boot2

Playing with the boostrap
git clone https://git.ryansepassi.com/git/boot2.git
Log | Files | Refs

commit 992c8cc15c1e7ae225711195b82fbadcf384327a
parent 7f8ceb9a19fdfb5f894827e596261da1d3c5fb87
Author: Ryan Sepassi <rsepassi@gmail.com>
Date:   Thu, 23 Apr 2026 14:29:51 -0700

m1pp: switch build.sh and test.sh to a distroless-busybox image

Replace the alpine base with a two-stage distroless-static image that
pulls only busybox from another distroless layer. Both digests are
pinned. Gives us the minimal sh/cp/chmod surface needed by build.sh's
container step without shipping apk or any of alpine's userland.

build.sh now `podman build`s the image from Containerfile.busybox on
first run instead of aliasing a pinned alpine digest. test.sh shares
the same tag so parity runs and build-pipeline smoke runs execute
under one image.

Diffstat:
AContainerfile.busybox | 7+++++++
Mm1pp/build.sh | 9+++------
Mm1pp/test.sh | 6+++++-
3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/Containerfile.busybox b/Containerfile.busybox @@ -0,0 +1,7 @@ +FROM gcr.io/distroless/static-debian12@sha256:7985579713fb1171e707d74659c67af3605642d1c9db305304c2998a99032615 AS busybox + +FROM gcr.io/distroless/static-debian12@sha256:20bc6c0bc4d625a22a8fde3e55f6515709b32055ef8fb9cfbddaa06d1760f838 +COPY --from=busybox /busybox/busybox /busybox/busybox +RUN ["/busybox/busybox", "sh", "-c", "for n in sh cp chmod; do /busybox/busybox ln -s busybox /busybox/$n; done"] +ENV PATH=/busybox:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +CMD ["/busybox/sh"] diff --git a/m1pp/build.sh b/m1pp/build.sh @@ -34,11 +34,8 @@ OUT=$2 REPO=$(cd "$(dirname "$0")/.." && pwd) ARCH=aarch64 PLATFORM=linux/arm64 -IMAGE=localhost/lispcc:aarch64 -## Digest-pinned source for the local tag. Mirrors the Makefile pin so the -## tag is created from the same image bytes even when build.sh runs -## standalone without `make` having materialised the image stamp. -IMAGE_DIGEST='public.ecr.aws/docker/library/alpine@sha256:378c4c5418f7493bd500ad21ffb43818d0689daaad43e3261859fb417d1481a0' +IMAGE=localhost/distroless-busybox:latest +CONTAINERFILE=Containerfile.busybox P1_DEFS=build/p1v2/$ARCH/p1_$ARCH.M1 TOOLS=build/$ARCH/tools @@ -54,7 +51,7 @@ for f in "$P1_DEFS" "$TOOLS/M0" "$TOOLS/hex2-0" "$TOOLS/catm" "$ELF_HDR" lint.sh done if ! podman image exists "$IMAGE"; then - podman tag "$IMAGE_DIGEST" "$IMAGE" + podman build -f "$CONTAINERFILE" -t "$IMAGE" . fi NAME=$(basename "$SRC" .M1) diff --git a/m1pp/test.sh b/m1pp/test.sh @@ -21,7 +21,11 @@ set -eu REPO=$(cd "$(dirname "$0")/.." && pwd) PLATFORM=linux/arm64 -IMAGE=localhost/lispcc:aarch64 +## Share the tag that build.sh builds and runs under. build.sh creates it +## on first run from Containerfile.busybox — we assume it exists by the time +## a fixture is run (build_expander / per-fixture build.sh invocations +## produce it as a side effect). +IMAGE=localhost/distroless-busybox:latest cd "$REPO"