fix linux docker build (#28305)

keybase · Jan 23, 2025 · 282a477 · 282a477
1 parent 22d0242
commit 282a477
Show file tree

Hide file tree

Showing 6 changed files with 67 additions and 66 deletions.
diff --git a/packaging/linux/docker/Dockerfile b/packaging/linux/docker/Dockerfile
@@ -0,0 +1,26 @@
+FROM golang:1.23.4-bullseye AS builder
+
+ARG SOURCE_COMMIT=unknown
+
+ARG SIGNING_FINGERPRINT
+COPY .docker/code_signing_key /code_signing_key
+RUN gpg --import /code_signing_key
+
+RUN apt-get update 
+RUN apt-get install -y gcc-x86-64-linux-gnu
+
+COPY . /go/src/github.com/keybase/client
+RUN SOURCE_COMMIT=${SOURCE_COMMIT} \
+    KEYBASE_NO_GUI=1 \
+    /go/src/github.com/keybase/client/packaging/linux/build_binaries.sh \
+    prerelease /
+RUN gpg --detach-sign --armor --use-agent --local-user "$SIGNING_FINGERPRINT" \
+    -o "/binaries/amd64/usr/bin/keybase.sig" /binaries/amd64/usr/bin/keybase && \
+    gpg --detach-sign --armor --use-agent --local-user "$SIGNING_FINGERPRINT" \
+    -o "/binaries/amd64/usr/bin/kbfsfuse.sig" /binaries/amd64/usr/bin/kbfsfuse && \
+    gpg --detach-sign --armor --use-agent --local-user "$SIGNING_FINGERPRINT" \
+    -o "/binaries/amd64/usr/bin/git-remote-keybase.sig" /binaries/amd64/usr/bin/git-remote-keybase
+RUN chmod +x /binaries/amd64/usr/bin/keybase \
+    && chmod +x /binaries/amd64/usr/bin/kbfsfuse \
+    && chmod +x /binaries/amd64/usr/bin/git-remote-keybase
+
diff --git a/packaging/linux/docker/alpine/Dockerfile b/packaging/linux/docker/alpine/Dockerfile
@@ -1,28 +1,3 @@
-FROM golang:1.23.4-alpine3.21 AS builder
-
-RUN apk add --update --no-cache gnupg bash build-base gcc-cross-x86_64
-
-ARG SOURCE_COMMIT=unknown
-
-ARG SIGNING_FINGERPRINT
-COPY .docker/code_signing_key /code_signing_key
-RUN gpg --import /code_signing_key
-
-COPY . /go/src/github.com/keybase/client
-RUN SOURCE_COMMIT=${SOURCE_COMMIT} \
-    KEYBASE_NO_GUI=1 \
-    /go/src/github.com/keybase/client/packaging/linux/build_binaries.sh \
-    prerelease /
-RUN gpg --detach-sign --armor --use-agent --local-user "$SIGNING_FINGERPRINT" \
-    -o "/binaries/amd64/usr/bin/keybase.sig" /binaries/amd64/usr/bin/keybase && \
-    gpg --detach-sign --armor --use-agent --local-user "$SIGNING_FINGERPRINT" \
-    -o "/binaries/amd64/usr/bin/kbfsfuse.sig" /binaries/amd64/usr/bin/kbfsfuse && \
-    gpg --detach-sign --armor --use-agent --local-user "$SIGNING_FINGERPRINT" \
-    -o "/binaries/amd64/usr/bin/git-remote-keybase.sig" /binaries/amd64/usr/bin/git-remote-keybase
-RUN chmod +x /binaries/amd64/usr/bin/keybase \
-    && chmod +x /binaries/amd64/usr/bin/kbfsfuse \
-    && chmod +x /binaries/amd64/usr/bin/git-remote-keybase
-
 FROM alpine:3.21
 LABEL maintainer="Keybase <admin@keybase.io>"
 
@@ -52,11 +27,11 @@ RUN chmod +x /usr/bin/entrypoint.sh
 RUN adduser --disabled-password --gecos "" --shell /bin/bash keybase
 VOLUME [ "/home/keybase/.config/keybase", "/home/keybase/.cache/keybase" ]
 
-COPY --from=builder /binaries/amd64/usr/bin/keybase /usr/bin/keybase
-COPY --from=builder /binaries/amd64/usr/bin/keybase.sig /usr/bin/keybase.sig
-COPY --from=builder /binaries/amd64/usr/bin/kbfsfuse /usr/bin/kbfsfuse
-COPY --from=builder /binaries/amd64/usr/bin/kbfsfuse.sig /usr/bin/kbfsfuse.sig
-COPY --from=builder /binaries/amd64/usr/bin/git-remote-keybase /usr/bin/git-remote-keybase
-COPY --from=builder /binaries/amd64/usr/bin/git-remote-keybase.sig /usr/bin/git-remote-keybase.sig
+ADD .docker/binaries/amd64/keybase /usr/bin/keybase
+ADD .docker/binaries/amd64/keybase.sig /usr/bin/keybase.sig
+ADD .docker/binaries/amd64/kbfsfuse /usr/bin/kbfsfuse
+ADD .docker/binaries/amd64/kbfsfuse.sig /usr/bin/kbfsfuse.sig
+ADD .docker/binaries/amd64/git-remote-keybase /usr/bin/git-remote-keybase
+ADD .docker/binaries/amd64/git-remote-keybase.sig /usr/bin/git-remote-keybase.sig
 
 ENTRYPOINT ["tini", "--", "entrypoint.sh"]
diff --git a/packaging/linux/docker/build.sh b/packaging/linux/docker/build.sh
@@ -9,6 +9,8 @@ tag="$(echo "$1" | tr "+" "-")"
 # Clear the directory used for temporary, just in case a previous build failed
 rm -r "$client_dir/.docker" || true
 mkdir -p "$client_dir/.docker"
+binary_dest_dir="$client_dir/.docker/binaries/amd64"
+mkdir -p "$binary_dest_dir" 
 code_signing_fingerprint="$("$here/../fingerprint.sh")"
 gpg_tempfile="$client_dir/.docker/code_signing_key"
 gpg --export-secret-key --armor "$code_signing_fingerprint" > "$gpg_tempfile"
@@ -21,6 +23,22 @@ config_file="$client_dir/packaging/linux/docker/config.json"
 image_name="$(jq -r '.image_name' "$config_file")"
 readarray -t variants <<< "$(jq -r '.variants | keys | .[]' "$config_file")"
 
+builder_name="keybaseio/dockerimage-builder:v1" 
+docker build --pull \
+  --build-arg SOURCE_COMMIT="$source_commit" \
+  --build-arg SIGNING_FINGERPRINT="$code_signing_fingerprint" \
+  -f "$client_dir/packaging/linux/docker/Dockerfile" \
+  -t "$builder_name" "$client_dir"
+
+id=$(docker create "$builder_name")
+docker cp $id:/binaries/amd64/usr/bin/keybase "$binary_dest_dir"
+docker cp $id:/binaries/amd64/usr/bin/keybase.sig "$binary_dest_dir"
+docker cp $id:/binaries/amd64/usr/bin/kbfsfuse "$binary_dest_dir"
+docker cp $id:/binaries/amd64/usr/bin/kbfsfuse.sig "$binary_dest_dir"
+docker cp $id:/binaries/amd64/usr/bin/git-remote-keybase "$binary_dest_dir" 
+docker cp $id:/binaries/amd64/usr/bin/git-remote-keybase.sig "$binary_dest_dir"
+docker rm -v $id
+
 # We assume that the JSON file is correctly ordered
 for variant in "${variants[@]}"; do
   base_variant="$(jq -r ".variants.\"$variant\".base" "$config_file")"
@@ -29,13 +47,15 @@ for variant in "${variants[@]}"; do
   if [ "$base_variant" = "null" ]; then
     docker build \
       --pull \
+      --platform=linux/amd64 \
       --build-arg SOURCE_COMMIT="$source_commit" \
       --build-arg SIGNING_FINGERPRINT="$code_signing_fingerprint" \
       -f "$client_dir/$dockerfile" \
       -t "$image_name:$tag$variant" \
       "$client_dir"
   else
     docker build \
+      --platform=linux/amd64 \
       --build-arg BASE_IMAGE="$image_name:$tag$base_variant" \
       -f "$client_dir/$dockerfile" \
       -t "$image_name:$tag$variant" \

diff --git a/packaging/linux/docker/config.json b/packaging/linux/docker/config.json
@@ -15,9 +15,14 @@
       "dockerfile": "packaging/linux/docker/slim/Dockerfile",
       "base": ""
     },
-
-
-
+    "-alpine": {
+      "dockerfile": "packaging/linux/docker/alpine/Dockerfile",
+      "base": null
+    },
+    "-alpine-slim": {
+      "dockerfile": "packaging/linux/docker/alpine-slim/Dockerfile",
+      "base": "-alpine"
+    },
     "-node": {
       "dockerfile": "packaging/linux/docker/node/Dockerfile",
       "base": ""

diff --git a/packaging/linux/docker/standard/Dockerfile b/packaging/linux/docker/standard/Dockerfile
@@ -1,29 +1,3 @@
-FROM golang:1.23.4-bullseye AS builder
-
-ARG SOURCE_COMMIT=unknown
-
-ARG SIGNING_FINGERPRINT
-COPY .docker/code_signing_key /code_signing_key
-RUN gpg --import /code_signing_key
-
-RUN apt-get update 
-RUN apt-get install -y gcc-x86-64-linux-gnu
-
-COPY . /go/src/github.com/keybase/client
-RUN SOURCE_COMMIT=${SOURCE_COMMIT} \
-    KEYBASE_NO_GUI=1 \
-    /go/src/github.com/keybase/client/packaging/linux/build_binaries.sh \
-    prerelease /
-RUN gpg --detach-sign --armor --use-agent --local-user "$SIGNING_FINGERPRINT" \
-    -o "/binaries/amd64/usr/bin/keybase.sig" /binaries/amd64/usr/bin/keybase && \
-    gpg --detach-sign --armor --use-agent --local-user "$SIGNING_FINGERPRINT" \
-    -o "/binaries/amd64/usr/bin/kbfsfuse.sig" /binaries/amd64/usr/bin/kbfsfuse && \
-    gpg --detach-sign --armor --use-agent --local-user "$SIGNING_FINGERPRINT" \
-    -o "/binaries/amd64/usr/bin/git-remote-keybase.sig" /binaries/amd64/usr/bin/git-remote-keybase
-RUN chmod +x /binaries/amd64/usr/bin/keybase \
-    && chmod +x /binaries/amd64/usr/bin/kbfsfuse \
-    && chmod +x /binaries/amd64/usr/bin/git-remote-keybase
-
 FROM debian:bullseye
 LABEL maintainer="Keybase <admin@keybase.io>"
 
@@ -55,11 +29,11 @@ RUN chmod +x /usr/bin/entrypoint.sh
 RUN useradd --create-home --shell /bin/bash keybase
 VOLUME [ "/home/keybase/.config/keybase", "/home/keybase/.cache/keybase" ]
 
-COPY --from=builder /binaries/amd64/usr/bin/keybase /usr/bin/keybase
-COPY --from=builder /binaries/amd64/usr/bin/keybase.sig /usr/bin/keybase.sig
-COPY --from=builder /binaries/amd64/usr/bin/kbfsfuse /usr/bin/kbfsfuse
-COPY --from=builder /binaries/amd64/usr/bin/kbfsfuse.sig /usr/bin/kbfsfuse.sig
-COPY --from=builder /binaries/amd64/usr/bin/git-remote-keybase /usr/bin/git-remote-keybase
-COPY --from=builder /binaries/amd64/usr/bin/git-remote-keybase.sig /usr/bin/git-remote-keybase.sig
+ADD .docker/binaries/amd64/keybase /usr/bin/keybase
+ADD .docker/binaries/amd64/keybase.sig /usr/bin/keybase.sig
+ADD .docker/binaries/amd64/kbfsfuse /usr/bin/kbfsfuse
+ADD .docker/binaries/amd64/kbfsfuse.sig /usr/bin/kbfsfuse.sig
+ADD .docker/binaries/amd64/git-remote-keybase /usr/bin/git-remote-keybase
+ADD .docker/binaries/amd64/git-remote-keybase.sig /usr/bin/git-remote-keybase.sig
 
 ENTRYPOINT ["tini", "--", "entrypoint.sh"]
diff --git a/packaging/linux/tuxbot/provision_tuxbot_root.arm64 b/packaging/linux/tuxbot/provision_tuxbot_root.arm64
@@ -5,6 +5,7 @@ export DEBIAN_FRONTEND=noninteractive
 
 apt-get --allow-releaseinfo-change update
 apt-get install -yq git curl vim python3-pip jq
+apt-get install -t bullseye-backports qemu-user-static
 
 GOLANG_VERSION=1.23.4
 GOLANG_DOWNLOAD_URL=https://dl.google.com/go/go$GOLANG_VERSION.linux-arm64.tar.gz