├── .gitattributes ├── .github └── workflows │ ├── ci.yml │ ├── generate.sh │ ├── update.yml │ ├── verify-artifacts.yml │ └── version-components.jq ├── .gitignore ├── .gsl-common ├── gsl-latest.sh └── gsl-version-env.sh ├── .libs ├── deb-repo.sh ├── git.sh ├── hooks.sh ├── lib.jq └── pypi.sh ├── .test ├── config.sh └── tests │ ├── buildkitd │ └── run.sh │ ├── c8dind │ └── run.sh │ └── true │ ├── expected-std-out.txt │ └── run.sh ├── LICENSE ├── README.md ├── adsb ├── acarsdec │ ├── Dockerfile │ ├── Dockerfile.template │ ├── docker-entrypoint.sh │ ├── versions.json │ └── versions.sh ├── gsl.sh └── readsb │ ├── Dockerfile │ ├── Dockerfile.template │ ├── docker-entrypoint.sh │ ├── versions.json │ └── versions.sh ├── apply-templates.sh ├── backblaze-b2 ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── beets ├── Dockerfile ├── Dockerfile.template ├── README.md ├── gsl.sh ├── versions.json └── versions.sh ├── buildkit ├── Dockerfile ├── Dockerfile.0.13 ├── Dockerfile.0.16 ├── Dockerfile.rc ├── Dockerfile.template ├── argsescaped-0.13.patch ├── argsescaped.patch ├── backport-4727-index-mediaType.patch ├── backport-5072-fetch-tags.patch ├── backport-5096-fix-umask.patch ├── backport-5372-sbom-args.patch ├── backport-5441-fetch-by-commit-0.13.patch ├── backport-5441-fetch-by-commit.patch ├── backport-moby-48455-fix-riscv64-seccomp.patch ├── build-and-push.sh ├── buildkitd-entrypoint.sh ├── containerd-arm64-v8-pre-0.15.patch ├── containerd-arm64-v8-pre-0.19.patch ├── containerd-arm64-v8.patch ├── git-no-submodules-pre-0.21.patch ├── git-no-submodules.patch ├── gsl.sh ├── mips64le-pre-0.16.patch ├── mips64le.patch ├── noclip.patch ├── nolint.patch ├── versions.json └── versions.sh ├── containerd ├── Dockerfile ├── Dockerfile.1.6 ├── Dockerfile.1.7 ├── Dockerfile.rc ├── Dockerfile.template ├── README.md ├── docker-entrypoint.sh ├── gsl.sh ├── versions.json └── versions.sh ├── coredns ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── cygwin ├── Dockerfile.1809 ├── Dockerfile.ltsc2022 ├── Dockerfile.ltsc2025 ├── Dockerfile.template ├── build.sh ├── gsl.sh ├── latest.yml ├── versions.json └── versions.sh ├── diffoscope ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── docker-desktop ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json ├── virtiofsd-237.patch └── virtiofsd.patch ├── docker-master ├── Dockerfile ├── Dockerfile.containerd ├── Dockerfile.template ├── docker-entrypoint.sh ├── dockerd-entrypoint.sh ├── gsl.sh ├── modprobe.sh ├── versions.json └── versions.sh ├── exim4 ├── Dockerfile ├── README.md ├── docker-entrypoint.sh ├── gsl.sh └── set-exim4-update-conf ├── firefox ├── Dockerfile ├── Dockerfile.template ├── firefox.png ├── gsl.sh ├── versions.json └── versions.sh ├── gitlab ├── Jenkinsfile ├── README.md └── retag.sh ├── gsl-libs.sh ├── handbrake ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── hell-win ├── Jenkinsfile └── mirror.sh ├── infosiftr-moby ├── Dockerfile ├── Dockerfile.template ├── Dockerfile.trixie ├── docker-entrypoint.sh ├── dockerd-entrypoint.sh ├── gsl.sh ├── modprobe.sh ├── versions.json └── versions.sh ├── jenkins ├── Dockerfile.lts ├── Dockerfile.template ├── Dockerfile.weekly ├── gsl.sh ├── lts │ ├── Dockerfile │ └── docker-entrypoint.sh ├── versions.json ├── versions.sh └── weekly │ ├── Dockerfile │ └── docker-entrypoint.sh ├── lutris ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── makemkv ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── microsoft-edge ├── Dockerfile.template ├── beta │ ├── Dockerfile │ ├── logo.png │ ├── versions.json │ └── versions.sh ├── dev │ ├── Dockerfile │ ├── logo.png │ ├── versions.json │ └── versions.sh ├── gsl.sh ├── stable │ ├── Dockerfile │ ├── logo.png │ ├── versions.json │ └── versions.sh └── versions.sh ├── mojo ├── Dockerfile └── gsl.sh ├── mutt-gmail ├── Dockerfile ├── README.md ├── entrypoint.sh ├── gsl.sh ├── muttrc └── vimrc ├── network-toolbox ├── alpine │ └── Dockerfile ├── debian │ └── Dockerfile └── gsl.sh ├── nolibc ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── parallel.sh ├── perl ├── Dockerfile └── gsl.sh ├── plex ├── gsl.sh └── media-server │ ├── Dockerfile │ ├── Dockerfile.template │ ├── docker-entrypoint.sh │ ├── run.sh │ ├── versions.json │ └── versions.sh ├── prometheus ├── Dockerfile ├── Dockerfile.template ├── alertmanager │ ├── Dockerfile │ ├── Dockerfile.template │ ├── docker-entrypoint.sh │ ├── versions.json │ └── versions.sh ├── blackbox-exporter │ ├── Dockerfile │ ├── Dockerfile.template │ ├── versions.json │ └── versions.sh ├── docker-entrypoint.sh ├── gsl.sh ├── hooks.sh ├── node-exporter │ ├── Dockerfile │ ├── Dockerfile.template │ ├── versions.json │ └── versions.sh ├── versions.json └── versions.sh ├── rtl-433 ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── rtorrent ├── Dockerfile ├── README.md ├── gsl.sh ├── rtorrent.rc └── run.sh ├── signal-desktop ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── slack ├── Dockerfile ├── Dockerfile.template ├── browser.sh ├── gsl.sh ├── slack.svg ├── versions.json └── versions.sh ├── sleeping-beauty ├── Dockerfile ├── Dockerfile.nolibc ├── Makefile ├── gsl.sh ├── sleeping-beauty ├── sleeping-beauty.asm └── sleeping-beauty.c ├── speedtest ├── Dockerfile ├── Dockerfile.template ├── README.md ├── docker-entrypoint.sh ├── gsl.sh ├── versions.json └── versions.sh ├── steam ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── tailscale ├── Dockerfile ├── Dockerfile.template ├── versions.json └── versions.sh ├── tinygo ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── toybox ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── true ├── .gitignore ├── Dockerfile ├── Dockerfile.all ├── Dockerfile.yolo ├── Makefile ├── build-all.sh ├── gsl.sh ├── oci.sh ├── oci │ ├── blobs │ │ └── sha256 │ │ │ ├── 1c51fc286aa95d9413226599576bafa38490b1e292375c90de095855b64caea6 │ │ │ ├── 25be82253336f0b8c4347bc4ecbbcdc85d0e0f118ccf8dc2e119c0a47a0a486e │ │ │ └── 9ef42f1d602fb423fad935aac1caa0cfdbce1ad7edce64d080a4eb7b13f7cd9d │ ├── config.json │ ├── image-manifest.json │ ├── index.json │ ├── oci-layout │ ├── rootfs.tar │ └── rootfs.tar.gz ├── true-asm ├── true-yolo ├── true-yolo.asm ├── true.asm ├── true.c ├── true.go ├── true.rs └── yoloci │ ├── blobs │ └── sha256 │ │ ├── 9640fb911d45e3070a35d8eb018380e2efa879acad3b0c74d0c91ed53369177f │ │ ├── d80756958759f24eb147154bb1ffeabaf2aeb88b659c64dcaa906c97b4da0cbc │ │ └── e759af11fe110511ea6b3f02512de70861e9fccd669a14a33a2bb6a04b70aadf │ ├── config.json │ ├── image-manifest.json │ ├── index.json │ ├── oci-layout │ ├── rootfs.tar │ └── rootfs.tar.gz ├── update.sh ├── versions.sh ├── vultr-cli ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── weechat ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── wine ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── versions.json └── versions.sh ├── ymlfmt ├── Dockerfile ├── Dockerfile.template ├── gsl.sh ├── test-in.yml ├── test-out.yml ├── versions.json ├── versions.sh └── ymlfmt └── zoom ├── Dockerfile ├── Dockerfile.template ├── browser.sh ├── gsl.sh ├── versions.json ├── versions.sh └── zoom.png /.gitattributes: -------------------------------------------------------------------------------- 1 | Dockerfile* linguist-language=Dockerfile 2 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: GitHub CI 2 | 3 | on: 4 | pull_request: 5 | push: 6 | workflow_dispatch: 7 | schedule: 8 | - cron: 0 0 * * 0 9 | 10 | defaults: 11 | run: 12 | shell: 'bash -Eeuo pipefail -x {0}' 13 | 14 | concurrency: 15 | group: ${{ github.workflow }}-${{ github.ref }} 16 | cancel-in-progress: true 17 | 18 | permissions: 19 | contents: read 20 | 21 | jobs: 22 | 23 | generate-jobs: 24 | name: Generate Jobs 25 | runs-on: ubuntu-latest 26 | outputs: 27 | strategy: ${{ steps.generate-jobs.outputs.strategy }} 28 | steps: 29 | - uses: actions/checkout@v4 30 | - uses: tianon/bashbrew@tianon 31 | - id: generate-jobs 32 | name: Generate Jobs 33 | run: | 34 | strategy="$(.github/workflows/generate.sh)" 35 | 36 | EOF="EOF-$RANDOM-$RANDOM-$RANDOM" 37 | echo "strategy<<$EOF" >> "$GITHUB_OUTPUT" 38 | jq <<<"$strategy" . | tee -a "$GITHUB_OUTPUT" 39 | echo "$EOF" >> "$GITHUB_OUTPUT" 40 | 41 | test: 42 | needs: generate-jobs 43 | strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }} 44 | name: ${{ matrix.name }} 45 | runs-on: ${{ matrix.os }} 46 | steps: 47 | - uses: actions/checkout@v4 48 | # TODO something clever with https://github.com/marketplace/actions/changed-files 49 | - name: Prepare Environment 50 | run: ${{ matrix.runs.prepare }} 51 | - name: Pull Dependencies 52 | run: ${{ matrix.runs.pull }} 53 | - name: Build ${{ matrix.name }} 54 | run: ${{ matrix.runs.build }} 55 | - name: History ${{ matrix.name }} 56 | run: ${{ matrix.runs.history }} 57 | - name: Test ${{ matrix.name }} 58 | run: ${{ matrix.runs.test }} 59 | - name: '"docker images"' 60 | run: ${{ matrix.runs.images }} 61 | -------------------------------------------------------------------------------- /.github/workflows/verify-artifacts.yml: -------------------------------------------------------------------------------- 1 | name: Verify Artifacts 2 | 3 | on: 4 | pull_request: 5 | push: 6 | workflow_dispatch: 7 | 8 | defaults: 9 | run: 10 | shell: 'bash -Eeuo pipefail -x {0}' 11 | 12 | concurrency: 13 | group: ${{ github.workflow }}-${{ github.ref }} 14 | cancel-in-progress: true 15 | 16 | permissions: 17 | contents: read 18 | 19 | jobs: 20 | apply-templates: 21 | strategy: 22 | fail-fast: false 23 | matrix: 24 | include: 25 | 26 | - name: Apply Templates 27 | run: ./parallel.sh apply-templates.sh 28 | 29 | - name: '"true" binaries' 30 | run: | 31 | cd 'true' 32 | docker build --pull --tag 'tianon/true:builder' --target asm --file Dockerfile.all . 33 | for binary in \ 34 | 'true-asm' \ 35 | 'true-yolo' \ 36 | ; do 37 | test -s "$binary" 38 | rm -v "$binary" 39 | docker run --rm 'tianon/true:builder' tar -cC '/true' "$binary" | tar -xv 40 | test -s "$binary" 41 | done 42 | 43 | - name: '"true" OCI images' 44 | run: | 45 | cd 'true' 46 | test -d oci 47 | test -d yoloci 48 | rm -rv oci yoloci 49 | ./oci.sh oci 'true-asm' 50 | ./oci.sh yoloci 'true-yolo' 51 | fetchAllCommits: true # we need more commits to get the right "created" values 52 | 53 | name: ${{ matrix.name }} 54 | runs-on: ubuntu-latest 55 | steps: 56 | 57 | - uses: actions/checkout@v4 58 | with: 59 | fetch-depth: ${{ !matrix.fetchAllCommits && 1 || 0 }} 60 | 61 | - name: ${{ matrix.name }} 62 | run: ${{ matrix.run }} 63 | 64 | - name: Git Diff 65 | run: git diff --exit-code 66 | -------------------------------------------------------------------------------- /.github/workflows/version-components.jq: -------------------------------------------------------------------------------- 1 | # given input like a "versions.json", output a json array of relevant "version" fields with paths: 2 | # in: {"foo":{"version":"4.5.6"},"version":"1.2.3"} 3 | # out: ["1.2.3","foo 4.5.6"] 4 | # (see also "update.yml") 5 | 6 | [ 7 | path(.. | select(type == "object" and has("version"))) as $path 8 | | [ 9 | $path[], 10 | getpath($path).version 11 | ] 12 | ] 13 | # TODO perhaps figure out a way to "coalesce" components with the same version number? 14 | | sort_by(length != 1) # make sure "top level" version is first in the list, but everything else in file order (sort_by is stable) 15 | | map( 16 | # for cases like ["1.6","1.6.X"] or ["1.6.X","1.6.X"], this trims off the excess duplicate 17 | if length >= 2 and (.[-2] as $lead | .[-1] | . == $lead or startswith($lead)) then 18 | [ .[0:-2][], .[-1] ] 19 | else . end 20 | ) 21 | | map(join(" ")) 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.jq-template.awk 2 | -------------------------------------------------------------------------------- /.gsl-common/gsl-latest.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | tagsEntry "$dir" latest 12 | -------------------------------------------------------------------------------- /.gsl-common/gsl-version-env.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | env="${dir^^}_VERSION" 12 | env="${env//-/_}" 13 | versionedEnvTagsEntry "$dir" "$env" latest 14 | -------------------------------------------------------------------------------- /.libs/deb-repo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | # TODO implement "hooks.sh" 5 | 6 | deb-repo() { 7 | [ -n "$uri" ] 8 | [ -n "$suite" ] 9 | #[ -n "$component" ] # if suite ends with /, this is optional 10 | : "${arch:=amd64}" 11 | [ -n "$package" ] 12 | 13 | _deb-repo_packages() { 14 | local packages 15 | if [[ "$suite" == */ ]]; then 16 | [ -z "${component:-}" ] 17 | packages="$uri/${suite}Packages" 18 | else 19 | [ -n "$component" ] 20 | packages="$uri/dists/$suite/$component/binary-$arch/Packages" 21 | fi 22 | { wget -qO- "$packages.xz" | xz -d 2>/dev/null; } \ 23 | || { wget -qO- "$packages.bz2" | bunzip2 2>/dev/null; } \ 24 | || { wget -qO- "$packages.gz" | gunzip 2>/dev/null; } \ 25 | || { wget -qO- "$packages.zstd" | zstd -d 2>/dev/null; } \ 26 | || wget -qO- "$packages" 27 | } 28 | 29 | local versions 30 | versions="$( 31 | _deb-repo_packages | gawk -F ':[[:space:]]+' -v package="$package" ' 32 | function do_the_thing() { if (pkg == package) { printf "%s;%s;%s\n", ver, sha256, filename }; pkg = ver = sha256 = filename = "" } 33 | $1 == "Package" { do_the_thing(); pkg = $2 } 34 | $1 == "Version" { ver = $2 } 35 | $1 == "SHA256" { sha256 = $2 } 36 | $1 == "Filename" { filename = $2 } 37 | END { do_the_thing() } 38 | ' | sort -rV 39 | )" 40 | local line 41 | line="$(head -1 <<<"$versions")" # TODO some way to get *not* the latest version? 42 | if [ -z "$line" ]; then 43 | echo >&2 "error: failed to find a version for '$package' in '$uri' (suite '$suite'${component:+, comp '$component'}, arch '$arch')" 44 | return 1 45 | fi 46 | local version="${line%%;*}" 47 | [ "$version" != "$line" ] || return 1 48 | line="${line#$version;}" 49 | local sha256="${line%%;*}" 50 | [ "$sha256" != "$line" ] || return 1 51 | line="${line#$sha256;}" 52 | local filename="$line" 53 | 54 | echo >&2 "deb $package: $version ($filename)" 55 | # TODO gather "supported arches" list 56 | 57 | # TODO include $package (so the template can use it) 58 | # TODO pre-split version apart into more useful parts (epoch, upstream, debian revision) 59 | jq -nS --arg version "$version" --arg sha256 "$sha256" --arg filename "$filename" --arg uri "$uri" ' 60 | { 61 | $version, 62 | $sha256, 63 | $filename, 64 | url: ($uri | rtrimstr("/") + "/" + ($filename | ltrimstr("/"))), 65 | } 66 | ' 67 | } 68 | -------------------------------------------------------------------------------- /.libs/hooks.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | # usage: 5 | # versions_loop_setvars() { ...; } # something that takes one one loop var and sets "version" and "json" appropriately 6 | # versions_loop 'static-type' "$identifier" "${loopers[@]}" 7 | # unset versions_loop_setvars # optional, but good practice -- alternatively, define/invoke in a subshell 8 | declare -ag versions_hooks # a list of function names 9 | versions_loop() { 10 | local type="$1"; shift 11 | local identifier="$1"; shift 12 | 13 | local loop version json found= 14 | for loop; do 15 | versions_loop_setvars "$loop" || return "$?" 16 | 17 | local extra versions_hook 18 | for versions_hook in "${versions_hooks[@]}"; do 19 | if ! extra="$("$versions_hook" "$type" "$identifier" "$version" "$json")"; then 20 | echo >&2 "skipping $type $identifier: $version (${versions_hook#hook_})" 21 | continue 2 22 | fi 23 | if [ -n "$extra" ]; then 24 | json="$(jq <<<"$json" --argjson extra "$extra" '. += $extra')" || return "$?" 25 | fi 26 | done 27 | 28 | found=1 29 | break 30 | done 31 | 32 | if [ -z "$found" ]; then 33 | echo >&2 "$type $identifier: not found!" 34 | return 1 35 | fi 36 | 37 | echo >&2 "$type $identifier: $version" 38 | 39 | printf '%s\n' "$json" 40 | } 41 | 42 | # usage: 43 | # versions_hooks+=( hook_no-prereleases ) 44 | hook_no-prereleases() { 45 | case "$3" in 46 | *[0-9.-]rc* | *[0-9.-]alpha* | *[0-9.-]beta* | *[0-9.-]rc* | *[0-9.-]dev*) return 1 ;; 47 | esac 48 | } 49 | 50 | # usage: 51 | # hook_pin_version='1.2.3' 52 | # versions_hooks+=( hook_pin-version ) 53 | hook_pin-version() { 54 | [ "$3" = "$hook_pin_version" ] 55 | } 56 | -------------------------------------------------------------------------------- /.libs/lib.jq: -------------------------------------------------------------------------------- 1 | def unique_unsorted: 2 | # https://unix.stackexchange.com/a/738744/153467 3 | reduce .[] as $a ([]; if IN(.[]; $a) then . else . += [$a] end) 4 | ; 5 | def intersection: 6 | # add all arrays together and bit-by-bit remove anything unique from each array 7 | reduce .[] as $arr (add | unique_unsorted; . - (. - $arr)) 8 | ; 9 | def deb_arch: 10 | { 11 | # https://salsa.debian.org/dpkg-team/dpkg/-/blob/main/data/cputable 12 | # https://wiki.debian.org/ArchitectureSpecificsMemo#Architecture_baselines 13 | # http://deb.debian.org/debian/dists/unstable/main/ 14 | # http://deb.debian.org/debian/dists/stable/main/ 15 | # https://deb.debian.org/debian-ports/dists/unstable/main/ 16 | amd64: "amd64", 17 | arm32v5: "armel", 18 | arm32v7: "armhf", 19 | arm64v8: "arm64", 20 | i386: "i386", 21 | mips64le: "mips64el", 22 | ppc64le: "ppc64el", 23 | riscv64: "riscv64", 24 | s390x: "s390x", 25 | }[.] 26 | ; 27 | def apk_arch: 28 | { 29 | # https://dl-cdn.alpinelinux.org/alpine/edge/main/ 30 | # https://dl-cdn.alpinelinux.org/alpine/latest-stable/main/ 31 | amd64: "x86_64", 32 | arm32v6: "armhf", 33 | arm32v7: "armv7", 34 | arm64v8: "aarch64", 35 | i386: "x86", 36 | ppc64le: "ppc64le", 37 | riscv64: "riscv64", 38 | s390x: "s390x", 39 | }[.] 40 | ; 41 | -------------------------------------------------------------------------------- /.libs/pypi.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | _libsDir="$(dirname "$BASH_SOURCE")" 5 | source "$_libsDir/hooks.sh" 6 | unset _libsDir 7 | 8 | pypi() { 9 | local package="$1"; shift 10 | [ -n "$package" ] 11 | 12 | local json 13 | json="$(wget -qO- --header 'Accept: application/vnd.pypi.simple.v1+json' "https://pypi.org/simple/$package/")" || return "$?" 14 | 15 | local versions 16 | versions="$(jq <<<"$json" -r '.versions | reverse | map(@sh) | join(" ")')" || return "$?" 17 | eval "versions=( $versions )" 18 | 19 | ( 20 | local pypi 21 | versions_loop_setvars() { 22 | version="$1" 23 | pypi="$(wget -qO- "https://pypi.org/pypi/$package/$version/json")" || return "$?" 24 | json="$(jq -n --arg version "$version" '{ version: $version }')" || return "$?" 25 | } 26 | hook_pypi-no-yanked() { 27 | local yanked 28 | yanked="$(jq <<<"$pypi" '.info.yanked')" || return "$?" 29 | [ "$yanked" = 'false' ] 30 | } 31 | hook_pypi-add-python-version() { 32 | local pythons 33 | pythons="$( 34 | jq <<<"$pypi" -r ' 35 | .info.classifiers 36 | | map( 37 | capture("^(?:Programming Language :: )?Python :: (?[0-9]+[.][0-9]+)$") 38 | | .python 39 | ) 40 | | sort_by( 41 | split(".") 42 | | map(tonumber) 43 | ) 44 | | reverse 45 | | map(@sh) 46 | | join(" ") 47 | ' 48 | )" 49 | eval "pythons=( $pythons )" 50 | local python pythonTemplate="${TIANON_PYTHON_FROM_TEMPLATE:-python:%%PYTHON%%}" 51 | for python in "${pythons[@]}"; do 52 | local from="${pythonTemplate//%%PYTHON%%/$python}" 53 | local arches 54 | if ! arches="$(bashbrew remote arches --json "$from")"; then 55 | echo >&2 "skipping $from ..." 56 | continue 57 | fi 58 | jq -nc --arg python "$python" --arg from "$from" --argjson arches "$arches" '{ python: { version: $python, from: $from, arches: ($arches.arches | keys) } }' 59 | return 0 60 | done 61 | return 1 # TODO should this be more lenient of packages missing metadata? (or whose template results in no matching Pythons 😬) 62 | } 63 | versions_hooks=( hook_pypi-no-yanked hook_pypi-add-python-version "${versions_hooks[@]}" ) 64 | versions_loop 'pypi' "$package" "${versions[@]}" 65 | ) 66 | } 67 | -------------------------------------------------------------------------------- /.test/config.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # https://github.com/docker-library/official-images/blob/3e27b6eb7a12bc15e5e2dde52d2477c818863ce3/test/config.sh 4 | 5 | imageTests+=( 6 | [tianon/true]='true' 7 | 8 | # run containerd test on containerd-containing images :D 9 | [tianon/containerd]='c8dind' 10 | [tianon/docker-master]='c8dind' 11 | [tianon/infosiftr-moby]='c8dind' 12 | [infosiftr/moby]='c8dind' 13 | 14 | # make sure our buildkit image works correctly with buildx 15 | [tianon/buildkit]='buildkitd' 16 | 17 | # avoid: java.lang.UnsatisfiedLinkError: /opt/java/openjdk/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory 18 | [tianon/jenkins]='java-uimanager-font' 19 | ) 20 | 21 | globalExcludeTests+=( 22 | # single-binary images 23 | [tianon/sleeping-beauty_no-hard-coded-passwords]=1 24 | [tianon/sleeping-beauty_utc]=1 25 | [tianon/true_no-hard-coded-passwords]=1 26 | [tianon/true_utc]=1 27 | ) 28 | 29 | # run Docker tests on Docker images :D 30 | testAlias+=( 31 | [tianon/docker-master]='docker:dind' 32 | [tianon/infosiftr-moby]='docker:dind' 33 | [infosiftr/moby]='docker:dind' 34 | ) 35 | # the "docker-registry-push-pull" test isn't very good at detecting whether our custom image is dind or registry O:) 36 | globalExcludeTests+=( 37 | [tianon/docker-master_docker-registry-push-pull]=1 38 | [tianon/infosiftr-moby_docker-registry-push-pull]=1 39 | [infosiftr/moby_docker-registry-push-pull]=1 40 | ) 41 | 42 | # Cygwin looks like Unix, but fails in cute ways (host timezone instead of "UTC" because Windows, can't scrape "/etc/passwd" because --user) 43 | globalExcludeTests+=( 44 | [tianon/cygwin_no-hard-coded-passwords]=1 45 | [tianon/cygwin_utc]=1 46 | ) 47 | -------------------------------------------------------------------------------- /.test/tests/buildkitd/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | image="$1" 5 | 6 | # mimic https://github.com/docker-library/official-images/blob/09efb10abd3214d02ad9a502b7358797acf486a8/.bin/docker-buildx-ensure.sh (since it's the primary user of tianon/buildkit) 7 | 8 | builderName='tianon-test-buildkit' 9 | tmp= 10 | trap 'docker buildx rm --force "$builderName" || :; docker rmi "$builderName" &> /dev/null || :; [ -n "$tmp" ] && rm -rf "$tmp" || :' EXIT 11 | 12 | config=' 13 | # https://github.com/moby/buildkit/blob/v0.11.4/docs/buildkitd.toml.md 14 | [worker.oci] 15 | gc = false 16 | [worker.containerd] 17 | gc = false 18 | ' 19 | 20 | image="$(docker image inspect --format '{{ .ID }}' "$image")" 21 | 22 | args=( 23 | --name "$builderName" 24 | --node "$builderName" 25 | --driver docker-container 26 | --driver-opt image="$image" 27 | --bootstrap 28 | ) 29 | docker buildx create "${args[@]}" --config <(printf '%s' "$config") # cleaned up in 'trap' above 30 | 31 | docker buildx build --builder "$builderName" --load --tag "$builderName" - <<<'FROM hello-world' 32 | docker run --rm "$builderName" 33 | docker rmi "$builderName" 34 | docker buildx prune --builder "$builderName" --all --force 35 | 36 | # now that we've got the basic stuff out of the way, let's test the image's ability to transparently be a frontend instead 37 | tmp="$(mktemp -d)" # cleaned up in 'trap' above 38 | # https://github.com/tianon/docker-bin/blob/master/docker-save-oci-layout.sh 39 | saveMe='https://github.com/tianon/docker-bin/raw/67e6dbb725b3df2def1ac74820b61d9cefedc090/docker-save-oci-layout.sh' 40 | saveMeSha='baca98f706f58f6be5c327ce9b3ab7290b917b31dd7b354d397d28d2ce6fff97' 41 | wget -qO "$tmp/save.sh" "$saveMe" 42 | sha256sum <<<"$saveMeSha *$tmp/save.sh" --strict --check --quiet - 43 | chmod +x "$tmp/save.sh" 44 | "$tmp/save.sh" "$tmp" "$image" 45 | 46 | docker buildx build --builder "$builderName" --load --tag "$builderName" --build-arg BUILDKIT_SYNTAX='foo' --build-context "foo=oci-layout://$tmp" - <<<'FROM hello-world' 47 | docker run --rm "$builderName" 48 | docker rmi "$builderName" 49 | docker buildx prune --builder "$builderName" --all --force 50 | -------------------------------------------------------------------------------- /.test/tests/c8dind/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eo pipefail 3 | 4 | dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" 5 | 6 | image="$1" 7 | 8 | cname="containerd-container-$RANDOM-$RANDOM" 9 | trap 'set +Eeo pipefail; docker rm -vf "$cname" > /dev/null; docker volume rm -f "$cname-run" &> /dev/null' EXIT 10 | 11 | cmd=( 12 | --detach --interactive --tty 13 | --privileged 14 | --name "$cname" 15 | --volume "$cname-run:/run" 16 | --env DOCKER_TLS_CERTDIR= 17 | "$image" 18 | ) 19 | 20 | case "$image" in 21 | *docker*containerd*) ;; 22 | 23 | *docker* | *moby*) 24 | cmd=( 25 | --volume /var/lib/containerd 26 | --entrypoint dind \ 27 | "${cmd[@]}" 28 | containerd 29 | ) 30 | ;; 31 | esac 32 | 33 | cid="$(docker run "${cmd[@]}")" 34 | 35 | # this gets redefined below, but during init we have to use a separate container because "docker exec" creates a new process and creates a race inside the dind script (where it's trying to move pids between cgroups, but the new pid breaks it) 36 | ctr_() { 37 | docker run --rm --volume "$cname-run:/run" --entrypoint ctr "$image" "$@" 38 | } 39 | 40 | # poor man's retry.sh 41 | tries=30 42 | while (( --tries > 0 )) && ! ctr_ version &> /dev/null; do 43 | if ! running="$(docker inspect -f '{{ .State.Running }}' "$cid" 2>/dev/null)" || [ "$running" != 'true' ]; then 44 | echo >&2 "$image stopped unexpectedly!" 45 | ( set -x && docker logs "$cid" ) >&2 || true 46 | false 47 | fi 48 | echo >&2 -n . 49 | sleep 1 50 | done 51 | 52 | # now that init is done, "docker exec" is safe again (and necessary for "ctr run" to work because it requires being in the same mount namespace 😭) 53 | ctr_() { 54 | docker exec -i "$cname" ctr "$@" 55 | } 56 | ctr_ version > /dev/null 57 | 58 | testImage='docker.io/tianon/true:yoloci' 59 | 60 | [ "$(ctr_ image ls -q | wc -l)" = '0' ] 61 | ctr_ content fetch "$testImage" 62 | [ "$(ctr_ image ls -q | wc -l)" = '1' ] 63 | 64 | [ "$(ctr_ container ls -q | wc -l)" = '0' ] 65 | 66 | ctr_ run --rm "$testImage" test 67 | ctr_ run --rm "$testImage" test 68 | ctr_ run --rm "$testImage" test 69 | 70 | [ "$(ctr_ container ls -q | wc -l)" = '0' ] 71 | -------------------------------------------------------------------------------- /.test/tests/true/expected-std-out.