Update busybox #9409

tianon · 2021-01-12T01:21:15Z

Changes:

docker-library/busybox@983db56: Limit "Verify Templating" to master branch
docker-library/busybox@c0c3a6b: Merge pull request Add separate unstable/stable versions and initial jq-based templating engine busybox#94 from infosiftr/stable
docker-library/busybox@584f6f7: Add separate unstable/stable versions and initial jq-based templating engine

Changes: - docker-library/busybox@983db56: Limit "Verify Templating" to master branch - docker-library/busybox@c0c3a6b: Merge pull request docker-library/busybox#94 from infosiftr/stable - docker-library/busybox@584f6f7: Add separate unstable/stable versions and initial jq-based templating engine

github-actions · 2021-01-12T01:23:41Z

Diff for 05b0136:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 611a627..ac1ff40 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,45 +1,69 @@
 Maintainers: Tianon Gravi <admwiggin@gmail.com> (@tianon), Joseph Ferguson <yosifkit@gmail.com> (@yosifkit), Jérôme Petazzoni <jerome.petazzoni@gmail.com> (@jpetazzo)
 GitRepo: https://github.com/docker-library/busybox.git
-GitCommit: fd4360b72619b0bcea9578d6329f2b53be2dd204
-amd64-GitCommit: c2e483ec441306fb1f3307b87e90e0015a8a591f
+GitCommit: 983db56256d00139016363cdc6720c0da303ef12
+amd64-GitCommit: 795a8cc57141baf321a34a602cb18ad85daac216
 amd64-GitFetch: refs/heads/dist-amd64
-arm32v5-GitCommit: 65e7c333892ace09d1b3b0fbec96f54ebbf0ffd9
+arm32v5-GitCommit: a6247dad37bda065fb8945c465ddbeebdf047151
 arm32v5-GitFetch: refs/heads/dist-arm32v5
-arm32v6-GitCommit: 2584383f39305833f0bd2a0245207433b73a9213
+arm32v6-GitCommit: 972fd669d037a688c9d668662ad3b35e03b93301
 arm32v6-GitFetch: refs/heads/dist-arm32v6
-arm32v7-GitCommit: e760e631863653a0dcedb4d1dfdba4456994421d
+arm32v7-GitCommit: decd790ace11d23ba9fe9cae8c76ffb81c472c42
 arm32v7-GitFetch: refs/heads/dist-arm32v7
-arm64v8-GitCommit: 8e84b1304ad422d1fd95ad47ee955360856c34c1
+arm64v8-GitCommit: 385dcf62178190a3cc8ef5129a3236466d3abab5
 arm64v8-GitFetch: refs/heads/dist-arm64v8
-i386-GitCommit: f14a4c143b08dd6447f0324af57b2efc55f0ed4c
+i386-GitCommit: 6c25c0f67e0023d05936fedfc836636ead8954f0
 i386-GitFetch: refs/heads/dist-i386
-mips64le-GitCommit: 9258f054221a3b2b8b021c6b1f0263d44f221e72
+mips64le-GitCommit: e4053715658caaf251ca555cc529c027ef00e6ff
 mips64le-GitFetch: refs/heads/dist-mips64le
-ppc64le-GitCommit: ef593e3ed282b27df588f179bde9193fc2a96e8f
+ppc64le-GitCommit: b82f67ef98672aa4841a7b391454ed8d5c03ebd9
 ppc64le-GitFetch: refs/heads/dist-ppc64le
-s390x-GitCommit: 3b209b3a9e405592d2974623104963406d609022
+s390x-GitCommit: ae5dd8d26f3b83fa4accef79d4cedb040b8a5962
 s390x-GitFetch: refs/heads/dist-s390x
 
-Tags: 1.33.0, 1.33, 1, latest
+Tags: 1.32.1, 1.32, 1, stable, latest
 Architectures: amd64, arm32v5, arm32v6, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-amd64-Directory: uclibc
-arm32v5-Directory: uclibc
-arm32v6-Directory: musl
-arm32v7-Directory: uclibc
-arm64v8-Directory: uclibc
-i386-Directory: uclibc
-mips64le-Directory: uclibc
-ppc64le-Directory: glibc
-s390x-Directory: glibc
-
-Tags: 1.33.0-glibc, 1.33-glibc, 1-glibc, glibc
+amd64-Directory: stable/uclibc
+arm32v5-Directory: stable/uclibc
+arm32v6-Directory: stable/musl
+arm32v7-Directory: stable/uclibc
+arm64v8-Directory: stable/uclibc
+i386-Directory: stable/uclibc
+mips64le-Directory: stable/uclibc
+ppc64le-Directory: stable/glibc
+s390x-Directory: stable/glibc
+
+Tags: 1.32.1-glibc, 1.32-glibc, 1-glibc, stable-glibc, glibc
+Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
+Directory: stable/glibc
+
+Tags: 1.32.1-musl, 1.32-musl, 1-musl, stable-musl, musl
+Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
+Directory: stable/musl
+
+Tags: 1.32.1-uclibc, 1.32-uclibc, 1-uclibc, stable-uclibc, uclibc
+Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le
+Directory: stable/uclibc
+
+Tags: 1.33.0, 1.33, unstable
+Architectures: amd64, arm32v5, arm32v6, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
+amd64-Directory: unstable/uclibc
+arm32v5-Directory: unstable/uclibc
+arm32v6-Directory: unstable/musl
+arm32v7-Directory: unstable/uclibc
+arm64v8-Directory: unstable/uclibc
+i386-Directory: unstable/uclibc
+mips64le-Directory: unstable/uclibc
+ppc64le-Directory: unstable/glibc
+s390x-Directory: unstable/glibc
+
+Tags: 1.33.0-glibc, 1.33-glibc, unstable-glibc
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-Directory: glibc
+Directory: unstable/glibc
 
-Tags: 1.33.0-musl, 1.33-musl, 1-musl, musl
+Tags: 1.33.0-musl, 1.33-musl, unstable-musl
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-Directory: musl
+Directory: unstable/musl
 
-Tags: 1.33.0-uclibc, 1.33-uclibc, 1-uclibc, uclibc
+Tags: 1.33.0-uclibc, 1.33-uclibc, unstable-uclibc
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le
-Directory: uclibc
+Directory: unstable/uclibc
diff --git a/_bashbrew-list b/_bashbrew-list
index 746cf14..65e2d61 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -2,6 +2,14 @@ busybox:1
 busybox:1-glibc
 busybox:1-musl
 busybox:1-uclibc
+busybox:1.32
+busybox:1.32-glibc
+busybox:1.32-musl
+busybox:1.32-uclibc
+busybox:1.32.1
+busybox:1.32.1-glibc
+busybox:1.32.1-musl
+busybox:1.32.1-uclibc
 busybox:1.33
 busybox:1.33-glibc
 busybox:1.33-musl
@@ -13,4 +21,12 @@ busybox:1.33.0-uclibc
 busybox:glibc
 busybox:latest
 busybox:musl
+busybox:stable
+busybox:stable-glibc
+busybox:stable-musl
+busybox:stable-uclibc
 busybox:uclibc
+busybox:unstable
+busybox:unstable-glibc
+busybox:unstable-musl
+busybox:unstable-uclibc
diff --git a/busybox_glibc/Dockerfile.builder b/busybox_glibc/Dockerfile.builder
index 0054dcc..7e174b3 100644
--- a/busybox_glibc/Dockerfile.builder
+++ b/busybox_glibc/Dockerfile.builder
@@ -1,3 +1,9 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM amd64/debian:buster-slim
 
