20 | * will assume that if a selinux file system is mounted, then 21 | * selinux is enabled. */ 22 | -#ifdef ANDROID 23 | return (selinux_mnt ? 1 : 0); 24 | -#else 25 | - return (selinux_mnt && has_selinux_config); 26 | -#endif 27 | } 28 | 29 | 30 | diff --git a/src/init.c b/src/init.c 31 | index 542c979b..46a83bfb 100644 32 | --- a/src/init.c 33 | +++ b/src/init.c 34 | @@ -148,9 +148,6 @@ static void init_lib(void) 35 | { 36 | selinux_page_size = sysconf(_SC_PAGE_SIZE); 37 | init_selinuxmnt(); 38 | -#ifndef ANDROID 39 | - has_selinux_config = (access(SELINUXCONFIG, F_OK) == 0); 40 | -#endif 41 | } 42 | 43 | static void fini_lib(void) __attribute__ ((destructor)); 44 | -- 45 | 2.46.1 46 | 47 | -------------------------------------------------------------------------------- /tools-libselinux/patches/musl-lstat.patch: -------------------------------------------------------------------------------- 1 | Patch from https://bugs.gentoo.org/905711#c10 to build with musl 2 | 3 | diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c 4 | index bc6ed935..3bc0d8dd 100644 5 | --- a/src/selinux_restorecon.c 6 | +++ b/src/selinux_restorecon.c 7 | @@ -438,7 +438,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file, 8 | file_spec_t *prevfl, *fl; 9 | uint32_t h; 10 | int ret; 11 | - struct stat64 sb; 12 | + struct stat sb; 13 | 14 | __pthread_mutex_lock(&fl_mutex); 15 | 16 | @@ -452,7 +452,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file, 17 | for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; 18 | prevfl = fl, fl = fl->next) { 19 | if (ino == fl->ino) { 20 | - ret = lstat64(fl->file, &sb); 21 | + ret = lstat(fl->file, &sb); 22 | if (ret < 0 || sb.st_ino != ino) { 23 | freecon(fl->con); 24 | free(fl->file); 25 | -------------------------------------------------------------------------------- /tools-libselinux/patches/selabel-digest-uninit.patch: -------------------------------------------------------------------------------- 1 | diff --git a/utils/selabel_digest.c b/utils/selabel_digest.c 2 | index 47aad21f..c574d3fd 100644 3 | --- a/utils/selabel_digest.c 4 | +++ b/utils/selabel_digest.c 5 | @@ -65,7 +65,7 @@ int main(int argc, char **argv) 6 | size_t digest_len, i, num_specfiles; 7 | 8 | char cmd_buf[4096]; 9 | - char *cmd_ptr; 10 | + char *cmd_ptr = NULL; 11 | char *sha1_buf = NULL; 12 | 13 | struct selabel_handle *hnd; 14 | -------------------------------------------------------------------------------- /tools-libselinux/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: tools-libselinux 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: coreutils 6 | - stage: patch 7 | - stage: musl-fts 8 | - stage: tools-libsepol 9 | - stage: tools-pcre2 10 | - stage: pkg-config 11 | steps: 12 | - sources: 13 | - url: https://github.com/SELinuxProject/selinux/releases/download/{{ .selinux_version }}/libselinux-{{ .selinux_version }}.tar.gz 14 | destination: libselinux.tar.gz 15 | sha256: "{{ .libselinux_sha256 }}" 16 | sha512: "{{ .libselinux_sha512 }}" 17 | prepare: 18 | - | 19 | tar -xzf libselinux.tar.gz --strip-components=1 20 | 21 | patch -p1 < /pkg/patches/musl-lstat.patch 22 | patch -p1 < /pkg/patches/selabel-digest-uninit.patch 23 | patch -p1 < /pkg/patches/0001-libselinux-exclude-requirement-for-etc-selinux.patch 24 | build: 25 | - | 26 | make -j $(nproc) FTS_LDLIBS="-l:libfts.a" SUBDIRS="include src" SHLIBDIR=/usr/lib 27 | install: 28 | - | 29 | make install DESTDIR=/rootfs SUBDIRS="include src" SHLIBDIR=/usr/lib 30 | test: 31 | - | 32 | fhs-validator /rootfs 33 | finalize: 34 | - from: /rootfs 35 | to: / 36 | -------------------------------------------------------------------------------- /tools-libsepol/patches/dont-build-utils.patch: -------------------------------------------------------------------------------- 1 | diff --git a/Makefile b/Makefile 2 | index 5b5d03e2..5744d7a4 100644 3 | --- a/Makefile 4 | +++ b/Makefile 5 | @@ -4,26 +4,21 @@ export DISABLE_CIL 6 | 7 | all: 8 | $(MAKE) -C src 9 | - $(MAKE) -C utils 10 | 11 | install: 12 | $(MAKE) -C include install 13 | $(MAKE) -C src install 14 | - $(MAKE) -C utils install 15 | - $(MAKE) -C man install 16 | 17 | relabel: 18 | $(MAKE) -C src relabel 19 | 20 | clean: 21 | $(MAKE) -C src clean 22 | - $(MAKE) -C utils clean 23 | $(MAKE) -C tests clean 24 | 25 | indent: 26 | $(MAKE) -C src $@ 27 | $(MAKE) -C include $@ 28 | - $(MAKE) -C utils $@ 29 | 30 | test: 31 | $(MAKE) -C tests test 32 | -------------------------------------------------------------------------------- /tools-libsepol/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: tools-libsepol 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: coreutils 6 | - stage: patch 7 | - stage: flex 8 | - stage: m4 9 | steps: 10 | - sources: 11 | - url: https://github.com/SELinuxProject/selinux/releases/download/{{ .selinux_version }}/libsepol-{{ .selinux_version }}.tar.gz 12 | destination: libsepol.tar.gz 13 | sha256: "{{ .libsepol_sha256 }}" 14 | sha512: "{{ .libsepol_sha512 }}" 15 | prepare: 16 | - | 17 | tar -xzf libsepol.tar.gz --strip-components=1 18 | # Do not build CLI utilities we do not use 19 | patch -p1 < /pkg/patches/dont-build-utils.patch 20 | build: 21 | - | 22 | make -j $(nproc) SHLIBDIR=/usr/lib 23 | install: 24 | - | 25 | make install DESTDIR=/rootfs SHLIBDIR=/usr/lib 26 | test: 27 | - | 28 | fhs-validator /rootfs 29 | finalize: 30 | - from: /rootfs 31 | to: / 32 | -------------------------------------------------------------------------------- /tools-openssl/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: tools-openssl 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: perl 6 | steps: 7 | - sources: 8 | - url: https://www.openssl.org/source/openssl-{{.openssl_version }}.tar.gz 9 | destination: openssl.tar.gz 10 | sha256: "{{ .openssl_sha256 }}" 11 | sha512: "{{ .openssl_sha512 }}" 12 | env: 13 | SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }} 14 | prepare: 15 | - | 16 | mkdir openssl 17 | tar -xzf openssl.tar.gz --strip-components=1 -C openssl 18 | 19 | cd openssl 20 | 21 | perl ./Configure \ 22 | linux-${ARCH} \ 23 | --prefix=/usr \ 24 | --libdir=lib \ 25 | --openssldir=/etc/ssl3.1 \ 26 | shared \ 27 | no-zlib \ 28 | no-async \ 29 | no-comp \ 30 | no-idea \ 31 | no-mdc2 \ 32 | no-rc5 \ 33 | no-ec2m \ 34 | no-sm2 \ 35 | no-sm4 \ 36 | no-ssl3 \ 37 | no-seed \ 38 | no-weak-ssl-ciphers 39 | 40 | build: 41 | - | 42 | cd openssl 43 | make -j $(nproc) build_sw 44 | install: 45 | - | 46 | cd openssl 47 | make DESTDIR=/rootfs install_sw 48 | test: 49 | - | 50 | fhs-validator /rootfs 51 | finalize: 52 | - from: /rootfs 53 | to: / 54 | -------------------------------------------------------------------------------- /tools-pcre2/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: tools-pcre2 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-zlib 6 | - stage: bzip2 7 | steps: 8 | - sources: 9 | - url: https://github.com/PCRE2Project/pcre2/releases/download/pcre2-{{ .pcre2_version }}/pcre2-{{ .pcre2_version }}.tar.bz2 10 | destination: pcre.tar.bz2 11 | sha256: "{{ .pcre2_sha256 }}" 12 | sha512: "{{ .pcre2_sha512 }}" 13 | prepare: 14 | - | 15 | tar -xjf pcre.tar.bz2 --strip-components=1 16 | mkdir build 17 | cd build 18 | ../configure \ 19 | --prefix=/usr \ 20 | --enable-unicode-properties \ 21 | --enable-pcre216 \ 22 | --enable-pcre232 \ 23 | --enable-pcre2grep-libz \ 24 | --enable-pcre2grep-libbz2 \ 25 | --disable-static 26 | build: 27 | - | 28 | cd build 29 | make -j $(nproc) 30 | install: 31 | - | 32 | cd build 33 | make DESTDIR=/rootfs install 34 | rm -rf /rootfs/usr/share 35 | test: 36 | - | 37 | fhs-validator /rootfs 38 | finalize: 39 | - from: /rootfs 40 | to: / 41 | -------------------------------------------------------------------------------- /tools-squashfs-tools/patches/fix-compat.patch: -------------------------------------------------------------------------------- 1 | --- squashfs4.3.orig/squashfs-tools/action.c 2 | +++ squashfs4.3/squashfs-tools/action.c 3 | @@ -1905,6 +1905,9 @@ 4 | return 1; 5 | } 6 | 7 | +#ifndef FNM_EXTMATCH 8 | +#define FNM_EXTMATCH 0 9 | +#endif 10 | 11 | TEST_FN(name, ACTION_ALL_LNK, \ 12 | return fnmatch(atom->argv[0], action_data->name, 13 | -------------------------------------------------------------------------------- /tools-squashfs-tools/pkg.yaml: -------------------------------------------------------------------------------- 1 | name: tools-squashfs-tools 2 | variant: scratch 3 | dependencies: 4 | - stage: base 5 | - stage: tools-xz 6 | - stage: tools-zlib 7 | - stage: tools-zstd 8 | - stage: patch 9 | steps: 10 | - sources: 11 | - url: https://github.com/plougher/squashfs-tools/archive/refs/tags/{{ .squashfs_tools_version }}.tar.gz 12 | destination: squashfs.tar.gz 13 | sha256: "{{ .squashfs_tools_sha256 }}" 14 | sha512: "{{ .squashfs_tools_sha512 }}" 15 | prepare: 16 | - | 17 | tar -xf squashfs.tar.gz --strip-components=1 18 | 19 | patch -p1