deblobbify, replacing the system folder with several other components

Author: robertkirkman

.github/workflows/docker_build.yml

@@ -14,38 +14,162 @@ env:
   DOCKER_BUILDKIT: 1
 
 jobs:
-  main:
+  aarch64:
+    runs-on: ubuntu-24.04-arm
+    steps:
+
+    - name: Clone repository
+      uses: actions/checkout@v4
+
+    - name: Set architecture variable
+      run: echo "ARCHITECTURE=$(uname -m)" >> $GITHUB_ENV
+
+    - name: Build image
+      run: ./generate.sh
+
+    - name: Login to Docker Hub
+      if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' && github.repository == 'termux/termux-docker'
+      uses: docker/login-action@v3
+      with:
+        username: grimler
+        password: ${{ secrets.GRIMLER_DOCKER_TOKEN }}
+
+    - name: Push to Docker Hub
+      if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' && github.repository == 'termux/termux-docker'
+      run: |
+        docker push termux/termux-docker:${{ matrix.CPU_ARCH }}
+        if [ ${{ matrix.CPU_ARCH }} = i686 ]; then
+          docker tag termux/termux-docker:i686 termux/termux-docker:latest
+          docker push termux/termux-docker:latest
+        fi
+
+    - name: Export container as tar archive
+      if: always()
+      run: |
+        docker run \
+          --name termux-docker \
+          termux/termux-docker:"${ARCHITECTURE}" \
+          uname -a
+        docker stop termux-docker
+        docker export -o termux-docker.tar \
+          termux-docker
+        sha256sum termux-docker.tar
+
+    - name: Store tar archive
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: termux-docker-${{ github.sha }}
+        path: termux-docker.tar
+
+  arm:
+    runs-on: ubuntu-24.04-arm
+    steps:
+
+    - name: Clone repository
+      uses: actions/checkout@v4
+
+    - name: Set architecture variable
+      run: echo "ARCHITECTURE=arm" >> $GITHUB_ENV
+
+    - name: Build image
+      run: ./generate.sh
+
+    - name: Login to Docker Hub
+      if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' && github.repository == 'termux/termux-docker'
+      uses: docker/login-action@v3
+      with:
+        username: grimler
+        password: ${{ secrets.GRIMLER_DOCKER_TOKEN }}
+
+    - name: Push to Docker Hub
+      if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' && github.repository == 'termux/termux-docker'
+      run: |
+        docker push termux/termux-docker:${{ matrix.CPU_ARCH }}
+        if [ ${{ matrix.CPU_ARCH }} = i686 ]; then
+          docker tag termux/termux-docker:i686 termux/termux-docker:latest
+          docker push termux/termux-docker:latest
+        fi
+
+    - name: Export container as tar archive
+      if: always()
+      run: |
+        docker run \
+          --name termux-docker \
+          termux/termux-docker:"${ARCHITECTURE}" \
+          uname -a
+        docker stop termux-docker
+        docker export -o termux-docker.tar \
+          termux-docker
+        sha256sum termux-docker.tar
+
+    - name: Store tar archive
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: termux-docker-${{ github.sha }}
+        path: termux-docker.tar
+
+  x86_64:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        CPU_ARCH:
-          - aarch64
-          - arm
-          - i686
-          - x86_64
     steps:
 
     - name: Clone repository
       uses: actions/checkout@v4
 
-    - name: Setup binfmt_misc
-      if: (matrix.CPU_ARCH == 'aarch64') || (matrix.CPU_ARCH == 'arm')
-      run: docker run --rm --privileged aptman/qus -s -- -p aarch64 arm
+    - name: Set architecture variable
+      run: echo "ARCHITECTURE=$(uname -m)" >> $GITHUB_ENV
 
-    - name: Build images
+    - name: Build image
+      run: ./generate.sh
+
+    - name: Login to Docker Hub
+      if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' && github.repository == 'termux/termux-docker'
+      uses: docker/login-action@v3
+      with:
+        username: grimler
+        password: ${{ secrets.GRIMLER_DOCKER_TOKEN }}
+
+    - name: Push to Docker Hub
+      if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' && github.repository == 'termux/termux-docker'
       run: |
-        case '${{ matrix.CPU_ARCH }}' in
-          arm)     SYSTEM_TYPE=arm; PLATFORM_TAG="linux/arm/v7";;
-          aarch64) SYSTEM_TYPE=arm; PLATFORM_TAG="linux/arm64";;
-          i686)    SYSTEM_TYPE=x86; PLATFORM_TAG="linux/386";;
-          *)       SYSTEM_TYPE=x86; PLATFORM_TAG="linux/amd64";;
-        esac
-        docker buildx build -t \
-          termux/termux-docker:${{ matrix.CPU_ARCH }} \
-          --platform "$PLATFORM_TAG" \
-          --build-arg BOOTSTRAP_ARCH=${{ matrix.CPU_ARCH }} \
-          --build-arg SYSTEM_TYPE="${SYSTEM_TYPE}" \
-          .
+        docker push termux/termux-docker:${{ matrix.CPU_ARCH }}
+        if [ ${{ matrix.CPU_ARCH }} = i686 ]; then
+          docker tag termux/termux-docker:i686 termux/termux-docker:latest
+          docker push termux/termux-docker:latest
+        fi
+
+    - name: Export container as tar archive
+      if: always()
+      run: |
+        docker run \
+          --name termux-docker \
+          termux/termux-docker:"${ARCHITECTURE}" \
+          uname -a
+        docker stop termux-docker
+        docker export -o termux-docker.tar \
+          termux-docker
+        sha256sum termux-docker.tar
+
+    - name: Store tar archive
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: termux-docker-${{ github.sha }}
+        path: termux-docker.tar
+
+  i686:
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Clone repository
+      uses: actions/checkout@v4
+
+    - name: Set architecture variable
+      run: echo "ARCHITECTURE=i686" >> $GITHUB_ENV
+
+    - name: Build image
+      run: ./generate.sh
 