 RUN set -eux; \
@@ -17,12 +23,14 @@ RUN set -eux; \
 # sub   1024g/2C766641 2006-12-12
 RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
 
-ENV BUSYBOX_VERSION 1.33.0
+ENV BUSYBOX_VERSION 1.32.1
+ENV BUSYBOX_SHA256 9d57c4bd33974140fd4111260468af22856f12f5b5ef7c70c8d9b75c712a0dee
 
 RUN set -eux; \
 	tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \
-	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
 	curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \
+	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
+	echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \
 	gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \
 	mkdir -p /usr/src/busybox; \
 	tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \
@@ -30,16 +38,15 @@ RUN set -eux; \
 
 WORKDIR /usr/src/busybox
 
-# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 RUN set -eux; \
 	\
 	setConfs=' \
 		CONFIG_AR=y \
 		CONFIG_FEATURE_AR_CREATE=y \
 		CONFIG_FEATURE_AR_LONG_FILENAMES=y \
+# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 		CONFIG_LAST_SUPPORTED_WCHAR=0 \
-# As long as we rely on libnss, we have to have libc.so anyhow, so
-# we've removed CONFIG_STATIC here for now... :cry:
+# As long as we rely on libnss (see below), we have to have libc.so anyhow, so we've removed CONFIG_STATIC here... :cry:
 	'; \
 	\
 	unsetConfs=' \
@@ -73,30 +80,32 @@ RUN set -eux; \
 	done; \
 	for confV in $setConfs; do \
 		grep -q "^$confV\$" .config; \
-	done;
+	done
 
 RUN set -eux; \
-	make -j "$(nproc)" \
-		busybox \
-	; \
+	nproc="$(nproc)"; \
+	make -j "$nproc" busybox; \
 	./busybox --help; \
 	mkdir -p rootfs/bin; \
 	ln -vL busybox rootfs/bin/; \
 	\
-	ln -vL "$(which getconf)" rootfs/bin/getconf; \
+# copy "getconf" from Debian
+	getconf="$(which getconf)"; \
+	ln -vL "$getconf" rootfs/bin/getconf; \
 	\
 # hack hack hack hack hack
-# with glibc, static busybox uses libnss for DNS resolution :(
+# with glibc, busybox (static or not) uses libnss for DNS resolution :(
 	mkdir -p rootfs/etc; \
 	cp /etc/nsswitch.conf rootfs/etc/; \
 	mkdir -p rootfs/lib; \
 	ln -sT lib rootfs/lib64; \
+	gccMultiarch="$(gcc -print-multiarch)"; \
 	set -- \
 		rootfs/bin/busybox \
 		rootfs/bin/getconf \
-		/lib/"$(gcc -print-multiarch)"/libnss*.so.* \
+		/lib/"$gccMultiarch"/libnss*.so.* \
 # libpthread is part of glibc: https://stackoverflow.com/a/11210463/433558
-		/lib/"$(gcc -print-multiarch)"/libpthread*.so.* \
+		/lib/"$gccMultiarch"/libpthread*.so.* \
 	; \
 	while [ "$#" -gt 0 ]; do \
 		f="$1"; shift; \
@@ -109,29 +118,43 @@ RUN set -eux; \
 				cp -v "$f" "rootfs/lib/$fn"; \
 			fi; \
 		fi; \
-		set -- "$@" $(ldd "$f" | awk ' \
+		ldd="$(ldd "$f" | awk ' \
 			$1 ~ /^\// { print $1; next } \
 			$2 == "=>" && $3 ~ /^\// { print $3; next } \
-		'); \
+		')"; \
+		set -- "$@" $ldd; \
 	done; \
-	\
 	chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \
 	\
 	chroot rootfs /bin/busybox --install /bin
 
-# download a few extra files from buildroot (/etc/passwd, etc)
+# install a few extra files from buildroot (/etc/passwd, etc)
 RUN set -eux; \
 	buildrootVersion='2020.11.1'; \
-	mkdir -p rootfs/etc; \
-	for f in passwd shadow group; do \
-		curl -fL -o "rootfs/etc/$f" "https://git.busybox.net/buildroot/plain/system/skeleton/etc/$f?id=$buildrootVersion"; \
+	for file in \
+		system/device_table.txt \
+		system/skeleton/etc/group \
+		system/skeleton/etc/passwd \
+		system/skeleton/etc/shadow \
+	; do \
+		dir="$(dirname "$file")"; \
+		mkdir -p "../buildroot/$dir"; \
+		curl -fL -o "../buildroot/$file" "https://git.busybox.net/buildroot/plain/$file?id=$buildrootVersion"; \
+		[ -s "../buildroot/$file" ]; \
 	done; \
+	\
+	mkdir -p rootfs/etc; \
+	ln -vL \
+		../buildroot/system/skeleton/etc/group \
+		../buildroot/system/skeleton/etc/passwd \
+		../buildroot/system/skeleton/etc/shadow \
+		rootfs/etc/ \
+	; \
 # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
 	grep -E '^root::' rootfs/etc/shadow; \
 	sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
 	grep -E '^root:[*]:' rootfs/etc/shadow; \
 # set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt)
-	curl -fL -o buildroot-device-table.txt "https://git.busybox.net/buildroot/plain/system/device_table.txt?id=$buildrootVersion"; \
 	awk ' \
 		!/^#/ { \
 			if ($2 != "d" && $2 != "f") { \
@@ -144,8 +167,7 @@ RUN set -eux; \
 			} \
 			printf "chmod %s %s\n", $3, $1; \
 		} \
-	' buildroot-device-table.txt | bash -Eeuo pipefail -x; \
-	rm buildroot-device-table.txt
+	' ../buildroot/system/device_table.txt | sh -eux
 
