Optimize image size

dotnet · Mar 29, 2023 · ffc872d · ffc872d
1 parent b6ebffa
commit ffc872d
Show file tree

Hide file tree

Showing 12 changed files with 112 additions and 109 deletions.
diff --git a/src/cbl-mariner/2.0/cross/amd64-alpine/Dockerfile b/src/cbl-mariner/2.0/cross/amd64-alpine/Dockerfile
@@ -1,4 +1,10 @@
-FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-builder-local AS builder
 ARG ROOTFS_DIR=/crossrootfs/x64
 
 RUN /scripts/eng/common/cross/build-rootfs.sh x64 alpine3.13 --skipunmount
+
+
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local
+ARG ROOTFS_DIR=/crossrootfs/x64
+
+COPY --from=builder $ROOTFS_DIR $ROOTFS_DIR
diff --git a/src/cbl-mariner/2.0/cross/amd64/Dockerfile b/src/cbl-mariner/2.0/cross/amd64/Dockerfile
@@ -1,10 +1,14 @@
-FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-builder-local AS builder
 ARG ROOTFS_DIR=/crossrootfs/x64
 
-RUN tdnf install -y debootstrap
-
 RUN /scripts/eng/common/cross/build-rootfs.sh x64 xenial --skipunmount
 
+
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local
+ARG ROOTFS_DIR=/crossrootfs/x64
+
+COPY --from=builder $ROOTFS_DIR $ROOTFS_DIR
+
 RUN LLVM_VERSION=12.0.1 LLVM_VERSION_MAJOR="${LLVM_VERSION%%.*}" && \
     mkdir -p $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ && \
     cp /usr/lib/clang/${LLVM_VERSION}/lib/linux/libclang_rt.profile-x86_64.a $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/
diff --git a/src/cbl-mariner/2.0/cross/arm64-alpine/Dockerfile b/src/cbl-mariner/2.0/cross/arm64-alpine/Dockerfile
@@ -1,4 +1,10 @@
-FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-arm-local
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-builder-local AS builder
 ARG ROOTFS_DIR=/crossrootfs/arm64
 
 RUN /scripts/eng/common/cross/build-rootfs.sh arm64 alpine3.13 --skipunmount
+
+
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-arm-local
+ARG ROOTFS_DIR=/crossrootfs/arm64
+
+COPY --from=builder $ROOTFS_DIR $ROOTFS_DIR
diff --git a/src/cbl-mariner/2.0/cross/arm64/Dockerfile b/src/cbl-mariner/2.0/cross/arm64/Dockerfile
@@ -1,18 +1,10 @@
-FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-artifacts-local as artifacts
-
-FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-arm-local
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-builder-local AS builder
 ARG ROOTFS_DIR=/crossrootfs/arm64
 
-RUN tdnf install -y debootstrap
-
 RUN /scripts/eng/common/cross/build-rootfs.sh arm64 xenial --skipunmount
 
 # Build compiler-rt profile library for PGO instrumentation
-COPY --from=artifacts /llvm-project.src.tar.xz .
-RUN mkdir llvm-project.src && \
-    tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \
-    rm llvm-project.src.tar.xz && \
-    mkdir compiler-rt_build && cd compiler-rt_build && \
+RUN mkdir compiler-rt_build && cd compiler-rt_build && \
     BUILD_FLAGS="-v --sysroot=$ROOTFS_DIR" \
     TARGET_TRIPLE=aarch64-linux-gnu && \
     cmake ../llvm-project.src/compiler-rt \
@@ -33,11 +25,14 @@ RUN mkdir llvm-project.src && \
         -DCMAKE_INSTALL_PREFIX=$ROOTFS_DIR/usr \
         -DCMAKE_C_FLAGS="${BUILD_FLAGS}" \
         -DCMAKE_CXX_FLAGS="${BUILD_FLAGS}" && \
-    make -j $(getconf _NPROCESSORS_ONLN) && \
-    make install
+    make -j $(getconf _NPROCESSORS_ONLN)
 
 RUN LLVM_VERSION=12.0.1 LLVM_VERSION_MAJOR="${LLVM_VERSION%%.*}" && \
     mkdir -p $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ && \
     cp compiler-rt_build/lib/linux/libclang_rt.profile-aarch64.a $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/
 
