intel · tkatila · Apr 23, 2024 · Apr 25, 2024 · Apr 29, 2024 · Apr 25, 2024
@@ -16,30 +16,30 @@ permissions:
   pull-requests: read
 
 jobs:
-  trivy:
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    uses: "./.github/workflows/lib-trivy.yaml"
+  # trivy:
+  #   permissions:
+  #     actions: read
+  #     contents: read
+  #     security-events: write
+  #   uses: "./.github/workflows/lib-trivy.yaml"
 
-  validate:
-    uses: "./.github/workflows/lib-validate.yaml"
+  # validate:
+  #   uses: "./.github/workflows/lib-validate.yaml"
 
-  codeql:
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    uses: "./.github/workflows/lib-codeql.yaml"
+  # codeql:
+  #   permissions:
+  #     actions: read
+  #     contents: read
+  #     security-events: write
+  #   uses: "./.github/workflows/lib-codeql.yaml"
 
-  build:
-    needs:
-      - trivy
-      - validate
-    uses: "./.github/workflows/lib-build.yaml"
+  # build:
+  #   needs:
+  #     - trivy
+  #     - validate
+  #   uses: "./.github/workflows/lib-build.yaml"
 
   e2e:
-    needs:
-      - build
+    # needs:
+    #   - build
     uses: "./.github/workflows/lib-e2e.yaml"
@@ -14,12 +14,42 @@
 ## See the License for the specific language governing permissions and
 ## limitations under the License.
 ###
-FROM debian:unstable-slim
+FROM debian:stable as build
+RUN apt-get update && apt-get install -y --no-install-recommends accel-config jq curl ca-certificates make libc6-dev && rm -rf /var/lib/apt/lists/\*
+RUN mkdir -p /idxd-init/scratch
+ARG DIR=/intel-device-plugins-for-kubernetes
+WORKDIR ${DIR}
+COPY . .
+ARG TOYBOX_VERSION="0.8.11"
+ARG TOYBOX_SHA256="83a3a88cbe1fa30f099c2f58295baef4637aaf988085aaea56e03aa29168175d"
+ARG ROOT=/install_root
+RUN apt-get update && apt-get --no-install-recommends -y install musl musl-tools musl-dev
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+ARG FINAL_BASE=registry.access.redhat.com/ubi9-micro:latest
+RUN curl -SL https://github.com/landley/toybox/archive/refs/tags/$TOYBOX_VERSION.tar.gz -o toybox.tar.gz \
+    && echo "$TOYBOX_SHA256 toybox.tar.gz" | sha256sum -c - \
+    && tar -xzf toybox.tar.gz \
+    && rm toybox.tar.gz \
+    && cd toybox-$TOYBOX_VERSION \
+    && KCONFIG_CONFIG=${DIR}/build/docker/toybox-config-$(echo ${FINAL_BASE} | xargs basename -s :latest) LDFLAGS="--static" CC=musl-gcc PREFIX=$ROOT/usr/bin V=2 make toybox install_flat \
+    && install -D LICENSE $ROOT/licenses/toybox \
+    && cp -r /usr/share/doc/musl $ROOT/licenses/
+###
+ARG LIBS="libjson-c libaccel-config libjq libtinfo libonig"
+ARG EXECS="accel-config jq"
+ARG LICENSES="jq libjq1 libjson-c5 libaccel-config1 libonig5 libtinfo6"
+RUN mkdir /tmp/libs && for l in ${LIBS}; do cp "/lib/x86_64-linux-gnu/${l}.so"* /tmp/libs/; done
+RUN mkdir /tmp/bins && for b in ${EXECS}; do cp "/usr/bin/${b}" /tmp/bins/; done
+RUN mkdir /tmp/licenses && for l in ${LICENSES}; do cp -r "/usr/share/doc/${l}" /tmp/licenses/; done
+FROM gcr.io/distroless/cc
 COPY ./LICENSE /licenses/intel-device-plugins-for-kubernetes/LICENSE
-RUN apt-get update && apt-get install -y --no-install-recommends accel-config jq && rm -rf /var/lib/apt/lists/\*
 COPY demo/idxd-init.sh /usr/local/bin/
 COPY demo/dsa.conf /idxd-init/
 COPY demo/iaa.conf /idxd-init/
-RUN mkdir /idxd-init/scratch
+COPY --from=build /idxd-init /idxd-init
+COPY --from=build /install_root /
+COPY --from=build /tmp/bins//* /usr/bin/
+COPY --from=build /tmp/libs//* /lib/x86_64-linux-gnu/
+COPY --from=build /tmp/licenses/ /usr/share/doc/
 WORKDIR /idxd-init
 ENTRYPOINT ["/usr/local/bin/idxd-init.sh"]
@@ -1,13 +1,34 @@
-FROM debian:unstable-slim
+FROM debian:stable as build
+RUN apt-get update && apt-get install -y --no-install-recommends accel-config jq curl ca-certificates make libc6-dev && rm -rf /var/lib/apt/lists/\*
+RUN mkdir -p /idxd-init/scratch
+
+ARG DIR=/intel-device-plugins-for-kubernetes
+WORKDIR ${DIR}
+COPY . .
+
+#include "toybox_build.docker"
+
+ARG LIBS="libjson-c libaccel-config libjq libtinfo libonig"
+ARG EXECS="accel-config jq"
+ARG LICENSES="jq libjq1 libjson-c5 libaccel-config1 libonig5 libtinfo6"
+
+RUN mkdir /tmp/libs && for l in ${LIBS}; do cp "/lib/x86_64-linux-gnu/${l}.so"* /tmp/libs/; done
+RUN mkdir /tmp/bins && for b in ${EXECS}; do cp "/usr/bin/${b}" /tmp/bins/; done
+RUN mkdir /tmp/licenses && for l in ${LICENSES}; do cp -r "/usr/share/doc/${l}" /tmp/licenses/; done
+
+FROM gcr.io/distroless/cc
 