 # create missing home directories
 RUN set -eux; \
diff --git a/busybox_glibc/busybox.tar.xz b/busybox_glibc/busybox.tar.xz
index 63e4cc4..13a15f7 100644
Binary files a/busybox_glibc/busybox.tar.xz and b/busybox_glibc/busybox.tar.xz differ
diff --git a/busybox_glibc/busybox.tar.xz  'tar -t' b/busybox_glibc/busybox.tar.xz  'tar -t'
index fb6f66b..69d70aa 100644
--- a/busybox_glibc/busybox.tar.xz  'tar -t'	
+++ b/busybox_glibc/busybox.tar.xz  'tar -t'	
@@ -13,7 +13,6 @@ bin/arp
 bin/arping
 bin/ash
 bin/awk
-bin/base32
 bin/base64
 bin/basename
 bin/bc
diff --git a/busybox_latest/Dockerfile.builder b/busybox_latest/Dockerfile.builder
index 2c49903..aa23234 100644
--- a/busybox_latest/Dockerfile.builder
+++ b/busybox_latest/Dockerfile.builder
@@ -1,3 +1,9 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM amd64/debian:buster-slim
 
 RUN set -eux; \
@@ -8,8 +14,14 @@ RUN set -eux; \
 		gcc \
 		gnupg dirmngr \
 		make \
-		\
-# buildroot
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+# grab/use buildroot for its uClibc toolchain
+
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y \
 		bc \
 		cpio \
 		dpkg-dev \
@@ -23,8 +35,6 @@ RUN set -eux; \
 	; \
 	rm -rf /var/lib/apt/lists/*
 
-# we grab buildroot for it's uClibc toolchain
-
 # pub   1024D/59C36319 2009-01-15
 #       Key fingerprint = AB07 D806 D2CE 741F B886  EE50 B025 BA8B 59C3 6319
 # uid                  Peter Korsgaard <jacmet@uclibc.org>
@@ -185,12 +195,14 @@ ENV PATH /usr/src/buildroot/output/host/usr/bin:$PATH
 # sub   1024g/2C766641 2006-12-12
 RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
 
-ENV BUSYBOX_VERSION 1.33.0
+ENV BUSYBOX_VERSION 1.32.1
+ENV BUSYBOX_SHA256 9d57c4bd33974140fd4111260468af22856f12f5b5ef7c70c8d9b75c712a0dee
 
 RUN set -eux; \
 	tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \
-	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
 	curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \
+	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
+	echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \
 	gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \
 	mkdir -p /usr/src/busybox; \
 	tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \
@@ -198,13 +210,13 @@ RUN set -eux; \
 
 WORKDIR /usr/src/busybox
 
-# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 RUN set -eux; \
 	\
 	setConfs=' \
 		CONFIG_AR=y \
 		CONFIG_FEATURE_AR_CREATE=y \
 		CONFIG_FEATURE_AR_LONG_FILENAMES=y \
+# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 		CONFIG_LAST_SUPPORTED_WCHAR=0 \
 		CONFIG_STATIC=y \
 	'; \
@@ -240,19 +252,19 @@ RUN set -eux; \
 	done; \
 	for confV in $setConfs; do \
 		grep -q "^$confV\$" .config; \
-	done;
+	done
 
 RUN set -eux; \
-	make -j "$(nproc)" \
-		CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)-" \
-		busybox \
-	; \
+	nproc="$(nproc)"; \
+	CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)"; \
+	export CROSS_COMPILE="$CROSS_COMPILE-"; \
+	make -j "$nproc" busybox; \
 	./busybox --help; \
 	mkdir -p rootfs/bin; \
 	ln -vL busybox rootfs/bin/; \
 	\
+# copy "getconf" from buildroot
 	ln -vL ../buildroot/output/target/usr/bin/getconf rootfs/bin/; \
-	\
 	chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \
 	\
 	chroot rootfs /bin/busybox --install /bin
@@ -260,11 +272,12 @@ RUN set -eux; \
 # install a few extra files from buildroot (/etc/passwd, etc)
 RUN set -eux; \
 	mkdir -p rootfs/etc; \
-	for f in passwd shadow group; do \
 	ln -vL \
-			"../buildroot/system/skeleton/etc/$f" \
-			"rootfs/etc/$f"; \
-	done; \
+		../buildroot/system/skeleton/etc/group \
+		../buildroot/system/skeleton/etc/passwd \
+		../buildroot/system/skeleton/etc/shadow \
+		rootfs/etc/ \
+	; \
 # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
 	grep -E '^root::' rootfs/etc/shadow; \
 	sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
@@ -282,7 +295,7 @@ RUN set -eux; \
 			} \
 			printf "chmod %s %s\n", $3, $1; \
 		} \
-	' ../buildroot/system/device_table.txt | bash -Eeuo pipefail -x
+	' ../buildroot/system/device_table.txt | sh -eux
 
 # create missing home directories
 RUN set -eux; \
diff --git a/busybox_latest/busybox.tar.xz b/busybox_latest/busybox.tar.xz
index 181ec9e..055b544 100644
Binary files a/busybox_latest/busybox.tar.xz and b/busybox_latest/busybox.tar.xz differ
diff --git a/busybox_latest/busybox.tar.xz  'tar -t' b/busybox_latest/busybox.tar.xz  'tar -t'
index a4df52b..f96e6db 100644
--- a/busybox_latest/busybox.tar.xz  'tar -t'	
+++ b/busybox_latest/busybox.tar.xz  'tar -t'	
@@ -13,7 +13,6 @@ bin/arp
 bin/arping
 bin/ash
 bin/awk
-bin/base32
 bin/base64
 bin/basename
 bin/bc
diff --git a/busybox_musl/Dockerfile.builder b/busybox_musl/Dockerfile.builder
index b528e68..d2352d5 100644
--- a/busybox_musl/Dockerfile.builder
+++ b/busybox_musl/Dockerfile.builder
@@ -1,6 +1,13 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM amd64/alpine:3.12
 
-RUN apk add --no-cache \
+RUN set -eux; \
+	apk add --no-cache \
 		bzip2 \
 		coreutils \
 		curl \
@@ -9,7 +16,8 @@ RUN apk add --no-cache \
 		linux-headers \
 		make \
 		musl-dev \
-		tzdata
+		tzdata \
+	;
 
 # pub   1024D/ACC9965B 2006-12-12
 #       Key fingerprint = C9E9 416F 76E6 10DB D09D  040F 47B7 0C55 ACC9 965B
@@ -17,12 +25,14 @@ RUN apk add --no-cache \
 # sub   1024g/2C766641 2006-12-12
 RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
 
-ENV BUSYBOX_VERSION 1.33.0
+ENV BUSYBOX_VERSION 1.32.1
+ENV BUSYBOX_SHA256 9d57c4bd33974140fd4111260468af22856f12f5b5ef7c70c8d9b75c712a0dee
 
 RUN set -eux; \
 	tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \
-	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
 	curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \
+	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
+	echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \
 	gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \
 	mkdir -p /usr/src/busybox; \
 	tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \
@@ -30,18 +40,13 @@ RUN set -eux; \
 
