Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
initial
Browse files Browse the repository at this point in the history
zeriyoshi committed Jul 4, 2024
1 parent 4d9bf24 commit 7018137
Showing 2 changed files with 156 additions and 0 deletions.
41 changes: 41 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
ARG ARCH="arm64/v8"
ARG PKGS="bash curl php"
ARG BINS="bash curl php"

ARG BASE_IMAGE="debian"
ARG BASE_TAG="12"
ARG BASE_PKG_INSTALL_CMD="apt-get update && apt-get install -y"

ARG TARGET_IMAGE="gcr.io/distroless/base-nossl-debian${BASE_TAG}"
ARG TARGET_TAG="latest"

FROM --platform="linux/${ARCH}" ${BASE_IMAGE}:${BASE_TAG} AS base

ARG PKGS
ARG BINS
ARG BASE_PKG_INSTALL_CMD

COPY --chmod=755 "dependency_resolve" "/usr/local/bin/dependency_resolve"

RUN /bin/sh -c "${BASE_PKG_INSTALL_CMD} ${PKGS}" \
&& /usr/local/bin/dependency_resolve \
"$(which "ldd")" \
$(echo "${BINS}" | xargs which) \
| xargs -I {} sh -c 'mkdir -p /root/rootfs/$(dirname "{}") && cp -apP "{}" "/root/rootfs/{}"' \
&& for BINARY in ${BINS}; do \
"${BINARY}" --version >> "/root/rootfs/expect.txt"; \
done

FROM --platform="linux/${ARCH}" busybox:latest as busybox

FROM --platform="linux/${ARCH}" ${TARGET_IMAGE}:${TARGET_TAG} as target

ARG PKGS
ARG BINS

COPY --from=base "/root/rootfs" "/"

COPY --from=busybox "/bin/busybox" "/bin/busybox"
RUN ["/bin/busybox", "ln", "-s", "/bin/busybox", "/bin/sh"]

ENTRYPOINT ["/bin/sh"]
115 changes: 115 additions & 0 deletions dependency_resolve
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
#!/bin/sh

DRSLV_VERSION="2.0.0"

DRSLV_SUCCESS=0
DRSLV_ERROR_WRONG_PARAMS=1
DRSLV_ERROR_PROCESS_FAILED=2
DRSLV_ERROR_LDD_NOT_FOUND=3
DRSLV_ERROR_LDD_NOT_SUPPORTED=4
DRSLV_ERROR_BINARY_NOT_FOUND=5

usage() {
echo "dependency resolve - distroless packaging support v${DRSLV_VERSION}
usage: ${0} [ldd_binary_path] ...[target_binary_paths]
"
}

version() {
echo "${DRSLV_VERSION}"
}

check_ldd() {
if [ ! -f "${1}" ]; then
echo "ldd not found: ${1}" >&2
exit ${DRSLV_ERROR_LDD_NOT_FOUND}
fi

ldd_version=$("${1}" --version 2>&1)
if ! echo "${ldd_version}" | grep -qE '(GLIBC|musl libc)'; then
echo "ldd executable not supported: ${1}" >&2
exit ${DRSLV_ERROR_LDD_NOT_SUPPORTED}
fi
}

check_binary() {
if [ ! -e "${1}" ]; then
echo "binary not found: ${1}" >&2
exit ${DRSLV_ERROR_BINARY_NOT_FOUND}
fi
}

resolve_symlink() {
path="${1}"
result="${path}"
while [ -L "${path}" ]; do
link_target=$(readlink "${path}")
if echo "${link_target}" | grep -q '^/'; then
path="${link_target}"
else
path="$(cd "$(dirname "${path}")" && pwd)/${link_target}"
fi
result="${result} ${path}"
done
echo "${result}"
}

dependency_resolve() {
ldd_path="${1}"
binary_path="${2}"
result=""

resolved_paths=$(resolve_symlink "${binary_path}")
for path in ${resolved_paths}; do
result="${result} ${path}"
if [ -f "${path}" ]; then
ldd_output=$("${ldd_path}" "${path}" 2>&1)
if ! echo "${ldd_output}" | grep -qE '(not a dynamic executable|Not a valid dynamic program)'; then
while read -r line; do
library=$(echo "${line}" | awk '{print $3}')
if [ -n "${library}" ] && [ "${library}" != "not" ]; then
result="${result} $(dependency_resolve "${ldd_path}" "${library}")"
fi
done << EOF
${ldd_output}
EOF
fi
fi
done

echo "${result}"
}

if [ $# -lt 2 ]; then
case "${1}" in
-v|--version)
version
exit ${DRSLV_SUCCESS}
;;
-h|--help)
usage
exit ${DRSLV_SUCCESS}
;;
*)
usage
exit ${DRSLV_ERROR_WRONG_PARAMS}
;;
esac
fi

ldd_path="${1}"
check_ldd "${ldd_path}"

shift
for binary_path in "$@"; do
check_binary "${binary_path}"
done

dependencies=""
for binary_path in "$@"; do
dependencies="${dependencies} $(dependency_resolve "${ldd_path}" "${binary_path}")"
done

echo "${dependencies}" | tr ' ' '\n' | sort | uniq | sed '/^$/d'
exit ${DRSLV_SUCCESS}

0 comments on commit 7018137

Please sign in to comment.