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /.test/tests/true/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | image="$1" 5 | 6 | docker run --rm "$image" 7 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The Expat/MIT License 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a 4 | copy of this software and associated documentation files (the "Software"), 5 | to deal in the Software without restriction, including without limitation 6 | the rights to use, copy, modify, merge, publish, distribute, sublicense, 7 | and/or sell copies of the Software, and to permit persons to whom the 8 | Software is furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 16 | THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 19 | DEALINGS IN THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Tianon's Dockerfiles 2 | 3 | This is a collection of both miscellaneous development experiments and images I rely on for various things. 4 | -------------------------------------------------------------------------------- /adsb/acarsdec/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then 5 | set -- acarsdec "$@" 6 | fi 7 | 8 | exec "$@" 9 | -------------------------------------------------------------------------------- /adsb/acarsdec/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "9edcce08838634c9452c6c9e2453136ee20a6ea8", 3 | "ref": "refs/tags/acarsdec-3.7", 4 | "tag": "acarsdec-3.7", 5 | "version": "3.7", 6 | "libacars": { 7 | "commit": "3147aa0857b6d0fb8989b27445ce46278cb4bae8", 8 | "ref": "refs/tags/v2.2.0", 9 | "tag": "v2.2.0", 10 | "version": "2.2.0" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /adsb/acarsdec/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../../.libs/git.sh" 9 | 10 | json="$(git-tags 'https://github.com/TLeconte/acarsdec.git')" 11 | 12 | libacars="$(git-tags 'https://github.com/szpajder/libacars.git')" 13 | 14 | jq <<<"$json" --argjson libacars "$libacars" ' 15 | .version |= ltrimstr("acarsdec-") # lol wtf 16 | | .libacars = $libacars 17 | ' > versions.json 18 | -------------------------------------------------------------------------------- /adsb/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | 12 | variantAppendOrder='prefix' 13 | 14 | versionedEnvVariantEntry "$dir/readsb" readsb 'READSB_VERSION' readsb 15 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/readsb/Dockerfile")" # TODO multi-stage build?? 16 | fromArches="$(bashbrew remote arches --json "$from" | jq -rc '.arches | keys | join(", ")')" 17 | echo "Architectures: $fromArches" 18 | 19 | versionedEnvVariantEntry "$dir/acarsdec" acarsdec 'ACARSDEC_VERSION' acarsdec 20 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/acarsdec/Dockerfile")" # TODO multi-stage build?? 21 | fromArches="$(bashbrew remote arches --json "$from" | jq -rc '.arches | keys | map(select(IN("ppc64le") | not)) | join(", ")')" 22 | echo "Architectures: $fromArches" 23 | -------------------------------------------------------------------------------- /adsb/readsb/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM debian:bookworm-slim AS base 8 | 9 | FROM base AS build 10 | 11 | RUN set -eux; \ 12 | apt-get update; \ 13 | apt-get install -y --no-install-recommends \ 14 | ca-certificates \ 15 | gcc \ 16 | libc6-dev \ 17 | libncurses-dev \ 18 | librtlsdr-dev \ 19 | libzstd-dev \ 20 | make \ 21 | pkg-config \ 22 | wget \ 23 | zlib1g-dev \ 24 | ; \ 25 | rm -rf /var/lib/apt/lists/* 26 | 27 | WORKDIR /readsb 28 | 29 | # https://github.com/wiedehopf/readsb 30 | ENV READSB_COMMIT 04b69dfd0f2fe2526a15c51ff593679bba41c058 31 | # https://github.com/wiedehopf/readsb/tags 32 | ENV READSB_VERSION 3.14.1682 33 | 34 | RUN set -eux; \ 35 | wget -O src.tgz "https://github.com/wiedehopf/readsb/archive/$READSB_COMMIT.tar.gz"; \ 36 | tar -xvf src.tgz --strip-components=1; \ 37 | rm src.tgz 38 | 39 | RUN set -eux; \ 40 | nproc="$(nproc)"; \ 41 | make -j "$nproc" \ 42 | # https://github.com/wiedehopf/readsb/blob/HEAD/Makefile 43 | # https://github.com/wiedehopf/readsb/blob/HEAD/Dockerfile 44 | READSB_VERSION="\"$READSB_VERSION tianon\"" \ 45 | RTLSDR='yes' \ 46 | PRINT_UUIDS=yes TRACKS_UUID=yes 47 | 48 | RUN set -eux; \ 49 | mkdir /out; \ 50 | cp -al readsb viewadsb /out/; \ 51 | find /out -type f -executable -exec ldd '{}' ';' \ 52 | | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \ 53 | | sort -u \ 54 | | xargs -r dpkg-query --search \ 55 | | cut -d: -f1 \ 56 | | sort -u \ 57 | > /out/apt-deps.txt 58 | 59 | FROM base 60 | 61 | ENV PATH $PATH:/opt/readsb 62 | WORKDIR /opt/readsb 63 | COPY --from=build /out/apt-deps.txt ./ 64 | RUN set -eux; \ 65 | apt-get update; \ 66 | xargs -rt < ./apt-deps.txt \ 67 | apt-get install -y --no-install-recommends \ 68 | ; \ 69 | rm -rf /var/lib/apt/lists/* 70 | COPY --from=build /out/ ./ 71 | RUN readsb --version 72 | 73 | COPY docker-entrypoint.sh /usr/local/bin/ 74 | 75 | ENTRYPOINT ["docker-entrypoint.sh"] 76 | CMD ["readsb"] 77 | -------------------------------------------------------------------------------- /adsb/readsb/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim AS base 2 | 3 | FROM base AS build 4 | 5 | RUN set -eux; \ 6 | apt-get update; \ 7 | apt-get install -y --no-install-recommends \ 8 | ca-certificates \ 9 | gcc \ 10 | libc6-dev \ 11 | libncurses-dev \ 12 | librtlsdr-dev \ 13 | libzstd-dev \ 14 | make \ 15 | pkg-config \ 16 | wget \ 17 | zlib1g-dev \ 18 | ; \ 19 | rm -rf /var/lib/apt/lists/* 20 | 21 | WORKDIR /readsb 22 | 23 | # https://github.com/wiedehopf/readsb 24 | ENV READSB_COMMIT {{ .commit }} 25 | # https://github.com/wiedehopf/readsb/tags 26 | ENV READSB_VERSION {{ .version }} 27 | 28 | RUN set -eux; \ 29 | wget -O src.tgz "https://github.com/wiedehopf/readsb/archive/$READSB_COMMIT.tar.gz"; \ 30 | tar -xvf src.tgz --strip-components=1; \ 31 | rm src.tgz 32 | 33 | RUN set -eux; \ 34 | nproc="$(nproc)"; \ 35 | make -j "$nproc" \ 36 | # https://github.com/wiedehopf/readsb/blob/HEAD/Makefile 37 | # https://github.com/wiedehopf/readsb/blob/HEAD/Dockerfile 38 | READSB_VERSION="\"$READSB_VERSION tianon\"" \ 39 | RTLSDR='yes' \ 40 | PRINT_UUIDS=yes TRACKS_UUID=yes 41 | 42 | RUN set -eux; \ 43 | mkdir /out; \ 44 | cp -al readsb viewadsb /out/; \ 45 | find /out -type f -executable -exec ldd '{}' ';' \ 46 | | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \ 47 | | sort -u \ 48 | | xargs -r dpkg-query --search \ 49 | | cut -d: -f1 \ 50 | | sort -u \ 51 | > /out/apt-deps.txt 52 | 53 | FROM base 54 | 55 | ENV PATH $PATH:/opt/readsb 56 | WORKDIR /opt/readsb 57 | COPY --from=build /out/apt-deps.txt ./ 58 | RUN set -eux; \ 59 | apt-get update; \ 60 | xargs -rt < ./apt-deps.txt \ 61 | apt-get install -y --no-install-recommends \ 62 | ; \ 63 | rm -rf /var/lib/apt/lists/* 64 | COPY --from=build /out/ ./ 65 | RUN readsb --version 66 | 67 | COPY docker-entrypoint.sh /usr/local/bin/ 68 | 69 | ENTRYPOINT ["docker-entrypoint.sh"] 70 | CMD ["readsb"] 71 | -------------------------------------------------------------------------------- /adsb/readsb/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then 5 | set -- readsb "$@" 6 | fi 7 | 8 | if [ "$1" = 'readsb' ]; then 9 | if [ -n "${READSB_UUID:-}" ]; then 10 | echo "$READSB_UUID" > /tmp/readsb-uuid 11 | set -- "$@" --uuid-file /tmp/readsb-uuid 12 | fi 13 | fi 14 | 15 | exec "$@" 16 | -------------------------------------------------------------------------------- /adsb/readsb/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "04b69dfd0f2fe2526a15c51ff593679bba41c058", 3 | "ref": "refs/tags/v3.14.1682", 4 | "tag": "v3.14.1682", 5 | "version": "3.14.1682" 6 | } 7 | -------------------------------------------------------------------------------- /adsb/readsb/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../../.libs/git.sh" 9 | 10 | json="$(git-tags 'https://github.com/wiedehopf/readsb.git')" 11 | 12 | jq <<<"$json" . > versions.json 13 | -------------------------------------------------------------------------------- /apply-templates.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | jqt="$(dirname "$BASH_SOURCE")" 5 | jqt="$jqt/.jq-template.awk" 6 | if [ -n "${BASHBREW_SCRIPTS:-}" ]; then 7 | jqt="$BASHBREW_SCRIPTS/jq-template.awk" 8 | elif [ "$BASH_SOURCE" -nt "$jqt" ]; then 9 | # https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk 10 | jqtNew="$jqt.new.$$" # using a (unique) ".new" file so this is safe to run concurrently 11 | wget -qO "$jqtNew" 'https://github.com/docker-library/bashbrew/raw/1da7341a79651d28fbcc3d14b9176593c4231942/scripts/jq-template.awk' 12 | mv -f "$jqtNew" "$jqt" 13 | fi 14 | jqt="$(readlink -ve "$jqt")" 15 | 16 | if [ "$#" -eq 0 ]; then 17 | dirs="$(find -type f -name versions.json -exec bash -Eeuo pipefail -c 'for d; do dir="$(dirname "${d#./}")"; printf " %q" "$dir"; done' -- '{}' +)" 18 | eval "set -- $dirs" 19 | fi 20 | if [ "$#" -eq 0 ]; then 21 | echo >&2 "error: failed to find any 'versions.json' files!" 22 | exit 1 23 | fi 24 | 25 | generated_warning() { 26 | cat <<-EOH 27 | # 28 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 29 | # 30 | # PLEASE DO NOT EDIT IT DIRECTLY. 31 | # 32 | 33 | EOH 34 | } 35 | 36 | for dir; do 37 | export dir 38 | 39 | template="$dir" 40 | while [ ! -s "$template/Dockerfile.template" ]; do 41 | if [ "$template" = '.' ]; then 42 | echo >&2 "error: failed to find template for '$dir'!" 43 | exit 1 44 | fi 45 | template="$(dirname "$template")" 46 | done 47 | 48 | variants="$(jq -r '.variants // [""] | map(@sh) | join(" ")' "$dir/versions.json")" 49 | eval "variants=( $variants )" 50 | 51 | text="$dir" 52 | if [ "$dir" != "$template" ]; then 53 | text+=" ($template)" 54 | fi 55 | template="$template/Dockerfile.template" 56 | 57 | for variant in "${variants[@]}"; do 58 | export variant 59 | 60 | echo "processing $text${variant:+" variant '$variant'"} ..." 61 | 62 | ( 63 | cd "$dir" 64 | generated_warning 65 | gawk -f "$jqt" 66 | ) < "$template" > "$dir/Dockerfile${variant:+".$variant"}" 67 | done 68 | done 69 | -------------------------------------------------------------------------------- /backblaze-b2/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM python:3.13-alpine3.22 8 | 9 | # https://pypi.org/project/b2/ 10 | ENV BACKBLAZE_B2_VERSION 4.3.3 11 | 12 | RUN set -eux; \ 13 | pip install --no-cache-dir "b2 == $BACKBLAZE_B2_VERSION"; \ 14 | b2 version 15 | 16 | CMD ["b2", "--help"] 17 | -------------------------------------------------------------------------------- /backblaze-b2/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM {{ .python.from }} 2 | 3 | # https://pypi.org/project/b2/ 4 | ENV BACKBLAZE_B2_VERSION {{ .version }} 5 | 6 | RUN set -eux; \ 7 | pip install --no-cache-dir "b2 == $BACKBLAZE_B2_VERSION"; \ 8 | b2 version 9 | 10 | CMD ["b2", "--help"] 11 | -------------------------------------------------------------------------------- /backblaze-b2/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /backblaze-b2/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "4.3.3", 3 | "python": { 4 | "version": "3.13", 5 | "from": "python:3.13-alpine3.22", 6 | "arches": [ 7 | "amd64", 8 | "arm32v6", 9 | "arm32v7", 10 | "arm64v8", 11 | "i386", 12 | "ppc64le", 13 | "riscv64", 14 | "s390x" 15 | ] 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /backblaze-b2/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/pypi.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | export TIANON_PYTHON_FROM_TEMPLATE='python:%%PYTHON%%-alpine3.22' 13 | 14 | json="$(pypi 'b2')" 15 | 16 | jq <<<"$json" '.' > versions.json 17 | -------------------------------------------------------------------------------- /beets/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM python:3.13-slim-bookworm 8 | 9 | ENV BEETS_VERSION 2.3.1 10 | 11 | RUN set -eux; \ 12 | pip install --no-cache-dir "beets == $BEETS_VERSION"; \ 13 | beet --version 14 | 15 | CMD ["beet"] 16 | -------------------------------------------------------------------------------- /beets/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM {{ .python.from }} 2 | 3 | ENV BEETS_VERSION {{ .version }} 4 | 5 | RUN set -eux; \ 6 | pip install --no-cache-dir "beets == $BEETS_VERSION"; \ 7 | beet --version 8 | 9 | CMD ["beet"] 10 | -------------------------------------------------------------------------------- /beets/README.md: -------------------------------------------------------------------------------- 1 | # beets 2 | 3 | [beets.radbox.org](http://beets.radbox.org/) 4 | 5 | ```console 6 | $ mkdir -p "$HOME/.config/beets" 7 | $ docker run -it --rm \ 8 | -u "$(id -u):$(id -g)" \ 9 | -v "$PWD:/cwd" \ 10 | -w /cwd \ 11 | -v "$HOME/.config/beets:$HOME/.config/beets" \ 12 | -e HOME \ 13 | tianon/beets \ 14 | beet 15 | ``` 16 | -------------------------------------------------------------------------------- /beets/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /beets/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "2.3.1", 3 | "python": { 4 | "version": "3.13", 5 | "from": "python:3.13-slim-bookworm", 6 | "arches": [ 7 | "amd64", 8 | "arm32v5", 9 | "arm32v7", 10 | "arm64v8", 11 | "i386", 12 | "ppc64le", 13 | "s390x" 14 | ] 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /beets/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/pypi.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | export TIANON_PYTHON_FROM_TEMPLATE='python:%%PYTHON%%-slim-bookworm' 13 | 14 | json="$(pypi 'beets')" 15 | 16 | jq <<<"$json" '.' > versions.json 17 | -------------------------------------------------------------------------------- /buildkit/argsescaped-0.13.patch: -------------------------------------------------------------------------------- 1 | Description: do not set ArgsEscaped (on Linux) 2 | Author: Tianon Gravi 3 | Forwarded: https://github.com/moby/buildkit/pull/4723 4 | 5 | diff --git a/frontend/dockerfile/dockerfile2llb/convert.go b/frontend/dockerfile/dockerfile2llb/convert.go 6 | index 403530a74..ccd6c105a 100644 7 | --- a/frontend/dockerfile/dockerfile2llb/convert.go 8 | +++ b/frontend/dockerfile/dockerfile2llb/convert.go 9 | @@ -1399,7 +1399,7 @@ func dispatchCmd(d *dispatchState, c *instructions.CmdCommand) error { 10 | args = withShell(d.image, args) 11 | } 12 | d.image.Config.Cmd = args 13 | - d.image.Config.ArgsEscaped = true //nolint:staticcheck // ignore SA1019: field is deprecated in OCI Image spec, but used for backward-compatibility with Docker image spec. 14 | + // TODO set ArgsEscaped appropriately *ONLY FOR WINDOWS* (it should never ever be set for Linux) 15 | d.cmdSet = true 16 | return commitToHistory(&d.image, fmt.Sprintf("CMD %q", args), false, nil, d.epoch) 17 | } 18 | -------------------------------------------------------------------------------- /buildkit/argsescaped.patch: -------------------------------------------------------------------------------- 1 | Description: do not set ArgsEscaped (on Linux) 2 | Author: Tianon Gravi 3 | Forwarded: https://github.com/moby/buildkit/pull/4723 4 | 5 | diff --git a/frontend/dockerfile/dockerfile2llb/convert.go b/frontend/dockerfile/dockerfile2llb/convert.go 6 | index dbde75531..1e8ec165d 100644 7 | --- a/frontend/dockerfile/dockerfile2llb/convert.go 8 | +++ b/frontend/dockerfile/dockerfile2llb/convert.go 9 | @@ -1662,7 +1662,7 @@ func dispatchCmd(d *dispatchState, c *instructions.CmdCommand, lint *linter.Lint 10 | args = withShell(d.image, args) 11 | } 12 | d.image.Config.Cmd = args 13 | - d.image.Config.ArgsEscaped = true //nolint:staticcheck // ignore SA1019: field is deprecated in OCI Image spec, but used for backward-compatibility with Docker image spec. 14 | + // TODO set ArgsEscaped appropriately *ONLY FOR WINDOWS* (it should never ever be set for Linux) 15 | return commitToHistory(&d.image, fmt.Sprintf("CMD %q", args), false, nil, d.epoch) 16 | } 17 | 18 | -------------------------------------------------------------------------------- /buildkit/backport-4727-index-mediaType.patch: -------------------------------------------------------------------------------- 1 | Description: add "mediaType" to OCI index.json files 2 | Author: Talon Bowler 3 | Origin: https://github.com/moby/buildkit/pull/4727 + https://github.com/containerd/containerd/pull/9867 (https://github.com/moby/buildkit/pull/4814) 4 | Applied-Upstream: 0.14+ 5 | 6 | diff --git a/client/ociindex/ociindex.go b/client/ociindex/ociindex.go 7 | index 512a77a68e67..5321f773d70e 100644 8 | --- a/client/ociindex/ociindex.go 9 | +++ b/client/ociindex/ociindex.go 10 | @@ -102,6 +102,7 @@ func (s StoreIndex) Put(tag string, desc ocispecs.Descriptor) error { 11 | } 12 | } 13 | 14 | + setOCIIndexDefaults(&idx) 15 | if err = insertDesc(&idx, desc, tag); err != nil { 16 | return err 17 | } 18 | @@ -145,6 +146,19 @@ func (s StoreIndex) GetSingle() (*ocispecs.Descriptor, error) { 19 | return nil, nil 20 | } 21 | 22 | +// setOCIIndexDefaults updates zero values in index to their default values. 23 | +func setOCIIndexDefaults(index *ocispecs.Index) { 24 | + if index == nil { 25 | + return 26 | + } 27 | + if index.SchemaVersion == 0 { 28 | + index.SchemaVersion = 2 29 | + } 30 | + if index.MediaType == "" { 31 | + index.MediaType = ocispecs.MediaTypeImageIndex 32 | + } 33 | +} 34 | + 35 | // insertDesc puts desc to index with tag. 36 | // Existing manifests with the same tag will be removed from the index. 37 | func insertDesc(index *ocispecs.Index, desc ocispecs.Descriptor, tag string) error { 38 | @@ -152,9 +166,6 @@ func insertDesc(index *ocispecs.Index, desc ocispecs.Descriptor, tag string) err 39 | return nil 40 | } 41 | 42 | - if index.SchemaVersion == 0 { 43 | - index.SchemaVersion = 2 44 | - } 45 | if tag != "" { 46 | if desc.Annotations == nil { 47 | desc.Annotations = make(map[string]string) 48 | diff --git a/vendor/github.com/containerd/containerd/images/archive/exporter.go b/vendor/github.com/containerd/containerd/images/archive/exporter.go 49 | index 1f17a3cdbfec..8513e9a8bf0f 100644 50 | --- a/vendor/github.com/containerd/containerd/images/archive/exporter.go 51 | +++ b/vendor/github.com/containerd/containerd/images/archive/exporter.go 52 | @@ -471,6 +471,7 @@ func ociIndexRecord(manifests []ocispec.Descriptor) tarRecord { 53 | Versioned: ocispecs.Versioned{ 54 | SchemaVersion: 2, 55 | }, 56 | + MediaType: ocispec.MediaTypeImageIndex, 57 | Manifests: manifests, 58 | } 59 | 60 | -------------------------------------------------------------------------------- /buildkit/backport-5072-fetch-tags.patch: -------------------------------------------------------------------------------- 1 | Subject: git: fix pulling commit SHA only referenced from a tag 2 | Author: Tonis Tiigi 3 | Applied-Upstream: 0.15+; https://github.com/moby/buildkit/pull/5072 4 | 5 | diff --git a/source/git/source.go b/source/git/source.go 6 | index 998ede24ea4e..1b757500d7a3 100644 7 | --- a/source/git/source.go 8 | +++ b/source/git/source.go 9 | @@ -470,6 +470,7 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out 10 | if !isCommitSHA(ref) { // TODO: find a branch from ls-remote? 11 | args = append(args, "--depth=1", "--no-tags") 12 | } else { 13 | + args = append(args, "--tags") 14 | if _, err := os.Lstat(filepath.Join(gitDir, "shallow")); err == nil { 15 | args = append(args, "--unshallow") 16 | } 17 | -------------------------------------------------------------------------------- /buildkit/backport-5096-fix-umask.patch: -------------------------------------------------------------------------------- 1 | Description: git: ensure exec option is propagated to child git clis 2 | Author: Justin Chadwell 3 | Forwarded: https://github.com/moby/buildkit/pull/5096 4 | 5 | diff --git a/util/gitutil/git_cli.go b/util/gitutil/git_cli.go 6 | index 61187184bad9..5c35f9365b73 100644 7 | --- a/util/gitutil/git_cli.go 8 | +++ b/util/gitutil/git_cli.go 9 | @@ -119,20 +119,13 @@ func NewGitCLI(opts ...Option) *GitCLI { 10 | // New returns a new git client with the same config as the current one, but 11 | // with the given options applied on top. 12 | func (cli *GitCLI) New(opts ...Option) *GitCLI { 13 | - c := &GitCLI{ 14 | - git: cli.git, 15 | - dir: cli.dir, 16 | - workTree: cli.workTree, 17 | - gitDir: cli.gitDir, 18 | - args: append([]string{}, cli.args...), 19 | - streams: cli.streams, 20 | - sshAuthSock: cli.sshAuthSock, 21 | - sshKnownHosts: cli.sshKnownHosts, 22 | - } 23 | + clone := *cli 24 | + clone.args = append([]string{}, cli.args...) 25 | + 26 | for _, opt := range opts { 27 | - opt(c) 28 | + opt(&clone) 29 | } 30 | - return c 31 | + return &clone 32 | } 33 | 34 | // Run executes a git command with the given args. 35 | -------------------------------------------------------------------------------- /buildkit/backport-moby-48455-fix-riscv64-seccomp.patch: -------------------------------------------------------------------------------- 1 | Subject: seccomp: add riscv64 mapping to seccomp_linux.go 2 | Author: George Adams 3 | Forwarded: https://github.com/moby/moby/pull/48455 4 | 5 | diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_linux.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_linux.go 6 | index 4d8fed68c6a19..17ee350e274ae 100644 7 | --- a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_linux.go 8 | +++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_linux.go 9 | @@ -39,6 +39,7 @@ var nativeToSeccomp = map[string]specs.Arch{ 10 | "ppc": specs.ArchPPC, 11 | "ppc64": specs.ArchPPC64, 12 | "ppc64le": specs.ArchPPC64LE, 13 | + "riscv64": specs.ArchRISCV64, 14 | "s390": specs.ArchS390, 15 | "s390x": specs.ArchS390X, 16 | } 17 | @@ -57,6 +58,7 @@ var goToNative = map[string]string{ 18 | "ppc": "ppc", 19 | "ppc64": "ppc64", 20 | "ppc64le": "ppc64le", 21 | + "riscv64": "riscv64", 22 | "s390": "s390", 23 | "s390x": "s390x", 24 | } 25 | -------------------------------------------------------------------------------- /buildkit/build-and-push.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | version="$(awk '$1 == "ENV" && $2 == "BUILDKIT_VERSION" { print $3; exit }' Dockerfile)" 5 | [ -n "$version" ] 6 | [[ "$version" == *.* ]] # at least one period so we can strip it for a tag 7 | args=( 8 | --tag "tianon/buildkit:$version" # 1.2.3 9 | --tag "tianon/buildkit:${version%.*}" # 1.2 10 | --tag 'tianon/buildkit:latest' 11 | 12 | --pull 13 | --platform linux/amd64,linux/386,linux/arm64/v8,linux/arm/v7,linux/arm/v5,linux/mips64le,linux/ppc64le,linux/riscv64,linux/s390x,linux/arm/v6 # TODO actual v6? (this is v5 pretending to be v6 🙈) 14 | --push 15 | --provenance mode=max 16 | 17 | --annotation "index:org.opencontainers.image.version=$version" 18 | --annotation "manifest-descriptor:org.opencontainers.image.version=$version" 19 | --annotation "manifest:org.opencontainers.image.version=$version" 20 | 21 | . 