-RUN rm -r compiler-rt_build llvm-project.src
+
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-arm-local
+ARG ROOTFS_DIR=/crossrootfs/arm64
+
+COPY --from=builder $ROOTFS_DIR $ROOTFS_DIR
diff --git a/src/cbl-mariner/2.0/cross/x86/Dockerfile b/src/cbl-mariner/2.0/cross/x86/Dockerfile
@@ -1,23 +1,15 @@
-FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-artifacts-local as artifacts
-
-FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local AS rootfsbuild
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-builder-local as builder
 ARG ROOTFS_DIR=/crossrootfs/x86
 
-RUN tdnf install -y \
-    debootstrap \
-    # Provides LLVMConfig.cmake, needed to build compiler-rt. Only needed on x86.
-    # x64 doesn't need this because we use compiler-rt from the mariner package.
-    # arm/arm64 don't need this because LLVMConfig.cmake is provided by the LLVM we build from source.
-    llvm-devel
+# Provides LLVMConfig.cmake, needed to build compiler-rt. Only needed on x86.
+# x64 doesn't need this because we use compiler-rt from the mariner package.
+# arm/arm64 don't need this because LLVMConfig.cmake is provided by the LLVM we build from source.
+RUN tdnf install -y llvm-devel
 
 RUN /scripts/eng/common/cross/build-rootfs.sh x86 xenial --skipunmount
 
 # Build compiler-rt profile library for PGO instrumentation
-COPY --from=artifacts /llvm-project.src.tar.xz .
-RUN mkdir llvm-project.src && \
-    tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \
-    rm llvm-project.src.tar.xz && \
-    mkdir compiler-rt_build && cd compiler-rt_build && \
+RUN mkdir compiler-rt_build && cd compiler-rt_build && \
     BUILD_FLAGS="-v --sysroot=$ROOTFS_DIR" \
     TARGET_TRIPLE=i386-linux-gnu && \
     cmake ../llvm-project.src/compiler-rt \
@@ -38,11 +30,14 @@ RUN mkdir llvm-project.src && \
         -DCMAKE_INSTALL_PREFIX=$ROOTFS_DIR/usr \
         -DCMAKE_C_FLAGS="${BUILD_FLAGS}" \
         -DCMAKE_CXX_FLAGS="${BUILD_FLAGS}" && \
-    make -j $(getconf _NPROCESSORS_ONLN) && \
-    make install
+    make -j $(getconf _NPROCESSORS_ONLN)
 
 RUN LLVM_VERSION=12.0.1 LLVM_VERSION_MAJOR="${LLVM_VERSION%%.*}" && \
     mkdir -p $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ && \
     cp compiler-rt_build/lib/linux/libclang_rt.profile-i386.a $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/
 
-RUN rm -r compiler-rt_build llvm-project.src
+
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local
+ARG ROOTFS_DIR=/crossrootfs/x86
+
+COPY --from=builder $ROOTFS_DIR $ROOTFS_DIR
diff --git a/src/cbl-mariner/2.0/crossdeps-arm/Dockerfile b/src/cbl-mariner/2.0/crossdeps-arm/Dockerfile
@@ -1,30 +1,6 @@
-FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-artifacts-local as artifacts
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-builder-local as builder
 
 FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-local
 
-# Install LLVM-only build dependencies
-RUN tdnf install -y \
-    texinfo \
-    diffutils \
-    binutils
-
-# Build LLVM cross-toolchain (with support for targeting arm architectures)
-COPY --from=artifacts /llvm-project.src.tar.xz .
-RUN mkdir llvm-project.src && \
-    tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \
-    rm llvm-project.src.tar.xz && \
-    mkdir build && cd build && \
-    cmake ../llvm-project.src/llvm \
-        -DCMAKE_BUILD_TYPE=Release \
-        -DLLVM_TARGETS_TO_BUILD="host;AArch64;ARM" \
-        -Wno-dev \
-        -DLLVM_ENABLE_PROJECTS="clang;lld" && \
-    make -j $(getconf _NPROCESSORS_ONLN) && \
-    make install
-
-RUN rm -r build llvm-project.src
-
-RUN tdnf remove -y \
-    texinfo \
-    diffutils \
-    binutils
+# Install LLVM that we built from source
+COPY --from=builder /usr/local /usr/local
diff --git a/src/cbl-mariner/2.0/crossdeps-artifacts/Dockerfile b/src/cbl-mariner/2.0/crossdeps-artifacts/Dockerfile
diff --git a/src/cbl-mariner/2.0/crossdeps-builder/Dockerfile b/src/cbl-mariner/2.0/crossdeps-builder/Dockerfile
@@ -0,0 +1,64 @@
+FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-local
+
+# TODO: remove this once debootstrap is available in the base repos.
+COPY mariner-extended.repo /etc/yum.repos.d/
+
+RUN tdnf install -y \
+    # Rootfs build dependencies
+    debootstrap \
+    # LLVM build dependencies
+    texinfo \
+    diffutils \
+    binutils
+
+# Obtain ubuntu package signing key (for use by debootstrap)
+# 1. Add public key used to sign the ubuntu keyring
+COPY dimitri_john_ledkov.asc .
+RUN gpg --output dimitri_john_ledkov.gpg --dearmor dimitri_john_ledkov.asc && \
+    rm dimitri_john_ledkov.asc && \
+# 2. Download the ubuntu keyrings
+    wget https://mirrors.edge.kernel.org/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2021.03.26.tar.gz && \
+    echo "492eed5c06408c6f632577adb0796130af5d6542013ef418f47187a209e49bb1 ubuntu-keyring_2021.03.26.tar.gz" | sha256sum -c && \
+    tar xf ubuntu-keyring_2021.03.26.tar.gz && \
+    rm ubuntu-keyring_2021.03.26.tar.gz && \
+# 3. Verify keyrings
+    pushd ubuntu-keyring-2021.03.26 && \
+    gpg --keyring /dimitri_john_ledkov.gpg --output SHA512SUMS.txt --decrypt SHA512SUMS.txt.asc && \
+    rm /dimitri_john_ledkov.gpg && \
+    sha512sum -c SHA512SUMS.txt && \
+# 4. Install the needed keyring and delete the rest
+    mkdir -p /usr/share/keyrings && \
+    mv keyrings/ubuntu-archive-keyring.gpg /usr/share/keyrings && \
+    popd && \
+    rm -r ubuntu-keyring-2021.03.26
+
+# 1. Obtain signing keys used to sign llvm sources
+RUN wget https://releases.llvm.org/release-keys.asc && \
+    echo "f181a90697e3ea4b7782f1ee48314a570aef058505b4f3a0ab0611094ec13241 release-keys.asc" | sha256sum -c && \
+    gpg --output release-keys.gpg --dearmor release-keys.asc && \
+    rm release-keys.asc && \
+# 2. Download llvm sources and signature, and verify signature
+    LLVM_VERSION=12.0.1 && \
+    wget -O llvm-project.src.tar.xz.sig https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VERSION}/llvm-project-${LLVM_VERSION}.src.tar.xz.sig && \
+    echo "6cc956d622a7d3d746de0d71d8ca616a6c291e2c561703ac7a9535f38b999955 llvm-project.src.tar.xz.sig" | sha256sum -c && \
+    wget -O llvm-project.src.tar.xz https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VERSION}/llvm-project-${LLVM_VERSION}.src.tar.xz && \
+    echo "129cb25cd13677aad951ce5c2deb0fe4afc1e9d98950f53b51bdcfb5a73afa0e llvm-project.src.tar.xz" | sha256sum -c && \
+    gpg --keyring /release-keys.gpg --verify llvm-project.src.tar.xz.sig && \
+    rm llvm-project.src.tar.xz.sig
+
+# Build LLVM cross-toolchain (with support for targeting arm architectures)
+RUN mkdir llvm-project.src && \
+    tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \
+    rm llvm-project.src.tar.xz && \
+    mkdir build && cd build && \
+    cmake ../llvm-project.src/llvm \
+        -DCMAKE_BUILD_TYPE=Release \
+        -DLLVM_TARGETS_TO_BUILD="host;AArch64;ARM" \
+        -Wno-dev \
+        -DLLVM_ENABLE_PROJECTS="clang;lld" && \
+    make -j $(getconf _NPROCESSORS_ONLN) && \
+    make install
+
+# Obtain arcade scripts used to build rootfs
+RUN git config --global user.email builder@dotnet-buildtools-prereqs-docker && \
+    git clone --depth 1 --single-branch https://github.com/dotnet/arcade /scripts
diff --git a/...ner/2.0/crossdeps/dimitri_john_ledkov.asc → ...crossdeps-builder/dimitri_john_ledkov.asc b/...ner/2.0/crossdeps/dimitri_john_ledkov.asc → ...crossdeps-builder/dimitri_john_ledkov.asc
diff --git a/...riner/2.0/crossdeps/mariner-extended.repo → ...0/crossdeps-builder/mariner-extended.repo b/...riner/2.0/crossdeps/mariner-extended.repo → ...0/crossdeps-builder/mariner-extended.repo
diff --git a/src/cbl-mariner/2.0/crossdeps/Dockerfile b/src/cbl-mariner/2.0/crossdeps/Dockerfile
@@ -1,8 +1,5 @@
 FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
 