 COPY ./LICENSE /licenses/intel-device-plugins-for-kubernetes/LICENSE
-RUN apt-get update && apt-get install -y --no-install-recommends accel-config jq && rm -rf /var/lib/apt/lists/\*
 
 COPY demo/idxd-init.sh /usr/local/bin/
 COPY demo/dsa.conf /idxd-init/
 COPY demo/iaa.conf /idxd-init/
 
-RUN mkdir /idxd-init/scratch
+COPY --from=build /idxd-init /idxd-init
+COPY --from=build /install_root /
+COPY --from=build /tmp/bins//* /usr/bin/
+COPY --from=build /tmp/libs//* /lib/x86_64-linux-gnu/
+COPY --from=build /tmp/licenses/ /usr/share/doc/
 
 WORKDIR /idxd-init
 ENTRYPOINT ["/usr/local/bin/idxd-init.sh"]
@@ -73,7 +73,7 @@ CONFIG_LS=y
 # CONFIG_RENICE is not set
 # CONFIG_RM is not set
 # CONFIG_RMDIR is not set
-# CONFIG_SED is not set
+CONFIG_SED=y
 # CONFIG_SLEEP is not set
 # CONFIG_SORT is not set
 # CONFIG_SORT_FLOAT is not set

@@ -1,4 +1,4 @@
-FROM debian:sid-slim as builder
+FROM debian:stable-slim as builder
 
 ARG DIR=/dpdk-build
 WORKDIR $DIR
@@ -15,7 +15,6 @@ RUN wget -q https://git.dpdk.org/dpdk/snapshot/$DPDK_TARBALL \
     && echo "$DPDK_TARBALL_SHA256 $DPDK_TARBALL" | sha256sum -c - \
     && tar -xf $DPDK_TARBALL && rm $DPDK_TARBALL
 
-ARG SOVERSION=24
 RUN cd dpdk-* && meson setup \
     -Dplatform=generic \
     -Dcpu_instruction_set=westmere \
@@ -29,16 +28,40 @@ RUN cd dpdk-* && \
     install -D builddir/app/dpdk-test-compress-perf /install_root/usr/bin/dpdk-test-compress-perf && \
     install -d /install_root/usr/lib/x86_64-linux-gnu/ && \
     for r in log bus_pci eal kvargs hash security telemetry pci mbuf mempool ring net rcu ipsec cryptodev compressdev common_qat; do \
-       install installdir/lib/x86_64-linux-gnu/librte_${r}.so.${SOVERSION} /install_root/usr/lib/x86_64-linux-gnu/; \
+       install installdir/lib/x86_64-linux-gnu/librte_${r}.so* /install_root/usr/lib/x86_64-linux-gnu/; \
     done
 
 RUN mkdir -p /install_root/licenses/dpdk && \
     cp dpdk-*/license/bsd-3-clause.txt /install_root/licenses/dpdk && \
     cd /install_root/licenses/dpdk && \
     apt-get source --download-only -y libatomic1 libnuma1
 
-FROM debian:sid-slim
-RUN apt-get update && apt-get install -y --no-install-recommends libipsec-mb1 libnuma1 libatomic1 && ldconfig -v
+ARG TOYBOX_VERSION="0.8.11"
+ARG TOYBOX_SHA256="83a3a88cbe1fa30f099c2f58295baef4637aaf988085aaea56e03aa29168175d"
+
+ARG ROOT=/install_root
+
+RUN apt-get update && apt-get --no-install-recommends -y install musl musl-tools musl-dev curl
+COPY toybox-config-static toybox-config-static
+RUN curl -SL https://github.com/landley/toybox/archive/refs/tags/$TOYBOX_VERSION.tar.gz -o toybox.tar.gz \
+    && echo "$TOYBOX_SHA256 toybox.tar.gz" | sha256sum -c - \
+    && tar -xzf toybox.tar.gz \
+    && rm toybox.tar.gz \
+    && cd toybox-$TOYBOX_VERSION \
+    && KCONFIG_CONFIG=../toybox-config-static LDFLAGS="--static" CC=musl-gcc PREFIX=$ROOT/bin V=2 make toybox install_flat \
+    && install -D LICENSE $ROOT/licenses/toybox \
+    && cp -r /usr/share/doc/musl $ROOT/licenses/
+
+ARG LIBS="libnuma libatomic libtinfo libIPSec_MB"
+ARG LICENSES="libnuma1 libatomic1 libtinfo6 libipsec-mb1 gcc-12-base"
+RUN mkdir /tmp/libs && for l in ${LIBS}; do cp "/lib/x86_64-linux-gnu/${l}.so"* /tmp/libs/; done
+RUN mkdir /tmp/licenses && for l in ${LICENSES}; do cp -r "/usr/share/doc/${l}" /tmp/licenses/; done
+
+FROM gcr.io/distroless/cc
+
+COPY --from=builder /tmp/libs/ /lib/x86_64-linux-gnu/
+COPY --from=builder /tmp/licenses/ /usr/share/doc/
+
 COPY --from=builder /install_root /
 COPY run-dpdk-test /usr/bin/