 WORKDIR /usr/src/busybox
 
-# https://www.mail-archive.com/toybox@lists.landley.net/msg02528.html
-# https://www.mail-archive.com/toybox@lists.landley.net/msg02526.html
-RUN sed -i 's/^struct kconf_id \*$/static &/g' scripts/kconfig/zconf.hash.c_shipped
-
-# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
-# see https://wiki.musl-libc.org/wiki/Building_Busybox
 RUN set -eux; \
 	\
 	setConfs=' \
 		CONFIG_AR=y \
 		CONFIG_FEATURE_AR_CREATE=y \
 		CONFIG_FEATURE_AR_LONG_FILENAMES=y \
+# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 		CONFIG_LAST_SUPPORTED_WCHAR=0 \
 		CONFIG_STATIC=y \
 	'; \
@@ -49,6 +54,7 @@ RUN set -eux; \
 	unsetConfs=' \
 		CONFIG_FEATURE_SYNC_FANCY \
 		\
+# see https://wiki.musl-libc.org/wiki/Building_Busybox
 		CONFIG_FEATURE_HAVE_RPC \
 		CONFIG_FEATURE_INETD_RPC \
 		CONFIG_FEATURE_UTMP \
@@ -82,40 +88,53 @@ RUN set -eux; \
 	done; \
 	for confV in $setConfs; do \
 		grep -q "^$confV\$" .config; \
-	done;
+	done
 
 RUN set -eux; \
-	make -j "$(nproc)" \
-		busybox \
-	; \
+	nproc="$(nproc)"; \
+	make -j "$nproc" busybox; \
 	./busybox --help; \
 	mkdir -p rootfs/bin; \
 	ln -vL busybox rootfs/bin/; \
-	chroot rootfs /bin/busybox --install /bin
-
-# grab a simplified getconf port from Alpine we can statically compile
-RUN set -eux; \
+	\
+# copy simplified getconf port from Alpine
 	aportsVersion="v$(cat /etc/alpine-release)"; \
 	curl -fsSL \
 		"https://git.alpinelinux.org/cgit/aports/plain/main/musl/getconf.c?h=${aportsVersion}" \
 		-o /usr/src/getconf.c \
 	; \
 	gcc -o rootfs/bin/getconf -static -Os /usr/src/getconf.c; \
-	chroot rootfs /bin/getconf _NPROCESSORS_ONLN
+	chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \
+	\
+	chroot rootfs /bin/busybox --install /bin
 
-# download a few extra files from buildroot (/etc/passwd, etc)
+# install a few extra files from buildroot (/etc/passwd, etc)
 RUN set -eux; \
 	buildrootVersion='2020.11.1'; \
-	mkdir -p rootfs/etc; \
-	for f in passwd shadow group; do \
-		curl -fL -o "rootfs/etc/$f" "https://git.busybox.net/buildroot/plain/system/skeleton/etc/$f?id=$buildrootVersion"; \
+	for file in \
+		system/device_table.txt \
+		system/skeleton/etc/group \
+		system/skeleton/etc/passwd \
+		system/skeleton/etc/shadow \
+	; do \
+		dir="$(dirname "$file")"; \
+		mkdir -p "../buildroot/$dir"; \
+		curl -fL -o "../buildroot/$file" "https://git.busybox.net/buildroot/plain/$file?id=$buildrootVersion"; \
+		[ -s "../buildroot/$file" ]; \
 	done; \
+	\
+	mkdir -p rootfs/etc; \
+	ln -vL \
+		../buildroot/system/skeleton/etc/group \
+		../buildroot/system/skeleton/etc/passwd \
+		../buildroot/system/skeleton/etc/shadow \
+		rootfs/etc/ \
+	; \
 # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
 	grep -E '^root::' rootfs/etc/shadow; \
 	sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
 	grep -E '^root:[*]:' rootfs/etc/shadow; \
 # set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt)
-	curl -fL -o buildroot-device-table.txt "https://git.busybox.net/buildroot/plain/system/device_table.txt?id=$buildrootVersion"; \
 	awk ' \
 		!/^#/ { \
 			if ($2 != "d" && $2 != "f") { \
@@ -128,8 +147,7 @@ RUN set -eux; \
 			} \
 			printf "chmod %s %s\n", $3, $1; \
 		} \
-	' buildroot-device-table.txt | sh -eux; \
-	rm buildroot-device-table.txt
+	' ../buildroot/system/device_table.txt | sh -eux
 
 # create missing home directories
 RUN set -eux; \
diff --git a/busybox_musl/busybox.tar.xz b/busybox_musl/busybox.tar.xz
index 3804275..acdaa48 100644
Binary files a/busybox_musl/busybox.tar.xz and b/busybox_musl/busybox.tar.xz differ
diff --git a/busybox_musl/busybox.tar.xz  'tar -t' b/busybox_musl/busybox.tar.xz  'tar -t'
index dbd5f78..bed1328 100644
--- a/busybox_musl/busybox.tar.xz  'tar -t'	
+++ b/busybox_musl/busybox.tar.xz  'tar -t'	
@@ -13,7 +13,6 @@ bin/arp
 bin/arping
 bin/ash
 bin/awk
-bin/base32
 bin/base64
 bin/basename
 bin/bc
diff --git a/busybox_uclibc/Dockerfile.builder b/busybox_uclibc/Dockerfile.builder
index 2c49903..aa23234 100644
--- a/busybox_uclibc/Dockerfile.builder
+++ b/busybox_uclibc/Dockerfile.builder
@@ -1,3 +1,9 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM amd64/debian:buster-slim
 
 RUN set -eux; \
@@ -8,8 +14,14 @@ RUN set -eux; \
 		gcc \
 		gnupg dirmngr \
 		make \
-		\
-# buildroot
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+# grab/use buildroot for its uClibc toolchain
+
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y \
 		bc \
 		cpio \
 		dpkg-dev \
@@ -23,8 +35,6 @@ RUN set -eux; \
 	; \
 	rm -rf /var/lib/apt/lists/*
 
-# we grab buildroot for it's uClibc toolchain
-
 # pub   1024D/59C36319 2009-01-15
 #       Key fingerprint = AB07 D806 D2CE 741F B886  EE50 B025 BA8B 59C3 6319
 # uid                  Peter Korsgaard <jacmet@uclibc.org>
@@ -185,12 +195,14 @@ ENV PATH /usr/src/buildroot/output/host/usr/bin:$PATH
 # sub   1024g/2C766641 2006-12-12
 RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
 
-ENV BUSYBOX_VERSION 1.33.0
+ENV BUSYBOX_VERSION 1.32.1
+ENV BUSYBOX_SHA256 9d57c4bd33974140fd4111260468af22856f12f5b5ef7c70c8d9b75c712a0dee
 
 RUN set -eux; \
 	tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \
-	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
 	curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \
+	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
+	echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \
 	gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \
 	mkdir -p /usr/src/busybox; \
 	tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \
@@ -198,13 +210,13 @@ RUN set -eux; \
 
