From fa3bab8419fae9d2cbcc10c3a0e141f9c6379380 Mon Sep 17 00:00:00 2001
From: Leonid Pliushch <leonid.pliushch@gmail.com>
Date: Sat, 10 Jul 2021 01:57:44 +0300
Subject: [PATCH] multistage build, remove duplicate files

* Resulting image is 2x smaller and has only 1 layer.
* Move content of setup-termux.sh into Dockerfile.
* No duplicated static-dns-hosts.txt.
---
 Dockerfile                                    | 94 +++++++++++++++----
 ...atic-dns-hosts.txt => static-dns-hosts.txt |  0
 system/arm/setup-termux.sh                    | 60 ------------
 system/x86/etc/static-dns-hosts.txt           | 54 -----------
 system/x86/setup-termux.sh                    | 60 ------------
 5 files changed, 74 insertions(+), 194 deletions(-)
 rename system/arm/etc/static-dns-hosts.txt => static-dns-hosts.txt (100%)
 delete mode 100755 system/arm/setup-termux.sh
 delete mode 100644 system/x86/etc/static-dns-hosts.txt
 delete mode 100755 system/x86/setup-termux.sh

diff --git a/Dockerfile b/Dockerfile
index 0b76a5a..b9fdfa8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,37 +1,91 @@
-FROM scratch
+##############################################################################
+# Bootstrap Termux environment.
+FROM scratch AS bootstrap
 
 ARG BOOTSTRAP_VERSION=2021.06.04-r1
 ARG BOOTSTRAP_ARCH=i686
 ARG SYSTEM_TYPE=x86
 
+# Docker uses /bin/sh by default, but we don't have it currently.
+SHELL ["/system/bin/sh", "-c"]
+ENV PATH /system/bin
+
+# Copy libc, linker and few utilities.
+COPY /system/$SYSTEM_TYPE /system
+
+# Static DNS hosts: as our system does not have a DNS resolver, we will
+# have to resolve domains manually and fill /system/etc/hosts.
+COPY /static-dns-hosts.txt /system/etc/static-dns-hosts.txt
+
+# Extract bootstrap archive and create symlinks.
+ADD https://github.com/termux/termux-packages/releases/download/bootstrap-$BOOTSTRAP_VERSION/bootstrap-$BOOTSTRAP_ARCH.zip /bootstrap.zip
+RUN busybox mkdir -p /data/data/com.termux/files && \
+    cd /data/data/com.termux/files && \
+    busybox mkdir ../cache ./usr ./home && \
+    busybox unzip -d usr /bootstrap.zip && \
+    busybox rm /bootstrap.zip && \
+    cd ./usr && \
+    busybox cat SYMLINKS.txt | while read -r line; do \
+      dest=$(echo "$line" | busybox awk -F '←' '{ print $1 }'); \
+      link=$(echo "$line" | busybox awk -F '←' '{ print $2 }'); \
+      busybox ln -s "$dest" "$link"; \
+    done && \
+    busybox rm SYMLINKS.txt && \
+    busybox ln -s /data/data/com.termux/files/usr /usr && \