     - name: Login to Docker Hub
       if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' && github.repository == 'termux/termux-docker'
@@ -67,18 +191,17 @@ jobs:
       if: always()
       run: |
         docker run \
-          --privileged \
-          --name termux-docker-${{ matrix.CPU_ARCH }} \
-          termux/termux-docker:${{ matrix.CPU_ARCH }} \
+          --name termux-docker \
+          termux/termux-docker:"${ARCHITECTURE}" \
           uname -a
-        docker stop termux-docker-${{ matrix.CPU_ARCH }}
-        docker export -o termux-docker-${{ matrix.CPU_ARCH }}.tar \
-          termux-docker-${{ matrix.CPU_ARCH }}
-        sha256sum termux-docker-${{ matrix.CPU_ARCH }}.tar
+        docker stop termux-docker
+        docker export -o termux-docker.tar \
+          termux-docker
+        sha256sum termux-docker.tar
 
     - name: Store tar archive
       if: always()
       uses: actions/upload-artifact@v4
       with:
-        name: termux-docker-${{ matrix.CPU_ARCH }}-${{ github.sha }}
-        path: termux-docker-${{ matrix.CPU_ARCH }}.tar
+        name: termux-docker-${{ github.sha }}
+        path: termux-docker.tar

.gitignore

@@ -0,0 +1 @@
+termux-docker-rootfs

Dockerfile

@@ -1,91 +1,50 @@
-##############################################################################
-# Bootstrap Termux environment.
-FROM scratch AS bootstrap
-
-ARG BOOTSTRAP_VERSION=2023.02.19-r1%2Bapt-android-7
-ARG BOOTSTRAP_ARCH=i686
-ARG SYSTEM_TYPE=x86
-
-# Docker uses /bin/sh by default, but we don't have it currently.
-SHELL ["/system/bin/sh", "-c"]
-ENV PATH /system/bin
-
-# Copy libc, linker and few utilities.
-COPY /system/$SYSTEM_TYPE /system
-
-# Copy entrypoint script.
-COPY /entrypoint.sh /entrypoint.sh
-COPY /entrypoint_root.sh /entrypoint_root.sh
-
-# Extract bootstrap archive and create symlinks.
-ADD https://github.com/termux/termux-packages/releases/download/bootstrap-$BOOTSTRAP_VERSION/bootstrap-$BOOTSTRAP_ARCH.zip /bootstrap.zip
-RUN busybox mkdir -p /data/data/com.termux/files && \
-    cd /data/data/com.termux/files && \
-    busybox mkdir ../cache ./usr ./home && \
-    busybox unzip -d usr /bootstrap.zip && \
-    busybox rm /bootstrap.zip && \
-    cd ./usr && \
-    busybox cat SYMLINKS.txt | while read -r line; do \
-      dest=$(echo "$line" | busybox awk -F '←' '{ print $1 }'); \
-      link=$(echo "$line" | busybox awk -F '←' '{ print $2 }'); \
-      busybox ln -s "$dest" "$link"; \
-    done && \
-    busybox rm SYMLINKS.txt && \
-    busybox ln -s /data/data/com.termux/files/usr /usr && \
-    busybox ln -s /data/data/com.termux/files/usr/bin /bin && \
-    busybox ln -s /data/data/com.termux/files/usr/tmp /tmp
-
-# Link some utilities to busybox.
-# Some utilities in $PREFIX are actually a wrapper of the same binary
-# from /system/bin. See termux-tools/build.sh#L29.
-RUN for tool in df mount ping ping6 su top umount; do \
-        busybox ln -s /system/bin/busybox /system/bin/$tool; \
-    done
-
-# Set ownership and file access modes:
-# * User content is owned by 1000:1000.
-# * Termux file modes are set only for user.
-# * Rest is owned by root and has 755/644 modes.
-RUN busybox chown -Rh 0:0 /system && \
-    busybox chown -Rh 1000:1000 /data/data/com.termux && \
-    busybox ln -s /system/etc/passwd /etc/passwd && \
-    busybox ln -s /system/etc/group /etc/group && \
-    busybox find /system -type d -exec busybox chmod 755 "{}" \; && \
-    busybox find /system -type f -executable -exec busybox chmod 755 "{}" \; && \
-    busybox find /system -type f ! -executable -exec busybox chmod 644 "{}" \; && \
-    busybox find /data -type d -exec busybox chmod 755 "{}" \; && \
-    busybox find /data/data/com.termux/files -type f -o -type d -exec busybox chmod g-rwx,o-rwx "{}" \; && \
-    cd /data/data/com.termux/files/usr && \
-    busybox find ./bin ./lib/apt ./libexec -type f -exec busybox chmod 700 "{}" \;
-
-# Install updates and cleanup when not building for arm.
-ENV PATH /data/data/com.termux/files/usr/bin
-RUN if [ ${SYSTEM_TYPE} = 'arm' ]; then exit; else \
-    /system/bin/mksh -T /dev/ptmx -c "/system/bin/dnsmasq -u root -g root --pid-file /dnsmasq.pid" && sleep 1 && \
-    su - system -c "/data/data/com.termux/files/usr/bin/apt update" && \
-    su - system -c "/data/data/com.termux/files/usr/bin/apt upgrade -o Dpkg::Options::=--force-confnew -yq" && \
-    rm -rf /data/data/com.termux/files/usr/var/lib/apt/* && \
-    rm -rf /data/data/com.termux/files/usr/var/log/apt/* && \
-    rm -rf /data/data/com.termux/cache/apt/* ;\
-    fi
-
-##############################################################################
-# Create final image.
 FROM scratch
 