 WORKDIR /usr/src/busybox
 
-# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 RUN set -eux; \
 	\
 	setConfs=' \
 		CONFIG_AR=y \
 		CONFIG_FEATURE_AR_CREATE=y \
 		CONFIG_FEATURE_AR_LONG_FILENAMES=y \
+# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 		CONFIG_LAST_SUPPORTED_WCHAR=0 \
 		CONFIG_STATIC=y \
 	'; \
@@ -240,19 +252,19 @@ RUN set -eux; \
 	done; \
 	for confV in $setConfs; do \
 		grep -q "^$confV\$" .config; \
-	done;
+	done
 
 RUN set -eux; \
-	make -j "$(nproc)" \
-		CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)-" \
-		busybox \
-	; \
+	nproc="$(nproc)"; \
+	CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)"; \
+	export CROSS_COMPILE="$CROSS_COMPILE-"; \
+	make -j "$nproc" busybox; \
 	./busybox --help; \
 	mkdir -p rootfs/bin; \
 	ln -vL busybox rootfs/bin/; \
 	\
+# copy "getconf" from buildroot
 	ln -vL ../buildroot/output/target/usr/bin/getconf rootfs/bin/; \
-	\
 	chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \
 	\
 	chroot rootfs /bin/busybox --install /bin
@@ -260,11 +272,12 @@ RUN set -eux; \
 # install a few extra files from buildroot (/etc/passwd, etc)
 RUN set -eux; \
 	mkdir -p rootfs/etc; \
-	for f in passwd shadow group; do \
 	ln -vL \
-			"../buildroot/system/skeleton/etc/$f" \
-			"rootfs/etc/$f"; \
-	done; \
+		../buildroot/system/skeleton/etc/group \
+		../buildroot/system/skeleton/etc/passwd \
+		../buildroot/system/skeleton/etc/shadow \
+		rootfs/etc/ \
+	; \
 # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
 	grep -E '^root::' rootfs/etc/shadow; \
 	sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
@@ -282,7 +295,7 @@ RUN set -eux; \
 			} \
 			printf "chmod %s %s\n", $3, $1; \
 		} \
-	' ../buildroot/system/device_table.txt | bash -Eeuo pipefail -x
+	' ../buildroot/system/device_table.txt | sh -eux
 
 # create missing home directories
 RUN set -eux; \
diff --git a/busybox_uclibc/busybox.tar.xz b/busybox_uclibc/busybox.tar.xz
index 181ec9e..055b544 100644
Binary files a/busybox_uclibc/busybox.tar.xz and b/busybox_uclibc/busybox.tar.xz differ
diff --git a/busybox_uclibc/busybox.tar.xz  'tar -t' b/busybox_uclibc/busybox.tar.xz  'tar -t'
index a4df52b..f96e6db 100644
--- a/busybox_uclibc/busybox.tar.xz  'tar -t'	
+++ b/busybox_uclibc/busybox.tar.xz  'tar -t'	
@@ -13,7 +13,6 @@ bin/arp
 bin/arping
 bin/ash
 bin/awk
-bin/base32
 bin/base64
 bin/basename
 bin/bc
diff --git a/busybox_glibc/Dockerfile b/busybox_unstable-glibc/Dockerfile
similarity index 100%
copy from busybox_glibc/Dockerfile
copy to busybox_unstable-glibc/Dockerfile
diff --git a/busybox_glibc/Dockerfile.builder b/busybox_unstable-glibc/Dockerfile.builder
similarity index 74%
copy from busybox_glibc/Dockerfile.builder
copy to busybox_unstable-glibc/Dockerfile.builder
index 0054dcc..c43d13d 100644
--- a/busybox_glibc/Dockerfile.builder
+++ b/busybox_unstable-glibc/Dockerfile.builder
@@ -1,3 +1,9 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM amd64/debian:buster-slim
 
 RUN set -eux; \
@@ -18,11 +24,13 @@ RUN set -eux; \
 RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
 
 ENV BUSYBOX_VERSION 1.33.0
+ENV BUSYBOX_SHA256 d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd
 
 RUN set -eux; \
 	tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \
-	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
 	curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \
+	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
+	echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \
 	gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \
 	mkdir -p /usr/src/busybox; \
 	tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \
@@ -30,16 +38,15 @@ RUN set -eux; \
 
 WORKDIR /usr/src/busybox
 
-# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 RUN set -eux; \
 	\
 	setConfs=' \
 		CONFIG_AR=y \
 		CONFIG_FEATURE_AR_CREATE=y \
 		CONFIG_FEATURE_AR_LONG_FILENAMES=y \
+# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 		CONFIG_LAST_SUPPORTED_WCHAR=0 \
-# As long as we rely on libnss, we have to have libc.so anyhow, so
-# we've removed CONFIG_STATIC here for now... :cry:
+# As long as we rely on libnss (see below), we have to have libc.so anyhow, so we've removed CONFIG_STATIC here... :cry:
 	'; \
 	\
 	unsetConfs=' \
@@ -73,30 +80,32 @@ RUN set -eux; \
 	done; \
 	for confV in $setConfs; do \
 		grep -q "^$confV\$" .config; \
-	done;
+	done
 
 RUN set -eux; \
-	make -j "$(nproc)" \
-		busybox \
-	; \
+	nproc="$(nproc)"; \
+	make -j "$nproc" busybox; \
 	./busybox --help; \
 	mkdir -p rootfs/bin; \
 	ln -vL busybox rootfs/bin/; \
 	\
-	ln -vL "$(which getconf)" rootfs/bin/getconf; \
+# copy "getconf" from Debian
+	getconf="$(which getconf)"; \
+	ln -vL "$getconf" rootfs/bin/getconf; \
 	\
 # hack hack hack hack hack
-# with glibc, static busybox uses libnss for DNS resolution :(
+# with glibc, busybox (static or not) uses libnss for DNS resolution :(
 	mkdir -p rootfs/etc; \
 	cp /etc/nsswitch.conf rootfs/etc/; \
 	mkdir -p rootfs/lib; \
 	ln -sT lib rootfs/lib64; \
+	gccMultiarch="$(gcc -print-multiarch)"; \
 	set -- \
 		rootfs/bin/busybox \
 		rootfs/bin/getconf \
-		/lib/"$(gcc -print-multiarch)"/libnss*.so.* \
+		/lib/"$gccMultiarch"/libnss*.so.* \
 # libpthread is part of glibc: https://stackoverflow.com/a/11210463/433558
-		/lib/"$(gcc -print-multiarch)"/libpthread*.so.* \
+		/lib/"$gccMultiarch"/libpthread*.so.* \
 	; \
 	while [ "$#" -gt 0 ]; do \
 		f="$1"; shift; \
@@ -109,29 +118,43 @@ RUN set -eux; \
 				cp -v "$f" "rootfs/lib/$fn"; \
 			fi; \
 		fi; \
-		set -- "$@" $(ldd "$f" | awk ' \
+		ldd="$(ldd "$f" | awk ' \
 			$1 ~ /^\// { print $1; next } \
 			$2 == "=>" && $3 ~ /^\// { print $3; next } \
-		'); \
+		')"; \
+		set -- "$@" $ldd; \
 	done; \
-	\
 	chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \
 	\
 	chroot rootfs /bin/busybox --install /bin
 
