Merge pull request #2204 from flatcar/krnowak/add-buildx

Add app-containers/docker-buildx
2025-08-08 05:26:58 +02:00 · 2024-09-03 15:07:50 +02:00 · 2024-09-03 15:07:50 +02:00 · f9d68df8dc
commit f9d68df8dc
parent 2fc3b2df62 6d308428bd
16 changed files with 298 additions and 233 deletions
--- a/.github/workflows/portage-stable-packages-list
+++ b/.github/workflows/portage-stable-packages-list
@ -108,6 +108,7 @@ app-containers/containers-storage
 app-containers/cri-tools
 app-containers/crun
 app-containers/docker
 app-containers/docker-buildx
 app-containers/docker-cli
 app-containers/netavark
 app-containers/podman
--- a/110
+++ b/110
@ -1,110 +0,0 @@
 #!/bin/bash
 # Copyright (c) 2016 The CoreOS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 # This is a wrapper around the ebuild_aci_util.sh functions to set up the
 # necessary environment, similar to the build_image script.
 SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
 . "${SCRIPT_ROOT}/common.sh" || exit 1
 # Script must run inside the chroot
 assert_inside_chroot
 assert_not_root_user
 # Developer-visible flags.
 DEFINE_string board "${DEFAULT_BOARD}" \
  "The board to build an image for."
 DEFINE_string build_dir "" \
  "Directory in which to place image result directories (named by version)"
 DEFINE_boolean getbinpkg "${FLAGS_FALSE}" \
  "Download binary packages from remote repository."
 DEFINE_string getbinpkgver "" \
  "Use binary packages from a specific version."
 FLAGS_HELP="USAGE: build_docker_aci [flags] [docker version] [aci version number].
 This script is used to build a CoreOS docker-skim ACI.
 The docker version should identify an existent ebuild (i.e.
 app-containers/docker-\$version).
 The aci version number is an atomically incrementing number that will be
 appended to the aci version (to create e.g. :v1.12.6_coreos.0).
 Examples:
 build_docker_aci --board=amd64-usr --build_dir=<build_dir> 1.12.6 0
 ...
 "
 show_help_if_requested "$@"
 # The following options are advanced options, only available to those willing
 # to read the source code. They are not shown in help output, since they are
 # not needed for the typical developer workflow.
 DEFINE_integer build_attempt 1 \
  "The build attempt for this image build."
 DEFINE_string group "docker-aci" \
  "The update group (not used for actual updates here)"
 DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \
  "Directory in which to place image result directories (named by version)"
 DEFINE_string version "" \
  "Sets the docker version to build."
 DEFINE_integer aci_version "" \
  "Sets the aci version tag identifier."
 # Parse command line.
 FLAGS "$@" || exit 1
 [ -z "${FLAGS_ARGV}" ] && echo 'No version given' && exit 0
 eval set -- "${FLAGS_ARGV}"
 version="${1:?Docker version}"
 aci_version="${2:?Docker version}"