+    busybox ln -s /data/data/com.termux/files/usr/bin /bin && \
+    busybox ln -s /data/data/com.termux/files/usr/tmp /tmp
+
+# Set ownership and file access modes:
+# * User content is owned by 1000:1000.
+# * Termux file modes are set only for user.
+# * Rest is owned by root and has 755/644 modes.
+RUN busybox chown -Rh 0:0 /system && \
+    busybox chown -Rh 1000:1000 /data/data/com.termux && \
+    busybox chown 1000:1000 /system/etc/hosts /system/etc/static-dns-hosts.txt && \
+    busybox find /system -type d -exec busybox chmod 755 "{}" \; && \
+    busybox find /system -type f -executable -exec busybox chmod 755 "{}" \; && \
+    busybox find /system -type f ! -executable -exec busybox chmod 644 "{}" \; && \
+    busybox find /data -type d -exec busybox chmod 755 "{}" \; && \
+    busybox find /data/data/com.termux/files -type f -o -type d -exec busybox chmod g-rwx,o-rwx "{}" \; && \
+    cd /data/data/com.termux/files/usr && \
+    busybox find ./bin ./lib/apt ./lib/bash ./libexec -type f -exec busybox chmod 700 "{}" \;
+
+# Use utilities from Termux and switch user to non-root.
+ENV PATH /data/data/com.termux/files/usr/bin
+SHELL ["/data/data/com.termux/files/usr/bin/sh", "-c"]
+USER 1000:1000
+
+# Update static DNS cache on login. Also symlink script and host list to prefix.
+RUN echo "echo -e 'Updating static DNS:\n' && /system/bin/update-static-dns && echo" \
+    > /data/data/com.termux/files/home/.bashrc && \
+    ln -s /system/bin/update-static-dns /data/data/com.termux/files/usr/bin/update-static-dns && \
+    ln -s /system/etc/static-dns-hosts.txt /data/data/com.termux/files/usr/etc/static-dns-hosts.txt
+
+# Update static DNS cache, install updates and cleanup.
+RUN /system/bin/update-static-dns && \
+    apt update && \
+    apt upgrade -o Dpkg::Options::=--force-confnew -yq && \
+    rm -rf /data/data/com.termux/files/usr/var/lib/apt/* && \
+    rm -rf /data/data/com.termux/files/usr/var/log/apt/* && \
+    rm -rf /data/data/com.termux/cache/apt/*
+
+##############################################################################
+# Create final image.
+FROM scratch
+
 ENV ANDROID_DATA     /data
 ENV ANDROID_ROOT     /system
 ENV HOME             /data/data/com.termux/files/home
 ENV LANG             en_US.UTF-8
+ENV PATH             /data/data/com.termux/files/usr/bin
 ENV PREFIX           /data/data/com.termux/files/usr
 ENV TMPDIR           /data/data/com.termux/files/usr/tmp
 ENV TZ               UTC
 