22 | ) 23 | 24 | set -x 25 | exec docker buildx build "${args[@]}" 26 | -------------------------------------------------------------------------------- /buildkit/buildkitd-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then 5 | # https://github.com/moby/buildkit/blob/v0.14.0/frontend/gateway/gateway.go#L291 6 | # if we appear to be running as a frontend, let's run the frontend code 7 | if [ -n "${BUILDKIT_SESSION_ID:-}" ]; then 8 | set -- dockerfile-frontend "$@" 9 | else 10 | set -- buildkitd "$@" 11 | fi 12 | fi 13 | 14 | exec "$@" 15 | -------------------------------------------------------------------------------- /buildkit/containerd-arm64-v8-pre-0.15.patch: -------------------------------------------------------------------------------- 1 | Description: normalize "linux/arm64" to "linux/arm64/v8" instead of the other direction 2 | Forwarded: no; presumably, the direction this went was intentional (Tianon just disagrees, and the normalization allows him that) 3 | 4 | diff --git a/vendor/github.com/containerd/containerd/platforms/database.go b/vendor/github.com/containerd/containerd/platforms/database.go 5 | index 2e26fd3b4..5ef7d74d1 100644 6 | --- a/vendor/github.com/containerd/containerd/platforms/database.go 7 | +++ b/vendor/github.com/containerd/containerd/platforms/database.go 8 | @@ -87,8 +87,8 @@ func normalizeArch(arch, variant string) (string, string) { 9 | case "aarch64", "arm64": 10 | arch = "arm64" 11 | switch variant { 12 | - case "8", "v8": 13 | - variant = "" 14 | + case "", "8": 15 | + variant = "v8" 16 | } 17 | case "armhf": 18 | arch = "arm" 19 | -------------------------------------------------------------------------------- /buildkit/containerd-arm64-v8-pre-0.19.patch: -------------------------------------------------------------------------------- 1 | Description: normalize "linux/arm64" to "linux/arm64/v8" instead of the other direction 2 | Forwarded: no; presumably, the direction this went was intentional (Tianon just disagrees, and the normalization allows him that) 3 | 4 | diff --git a/vendor/github.com/containerd/platforms/database.go b/vendor/github.com/containerd/platforms/database.go 5 | index 2e26fd3b4..5ef7d74d1 100644 6 | --- a/vendor/github.com/containerd/platforms/database.go 7 | +++ b/vendor/github.com/containerd/platforms/database.go 8 | @@ -87,8 +87,8 @@ func normalizeArch(arch, variant string) (string, string) { 9 | case "aarch64", "arm64": 10 | arch = "arm64" 11 | switch variant { 12 | - case "8", "v8": 13 | - variant = "" 14 | + case "", "8": 15 | + variant = "v8" 16 | } 17 | case "armhf": 18 | arch = "arm" 19 | -------------------------------------------------------------------------------- /buildkit/containerd-arm64-v8.patch: -------------------------------------------------------------------------------- 1 | Description: normalize "linux/arm64" to "linux/arm64/v8" instead of the other direction 2 | Forwarded: no; presumably, the direction this went was intentional (Tianon just disagrees, and the normalization allows him that) 3 | 4 | diff --git a/vendor/github.com/containerd/platforms/database.go b/vendor/github.com/containerd/platforms/database.go 5 | index 7a6f0d98c..dbd4e3f96 100644 6 | --- a/vendor/github.com/containerd/platforms/database.go 7 | +++ b/vendor/github.com/containerd/platforms/database.go 8 | @@ -87,8 +87,8 @@ func normalizeArch(arch, variant string) (string, string) { 9 | case "aarch64", "arm64": 10 | arch = "arm64" 11 | switch variant { 12 | - case "8", "v8", "v8.0": 13 | - variant = "" 14 | + case "8", "", "v8.0": 15 | + variant = "v8" 16 | case "9", "9.0", "v9.0": 17 | variant = "v9" 18 | } 19 | -------------------------------------------------------------------------------- /buildkit/git-no-submodules-pre-0.21.patch: -------------------------------------------------------------------------------- 1 | Description: disable recursive cloning of submodules given a Git URL 2 | Forwarded: https://github.com/moby/buildkit/issues/4974, https://github.com/moby/moby/pull/3463#issuecomment-31778263 3 | 4 | diff --git a/source/git/source.go b/source/git/source.go 5 | index d139942fc..a3e251e41 100644 6 | --- a/source/git/source.go 7 | +++ b/source/git/source.go 8 | @@ -619,12 +619,6 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out 9 | } 10 | } 11 | 12 | - git = git.New(gitutil.WithWorkTree(checkoutDir), gitutil.WithGitDir(gitDir)) 13 | - _, err = git.Run(ctx, "submodule", "update", "--init", "--recursive", "--depth=1") 14 | - if err != nil { 15 | - return nil, errors.Wrapf(err, "failed to update submodules for %s", urlutil.RedactCredentials(gs.src.Remote)) 16 | - } 17 | - 18 | if idmap := mount.IdentityMapping(); idmap != nil { 19 | u := idmap.RootPair() 20 | err := filepath.WalkDir(gitDir, func(p string, _ os.DirEntry, _ error) error { 21 | -------------------------------------------------------------------------------- /buildkit/git-no-submodules.patch: -------------------------------------------------------------------------------- 1 | Description: disable recursive cloning of submodules given a Git URL 2 | Forwarded: https://github.com/moby/buildkit/issues/4974, https://github.com/moby/moby/pull/3463#issuecomment-31778263 3 | 4 | diff --git a/source/git/source.go b/source/git/source.go 5 | index d139942fc..a3e251e41 100644 6 | --- a/source/git/source.go 7 | +++ b/source/git/source.go 8 | @@ -619,12 +619,6 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out 9 | } 10 | } 11 | 12 | - git = git.New(gitutil.WithWorkTree(checkoutDir), gitutil.WithGitDir(gitDir)) 13 | - _, err = git.Run(ctx, "submodule", "update", "--init", "--recursive", "--depth=1") 14 | - if err != nil { 15 | - return nil, errors.Wrapf(err, "failed to update submodules for %s", urlutil.RedactCredentials(gs.src.Remote)) 16 | - } 17 | - 18 | if idmap := mount.IdentityMapping(); idmap != nil { 19 | uid, gid := idmap.RootPair() 20 | err := filepath.WalkDir(gitDir, func(p string, _ os.DirEntry, _ error) error { 21 | -------------------------------------------------------------------------------- /buildkit/mips64le-pre-0.16.patch: -------------------------------------------------------------------------------- 1 | Description: fix build on mips64le 2 | Forwarded: https://github.com/moby/buildkit/issues/5129#issuecomment-2214797262 3 | 4 | # pkg/mod/github.com/moby/buildkit@v0.12.0/snapshot/diffapply_unix.go:131:8: cannot use stat.Dev (variable of type uint32) as uint64 value in struct literal 5 | # pkg/mod/github.com/moby/buildkit@v0.12.0/snapshot/diffapply_unix.go:300:12: cannot use unix.Mkdev(0, 0) (value of type uint64) as uint32 value in struct literal 6 | 7 | diff --git a/snapshot/diffapply_unix.go b/snapshot/diffapply_unix.go 8 | index c4875000e..1d9d09d8f 100644 9 | --- a/snapshot/diffapply_unix.go 10 | +++ b/snapshot/diffapply_unix.go 11 | @@ -128,7 +128,7 @@ func statInode(stat *syscall.Stat_t) inode { 12 | } 13 | return inode{ 14 | ino: stat.Ino, 15 | - dev: stat.Dev, 16 | + dev: uint64(stat.Dev), // TODO figure out the "correct" solution for mips64le (where "stat.Dev" is a uint32) 17 | } 18 | } 19 | 20 | @@ -297,7 +297,7 @@ func (a *applier) applyDelete(ctx context.Context, ca *changeApply) (bool, error 21 | if ca.srcStat == nil { 22 | ca.srcStat = &syscall.Stat_t{ 23 | Mode: syscall.S_IFCHR, 24 | - Rdev: unix.Mkdev(0, 0), 25 | + Rdev: 0, // TODO figure out the "correct" solution for mips64le (where "stat.Dev" is a uint32, but "unix.Mkdev" always returns uint64...); https://cs.opensource.google/go/x/sys/+/refs/tags/v0.10.0:unix/dev_linux.go;l=36 26 | } 27 | ca.srcPath = "" 28 | } 29 | -------------------------------------------------------------------------------- /buildkit/mips64le.patch: -------------------------------------------------------------------------------- 1 | Description: fix build on mips64le 2 | Forwarded: https://github.com/moby/buildkit/issues/5129#issuecomment-2214797262 3 | 4 | # pkg/mod/github.com/moby/buildkit@v0.12.0/snapshot/diffapply_linux.go:131:8: cannot use stat.Dev (variable of type uint32) as uint64 value in struct literal 5 | # pkg/mod/github.com/moby/buildkit@v0.12.0/snapshot/diffapply_linux.go:300:12: cannot use unix.Mkdev(0, 0) (value of type uint64) as uint32 value in struct literal 6 | 7 | diff --git a/snapshot/diffapply_linux.go b/snapshot/diffapply_linux.go 8 | index c4875000e..1d9d09d8f 100644 9 | --- a/snapshot/diffapply_linux.go 10 | +++ b/snapshot/diffapply_linux.go 11 | @@ -128,7 +128,7 @@ func statInode(stat *syscall.Stat_t) inode { 12 | } 13 | return inode{ 14 | ino: stat.Ino, 15 | - dev: stat.Dev, 16 | + dev: uint64(stat.Dev), // TODO figure out the "correct" solution for mips64le (where "stat.Dev" is a uint32) 17 | } 18 | } 19 | 20 | @@ -297,7 +297,7 @@ func (a *applier) applyDelete(ctx context.Context, ca *changeApply) (bool, error 21 | if ca.srcStat == nil { 22 | ca.srcStat = &syscall.Stat_t{ 23 | Mode: syscall.S_IFCHR, 24 | - Rdev: unix.Mkdev(0, 0), 25 | + Rdev: 0, // TODO figure out the "correct" solution for mips64le (where "stat.Dev" is a uint32, but "unix.Mkdev" always returns uint64...); https://cs.opensource.google/go/x/sys/+/refs/tags/v0.10.0:unix/dev_linux.go;l=36 26 | } 27 | ca.srcPath = "" 28 | } 29 | -------------------------------------------------------------------------------- /buildkit/noclip.patch: -------------------------------------------------------------------------------- 1 | Description: disable buildkit's default log clipping 2 | Forwarded: no (upstream's defaults are intentional, Tianon just disagrees with them) 3 | 4 | diff --git a/util/progress/logs/logs.go b/util/progress/logs/logs.go 5 | index bfecdda6b3..079d7e561a 100644 6 | --- a/util/progress/logs/logs.go 7 | +++ b/util/progress/logs/logs.go 8 | @@ -18,8 +18,8 @@ import ( 9 | "github.com/tonistiigi/units" 10 | ) 11 | 12 | -var defaultMaxLogSize = 2 * 1024 * 1024 13 | -var defaultMaxLogSpeed = 200 * 1024 // per second 14 | +var defaultMaxLogSize = -1 15 | +var defaultMaxLogSpeed = -1 16 | 17 | const ( 18 | stdout = 1 19 | -------------------------------------------------------------------------------- /buildkit/nolint.patch: -------------------------------------------------------------------------------- 1 | Description: forcibly disable the linter in the dockerfile frontend (BUILDKIT_SYNTAX=tianon/buildkit) 2 | Author: Tianon Gravi 3 | Forwarded: no; upstream included this linter and enabled it by default intentionally 4 | 5 | Ideally, this would be disabled in such a way that it was merely disabled-by-default and could be re-enabled at runtime (opt-in instead of opt-out), but the code is byzantine enough that I wasn't able to find a simple/clean way to accomplish that (and being able to do so does not appear to be a goal of upstream's implementation). 6 | 7 | Alternatively, it would be interesting to try and remove *all* the code (instead of just making it no-op quickly), but the binary size reduction from doing so would probably not be large enough to justify the added burden of maintaining a more complex patch. 8 | 9 | diff --git a/frontend/dockerfile/linter/linter.go b/frontend/dockerfile/linter/linter.go 10 | index 890acc53b..6f7d19bf5 100644 11 | --- a/frontend/dockerfile/linter/linter.go 12 | +++ b/frontend/dockerfile/linter/linter.go 13 | @@ -29,6 +29,7 @@ type Linter struct { 14 | } 15 | 16 | func New(config *Config) *Linter { 17 | + return nil // NO LINTING 18 | toret := &Linter{ 19 | SkippedRules: map[string]struct{}{}, 20 | ExperimentalRules: map[string]struct{}{}, 21 | @@ -48,6 +49,7 @@ func New(config *Config) *Linter { 22 | } 23 | 24 | func (lc *Linter) Run(rule LinterRuleI, location []parser.Range, txt ...string) { 25 | + return // NO LINTING 26 | if lc == nil || lc.Warn == nil || rule.IsDeprecated() { 27 | return 28 | } 29 | @@ -108,6 +110,7 @@ func (rule *LinterRule[F]) RuleName() string { 30 | } 31 | 32 | func (rule *LinterRule[F]) Run(warn LintWarnFunc, location []parser.Range, txt ...string) { 33 | + return // NO LINTING 34 | if len(txt) == 0 { 35 | txt = []string{rule.Description} 36 | } 37 | -------------------------------------------------------------------------------- /buildkit/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "13cf07c97baebd3d5603feecc03f5a46ac98d2a5", 3 | "ref": "refs/tags/v0.22.0", 4 | "tag": "v0.22.0", 5 | "version": "0.22.0", 6 | "go": { 7 | "version": "1.23" 8 | }, 9 | "variants": [ 10 | "", 11 | "rc", 12 | "0.16", 13 | "0.13" 14 | ], 15 | "rc": { 16 | "commit": "7fdda103eb672c0b515af6100318af90ac81c002", 17 | "ref": "refs/tags/v0.23.0-rc1", 18 | "tag": "v0.23.0-rc1", 19 | "version": "0.23.0-rc1", 20 | "go": { 21 | "version": "1.23" 22 | } 23 | }, 24 | "0.16": { 25 | "commit": "0865fcc9b78559e856e81dc52b3613701e7be28d", 26 | "ref": "refs/tags/v0.16.0", 27 | "tag": "v0.16.0", 28 | "version": "0.16.0", 29 | "go": { 30 | "version": "1.21" 31 | } 32 | }, 33 | "0.13": { 34 | "commit": "2e18d709fefdcc2db20853ee241c75b058189d39", 35 | "ref": "refs/tags/v0.13.2", 36 | "tag": "v0.13.2", 37 | "version": "0.13.2", 38 | "go": { 39 | "version": "1.21" 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /buildkit/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | variants=( 11 | '' 12 | 'rc' 13 | 14 | '0.16' 15 | '0.13' 16 | 17 | # TODO add this back when I figure out a clean way to do something more akin to a "weekly snapshot" or something so it doesn't have an update every single day 18 | #'dev' 19 | ) 20 | 21 | json='{}' 22 | 23 | for variant in "${variants[@]}"; do 24 | export variant 25 | 26 | bk= 27 | case "$variant" in 28 | '') 29 | bk="$( 30 | versions_hooks+=( hook_no-prereleases ) 31 | git-tags 'https://github.com/moby/buildkit.git' 32 | )" 33 | ;; 34 | 35 | rc) 36 | bk="$( 37 | hook_prereleases-only() { ! hook_no-prereleases "$@"; } 38 | versions_hooks+=( hook_prereleases-only ) 39 | git-tags 'https://github.com/moby/buildkit.git' 40 | )" 41 | ;; 42 | 43 | [0-9]*.[0-9]*) 44 | bk="$( 45 | hook_variant-version() { 46 | case "$3" in "$variant" | "$variant".*) return 0 ;; esac 47 | return 1 48 | } 49 | versions_hooks+=( hook_no-prereleases hook_variant-version ) 50 | git-tags 'https://github.com/moby/buildkit.git' 51 | )" 52 | ;; 53 | 54 | dev) 55 | bk="$(git-ref-commit 'https://github.com/moby/buildkit.git' 'HEAD')" 56 | ;; 57 | 58 | *) echo >&2 "error: unknown variant: '$variant'"; exit 1 ;; 59 | esac 60 | [ -n "$bk" ] 61 | 62 | commit="$(jq <<<"$bk" -r '.commit // .version')" 63 | go="$(wget -qO- "https://github.com/moby/buildkit/raw/$commit/go.mod")" 64 | go="$(awk <<<"$go" '$1 == "go" { if ($2 ~ /^[0-9]+[.][0-9]+[.][0-9]+$/) { sub(/[.][0-9]+$/, "", $2) } print $2; exit }')" 65 | echo >&2 "${variant:-stable} go: $go" 66 | 67 | json="$(jq <<<"$json" --argjson bk "$bk" --arg go "$go" ' 68 | if env.variant == "" then . else .[env.variant] end += $bk + { go: { version: $go } } 69 | | .variants += [ env.variant ] 70 | ')" 71 | done 72 | 73 | jq <<<"$json" '.' > versions.json 74 | -------------------------------------------------------------------------------- /containerd/README.md: -------------------------------------------------------------------------------- 1 | # containerd 2 | 3 | ```console 4 | $ docker run -dit --name containerd --user nobody tianon/containerd 5 | $ docker exec -it containerd bash 6 | nobody@828358e6a99a:/$ ctr content fetch --all-platforms docker.io/foo/bar:baz 7 | ... 8 | nobody@828358e6a99a:/$ ctr images push --user jsmith docker.io/baz/bar:foo docker.io/foo/bar:baz 9 | ... 10 | ``` 11 | -------------------------------------------------------------------------------- /containerd/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | # no arguments or first arg is `-f` or `--some-option` 5 | if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then 6 | set -- containerd "$@" 7 | fi 8 | 9 | # if we're not root, let's adjust all the "uid" and "gid" parameters of the config to whatever our current user is (so we avoid "chown" permission errors) 10 | if [ "$1" = 'containerd' ]; then 11 | uid="$(id -u)" 12 | if [ "$uid" != 0 ]; then 13 | shift 14 | 15 | if ! configDump="$(containerd config dump 2>/dev/null)"; then 16 | configDump="$(containerd --config /dev/null config dump)" 17 | fi 18 | 19 | gid="$(id -g)" 20 | 21 | exec containerd --config <( 22 | awk <<<"$configDump" -v uid="$uid" -v gid="$gid" ' 23 | $1 == "uid" { gsub(/=.+$/, "= " uid) } 24 | $1 == "gid" { gsub(/=.+$/, "= " gid) } 25 | { print } 26 | ' 27 | ) "$@" 28 | fi 29 | 30 | # we're root *and* running containerd, so let's do a few crude checks for whether the dind script has already run (or whether we should automatically run it) 31 | if [ -z "${container:-}" ] && ! mountpoint -q /tmp; then 32 | # TODO somehow also detect --privileged ? 33 | set -- dind "$@" 34 | fi 35 | fi 36 | 37 | exec "$@" 38 | -------------------------------------------------------------------------------- /coredns/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM debian:bookworm-slim 8 | 9 | # https://github.com/coredns/coredns/releases 10 | ENV COREDNS_VERSION 1.12.2 11 | 12 | RUN set -eux; \ 13 | \ 14 | dpkgArch="$(dpkg --print-architecture)"; \ 15 | case "$dpkgArch" in \ 16 | 'amd64') url='https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_amd64.tgz'; sha256='95c03c2e8ef56e2ec3cfbb2970504d7abdc07666b9dde8c5dc9d72d34dff756e' ;; \ 17 | 'arm64') url='https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_arm64.tgz'; sha256='3e2117d24e7e0292d60578809ce4ad1e517cd957bffe595241826cff6cdb6c9b' ;; \ 18 | 'mips64el') url='https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_mips64le.tgz'; sha256='ee35955c7220940c7341b4ecb7de086bfbf5c3ca41b0f74c443da08098f5f2d0' ;; \ 19 | 'ppc64el') url='https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_ppc64le.tgz'; sha256='cd0ee03fe19af4f9684ea1e4f37dd496526a9dd92d9345b9cadb0ecc27fe11c4' ;; \ 20 | 'riscv64') url='https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_riscv64.tgz'; sha256='f2a88f7da84be6a7938510e17bd1fad0a371c7bcc9ba7e79bf705d287a80220f' ;; \ 21 | 's390x') url='https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_s390x.tgz'; sha256='1b731c5e62fadc2bd9395cf2a4a8917d4732ba94912732274395a0a48066cbe8' ;; \ 22 | *) echo >&2 "error: unsupported architecture '$dpkgArch'"; exit 1 ;; \ 23 | esac; \ 24 | \ 25 | aptMarkManual="$(apt-mark showmanual)"; \ 26 | apt-get update; \ 27 | apt-get install -y --no-install-recommends ca-certificates wget; \ 28 | \ 29 | wget -O coredns.tgz "$url" --progress=dot:giga; \ 30 | echo "$sha256 *coredns.tgz" | sha256sum --strict --check -; \ 31 | tar -xvf coredns.tgz -C /usr/local/bin; \ 32 | rm coredns.tgz; \ 33 | \ 34 | apt-mark auto '.*' > /dev/null; \ 35 | [ -z "$aptMarkManual" ] || apt-mark manual $aptMarkManual > /dev/null; \ 36 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 37 | rm -rf /var/lib/apt/lists/*; \ 38 | \ 39 | coredns --version 40 | 41 | USER nobody:nogroup 42 | CMD ["coredns"] 43 | -------------------------------------------------------------------------------- /coredns/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | # https://github.com/coredns/coredns/releases 4 | ENV COREDNS_VERSION {{ .version }} 5 | 6 | RUN set -eux; \ 7 | \ 8 | dpkgArch="$(dpkg --print-architecture)"; \ 9 | case "$dpkgArch" in \ 10 | {{ .arches | map( -}} 11 | {{ .dpkgArch // empty | @sh }}) url={{ .url | @sh }}; sha256={{ .sha256 | @sh }} ;; \ 12 | {{ ) | add -}} 13 | *) echo >&2 "error: unsupported architecture '$dpkgArch'"; exit 1 ;; \ 14 | esac; \ 15 | \ 16 | aptMarkManual="$(apt-mark showmanual)"; \ 17 | apt-get update; \ 18 | apt-get install -y --no-install-recommends ca-certificates wget; \ 19 | \ 20 | wget -O coredns.tgz "$url" --progress=dot:giga; \ 21 | echo "$sha256 *coredns.tgz" | sha256sum --strict --check -; \ 22 | tar -xvf coredns.tgz -C /usr/local/bin; \ 23 | rm coredns.tgz; \ 24 | \ 25 | apt-mark auto '.*' > /dev/null; \ 26 | [ -z "$aptMarkManual" ] || apt-mark manual $aptMarkManual > /dev/null; \ 27 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 28 | rm -rf /var/lib/apt/lists/*; \ 29 | \ 30 | coredns --version 31 | 32 | USER nobody:nogroup 33 | CMD ["coredns"] 34 | -------------------------------------------------------------------------------- /coredns/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | version="$(jq -r '.version' "$dir/versions.json")" 9 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/Dockerfile")" # TODO multi-stage build?? 10 | fromArches="$(bashbrew remote arches --json "$from" | jq -c '.arches | keys')" 11 | arches="$(jq -r -L "$dir/../.libs" --argjson fromArches "$fromArches" ' 12 | include "lib" 13 | ; 14 | [ 15 | $fromArches, 16 | (.arches | map_values(select(.dpkgArch)) | keys), 17 | empty 18 | ] 19 | | intersection 20 | | join(", ") 21 | ' "$dir/versions.json")" 22 | [ -n "$arches" ] 23 | 24 | source gsl-libs.sh 25 | 26 | globalEntry 27 | echo "Architectures: $arches" 28 | 29 | versionedTagsEntry "$dir" "$version" latest 30 | -------------------------------------------------------------------------------- /coredns/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "0eb55420350647a788e96282d03978e8a782d478", 3 | "ref": "refs/tags/v1.12.2", 4 | "tag": "v1.12.2", 5 | "version": "1.12.2", 6 | "arches": { 7 | "amd64": { 8 | "url": "https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_amd64.tgz", 9 | "sha256": "95c03c2e8ef56e2ec3cfbb2970504d7abdc07666b9dde8c5dc9d72d34dff756e", 10 | "dpkgArch": "amd64" 11 | }, 12 | "arm64v8": { 13 | "url": "https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_arm64.tgz", 14 | "sha256": "3e2117d24e7e0292d60578809ce4ad1e517cd957bffe595241826cff6cdb6c9b", 15 | "dpkgArch": "arm64" 16 | }, 17 | "mips64le": { 18 | "url": "https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_mips64le.tgz", 19 | "sha256": "ee35955c7220940c7341b4ecb7de086bfbf5c3ca41b0f74c443da08098f5f2d0", 20 | "dpkgArch": "mips64el" 21 | }, 22 | "ppc64le": { 23 | "url": "https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_ppc64le.tgz", 24 | "sha256": "cd0ee03fe19af4f9684ea1e4f37dd496526a9dd92d9345b9cadb0ecc27fe11c4", 25 | "dpkgArch": "ppc64el" 26 | }, 27 | "riscv64": { 28 | "url": "https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_riscv64.tgz", 29 | "sha256": "f2a88f7da84be6a7938510e17bd1fad0a371c7bcc9ba7e79bf705d287a80220f", 30 | "dpkgArch": "riscv64" 31 | }, 32 | "s390x": { 33 | "url": "https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_linux_s390x.tgz", 34 | "sha256": "1b731c5e62fadc2bd9395cf2a4a8917d4732ba94912732274395a0a48066cbe8", 35 | "dpkgArch": "s390x" 36 | }, 37 | "windows-amd64": { 38 | "url": "https://github.com/coredns/coredns/releases/download/v1.12.2/coredns_1.12.2_windows_amd64.tgz", 39 | "sha256": "5622ed8cf6f265d7360229fcfdf0924e5ffe7905545cc42086627bec2ae372b0", 40 | "dpkgArch": null 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /coredns/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | # 🙃 (https://github.com/coredns/coredns/releases/tag/v1.11.3 is a normal release, but marked pre-release on GH) 13 | hook_no-github-prereleases() { 14 | local version="$3" 15 | if wget -qO- "https://github.com/coredns/coredns/releases/tag/v${version}" | grep -F 'Pre-release' > /dev/null; then 16 | return 1 17 | fi 18 | return 0 19 | } 20 | versions_hooks+=( hook_no-github-prereleases ) 21 | 22 | # https://github.com/coredns/coredns/releases 23 | upstreamArches=( 24 | amd64 25 | # TODO arm32v? ("linux_arm") 26 | arm64v8 27 | mips64le 28 | ppc64le 29 | riscv64 30 | s390x 31 | windows-amd64 32 | ) 33 | hook_coredns-arches() { 34 | local version="$3" 35 | local json='{}' arch 36 | for arch in "${upstreamArches[@]}"; do 37 | local upstreamArch 38 | case "$arch" in 39 | arm64v8) upstreamArch='linux_arm64' ;; 40 | windows-*) upstreamArch="${arch/-/_}" ;; 41 | *) upstreamArch="linux_$arch" ;; 42 | esac 43 | local sha256 url="https://github.com/coredns/coredns/releases/download/v${version}/coredns_${version}_${upstreamArch}.tgz" 44 | sha256="$(wget -qO- "$url.sha256")" || continue 45 | sha256="${sha256%% *}" 46 | json="$(jq <<<"$json" -c --arg arch "$arch" --arg url "$url" --arg sha256 "$sha256" -L"$dir/../.libs" ' 47 | include "lib" 48 | ; 49 | .arches[$arch] = { 50 | url: $url, 51 | sha256: $sha256, 52 | dpkgArch: ($arch | deb_arch), 53 | } 54 | ')" 55 | done 56 | jq <<<"$json" -e '.arches? | has("amd64") and has("arm64v8")' > /dev/null || return 1 57 | [ "$json" = '{}' ] || printf '%s\n' "$json" 58 | } 59 | versions_hooks+=( hook_coredns-arches ) 60 | 61 | coredns="$( 62 | git-tags 'https://github.com/coredns/coredns.git' 63 | )" 64 | 65 | jq <<<"$coredns" . > versions.json 66 | -------------------------------------------------------------------------------- /cygwin/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | dockerfiles=( $(ls -1 Dockerfile.* | tac) ) 5 | 6 | images=() 7 | for df in "${dockerfiles[@]}"; do 8 | version="${df#Dockerfile.}" 9 | if [ "$version" = 'template' ]; then 10 | continue 11 | fi 12 | image="tianon/cygwin:win$version" 13 | ( set -x; docker build --tag "tianon/cygwin:win$version" --pull --file "$df" . ) 14 | images+=( "$image" ) 15 | done 16 | 17 | cat > latest.yml <<-'EOH' 18 | image: tianon/cygwin:latest 19 | manifests: 20 | EOH 21 | for image in "${images[@]}"; do 22 | ( set -x; docker push "$image" ) 23 | echo " - image: $image" >> latest.yml 24 | done 25 | 26 | ( set -x; manifest-tool push from-spec latest.yml ) 27 | -------------------------------------------------------------------------------- /cygwin/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | 6 | variants="$(jq -r '.variants | map(@sh) | join(" ")' versions.json)" 7 | eval "variants=( $variants )" 8 | 9 | dir="$(basename "$PWD")" 10 | cd .. 11 | 12 | source gsl-libs.sh 13 | 14 | globalEntry 15 | 16 | for variant in "${variants[@]}"; do 17 | dockerfile="Dockerfile.$variant" 18 | tagsEntry "$dir" "win$variant" 19 | cat <<-EOF 20 | Architectures: windows-amd64 21 | Constraints: windowsservercore-$variant 22 | SharedTags: latest 23 | EOF 24 | done 25 | -------------------------------------------------------------------------------- /cygwin/latest.yml: -------------------------------------------------------------------------------- 1 | image: tianon/cygwin:latest 2 | manifests: 3 | - image: tianon/cygwin:winltsc2022 4 | - image: tianon/cygwin:win1809 5 | -------------------------------------------------------------------------------- /cygwin/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "sha512": "0c3ed2733c7dc53a5a3fba38d2d0c542c6b17096defa4c3ed581a79f06c360f5abf58260496132cc8714a077f01c87342979469f6813ec471a55b54929d115cc", 3 | "variants": [ 4 | "ltsc2025", 5 | "ltsc2022", 6 | "1809" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cygwin/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | # TODO https://cygwin.com/setup/?C=M;O=D !!!! 5 | # (no clear relationship between these and "sha512.sum" - it's somehow generated only for latest) 6 | 7 | [ -e versions.json ] 8 | 9 | sha512="$(wget -qO- 'https://cygwin.com/sha512.sum' | awk -v ret=1 '$2 == "setup-x86_64.exe" { print $1; ret = 0; exit ret } END { exit ret }')" 10 | export sha512 11 | 12 | echo >&2 "cygwin: $sha512" 13 | 14 | jq -nS ' 15 | { 16 | sha512: env.sha512, 17 | variants: [ 18 | # https://oci.dag.dev/?repo=mcr.microsoft.com/windows/servercore 19 | # https://hub.docker.com/r/microsoft/windowsservercore 20 | "ltsc2025", 21 | "ltsc2022", 22 | "1809", 23 | empty # trailing comma 24 | ], 25 | } 26 | ' > versions.json 27 | -------------------------------------------------------------------------------- /diffoscope/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM python:3.10-slim-bookworm 8 | 9 | RUN set -eux; \ 10 | apt-get update; \ 11 | apt-get install -y --no-install-recommends \ 12 | libarchive13 \ 13 | libmagic1 \ 14 | unzip \ 15 | xz-utils \ 16 | # xxd (xxd not available in path. Falling back to Python hexlify.) 17 | vim-common \ 18 | # readelf ('readelf' not available in path. Falling back to binary comparison.) 19 | binutils-multiarch \ 20 | ; \ 21 | rm -rf /var/lib/apt/lists/* 22 | 23 | # https://pypi.org/project/diffoscope/ 24 | ENV DIFFOSCOPE_VERSION 297 25 | 26 | RUN set -eux; \ 27 | pip install --no-cache-dir "diffoscope[distro_detection,cmdline] == $DIFFOSCOPE_VERSION"; \ 28 | diffoscope --version 29 | 30 | CMD ["diffoscope"] 31 | -------------------------------------------------------------------------------- /diffoscope/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM {{ .python.from }} 2 | 3 | RUN set -eux; \ 4 | apt-get update; \ 5 | apt-get install -y --no-install-recommends \ 6 | libarchive13 \ 7 | libmagic1 \ 8 | unzip \ 9 | xz-utils \ 10 | # xxd (xxd not available in path. Falling back to Python hexlify.) 11 | vim-common \ 12 | # readelf ('readelf' not available in path. Falling back to binary comparison.) 13 | binutils-multiarch \ 14 | ; \ 15 | rm -rf /var/lib/apt/lists/* 16 | 17 | # https://pypi.org/project/diffoscope/ 18 | ENV DIFFOSCOPE_VERSION {{ .version }} 19 | 20 | RUN set -eux; \ 21 | pip install --no-cache-dir "diffoscope[distro_detection,cmdline] == $DIFFOSCOPE_VERSION"; \ 22 | diffoscope --version 23 | 24 | CMD ["diffoscope"] 25 | -------------------------------------------------------------------------------- /diffoscope/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /diffoscope/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "297", 3 | "python": { 4 | "version": "3.10", 5 | "from": "python:3.10-slim-bookworm", 6 | "arches": [ 7 | "amd64", 8 | "arm32v5", 9 | "arm32v7", 10 | "arm64v8", 11 | "i386", 12 | "ppc64le", 13 | "s390x" 14 | ] 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /diffoscope/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/pypi.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | export TIANON_PYTHON_FROM_TEMPLATE='python:%%PYTHON%%-slim-bookworm' 13 | 14 | json="$(pypi 'diffoscope')" 15 | 16 | jq <<<"$json" '.' > versions.json 17 | -------------------------------------------------------------------------------- /docker-desktop/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | env="${dir^^}_VERSION" 12 | env="${env//-/_}" 13 | versionedEnvTagsEntry "$dir" "$env" latest 14 | echo '# ironically, this cannot use BuildKit: https://github.com/moby/buildkit/issues/1267' 15 | echo 'Builder: classic' 16 | -------------------------------------------------------------------------------- /docker-desktop/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "sha256": "c93573f1d1c1e83b6460e5666b29283a085a529c2fe8b7e13d1a8955eb0be1ce", 3 | "url": "https://desktop.docker.com/linux/main/amd64/172550/docker-desktop-amd64.deb", 4 | "version": "4.35.0" 5 | } 6 | -------------------------------------------------------------------------------- /docker-desktop/virtiofsd.