-# download a few extra files from buildroot (/etc/passwd, etc)
+# install a few extra files from buildroot (/etc/passwd, etc)
 RUN set -eux; \
 	buildrootVersion='2020.11.1'; \
-	mkdir -p rootfs/etc; \
-	for f in passwd shadow group; do \
-		curl -fL -o "rootfs/etc/$f" "https://git.busybox.net/buildroot/plain/system/skeleton/etc/$f?id=$buildrootVersion"; \
+	for file in \
+		system/device_table.txt \
+		system/skeleton/etc/group \
+		system/skeleton/etc/passwd \
+		system/skeleton/etc/shadow \
+	; do \
+		dir="$(dirname "$file")"; \
+		mkdir -p "../buildroot/$dir"; \
+		curl -fL -o "../buildroot/$file" "https://git.busybox.net/buildroot/plain/$file?id=$buildrootVersion"; \
+		[ -s "../buildroot/$file" ]; \
 	done; \
+	\
+	mkdir -p rootfs/etc; \
+	ln -vL \
+		../buildroot/system/skeleton/etc/group \
+		../buildroot/system/skeleton/etc/passwd \
+		../buildroot/system/skeleton/etc/shadow \
+		rootfs/etc/ \
+	; \
 # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
 	grep -E '^root::' rootfs/etc/shadow; \
 	sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
 	grep -E '^root:[*]:' rootfs/etc/shadow; \
 # set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt)
-	curl -fL -o buildroot-device-table.txt "https://git.busybox.net/buildroot/plain/system/device_table.txt?id=$buildrootVersion"; \
 	awk ' \
 		!/^#/ { \
 			if ($2 != "d" && $2 != "f") { \
@@ -144,8 +167,7 @@ RUN set -eux; \
 			} \
 			printf "chmod %s %s\n", $3, $1; \
 		} \
-	' buildroot-device-table.txt | bash -Eeuo pipefail -x; \
-	rm buildroot-device-table.txt
+	' ../buildroot/system/device_table.txt | sh -eux
 
 # create missing home directories
 RUN set -eux; \
diff --git a/busybox_glibc/busybox.tar.xz b/busybox_unstable-glibc/busybox.tar.xz
similarity index 21%
copy from busybox_glibc/busybox.tar.xz
copy to busybox_unstable-glibc/busybox.tar.xz
index 63e4cc4..8853235 100644
Binary files a/busybox_glibc/busybox.tar.xz and b/busybox_unstable-glibc/busybox.tar.xz differ
diff --git a/busybox_glibc/busybox.tar.xz  'tar -t' b/busybox_unstable-glibc/busybox.tar.xz  'tar -t'
similarity index 100%
copy from busybox_glibc/busybox.tar.xz  'tar -t'
copy to busybox_unstable-glibc/busybox.tar.xz  'tar -t'
diff --git a/busybox_glibc/Dockerfile b/busybox_unstable-musl/Dockerfile
similarity index 100%
copy from busybox_glibc/Dockerfile
copy to busybox_unstable-musl/Dockerfile
diff --git a/busybox_musl/Dockerfile.builder b/busybox_unstable-musl/Dockerfile.builder
similarity index 78%
copy from busybox_musl/Dockerfile.builder
copy to busybox_unstable-musl/Dockerfile.builder
index b528e68..8d7da8e 100644
--- a/busybox_musl/Dockerfile.builder
+++ b/busybox_unstable-musl/Dockerfile.builder
@@ -1,6 +1,13 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM amd64/alpine:3.12
 
-RUN apk add --no-cache \
+RUN set -eux; \
+	apk add --no-cache \
 		bzip2 \
 		coreutils \
 		curl \
@@ -9,7 +16,8 @@ RUN apk add --no-cache \
 		linux-headers \
 		make \
 		musl-dev \
-		tzdata
+		tzdata \
+	;
 
 # pub   1024D/ACC9965B 2006-12-12
 #       Key fingerprint = C9E9 416F 76E6 10DB D09D  040F 47B7 0C55 ACC9 965B
@@ -18,11 +26,13 @@ RUN apk add --no-cache \
 RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
 
 ENV BUSYBOX_VERSION 1.33.0
+ENV BUSYBOX_SHA256 d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd
 
 RUN set -eux; \
 	tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \
-	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
 	curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \
+	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
+	echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \
 	gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \
 	mkdir -p /usr/src/busybox; \
 	tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \
@@ -30,18 +40,13 @@ RUN set -eux; \
 
 WORKDIR /usr/src/busybox
 
-# https://www.mail-archive.com/toybox@lists.landley.net/msg02528.html
-# https://www.mail-archive.com/toybox@lists.landley.net/msg02526.html
-RUN sed -i 's/^struct kconf_id \*$/static &/g' scripts/kconfig/zconf.hash.c_shipped
-
-# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
-# see https://wiki.musl-libc.org/wiki/Building_Busybox
 RUN set -eux; \
 	\
 	setConfs=' \
 		CONFIG_AR=y \
 		CONFIG_FEATURE_AR_CREATE=y \
 		CONFIG_FEATURE_AR_LONG_FILENAMES=y \
+# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 		CONFIG_LAST_SUPPORTED_WCHAR=0 \
 		CONFIG_STATIC=y \
 	'; \
@@ -49,6 +54,7 @@ RUN set -eux; \
 	unsetConfs=' \
 		CONFIG_FEATURE_SYNC_FANCY \
 		\
+# see https://wiki.musl-libc.org/wiki/Building_Busybox
 		CONFIG_FEATURE_HAVE_RPC \
 		CONFIG_FEATURE_INETD_RPC \
 		CONFIG_FEATURE_UTMP \
@@ -82,40 +88,53 @@ RUN set -eux; \
 	done; \
 	for confV in $setConfs; do \
 		grep -q "^$confV\$" .config; \
-	done;
+	done
 
 RUN set -eux; \
-	make -j "$(nproc)" \
-		busybox \
-	; \
+	nproc="$(nproc)"; \
+	make -j "$nproc" busybox; \
 	./busybox --help; \
 	mkdir -p rootfs/bin; \
 	ln -vL busybox rootfs/bin/; \
-	chroot rootfs /bin/busybox --install /bin
-
-# grab a simplified getconf port from Alpine we can statically compile
-RUN set -eux; \
+	\
+# copy simplified getconf port from Alpine
 	aportsVersion="v$(cat /etc/alpine-release)"; \
 	curl -fsSL \
 		"https://git.alpinelinux.org/cgit/aports/plain/main/musl/getconf.c?h=${aportsVersion}" \
 		-o /usr/src/getconf.c \
 	; \
 	gcc -o rootfs/bin/getconf -static -Os /usr/src/getconf.c; \
-	chroot rootfs /bin/getconf _NPROCESSORS_ONLN
+	chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \
+	\
+	chroot rootfs /bin/busybox --install /bin
 