-# Temporary set PATH to /system/bin so we will be able to
-# bootstrap Termux environment.
-ENV PATH /system/bin
-SHELL ["/system/bin/sh", "-c"]
+COPY --from=bootstrap / /
 
-# Bootstrapping Termux environment.
-ADD https://github.com/termux/termux-packages/releases/download/bootstrap-$BOOTSTRAP_VERSION/bootstrap-$BOOTSTRAP_ARCH.zip /data/data/com.termux/files/bootstrap.zip
-COPY /system/$SYSTEM_TYPE /system
-RUN /system/setup-termux.sh
-
-# Switch to Termux environment.
 WORKDIR /data/data/com.termux/files/home
+SHELL ["/data/data/com.termux/files/usr/bin/sh", "-c"]
 USER 1000:1000
-ENV PATH /data/data/com.termux/files/usr/bin
 
-# Install package updates.
-RUN /system/bin/update-static-dns && \
-    apt update && \
-    yes | apt upgrade && \
-    rm -rf /data/data/com.termux/files/usr/var/log/apt/* && \
-    rm -rf /data/data/com.termux/cache/apt/*
-
-ENTRYPOINT /data/data/com.termux/files/usr/bin/login
+CMD ["/data/data/com.termux/files/usr/bin/login"]
diff --git a/system/arm/etc/static-dns-hosts.txt b/static-dns-hosts.txt
similarity index 100%
rename from system/arm/etc/static-dns-hosts.txt
rename to static-dns-hosts.txt
diff --git a/system/arm/setup-termux.sh b/system/arm/setup-termux.sh
deleted file mode 100755
index 8da0c69..0000000
--- a/system/arm/setup-termux.sh
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/system/bin/sh
-set -e
-
-busybox mkdir -p /data/data/com.termux/cache
-cd /data/data/com.termux/files
-busybox mkdir home usr
-busybox unzip -d usr bootstrap.zip
-busybox rm -f bootstrap.zip
-
-# Termux bootstrap archive does not store symlinks in raw form.
-# Instead, it has a SYMLINKS.txt which contains the information about
-# symlink paths and their targets.
-cd /data/data/com.termux/files/usr
-busybox cat SYMLINKS.txt | while read -r line; do
-	dest=$(echo "$line" | busybox awk -F '←' '{ print $1 }')
-	link=$(echo "$line" | busybox awk -F '←' '{ print $2 }')
-	echo "Creating symlink: $link --> $dest"
-	busybox ln -s "$dest" "$link"
-done
-busybox rm -f SYMLINKS.txt
-
-# Set generic permissions.
-busybox find /data -type d -exec busybox chmod 755 "{}" \;
-busybox find /data/data/com.termux/files -type d -exec busybox chmod 700 "{}" \;
-busybox find /data/data/com.termux/files/usr -type f -executable -exec busybox chmod 700 "{}" \;
-busybox find /data/data/com.termux/files/usr -type f ! -executable -exec busybox chmod 600 "{}" \;
-busybox chown -Rh 1000:1000 /data
-busybox find /system -type d -exec busybox chmod 755 "{}" \;
-busybox find /system -type f -executable -exec busybox chmod 755 "{}" \;
-busybox find /system -type f ! -executable -exec busybox chmod 644 "{}" \;
-busybox chown -Rh 0:0 /system
-
-# These files should be writable by normal user.
-busybox chown 1000:1000 /system/etc/hosts /system/etc/static-dns-hosts.txt
-
-# This step should be kept in sync with bootstrap archive content.
-busybox find bin lib/apt lib/bash libexec -type f -exec busybox chmod 700 "{}" \;
-for p in ./share/doc/util-linux/getopt/getopt-parse.bash \
-	./share/doc/util-linux/getopt/getopt-parse.tcsh \
-	./var/service/ftpd/run ./var/service/telnetd/run; do
-	if [ -f "$p" ]; then
-		busybox chmod 700 "$p"
-	fi
-done
-
-# Termux doesn't use these directories, but create them for compatibility
-# when executing stuff like package tests.
-busybox ln -sf /data/data/com.termux/files/usr/bin /bin
-busybox ln -sf /data/data/com.termux/files/usr /usr
-busybox mkdir -p -m 1777 /tmp
-
-# Symlink static dns things into Termux prefix.
-busybox ln -sf /system/bin/update-static-dns /data/data/com.termux/files/usr/bin/update-static-dns
-busybox ln -sf /system/etc/static-dns-hosts.txt /data/data/com.termux/files/usr/etc/static-dns-hosts.txt
-
-# Update static dns on shell session start.
-echo "echo -e 'Updating static DNS:\n' && /system/bin/update-static-dns && echo" > /data/data/com.termux/files/home/.bashrc
-
-# Let script delete itself.
-busybox rm -f "$(busybox realpath "$0")"
diff --git a/system/x86/etc/static-dns-hosts.txt b/system/x86/etc/static-dns-hosts.txt