-ENV ANDROID_DATA     /data
-ENV ANDROID_ROOT     /system
-ENV HOME             /data/data/com.termux/files/home
-ENV LANG             en_US.UTF-8
-ENV PATH             /data/data/com.termux/files/usr/bin
-ENV PREFIX           /data/data/com.termux/files/usr
-ENV TMPDIR           /data/data/com.termux/files/usr/tmp
-ENV TZ               UTC
-
-COPY --from=bootstrap / /
-
-WORKDIR /data/data/com.termux/files/home
-SHELL ["/data/data/com.termux/files/usr/bin/sh", "-c"]
-
+ARG ROOTFS
+ARG TERMUX_APP_PACKAGE
+ARG TERMUX_BASE_DIR
+ARG TERMUX_PREFIX
+
+# Install generated rootfs containing bionic libc,
+# toybox, mksh, iputils, dnsmasq, and termux bootstrap
+COPY --chown=1000:1000 ${ROOTFS} /
+
+# Docker uses /bin/sh by default, but we don't have it.
+# This ENV PATH line selects /system/bin/sh.
+# The final ENV PATH line later below then selects
+# $TERMUX_PREFIX/bin/sh -> bash without having
+# to add an additional SHELL line.
+ENV PATH=/system/bin
+SHELL ["sh", "-c"]
+
+# Install updates and cleanup
+# Start dnsmasq to resolve hostnames, and,
+# for some reason the -c argument of toybox-su is not working,
+# so this odd-looking script forces the update process
+# to work using the -s argument of toybox-su instead, which is working.
+RUN sh -T /dev/ptmx -c "$TERMUX_PREFIX/bin/dnsmasq -u root -g root --pid-file=/dnsmasq.pid" && \
+   sleep 1 && \
+   echo '#!/system/bin/sh' > /update.sh && \
+   echo "PATH=$TERMUX_PREFIX/bin" >> /update.sh && \
+   echo 'pkg update' >> /update.sh && \
+   echo 'apt-get upgrade -o Dpkg::Options::=--force-confnew -y' >> /update.sh && \
+   chmod +x /update.sh && \
+   su system -s /update.sh && \
+   rm -f /update.sh && \
+   rm -rf ${TERMUX_PREFIX}/var/lib/apt/* && \
+   rm -rf ${TERMUX_PREFIX}/var/log/apt/* && \
+   rm -rf /data/data/${TERMUX_APP_PACKAGE}/cache/apt/*
+
+ENV ANDROID_DATA=/data
+ENV ANDROID_ROOT=/system
+ENV HOME=${TERMUX_BASE_DIR}/home
+ENV LANG=en_US.UTF-8
+ENV PATH=${TERMUX_PREFIX}/bin
+ENV PREFIX=${TERMUX_PREFIX}
+ENV TMPDIR=${TERMUX_PREFIX}/tmp
+ENV TZ=UTC
+ENV TERM=xterm
+
+WORKDIR ${TERMUX_BASE_DIR}/home
 ENTRYPOINT ["/entrypoint.sh"]
-CMD ["/data/data/com.termux/files/usr/bin/login"]
+CMD ["login"]