 # Only now can we die on error.  shflags functions leak non-zero error codes,
 # so will die prematurely if 'switch_to_strict_mode' is specified before now.
 switch_to_strict_mode
 # If downloading packages is enabled ensure the board is configured properly.
 if [[ ${FLAGS_getbinpkg} -eq ${FLAGS_TRUE} ]]; then
    "${SRC_ROOT}/scripts/setup_board" --board="${FLAGS_board}" \
      --getbinpkgver="${FLAGS_getbinpkgver}" --regen_configs_only
 fi
 # N.B.  Ordering matters for some of the libraries below, because
 # some of the files contain initialization used by later files.
 . "${BUILD_LIBRARY_DIR}/toolchain_util.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/build_image_util.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/prod_image_util.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/ebuild_aci_util.sh" || exit 1
 BUILD_DIR=${FLAGS_build_dir:-$BUILD_DIR}
 case "${version}" in
    1.12.[0-9]*)
        packaged_files=( 
            "/usr/bin/docker"
            "/usr/bin/dockerd"
            "/usr/bin/docker-containerd"
            "/usr/bin/docker-containerd-shim"
            "/usr/bin/docker-proxy"
            "/usr/bin/docker-runc"
            "/usr/lib/flatcar/dockerd"
        )
        ebuild_aci_create "users.developer.core-os.net/skim/docker" \
            "coreos_docker-${BOARD}-${version}_coreos.${aci_version}" \
            "app-containers/docker" \
            "${version}" \
            "${aci_version}" \
            "${packaged_files[@]}"
        ;;
    *)
        1>&2 echo "Unrecognized version; please enter a supported version"
        exit 1
        ;;
 esac
--- a/2
+++ b/2
@ -33,7 +33,7 @@ DEFINE_string base_pkg "coreos-base/coreos" \
  "The base portage package to base the build off of (only applies to prod images)"
 DEFINE_string base_dev_pkg "coreos-base/coreos-dev" \
  "The base portage package to base the build off of (only applies to dev containers)"
-DEFINE_string base_sysexts "containerd-flatcar:app-containers/containerd,docker-flatcar:app-containers/docker&app-containers/docker-cli" \
+DEFINE_string base_sysexts "containerd-flatcar:app-containers/containerd,docker-flatcar:app-containers/docker&app-containers/docker-cli&app-containers/docker-buildx" \
  "Comma-separated list of name:package[&package[&package]] - build 'package' (a single package or a list of packages separated by '&') into sysext 'name', and include with OS image and update payload. Must be in order of dependencies, base sysexts come first."
 DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \
  "Directory in which to place image result directories (named by version)"
--- a/build_library/ebuild_aci_manifest.in
+++ b/build_library/ebuild_aci_manifest.in
@ -1,14 +0,0 @@
 {
  "acKind": "ImageManifest",
  "acVersion": "0.8.6",
  "name": "@ACI_NAME@",
  "labels": [
    {"name": "arch", "value": "@ACI_ARCH@"},
    {"name": "os", "value": "linux"},
    {"name": "version", "value": "@ACI_VERSION@"}
  ],
  "app": {
    "user": "0",
    "group": "0"
  }
 }
--- a/build_library/ebuild_aci_util.sh
+++ b/build_library/ebuild_aci_util.sh
@ -1,97 +0,0 @@
 # Copyright (c) 2016 The CoreOS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 # Expects BOARD, BUILD_DIR, BUILD_LIBRARY_DIR, and FLATCAR_VERSION in env.
 # Copied from create_prod_image()
 create_ebuild_aci_image() {
    local image_name="$1"
    local disk_layout="$2"
    local update_group="$3"
    local pkg="$4"