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/main.rs b/src/main.rs 2 | index ca36055..cb34eb1 100644 3 | --- a/src/main.rs 4 | +++ b/src/main.rs 5 | @@ -766,7 +766,7 @@ struct Opt { 6 | xattrmap: Option, 7 | 8 | /// Sandbox mechanism to isolate the daemon process (namespace, chroot, none) 9 | - #[arg(long, default_value = "namespace")] 10 | + #[arg(long, default_value = "none")] 11 | sandbox: SandboxMode, 12 | 13 | /// Action to take when seccomp finds a not allowed syscall (none, kill, log, trap) 14 | @@ -1175,7 +1175,7 @@ fn drop_capabilities(inode_file_handles: InodeFileHandlesMode, modcaps: Option /etc/docker/daemon.json 6 | 7 | ENV CONTAINERD_ADDRESS /run/docker/containerd/containerd.sock 8 | ENV CONTAINERD_NAMESPACE moby 9 | -------------------------------------------------------------------------------- /docker-master/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | # first arg is `-f` or `--some-option` 5 | if [ "${1#-}" != "$1" ]; then 6 | set -- docker "$@" 7 | fi 8 | 9 | # if our command is a valid Docker subcommand, let's invoke it through Docker instead 10 | # (this allows for "docker run docker ps", etc) 11 | if docker help "$1" > /dev/null 2>&1; then 12 | set -- docker "$@" 13 | fi 14 | 15 | _should_tls() { 16 | [ -n "${DOCKER_TLS_CERTDIR:-}" ] \ 17 | && [ -s "$DOCKER_TLS_CERTDIR/client/ca.pem" ] \ 18 | && [ -s "$DOCKER_TLS_CERTDIR/client/cert.pem" ] \ 19 | && [ -s "$DOCKER_TLS_CERTDIR/client/key.pem" ] 20 | } 21 | 22 | # if we have no DOCKER_HOST but we do have the default Unix socket (standard or rootless), use it explicitly 23 | if [ -z "${DOCKER_HOST:-}" ] && [ -S /var/run/docker.sock ]; then 24 | export DOCKER_HOST=unix:///var/run/docker.sock 25 | elif [ -z "${DOCKER_HOST:-}" ] && XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}" && [ -S "$XDG_RUNTIME_DIR/docker.sock" ]; then 26 | export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/docker.sock" 27 | fi 28 | 29 | # if DOCKER_HOST isn't set (no custom setting, no default socket), let's set it to a sane remote value 30 | if [ -z "${DOCKER_HOST:-}" ]; then 31 | if _should_tls || [ -n "${DOCKER_TLS_VERIFY:-}" ]; then 32 | export DOCKER_HOST='tcp://docker:2376' 33 | else 34 | export DOCKER_HOST='tcp://docker:2375' 35 | fi 36 | fi 37 | if [ "${DOCKER_HOST#tcp:}" != "$DOCKER_HOST" ] \ 38 | && [ -z "${DOCKER_TLS_VERIFY:-}" ] \ 39 | && [ -z "${DOCKER_CERT_PATH:-}" ] \ 40 | && _should_tls \ 41 | ; then 42 | export DOCKER_TLS_VERIFY=1 43 | export DOCKER_CERT_PATH="$DOCKER_TLS_CERTDIR/client" 44 | fi 45 | 46 | if [ "$1" = 'dockerd' ]; then 47 | cat >&2 <<-'EOW' 48 | 49 | 📎 Hey there! It looks like you're trying to run a Docker daemon. 50 | 51 | You probably should use the "dind" image variant instead, something like: 52 | 53 | docker run --privileged --name some-docker ... docker:dind ... 54 | 55 | See https://hub.docker.com/_/docker/ for more documentation and usage examples. 56 | 57 | EOW 58 | sleep 3 59 | fi 60 | 61 | exec "$@" 62 | -------------------------------------------------------------------------------- /docker-master/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | tagsEntry "$dir" latest dind 12 | dockerfile='Dockerfile.containerd' tagsEntry "$dir" containerd 13 | -------------------------------------------------------------------------------- /docker-master/modprobe.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | # "modprobe" without modprobe 5 | # https://twitter.com/lucabruno/status/902934379835662336 6 | 7 | # this isn't 100% fool-proof, but it'll have a much higher success rate than simply using the "real" modprobe 8 | 9 | # Docker often uses "modprobe -va foo bar baz" 10 | # so we ignore modules that start with "-" 11 | for module; do 12 | if [ "${module#-}" = "$module" ]; then 13 | ip link show "$module" || true 14 | lsmod | grep "$module" || true 15 | fi 16 | done 17 | 18 | # remove /usr/local/... from PATH so we can exec the real modprobe as a last resort 19 | export PATH='/usr/sbin:/usr/bin:/sbin:/bin' 20 | exec modprobe "$@" 21 | -------------------------------------------------------------------------------- /docker-master/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "b65c31427cf8360e5343f048fdf74374b8fa4c7c", 3 | "go": { 4 | "version": "1.23.0" 5 | }, 6 | "cli": { 7 | "version": "082d23d12d331a9d7c8b858c67fc218c918adb5e", 8 | "go": { 9 | "version": "1.23.0" 10 | } 11 | }, 12 | "buildx": { 13 | "version": "32e9bfcba890c60274715f982176d431a874a2b9", 14 | "go": { 15 | "version": "1.23.0" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /docker-master/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | moby="$(git-ref-commit 'https://github.com/moby/moby.git' 'HEAD')" 11 | cli="$(git-ref-commit 'https://github.com/docker/cli.git' 'HEAD')" 12 | buildx="$(git-ref-commit 'https://github.com/docker/buildx.git' 'HEAD')" 13 | 14 | moby="$( 15 | commit="$(jq <<<"$moby" -r '.version')" 16 | go="$(wget -qO- "https://github.com/moby/moby/raw/$commit/vendor.mod")" 17 | go="$(awk <<<"$go" '$1 == "go" { print $2; exit }')" 18 | echo >&2 "moby go: $go" 19 | jq <<<"$moby" -c --arg go "$go" '.go = { version: $go }' 20 | )" 21 | 22 | cli="$( 23 | commit="$(jq <<<"$cli" -r '.version')" 24 | go="$(wget -qO- "https://github.com/docker/cli/raw/$commit/vendor.mod")" 25 | go="$(awk <<<"$go" '$1 == "go" { print $2; exit }')" 26 | echo >&2 "cli go: $go" 27 | jq <<<"$cli" -c --arg go "$go" '.go = { version: $go }' 28 | )" 29 | 30 | buildx="$( 31 | commit="$(jq <<<"$buildx" -r '.version')" 32 | go="$(wget -qO- "https://github.com/docker/buildx/raw/$commit/go.mod")" 33 | go="$(awk <<<"$go" '$1 == "go" { print $2; exit }')" 34 | echo >&2 "buildx go: $go" 35 | jq <<<"$buildx" -c --arg go "$go" '.go = { version: $go }' 36 | )" 37 | 38 | jq <<<"$moby" --argjson cli "$cli" --argjson buildx "$buildx" ' 39 | . += { 40 | cli: $cli, 41 | buildx: $buildx, 42 | } 43 | ' > versions.json 44 | -------------------------------------------------------------------------------- /exim4/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN set -eux; \ 4 | apt-get update; \ 5 | apt-get install -y \ 6 | exim4-daemon-light \ 7 | tini \ 8 | ; \ 9 | rm -rf /var/lib/apt/lists/*; \ 10 | ln -svfT /etc/hostname /etc/mailname 11 | 12 | # https://blog.dhampir.no/content/exim4-line-length-in-debian-stretch-mail-delivery-failed-returning-message-to-sender 13 | # https://serverfault.com/a/881197 14 | # https://bugs.debian.org/828801 15 | RUN echo "IGNORE_SMTP_LINE_LENGTH_LIMIT='true'" >> /etc/exim4/exim4.conf.localmacros 16 | 17 | RUN set -eux; \ 18 | mkdir -p /var/spool/exim4 /var/log/exim4; \ 19 | chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4 20 | VOLUME ["/var/spool/exim4", "/var/log/exim4"] 21 | 22 | COPY set-exim4-update-conf docker-entrypoint.sh /usr/local/bin/ 23 | RUN set -eux; \ 24 | set-exim4-update-conf \ 25 | dc_eximconfig_configtype 'internet' \ 26 | dc_hide_mailname 'true' \ 27 | dc_local_interfaces '0.0.0.0 ; ::0' \ 28 | dc_other_hostnames '' \ 29 | dc_relay_nets '0.0.0.0/0' \ 30 | ; 31 | 32 | EXPOSE 25 33 | ENTRYPOINT ["docker-entrypoint.sh"] 34 | CMD ["exim", "-bd", "-v"] 35 | -------------------------------------------------------------------------------- /exim4/README.md: -------------------------------------------------------------------------------- 1 | # How To Use 2 | 3 | You will want to set a reasonable hostname of some kind (`--hostname`), since that's symlinked to `/etc/mailname` inside the image and used for outgoing mail metadata. 4 | 5 | ## sSMTP 6 | 7 | If you want to use this with another container that has sSMTP or similar installed, here's a configuration you can adapt: (assuming your second container uses something like `--link some-exim4:smtp`) 8 | 9 | ``` 10 | Mailhub=smtp 11 | FromLineOverride=Yes 12 | ``` 13 | 14 | Then `sendmail` in your linked container should work as expected. You can also skip `FromLineOverride` in the second container if you want, but the alternative is sSMTP being weird about hostnames and forcing you into a box. 15 | 16 | ## Gmail / "smarthost" (external SMTP) 17 | 18 | If you'd rather not relay mail directly (which is a smart thing to not want to do generally), you can trivially configure this container to relay via a Gmail account instead! Just add `-e GMAIL_USER=youruser@yourdomain.com -e GMAIL_PASSWORD=yourpasswordhere` and the entrypoint will automatically preconfigure to relay via the Gmail account specified! 19 | 20 | Alternatively, you can use this container as a proxy for another SMTP server via `-e EXIM4_SMARTHOST='smtp.yourdomain.com::587' -e EXIM4_SMARTHOST_USER='youruser@yourdomain.com' -e EXIM4_SMARTHOST_PASSWORD='yourpasswordhere'` (in fact, `GMAIL_*` are shorthand for `EXIM4_SMARTHOST='smtp.gmail.com::587'` 😄). 21 | -------------------------------------------------------------------------------- /exim4/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -Eeuo pipefail 3 | 4 | if [ "$1" = 'exim' ]; then 5 | if [ -n "${GMAIL_USER:-}" ] && [ -n "${GMAIL_PASSWORD:-}" ]; then 6 | # see https://wiki.debian.org/GmailAndExim4 7 | export EXIM4_SMARTHOST='smtp.gmail.com::587' \ 8 | EXIM4_SMARTHOST_USER="$GMAIL_USER" \ 9 | EXIM4_SMARTHOST_PASSWORD="$GMAIL_PASSWORD" 10 | fi 11 | unset GMAIL_USER GMAIL_PASSWORD # scrub env of creds 12 | 13 | if [ -n "${EXIM4_SMARTHOST:-}" ]; then 14 | set-exim4-update-conf \ 15 | dc_eximconfig_configtype 'smarthost' \ 16 | dc_smarthost "$EXIM4_SMARTHOST" 17 | if [ -n "${EXIM4_SMARTHOST_USER:-}" ] && [ -n "${EXIM4_SMARTHOST_PASSWORD:-}" ]; then 18 | echo "*:$EXIM4_SMARTHOST_USER:$EXIM4_SMARTHOST_PASSWORD" > /etc/exim4/passwd.client 19 | fi 20 | fi 21 | unset EXIM4_SMARTHOST EXIM4_SMARTHOST_USER EXIM4_SMARTHOST_PASSWORD # scrub env of creds 22 | 23 | if [ "$(id -u)" = '0' ]; then 24 | mkdir -p /var/spool/exim4 /var/log/exim4 || : 25 | chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4 || : 26 | fi 27 | 28 | if [ "$$" = 1 ]; then 29 | set -- tini -- "$@" 30 | fi 31 | fi 32 | 33 | exec "$@" 34 | -------------------------------------------------------------------------------- /exim4/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-latest.sh -------------------------------------------------------------------------------- /exim4/set-exim4-update-conf: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | conf='/etc/exim4/update-exim4.conf.conf' 5 | 6 | args=() 7 | while [ "$#" -gt 0 ]; do 8 | key="$1" 9 | value="$2" 10 | shift 2 11 | 12 | if ! grep -qE "^#?${key}=" "$conf"; then 13 | echo >&2 "error: '$key' not found in '$conf'" 14 | exit 1 15 | fi 16 | 17 | sed_escaped_value="$(sed -e 's/[\/&]/\\&/g' <<<"$value")" 18 | args+=( -e "s/^#?(${key})=.*/\1='${sed_escaped_value}'/" ) 19 | done 20 | 21 | if [ "${#args[@]}" -eq 0 ]; then 22 | echo >&2 "error: nothing to do?" 23 | exit 1 24 | fi 25 | 26 | set -x 27 | sed -ri "${args[@]}" "$conf" 28 | update-exim4.conf -v 29 | -------------------------------------------------------------------------------- /firefox/firefox.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/firefox/firefox.png -------------------------------------------------------------------------------- /firefox/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /firefox/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "filename": "pool/mozilla/firefox_139.0.4~build1_amd64_c89c47a1c7693433ccb66533bf710a17.deb", 3 | "sha256": "7dc3dc55b4145bcf2b689d5baf01b4765ea7d54d0511569f1c7f962e906f8a2d", 4 | "url": "http://packages.mozilla.org/apt/pool/mozilla/firefox_139.0.4~build1_amd64_c89c47a1c7693433ccb66533bf710a17.deb", 5 | "version": "139.0.4~build1" 6 | } 7 | -------------------------------------------------------------------------------- /firefox/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/deb-repo.sh" 9 | 10 | # https://support.mozilla.org/kb/install-firefox-linux#w_install-firefox-deb-package-for-debian-based-distributions 11 | json="$( 12 | uri='http://packages.mozilla.org/apt' 13 | suite='mozilla' 14 | component='main' 15 | package='firefox' # TODO -beta? -nightly? -esr? 16 | deb-repo 17 | )" 18 | 19 | jq <<<"$json" '.' > versions.json 20 | -------------------------------------------------------------------------------- /gitlab/Jenkinsfile: -------------------------------------------------------------------------------- 1 | node { 2 | stage('Checkout') { 3 | checkout scm 4 | } 5 | 6 | stage('Retag') { 7 | sh ''' 8 | ./gitlab/retag.sh 9 | ''' 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /gitlab/README.md: -------------------------------------------------------------------------------- 1 | This repository contains a mirror of selected tags from [the `gitlab/gitlab-ce` repository](https://hub.docker.com/r/gitlab/gitlab-ce), but tagged as appropriate `MAJOR.MINOR` / `MAJOR` tags so that upgrades can be handled semi-transparently via `docker pull` (`docker service update`, ["hocker"](https://github.com/infosiftr/hocker), etc) instead of via manual version bumps on deployments. 2 | 3 | See also https://gitlab.com/gitlab-org/gitlab-foss/blob/master/doc/policy/maintenance.md#upgrade-recommendations, especially: 4 | 5 | > It is considered safe to jump between patch versions and minor versions within 6 | one major version. For example, it is safe to: 7 | > - Upgrade the patch version: 8 | > - `8.9.0` -> `8.9.7` 9 | > - `8.9.0` -> `8.9.1` 10 | > - `8.9.2` -> `8.9.6` 11 | > - Upgrade the minor version: 12 | > - `8.9.4` -> `8.12.3` 13 | > - `9.2.3` -> `9.5.5` 14 | -------------------------------------------------------------------------------- /gitlab/retag.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | src='gitlab/gitlab-ce' 5 | dst='tianon/gitlab' 6 | 7 | tags="$( 8 | crane ls "$src" \ 9 | | grep -E '^[0-9]+[.][0-9]+[.][0-9]+(-ce([.][0-9]+)?)?$' \ 10 | | sort -rV 11 | )" 12 | 13 | declare -A latest=() 14 | 15 | for tag in $tags; do 16 | majorMinor="${tag%%-*}" # "x.y.z-ce.0" -> "x.y.z" 17 | majorMinor="${majorMinor%.*}" # "x.y.z" -> "x.y" 18 | major="${majorMinor%%.*}" # "x.y" -> "x" 19 | 20 | # ignore older versions 21 | case "$major" in 22 | 8 | 9 | 10 | 11 | 12) continue ;; 23 | esac 24 | 25 | if [ -z "${latest[latest]:-}" ]; then 26 | latest[latest]="$tag" 27 | fi 28 | if [ -z "${latest[$majorMinor]:-}" ]; then 29 | latest[$majorMinor]="$tag" 30 | fi 31 | if [ -z "${latest[$major]:-}" ]; then 32 | latest[$major]="$tag" 33 | fi 34 | done 35 | 36 | for dstTag in "${!latest[@]}"; do 37 | srcTag="${latest[$dstTag]}" 38 | ctrSrc="$src:$srcTag" 39 | ctrDst="$dst:$dstTag" 40 | echo 41 | ( 42 | set -x 43 | crane cp "$ctrSrc" "$ctrDst" 44 | ) 45 | done 46 | -------------------------------------------------------------------------------- /handbrake/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /handbrake/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "e117cfe7fca37abeec59ea4201e5d93ed7477746", 3 | "ref": "refs/tags/1.9.2^{}", 4 | "tag": "1.9.2", 5 | "version": "1.9.2" 6 | } 7 | -------------------------------------------------------------------------------- /handbrake/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | # make sure the releases have published sources (difference between "tagged" and "released") 11 | hook_hb-missing-source() { 12 | local version="$3" 13 | wget -q --spider "https://github.com/HandBrake/HandBrake/releases/download/$version/HandBrake-$version-source.tar.bz2.sig" 14 | } 15 | 16 | versions_hooks+=( hook_no-prereleases hook_hb-missing-source ) 17 | 18 | json="$(git-tags 'https://github.com/HandBrake/HandBrake.git')" 19 | 20 | jq <<<"$json" '.' > versions.json 21 | -------------------------------------------------------------------------------- /hell-win/Jenkinsfile: -------------------------------------------------------------------------------- 1 | node { 2 | stage('Checkout') { 3 | checkout scm 4 | } 5 | 6 | stage('Mirror') { 7 | sh ''' 8 | ./hell-win/mirror.sh 9 | ''' 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /infosiftr-moby/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | # first arg is `-f` or `--some-option` 5 | if [ "${1#-}" != "$1" ]; then 6 | set -- docker "$@" 7 | fi 8 | 9 | # if our command is a valid Docker subcommand, let's invoke it through Docker instead 10 | # (this allows for "docker run docker ps", etc) 11 | if docker help "$1" > /dev/null 2>&1; then 12 | set -- docker "$@" 13 | fi 14 | 15 | _should_tls() { 16 | [ -n "${DOCKER_TLS_CERTDIR:-}" ] \ 17 | && [ -s "$DOCKER_TLS_CERTDIR/client/ca.pem" ] \ 18 | && [ -s "$DOCKER_TLS_CERTDIR/client/cert.pem" ] \ 19 | && [ -s "$DOCKER_TLS_CERTDIR/client/key.pem" ] 20 | } 21 | 22 | # if we have no DOCKER_HOST but we do have the default Unix socket (standard or rootless), use it explicitly 23 | if [ -z "${DOCKER_HOST:-}" ] && [ -S /var/run/docker.sock ]; then 24 | export DOCKER_HOST=unix:///var/run/docker.sock 25 | elif [ -z "${DOCKER_HOST:-}" ] && XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}" && [ -S "$XDG_RUNTIME_DIR/docker.sock" ]; then 26 | export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/docker.sock" 27 | fi 28 | 29 | # if DOCKER_HOST isn't set (no custom setting, no default socket), let's set it to a sane remote value 30 | if [ -z "${DOCKER_HOST:-}" ]; then 31 | if _should_tls || [ -n "${DOCKER_TLS_VERIFY:-}" ]; then 32 | export DOCKER_HOST='tcp://docker:2376' 33 | else 34 | export DOCKER_HOST='tcp://docker:2375' 35 | fi 36 | fi 37 | if [ "${DOCKER_HOST#tcp:}" != "$DOCKER_HOST" ] \ 38 | && [ -z "${DOCKER_TLS_VERIFY:-}" ] \ 39 | && [ -z "${DOCKER_CERT_PATH:-}" ] \ 40 | && _should_tls \ 41 | ; then 42 | export DOCKER_TLS_VERIFY=1 43 | export DOCKER_CERT_PATH="$DOCKER_TLS_CERTDIR/client" 44 | fi 45 | 46 | if [ "$1" = 'dockerd' ]; then 47 | cat >&2 <<-'EOW' 48 | 49 | 📎 Hey there! It looks like you're trying to run a Docker daemon. 50 | 51 | You probably should use the "dind" image variant instead, something like: 52 | 53 | docker run --privileged --name some-docker ... docker:dind ... 54 | 55 | See https://hub.docker.com/_/docker/ for more documentation and usage examples. 56 | 57 | EOW 58 | sleep 3 59 | fi 60 | 61 | exec "$@" 62 | -------------------------------------------------------------------------------- /infosiftr-moby/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | version="$(jq -r '.version' "$dir/versions.json")" 9 | [ -n "$version" ] 10 | 11 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/Dockerfile")" # TODO multi-stage build?? 12 | arches="$(bashbrew remote arches --json "$from" | jq -c '.arches | keys + ["riscv64"]')" 13 | archesString="$(jq <<<"$arches" -r 'join(", ")')" 14 | [ -n "$archesString" ] 15 | 16 | source gsl-libs.sh 17 | extraCommitFiles=( Dockerfile.trixie ) 18 | 19 | globalEntry 20 | echo "Architectures: $archesString" 21 | 22 | versionedTagsEntry "$dir" "$version" latest 23 | echo 'riscv64-File: Dockerfile.trixie' 24 | 25 | # add old per-arch tags: https://explore.ggcr.dev/?repo=infosiftr/moby 26 | archArr="$(jq <<<"$arches" -r 'map(@sh) | join(" ")')" 27 | eval "archArr=( $archArr )" 28 | for arch in "${archArr[@]}"; do 29 | tagsEntry "$dir" "$arch" 30 | echo "Architectures: $arch" 31 | if [ "$arch" = 'riscv64' ]; then 32 | echo 'riscv64-File: Dockerfile.trixie' 33 | fi 34 | done 35 | -------------------------------------------------------------------------------- /infosiftr-moby/modprobe.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | # "modprobe" without modprobe 5 | # https://twitter.com/lucabruno/status/902934379835662336 6 | 7 | # this isn't 100% fool-proof, but it'll have a much higher success rate than simply using the "real" modprobe 8 | 9 | # Docker often uses "modprobe -va foo bar baz" 10 | # so we ignore modules that start with "-" 11 | for module; do 12 | if [ "${module#-}" = "$module" ]; then 13 | ip link show "$module" || true 14 | lsmod | grep "$module" || true 15 | fi 16 | done 17 | 18 | # remove /usr/local/... from PATH so we can exec the real modprobe as a last resort 19 | export PATH='/usr/sbin:/usr/bin:/sbin:/bin' 20 | exec modprobe "$@" 21 | -------------------------------------------------------------------------------- /infosiftr-moby/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/deb-repo.sh" 9 | source "$dir/../.libs/git.sh" 10 | 11 | debian='bookworm' 12 | json="$(jq -nc --arg debian "$debian" '{ debian: { version: $debian } }')" 13 | 14 | uri='https://apt.tianon.xyz/moby' 15 | component='main' 16 | 17 | for suite in \ 18 | "$debian" \ 19 | trixie \ 20 | ; do 21 | for binpkg in \ 22 | engine \ 23 | containerd \ 24 | runc \ 25 | cli \ 26 | cli-plugin-buildx \ 27 | ; do 28 | cjson="$( 29 | package="moby-$binpkg" 30 | if [ "$suite" = 'trixie' ]; then 31 | arch='riscv64' 32 | fi 33 | deb-repo 34 | )" 35 | json="$(jq <<<"$json" -c --arg suite "$suite" --arg binpkg "$binpkg" --argjson cjson "$cjson" ' 36 | if $suite == "trixie" then 37 | .["trixie"][$binpkg] = $cjson 38 | else 39 | .[$binpkg] = $cjson 40 | end 41 | ')" 42 | done 43 | done 44 | 45 | dind="$(github-file-commit 'docker/docker' 'HEAD' 'hack/dind')" 46 | 47 | jq <<<"$json" --argjson dind "$dind" ' 48 | def upstream_version: 49 | if index(":") then 50 | split(":")[1] 51 | else . end 52 | | split("-")[0] 53 | ; 54 | def v(v): 55 | v | split(".") 56 | ; 57 | .dind = $dind 58 | | (.engine.version | upstream_version) as $eng 59 | | (.cli.version | upstream_version) as $cli 60 | | (.trixie.engine.version | upstream_version) as $ueng 61 | | (.trixie.cli.version | upstream_version) as $ucli 62 | | if v($eng) >= v($cli) and $eng == $ueng and v($eng) >= v($ucli) then 63 | .version = $eng 64 | else . end 65 | | .variants = [ "", "trixie" ] # make sure "apply-templates.sh" creates "Dockerfile.trixie" too 66 | ' > versions.json 67 | -------------------------------------------------------------------------------- /jenkins/Dockerfile.lts: -------------------------------------------------------------------------------- 1 | lts/Dockerfile -------------------------------------------------------------------------------- /jenkins/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN set -eux; \ 4 | apt-get update; \ 5 | apt-get install -y --no-install-recommends \ 6 | ca-certificates curl \ 7 | gnupg \ 8 | gosu tini \ 9 | \ 10 | git openssh-client \ 11 | \ 12 | # java.lang.UnsatisfiedLinkError: /opt/java/openjdk/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory 13 | fontconfig \ 14 | ; \ 15 | rm -rf /var/lib/apt/lists/* 16 | 17 | # https://www.jenkins.io/doc/administration/requirements/java/ ("Jenkins requires Java 11 or 17 since Jenkins 2.357 and LTS 2.361.1.") 18 | ENV JAVA_HOME /opt/java/openjdk 19 | COPY --from=eclipse-temurin:17-jre $JAVA_HOME $JAVA_HOME 20 | ENV PATH $JAVA_HOME/bin:$PATH 21 | RUN set -eux; \ 22 | if \ 23 | LD_LIBRARY_PATH="$JAVA_HOME/lib:$JAVA_HOME/lib/server${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" \ 24 | find "$JAVA_HOME" -type f '(' -executable -o -name '*.so' ')' -exec ldd '{}' + \ 25 | | grep -vE 'libX[A-Za-z0-9]+|libasound' \ 26 | | grep 'not found' \ 27 | ; then \ 28 | exit 1; \ 29 | fi; \ 30 | java --version 31 | 32 | # https://www.jenkins.io/blog/2023/03/27/repository-signing-keys-changing/ 33 | # https://pkg.jenkins.io/debian/ 34 | ENV JENKINS_GPG_KEY 63667EE74BBA1F0A08A698725BA31D57EF5975CA 35 | RUN set -eux; \ 36 | export GNUPGHOME="$(mktemp -d)"; \ 37 | gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$JENKINS_GPG_KEY"; \ 38 | gpg --batch --export --armor "$JENKINS_GPG_KEY" > /etc/apt/keyrings/jenkins.gpg.asc; \ 39 | gpgconf --kill all; \ 40 | rm -rf "$GNUPGHOME" 41 | 42 | RUN echo 'deb [ signed-by=/etc/apt/keyrings/jenkins.gpg.asc ] {{ .[env.variant].repo }} binary/' > /etc/apt/sources.list.d/jenkins.list 43 | 44 | ENV JENKINS_VERSION {{ .[env.variant].version }} 45 | 46 | RUN set -eux; \ 47 | apt-get update; \ 48 | apt-get install -y --no-install-recommends \ 49 | jenkins="$JENKINS_VERSION" \ 50 | ; \ 51 | rm -rf /var/lib/apt/lists/*; \ 52 | java -jar /usr/share/java/jenkins.war --version 53 | 54 | ENV JENKINS_HOME /var/lib/jenkins 55 | RUN mkdir -p "$JENKINS_HOME" && chown -R jenkins:jenkins "$JENKINS_HOME" 56 | VOLUME $JENKINS_HOME 57 | 58 | EXPOSE 8080 59 | COPY docker-entrypoint.sh /usr/local/bin/ 60 | ENTRYPOINT ["docker-entrypoint.sh"] 61 | CMD ["jenkins"] 62 | -------------------------------------------------------------------------------- /jenkins/Dockerfile.weekly: -------------------------------------------------------------------------------- 1 | weekly/Dockerfile -------------------------------------------------------------------------------- /jenkins/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | 12 | # TODO !!!!! switch to File: with the new variants 🙈 13 | versionedEnvTagsEntry "$dir/weekly" 'JENKINS_VERSION' weekly latest 14 | versionedEnvVariantEntry "$dir/lts" lts 'JENKINS_VERSION' lts 15 | -------------------------------------------------------------------------------- /jenkins/lts/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | # TODO more argument detection (hyphens, etc) 5 | if [ "$#" -eq 0 ]; then 6 | set -- jenkins "$@" 7 | fi 8 | 9 | if [ "$1" = 'jenkins' ] || [ "$1" = 'java' ]; then 10 | set -- tini -- "$@" 11 | 12 | uid="$(id -u)" 13 | if [ "$uid" = 0 ]; then 14 | chown -R jenkins "$JENKINS_HOME" 15 | set -- gosu jenkins "$@" 16 | fi 17 | fi 18 | 19 | exec "$@" 20 | -------------------------------------------------------------------------------- /jenkins/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "variants": [ 3 | "weekly", 4 | "lts" 5 | ], 6 | "weekly": { 7 | "filename": "binary/jenkins_2.514_all.deb", 8 | "sha256": "f739730a72927d93bbcc8aabd6b04ef810c4f87da45a444ca9931f683b392bd2", 9 | "url": "https://pkg.jenkins.io/debian/binary/jenkins_2.514_all.deb", 10 | "version": "2.514", 11 | "repo": "https://pkg.jenkins.io/debian" 12 | }, 13 | "lts": { 14 | "filename": "binary/jenkins_2.504.2_all.deb", 15 | "sha256": "c08688b90d212d6668fd60c5ee773951d5a66f7ce5fbe9ac7a8290f4312bcc03", 16 | "url": "https://pkg.jenkins.io/debian-stable/binary/jenkins_2.504.2_all.deb", 17 | "version": "2.504.2", 18 | "repo": "https://pkg.jenkins.io/debian-stable" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /jenkins/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/deb-repo.sh" 9 | 10 | json='{ "variants": [] }' 11 | for variant in weekly lts; do 12 | uri='https://pkg.jenkins.io/debian' 13 | if [ "$variant" = 'lts' ]; then 14 | uri+='-stable' 15 | fi 16 | vjson="$( 17 | suite='binary/' 18 | package='jenkins' 19 | deb-repo 20 | )" 21 | json="$(jq <<<"$json" -c --arg variant "$variant" --arg repo "$uri" --argjson vjson "$vjson" ' 22 | .