From e9848b804cc780110f8e42ba2cfbf25ea12f7008 Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Sun, 30 Oct 2022 20:00:02 +0100
Subject: [PATCH] feat(alpine): 3.16.2

---
 alpine/Containerfile | 34 ++++++++++++++++++++++++++++++++++
 alpine/README.md     | 10 ++++++++++
 alpine/scan-deps.sh  |  2 ++
 alpine/zknt-ca.pem   | 35 +++++++++++++++++++++++++++++++++++
 4 files changed, 81 insertions(+)
 create mode 100644 alpine/Containerfile
 create mode 100644 alpine/README.md
 create mode 100755 alpine/scan-deps.sh
 create mode 100644 alpine/zknt-ca.pem

diff --git a/alpine/Containerfile b/alpine/Containerfile
new file mode 100644
index 0000000..ac6fc2b
--- /dev/null
+++ b/alpine/Containerfile
@@ -0,0 +1,34 @@
+ARG VERSION=3.16.2
+
+FROM alpine as build
+ARG VERSION
+ENV VERSION $VERSION
+
+ENV ALPINE_SERIES 3.16
+ENV ALPINE_MIRROR https://ftp.halifax.rwth-aachen.de/alpine/v${ALPINE_SERIES}
+ENV ALPINE_ARCH x86_64
+
+WORKDIR /root
+RUN set -xo pipefail; apk add --no-cache curl gnupg &&\
+  curl -LO ${ALPINE_MIRROR}/releases/${ALPINE_ARCH}/alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz &&\
+  curl -LO ${ALPINE_MIRROR}/releases/${ALPINE_ARCH}/alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz.asc &&\
+  gpg --recv 0482D84022F52DF1C4E7CD43293ACD0907D9495A &&\
+  gpg --verify alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz.asc alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz &&\
+  mkdir /dest &&\
+  tar -C /dest -xvzf alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz &&\
+  sed -i "s#http://dl-cdn.alpinelinux.org/alpine/v${ALPINE_SERIES}#${ALPINE_MIRROR}#g" /dest/etc/apk/repositories
+ADD scan-deps.sh /bin/scan-deps
+
+FROM scratch
+ARG VERSION
+ENV VERSION $VERSION
+
+COPY --from=build /dest /
+ADD zknt-ca.pem /usr/share/ca-certificates/zknt-ca.pem
+RUN set -xe;\
+  apk add --no-cache ca-certificates curl &&\
+  apk upgrade -a &&\
+  update-ca-certificates &&\
+  rm -rf /var/cache/apk/*
+CMD ["/bin/sh"]
+LABEL version.alpine=$VERSION
diff --git a/alpine/README.md b/alpine/README.md
new file mode 100644
index 0000000..b2ea929
--- /dev/null
+++ b/alpine/README.md
@@ -0,0 +1,10 @@
+stock alpine
+============
+
+Basic Alpine base image, pulling Alpines minirootfs and extracting to `scratch`.
+
+Embeds ZKNT CA.