    info "Building ACI staging image ${image_name}"
    local root_fs_dir="${BUILD_DIR}/rootfs"
    local image_contents="${image_name%.bin}_contents.txt"
    local image_packages="${image_name%.bin}_packages.txt"
    local image_licenses="${image_name%.bin}_licenses.json"
    start_image \
        "${image_name}" "${disk_layout}" "${root_fs_dir}" "${update_group}"
    # Install minimal GCC (libs only) and then everything else
    extract_prod_gcc "${root_fs_dir}"
    emerge_to_image_unchecked "${root_fs_dir}" "${pkg}"
    run_ldconfig "${root_fs_dir}"
    write_packages "${root_fs_dir}" "${BUILD_DIR}/${image_packages}"
    write_licenses "${root_fs_dir}" "${BUILD_DIR}/${image_licenses}"
    insert_licenses "${BUILD_DIR}/${image_licenses}" "${root_fs_dir}"
    cleanup_mounts "${root_fs_dir}"
    trap - EXIT
 }
 ebuild_aci_write_manifest() {
    local manifest="${1?No output path was specified}"
    local name="${2?No ACI name was specified}"
    local version="${3?No ACI version was specified}"
    local appc_arch=
    case "${BOARD}" in
        amd64-usr) appc_arch=amd64 ;;
        arm64-usr) appc_arch=aarch64 ;;
        *) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
    esac
    sudo cp "${BUILD_LIBRARY_DIR}/ebuild_aci_manifest.in" "${manifest}"
    sudo sed "${manifest}" -i \
        -e "s,@ACI_NAME@,${name}," \
        -e "s,@ACI_VERSION@,${version}," \
        -e "s,@ACI_ARCH@,${appc_arch},"
 }
 ebuild_aci_create() {
    local aciroot="${BUILD_DIR}"
    local aci_name="${1?No aci name was specified}"; shift
    local output_image="${1?No output file specified}"; shift
    local pkg="${1?No package given}"; shift
    local version="${1?No package version given}"; shift
    local extra_version="${1?No extra version number given}"; shift
    local pkg_files=( "${@}" )
    local staging_image="flatcar_pkg_staging_aci_stage.bin"
    local ebuild_atom="=${pkg}-${version}"
    local ebuild=$(equery-"${BOARD}" w "${ebuild_atom}" 2>/dev/null)
    [ -n "${ebuild}" ] || die_notrace "No ebuild exists for ebuild \"${pkg}\""
    # Build a staging image for this ebuild.
    create_ebuild_aci_image "${staging_image}" container stable "${ebuild_atom}"
    # Remount the staging image to brutalize the rootfs for broken services.
    "${BUILD_LIBRARY_DIR}/disk_util" --disk_layout=container \
        mount "${BUILD_DIR}/${staging_image}" "${aciroot}/rootfs"
    trap "cleanup_mounts '${aciroot}/rootfs' && delete_prompt" EXIT
    # Substitute variables into the manifest to produce the final version.
    ebuild_aci_write_manifest \
        "${aciroot}/manifest" \
        "${aci_name}" \
        "${version}_flatcar.${extra_version}"
    local pkg_files_in_rootfs=( "${pkg_files[@]/#/rootfs}" )
    # Write a tar ACI file containing the manifest and desired parts of the mounted rootfs
    sudo tar -C "${aciroot}" -hczf "${BUILD_DIR}/${output_image}.aci" \
        manifest ${pkg_files_in_rootfs[@]}
    # Unmount the staging image, and delete it to save space.
    cleanup_mounts "${aciroot}/rootfs"
    trap - EXIT
    rm -f "${BUILD_DIR}/${staging_image}"
    echo "Created aci for ${pkg}-${version}: ${BUILD_DIR}/${output_image}.aci"
 }
--- a/changelog/changes/2024-08-05-buildx.md
+++ b/changelog/changes/2024-08-05-buildx.md
@ -0,0 +1 @@
 - The `docker build` command will now use buildx as its backend as the old one became deprecated and a loud "DEPRECATED" information is printed every time it's used.
--- a/ci-automation/base_sysexts.sh
+++ b/ci-automation/base_sysexts.sh
@ -7,5 +7,5 @@ fi
 ciabs_base_sysexts=(
    'containerd-flatcar:app-containers/containerd'
-    'docker-flatcar:app-containers/docker&app-containers/docker-cli'
+    'docker-flatcar:app-containers/docker&app-containers/docker-cli&app-containers/docker-buildx'
 )
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r15.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r15.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild
@ -29,6 +29,7 @@ RDEPEND="
 	app-containers/containerd
 	app-containers/docker
 	app-containers/docker-cli
 	app-containers/docker-buildx
 	app-emulation/amazon-ssm-agent
 	app-emulation/wa-linux-agent
 	coreos-base/coreos
--- a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/0001-Flatcar-modifications.patch
+++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/0001-Flatcar-modifications.patch
@ -1,4 +1,4 @@
-From f646fccd3b737a79ae0e0d0de049166e531fb48b Mon Sep 17 00:00:00 2001
+From 07cf1b05c8b3b9460b4afc2998a9f170881faa16 Mon Sep 17 00:00:00 2001
 From: Krzesimir Nowak <knowak@microsoft.com>
 Date: Mon, 4 Dec 2023 12:17:25 +0100
 Subject: [PATCH] Flatcar modifications
@ -8,13 +8,13 @@ Subject: [PATCH] Flatcar modifications
 policy/modules/kernel/corenetwork.if.in |  26 ++++
 policy/modules/kernel/corenetwork.te.in |  12 +-
 policy/modules/kernel/files.if          |  45 +++++++
- policy/modules/kernel/kernel.te         |  84 +++++++++++++
+ policy/modules/kernel/kernel.te         |  84 ++++++++++++
 policy/modules/services/container.fc    |   6 +
- policy/modules/services/container.te    | 159 +++++++++++++++++++++++-
+ policy/modules/services/container.te    | 170 +++++++++++++++++++++++-
 policy/modules/system/init.te           |   8 ++
 policy/modules/system/locallogin.te     |   9 +-
 policy/modules/system/logging.te        |   9 ++
- 10 files changed, 375 insertions(+), 3 deletions(-)
+ 10 files changed, 386 insertions(+), 3 deletions(-)
 diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
 index 3c43a1d84..429c67220 100644
@ -115,10 +115,10 @@ index 53bf7849c..9edac05e8 100644
 # Infiniband
 corenet_ib_access_all_pkeys(corenet_unconfined_type)
 diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if
-index e0337d044..ffd6a25bf 100644
+index b9c451321..104dc1e3e 100644
 --- a/refpolicy/policy/modules/kernel/files.if
 +++ b/refpolicy/policy/modules/kernel/files.if
-@@ -8004,3 +8004,48 @@ interface(`files_relabel_all_pidfiles',`
+@@ -8023,3 +8023,48 @@ interface(`files_relabel_all_pidfiles',`
 	relabel_files_pattern($1, pidfile, pidfile)
 	relabel_lnk_files_pattern($1, pidfile, pidfile)
 ')
@ -280,7 +280,7 @@ index f98e68ba0..045b1b5b2 100644
 /run/containers(/.*)?		gen_context(system_u:object_r:container_runtime_t,s0)
 /run/crun(/.*)?		gen_context(system_u:object_r:container_runtime_t,s0)
 diff --git a/refpolicy/policy/modules/services/container.te b/refpolicy/policy/modules/services/container.te
-index 096d6c23d..4bbab3c69 100644
+index 095308a13..7cd6e45e4 100644
 --- a/refpolicy/policy/modules/services/container.te
 +++ b/refpolicy/policy/modules/services/container.te
@@ -58,6 +58,52 @@ gen_tunable(container_use_dri, false)
@ -345,7 +345,7 @@ index 096d6c23d..4bbab3c69 100644
 ## <desc>
 ##	<p>
-@@ -1191,3 +1237,114 @@ optional_policy(`
+@@ -1192,3 +1238,125 @@ optional_policy(`
        unconfined_domain_noaudit(spc_user_t)
        domain_ptrace_all_domains(spc_user_t)
 ')
@ -460,11 +460,22 @@ index 096d6c23d..4bbab3c69 100644
 +# avc:  denied  { map_create } for  pid=[0-9]* comm="cilium-operator" scontext=system_u:system_r:container_t:s0:c[0-9]*,c[0-9]* tcontext=system_u:system_r:container_t:s0:c[0-9]*,c[0-9]* tclass=bpf permissive=0
 +#
 +allow container_t self:bpf { map_create };
 +
 +#
 +# FLATCAR:
 +#
 +# These ones happen in docker.base, docker.network and docker.userns.
 +# Basically tests that build some docker images. And these started
 +# breaking after moving to buildx as a backend of docker build.
 +#
 +# avc:  denied  { read } for  pid=[0-9]* comm="echo, sleep, whatever" path="/lib64/libc.so.6" dev="vda9" ino=[0-9]* scontext=system_u:system_r:container_t:s0:c[0-9]*,c[0-9]* tcontext=system_u:object_r:tmp_t:s0 tclass=file permissive=0
 +#
 +allow container_t tmp_t:file { read };
 diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
-index 8f3772dcb..435f62db6 100644
+index 03d0de8ed..16b75d04d 100644
 --- a/refpolicy/policy/modules/system/init.te
 +++ b/refpolicy/policy/modules/system/init.te
-@@ -1674,3 +1674,11 @@ optional_policy(`
+@@ -1678,3 +1678,11 @@ optional_policy(`
 	userdom_dontaudit_rw_all_users_stream_sockets(systemprocess)
 	userdom_dontaudit_write_user_tmp_files(systemprocess)
 ')
--- a/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/Manifest
@ -0,0 +1,3 @@
 DIST docker-buildx-0.10.4.tar.gz 9184825 BLAKE2B f0e71c0f6dda5f02da4cf0b0514f67f5d339ba10359afc69aae25abf907447fd22fe3d92427299bc67aeaa6a84e748a8a5cbd86151b2baba2dd01f25cc04a793 SHA512 f82b89b8dd4e45524c8d353c4d7588f47b1c7b7ecf759fd9605247c1c7aa0ca152c3ecdec0e0b62b5eef05e6b65d2ca1f5ccab6d75819b92fc92ff62b44105b7
 DIST docker-buildx-0.11.2.tar.gz 10342565 BLAKE2B 1e034e9a07f36b46096f8f035869adc93b63af46cd9886f5ed4bc0939ce2f76b7f029a11ee536a34be23952e5c85251d757cec9ff05df172e3a26ea82a1bf0b1 SHA512 6f3718edf1e86c4422e1419580e4c38cf378a59555067be2aa6fac3e7f8878afe39d777765ace274cd9c47630f39cbacfacfdc4ecadd6ff46d5ee37d8f9bc75c
 DIST docker-buildx-0.14.0.tar.gz 11120356 BLAKE2B 01fec6b29665088a4778cb6a926f071c1beacb22d7a50593d55afff1225d0e74d083a82eaab4ae96ffee8a6f653ce048fd81b3410e7113bc29da210d77042b64 SHA512 bc09f29096cfd08c60efd8fca7976a1db896f0ed08d33dfc64dfca2c6487a1dc1722b3fe80b6a175ebebeacf8b460bcc214806d0c7a637f17ed5d09793d8c9d8
--- a/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/docker-buildx-0.10.4-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/docker-buildx-0.10.4-r1.ebuild
@ -0,0 +1,61 @@
 # Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 EAPI=8
 inherit go-module
 MY_PN="buildx"
 DESCRIPTION="Docker CLI plugin for extended build capabilities with BuildKit"
 HOMEPAGE="https://github.com/docker/buildx"
 if [[ ${PV} == 9999 ]]; then
 	inherit git-r3
 	EGIT_REPO_URI="https://github.com/docker/buildx.git"
 else
 	SRC_URI="https://github.com/docker/buildx/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
 	KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
 	S="${WORKDIR}/${MY_PN}-${PV}"
 fi
 LICENSE="Apache-2.0"
 SLOT="0"
 # This gives us the ability to neatly `-skip` tests.
 # not required once ::gentoo is all > 1.20
 RESTRICT="!test? ( test )"
 IUSE="test"
 BDEPEND="
 	test? ( >=dev-lang/go-1.20 )
 "
 RDEPEND="app-containers/docker-cli"
 src_compile() {
 	local _buildx_r='github.com/docker/buildx'
 	local version=${PV}
 	if [[ ${PV} == 9999 ]]; then
 		version="$(git rev-parse --short HEAD)"
 	fi
 	ego build -o docker-buildx \
 		-ldflags "-linkmode=external
 		-X $_buildx_r/version.Version=${version}
 		-X $_buildx_r/version.Revision=$(date -u +%FT%T%z)
 		-X $_buildx_r/version.Package=$_buildx_r" \
 		./cmd/buildx
 }
 src_test() {
 	# TestGit can't work in a source tarball; TestReadTargets fails seemingly due to parallelism.
 	if [[ ${PV} == 9999 ]]; then
 		ego test ./... -skip "TestReadTargets"
 	else
 		ego test ./... -skip "TestGit|TestReadTargets"
 	fi
 }
 src_install() {
 	exeinto /usr/libexec/docker/cli-plugins
 	doexe docker-buildx
 	dodoc README.md
 }
--- a/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/docker-buildx-0.11.2.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/docker-buildx-0.11.2.ebuild
@ -0,0 +1,61 @@
 # Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 EAPI=8
 inherit go-module
 MY_PN="buildx"
 DESCRIPTION="Docker CLI plugin for extended build capabilities with BuildKit"
 HOMEPAGE="https://github.com/docker/buildx"
 if [[ ${PV} == 9999 ]]; then
 	inherit git-r3
 	EGIT_REPO_URI="https://github.com/docker/buildx.git"
 else
 	SRC_URI="https://github.com/docker/buildx/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
 	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
 	S="${WORKDIR}/${MY_PN}-${PV}"
 fi
 LICENSE="Apache-2.0"
 SLOT="0"
 # This gives us the ability to neatly `-skip` tests.
 # not required once ::gentoo is all > 1.20
 RESTRICT="!test? ( test )"
 IUSE="test"
 BDEPEND="
 	test? ( >=dev-lang/go-1.20 )
 "
 RDEPEND="app-containers/docker-cli"
 src_compile() {
 	local _buildx_r='github.com/docker/buildx'
 	local version=${PV}
 	if [[ ${PV} == 9999 ]]; then
 		version="$(git rev-parse --short HEAD)"
 	fi
 	ego build -o docker-buildx \
 		-ldflags "-linkmode=external
 		-X $_buildx_r/version.Version=${version}
 		-X $_buildx_r/version.Revision=$(date -u +%FT%T%z)
 		-X $_buildx_r/version.Package=$_buildx_r" \
 		./cmd/buildx
 }
 src_test() {
 	# TestGit can't work in a source tarball; TestReadTargets fails seemingly due to parallelism.
 	if [[ ${PV} == 9999 ]]; then
 		ego test ./... -skip "TestReadTargets|TestIntegration"
 	else
 		ego test ./... -skip "TestGit|TestReadTargets|TestIntegration"
 	fi
 }
 src_install() {
 	exeinto /usr/libexec/docker/cli-plugins
 	doexe docker-buildx
 	dodoc README.md
 }
--- a/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/docker-buildx-0.14.0.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/docker-buildx-0.14.0.ebuild
@ -0,0 +1,62 @@
 # Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 EAPI=8
 inherit go-module
 MY_PN="buildx"
 DESCRIPTION="Docker CLI plugin for extended build capabilities with BuildKit"
 HOMEPAGE="https://github.com/docker/buildx"
 if [[ ${PV} == 9999 ]]; then
 	inherit git-r3
 	EGIT_REPO_URI="https://github.com/docker/buildx.git"
 else
 	SRC_URI="https://github.com/docker/buildx/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
 	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
 	S="${WORKDIR}/${MY_PN}-${PV}"
 fi
 LICENSE="Apache-2.0"
 SLOT="0"
 IUSE="test"
 # This gives us the ability to neatly `-skip` tests.
 # not required once ::gentoo is all > 1.20
 RESTRICT="!test? ( test )"
 BDEPEND="
 	test? ( >=dev-lang/go-1.20 )
 "
 RDEPEND="app-containers/docker-cli"
 src_compile() {
 	local _buildx_r='github.com/docker/buildx'
 	local version=${PV}
 	if [[ ${PV} == 9999 ]]; then
 		version="$(git rev-parse --short HEAD)"
 	fi
 	ego build -o docker-buildx \
 		-ldflags "-linkmode=external
 		-X $_buildx_r/version.Version=${version}
 		-X $_buildx_r/version.Revision=$(date -u +%FT%T%z)
 		-X $_buildx_r/version.Package=$_buildx_r" \
 		./cmd/buildx
 }
 src_test() {
 	# TestGit can't work in a source tarball; TestReadTargets fails seemingly due to parallelism.
 	if [[ ${PV} == 9999 ]]; then
 		ego test ./... -skip "TestReadTargets|TestIntegration"
 	else
 		ego test ./... -skip "TestGit|TestReadTargets|TestIntegration"
 	fi
 }
 src_install() {
 	exeinto /usr/libexec/docker/cli-plugins
 	doexe docker-buildx
 	dodoc README.md
 }
--- a/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/docker-buildx-9999.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/docker-buildx-9999.ebuild
@ -0,0 +1,62 @@
 # Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 EAPI=8
 inherit go-module
 MY_PN="buildx"
 DESCRIPTION="Docker CLI plugin for extended build capabilities with BuildKit"
 HOMEPAGE="https://github.com/docker/buildx"
 if [[ ${PV} == 9999 ]]; then
 	inherit git-r3
 	EGIT_REPO_URI="https://github.com/docker/buildx.git"
 else
 	SRC_URI="https://github.com/docker/buildx/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
 	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
 	S="${WORKDIR}/${MY_PN}-${PV}"
 fi
 LICENSE="Apache-2.0"
 SLOT="0"
 IUSE="test"
 # This gives us the ability to neatly `-skip` tests.
 # not required once ::gentoo is all > 1.20
 RESTRICT="!test? ( test )"
 BDEPEND="
 	test? ( >=dev-lang/go-1.20 )
 "
 RDEPEND="app-containers/docker-cli"
 src_compile() {
 	local _buildx_r='github.com/docker/buildx'
 	local version=${PV}
 	if [[ ${PV} == 9999 ]]; then
 		version="$(git rev-parse --short HEAD)"
 	fi
 	ego build -o docker-buildx \
 		-ldflags "-linkmode=external
 		-X $_buildx_r/version.Version=${version}
 		-X $_buildx_r/version.Revision=$(date -u +%FT%T%z)
 		-X $_buildx_r/version.Package=$_buildx_r" \
 		./cmd/buildx
 }
 src_test() {
 	# TestGit can't work in a source tarball; TestReadTargets fails seemingly due to parallelism.
 	if [[ ${PV} == 9999 ]]; then
 		ego test ./... -skip "TestReadTargets|TestIntegration"
 	else
 		ego test ./... -skip "TestGit|TestReadTargets|TestIntegration"
 	fi
 }
 src_install() {
 	exeinto /usr/libexec/docker/cli-plugins
 	doexe docker-buildx
 	dodoc README.md
 }
--- a/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/metadata.xml
@ -0,0 +1,23 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="person" proxied="yes">
 		<email>nic@boet.cc</email>
 		<name>Nic Boet</name>
 	</maintainer>
 	<maintainer type="project" proxied="proxy">
 		<email>proxy-maint@gentoo.org</email>
 		<name>Proxy Maintainers</name>
 	</maintainer>
 	<maintainer type="project">
 		<email>containers@gentoo.org</email>
 		<name>Containers</name>
 	</maintainer>
 	<upstream>
 		<remote-id type="github">docker/buildx</remote-id>
 	</upstream>
 	<longdescription lang="en">
 		buildx is a Docker CLI plugin for extended build capabilities with BuildKit.
 		BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.
 	</longdescription>
 </pkgmetadata>
		`@ -0,0 +1 @@`
							- The `docker build` command will now use buildx as its backend as the old one became deprecated and a loud "DEPRECATED" information is printed every time it's used.