[$variant] = $vjson + { repo: $repo } 23 | | .variants += [ $variant ] 24 | ')" 25 | done 26 | 27 | jq <<<"$json" '.' > versions.json 28 | -------------------------------------------------------------------------------- /jenkins/weekly/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM debian:bookworm-slim 8 | 9 | RUN set -eux; \ 10 | apt-get update; \ 11 | apt-get install -y --no-install-recommends \ 12 | ca-certificates curl \ 13 | gnupg \ 14 | gosu tini \ 15 | \ 16 | git openssh-client \ 17 | \ 18 | # java.lang.UnsatisfiedLinkError: /opt/java/openjdk/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory 19 | fontconfig \ 20 | ; \ 21 | rm -rf /var/lib/apt/lists/* 22 | 23 | # https://www.jenkins.io/doc/administration/requirements/java/ ("Jenkins requires Java 11 or 17 since Jenkins 2.357 and LTS 2.361.1.") 24 | ENV JAVA_HOME /opt/java/openjdk 25 | COPY --from=eclipse-temurin:17-jre $JAVA_HOME $JAVA_HOME 26 | ENV PATH $JAVA_HOME/bin:$PATH 27 | RUN set -eux; \ 28 | if \ 29 | LD_LIBRARY_PATH="$JAVA_HOME/lib:$JAVA_HOME/lib/server${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" \ 30 | find "$JAVA_HOME" -type f '(' -executable -o -name '*.so' ')' -exec ldd '{}' + \ 31 | | grep -vE 'libX[A-Za-z0-9]+|libasound' \ 32 | | grep 'not found' \ 33 | ; then \ 34 | exit 1; \ 35 | fi; \ 36 | java --version 37 | 38 | # https://www.jenkins.io/blog/2023/03/27/repository-signing-keys-changing/ 39 | # https://pkg.jenkins.io/debian/ 40 | ENV JENKINS_GPG_KEY 63667EE74BBA1F0A08A698725BA31D57EF5975CA 41 | RUN set -eux; \ 42 | export GNUPGHOME="$(mktemp -d)"; \ 43 | gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$JENKINS_GPG_KEY"; \ 44 | gpg --batch --export --armor "$JENKINS_GPG_KEY" > /etc/apt/keyrings/jenkins.gpg.asc; \ 45 | gpgconf --kill all; \ 46 | rm -rf "$GNUPGHOME" 47 | 48 | RUN echo 'deb [ signed-by=/etc/apt/keyrings/jenkins.gpg.asc ] https://pkg.jenkins.io/debian binary/' > /etc/apt/sources.list.d/jenkins.list 49 | 50 | ENV JENKINS_VERSION 2.514 51 | 52 | RUN set -eux; \ 53 | apt-get update; \ 54 | apt-get install -y --no-install-recommends \ 55 | jenkins="$JENKINS_VERSION" \ 56 | ; \ 57 | rm -rf /var/lib/apt/lists/*; \ 58 | java -jar /usr/share/java/jenkins.war --version 59 | 60 | ENV JENKINS_HOME /var/lib/jenkins 61 | RUN mkdir -p "$JENKINS_HOME" && chown -R jenkins:jenkins "$JENKINS_HOME" 62 | VOLUME $JENKINS_HOME 63 | 64 | EXPOSE 8080 65 | COPY docker-entrypoint.sh /usr/local/bin/ 66 | ENTRYPOINT ["docker-entrypoint.sh"] 67 | CMD ["jenkins"] 68 | -------------------------------------------------------------------------------- /jenkins/weekly/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | # TODO more argument detection (hyphens, etc) 5 | if [ "$#" -eq 0 ]; then 6 | set -- jenkins "$@" 7 | fi 8 | 9 | if [ "$1" = 'jenkins' ] || [ "$1" = 'java' ]; then 10 | set -- tini -- "$@" 11 | 12 | uid="$(id -u)" 13 | if [ "$uid" = 0 ]; then 14 | chown -R jenkins "$JENKINS_HOME" 15 | set -- gosu jenkins "$@" 16 | fi 17 | fi 18 | 19 | exec "$@" 20 | -------------------------------------------------------------------------------- /lutris/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | RUN set -eux; \ 4 | apt-get update; \ 5 | apt-get install -y --no-install-recommends \ 6 | ca-certificates wget \ 7 | gnupg \ 8 | ; \ 9 | rm -rf /var/lib/apt/lists/* 10 | 11 | # CONSOLE ERROR RangeError: invalid language tag: C 12 | RUN set -eux; \ 13 | if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ 14 | # if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) 15 | grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ 16 | sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ 17 | ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ 18 | fi; \ 19 | apt-get update; \ 20 | apt-get install -y --no-install-recommends locales; \ 21 | rm -rf /var/lib/apt/lists/*; \ 22 | localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 23 | ENV LANG en_US.UTF-8 24 | 25 | # https://github.com/lutris/lutris/releases 26 | ENV LUTRIS_VERSION {{ .version }} 27 | 28 | RUN set -eux; \ 29 | # turn "0.5.10-beta1" into "0.5.10_beta1" for the deb filename 30 | debVer="$(echo "$LUTRIS_VERSION" | tr '-' '_')"; \ 31 | wget -O lutris.deb "https://github.com/lutris/lutris/releases/download/v${LUTRIS_VERSION}/lutris_${debVer}_all.deb"; \ 32 | dpkg --add-architecture i386; \ 33 | apt-get update; \ 34 | apt-get install -y --no-install-recommends \ 35 | ./lutris.deb \ 36 | # https://github.com/lutris/docs/blob/f2bf5ca14f280e3c58d2306581294d57650c0cc2/InstallingDrivers.md 37 | libvulkan1 libvulkan1:i386 \ 38 | libgl1-mesa-dri:i386 \ 39 | mesa-vulkan-drivers mesa-vulkan-drivers:i386 \ 40 | # gi.repository.GLib.Error: g-exec-error-quark: Failed to execute child process “dbus-launch” (No such file or directory) (8) 41 | dbus-x11 \ 42 | # /lutris-home/games/battle.net/state-cache-merge/state-cache-update.sh: line 8: zenity: command not found 43 | zenity \ 44 | # python3-evdev not installed, controller support not available 45 | python3-evdev \ 46 | # lspci is not available. List of graphics cards not available 47 | pciutils \ 48 | # Couldn't find a terminal emulator. 49 | xterm \ 50 | # dark theme support 51 | gnome-themes-extra \ 52 | ; \ 53 | rm -rf /var/lib/apt/lists/* 54 | 55 | ENV PATH /usr/games:$PATH 56 | 57 | CMD ["lutris"] 58 | -------------------------------------------------------------------------------- /lutris/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /lutris/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "70adad87231e57b73c838bcd20f084f242d6ae4c", 3 | "ref": "refs/tags/v0.5.18", 4 | "tag": "v0.5.18", 5 | "version": "0.5.18" 6 | } 7 | -------------------------------------------------------------------------------- /lutris/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | hook_missing-deb() { 12 | local version="$3" 13 | local debVer="${version//-/_}"; \ 14 | wget -q -O /dev/null --spider "https://github.com/lutris/lutris/releases/download/v${version}/lutris_${debVer}_all.deb" 15 | } 16 | versions_hooks+=( hook_missing-deb ) 17 | 18 | json="$(git-tags 'https://github.com/lutris/lutris.git')" 19 | 20 | jq <<<"$json" '.' > versions.json 21 | -------------------------------------------------------------------------------- /makemkv/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /makemkv/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "1.18.1" 3 | } 4 | -------------------------------------------------------------------------------- /makemkv/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | { 7 | version="$( 8 | curl -fsSL 'https://makemkv.com/download/' \ 9 | | grep -oE 'makemkv-sha-[0-9.]+.txt' \ 10 | | sed -r 's!^makemkv-sha-|[.]txt$!!g' 11 | )" 12 | [ -n "$version" ] 13 | } || { 14 | url="$( 15 | curl -fsSL 'https://forum.makemkv.com/forum/viewtopic.php?f=3&t=224' \ 16 | | grep -oE 'href="https?://[^"]+/makemkv-bin-[^"]+.tar.gz"' \ 17 | | cut -d'"' -f2 18 | )" 19 | [ -n "$url" ] 20 | version="$(basename "$url" | sed -r 's!^makemkv-bin-|[.]tar[.]gz$!!g')" 21 | [ -n "$version" ] 22 | } 23 | export version 24 | 25 | echo >&2 "makemkv: $version" 26 | 27 | jq -nS '{ version: env.version }' > versions.json 28 | -------------------------------------------------------------------------------- /microsoft-edge/beta/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/microsoft-edge/beta/logo.png -------------------------------------------------------------------------------- /microsoft-edge/beta/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "filename": "pool/main/m/microsoft-edge-beta/microsoft-edge-beta_138.0.3351.21-1_amd64.deb", 3 | "sha256": "9482ee3ef8546c24e909e0deb1e97fae4af6be5fbd984c1cdbb5ad6fa9150313", 4 | "url": "https://packages.microsoft.com/repos/edge/pool/main/m/microsoft-edge-beta/microsoft-edge-beta_138.0.3351.21-1_amd64.deb", 5 | "version": "138.0.3351.21-1" 6 | } 7 | -------------------------------------------------------------------------------- /microsoft-edge/beta/versions.sh: -------------------------------------------------------------------------------- 1 | ../versions.sh -------------------------------------------------------------------------------- /microsoft-edge/dev/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/microsoft-edge/dev/logo.png -------------------------------------------------------------------------------- /microsoft-edge/dev/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "filename": "pool/main/m/microsoft-edge-dev/microsoft-edge-dev_139.0.3365.2-1_amd64.deb", 3 | "sha256": "f7b5e0b0d33de7d0d14c754676058bd821b72fc92eae654043abc0ac8e94ad60", 4 | "url": "https://packages.microsoft.com/repos/edge/pool/main/m/microsoft-edge-dev/microsoft-edge-dev_139.0.3365.2-1_amd64.deb", 5 | "version": "139.0.3365.2-1" 6 | } 7 | -------------------------------------------------------------------------------- /microsoft-edge/dev/versions.sh: -------------------------------------------------------------------------------- 1 | ../versions.sh -------------------------------------------------------------------------------- /microsoft-edge/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | 12 | versionedEnvVariantEntry "$dir/stable" stable 'EDGE_VERSION' stable 13 | versionedEnvVariantEntry "$dir/beta" beta 'EDGE_VERSION' beta 14 | versionedEnvVariantEntry "$dir/dev" dev 'EDGE_VERSION' dev 15 | -------------------------------------------------------------------------------- /microsoft-edge/stable/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/microsoft-edge/stable/logo.png -------------------------------------------------------------------------------- /microsoft-edge/stable/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "filename": "pool/main/m/microsoft-edge-stable/microsoft-edge-stable_137.0.3296.68-1_amd64.deb", 3 | "sha256": "76099017ace977c74060aa134a289d93c554e9d67f6561039580fdd483da0c41", 4 | "url": "https://packages.microsoft.com/repos/edge/pool/main/m/microsoft-edge-stable/microsoft-edge-stable_137.0.3296.68-1_amd64.deb", 5 | "version": "137.0.3296.68-1" 6 | } 7 | -------------------------------------------------------------------------------- /microsoft-edge/stable/versions.sh: -------------------------------------------------------------------------------- 1 | ../versions.sh -------------------------------------------------------------------------------- /microsoft-edge/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/deb-repo.sh" 9 | 10 | channel="$(basename "$PWD")" # "dev", etc 11 | 12 | json="$( 13 | uri='https://packages.microsoft.com/repos/edge' 14 | suite='stable' 15 | component='main' 16 | package="microsoft-edge-$channel" 17 | deb-repo 18 | )" 19 | 20 | jq <<<"$json" '.' > versions.json 21 | -------------------------------------------------------------------------------- /mojo/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM tianon/perl 2 | 3 | # TODO pin a version 4 | RUN cpanm Mojolicious && rm -rf ~/.cpanm 5 | 6 | # TODO pin versions 7 | RUN cpanm EV && rm -rf ~/.cpanm 8 | RUN cpanm --notest IO::Socket::IP && rm -rf ~/.cpanm 9 | # the tests for IO::Socket::IP hit some internet resources ("Failed test 'defined $socket for cpanidx.org:80'", "error was Name or service not known") 10 | RUN cpanm --notest IO::Socket::SSL && rm -rf ~/.cpanm 11 | # the tests for IO::Socket::SSL like to hang... :( 12 | 13 | # https://metacpan.org/pod/release/SRI/Mojolicious-7.94/lib/Mojo/IOLoop.pm#DESCRIPTION 14 | ENV LIBEV_FLAGS 4 15 | # epoll (Linux) 16 | -------------------------------------------------------------------------------- /mojo/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-latest.sh -------------------------------------------------------------------------------- /mutt-gmail/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN groupadd -g 1000 user \ 4 | && useradd --create-home -d /home/user -g user -u 1000 user 5 | 6 | RUN echo 'path-include /usr/share/doc/mutt/examples/*' >> /etc/dpkg/dpkg.cfg.d/mutt 7 | 8 | RUN set -eux; \ 9 | apt-get update; \ 10 | apt-get install -y --no-install-recommends \ 11 | ca-certificates \ 12 | mutt \ 13 | # a browser is necessary! 14 | lynx \ 15 | # my preferred editor :) (see also muttrc) 16 | vim-nox \ 17 | # "No authenticators available" 18 | libsasl2-modules \ 19 | # "GPGME: CMS protocol not available" 20 | gpgsm \ 21 | ; \ 22 | rm -rf /var/lib/apt/lists/* 23 | 24 | ENV BROWSER lynx 25 | 26 | USER user 27 | ENV HOME /home/user 28 | RUN mkdir -p $HOME/.mutt/cache/headers $HOME/.mutt/cache/bodies \ 29 | && touch $HOME/.mutt/certificates 30 | 31 | ENV LANG C.UTF-8 32 | 33 | COPY muttrc $HOME/.muttrc 34 | COPY vimrc $HOME/.vimrc 35 | 36 | COPY entrypoint.sh /entrypoint.sh 37 | ENTRYPOINT ["/entrypoint.sh"] 38 | 39 | CMD ["mutt"] 40 | -------------------------------------------------------------------------------- /mutt-gmail/README.md: -------------------------------------------------------------------------------- 1 | # mutt-gmail 2 | 3 | docker run -it --rm \ 4 | -e TERM \ 5 | -e GMAIL=jsmith@gmail.com \ 6 | -e GMAIL_NAME='John Smith' \ 7 | -u "$(id -u):$(id -g)" \ 8 | -e HOME=/home/user \ 9 | -v "$HOME/.signature:/home/user/.signature" \ 10 | -v "$HOME/.muttrc:/home/user/.muttrc.local" \ 11 | -v "$HOME/.mutt/cache:/home/user/.mutt/cache" \ 12 | tianon/mutt-gmail 13 | 14 | If you wish to avoid the password prompt, use https://support.google.com/accounts/answer/185833?hl=en to generate an "app password" and set `GMAIL_PASS`. 15 | -------------------------------------------------------------------------------- /mutt-gmail/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if [ "$1" = 'mutt' ]; then 5 | if [ ! "$GMAIL" ]; then 6 | echo >&2 'error: missing GMAIL environment variable' 7 | echo >&2 ' try running again with -e GMAIL=your-email@gmail.com' 8 | echo >&2 ' optionally, you can also specify -e GMAIL_FROM=email@your-domain.com' 9 | echo >&2 ' and also -e GMAIL_NAME="Your Name"' 10 | echo >&2 ' if not specified, both default to the value of GMAIL' 11 | exit 1 12 | fi 13 | 14 | if [ ! "$GMAIL_FROM" ]; then 15 | GMAIL_FROM="$GMAIL" 16 | fi 17 | if [ ! "$GMAIL_NAME" ]; then 18 | GMAIL_NAME="$GMAIL_FROM" 19 | fi 20 | 21 | sed -i \ 22 | -e "s/%GMAIL_LOGIN%/$GMAIL/g" \ 23 | -e "s/%GMAIL_FROM%/$GMAIL_FROM/g" \ 24 | -e "s/%GMAIL_NAME%/$GMAIL_NAME/g" \ 25 | -e "s/%GMAIL_PASS%/$GMAIL_PASS/g" \ 26 | "$HOME/.muttrc" 27 | 28 | if [ -d "$HOME/.gnupg" ]; then 29 | { 30 | echo 31 | #echo 'source /usr/share/doc/mutt/examples/gpg.rc' 32 | echo 'set pgp_use_gpg_agent = yes' 33 | if [ "$GPG_ID" ]; then 34 | echo "set pgp_sign_as = $GPG_ID" 35 | fi 36 | echo 'set crypt_replysign = yes' 37 | echo 'set crypt_replysignencrypted = yes' 38 | echo 'set crypt_verify_sig = yes' 39 | } >> "$HOME/.muttrc" 40 | fi 41 | 42 | if [ -e "$HOME/.muttrc.local" ]; then 43 | echo "source $HOME/.muttrc.local" >> "$HOME/.muttrc" 44 | fi 45 | fi 46 | 47 | exec "$@" 48 | -------------------------------------------------------------------------------- /mutt-gmail/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-latest.sh -------------------------------------------------------------------------------- /mutt-gmail/vimrc: -------------------------------------------------------------------------------- 1 | " not meant to be a full-fledged vimrc, just the basics 2 | scriptencoding utf-8 3 | 4 | if filereadable(expand("$HOME/.vimrc.prelocal")) 5 | source $HOME/.vimrc.prelocal 6 | endif 7 | 8 | filetype plugin indent on 9 | syntax on 10 | 11 | set nocompatible " start with Vim defaults 12 | set backspace=indent,eol,start " allow backspacing over lots of stuff 13 | set autoindent " autoindent is good 14 | set noet ts=4 sw=4 " tab size and stuff 15 | set ruler " show the cursor position all the time 16 | set wildmenu " show list of options ("Android style") when tab-completing in vim commands 17 | 18 | set spell 19 | 20 | au FileType mail set formatoptions=nt expandtab 21 | -------------------------------------------------------------------------------- /network-toolbox/alpine/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.22 2 | 3 | RUN set -eux; \ 4 | apkArch="$(apk --print-arch)"; \ 5 | apk add --no-cache \ 6 | bash \ 7 | bash-completion \ 8 | bind-tools \ 9 | ca-certificates \ 10 | curl \ 11 | fcgi \ 12 | fio \ 13 | gnupg \ 14 | iftop \ 15 | ipcalc \ 16 | iperf \ 17 | iptables \ 18 | iptables-legacy \ 19 | iputils \ 20 | jq \ 21 | mtr \ 22 | nbtscan \ 23 | net-tools \ 24 | nftables \ 25 | nmap \ 26 | openssh-client \ 27 | openssl \ 28 | rsync \ 29 | socat \ 30 | ssh-audit \ 31 | wget \ 32 | whois \ 33 | wireguard-tools \ 34 | # tshark isn't available on arm32v6 (Alpine's armhf): 35 | # https://git.alpinelinux.org/aports/tree/community/wireshark/APKBUILD?h=3.19-stable&id=bb857f3ce0b980f56f6a75f9d9a6fde9f48dfd36#n11 36 | $([ "$apkArch" = 'armhf' ] || echo tshark) \ 37 | # "git" is reasonably small on Alpine (adds ~6MiB) 38 | git \ 39 | ; 40 | 41 | CMD ["bash", "--login", "-i"] 42 | -------------------------------------------------------------------------------- /network-toolbox/debian/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN set -eux; \ 4 | # dangit, wireshark-common! *shakes fist* 5 | export DEBIAN_FRONTEND='noninteractive'; \ 6 | apt-get update; \ 7 | apt-get install -y --no-install-recommends \ 8 | bash-completion \ 9 | ca-certificates \ 10 | curl \ 11 | dnsutils \ 12 | fio \ 13 | gnupg \ 14 | iftop \ 15 | inetutils-ping \ 16 | ipcalc \ 17 | iperf \ 18 | iproute2 \ 19 | iptables \ 20 | jq \ 21 | libfcgi-bin \ 22 | mtr-tiny \ 23 | nbtscan \ 24 | net-tools \ 25 | netcat-openbsd \ 26 | nftables \ 27 | nmap \ 28 | ntpdate \ 29 | openssh-client \ 30 | procps \ 31 | rsync \ 32 | siege \ 33 | socat \ 34 | ssh-audit \ 35 | traceroute \ 36 | tshark \ 37 | wget \ 38 | whois \ 39 | wireguard-tools \ 40 | # git is large on Debian (~20MiB), so isn't included 41 | ; \ 42 | rm -rf /var/lib/apt/lists/* 43 | 44 | CMD ["bash", "--login", "-i"] 45 | -------------------------------------------------------------------------------- /network-toolbox/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | 6 | dir="$(basename "$PWD")" 7 | 8 | suite="$(gawk -F '[[:space:]:]+' '$1 == "FROM" { print $3; exit }' debian/Dockerfile)" 9 | suite="${suite%-slim}" 10 | 11 | alpine="$(gawk -F '[[:space:]:]+' '$1 == "FROM" { print $3; exit }' alpine/Dockerfile)" 12 | 13 | cd .. 14 | 15 | source gsl-libs.sh 16 | 17 | globalEntry 18 | 19 | tagsEntry "$dir/debian" debian "$suite" latest 20 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/debian/Dockerfile")" # TODO multi-stage build?? 21 | arches="$(bashbrew remote arches --json "$from" | jq -c '.arches | keys')" 22 | archesString="$(jq <<<"$arches" -r 'join(", ")')" 23 | [ -n "$archesString" ] 24 | echo "Architectures: $archesString" 25 | 26 | tagsEntry "$dir/alpine" alpine "alpine$alpine" 27 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/alpine/Dockerfile")" # TODO multi-stage build?? 28 | arches="$(bashbrew remote arches --json "$from" | jq -c '.arches | keys')" 29 | archesString="$(jq <<<"$arches" -r 'join(", ")')" 30 | [ -n "$archesString" ] 31 | echo "Architectures: $archesString" 32 | -------------------------------------------------------------------------------- /nolibc/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | linux="$(jq -r '.linux.version' "$dir/versions.json")" 9 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/Dockerfile")" # TODO multi-stage build?? 10 | fromArches="$(bashbrew remote arches --json "$from" | jq -c '.arches | keys')" 11 | arches="$(jq -r -L "$dir/../.libs" --argjson fromArches "$fromArches" ' 12 | include "lib" 13 | ; 14 | [ 15 | $fromArches, 16 | (.arches | map_values(select(.dpkg)) | keys | map(select(. != "mips64le"))), # mips segfaults on build 17 | empty 18 | ] 19 | | intersection 20 | | join(", ") 21 | ' "$dir/versions.json")" 22 | [ -n "$arches" ] 23 | 24 | source gsl-libs.sh 25 | 26 | globalEntry 27 | echo "Architectures: $arches" 28 | 29 | tagsEntry "$dir" "linux-$linux" latest 30 | -------------------------------------------------------------------------------- /nolibc/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "linux": { 3 | "moniker": "stable", 4 | "version": "6.15.2", 5 | "iseol": false, 6 | "released": { 7 | "timestamp": 1749554241, 8 | "isodate": "2025-06-10" 9 | }, 10 | "source": "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.15.2.tar.xz", 11 | "pgp": "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.15.2.tar.sign", 12 | "patch": { 13 | "full": "https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-6.15.2.xz", 14 | "incremental": "https://cdn.kernel.org/pub/linux/kernel/v6.x/incr/patch-6.15.1-2.xz" 15 | }, 16 | "changelog": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.15.2", 17 | "gitweb": "https://git.kernel.org/stable/h/v6.15.2", 18 | "diffview": "https://git.kernel.org/stable/ds/v6.15.2/v6.15.1" 19 | }, 20 | "arches": { 21 | "amd64": { 22 | "nolibc": "x86_64", 23 | "dpkg": "amd64", 24 | "apk": "x86_64" 25 | }, 26 | "arm32v5": { 27 | "nolibc": "arm", 28 | "dpkg": "armel" 29 | }, 30 | "arm32v6": { 31 | "nolibc": "arm", 32 | "apk": "armhf" 33 | }, 34 | "arm32v7": { 35 | "nolibc": "arm", 36 | "dpkg": "armhf", 37 | "apk": "armv7" 38 | }, 39 | "arm64v8": { 40 | "nolibc": "arm64", 41 | "dpkg": "arm64", 42 | "apk": "aarch64" 43 | }, 44 | "i386": { 45 | "nolibc": "i386", 46 | "dpkg": "i386", 47 | "apk": "x86" 48 | }, 49 | "mips64le": { 50 | "nolibc": "mips", 51 | "dpkg": "mips64el" 52 | }, 53 | "ppc64le": { 54 | "nolibc": "powerpc", 55 | "dpkg": "ppc64el", 56 | "apk": "ppc64le" 57 | }, 58 | "riscv64": { 59 | "nolibc": "riscv", 60 | "dpkg": "riscv64", 61 | "apk": "riscv64" 62 | }, 63 | "s390x": { 64 | "nolibc": "s390", 65 | "dpkg": "s390x", 66 | "apk": "s390x" 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /nolibc/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | 9 | upstream="$(wget -qO- 'https://kernel.org/releases.json')" 10 | 11 | linux="$(jq <<<"$upstream" -r 'first(.releases[] | select(.moniker == "stable")) // error("failed to scrape linux version!")')" 12 | export linux 13 | 14 | # TODO scrape https://cdn.kernel.org/pub/linux/kernel/v6.x/sha256sums.asc for checksum 15 | 16 | version="$(jq <<<"$linux" -r '.version')" 17 | echo >&2 "nolibc linux: $version" 18 | 19 | jq -n -L"$dir/../.libs" ' 20 | include "lib" 21 | ; 22 | { 23 | linux: (env.linux | fromjson), 24 | arches: ( 25 | { 26 | # TODO auto-detect these somehow? 27 | # https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/tools/include/nolibc?h=linux-rolling-stable (arch-*.h) 28 | # https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/tools/include/nolibc/Makefile?h=linux-rolling-stable (ARCH, SUBARCH, nolibc_arch) 29 | # https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/scripts/subarch.include?h=linux-rolling-stable (SUBARCH) 30 | amd64: { nolibc: "x86_64" }, 31 | arm32v5: { nolibc: "arm" }, 32 | arm32v6: { nolibc: "arm" }, 33 | arm32v7: { nolibc: "arm" }, 34 | arm64v8: { nolibc: "arm64" }, 35 | i386: { nolibc: "i386" }, 36 | mips64le: { nolibc: "mips" }, 37 | ppc64le: { nolibc: "powerpc" }, 38 | riscv64: { nolibc: "riscv" }, 39 | s390x: { nolibc: "s390" }, 40 | } 41 | | with_entries( 42 | .value.dpkg = (.key | deb_arch) 43 | | .value.apk = (.key | apk_arch) 44 | | .value |= map_values(select(.)) 45 | ) 46 | ), 47 | } 48 | ' > versions.json 49 | -------------------------------------------------------------------------------- /parallel.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | script="$1" 5 | [ -x "$script" ] 6 | shift 7 | 8 | case "$script" in 9 | /* | */*) ;; 10 | *) script="./$script" ;; 11 | esac 12 | 13 | if [ "$#" -eq 0 ]; then 14 | dirs="$(find -type f -name versions.json -exec bash -Eeuo pipefail -c 'for d; do dir="$(dirname "${d#./}")"; printf " %q" "$dir"; done' -- '{}' +)" 15 | eval "set -- $dirs" 16 | fi 17 | if [ "$#" -eq 0 ]; then 18 | echo >&2 "error: failed to find any 'versions.json' files!" 19 | exit 1 20 | fi 21 | 22 | nproc="$(nproc)" 23 | xargs <<<"$*" -rtn1 -P "$nproc" "$script" 24 | # TODO "$*" here irks me -- I would love to do something cleaner (although it's mostly fine for the use case of this script) 25 | -------------------------------------------------------------------------------- /perl/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM perl:5.38 2 | 3 | # secure by default ♥ (thanks to sri!) 4 | ENV PERL_CPANM_OPT --verbose --mirror https://cpan.metacpan.org --mirror-only 5 | # gpg: verify signatures failed: Unknown system error 6 | # ! Verifying CHECKSUMS signature failed: 7 | # ! Failed to fetch distribution IO-Socket-IP-0.41 8 | #RUN cpanm Digest::SHA Module::Signature && rm -rf ~/.cpanm 9 | #ENV PERL_CPANM_OPT $PERL_CPANM_OPT --verify 10 | 11 | # reinstall cpanm itself, for good measure 12 | #RUN cpanm App::cpanminus && rm -rf ~/.cpanm 13 | -------------------------------------------------------------------------------- /perl/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-latest.sh -------------------------------------------------------------------------------- /plex/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | 12 | versionedEnvVariantEntry "$dir/media-server" media-server 'PLEX_VERSION' media-server 13 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/media-server/Dockerfile")" # TODO multi-stage build?? 