-# TODO: remove this once debootstrap is available in the base repos.
-COPY mariner-extended.repo /etc/yum.repos.d/
-
 RUN tdnf update -y && \
     tdnf install -y \
         wget \
@@ -17,28 +14,3 @@ RUN tdnf update -y && \
         glibc-devel \
         lttng-ust-devel \
         kernel-headers
-
-# Obtain arcade scripts used to build rootfs
-RUN git config --global user.email builder@dotnet-buildtools-prereqs-docker && \
-    git clone --depth 1 --single-branch https://github.com/dotnet/arcade /scripts
-
-# Obtain ubuntu package signing key (for use by debootstrap)
-# 1. Add public key used to sign the ubuntu keyring
-COPY dimitri_john_ledkov.asc .
-RUN gpg --output dimitri_john_ledkov.gpg --dearmor dimitri_john_ledkov.asc && \
-    rm dimitri_john_ledkov.asc && \
-# 2. Download the ubuntu keyrings
-    wget https://mirrors.edge.kernel.org/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2021.03.26.tar.gz && \
-    echo "492eed5c06408c6f632577adb0796130af5d6542013ef418f47187a209e49bb1 ubuntu-keyring_2021.03.26.tar.gz" | sha256sum -c && \
-    tar xf ubuntu-keyring_2021.03.26.tar.gz && \
-    rm ubuntu-keyring_2021.03.26.tar.gz && \
-# 3. Verify keyrings
-    pushd ubuntu-keyring-2021.03.26 && \
-    gpg --keyring /dimitri_john_ledkov.gpg --output SHA512SUMS.txt --decrypt SHA512SUMS.txt.asc && \
-    rm /dimitri_john_ledkov.gpg && \
-    sha512sum -c SHA512SUMS.txt && \
-# 4. Install the needed keyring and delete the rest
-    mkdir -p /usr/share/keyrings && \
-    mv keyrings/ubuntu-archive-keyring.gpg /usr/share/keyrings && \
-    popd && \
-    rm -r ubuntu-keyring-2021.03.26
diff --git a/src/cbl-mariner/manifest.json b/src/cbl-mariner/manifest.json
@@ -61,13 +61,13 @@
         {
           "platforms": [
             {
-              "dockerfile": "src/cbl-mariner/2.0/crossdeps-artifacts",
+              "dockerfile": "src/cbl-mariner/2.0/crossdeps-builder",
               "os": "linux",
               "osVersion": "cbl-mariner2.0",
               "tags": {
-                "cbl-mariner-2.0-crossdeps-artifacts-$(System:TimeStamp)-$(System:DockerfileGitCommitSha)": {},
-                "cbl-mariner-2.0-crossdeps-artifacts$(FloatingTagSuffix)": {},
-                "cbl-mariner-2.0-crossdeps-artifacts-local": {
+                "cbl-mariner-2.0-crossdeps-builder-$(System:TimeStamp)-$(System:DockerfileGitCommitSha)": {},
+                "cbl-mariner-2.0-crossdeps-builder$(FloatingTagSuffix)": {},
+                "cbl-mariner-2.0-crossdeps-builder-local": {
                   "isLocal": true
                 }
               }