deleted file mode 100644
index 60187f0..0000000
--- a/system/x86/etc/static-dns-hosts.txt
+++ /dev/null
@@ -1,54 +0,0 @@
-##
-##  Termux Docker environment doesn't have working DNS resolver.
-##  This list contains domains that will be manually resolved. Result
-##  will be used to fill /system/etc/hosts.
-##
-
-# Termux repositories:
-termux.net
-termux.org
-packages.termux.org
-
-# Termux mirrors:
-deb.kcubeterm.me
-dl.kcubeterm.me
-grimler.se
-termux.mentality.rip
-mirrors.bfsu.edu.cn
-mirrors.tuna.tsinghua.edu.cn
-mirrors.ustc.edu.cn
-packages.kcubeterm.me
-
-# Termux has mirror on IPFS.
-10.via0.com
-ipfs.io
-k51qzi5uqu5dg9vawh923wejqffxiu9bhqlze5f508msk0h7ylpac27fdgaskx.ipns.dweb.link
-
-# Community repositories:
-its-pointless.github.io
-
-# Github:
-github.com
-codeload.github.com
-gist.github.com
-gist.githubusercontent.com
-github-releases.githubusercontent.com
-raw.githubusercontent.com
-
-# Python package manager (pip):
-pypi.org
-test.pypi.org
-upload.pypi.org
-pythonhosted.org
-files.pythonhosted.org
-test-files.pythonhosted.org
-
-# Ruby package manager (gem):
-rubygems.org
-index.rubygems.org
-
-# Node package manager (npm):
-registry.npmjs.org
-
-# Yarn package manager (yarn):
-registry.yarnpkg.com
diff --git a/system/x86/setup-termux.sh b/system/x86/setup-termux.sh
deleted file mode 100755
index 8da0c69..0000000
--- a/system/x86/setup-termux.sh
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/system/bin/sh
-set -e
-
-busybox mkdir -p /data/data/com.termux/cache
-cd /data/data/com.termux/files
-busybox mkdir home usr
-busybox unzip -d usr bootstrap.zip
-busybox rm -f bootstrap.zip
-
-# Termux bootstrap archive does not store symlinks in raw form.
-# Instead, it has a SYMLINKS.txt which contains the information about
-# symlink paths and their targets.
-cd /data/data/com.termux/files/usr
-busybox cat SYMLINKS.txt | while read -r line; do
-	dest=$(echo "$line" | busybox awk -F '←' '{ print $1 }')
-	link=$(echo "$line" | busybox awk -F '←' '{ print $2 }')
-	echo "Creating symlink: $link --> $dest"
-	busybox ln -s "$dest" "$link"
-done
-busybox rm -f SYMLINKS.txt
-
-# Set generic permissions.
-busybox find /data -type d -exec busybox chmod 755 "{}" \;
-busybox find /data/data/com.termux/files -type d -exec busybox chmod 700 "{}" \;
-busybox find /data/data/com.termux/files/usr -type f -executable -exec busybox chmod 700 "{}" \;
-busybox find /data/data/com.termux/files/usr -type f ! -executable -exec busybox chmod 600 "{}" \;
-busybox chown -Rh 1000:1000 /data
-busybox find /system -type d -exec busybox chmod 755 "{}" \;
-busybox find /system -type f -executable -exec busybox chmod 755 "{}" \;
-busybox find /system -type f ! -executable -exec busybox chmod 644 "{}" \;
-busybox chown -Rh 0:0 /system
-
-# These files should be writable by normal user.
-busybox chown 1000:1000 /system/etc/hosts /system/etc/static-dns-hosts.txt
-
-# This step should be kept in sync with bootstrap archive content.
-busybox find bin lib/apt lib/bash libexec -type f -exec busybox chmod 700 "{}" \;
-for p in ./share/doc/util-linux/getopt/getopt-parse.bash \
-	./share/doc/util-linux/getopt/getopt-parse.tcsh \
-	./var/service/ftpd/run ./var/service/telnetd/run; do
-	if [ -f "$p" ]; then
-		busybox chmod 700 "$p"
-	fi
-done
-
-# Termux doesn't use these directories, but create them for compatibility
-# when executing stuff like package tests.
-busybox ln -sf /data/data/com.termux/files/usr/bin /bin
-busybox ln -sf /data/data/com.termux/files/usr /usr
-busybox mkdir -p -m 1777 /tmp
-
-# Symlink static dns things into Termux prefix.
-busybox ln -sf /system/bin/update-static-dns /data/data/com.termux/files/usr/bin/update-static-dns
-busybox ln -sf /system/etc/static-dns-hosts.txt /data/data/com.termux/files/usr/etc/static-dns-hosts.txt
-
-# Update static dns on shell session start.
-echo "echo -e 'Updating static DNS:\n' && /system/bin/update-static-dns && echo" > /data/data/com.termux/files/home/.bashrc
-
-# Let script delete itself.
-busybox rm -f "$(busybox realpath "$0")"