14 | fromArches="$(bashbrew remote arches --json "$from" | jq -c '.arches | keys')" 15 | arches="$(jq -r -L "$dir/../.libs" --argjson fromArches "$fromArches" ' 16 | include "lib" 17 | ; 18 | [ 19 | $fromArches, 20 | (.arches | map_values(select(.dpkgArch)) | keys), 21 | empty 22 | ] 23 | | intersection 24 | | join(", ") 25 | ' "$dir/media-server/versions.json")" 26 | [ -n "$arches" ] 27 | echo "Architectures: $arches" 28 | -------------------------------------------------------------------------------- /plex/media-server/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | # delete stale pid file so Plex doesn't fail to start 5 | rm -f "$PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR/Plex Media Server/plexmediaserver.pid" 6 | 7 | exec "$@" 8 | -------------------------------------------------------------------------------- /plex/media-server/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | set -x 5 | mkdir -p "$HOME/plex-application-support" 6 | rm -f "$HOME/plex-application-support/Plex Media Server"/*.pid 7 | docker run -d \ 8 | --name plex-media-server \ 9 | --restart always \ 10 | --net host \ 11 | -v "$HOME/plex-application-support:/var/lib/plexmediaserver/Library/Application Support" \ 12 | -v "$HOME:/host/$HOME:ro" \ 13 | -e "HOME=/host/$HOME" \ 14 | -w "/host/$HOME" \ 15 | -u "$(id -u):$(id -g)" \ 16 | tianon/plex-media-server "$@" 17 | -------------------------------------------------------------------------------- /plex/media-server/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "1.41.8.9834-071366d65", 3 | "arches": { 4 | "i386": { 5 | "url": "https://downloads.plex.tv/plex-media-server-new/1.41.8.9834-071366d65/debian/plexmediaserver_1.41.8.9834-071366d65_i386.deb", 6 | "sha1": "a1a98f30301fd5b30abf48fc3ff73aedb26e74f6", 7 | "dpkgArch": "i386" 8 | }, 9 | "amd64": { 10 | "url": "https://downloads.plex.tv/plex-media-server-new/1.41.8.9834-071366d65/debian/plexmediaserver_1.41.8.9834-071366d65_amd64.deb", 11 | "sha1": "52ca5792cc8c9e688e7f5f01fc3cec1de9bef86f", 12 | "dpkgArch": "amd64" 13 | }, 14 | "arm64v8": { 15 | "url": "https://downloads.plex.tv/plex-media-server-new/1.41.8.9834-071366d65/debian/plexmediaserver_1.41.8.9834-071366d65_arm64.deb", 16 | "sha1": "971a556d8162454ef23bb3edf3c5d40cb2b89859", 17 | "dpkgArch": "arm64" 18 | }, 19 | "arm32v7": { 20 | "url": "https://downloads.plex.tv/plex-media-server-new/1.41.8.9834-071366d65/debian/plexmediaserver_1.41.8.9834-071366d65_armhf.deb", 21 | "sha1": "7b6a44c99bf8b01048556e3dd61ff55fca2638a0", 22 | "dpkgArch": "armhf" 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /plex/media-server/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | # "deb https://downloads.plex.tv/repo/deb public main" ("/etc/apt/sources.list.d/plexmediaserver.list") 7 | # signed by https://downloads.plex.tv/plex-keys/PlexSign.key 8 | 9 | #version="$(curl -fsSL 'https://plex.tv/downloads/details/1?build=linux-ubuntu-x86_64&channel=16&distro=ubuntu' | sed -n 's/.*Release.*version="\([^"]*\)".*/\1/p')" 10 | 11 | json="$(wget -qO- 'https://plex.tv/api/downloads/1.json' | jq -c '.computer.Linux')" 12 | 13 | version="$(jq <<<"$json" -r '.version')" 14 | 15 | echo "plex-media-server: $version" 16 | 17 | json="$(jq <<<"$json" -c -L../../.libs ' 18 | include "lib" 19 | ; 20 | { 21 | version: .version, 22 | arches: ( 23 | .releases 24 | | map( 25 | select(.distro == "debian") 26 | | { 27 | # wget -qO- "https://plex.tv/api/downloads/1.json" | jq "[ .computer.Linux.releases[].build ] | unique" 28 | "linux-aarch64": "arm64v8", 29 | "linux-armv7neon": "arm32v7", 30 | "linux-x86": "i386", 31 | "linux-x86_64": "amd64", 32 | }[.build] as $arch 33 | | select($arch) 34 | | { 35 | ($arch): { 36 | url: .url, 37 | sha1: .checksum, 38 | dpkgArch: ($arch | deb_arch), 39 | }, 40 | } 41 | ) 42 | | add 43 | ), 44 | } 45 | ')" 46 | 47 | jq <<<"$json" '.' > versions.json 48 | -------------------------------------------------------------------------------- /prometheus/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM alpine:3.22 2 | 3 | RUN apk add --no-cache bash ca-certificates 4 | 5 | WORKDIR /opt/prometheus 6 | ENV PATH /opt/prometheus:$PATH 7 | 8 | # https://github.com/prometheus/prometheus/releases 9 | ENV PROMETHEUS_VERSION {{ .version }} 10 | 11 | RUN set -ex; \ 12 | \ 13 | apkArch="$(apk --print-arch)"; \ 14 | case "$apkArch" in \ 15 | aarch64) promArch='arm64' ;; \ 16 | armhf) promArch='armv6' ;; \ 17 | armv7) promArch='armv7' ;; \ 18 | ppc64le) promArch='ppc64le' ;; \ 19 | riscv64) promArch='riscv64' ;; \ 20 | s390x) promArch='s390x' ;; \ 21 | x86) promArch='386' ;; \ 22 | x86_64) promArch='amd64' ;; \ 23 | *) echo >&2 "error: unsupported arch: $apkArch"; exit 1 ;; \ 24 | esac; \ 25 | \ 26 | filename="prometheus-${PROMETHEUS_VERSION}.linux-${promArch}.tar.gz"; \ 27 | case "$filename" in \ 28 | {{ .sha256 | to_entries | map(select(.key | startswith("prometheus-") and contains(".linux-")) | ( -}} 29 | {{ .key | @sh }}) sha256={{ .value | @sh }} ;; \ 30 | {{ )) | add -}} 31 | *) echo >&2 "error: unknown file: $filename"; exit 1 ;; \ 32 | esac; \ 33 | wget -O /tmp/prom.tar.gz "https://github.com/prometheus/prometheus/releases/download/v${PROMETHEUS_VERSION}/$filename"; \ 34 | echo "$sha256 */tmp/prom.tar.gz" | sha256sum -c -; \ 35 | \ 36 | tar \ 37 | --extract \ 38 | --file /tmp/prom.tar.gz \ 39 | --strip-components 1 \ 40 | --verbose \ 41 | ; \ 42 | rm /tmp/prom.tar.gz; \ 43 | \ 44 | prometheus --version 45 | 46 | VOLUME /opt/prometheus/data 47 | EXPOSE 9090 48 | 49 | COPY docker-entrypoint.sh /usr/local/bin/ 50 | ENTRYPOINT ["docker-entrypoint.sh"] 51 | CMD [] 52 | -------------------------------------------------------------------------------- /prometheus/alertmanager/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM alpine:3.22 2 | 3 | RUN apk add --no-cache bash ca-certificates 4 | 5 | WORKDIR /opt/alertmanager 6 | ENV PATH /opt/alertmanager:$PATH 7 | 8 | # https://github.com/prometheus/alertmanager/releases 9 | ENV ALERTMANAGER_VERSION {{ .version }} 10 | 11 | RUN set -eux; \ 12 | \ 13 | apkArch="$(apk --print-arch)"; \ 14 | case "$apkArch" in \ 15 | aarch64) promArch='arm64' ;; \ 16 | armhf) promArch='armv6' ;; \ 17 | armv7) promArch='armv7' ;; \ 18 | ppc64le) promArch='ppc64le' ;; \ 19 | s390x) promArch='s390x' ;; \ 20 | x86) promArch='386' ;; \ 21 | x86_64) promArch='amd64' ;; \ 22 | *) echo >&2 "error: unsupported arch: $apkArch"; exit 1 ;; \ 23 | esac; \ 24 | \ 25 | filename="alertmanager-${ALERTMANAGER_VERSION}.linux-${promArch}.tar.gz"; \ 26 | case "$filename" in \ 27 | {{ .sha256 | to_entries | map(select(.key | startswith("alertmanager-") and contains(".linux-")) | ( -}} 28 | {{ .key | @sh }}) sha256={{ .value | @sh }} ;; \ 29 | {{ )) | add -}} 30 | *) echo >&2 "error: unknown file: $filename"; exit 1 ;; \ 31 | esac; \ 32 | wget -O /tmp/alertmanager.tar.gz "https://github.com/prometheus/alertmanager/releases/download/v${ALERTMANAGER_VERSION}/$filename"; \ 33 | echo "$sha256 */tmp/alertmanager.tar.gz" | sha256sum -c -; \ 34 | \ 35 | tar \ 36 | --extract \ 37 | --file /tmp/alertmanager.tar.gz \ 38 | --strip-components 1 \ 39 | --verbose \ 40 | ; \ 41 | rm /tmp/alertmanager.tar.gz; \ 42 | \ 43 | mkdir data; \ 44 | \ 45 | alertmanager --version 46 | 47 | VOLUME /opt/alertmanager/data 48 | EXPOSE 9093 9094 49 | 50 | COPY docker-entrypoint.sh /usr/local/bin/ 51 | ENTRYPOINT ["docker-entrypoint.sh"] 52 | CMD [] 53 | -------------------------------------------------------------------------------- /prometheus/alertmanager/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "$#" -eq 0 ] || [ "$1" = 'alertmanager' ] || [[ "$1" = '-'* ]]; then 5 | if [ "${1:-}" = 'alertmanager' ]; then 6 | shift 7 | fi 8 | args=( 9 | alertmanager 10 | # these already match the defaults if we set WORKDIR ("alertmanager.yml" and "data/" respectively) 11 | #'--config.file=/opt/alertmanager/alertmanager.yml' 12 | #'--storage.path=/opt/alertmanager/data' 13 | ) 14 | set -- "${args[@]}" "$@" 15 | fi 16 | 17 | exec "$@" 18 | -------------------------------------------------------------------------------- /prometheus/alertmanager/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | _source() { 7 | local dir 8 | dir="$(readlink -ve "$BASH_SOURCE")" 9 | dir="$(dirname "$dir")" 10 | source "$dir/../hooks.sh" 11 | source "$dir/../../.libs/git.sh" 12 | } 13 | _source 14 | 15 | json="$(git-tags 'https://github.com/prometheus/alertmanager.git')" 16 | 17 | jq <<<"$json" '.' > versions.json 18 | -------------------------------------------------------------------------------- /prometheus/blackbox-exporter/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM alpine:3.22 2 | 3 | RUN apk add --no-cache ca-certificates 4 | 5 | WORKDIR /opt/blackbox-exporter 6 | ENV PATH /opt/blackbox-exporter:$PATH 7 | 8 | # https://github.com/prometheus/blackbox_exporter/releases 9 | ENV BLACKBOX_EXPORTER_VERSION {{ .version }} 10 | 11 | RUN set -ex; \ 12 | \ 13 | apkArch="$(apk --print-arch)"; \ 14 | case "$apkArch" in \ 15 | aarch64) promArch='arm64' ;; \ 16 | armhf) promArch='armv6' ;; \ 17 | armv7) promArch='armv7' ;; \ 18 | ppc64le) promArch='ppc64le' ;; \ 19 | riscv64) promArch='riscv64' ;; \ 20 | s390x) promArch='s390x' ;; \ 21 | x86) promArch='386' ;; \ 22 | x86_64) promArch='amd64' ;; \ 23 | *) echo >&2 "error: unsupported arch: $apkArch"; exit 1 ;; \ 24 | esac; \ 25 | \ 26 | filename="blackbox_exporter-${BLACKBOX_EXPORTER_VERSION}.linux-$promArch.tar.gz"; \ 27 | case "$filename" in \ 28 | {{ .sha256 | to_entries | map(select(.key | startswith("blackbox_exporter-") and contains(".linux-")) | ( -}} 29 | {{ .key | @sh }}) sha256={{ .value | @sh }} ;; \ 30 | {{ )) | add -}} 31 | *) echo >&2 "error: unknown file: $filename"; exit 1 ;; \ 32 | esac; \ 33 | wget -O /tmp/blackbox-exporter.tar.gz "https://github.com/prometheus/blackbox_exporter/releases/download/v${BLACKBOX_EXPORTER_VERSION}/$filename"; \ 34 | echo "$sha256 */tmp/blackbox-exporter.tar.gz" | sha256sum -c -; \ 35 | \ 36 | tar \ 37 | --extract \ 38 | --file /tmp/blackbox-exporter.tar.gz \ 39 | --strip-components 1 \ 40 | --verbose \ 41 | ; \ 42 | rm /tmp/blackbox-exporter.tar.gz; \ 43 | \ 44 | blackbox_exporter --version 45 | 46 | VOLUME /opt/blackbox-exporter/data 47 | 48 | EXPOSE 9115 49 | CMD ["blackbox_exporter"] 50 | -------------------------------------------------------------------------------- /prometheus/blackbox-exporter/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | _source() { 7 | local dir 8 | dir="$(readlink -ve "$BASH_SOURCE")" 9 | dir="$(dirname "$dir")" 10 | source "$dir/../hooks.sh" 11 | source "$dir/../../.libs/git.sh" 12 | } 13 | _source 14 | 15 | json="$(git-tags 'https://github.com/prometheus/blackbox_exporter.git')" 16 | 17 | jq <<<"$json" '.' > versions.json 18 | -------------------------------------------------------------------------------- /prometheus/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "$#" -eq 0 ] || [ "$1" = 'prometheus' ] || [[ "$1" = '-'* ]]; then 5 | if [ "${1:-}" = 'prometheus' ]; then 6 | shift 7 | fi 8 | args=( 9 | prometheus 10 | '--web.console.libraries=/opt/prometheus/console_libraries' 11 | '--web.console.templates=/opt/prometheus/consoles' 12 | ) 13 | set -- "${args[@]}" "$@" 14 | fi 15 | 16 | exec "$@" 17 | -------------------------------------------------------------------------------- /prometheus/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | env="${dir^^}_VERSION" 12 | env="${env//-/_}" 13 | versionedEnvTagsEntry "$dir" "$env" latest 14 | 15 | variantAppendOrder='prefix' 16 | versionedEnvVariantEntry "$dir/alertmanager" alertmanager ALERTMANAGER_VERSION alertmanager 17 | versionedEnvVariantEntry "$dir/blackbox-exporter" blackbox-exporter BLACKBOX_EXPORTER_VERSION blackbox-exporter 18 | versionedEnvVariantEntry "$dir/node-exporter" node-exporter NODE_EXPORTER_VERSION node-exporter 19 | -------------------------------------------------------------------------------- /prometheus/hooks.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | _source() { 5 | local dir 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/hooks.sh" 9 | } 10 | _source 11 | 12 | versions_hooks+=( hook_no-prereleases ) 13 | 14 | hook_prometheus-sha256() { 15 | [ "$1" = 'git' ] || return 0 16 | [[ "$2" == github.com/prometheus/* ]] || return 0 17 | 18 | local tag 19 | tag="$(jq <<<"$4" -r '.tag')" || return "$?" 20 | 21 | local sha256sums 22 | sha256sums="$(wget -qO- "https://$2/releases/download/$tag/sha256sums.txt")" || return "$?" 23 | 24 | jq <<<"$sha256sums" -sR ' 25 | rtrimstr("\n") 26 | | split("\n") 27 | | map(capture("^(?[0-9a-f]{64})( | [*])(?.*)$")) 28 | | reduce .[] as $i ({}; .[$i.file] = $i.sha256) 29 | | { sha256: . } 30 | # TODO urls? 31 | ' || return "$?" 32 | } 33 | versions_hooks+=( hook_prometheus-sha256 ) 34 | -------------------------------------------------------------------------------- /prometheus/node-exporter/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | _source() { 7 | local dir 8 | dir="$(readlink -ve "$BASH_SOURCE")" 9 | dir="$(dirname "$dir")" 10 | source "$dir/../hooks.sh" 11 | source "$dir/../../.libs/git.sh" 12 | } 13 | _source 14 | 15 | json="$(git-tags 'https://github.com/prometheus/node_exporter.git')" 16 | 17 | jq <<<"$json" '.' > versions.json 18 | -------------------------------------------------------------------------------- /prometheus/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | _source() { 7 | local dir 8 | dir="$(readlink -ve "$BASH_SOURCE")" 9 | dir="$(dirname "$dir")" 10 | source "$dir/hooks.sh" 11 | source "$dir/../.libs/git.sh" 12 | } 13 | _source 14 | 15 | json="$( 16 | hook_prometheus-noretractnoplus() { 17 | case "$3" in 18 | *-retract | *+*) return 1 ;; 19 | esac 20 | } 21 | versions_hooks+=( hook_prometheus-noretractnoplus ) 22 | 23 | git-tags 'https://github.com/prometheus/prometheus.git' 24 | )" 25 | 26 | jq <<<"$json" '.' > versions.json 27 | -------------------------------------------------------------------------------- /rtl-433/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM debian:bookworm-slim 8 | 9 | RUN set -eux; \ 10 | apt-get update; \ 11 | apt-get install -y --no-install-recommends \ 12 | ca-certificates \ 13 | rtl-sdr \ 14 | ; \ 15 | rm -rf /var/lib/apt/lists/* 16 | 17 | # https://github.com/merbanan/rtl_433/releases 18 | ENV RTL_433_VERSION 25.02 19 | 20 | RUN set -eux; \ 21 | savedAptMark="$(apt-mark showmanual)"; \ 22 | apt-get update; \ 23 | apt-get install -y --no-install-recommends \ 24 | cmake \ 25 | gcc \ 26 | libc6-dev \ 27 | librtlsdr-dev \ 28 | libusb-1.0-0-dev \ 29 | make \ 30 | pkg-config \ 31 | wget \ 32 | ; \ 33 | \ 34 | cd /tmp; \ 35 | wget -O src.tgz "https://github.com/merbanan/rtl_433/archive/refs/tags/$RTL_433_VERSION.tar.gz"; \ 36 | mkdir rtl_433; \ 37 | tar -xvf src.tgz -C rtl_433 --strip-components=1; \ 38 | rm src.tgz; \ 39 | \ 40 | mkdir rtl_433/build; \ 41 | cd rtl_433/build; \ 42 | cmake .. -DENABLE_RTLSDR=ON; \ 43 | nproc="$(nproc)"; \ 44 | make -j "$nproc"; \ 45 | make install; \ 46 | \ 47 | cd /tmp; \ 48 | rm -rf /tmp/rtl_433; \ 49 | \ 50 | apt-mark auto '.*' > /dev/null; \ 51 | apt-mark manual $savedAptMark > /dev/null; \ 52 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 53 | rm -rf /var/lib/apt/lists/*; \ 54 | \ 55 | rtl_433 -V 56 | 57 | CMD ["rtl_433"] 58 | -------------------------------------------------------------------------------- /rtl-433/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN set -eux; \ 4 | apt-get update; \ 5 | apt-get install -y --no-install-recommends \ 6 | ca-certificates \ 7 | rtl-sdr \ 8 | ; \ 9 | rm -rf /var/lib/apt/lists/* 10 | 11 | # https://github.com/merbanan/rtl_433/releases 12 | ENV RTL_433_VERSION {{ .version }} 13 | 14 | RUN set -eux; \ 15 | savedAptMark="$(apt-mark showmanual)"; \ 16 | apt-get update; \ 17 | apt-get install -y --no-install-recommends \ 18 | cmake \ 19 | gcc \ 20 | libc6-dev \ 21 | librtlsdr-dev \ 22 | libusb-1.0-0-dev \ 23 | make \ 24 | pkg-config \ 25 | wget \ 26 | ; \ 27 | \ 28 | cd /tmp; \ 29 | wget -O src.tgz "https://github.com/merbanan/rtl_433/archive/refs/tags/$RTL_433_VERSION.tar.gz"; \ 30 | mkdir rtl_433; \ 31 | tar -xvf src.tgz -C rtl_433 --strip-components=1; \ 32 | rm src.tgz; \ 33 | \ 34 | mkdir rtl_433/build; \ 35 | cd rtl_433/build; \ 36 | cmake .. -DENABLE_RTLSDR=ON; \ 37 | nproc="$(nproc)"; \ 38 | make -j "$nproc"; \ 39 | make install; \ 40 | \ 41 | cd /tmp; \ 42 | rm -rf /tmp/rtl_433; \ 43 | \ 44 | apt-mark auto '.*' > /dev/null; \ 45 | apt-mark manual $savedAptMark > /dev/null; \ 46 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 47 | rm -rf /var/lib/apt/lists/*; \ 48 | \ 49 | rtl_433 -V 50 | 51 | CMD ["rtl_433"] 52 | -------------------------------------------------------------------------------- /rtl-433/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /rtl-433/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "5cae16fbc9c1c98652676ab45d7bbf7f51e6ccea", 3 | "ref": "refs/tags/25.02", 4 | "tag": "25.02", 5 | "version": "25.02" 6 | } 7 | -------------------------------------------------------------------------------- /rtl-433/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | json="$( 13 | hook_no-nightly() { [ "$3" != 'nightly' ]; } 14 | versions_hooks+=( hook_no-nightly ) 15 | git-tags 'https://github.com/merbanan/rtl_433.git' 16 | )" 17 | 18 | jq <<<"$json" '.' > versions.json 19 | -------------------------------------------------------------------------------- /rtorrent/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN useradd --create-home user 4 | 5 | RUN set -eux; \ 6 | apt-get update; \ 7 | apt-get install -y --no-install-recommends \ 8 | ca-certificates \ 9 | rtorrent \ 10 | ; \ 11 | rm -rf /var/lib/apt/lists/* 12 | 13 | RUN mkdir -p /torrents/session \ 14 | && touch /torrents/.rtorrent.rc \ 15 | && chown -R user:user /torrents 16 | VOLUME /torrents 17 | 18 | COPY --chown=user:user rtorrent.rc /home/user/.rtorrent.rc 19 | 20 | USER user 21 | CMD ["rtorrent"] 22 | -------------------------------------------------------------------------------- /rtorrent/README.md: -------------------------------------------------------------------------------- 1 | See [`Dockerfile`](https://github.com/tianon/dockerfiles/blob/master/rtorrent/Dockerfile) and [example `run.sh` script](https://github.com/tianon/dockerfiles/blob/master/rtorrent/run.sh) for usage. 2 | -------------------------------------------------------------------------------- /rtorrent/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-latest.sh -------------------------------------------------------------------------------- /rtorrent/rtorrent.rc: -------------------------------------------------------------------------------- 1 | directory = /torrents 2 | session = /torrents/session 3 | dht = auto 4 | 5 | try_import = /torrents/.rtorrent.rc 6 | -------------------------------------------------------------------------------- /rtorrent/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | torrents="$HOME/downloads/torrents" 5 | mkdir -p "$torrents/session" 6 | touch "$torrents/.rtorrent.rc" 7 | 8 | set -x 9 | exec docker run -it --rm \ 10 | --name rtorrent \ 11 | --hostname rtorrent \ 12 | --mount "type=bind,src=$torrents,dst=/torrents" \ 13 | --env TERM \ 14 | --user "$(id -u):$(id -g)" \ 15 | --read-only \ 16 | tianon/rtorrent "$@" 17 | -------------------------------------------------------------------------------- /signal-desktop/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM debian:bookworm-slim 8 | 9 | RUN set -eux; \ 10 | apt-get update; \ 11 | apt-get install -y --no-install-recommends ca-certificates; \ 12 | savedAptMark="$(apt-mark showmanual)"; \ 13 | apt-get install -y --no-install-recommends gnupg; \ 14 | \ 15 | # https://updates.signal.org/desktop/apt/keys.asc 16 | key='DBA3 6B51 81D0 C816 F630 E889 D980 A174 57F6 FB06'; \ 17 | \ 18 | GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ 19 | gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ 20 | mkdir -p /usr/local/share/keyrings; \ 21 | gpg --batch --export "$key" > /usr/local/share/keyrings/signal-desktop.gpg; \ 22 | gpgconf --kill all; \ 23 | rm -rf "$GNUPGHOME"; \ 24 | \ 25 | apt-mark auto '.*' > /dev/null; \ 26 | [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ 27 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 28 | \ 29 | echo 'deb [ arch=amd64 signed-by=/usr/local/share/keyrings/signal-desktop.gpg ] https://updates.signal.org/desktop/apt xenial main' > /etc/apt/sources.list.d/signal-desktop.list; \ 30 | \ 31 | apt-get update; \ 32 | rm -rf /var/lib/apt/lists/* 33 | 34 | # https://github.com/signalapp/Signal-Desktop/releases 35 | ENV SIGNAL_DESKTOP_VERSION 7.57.0 36 | 37 | RUN set -eux; \ 38 | apt-get update; \ 39 | apt-get install -y --no-install-recommends \ 40 | signal-desktop="$SIGNAL_DESKTOP_VERSION" \ 41 | # missing Depends: 42 | libatk-bridge2.0-0 \ 43 | libatk1.0-0 \ 44 | libdrm2 \ 45 | libgbm1 \ 46 | libgtk-3-0 \ 47 | libx11-xcb1 \ 48 | libxshmfence1 \ 49 | # LaunchProcess: failed to execvp: xdg-settings 50 | xdg-utils \ 51 | ; \ 52 | rm -rf /var/lib/apt/lists/*; \ 53 | signal="$(command -v signal-desktop)"; \ 54 | signal="$(readlink -ev "$signal")"; \ 55 | ! { ldd "$signal" | grep 'not found'; } 56 | 57 | CMD ["signal-desktop"] 58 | -------------------------------------------------------------------------------- /signal-desktop/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN set -eux; \ 4 | apt-get update; \ 5 | apt-get install -y --no-install-recommends ca-certificates; \ 6 | savedAptMark="$(apt-mark showmanual)"; \ 7 | apt-get install -y --no-install-recommends gnupg; \ 8 | \ 9 | # https://updates.signal.org/desktop/apt/keys.asc 10 | key='DBA3 6B51 81D0 C816 F630 E889 D980 A174 57F6 FB06'; \ 11 | \ 12 | GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ 13 | gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ 14 | mkdir -p /usr/local/share/keyrings; \ 15 | gpg --batch --export "$key" > /usr/local/share/keyrings/signal-desktop.gpg; \ 16 | gpgconf --kill all; \ 17 | rm -rf "$GNUPGHOME"; \ 18 | \ 19 | apt-mark auto '.*' > /dev/null; \ 20 | [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ 21 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 22 | \ 23 | echo 'deb [ arch=amd64 signed-by=/usr/local/share/keyrings/signal-desktop.gpg ] https://updates.signal.org/desktop/apt xenial main' > /etc/apt/sources.list.d/signal-desktop.list; \ 24 | \ 25 | apt-get update; \ 26 | rm -rf /var/lib/apt/lists/* 27 | 28 | # https://github.com/signalapp/Signal-Desktop/releases 29 | ENV SIGNAL_DESKTOP_VERSION {{ .version }} 30 | 31 | RUN set -eux; \ 32 | apt-get update; \ 33 | apt-get install -y --no-install-recommends \ 34 | signal-desktop="$SIGNAL_DESKTOP_VERSION" \ 35 | # missing Depends: 36 | libatk-bridge2.0-0 \ 37 | libatk1.0-0 \ 38 | libdrm2 \ 39 | libgbm1 \ 40 | libgtk-3-0 \ 41 | libx11-xcb1 \ 42 | libxshmfence1 \ 43 | # LaunchProcess: failed to execvp: xdg-settings 44 | xdg-utils \ 45 | ; \ 46 | rm -rf /var/lib/apt/lists/*; \ 47 | signal="$(command -v signal-desktop)"; \ 48 | signal="$(readlink -ev "$signal")"; \ 49 | ! { ldd "$signal" | grep 'not found'; } 50 | 51 | CMD ["signal-desktop"] 52 | -------------------------------------------------------------------------------- /signal-desktop/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /signal-desktop/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "filename": "pool/s/signal-desktop/signal-desktop_7.57.0_amd64.deb", 3 | "sha256": "4cc8241d07c4008031ca033adbf2ef6cd99793bfde46d0934160a3d2bdebc477", 4 | "url": "https://updates.signal.org/desktop/apt/pool/s/signal-desktop/signal-desktop_7.57.0_amd64.deb", 5 | "version": "7.57.0" 6 | } 7 | -------------------------------------------------------------------------------- /signal-desktop/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/deb-repo.sh" 9 | 10 | channel="$(basename "$PWD")" # "dev", etc 11 | 12 | json="$( 13 | uri='https://updates.signal.org/desktop/apt' 14 | suite='xenial' 15 | component='main' 16 | package='signal-desktop' 17 | deb-repo 18 | )" 19 | 20 | jq <<<"$json" '.' > versions.json 21 | -------------------------------------------------------------------------------- /slack/browser.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | url="$*" 5 | 6 | if 7 | zenity --question \ 8 | --no-wrap \ 9 | --no-markup \ 10 | --text=$'Browser requested for:\n\n'"$url"$'\n\nCopy URL to clipboard?' 11 | then 12 | xclip -selection clipboard <<<"$url" 13 | fi 14 | -------------------------------------------------------------------------------- /slack/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /slack/slack.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /slack/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "filename": "pool/jessie/main/s/slack-desktop/slack-desktop_4.43.52_amd64.deb", 3 | "sha256": "0f9c699919e02de8dcc890f4429c6e7203965205a99fac1e5449fb8df5640fef", 4 | "url": "https://packagecloud.io/slacktechnologies/slack/debian/pool/jessie/main/s/slack-desktop/slack-desktop_4.43.52_amd64.deb", 5 | "version": "4.43.52" 6 | } 7 | -------------------------------------------------------------------------------- /slack/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/deb-repo.sh" 9 | 10 | json="$( 11 | uri='https://packagecloud.io/slacktechnologies/slack/debian' 12 | suite='jessie' 13 | component='main' 14 | package='slack-desktop' 15 | deb-repo 16 | )" 17 | 18 | jq <<<"$json" '.' > versions.json 19 | -------------------------------------------------------------------------------- /sleeping-beauty/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | COPY sleeping-beauty / 3 | CMD ["/sleeping-beauty"] 4 | STOPSIGNAL SIGKILL 5 | -------------------------------------------------------------------------------- /sleeping-beauty/Dockerfile.nolibc: -------------------------------------------------------------------------------- 1 | FROM tianon/nolibc AS build 2 | 3 | WORKDIR /tmp 4 | COPY sleeping-beauty.c ./ 5 | 6 | # ugh, I wish we could just get the commit timestamp directly off sleeping-beauty.c instead 7 | ARG SOURCE_DATE_EPOCH 8 | RUN set -eux; \ 9 | mkdir /aurora; \ 10 | gcc $CFLAGS -o /aurora/sleeping-beauty sleeping-beauty.c; \ 11 | touch --date="@${SOURCE_DATE_EPOCH:-0}" /aurora/sleeping-beauty /aurora; \ 12 | ls -lh /aurora; \ 13 | code="$(set +e; timeout --kill-after=5s 3s chroot /aurora /sleeping-beauty; echo "$?")"; \ 14 | # 124 if COMMAND times out, and --preserve-status is not specified 15 | if [ "$code" != '124' ]; then echo >&2 "error: failure!"; exit 1; fi 16 | 17 | FROM scratch 18 | COPY --from=build --link /aurora / 19 | CMD ["/sleeping-beauty"] 20 | STOPSIGNAL SIGKILL 21 | -------------------------------------------------------------------------------- /sleeping-beauty/Makefile: -------------------------------------------------------------------------------- 1 | sleeping-beauty: sleeping-beauty.asm 2 | nasm -o $@ $< 3 | chmod +x sleeping-beauty 4 | 5 | clean: 6 | rm -f sleeping-beauty 7 | -------------------------------------------------------------------------------- /sleeping-beauty/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | tagsEntry "$dir" latest 12 | 13 | # TODO Architectures 14 | dockerfile='Dockerfile.nolibc' 15 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/$dockerfile")" # TODO multi-stage build?? (scratch does not count) 16 | arches="$(bashbrew remote arches --json "$from" | jq -c '.arches | keys | join(", ")' -r)" 17 | tagsEntry "$dir" nolibc 18 | echo "Architectures: $arches" 19 | -------------------------------------------------------------------------------- /sleeping-beauty/sleeping-beauty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/sleeping-beauty/sleeping-beauty -------------------------------------------------------------------------------- /sleeping-beauty/sleeping-beauty.