diff --git a/.github/workflows/buildx.yml b/.github/workflows/buildx.yml index 87505c4..6fb6391 100644 --- a/.github/workflows/buildx.yml +++ b/.github/workflows/buildx.yml @@ -55,6 +55,12 @@ jobs: - path: 1.22-nofaccessat2 tags: "1.22-nofaccessat2" platforms: linux/amd64,linux/arm64,linux/386 + - path: 1.23 + tags: "1.23" + platforms: linux/amd64,linux/arm64,linux/386 + - path: 1.23-nofaccessat2 + tags: "1.23-nofaccessat2" + platforms: linux/amd64,linux/arm64,linux/386 steps: - name: Checkout diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index b1001d5..f2371fd 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -23,3 +23,5 @@ jobs: docker run -i $(docker build -q 1.21-nofaccessat2) /bin/sh -c "go version && bash --version && make --version && git --version && gcc --version && jq --version && curl --version && air -v && dlv version && which gocov && go-junit-report -version && dumb-init --version && merge-junit --version" docker run -i $(docker build -q 1.22) /bin/sh -c "go version && bash --version && make --version && git --version && gcc --version && jq --version && curl --version && air -v && dlv version && which gocov && go-junit-report -version && dumb-init --version && merge-junit --version" docker run -i $(docker build -q 1.22-nofaccessat2) /bin/sh -c "go version && bash --version && make --version && git --version && gcc --version && jq --version && curl --version && air -v && dlv version && which gocov && go-junit-report -version && dumb-init --version && merge-junit --version" + docker run -i $(docker build -q 1.23) /bin/sh -c "go version && bash --version && make --version && git --version && gcc --version && jq --version && curl --version && air -v && dlv version && which gocov && go-junit-report -version && dumb-init --version && merge-junit --version" + docker run -i $(docker build -q 1.23-nofaccessat2) /bin/sh -c "go version && bash --version && make --version && git --version && gcc --version && jq --version && curl --version && air -v && dlv version && which gocov && go-junit-report -version && dumb-init --version && merge-junit --version" diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml index 2e568ec..95b80e3 100644 --- a/.github/workflows/hadolint.yml +++ b/.github/workflows/hadolint.yml @@ -10,4 +10,4 @@ jobs: - run: brew install hadolint - name: Lint Dockerfiles run: | - hadolint {1.16,1.16-3.13,1.17,1.17-3.13,1.18,1.18-nofaccessat2,1.19,1.19-nofaccessat2,1.20,1.20-nofaccessat2,1.21,1.21-nofaccessat2,1.22,1.22-nofaccessat2}/Dockerfile + hadolint {1.16,1.16-3.13,1.17,1.17-3.13,1.18,1.18-nofaccessat2,1.19,1.19-nofaccessat2,1.20,1.20-nofaccessat2,1.21,1.21-nofaccessat2,1.22,1.22-nofaccessat2,1.23,1.23-nofaccessat2}/Dockerfile diff --git a/1.16-3.13/Dockerfile b/1.16-3.13/Dockerfile index 4cd2566..ff1e6b5 100644 --- a/1.16-3.13/Dockerfile +++ b/1.16-3.13/Dockerfile @@ -4,7 +4,7 @@ RUN set -eux; \ go install github.com/go-delve/delve/cmd/dlv@v1.9.0 && \ go install github.com/cosmtrek/air@v1.27.8 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@v1.10.0 && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.16/Dockerfile b/1.16/Dockerfile index 4328656..2d1a366 100644 --- a/1.16/Dockerfile +++ b/1.16/Dockerfile @@ -4,7 +4,7 @@ RUN set -eux; \ go install github.com/go-delve/delve/cmd/dlv@v1.9.0 && \ go install github.com/cosmtrek/air@v1.27.8 