-# download a few extra files from buildroot (/etc/passwd, etc)
+# install a few extra files from buildroot (/etc/passwd, etc)
 RUN set -eux; \
 	buildrootVersion='2020.11.1'; \
-	mkdir -p rootfs/etc; \
-	for f in passwd shadow group; do \
-		curl -fL -o "rootfs/etc/$f" "https://git.busybox.net/buildroot/plain/system/skeleton/etc/$f?id=$buildrootVersion"; \
+	for file in \
+		system/device_table.txt \
+		system/skeleton/etc/group \
+		system/skeleton/etc/passwd \
+		system/skeleton/etc/shadow \
+	; do \
+		dir="$(dirname "$file")"; \
+		mkdir -p "../buildroot/$dir"; \
+		curl -fL -o "../buildroot/$file" "https://git.busybox.net/buildroot/plain/$file?id=$buildrootVersion"; \
+		[ -s "../buildroot/$file" ]; \
 	done; \
+	\
+	mkdir -p rootfs/etc; \
+	ln -vL \
+		../buildroot/system/skeleton/etc/group \
+		../buildroot/system/skeleton/etc/passwd \
+		../buildroot/system/skeleton/etc/shadow \
+		rootfs/etc/ \
+	; \
 # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
 	grep -E '^root::' rootfs/etc/shadow; \
 	sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
 	grep -E '^root:[*]:' rootfs/etc/shadow; \
 # set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt)
-	curl -fL -o buildroot-device-table.txt "https://git.busybox.net/buildroot/plain/system/device_table.txt?id=$buildrootVersion"; \
 	awk ' \
 		!/^#/ { \
 			if ($2 != "d" && $2 != "f") { \
@@ -128,8 +147,7 @@ RUN set -eux; \
 			} \
 			printf "chmod %s %s\n", $3, $1; \
 		} \
-	' buildroot-device-table.txt | sh -eux; \
-	rm buildroot-device-table.txt
+	' ../buildroot/system/device_table.txt | sh -eux
 
 # create missing home directories
 RUN set -eux; \
diff --git a/busybox_unstable-musl/busybox.tar.xz b/busybox_unstable-musl/busybox.tar.xz
new file mode 100644
index 0000000..e043a07
Binary files /dev/null and b/busybox_unstable-musl/busybox.tar.xz differ
diff --git a/busybox_musl/busybox.tar.xz  'tar -t' b/busybox_unstable-musl/busybox.tar.xz  'tar -t'
similarity index 100%
copy from busybox_musl/busybox.tar.xz  'tar -t'
copy to busybox_unstable-musl/busybox.tar.xz  'tar -t'
diff --git a/busybox_glibc/Dockerfile b/busybox_unstable-uclibc/Dockerfile
similarity index 100%
copy from busybox_glibc/Dockerfile
copy to busybox_unstable-uclibc/Dockerfile
diff --git a/busybox_uclibc/Dockerfile.builder b/busybox_unstable-uclibc/Dockerfile.builder
similarity index 90%
copy from busybox_uclibc/Dockerfile.builder
copy to busybox_unstable-uclibc/Dockerfile.builder
index 2c49903..020ba75 100644
--- a/busybox_uclibc/Dockerfile.builder
+++ b/busybox_unstable-uclibc/Dockerfile.builder
@@ -1,3 +1,9 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM amd64/debian:buster-slim
 
 RUN set -eux; \
@@ -8,8 +14,14 @@ RUN set -eux; \
 		gcc \
 		gnupg dirmngr \
 		make \
-		\
-# buildroot
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+# grab/use buildroot for its uClibc toolchain
+
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y \
 		bc \
 		cpio \
 		dpkg-dev \
@@ -23,8 +35,6 @@ RUN set -eux; \
 	; \
 	rm -rf /var/lib/apt/lists/*
 
-# we grab buildroot for it's uClibc toolchain
-
 # pub   1024D/59C36319 2009-01-15
 #       Key fingerprint = AB07 D806 D2CE 741F B886  EE50 B025 BA8B 59C3 6319
 # uid                  Peter Korsgaard <jacmet@uclibc.org>
@@ -186,11 +196,13 @@ ENV PATH /usr/src/buildroot/output/host/usr/bin:$PATH
 RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
 
 ENV BUSYBOX_VERSION 1.33.0
+ENV BUSYBOX_SHA256 d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd
 
 RUN set -eux; \
 	tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \
-	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
 	curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \
+	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
+	echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \
 	gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \
 	mkdir -p /usr/src/busybox; \
 	tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \
@@ -198,13 +210,13 @@ RUN set -eux; \
 
 WORKDIR /usr/src/busybox
 
-# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 RUN set -eux; \
 	\
 	setConfs=' \
 		CONFIG_AR=y \
 		CONFIG_FEATURE_AR_CREATE=y \
 		CONFIG_FEATURE_AR_LONG_FILENAMES=y \
+# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 		CONFIG_LAST_SUPPORTED_WCHAR=0 \
 		CONFIG_STATIC=y \
 	'; \
@@ -240,19 +252,19 @@ RUN set -eux; \
 	done; \
 	for confV in $setConfs; do \
 		grep -q "^$confV\$" .config; \
-	done;
+	done
 
 RUN set -eux; \
-	make -j "$(nproc)" \
-		CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)-" \
-		busybox \
-	; \
+	nproc="$(nproc)"; \
+	CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)"; \
+	export CROSS_COMPILE="$CROSS_COMPILE-"; \
+	make -j "$nproc" busybox; \
 	./busybox --help; \
 	mkdir -p rootfs/bin; \
 	ln -vL busybox rootfs/bin/; \
 	\
+# copy "getconf" from buildroot
 	ln -vL ../buildroot/output/target/usr/bin/getconf rootfs/bin/; \
-	\
 	chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \
 	\
 	chroot rootfs /bin/busybox --install /bin
@@ -260,11 +272,12 @@ RUN set -eux; \
 # install a few extra files from buildroot (/etc/passwd, etc)
 RUN set -eux; \
 	mkdir -p rootfs/etc; \
-	for f in passwd shadow group; do \
 	ln -vL \
-			"../buildroot/system/skeleton/etc/$f" \
-			"rootfs/etc/$f"; \
-	done; \
+		../buildroot/system/skeleton/etc/group \
+		../buildroot/system/skeleton/etc/passwd \
+		../buildroot/system/skeleton/etc/shadow \
+		rootfs/etc/ \
+	; \
 # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
 	grep -E '^root::' rootfs/etc/shadow; \
 	sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
@@ -282,7 +295,7 @@ RUN set -eux; \
 			} \
 			printf "chmod %s %s\n", $3, $1; \
 		} \
-	' ../buildroot/system/device_table.txt | bash -Eeuo pipefail -x
+	' ../buildroot/system/device_table.txt | sh -eux
 