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | for(;;) { // tight loop because jpetazzo is trolling 3 | #ifdef __NR_pause 4 | my_syscall0(__NR_pause); 5 | #else 6 | // arm64 (maybe others?) does not have the pause syscall... 7 | // musl emulates it via ppoll: https://github.com/tianon/mirror-musl/blob/7020e85fd768be02e7f5971f1707229407cfa1e4/src/unistd/pause.c#L9 8 | my_syscall5(__NR_ppoll, 0, 0, 0, 0, 0); 9 | // https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/tools/include/nolibc/sys.h?h=linux-rolling-stable&id=0be619bcb134b82abef6beaaee9db9582c7015a7#n851 10 | #endif 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /speedtest/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM alpine:3.22 8 | 9 | # https://www.speedtest.net/apps/cli#download 10 | ENV SPEEDTEST_VERSION 1.2.0 11 | 12 | RUN set -eux; \ 13 | apkArch="$(apk --print-arch)"; \ 14 | case "$apkArch" in \ 15 | 'x86') url='https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-i386.tgz' ;; \ 16 | 'x86_64') url='https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-x86_64.tgz' ;; \ 17 | 'armhf') url='https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-armhf.tgz' ;; \ 18 | 'armv7') url='https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-armhf.tgz' ;; \ 19 | 'aarch64') url='https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-aarch64.tgz' ;; \ 20 | *) echo >&2 "error: unknown/unsupported architecture: '$apkArch' (see https://www.speedtest.net/apps/cli#download)"; exit 1 ;; \ 21 | esac; \ 22 | wget -O speedtest.tgz "$url"; \ 23 | tar -xvf speedtest.tgz -C /usr/local/bin speedtest; \ 24 | rm speedtest.tgz; \ 25 | speedtest --version 26 | 27 | COPY docker-entrypoint.sh /usr/local/bin/ 28 | ENTRYPOINT ["docker-entrypoint.sh"] 29 | 30 | CMD ["speedtest"] 31 | -------------------------------------------------------------------------------- /speedtest/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM alpine:3.22 2 | 3 | # https://www.speedtest.net/apps/cli#download 4 | ENV SPEEDTEST_VERSION {{ .version }} 5 | 6 | RUN set -eux; \ 7 | apkArch="$(apk --print-arch)"; \ 8 | case "$apkArch" in \ 9 | {{ [ .arches[] | ( -}} 10 | {{ .apkArch // empty | @sh }}) url={{ .url | @sh }} ;; \ 11 | {{ ) ] | add -}} 12 | *) echo >&2 "error: unknown/unsupported architecture: '$apkArch' (see https://www.speedtest.net/apps/cli#download)"; exit 1 ;; \ 13 | esac; \ 14 | wget -O speedtest.tgz "$url"; \ 15 | tar -xvf speedtest.tgz -C /usr/local/bin speedtest; \ 16 | rm speedtest.tgz; \ 17 | speedtest --version 18 | 19 | COPY docker-entrypoint.sh /usr/local/bin/ 20 | ENTRYPOINT ["docker-entrypoint.sh"] 21 | 22 | CMD ["speedtest"] 23 | -------------------------------------------------------------------------------- /speedtest/README.md: -------------------------------------------------------------------------------- 1 | Ever wanted to speedtest a server, but didn't want to do funky tunnelling so you could hit up good ol' speedtest.net? WORRY NO MORE. 2 | 3 | docker run -it --rm --net=host tianon/speedtest 4 | 5 | We don't actually _require_ `--net=host`, but if we're wanting to test native performance (or use `--ip some-specific-host-IP` / `--interface some-specific-host-interface`) then we want direct access to the relevant connections without any overhead. 6 | -------------------------------------------------------------------------------- /speedtest/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | if [ "${1:0:1}" = '-' ]; then 5 | set -- speedtest "$@" 6 | fi 7 | 8 | exec "$@" 9 | -------------------------------------------------------------------------------- /speedtest/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/Dockerfile")" # TODO multi-stage build?? 9 | fromArches="$(bashbrew remote arches --json "$from" | jq -c '.arches | keys')" 10 | arches="$(jq -r -L "$dir/../.libs" --argjson fromArches "$fromArches" ' 11 | include "lib" 12 | ; 13 | [ 14 | $fromArches, 15 | (.arches | map_values(select(.apkArch)) | keys), 16 | empty 17 | ] 18 | | intersection 19 | | join(", ") 20 | ' "$dir/versions.json")" 21 | [ -n "$arches" ] 22 | 23 | source gsl-libs.sh 24 | 25 | globalEntry 26 | env="${dir^^}_VERSION" 27 | env="${env//-/_}" 28 | versionedEnvTagsEntry "$dir" "$env" latest 29 | echo "Architectures: $arches" 30 | -------------------------------------------------------------------------------- /speedtest/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "1.2.0", 3 | "arches": { 4 | "i386": { 5 | "url": "https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-i386.tgz", 6 | "apkArch": "x86" 7 | }, 8 | "amd64": { 9 | "url": "https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-x86_64.tgz", 10 | "apkArch": "x86_64" 11 | }, 12 | "arm32v5": { 13 | "url": "https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-armel.tgz", 14 | "apkArch": null 15 | }, 16 | "arm32v6": { 17 | "url": "https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-armhf.tgz", 18 | "apkArch": "armhf" 19 | }, 20 | "arm32v7": { 21 | "url": "https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-armhf.tgz", 22 | "apkArch": "armv7" 23 | }, 24 | "arm64v8": { 25 | "url": "https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-aarch64.tgz", 26 | "apkArch": "aarch64" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /speedtest/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | urls="$( 7 | curl -fsSL --user-agent 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Edg/101.0.1210.26' 'https://www.speedtest.net/apps/cli' \ 8 | | grep -oE '"https?://[^"]+/ookla-speedtest-[^"/]+-linux-[^"/]+[.]tgz"' \ 9 | | cut -d'"' -f2 10 | )" 11 | 12 | json="$(jq <<<"$urls" -Rsc -L../.libs ' 13 | include "lib" 14 | ; 15 | rtrimstr("\n") 16 | | split("\n") 17 | | map( 18 | . as $url 19 | | capture("ookla-speedtest-(?[^/]+)-linux-(?[^/]+)[.]tgz") 20 | | { 21 | aarch64: "arm64v8", 22 | armel: "arm32v5", # Ookla "armel" is armv5 23 | armhf: ("arm32v6", "arm32v7"), # Ookla "armhf" is armv6 24 | i386: "i386", 25 | x86_64: "amd64", 26 | }[.arch] as $arch 27 | | { ($arch): { 28 | url: $url, 29 | apkArch: ($arch | apk_arch), 30 | version: .version, 31 | } } 32 | ) 33 | | add 34 | | .amd64.version as $version 35 | | { 36 | version: .amd64.version, 37 | arches: ( 38 | to_entries 39 | | map( 40 | # TODO instead of "select", we should "error" 41 | select(.value.version == $version) 42 | | del(.value.version) 43 | ) 44 | | from_entries 45 | ), 46 | } 47 | ')" 48 | 49 | version="$(jq <<<"$json" -r '.version')" 50 | echo >&2 "speedtest: $version" 51 | 52 | jq <<<"$json" '.' > versions.json 53 | -------------------------------------------------------------------------------- /steam/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /steam/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "filename": "pool/steam/s/steam/steam-launcher_1.0.0.83_amd64.deb", 3 | "sha256": "20ddf0b7ba76ea0945c08de491fcc69b8b7a1350736937f87e9f3be16b109287", 4 | "url": "https://repo.steampowered.com/steam/pool/steam/s/steam/steam-launcher_1.0.0.83_amd64.deb", 5 | "version": "1.0.0.83" 6 | } 7 | -------------------------------------------------------------------------------- /steam/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/deb-repo.sh" 9 | 10 | json="$( 11 | uri='https://repo.steampowered.com/steam' 12 | suite='stable' 13 | component='steam' 14 | package='steam-launcher' 15 | deb-repo 16 | )" 17 | 18 | jq <<<"$json" '.version |= split(":")[1]' > versions.json 19 | -------------------------------------------------------------------------------- /tailscale/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "0b36774ff9e8d5a82efee38e3734298ffb453ae9", 3 | "ref": "refs/tags/v1.84.0^{}", 4 | "tag": "v1.84.0", 5 | "version": "1.84.0" 6 | } 7 | -------------------------------------------------------------------------------- /tailscale/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | json="$( 13 | hook_tailscale-static() { 14 | wget -qO/dev/null "https://pkgs.tailscale.com/stable/tailscale_${version}_amd64.tgz.sha256" || return "$?" 15 | # TODO download/save/embed all the checksums 16 | } 17 | versions_hooks+=( hook_tailscale-static ) 18 | git-tags 'https://github.com/tailscale/tailscale.git' 19 | )" 20 | 21 | jq <<<"$json" '.' > versions.json 22 | -------------------------------------------------------------------------------- /tinygo/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM golang:1.24-bookworm 8 | 9 | # the .deb (as of 0.6.0) installs to /usr/local/tinygo but doesn't add "tinygo" to PATH 10 | ENV PATH /usr/local/tinygo/bin:$PATH 11 | # https://tinygo.org/getting-started/linux/ 12 | 13 | # https://github.com/tinygo-org/tinygo/releases 14 | ENV TINYGO_VERSION 0.37.0 15 | 16 | RUN set -eux; \ 17 | savedAptMark="$(apt-mark showmanual)"; \ 18 | apt-get update; \ 19 | apt-get install -y --no-install-recommends \ 20 | ca-certificates \ 21 | wget \ 22 | ; \ 23 | apt-mark auto '.*' > /dev/null; \ 24 | [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ 25 | \ 26 | wget --progress=dot:giga -O tinygo.deb "https://github.com/tinygo-org/tinygo/releases/download/v$TINYGO_VERSION/tinygo_${TINYGO_VERSION}_amd64.deb"; \ 27 | apt-get install -y --no-install-recommends ./tinygo.deb; \ 28 | rm -rf tinygo.deb /var/lib/apt/lists/*; \ 29 | \ 30 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 31 | \ 32 | tinygo version 33 | -------------------------------------------------------------------------------- /tinygo/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM golang:{{ .go.max.version }}-bookworm 2 | 3 | # the .deb (as of 0.6.0) installs to /usr/local/tinygo but doesn't add "tinygo" to PATH 4 | ENV PATH /usr/local/tinygo/bin:$PATH 5 | # https://tinygo.org/getting-started/linux/ 6 | 7 | # https://github.com/tinygo-org/tinygo/releases 8 | ENV TINYGO_VERSION {{ .version }} 9 | 10 | RUN set -eux; \ 11 | savedAptMark="$(apt-mark showmanual)"; \ 12 | apt-get update; \ 13 | apt-get install -y --no-install-recommends \ 14 | ca-certificates \ 15 | wget \ 16 | ; \ 17 | apt-mark auto '.*' > /dev/null; \ 18 | [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ 19 | \ 20 | wget --progress=dot:giga -O tinygo.deb "https://github.com/tinygo-org/tinygo/releases/download/v$TINYGO_VERSION/tinygo_${TINYGO_VERSION}_amd64.deb"; \ 21 | apt-get install -y --no-install-recommends ./tinygo.deb; \ 22 | rm -rf tinygo.deb /var/lib/apt/lists/*; \ 23 | \ 24 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 25 | \ 26 | tinygo version 27 | -------------------------------------------------------------------------------- /tinygo/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /tinygo/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "3e60eeb368f25f237a512e7553fd6d70f36dc74c", 3 | "ref": "refs/tags/v0.37.0", 4 | "tag": "v0.37.0", 5 | "version": "0.37.0", 6 | "go": { 7 | "min": { 8 | "version": "1.19" 9 | }, 10 | "max": { 11 | "version": "1.24" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /tinygo/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | json="$(git-tags 'https://github.com/tinygo-org/tinygo.git')" 13 | 14 | tag="$(jq <<<"$json" -r '.tag')" 15 | 16 | # parse https://github.com/tinygo-org/tinygo/blob/v0.34.0/builder/config.go#L27-L29 to get the "range" of Go versions supported 17 | go="$( 18 | wget -qO- "https://github.com/tinygo-org/tinygo/raw/$tag/builder/config.go" \ 19 | | jq -csR ' 20 | [ 21 | capture("((?<=\n)|^)[[:space:]]*const[[:space:]]+minor(?Min|Max)[[:space:]]*=[[:space:]]*(?[0-9]+)[[:space:]]*((?=\n)|$)"; "g") 22 | | .key |= ascii_downcase 23 | | .value |= { version: "1.\(.)" } 24 | ] 25 | | from_entries 26 | | if has("min") and has("max") then . else 27 | error("failed to scrape either min or max from upstream") 28 | end 29 | ' 30 | )" 31 | echo "tinygo go: $go" 32 | 33 | jq <<<"$json" --argjson go "$go" ' 34 | .go = $go 35 | ' > versions.json 36 | -------------------------------------------------------------------------------- /toybox/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | # ideally, we'd use official static binary releases from http://landley.net/toybox/downloads/binaries/ but they don't include the (pending) "sh" implementation so they're not quite enough for a full system yet 8 | # https://github.com/landley/toybox/commits/master/toys/pending/sh.c 9 | 10 | FROM alpine:3.22 AS build 11 | 12 | RUN set -eux; \ 13 | apk add --no-cache \ 14 | bash \ 15 | gcc \ 16 | linux-headers \ 17 | make \ 18 | musl-dev \ 19 | # https://github.com/landley/toybox/issues/493#issuecomment-2050906703 (why the GNU tools *and* why Alpine / musl) 20 | findutils cpio \ 21 | ; 22 | 23 | WORKDIR /toybox 24 | 25 | # https://landley.net/toybox/downloads/?C=M;O=D 26 | # https://github.com/landley/toybox/releases 27 | ENV TOYBOX_VERSION 0.8.12 28 | 29 | RUN set -eux; \ 30 | wget -O toybox.tgz "https://landley.net/toybox/downloads/toybox-$TOYBOX_VERSION.tar.gz"; \ 31 | tar -xf toybox.tgz --strip-components=1; \ 32 | rm toybox.tgz 33 | 34 | # pre-build toybox for the build to use 👀 35 | RUN sh -eux scripts/prereq/build.sh 36 | 37 | RUN make root 38 | 39 | # smoke-test/verify the result 40 | RUN chroot root/host/fs sh -c 'PS4="++ " && set -ux && echo hi from toybox' 41 | # TODO add "set -e" and swap to semi-colons when toybox sh supports it :D 42 | # TODO adjusting PS4 because *something* about https://github.com/landley/toybox/blob/122bbe602f50b7fe747751370035f6fd55e674d0/toys/pending/sh.c#L3684-L3701 seems to think our "call depth" is zero instead of one 43 | 44 | FROM scratch 45 | COPY --from=build /toybox/root/host/fs/ / 46 | CMD ["sh"] 47 | -------------------------------------------------------------------------------- /toybox/Dockerfile.template: -------------------------------------------------------------------------------- 1 | # ideally, we'd use official static binary releases from http://landley.net/toybox/downloads/binaries/ but they don't include the (pending) "sh" implementation so they're not quite enough for a full system yet 2 | # https://github.com/landley/toybox/commits/master/toys/pending/sh.c 3 | 4 | FROM alpine:3.22 AS build 5 | 6 | RUN set -eux; \ 7 | apk add --no-cache \ 8 | bash \ 9 | gcc \ 10 | linux-headers \ 11 | make \ 12 | musl-dev \ 13 | # https://github.com/landley/toybox/issues/493#issuecomment-2050906703 (why the GNU tools *and* why Alpine / musl) 14 | findutils cpio \ 15 | ; 16 | 17 | WORKDIR /toybox 18 | 19 | # https://landley.net/toybox/downloads/?C=M;O=D 20 | # https://github.com/landley/toybox/releases 21 | ENV TOYBOX_VERSION {{ .version }} 22 | 23 | RUN set -eux; \ 24 | wget -O toybox.tgz "https://landley.net/toybox/downloads/toybox-$TOYBOX_VERSION.tar.gz"; \ 25 | tar -xf toybox.tgz --strip-components=1; \ 26 | rm toybox.tgz 27 | 28 | # pre-build toybox for the build to use 👀 29 | RUN sh -eux scripts/prereq/build.sh 30 | 31 | RUN make root 32 | 33 | # smoke-test/verify the result 34 | RUN chroot root/host/fs sh -c 'PS4="++ " && set -ux && echo hi from toybox' 35 | # TODO add "set -e" and swap to semi-colons when toybox sh supports it :D 36 | # TODO adjusting PS4 because *something* about https://github.com/landley/toybox/blob/122bbe602f50b7fe747751370035f6fd55e674d0/toys/pending/sh.c#L3684-L3701 seems to think our "call depth" is zero instead of one 37 | 38 | FROM scratch 39 | COPY --from=build /toybox/root/host/fs/ / 40 | CMD ["sh"] 41 | -------------------------------------------------------------------------------- /toybox/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | env="${dir^^}_VERSION" 12 | env="${env//-/_}" 13 | versionedEnvTagsEntry "$dir" "$env" latest 14 | echo 'Architectures: amd64, arm64v8' 15 | -------------------------------------------------------------------------------- /toybox/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "commit": "7eaddbdb9c1712801ddf131ed79ead0c981ffcb1", 3 | "ref": "refs/tags/0.8.12", 4 | "tag": "0.8.12", 5 | "version": "0.8.12" 6 | } 7 | -------------------------------------------------------------------------------- /toybox/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | json="$(git-tags 'https://github.com/landley/toybox.git')" 13 | 14 | jq <<<"$json" '.' > versions.json 15 | -------------------------------------------------------------------------------- /true/.gitignore: -------------------------------------------------------------------------------- 1 | true-*.meta 2 | -------------------------------------------------------------------------------- /true/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | COPY true-asm /true 3 | CMD ["/true"] 4 | -------------------------------------------------------------------------------- /true/Dockerfile.all: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim AS base 2 | RUN apt-get update && apt-get install -y --no-install-recommends make && rm -rf /var/lib/apt/lists/* 3 | WORKDIR /true 4 | COPY Makefile true*.* ./ 5 | RUN make clean # just to be sure 6 | 7 | FROM base AS asm 8 | RUN apt-get update && apt-get install -y --no-install-recommends nasm && rm -rf /var/lib/apt/lists/* 9 | RUN make -C /true true-asm true-yolo 10 | 11 | FROM gcc AS gcc 12 | COPY --from=base /true /true 13 | RUN make -C /true true-gcc 14 | 15 | FROM golang AS go 16 | COPY --from=base /true /true 17 | RUN make -C /true true-go 18 | 19 | FROM rust:alpine AS rust 20 | RUN apk add --no-cache make 21 | COPY --from=base /true /true 22 | RUN make -C /true true-rust 23 | 24 | FROM tianon/tinygo AS tinygo 25 | COPY --from=base /true /true 26 | RUN make -C /true true-tinygo 27 | 28 | FROM golang:alpine AS alpinego 29 | RUN apk add --no-cache make 30 | COPY --from=base /true /true 31 | RUN make -C /true true-go && mv /true/true-go /true/true-alpinego 32 | 33 | FROM base 34 | 35 | COPY --from=asm /true/true-asm* /true/true-yolo* ./ 36 | COPY --from=gcc /true/true-gcc* ./ 37 | COPY --from=go /true/true-go* ./ 38 | COPY --from=rust /true/true-rust* ./ 39 | COPY --from=tinygo /true/true-tinygo* ./ 40 | COPY --from=alpinego /true/true-alpinego* ./ 41 | 42 | RUN ls -lAFh true-* 43 | -------------------------------------------------------------------------------- /true/Dockerfile.yolo: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | COPY true-yolo /true 3 | CMD ["/true"] 4 | -------------------------------------------------------------------------------- /true/Makefile: -------------------------------------------------------------------------------- 1 | SHELL := $(shell if command -v bash > /dev/null; then echo /usr/bin/env bash -Eeuo pipefail; else echo /usr/bin/env sh -eu; fi) 2 | 3 | true-asm: true.asm 4 | nasm -o $@ $< 5 | chmod +x $@ 6 | nasm --version > $@.meta 7 | 8 | true-yolo: true-yolo.asm 9 | nasm -o $@ $< 10 | chmod +x $@ 11 | nasm --version > $@.meta 12 | 13 | true-gcc: true.c 14 | gcc -Wl,--strip-all -o $@ -static -Os -nostartfiles -fno-asynchronous-unwind-tables $< 15 | gcc --version > $@.meta 16 | 17 | true-go: true.go 18 | CGO_ENABLED=0 go build -o $@ -ldflags '-d -s -w' $< 19 | go version > $@.meta 20 | 21 | # https://doc.rust-lang.org/edition-guide/rust-2018/platform-and-target-support/musl-support-for-fully-static-binaries.html 22 | true-rust: true.rs 23 | rustc --target x86_64-unknown-linux-musl -o $@ $< 24 | strip $@ # hmm 25 | rustc --version > $@.meta 26 | 27 | true-tinygo: true.go 28 | tinygo build -o $@ -no-debug -opt s $< 29 | strip $@ # hmm 30 | tinygo version > $@.meta 31 | 32 | .PHONY: all 33 | all: true-asm true-yolo true-gcc true-go true-rust true-tinygo 34 | .PHONY: clean 35 | clean: 36 | set -x; rm -f true-{asm,yolo,gcc,go,rust,tinygo}{,.meta} 37 | -------------------------------------------------------------------------------- /true/build-all.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | dir="$(dirname "$BASH_SOURCE")" 5 | cd "$dir" 6 | 7 | make clean 8 | docker build --pull --file Dockerfile.all --tag tianon/true:all . 9 | docker run --rm tianon/true:all sh -c 'tar --create true-*' | tar --extract --verbose 10 | -------------------------------------------------------------------------------- /true/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | source gsl-libs.sh 9 | 10 | globalEntry 11 | tagsEntry "$dir" latest 12 | dockerfile='Dockerfile.yolo' tagsEntry "$dir" yolo 13 | 14 | for variant in oci yoloci; do 15 | commit="$(fileCommit "$dir/$variant")" 16 | cat <<-EOE 17 | 18 | Tags: $variant 19 | GitCommit: $commit 20 | Directory: $dir/$variant 21 | Builder: oci-import 22 | File: index.json 23 | EOE 24 | done 25 | -------------------------------------------------------------------------------- /true/oci/blobs/sha256/1c51fc286aa95d9413226599576bafa38490b1e292375c90de095855b64caea6: -------------------------------------------------------------------------------- 1 | ../../rootfs.tar.gz -------------------------------------------------------------------------------- /true/oci/blobs/sha256/25be82253336f0b8c4347bc4ecbbcdc85d0e0f118ccf8dc2e119c0a47a0a486e: -------------------------------------------------------------------------------- 1 | ../../config.json -------------------------------------------------------------------------------- /true/oci/blobs/sha256/9ef42f1d602fb423fad935aac1caa0cfdbce1ad7edce64d080a4eb7b13f7cd9d: -------------------------------------------------------------------------------- 1 | ../../image-manifest.json -------------------------------------------------------------------------------- /true/oci/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "architecture": "amd64", 3 | "config": { 4 | "Cmd": [ 5 | "/true" 6 | ] 7 | }, 8 | "created": "2023-02-01T06:51:11Z", 9 | "history": [ 10 | { 11 | "created": "2023-02-01T06:51:11Z", 12 | "created_by": "https://github.com/tianon/dockerfiles/tree/master/true" 13 | } 14 | ], 15 | "os": "linux", 16 | "rootfs": { 17 | "diff_ids": [ 18 | "sha256:65b5a4593cc61d3ea6d355fb97c0430d820ee21aa8535f5de45e75c31954b743" 19 | ], 20 | "type": "layers" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /true/oci/image-manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "config": { 3 | "data": "ewoJImFyY2hpdGVjdHVyZSI6ICJhbWQ2NCIsCgkiY29uZmlnIjogewoJCSJDbWQiOiBbCgkJCSIvdHJ1ZSIKCQldCgl9LAoJImNyZWF0ZWQiOiAiMjAyMy0wMi0wMVQwNjo1MToxMVoiLAoJImhpc3RvcnkiOiBbCgkJewoJCQkiY3JlYXRlZCI6ICIyMDIzLTAyLTAxVDA2OjUxOjExWiIsCgkJCSJjcmVhdGVkX2J5IjogImh0dHBzOi8vZ2l0aHViLmNvbS90aWFub24vZG9ja2VyZmlsZXMvdHJlZS9tYXN0ZXIvdHJ1ZSIKCQl9CgldLAoJIm9zIjogImxpbnV4IiwKCSJyb290ZnMiOiB7CgkJImRpZmZfaWRzIjogWwoJCQkic2hhMjU2OjY1YjVhNDU5M2NjNjFkM2VhNmQzNTVmYjk3YzA0MzBkODIwZWUyMWFhODUzNWY1ZGU0NWU3NWMzMTk1NGI3NDMiCgkJXSwKCQkidHlwZSI6ICJsYXllcnMiCgl9Cn0K", 4 | "digest": "sha256:25be82253336f0b8c4347bc4ecbbcdc85d0e0f118ccf8dc2e119c0a47a0a486e", 5 | "mediaType": "application/vnd.oci.image.config.v1+json", 6 | "size": 396 7 | }, 8 | "layers": [ 9 | { 10 | "data": "H4sIAAAAAAACAyspKk1loDEwAAJTU1MwDQTotIGhuQmcDRE3MzM0YlAwYKADKC0uSSxSUGAYoaDe1ceNiZERzmdisGMA8SoYHMB8Byx6HBgsGGA6QDQrmiwyXQPl1cDlIUG9wYaflWEUDDgAAIAGdJIABAAA", 11 | "digest": "sha256:1c51fc286aa95d9413226599576bafa38490b1e292375c90de095855b64caea6", 12 | "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", 13 | "size": 117 14 | } 15 | ], 16 | "mediaType": "application/vnd.oci.image.manifest.v1+json", 17 | "schemaVersion": 2 18 | } 19 | -------------------------------------------------------------------------------- /true/oci/index.json: -------------------------------------------------------------------------------- 1 | { 2 | "manifests": [ 3 | { 4 | "digest": "sha256:9ef42f1d602fb423fad935aac1caa0cfdbce1ad7edce64d080a4eb7b13f7cd9d", 5 | "mediaType": "application/vnd.oci.image.manifest.v1+json", 6 | "size": 1165 7 | } 8 | ], 9 | "mediaType": "application/vnd.oci.image.index.v1+json", 10 | "schemaVersion": 2 11 | } 12 | -------------------------------------------------------------------------------- /true/oci/oci-layout: -------------------------------------------------------------------------------- 1 | {"imageLayoutVersion":"1.0.0"} 2 | -------------------------------------------------------------------------------- /true/oci/rootfs.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/true/oci/rootfs.tar -------------------------------------------------------------------------------- /true/oci/rootfs.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/true/oci/rootfs.tar.gz -------------------------------------------------------------------------------- /true/true-asm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/true/true-asm -------------------------------------------------------------------------------- /true/true-yolo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/true/true-yolo -------------------------------------------------------------------------------- /true/true-yolo.asm: -------------------------------------------------------------------------------- 1 | ; https://www.muppetlabs.com/~breadbox/software/tiny/teensy.html 2 | 3 | BITS 32 4 | 5 | org 0x00010000 6 | db 0x7F, "ELF" ; e_ident 7 | dd 1 ; p_type 8 | dd 0 ; p_offset 9 | dd $$ ; p_vaddr 10 | dw 2 ; e_type ; p_paddr 11 | dw 3 ; e_machine 12 | dd _start ; e_version ; p_filesz 13 | dd _start ; e_entry ; p_memsz 14 | dd 4 ; e_phoff ; p_flags 15 | _start: 16 | mov bl, 0 ; e_shoff ; p_align 17 | xor eax, eax 18 | inc eax ; e_flags 19 | int 0x80 20 | db 0 21 | dw 0x34 ; e_ehsize 22 | dw 0x20 ; e_phentsize 23 | db 1 ; e_phnum 24 | ; e_shentsize 25 | ; e_shnum 26 | ; e_shstrndx 27 | 28 | filesize equ $ - $$ 29 | -------------------------------------------------------------------------------- /true/true.asm: -------------------------------------------------------------------------------- 1 | ; this is especially thanks to: 2 | ; http://blog.markloiseau.com/2012/05/tiny-64-bit-elf-executables/ 3 | 4 | BITS 64 5 | org 0x00400000 ; Program load offset 6 | 7 | ; 64-bit ELF header 8 | ehdr: 9 | ; 1), 0 (ABI ver.) 10 | db 0x7F, "ELF", 2, 1, 1, 0 ; e_ident 11 | times 8 db 0 ; reserved (zeroes) 12 | 13 | dw 2 ; e_type: Executable file 14 | dw 0x3e ; e_machine: AMD64 15 | dd 1 ; e_version: current version 16 | dq _start ; e_entry: program entry address (0x78) 17 | dq phdr - $$ ; e_phoff program header offset (0x40) 18 | dq 0 ; e_shoff no section headers 19 | dd 0 ; e_flags no flags 20 | dw ehdrsize ; e_ehsize: ELF header size (0x40) 21 | dw phdrsize ; e_phentsize: program header size (0x38) 22 | dw 1 ; e_phnum: one program header 23 | dw 0 ; e_shentsize 24 | dw 0 ; e_shnum 25 | dw 0 ; e_shstrndx 26 | 27 | ehdrsize equ $ - ehdr 28 | 29 | ; 64-bit ELF program header 30 | phdr: 31 | dd 1 ; p_type: loadable segment 32 | dd 5 ; p_flags read and execute 33 | dq 0 ; p_offset 34 | dq $$ ; p_vaddr: start of the current section 35 | dq $$ ; p_paddr: " " 36 | dq filesize ; p_filesz 37 | dq filesize ; p_memsz 38 | dq 0x200000 ; p_align: 2^11=200000 = section alignment 39 | 40 | ; program header size 41 | phdrsize equ $ - phdr 42 | 43 | ; Hello World!/your program here 44 | _start: 45 | 46 | ; sys_write(stdout, message, length) 47 | 48 | ; mov rax, 1 ; sys_write 49 | ; mov rdi, 1 ; stdout 50 | ; mov rsi, message ; message address 51 | ; mov rdx, length ; message string length 52 | ; syscall 53 | 54 | ; sys_exit(return_code) 55 | 56 | ;mov rax, 60 ; sys_exit 57 | ;mov rdi, 0 ; return 0 (success) 58 | ; even smaller hax thanks to @tiborvass: 59 | mov al, 60 ; sys_exit 60 | syscall 61 | 62 | ; message: 63 | ; db 'Hello, world!',0x0A ; message and newline 64 | ; length: equ $-message ; message length calculation 65 | 66 | ; File size calculation 67 | filesize equ $ - $$ 68 | -------------------------------------------------------------------------------- /true/true.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | void _start() { /* _exit(0); */ syscall(SYS_exit, 0); } 4 | -------------------------------------------------------------------------------- /true/true.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | func main() {} 4 | -------------------------------------------------------------------------------- /true/true.rs: -------------------------------------------------------------------------------- 1 | fn main() { 2 | } 3 | -------------------------------------------------------------------------------- /true/yoloci/blobs/sha256/9640fb911d45e3070a35d8eb018380e2efa879acad3b0c74d0c91ed53369177f: -------------------------------------------------------------------------------- 1 | ../../rootfs.tar.gz -------------------------------------------------------------------------------- /true/yoloci/blobs/sha256/d80756958759f24eb147154bb1ffeabaf2aeb88b659c64dcaa906c97b4da0cbc: -------------------------------------------------------------------------------- 1 | ../../image-manifest.json -------------------------------------------------------------------------------- /true/yoloci/blobs/sha256/e759af11fe110511ea6b3f02512de70861e9fccd669a14a33a2bb6a04b70aadf: -------------------------------------------------------------------------------- 1 | ../../config.json -------------------------------------------------------------------------------- /true/yoloci/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "architecture": "amd64", 3 | "config": { 4 | "Cmd": [ 5 | "/true" 6 | ] 7 | }, 8 | "created": "2023-02-22T05:21:54Z", 9 | "history": [ 10 | { 11 | "created": "2023-02-22T05:21:54Z", 12 | "created_by": "https://github.com/tianon/dockerfiles/tree/master/true" 13 | } 14 | ], 15 | "os": "linux", 16 | "rootfs": { 17 | "diff_ids": [ 18 | "sha256:c6c49ae0f32c8806e774fa35b873205111e021271cfff078a6c924e29073b050" 19 | ], 20 | "type": "layers" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /true/yoloci/image-manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "config": { 3 | "data": "ewoJImFyY2hpdGVjdHVyZSI6ICJhbWQ2NCIsCgkiY29uZmlnIjogewoJCSJDbWQiOiBbCgkJCSIvdHJ1ZSIKCQldCgl9LAoJImNyZWF0ZWQiOiAiMjAyMy0wMi0yMlQwNToyMTo1NFoiLAoJImhpc3RvcnkiOiBbCgkJewoJCQkiY3JlYXRlZCI6ICIyMDIzLTAyLTIyVDA1OjIxOjU0WiIsCgkJCSJjcmVhdGVkX2J5IjogImh0dHBzOi8vZ2l0aHViLmNvbS90aWFub24vZG9ja2VyZmlsZXMvdHJlZS9tYXN0ZXIvdHJ1ZSIKCQl9CgldLAoJIm9zIjogImxpbnV4IiwKCSJyb290ZnMiOiB7CgkJImRpZmZfaWRzIjogWwoJCQkic2hhMjU2OmM2YzQ5YWUwZjMyYzg4MDZlNzc0ZmEzNWI4NzMyMDUxMTFlMDIxMjcxY2ZmZjA3OGE2YzkyNGUyOTA3M2IwNTAiCgkJXSwKCQkidHlwZSI6ICJsYXllcnMiCgl9Cn0K", 4 | "digest": "sha256:e759af11fe110511ea6b3f02512de70861e9fccd669a14a33a2bb6a04b70aadf", 5 | "mediaType": "application/vnd.oci.image.config.v1+json", 6 | "size": 396 7 | }, 8 | "layers": [ 9 | { 10 | "data": "H4sIAAAAAAACAyspKk1loDEwAAJTU1MwDQToNEgSwQaLm5kZGjAoGDDQAZQWlyQWKSgwjFBQ7+rjxgjnMTIwMTAzKABpEGYBimxmMDzgcLaBwQQsMgqGGwAAxW0VDgAEAAA=", 11 | "digest": "sha256:9640fb911d45e3070a35d8eb018380e2efa879acad3b0c74d0c91ed53369177f", 12 | "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", 13 | "size": 98 14 | } 15 | ], 16 | "mediaType": "application/vnd.oci.image.manifest.v1+json", 17 | "schemaVersion": 2 18 | } 19 | -------------------------------------------------------------------------------- /true/yoloci/index.json: -------------------------------------------------------------------------------- 1 | { 2 | "manifests": [ 3 | { 4 | "digest": "sha256:d80756958759f24eb147154bb1ffeabaf2aeb88b659c64dcaa906c97b4da0cbc", 5 | "mediaType": "application/vnd.oci.image.manifest.v1+json", 6 | "size": 1140 7 | } 8 | ], 9 | "mediaType": "application/vnd.oci.image.index.v1+json", 10 | "schemaVersion": 2 11 | } 12 | -------------------------------------------------------------------------------- /true/yoloci/oci-layout: -------------------------------------------------------------------------------- 1 | {"imageLayoutVersion":"1.0.0"} 2 | -------------------------------------------------------------------------------- /true/yoloci/rootfs.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/true/yoloci/rootfs.tar -------------------------------------------------------------------------------- /true/yoloci/rootfs.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/true/yoloci/rootfs.tar.gz -------------------------------------------------------------------------------- /update.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | dir="$(readlink -ve "$BASH_SOURCE")" 5 | dir="$(dirname "$dir")" 6 | 7 | "$dir/versions.sh" "$@" 8 | "$dir/apply-templates.sh" "$@" 9 | -------------------------------------------------------------------------------- /versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "$#" -eq 0 ]; then 5 | dirs="$(find -type f -name versions.json -exec bash -Eeuo pipefail -c 'for d; do dir="$(dirname "${d#./}")"; printf " %q" "$dir"; done' -- '{}' +)" 6 | eval "set -- $dirs" 7 | fi 8 | if [ "$#" -eq 0 ]; then 9 | echo >&2 "error: failed to find any 'versions.json' files!" 10 | exit 1 11 | fi 12 | 13 | for dir; do 14 | export dir 15 | 16 | script="$dir" 17 | while [ ! -x "$script/versions.sh" ]; do 18 | if [ "$script" = '.' ]; then 19 | echo >&2 "error: failed to find script for '$dir'!" 20 | exit 1 21 | fi 22 | script="$(dirname "$script")" 23 | done 24 | 25 | text="$dir" 26 | if [ "$dir" != "$script" ]; then 27 | text+=" ($script)" 28 | fi 29 | echo "processing $text ..." 30 | 31 | script="$(readlink -ve "$script/versions.sh")" 32 | ( 33 | cd "$dir" 34 | source "$script" 35 | ) 36 | done 37 | -------------------------------------------------------------------------------- /vultr-cli/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM alpine:3.22 8 | 9 | RUN apk add --no-cache ca-certificates 10 | 11 | # https://github.com/vultr/vultr-cli/releases 12 | ENV VULTR_CLI_VERSION 3.4.0 13 | 14 | RUN set -eux; \ 15 | \ 16 | apkArch="$(apk --print-arch)"; \ 17 | case "$apkArch" in \ 18 | 'x86_64') url='https://github.com/vultr/vultr-cli/releases/download/v3.4.0/vultr-cli_v3.4.0_linux_amd64.tar.gz'; sha256='3c9b1c7c4762dd0fc6354feb2867fe47d6b394dce9e558df1ed2c7e3e0ad320e' ;; \ 19 | 'armhf') url='https://github.com/vultr/vultr-cli/releases/download/v3.4.0/vultr-cli_v3.4.0_linux_arm32-v6.tar.gz'; sha256='b0ba88f8dec9e592b9c709b7a7285568a2a994dad62813b52c9e1b06ef95f544' ;; \ 20 | 'armv7') url='https://github.com/vultr/vultr-cli/releases/download/v3.4.0/vultr-cli_v3.4.0_linux_arm32-v7.tar.gz'; sha256='3239c798b4128f0dfcfc0eeb0c63084189a3f22a32cbe28f9f643af625731bdf' ;; \ 21 | 'aarch64') url='https://github.com/vultr/vultr-cli/releases/download/v3.4.0/vultr-cli_v3.4.0_linux_arm64.tar.gz'; sha256='cf46b1d0f27990a0c7c07561eabfd8123487ac71d774bfb73221793743a05de2' ;; \ 22 | *) echo >&2 "error: unsupported architecture: '$apkArch'"; exit 1 ;; \ 23 | esac; \ 24 | \ 25 | wget -O vultr.tgz "$url"; \ 26 | echo "$sha256 *vultr.tgz" | sha256sum -c -; \ 27 | \ 28 | tar -xvf vultr.tgz -C /usr/local/bin; \ 29 | rm vultr.tgz; \ 30 | \ 31 | VULTR_API_KEY=fake vultr-cli version 32 | 33 | CMD ["vultr-cli", "--help"] 34 | -------------------------------------------------------------------------------- /vultr-cli/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM alpine:3.22 2 | 3 | RUN apk add --no-cache ca-certificates 4 | 5 | # https://github.com/vultr/vultr-cli/releases 6 | ENV VULTR_CLI_VERSION {{ .version }} 7 | 8 | RUN set -eux; \ 9 | \ 10 | apkArch="$(apk --print-arch)"; \ 11 | case "$apkArch" in \ 12 | {{ [ .arches[] | ( -}} 13 | {{ .apkArch // empty | @sh }}) url={{ .url | @sh }}; sha256={{ .sha256 | @sh }} ;; \ 14 | {{ ) ] | add -}} 15 | *) echo >&2 "error: unsupported architecture: '$apkArch'"; exit 1 ;; \ 16 | esac; \ 17 | \ 18 | wget -O vultr.tgz "$url"; \ 19 | echo "$sha256 *vultr.tgz" | sha256sum -c -; \ 20 | \ 21 | tar -xvf vultr.tgz -C /usr/local/bin; \ 22 | rm vultr.tgz; \ 23 | \ 24 | VULTR_API_KEY=fake vultr-cli version 25 | 26 | CMD ["vultr-cli", "--help"] 27 | -------------------------------------------------------------------------------- /vultr-cli/gsl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$BASH_SOURCE")" 5 | dir="$(basename "$PWD")" 6 | cd .. 7 | 8 | from="$(awk '$1 == "FROM" { print $2; exit }' "$dir/Dockerfile")" # TODO multi-stage build?? 9 | fromArches="$(bashbrew remote arches --json "$from" | jq -c '.arches | keys')" 10 | arches="$(jq -r -L "$dir/../.libs" --argjson fromArches "$fromArches" ' 11 | include "lib" 12 | ; 13 | [ 14 | $fromArches, 15 | (.arches | map_values(select(.apkArch)) | keys), 16 | empty 17 | ] 18 | | intersection 19 | | join(", ") 20 | ' "$dir/versions.json")" 21 | [ -n "$arches" ] 22 | 23 | source gsl-libs.sh 24 | 25 | globalEntry 26 | env="${dir^^}_VERSION" 27 | env="${env//-/_}" 28 | versionedEnvTagsEntry "$dir" "$env" latest 29 | echo "Architectures: $arches" 30 | -------------------------------------------------------------------------------- /vultr-cli/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/git.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | json="$( 13 | hook_vultr-sha256() { 14 | local tag 15 | tag="$(jq <<<"$json" -r '.tag')" || return "$?" 16 | 17 | local urlBase="https://github.com/vultr/vultr-cli/releases/download/$tag" 18 | 19 | local checksums 20 | checksums="$(wget -qO- "$urlBase/vultr-cli_v${version}_checksums.txt")" || return "$?" 21 | 22 | jq <<<"$checksums" -Rsc -L../.libs --arg urlBase "$urlBase" ' 23 | include "lib" 24 | ; 25 | ( 26 | [ 27 | "^(?[0-9a-f]{64})", 28 | "( | [*])", 29 | "(?", 30 | "(vultr-cli_)?", 31 | "v?[0-9.-]+", 32 | "_(?i:(?linux|windows|macos))_", 33 | "(?[^_. ]+)", 34 | "[.](tar[.]gz|zip)", 35 | ")$" 36 | ] | join("") 37 | ) as $regex 38 | | rtrimstr("\n") 39 | | split("\n") 40 | | map( 41 | capture($regex) 42 | | ( 43 | ( 44 | { 45 | "linux": "", 46 | "macos": "darwin-", 47 | "windows": "windows-", 48 | }[.os | ascii_downcase] 49 | // empty 50 | ) + ( 51 | { 52 | "amd64": "amd64", 53 | "arm32-v6": "arm32v6", 54 | "arm32-v7": "arm32v7", 55 | "arm64": "arm64v8", 56 | }[.arch] 57 | // empty 58 | ) 59 | ) as $arch 60 | | { ($arch): { 61 | url: ($urlBase + "/" + .file), 62 | sha256: .sha256, 63 | apkArch: ($arch | apk_arch), 64 | } } 65 | ) 66 | | { arches: add } 67 | ' || return "$?" 68 | } 69 | versions_hooks+=( hook_vultr-sha256 ) 70 | git-tags 'https://github.com/vultr/vultr-cli.git' 71 | )" 72 | 73 | jq <<<"$json" '.' > versions.json 74 | -------------------------------------------------------------------------------- /weechat/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM debian:bookworm-slim 8 | 9 | RUN set -eux; \ 10 | apt-get update; \ 11 | apt-get install -y --no-install-recommends \ 12 | ca-certificates \ 13 | ; \ 14 | rm -rf /var/lib/apt/lists/* 15 | 16 | ENV HOME /home/user 17 | RUN set -eux; \ 18 | useradd --create-home --home-dir "$HOME" user; \ 19 | mkdir "$HOME/.weechat"; \ 20 | chown -R user:user "$HOME" 21 | 22 | # https://weechat.org/files/doc/devel/weechat_faq.en.html#charset 23 | ENV LANG C.UTF-8 24 | 25 | # https://weechat.org/download/debian/ 26 | RUN set -eux; \ 27 | savedAptMark="$(apt-mark showmanual)"; \ 28 | apt-get update; \ 29 | apt-get install -y --no-install-recommends gnupg; \ 30 | \ 31 | GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ 32 | gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 11E9DE8848F2B65222AA75B8D1820DB22A11534E; \ 33 | gpg --batch --export --armor 11E9DE8848F2B65222AA75B8D1820DB22A11534E > /usr/local/share/weechat-keyring.gpg.asc; \ 34 | gpgconf --kill all; \ 35 | rm -rf "$GNUPGHOME"; unset GNUPGHOME; \ 36 | \ 37 | apt-mark auto '.*' > /dev/null; \ 38 | [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ 39 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 40 | \ 41 | suite="$(awk '$1 == "Suites:" { print $2; exit }' /etc/apt/sources.list.d/debian.sources)"; \ 42 | echo "deb [signed-by=/usr/local/share/weechat-keyring.gpg.asc] https://weechat.org/debian $suite main" > /etc/apt/sources.list.d/weechat.list; \ 43 | \ 44 | apt-get update; \ 45 | rm -rf /var/lib/apt/lists/* 46 | 47 | # https://weechat.org/download/stable/ 48 | # https://weechat.org/download/debian/active/#debian_bookworm 49 | ENV WEECHAT_VERSION 4.6.3-1 50 | 51 | RUN set -eux; \ 52 | apt-get update; \ 53 | apt-get install -y --no-install-recommends \ 54 | weechat="$WEECHAT_VERSION" \ 55 | weechat-curses="$WEECHAT_VERSION" \ 56 | weechat-plugins="$WEECHAT_VERSION" \ 57 | ; \ 58 | rm -rf /var/lib/apt/lists/* 59 | 60 | WORKDIR $HOME 61 | USER user 62 | CMD ["weechat"] 63 | -------------------------------------------------------------------------------- /weechat/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN set -eux; \ 4 | apt-get update; \ 5 | apt-get install -y --no-install-recommends \ 6 | ca-certificates \ 7 | ; \ 8 | rm -rf /var/lib/apt/lists/* 9 | 10 | ENV HOME /home/user 11 | RUN set -eux; \ 12 | useradd --create-home --home-dir "$HOME" user; \ 13 | mkdir "$HOME/.weechat"; \ 14 | chown -R user:user "$HOME" 15 | 16 | # https://weechat.org/files/doc/devel/weechat_faq.en.html#charset 17 | ENV LANG C.UTF-8 18 | 19 | # https://weechat.org/download/debian/ 20 | RUN set -eux; \ 21 | savedAptMark="$(apt-mark showmanual)"; \ 22 | apt-get update; \ 23 | apt-get install -y --no-install-recommends gnupg; \ 24 | \ 25 | GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ 26 | gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 11E9DE8848F2B65222AA75B8D1820DB22A11534E; \ 27 | gpg --batch --export --armor 11E9DE8848F2B65222AA75B8D1820DB22A11534E > /usr/local/share/weechat-keyring.gpg.asc; \ 28 | gpgconf --kill all; \ 29 | rm -rf "$GNUPGHOME"; unset GNUPGHOME; \ 30 | \ 31 | apt-mark auto '.*' > /dev/null; \ 32 | [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ 33 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 34 | \ 35 | suite="$(awk '$1 == "Suites:" { print $2; exit }' /etc/apt/sources.list.d/debian.sources)"; \ 36 | echo "deb [signed-by=/usr/local/share/weechat-keyring.gpg.asc] https://weechat.org/debian $suite main" > /etc/apt/sources.list.d/weechat.list; \ 37 | \ 38 | apt-get update; \ 39 | rm -rf /var/lib/apt/lists/* 40 | 41 | # https://weechat.org/download/stable/ 42 | # https://weechat.org/download/debian/active/#debian_bookworm 43 | ENV WEECHAT_VERSION {{ .version }} 44 | 45 | RUN set -eux; \ 46 | apt-get update; \ 47 | apt-get install -y --no-install-recommends \ 48 | weechat="$WEECHAT_VERSION" \ 49 | weechat-curses="$WEECHAT_VERSION" \ 50 | weechat-plugins="$WEECHAT_VERSION" \ 51 | ; \ 52 | rm -rf /var/lib/apt/lists/* 53 | 54 | WORKDIR $HOME 55 | USER user 56 | CMD ["weechat"] 57 | -------------------------------------------------------------------------------- /weechat/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /weechat/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "filename": "dists/stable/main/binary-amd64/weechat_4.6.3-1_all.deb", 3 | "sha256": "c5457b5f90466e2886037f97704ffa31cceb4dd5d0aae3699ec2259380ac544d", 4 | "url": "https://weechat.org/debian/dists/stable/main/binary-amd64/weechat_4.6.3-1_all.deb", 5 | "version": "4.6.3-1" 6 | } 7 | -------------------------------------------------------------------------------- /weechat/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/deb-repo.sh" 9 | 10 | suite="$(gawk -F '[[:space:]:]+' '$1 == "FROM" { print $3; exit }' Dockerfile.template)" 11 | suite="${suite%-slim}" 12 | 13 | json="$( 14 | uri='https://weechat.org/debian' 15 | component='main' 16 | package='weechat' 17 | deb-repo 18 | )" 19 | 20 | jq <<<"$json" '.' > versions.json 21 | -------------------------------------------------------------------------------- /wine/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM debian:bookworm-slim 8 | 9 | # https://wiki.winehq.org/Debian 10 | 11 | RUN set -eux; \ 12 | apt-get update; \ 13 | apt-get install -y --no-install-recommends apt-transport-https ca-certificates; \ 14 | savedAptMark="$(apt-mark showmanual)"; \ 15 | apt-get install -y --no-install-recommends gnupg; \ 16 | rm -rf /var/lib/apt/lists/*; \ 17 | \ 18 | export GNUPGHOME="$(mktemp -d)"; \ 19 | gpg --batch --keyserver keyserver.ubuntu.com --recv-keys D43F640145369C51D786DDEA76F1A20FF987672F; \ 20 | gpg --batch --export --armor D43F640145369C51D786DDEA76F1A20FF987672F > /etc/apt/trusted.gpg.d/winehq.gpg.asc; \ 21 | gpgconf --kill all; \ 22 | rm -rf "$GNUPGHOME"; \ 23 | apt-key list | grep 'WineHQ'; \ 24 | \ 25 | apt-mark auto '.*' > /dev/null; \ 26 | apt-mark manual $savedAptMark > /dev/null; \ 27 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 28 | \ 29 | dpkg --add-architecture i386; \ 30 | suite="$(awk '$1 == "Suites:" { print $2; exit }' /etc/apt/sources.list.d/debian.sources)"; \ 31 | echo "deb https://dl.winehq.org/wine-builds/debian $suite main" > /etc/apt/sources.list.d/winehq.list 32 | 33 | # https://dl.winehq.org/wine-builds/debian/dists/bookworm/main/binary-amd64/?C=N;O=D 34 | # https://www.winehq.org/news/ 35 | ENV WINE_VERSION 10.0.0.0 36 | ENV WINE_DEB_VERSION 10.0.0.0~bookworm-1 37 | 38 | RUN set -eux; \ 39 | { \ 40 | echo 'Package: src:*wine*:any'; \ 41 | echo "Pin: version $WINE_DEB_VERSION"; \ 42 | echo 'Pin-Priority: 1001'; \ 43 | } > /etc/apt/preferences.d/winehq.pref; \ 44 | apt-get update; \ 45 | apt-get install -y --no-install-recommends \ 46 | "winehq-stable=$WINE_DEB_VERSION" \ 47 | ; \ 48 | rm -rf /var/lib/apt/lists/*; \ 49 | wine --version 50 | -------------------------------------------------------------------------------- /wine/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | # https://wiki.winehq.org/Debian 4 | 5 | RUN set -eux; \ 6 | apt-get update; \ 7 | apt-get install -y --no-install-recommends apt-transport-https ca-certificates; \ 8 | savedAptMark="$(apt-mark showmanual)"; \ 9 | apt-get install -y --no-install-recommends gnupg; \ 10 | rm -rf /var/lib/apt/lists/*; \ 11 | \ 12 | export GNUPGHOME="$(mktemp -d)"; \ 13 | gpg --batch --keyserver keyserver.ubuntu.com --recv-keys D43F640145369C51D786DDEA76F1A20FF987672F; \ 14 | gpg --batch --export --armor D43F640145369C51D786DDEA76F1A20FF987672F > /etc/apt/trusted.gpg.d/winehq.gpg.asc; \ 15 | gpgconf --kill all; \ 16 | rm -rf "$GNUPGHOME"; \ 17 | apt-key list | grep 'WineHQ'; \ 18 | \ 19 | apt-mark auto '.*' > /dev/null; \ 20 | apt-mark manual $savedAptMark > /dev/null; \ 21 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 22 | \ 23 | dpkg --add-architecture i386; \ 24 | suite="$(awk '$1 == "Suites:" { print $2; exit }' /etc/apt/sources.list.d/debian.sources)"; \ 25 | echo "deb https://dl.winehq.org/wine-builds/debian $suite main" > /etc/apt/sources.list.d/winehq.list 26 | 27 | # https://dl.winehq.org/wine-builds/debian/dists/bookworm/main/binary-amd64/?C=N;O=D 28 | # https://www.winehq.org/news/ 29 | ENV WINE_VERSION {{ .version }} 30 | ENV WINE_DEB_VERSION {{ .debian.version }} 31 | 32 | RUN set -eux; \ 33 | { \ 34 | echo 'Package: src:*wine*:any'; \ 35 | echo "Pin: version $WINE_DEB_VERSION"; \ 36 | echo 'Pin-Priority: 1001'; \ 37 | } > /etc/apt/preferences.d/winehq.pref; \ 38 | apt-get update; \ 39 | apt-get install -y --no-install-recommends \ 40 | "winehq-stable=$WINE_DEB_VERSION" \ 41 | ; \ 42 | rm -rf /var/lib/apt/lists/*; \ 43 | wine --version 44 | -------------------------------------------------------------------------------- /wine/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /wine/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "10.0.0.0", 3 | "debian": { 4 | "filename": "pool/main/w/wine/winehq-stable_10.0.0.0~bookworm-1_amd64.deb", 5 | "sha256": "8afd962bee42616224c835b2af53b7beb618f92c7fbfe699da3f1976a0601731", 6 | "url": "https://dl.winehq.org/wine-builds/debian/pool/main/w/wine/winehq-stable_10.0.0.0~bookworm-1_amd64.deb", 7 | "version": "10.0.0.0~bookworm-1" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /wine/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/deb-repo.sh" 9 | 10 | suite="$(gawk -F '[[:space:]:]+' '$1 == "FROM" { print $3; exit }' Dockerfile.template)" 11 | suite="${suite%-slim}" 12 | 13 | json="$( 14 | uri='https://dl.winehq.org/wine-builds/debian' 15 | component='main' 16 | package='winehq-stable' 17 | deb-repo 18 | )" 19 | 20 | jq <<<"$json" ' 21 | { 22 | version: (.version | split("~")[0]), 23 | debian: ., 24 | } 25 | ' > versions.json 26 | -------------------------------------------------------------------------------- /ymlfmt/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM python:3.13-alpine3.22 8 | 9 | RUN set -eux; \ 10 | apk add --no-cache --virtual .build-deps gcc libc-dev; \ 11 | # https://pypi.org/project/ruamel.yaml/ 12 | pip install --no-cache-dir 'ruamel.yaml == 0.18.14'; \ 13 | apk del --no-network .build-deps 14 | 15 | COPY ymlfmt /usr/local/bin/ 16 | 17 | COPY test-*.yml /tmp/ 18 | RUN set -eux; \ 19 | diff="$(ymlfmt -d '/tmp/test-out.yml')"; \ 20 | [ -z "$diff" ]; \ 21 | in="$(ymlfmt '/tmp/test-in.yml')"; \ 22 | out="$(cat '/tmp/test-out.yml')"; \ 23 | [ "$in" = "$out" ] 24 | -------------------------------------------------------------------------------- /ymlfmt/Dockerfile.template: -------------------------------------------------------------------------------- 1 | FROM {{ .python.from }} 2 | 3 | RUN set -eux; \ 4 | apk add --no-cache --virtual .build-deps gcc libc-dev; \ 5 | # https://pypi.org/project/ruamel.yaml/ 6 | pip install --no-cache-dir {{ "ruamel.yaml == " + .version | @sh }}; \ 7 | apk del --no-network .build-deps 8 | 9 | COPY ymlfmt /usr/local/bin/ 10 | 11 | COPY test-*.yml /tmp/ 12 | RUN set -eux; \ 13 | diff="$(ymlfmt -d '/tmp/test-out.yml')"; \ 14 | [ -z "$diff" ]; \ 15 | in="$(ymlfmt '/tmp/test-in.yml')"; \ 16 | out="$(cat '/tmp/test-out.yml')"; \ 17 | [ "$in" = "$out" ] 18 | -------------------------------------------------------------------------------- /ymlfmt/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-latest.sh -------------------------------------------------------------------------------- /ymlfmt/test-in.yml: -------------------------------------------------------------------------------- 1 | a: 2 | - b 3 | - c 4 | - [ let, us, shove, a, real, long, boi, in, here, 'ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooook?' ] 5 | - d: e 6 | f: g 7 | h: i 8 | # NO SOUP FOR u 9 | - | 10 | omg 11 | wtf 12 | bbq 13 | lol 14 | -------------------------------------------------------------------------------- /ymlfmt/test-out.yml: -------------------------------------------------------------------------------- 1 | a: 2 | - b 3 | - c 4 | - [let, us, shove, a, real, long, boi, in, here, 'ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooook?'] 5 | - d: e 6 | f: g 7 | h: i 8 | # NO SOUP FOR u 9 | - | 10 | omg 11 | wtf 12 | bbq 13 | lol 14 | -------------------------------------------------------------------------------- /ymlfmt/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "0.18.14", 3 | "python": { 4 | "version": "3.13", 5 | "from": "python:3.13-alpine3.22", 6 | "arches": [ 7 | "amd64", 8 | "arm32v6", 9 | "arm32v7", 10 | "arm64v8", 11 | "i386", 12 | "ppc64le", 13 | "riscv64", 14 | "s390x" 15 | ] 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /ymlfmt/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | dir="$(readlink -ve "$BASH_SOURCE")" 7 | dir="$(dirname "$dir")" 8 | source "$dir/../.libs/pypi.sh" 9 | 10 | versions_hooks+=( hook_no-prereleases ) 11 | 12 | export TIANON_PYTHON_FROM_TEMPLATE='python:%%PYTHON%%-alpine3.22' 13 | 14 | json="$(pypi 'ruamel.yaml')" 15 | 16 | jq <<<"$json" '.' > versions.json 17 | -------------------------------------------------------------------------------- /zoom/browser.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | url="$*" 5 | 6 | if 7 | zenity --question \ 8 | --no-wrap \ 9 | --no-markup \ 10 | --text=$'Browser requested for:\n\n'"$url"$'\n\nCopy URL to clipboard?' 11 | then 12 | xclip -selection clipboard <<<"$url" 13 | fi 14 | -------------------------------------------------------------------------------- /zoom/gsl.sh: -------------------------------------------------------------------------------- 1 | ../.gsl-common/gsl-version-env.sh -------------------------------------------------------------------------------- /zoom/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "6.4.13.2309" 3 | } 4 | -------------------------------------------------------------------------------- /zoom/versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -e versions.json ] 5 | 6 | version="$( 7 | curl -fsS --head 'https://zoom.us/client/latest/zoom_amd64.deb' \ 8 | | gawk -F ':[[:space:]]+' ' 9 | tolower($1) == "location" { 10 | if (match($2, /[/]([^/]+)[/]zoom_[^.]+[.]deb/, m)) { 11 | print m[1] 12 | exit 13 | } 14 | } 15 | ' 16 | )" 17 | export version 18 | 19 | echo >&2 "zoom: $version" 20 | 21 | jq -nS '{ version: env.version }' > versions.json 22 | -------------------------------------------------------------------------------- /zoom/zoom.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tianon/dockerfiles/94d98cd224c94762704e77254f5cee05c4861cfb/zoom/zoom.png --------------------------------------------------------------------------------