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@v1.10.0 && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.17-3.13/Dockerfile b/1.17-3.13/Dockerfile index 43cc19f..f5aaf37 100644 --- a/1.17-3.13/Dockerfile +++ b/1.17-3.13/Dockerfile @@ -4,7 +4,7 @@ RUN set -eux; \ go install github.com/go-delve/delve/cmd/dlv@v1.9.1 && \ go install github.com/cosmtrek/air@v1.40.4 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@v1.11.0 && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.17/Dockerfile b/1.17/Dockerfile index 9cb6566..4becb20 100644 --- a/1.17/Dockerfile +++ b/1.17/Dockerfile @@ -4,7 +4,7 @@ RUN set -eux; \ go install github.com/go-delve/delve/cmd/dlv@v1.9.1 && \ go install github.com/cosmtrek/air@v1.40.4 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@v1.11.0 && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.18-nofaccessat2/Dockerfile b/1.18-nofaccessat2/Dockerfile index 3af7de8..91cf0c5 100644 --- a/1.18-nofaccessat2/Dockerfile +++ b/1.18-nofaccessat2/Dockerfile @@ -19,10 +19,10 @@ RUN set -eux; \ rm -rf /home/builder /var/cache/distfiles /tmp/aports RUN set -eux; \ apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ - go install github.com/go-delve/delve/cmd/dlv@latest && \ + go install github.com/go-delve/delve/cmd/dlv@v1.21.2 && \ go install github.com/cosmtrek/air@v1.40.4 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.18/Dockerfile b/1.18/Dockerfile index d1de7d8..81997f2 100644 --- a/1.18/Dockerfile +++ b/1.18/Dockerfile @@ -1,10 +1,10 @@ FROM golang:1.18-alpine RUN set -eux; \ apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ - go install github.com/go-delve/delve/cmd/dlv@latest && \ + go install github.com/go-delve/delve/cmd/dlv@v1.21.2 && \ go install github.com/cosmtrek/air@v1.40.4 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.19-nofaccessat2/Dockerfile b/1.19-nofaccessat2/Dockerfile index 1fa9c1d..efa3d7e 100644 --- a/1.19-nofaccessat2/Dockerfile +++ b/1.19-nofaccessat2/Dockerfile @@ -19,10 +19,10 @@ RUN set -eux; \ rm -rf /home/builder /var/cache/distfiles /tmp/aports RUN set -eux; \ apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ - go install github.com/go-delve/delve/cmd/dlv@latest && \ + go install github.com/go-delve/delve/cmd/dlv@v1.21.2 && \ go install github.com/cosmtrek/air@v1.41.0 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.19/Dockerfile b/1.19/Dockerfile index db395a7..2785dec 100644 --- a/1.19/Dockerfile +++ b/1.19/Dockerfile @@ -1,10 +1,10 @@ FROM golang:1.19-alpine RUN set -eux; \ apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ - go install github.com/go-delve/delve/cmd/dlv@latest && \ + go install github.com/go-delve/delve/cmd/dlv@v1.21.2 && \ go install github.com/cosmtrek/air@v1.41.0 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.20-nofaccessat2/Dockerfile b/1.20-nofaccessat2/Dockerfile index 410a9d2..e91f6d6 100644 --- a/1.20-nofaccessat2/Dockerfile +++ b/1.20-nofaccessat2/Dockerfile @@ -19,10 +19,10 @@ RUN set -eux; \ rm -rf /home/builder /var/cache/distfiles /tmp/aports RUN set -eux; \ apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ - go install github.com/go-delve/delve/cmd/dlv@latest && \ + go install github.com/go-delve/delve/cmd/dlv@v1.21.2 && \ go install github.com/cosmtrek/air@v1.44.0 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.20/Dockerfile b/1.20/Dockerfile