 # create missing home directories
 RUN set -eux; \
diff --git a/busybox_unstable-uclibc/busybox.tar.xz b/busybox_unstable-uclibc/busybox.tar.xz
new file mode 100644
index 0000000..dcfa98c
Binary files /dev/null and b/busybox_unstable-uclibc/busybox.tar.xz differ
diff --git a/busybox_latest/busybox.tar.xz  'tar -t' b/busybox_unstable-uclibc/busybox.tar.xz  'tar -t'
similarity index 100%
copy from busybox_latest/busybox.tar.xz  'tar -t'
copy to busybox_unstable-uclibc/busybox.tar.xz  'tar -t'
diff --git a/busybox_glibc/Dockerfile b/busybox_unstable/Dockerfile
similarity index 100%
copy from busybox_glibc/Dockerfile
copy to busybox_unstable/Dockerfile
diff --git a/busybox_uclibc/Dockerfile.builder b/busybox_unstable/Dockerfile.builder
similarity index 90%
copy from busybox_uclibc/Dockerfile.builder
copy to busybox_unstable/Dockerfile.builder
index 2c49903..020ba75 100644
--- a/busybox_uclibc/Dockerfile.builder
+++ b/busybox_unstable/Dockerfile.builder
@@ -1,3 +1,9 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM amd64/debian:buster-slim
 
 RUN set -eux; \
@@ -8,8 +14,14 @@ RUN set -eux; \
 		gcc \
 		gnupg dirmngr \
 		make \
-		\
-# buildroot
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+# grab/use buildroot for its uClibc toolchain
+
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y \
 		bc \
 		cpio \
 		dpkg-dev \
@@ -23,8 +35,6 @@ RUN set -eux; \
 	; \
 	rm -rf /var/lib/apt/lists/*
 
-# we grab buildroot for it's uClibc toolchain
-
 # pub   1024D/59C36319 2009-01-15
 #       Key fingerprint = AB07 D806 D2CE 741F B886  EE50 B025 BA8B 59C3 6319
 # uid                  Peter Korsgaard <jacmet@uclibc.org>
@@ -186,11 +196,13 @@ ENV PATH /usr/src/buildroot/output/host/usr/bin:$PATH
 RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
 
 ENV BUSYBOX_VERSION 1.33.0
+ENV BUSYBOX_SHA256 d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd
 
 RUN set -eux; \
 	tarball="busybox-${BUSYBOX_VERSION}.tar.bz2"; \
-	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
 	curl -fL -o busybox.tar.bz2.sig "https://busybox.net/downloads/$tarball.sig"; \
+	curl -fL -o busybox.tar.bz2 "https://busybox.net/downloads/$tarball"; \
+	echo "$BUSYBOX_SHA256 *busybox.tar.bz2" | sha256sum -c -; \
 	gpg --batch --verify busybox.tar.bz2.sig busybox.tar.bz2; \
 	mkdir -p /usr/src/busybox; \
 	tar -xf busybox.tar.bz2 -C /usr/src/busybox --strip-components 1; \
@@ -198,13 +210,13 @@ RUN set -eux; \
 
 WORKDIR /usr/src/busybox
 
-# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 RUN set -eux; \
 	\
 	setConfs=' \
 		CONFIG_AR=y \
 		CONFIG_FEATURE_AR_CREATE=y \
 		CONFIG_FEATURE_AR_LONG_FILENAMES=y \
+# CONFIG_LAST_SUPPORTED_WCHAR: see https://github.com/docker-library/busybox/issues/13 (UTF-8 input)
 		CONFIG_LAST_SUPPORTED_WCHAR=0 \
 		CONFIG_STATIC=y \
 	'; \
@@ -240,19 +252,19 @@ RUN set -eux; \
 	done; \
 	for confV in $setConfs; do \
 		grep -q "^$confV\$" .config; \
-	done;
+	done
 
 RUN set -eux; \
-	make -j "$(nproc)" \
-		CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)-" \
-		busybox \
-	; \
+	nproc="$(nproc)"; \
+	CROSS_COMPILE="$(basename /usr/src/buildroot/output/host/usr/*-buildroot-linux-uclibc*)"; \
+	export CROSS_COMPILE="$CROSS_COMPILE-"; \
+	make -j "$nproc" busybox; \
 	./busybox --help; \
 	mkdir -p rootfs/bin; \
 	ln -vL busybox rootfs/bin/; \
 	\
+# copy "getconf" from buildroot
 	ln -vL ../buildroot/output/target/usr/bin/getconf rootfs/bin/; \
-	\
 	chroot rootfs /bin/getconf _NPROCESSORS_ONLN; \
 	\
 	chroot rootfs /bin/busybox --install /bin
@@ -260,11 +272,12 @@ RUN set -eux; \
 # install a few extra files from buildroot (/etc/passwd, etc)
 RUN set -eux; \
 	mkdir -p rootfs/etc; \
-	for f in passwd shadow group; do \
 	ln -vL \
-			"../buildroot/system/skeleton/etc/$f" \
-			"rootfs/etc/$f"; \
-	done; \
+		../buildroot/system/skeleton/etc/group \
+		../buildroot/system/skeleton/etc/passwd \
+		../buildroot/system/skeleton/etc/shadow \
+		rootfs/etc/ \
+	; \
 # CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
 	grep -E '^root::' rootfs/etc/shadow; \
 	sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
@@ -282,7 +295,7 @@ RUN set -eux; \
 			} \
 			printf "chmod %s %s\n", $3, $1; \
 		} \
-	' ../buildroot/system/device_table.txt | bash -Eeuo pipefail -x
+	' ../buildroot/system/device_table.txt | sh -eux
 
 # create missing home directories
 RUN set -eux; \
diff --git a/busybox_unstable/busybox.tar.xz b/busybox_unstable/busybox.tar.xz
new file mode 100644
index 0000000..dcfa98c
Binary files /dev/null and b/busybox_unstable/busybox.tar.xz differ
diff --git a/busybox_latest/busybox.tar.xz  'tar -t' b/busybox_unstable/busybox.tar.xz  'tar -t'
similarity index 100%
copy from busybox_latest/busybox.tar.xz  'tar -t'
copy to busybox_unstable/busybox.tar.xz  'tar -t'

github-actions bot added the library/busybox label Jan 12, 2021

yosifkit merged commit e5b1943 into docker-library:master Jan 12, 2021

yosifkit deleted the busybox branch January 12, 2021 23:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update busybox #9409

Update busybox #9409

Uh oh!

tianon commented Jan 12, 2021

Uh oh!

github-actions bot commented Jan 12, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Update busybox #9409

Update busybox #9409

Uh oh!

Conversation

tianon commented Jan 12, 2021

Uh oh!

github-actions bot commented Jan 12, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants