Dockerfile.nsjail-3.1

ARG MUSL_TARGET=x86_64-linux-musl
FROM libnl-3.2.25-${MUSL_TARGET} AS libnl
FROM protobuf-3.21.1-${MUSL_TARGET} AS protobuf
FROM musl-cross-make-${MUSL_TARGET}
ARG MUSL_TARGET

COPY --from=protobuf /output /output
COPY --from=libnl /output /output

WORKDIR /build
RUN download https://github.com/google/nsjail/archive/refs/tags/3.1.tar.gz source.tar.gz c944ce9b6dbfae7cc42b67ce720f997b3b12a2b41ba3462e133627a838f3ff3c && tar xf source.tar.gz
RUN download https://github.com/google/kafel/archive/refs/tags/20200831.tar.gz kafel.tar.gz dc6a541e4699acb2ac76128142780604452694d747dfd31a809a90506f965d7e && tar xf kafel.tar.gz
COPY patches/nsjail-3.1 /build/patches
RUN patches/download_protoc.sh
RUN export PATH=/build/cross/bin:$PATH:/output/bin && \
mkdir -p /output/bin && \
mkdir -p /output/include/sys && \
echo "#!/bin/sh\nexit 0" > /output/bin/pkg-config && \
chmod 0755 /output/bin/pkg-config && \
cp bin/protoc /output/bin && \
cp -r kafel-*/* nsjail-*/kafel && \
cd nsjail-* && \
mkdir -p kafel/include/sys && \
cp /build/patches/queue.h kafel/include/sys && \
cp /build/patches/queue.h /output/include/sys && \
cat /build/patches/clone_args.h >> subproc.h && \
sed -e 's/-Werror//' -e 's/-pie//' -e 's/-fPIE//' -i Makefile && \
sed -e 's/YYUSE/YY_USE/' -i kafel/src/parser.y && \
sed -e 's/^TARGET=.*/TARGET=${STATIC_TARGET}/' -i kafel/src/Makefile && \
sed -e 's/return nsjconf->cgroupv2_mount + "\/NSJAIL." + std::to_string(pid)/return nsjconf->cgroupv2_mount + "\/" + nsjconf->cgroup_cpu_parent/g' -i cgroup2.cc && \
export CC="$MUSL_TARGET-gcc -static" && \
export CXX="$MUSL_TARGET-g++ -static" && \
export CFLAGS="-I/output/include -I/output/include/libnl3 -I/output/include/google -frandom-seed=pulse" && \
export CXXFLAGS="-static-libstdc++ ${CFLAGS}" && \
export LDFLAGS="-L/output/lib -pthread -lprotobuf -lnl-route-3 -lnl-3" && \
make -j$(nproc) && \
${MUSL_TARGET}-strip nsjail

CMD bash