index 2e4fdae..31fa8a9 100644 --- a/1.20/Dockerfile +++ b/1.20/Dockerfile @@ -1,10 +1,10 @@ FROM golang:1.20-alpine RUN set -eux; \ apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ - go install github.com/go-delve/delve/cmd/dlv@latest && \ + go install github.com/go-delve/delve/cmd/dlv@v1.21.2 && \ go install github.com/cosmtrek/air@v1.44.0 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.21-nofaccessat2/Dockerfile b/1.21-nofaccessat2/Dockerfile index c36dd63..b6e942b 100644 --- a/1.21-nofaccessat2/Dockerfile +++ b/1.21-nofaccessat2/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ go install github.com/go-delve/delve/cmd/dlv@latest && \ go install github.com/cosmtrek/air@v1.49.0 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.21/Dockerfile b/1.21/Dockerfile index a769832..3ba99e9 100644 --- a/1.21/Dockerfile +++ b/1.21/Dockerfile @@ -4,7 +4,7 @@ RUN set -eux; \ go install github.com/go-delve/delve/cmd/dlv@latest && \ go install github.com/cosmtrek/air@v1.49.0 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.1.0 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.22-nofaccessat2/Dockerfile b/1.22-nofaccessat2/Dockerfile index e178dcb..6bee684 100644 --- a/1.22-nofaccessat2/Dockerfile +++ b/1.22-nofaccessat2/Dockerfile @@ -20,9 +20,9 @@ RUN set -eux; \ RUN set -eux; \ apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ go install github.com/go-delve/delve/cmd/dlv@latest && \ - go install github.com/air-verse/air@latest && \ + go install github.com/air-verse/air@v1.52.3 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.2.1 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.22/Dockerfile b/1.22/Dockerfile index 464effa..36728b1 100644 --- a/1.22/Dockerfile +++ b/1.22/Dockerfile @@ -2,9 +2,9 @@ FROM golang:1.22-alpine RUN set -eux; \ apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ go install github.com/go-delve/delve/cmd/dlv@latest && \ - go install github.com/air-verse/air@latest && \ + go install github.com/air-verse/air@v1.52.3 && \ go install github.com/jstemmer/go-junit-report@latest && \ - go install github.com/axw/gocov/gocov@latest && \ + go install github.com/axw/gocov/gocov@v1.2.1 && \ go install gotest.tools/gotestsum@latest && \ chmod -R 777 "$GOPATH" && \ curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ diff --git a/1.23-nofaccessat2/Dockerfile b/1.23-nofaccessat2/Dockerfile new file mode 100644 index 0000000..83f6efa --- /dev/null +++ b/1.23-nofaccessat2/Dockerfile @@ -0,0 +1,32 @@ +FROM golang:1.23-alpine +COPY disable_faccessat2.patch /tmp/disable_faccessat2.patch +RUN set -eux; \ + apk add --no-cache --virtual .build-deps gcc make patch git alpine-sdk coreutils cmake sudo && \ + mkdir -p /var/cache/distfiles && \ + chmod a+w /var/cache/distfiles && \ + git clone --depth 1 --branch "v$(cat /etc/alpine-release)" git://git.alpinelinux.org/aports /tmp/aports && \ + cd /tmp/aports/main/musl && \ + mv /tmp/disable_faccessat2.patch /tmp/aports/main/musl/ && \ + sed -i -E 's/\thandle-aux-at_base.patch/\thandle-aux-at_base.patch\n\tdisable_faccessat2.patch/' APKBUILD && \ + adduser -G abuild -g "Alpine Package Builder" -s /bin/ash -D builder && \ + echo "builder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \ + chown -R builder:abuild /tmp/aports && \ + sudo -u builder sh -c 'abuild checksum && abuild-keygen -an && abuild -r' && \ + find /home/builder -type f -name '*.apk' -exec apk add --allow-untrusted --no-cache {} \;; \ + sudo -u builder sh -c 'abuild clean && abuild cleancache' && \ + apk del --no-network .build-deps && \ + deluser builder && \ + rm -rf /home/builder /var/cache/distfiles /tmp/aports +RUN set -eux; \ + apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ + go install github.com/go-delve/delve/cmd/dlv@latest && \ + go install github.com/air-verse/air@v1.61.5 && \ + go install github.com/jstemmer/go-junit-report@latest && \ + go install github.com/axw/gocov/gocov@v1.2.1 && \ + go install gotest.tools/gotestsum@latest && \ + chmod -R 777 "$GOPATH" && \ + curl -L https://github.com/tobni/merge-junit/releases/download/v0.2.1/merge-junit-v0.2.1-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ + mv ./merge-junit-v0.2.1-x86_64-unknown-linux-musl/merge-junit /usr/bin/merge-junit && \ + rm -rf /merge-junit-v0.2.1-x86_64-unknown-linux-musl +WORKDIR / +ENTRYPOINT ["/usr/bin/dumb-init", "--"] diff --git a/1.23-nofaccessat2/disable_faccessat2.patch b/1.23-nofaccessat2/disable_faccessat2.patch new file mode 100644 index 0000000..348fb7e --- /dev/null +++ b/1.23-nofaccessat2/disable_faccessat2.patch @@ -0,0 +1,23 @@ +--- v1.2.3/src/unistd/faccessat.c 2022-04-07 20:12:40.000000000 +0300 ++++ v1.2.1/src/unistd/faccessat.c 2020-08-04 07:21:09.000000000 +0300 +@@ -25,17 +25,12 @@ + + int faccessat(int fd, const char *filename, int amode, int flag) + { +- if (flag) { +- int ret = __syscall(SYS_faccessat2, fd, filename, amode, flag); +- if (ret != -ENOSYS) return __syscall_ret(ret); +- } ++ if (!flag || (flag==AT_EACCESS && getuid()==geteuid() && getgid()==getegid())) ++ return syscall(SYS_faccessat, fd, filename, amode, flag); + +- if (flag & ~AT_EACCESS) ++ if (flag != AT_EACCESS) + return __syscall_ret(-EINVAL); + +- if (!flag || (getuid()==geteuid() && getgid()==getegid())) +- return syscall(SYS_faccessat, fd, filename, amode); +- + char stack[1024]; + sigset_t set; + pid_t pid; diff --git a/1.23-nofaccessat2/faccessat2-test.c b/1.23-nofaccessat2/faccessat2-test.c new file mode 100644 index 0000000..71f9e9e --- /dev/null +++ b/1.23-nofaccessat2/faccessat2-test.c @@ -0,0 +1,10 @@ +#include +#include + +int main() { + // TODO: Use this code to test resulting images. + // Should not call faccessat2 under the hood. + faccessat(0, "/", R_OK, AT_EACCESS); + + return 0; +} \ No newline at end of file diff --git a/1.23/Dockerfile b/1.23/Dockerfile new file mode 100644 index 0000000..abe38ac --- /dev/null +++ b/1.23/Dockerfile @@ -0,0 +1,14 @@ +FROM golang:1.23-alpine +RUN set -eux; \ + apk add --no-cache bash make git gcc libc-dev jq curl dumb-init mailcap tzdata && \ + go install github.com/go-delve/delve/cmd/dlv@latest && \ + go install github.com/air-verse/air@v1.61.5 && \ + go install github.com/jstemmer/go-junit-report@latest && \ + go install github.com/axw/gocov/gocov@v1.2.1 && \ + go install gotest.tools/gotestsum@latest && \ + chmod -R 777 "$GOPATH" && \ + curl -L https://github.com/tobni/merge-junit/releases/download/v0.2.1/merge-junit-v0.2.1-x86_64-unknown-linux-musl.tar.gz | tar -xz && \ + mv ./merge-junit-v0.2.1-x86_64-unknown-linux-musl/merge-junit /usr/bin/merge-junit && \ + rm -rf /merge-junit-v0.2.1-x86_64-unknown-linux-musl +WORKDIR / +ENTRYPOINT ["/usr/bin/dumb-init", "--"]