+
+Source repository: https://git.zknt.org/k8s/images
+
+Public registry: https://quay.io/repository/zknt/alpine
diff --git a/alpine/scan-deps.sh b/alpine/scan-deps.sh
new file mode 100755
index 0000000..cbbbd6d
--- /dev/null
+++ b/alpine/scan-deps.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+scanelf --needed --nobanner --format '%n#p' --recursive $@ | tr ',' '\n' | sort -u | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }'
diff --git a/alpine/zknt-ca.pem b/alpine/zknt-ca.pem
new file mode 100644
index 0000000..0171834
--- /dev/null
+++ b/alpine/zknt-ca.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGBzCCA++gAwIBAgIUCvAvdZQbjS3cB3bJFMWiO9dCtbcwDQYJKoZIhvcNAQEL
+BQAwgZIxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdI
+YW1idXJnMQ0wCwYDVQQKEwRaS05UMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo
+b3JpdHkxEDAOBgNVBAMTB1pLTlQgQ0ExHjAcBgkqhkiG9w0BCQEWD3N5c2FkbUB6
+a250Lm9yZzAeFw0yMDExMjYwOTQ1MDFaFw00MDExMjEwOTQ1MDFaMIGSMQswCQYD
+VQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzENMAsG
+A1UEChMEWktOVDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAwDgYD
+VQQDEwdaS05UIENBMR4wHAYJKoZIhvcNAQkBFg9zeXNhZG1AemtudC5vcmcwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJFP7u1XaKinkO0CUmTZG9P9vk
+jlz0MeFj+AZcy0N+/vpLtFNDkSlRfFKAt9ZrOkvB8P88/ki5UPm0tcFA2zTBe8jI
+HpK3ief8fB3SaaqqQPxlhUmTWwW7BhnCQ3RNWs9R2D5PB8nOlftLDi+zjV6m4AzY
+aR9/3P6EvyrU5xHQ5R4u6HJbXpM6JO/5SpzOy4OmpsZw9tD3OnqRJtXKqPfIzyZz
+Y0EDifH+5KGdRCnplQAbI6FVjAytaS10Sg1z7dK2kb2RV9aDFjvDSfULmcAl4LWi
+L2YkmzQWkk92thubABZPUwp41917RUcASRH8LkWfBT908a0Qa731gHl+07hzz6QL
+vHvEJlvHYXAxkSrvde0TW183VkQpnkNw/xTIhQAKTPexof6OTGCnQrI4d1Q9WnHq
+oF2CyWLtK5rKvE+FcAnZ9zM8AINtTjNuQ5tv5TKJXMmUTPh6RtzwFtB4efNKyV5Z
+eSMU0779IgxWWnlcPsXM/rgAADDuZU7F5IKMykA0ZitlBWLLzvxL7t5HByh1iaBi
+CcOQPBWsuqarGmyJW5Iw7Xf97DXII1FySsIuaBPzIM92GNiCy79G24pRzU3HrP1B
+U3JRRQWLesDyCB4xlSqNCIdE5qQBs1a22HPH7ytmR2sP+fiI/F5Uy9+VursoUGSa
+QyBFw8TZv0riW3NSHwIDAQABo1MwUTAdBgNVHQ4EFgQUQpkLrbSkPZtRJ5S8RWDW
+PVQrIUYwHwYDVR0jBBgwFoAUQpkLrbSkPZtRJ5S8RWDWPVQrIUYwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEABBD3+TXgCRyAjws2hIBYOaigojW0
+JgXsXwyk/xgMFyl5EcSUa/yjvo7cy7KhnWvwvvpnxLJJObCO9WbWMZj9XgIox11Z
+dlW/rHEfkPm3XuImvL+N+g3nm58LAydEJAOeHXYU7MzFEWoe8d4s8nwU4HIxapzg
+FCAGoNyh4wcXFrAMu0y122SMEMEr/aFStcpMz/AG3BtgBv91q34JEMUYy5P1FIOL
+Y78xAB4DLB+mPIFyGmMK3uWa3S11k3X7DthJkAj2ioE/dr9y9Gt+72wlY+kQazEt
+hP5mJgerpv6cm9lQE1lGdaBN3JrYaHK67h2b0zc5gjm/No8pkTxNzc2n4+EjffoD
+D1YCL9YPSbzrymxFYH32323K/IMUhfiFpIFaihl7Tv48rXP4jalmexQapsgbUTjv
+l/YJUfq6Tqbae4GJtMBmlDEWPOXNM0rioFUWUqCtuR0wYkmqpB5mNkr833UgI5Vl
+9TzCmBUxi1nfci/sdop1HhnIR0ixa5IFjsr798ehmSxWsTvTyEkzWpSY1Vl2x58q
+WM/2qP1OarzEsymzWV2wK0skBr56aaDjsX/T98AWyKwoUPeJji5SVr5nAf3tbL8c
+wRM+0Id/3Cuy3RwXZlLOQlTJtu/SxDo5l0Ynuuto1owS+qT+D9mmj30YTB6iGRzY
+jmgC89useNyzVdo=
+-----END CERTIFICATE-----