image-build-base's Introduction

rancher/hardened-build-base

This repository holds the Dockerfiles and builds scripts for rancher/hardened-build-base Docker images. The x86_64 image contains a Go compiler with FIPS 140-2 compliant crypto module, GoBoring, used for compiling rke2 components.

Supported architectures

x86_64/amd64, arm64

Build

TAG=v1.20.3b1 make

Versioning

Starting from v1.19.0 dev.boringcrypto branch has been moved to the main branch behind GOEXPERIMENT variable, so the image-build-base will be adding GOEXPERIMENT=boringcrypto to scripts/go-build-static.sh script, however the build will still retain the same versionining using the <Go version>b<BoringCrypto version> pattern.

image-build-base's People

Contributors

Stargazers

Watchers

image-build-base's Issues

Tar command failing on ARM64 nodes.

When building the image on ARM64 nodes. You'll get the following error message. It looks like the option --include is not part of the tar command in this version.

Step 13/19 : RUN set -ex;     if [ "$(go env GOARCH)" = "arm64" ]; then         wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-ARM64.tar.gz";         tar -xzf trivy_${TRIVY_VERSION}_Linux-ARM64.tar.gz --include trivy -C /usr/local/bin;         mv trivy /usr/local/bin;                                 else                                                             wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz";         tar -xzf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz;          mv trivy /usr/local/bin;                                 fi
 ---> Running in c1dbe26642a4
+ go env GOARCH
+ '[' arm64 '=' arm64 ]
+ wget -q https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-ARM64.tar.gz
+ tar -xzf trivy_0.18.3_Linux-ARM64.tar.gz --include trivy -C /usr/local/bin
tar: unrecognized option: include
BusyBox v1.34.1 (2022-04-04 10:19:27 UTC) multi-call binary.

Usage: tar c|x|t [-ZzJjahmvokO] [-f TARFILE] [-C DIR] [-T FILE] [-X FILE] [LONGOPT]... [FILE]...

Create, extract, or list files from a tar file

	c	Create
	x	Extract
	t	List
	-f FILE	Name of TARFILE ('-' for stdin/out)
	-C DIR	Change to DIR before operation
	-v	Verbose
	-O	Extract to stdout
	-m	Don't restore mtime
	-o	Don't restore user:group
	-k	Don't replace existing files
	-Z	(De)compress using compress
	-z	(De)compress using gzip
	-J	(De)compress using xz
	-j	(De)compress using bzip2
	--lzma	(De)compress using lzma
	-a	(De)compress based on extension
	-h	Follow symlinks
	-T FILE	File with names to include
	-X FILE	File with glob patterns to exclude
	--exclude PATTERN	Glob pattern to exclude
	--overwrite		Replace existing files
	--strip-components NUM	NUM of leading components to strip
	--no-recursion		Don't descend in directories
	--numeric-owner		Use numeric user:group
	--no-same-permissions	Don't restore access permissions
The command '/bin/sh -c set -ex;     if [ "$(go env GOARCH)" = "arm64" ]; then         wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-ARM64.tar.gz";         tar -xzf trivy_${TRIVY_VERSION}_Linux-ARM64.tar.gz --include trivy -C /usr/local/bin;         mv trivy /usr/local/bin;                                 else                                                             wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz";         tar -xzf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz;          mv trivy /usr/local/bin;                                 fi' returned a non-zero code: 1
make: *** [Makefile:16: image-build] Error 1