Change "ubuntu" builder Dockerfile to be more resilient to base image and platform changes

ubuntu/Dockerfile.builder

@@ -7,19 +7,40 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 	&& rm -rf /var/lib/apt/lists/*
 
 WORKDIR /rootfs
-RUN mkdir bin etc lib tmp \
-	&& ln -s lib lib64 \
-	&& ln -s bin sbin
 
-RUN cp /etc/nsswitch.conf etc/
+# create /tmp
+RUN mkdir -p tmp \
+	&& chmod 1777 tmp
 
-RUN echo root:*:0:0:root:/:/bin/sh > etc/passwd
-RUN echo root::0: > etc/group
+RUN mkdir -p etc root \
+	&& echo root:*:0:0:root:/root:/bin/sh > etc/passwd \
+	&& echo root::0: > etc/group
 
-RUN /bin/busybox --install -s bin/ \
-	&& cp /bin/busybox bin/
-
-RUN bash -c 'cp /lib/x86_64-linux-gnu/lib{c,m,dl,rt,nsl,nss_*,pthread,resolv}.so.* /lib/x86_64-linux-gnu/ld-linux-x86-64.so.* lib/'
+RUN mkdir -p bin \
+	&& ln -v /bin/busybox bin/ \
+	&& chroot . /bin/busybox --install -s /bin
 
 # test and make sure it works
 RUN chroot . /bin/sh -xec 'true'
+
+# hack hack hack hack hack
+# with glibc, static busybox uses libnss for DNS resolution :(
+RUN set -ex \
+	&& cp /etc/nsswitch.conf etc/ \
+	&& mkdir -p lib \
+	&& set -- /lib/*-linux-gnu/libnss*.so.* \
+	&& while [ "$#" -gt 0 ]; do \
+		f="$1"; shift; \
+		fn="$(basename "$f")"; \
+		if [ -e "lib/$fn" ]; then continue; fi; \
+		ln -L "$f" "lib/$fn"; \
+		set -- "$@" $(ldd "$f" | awk ' \
+			$1 ~ /^\// { print $1; next } \
+			$2 == "=>" && $3 ~ /^\// { print $3; next } \
+		'); \
+	done
+
+# test and make sure DNS works too
+RUN cp -L /etc/resolv.conf etc/ \
+	&& chroot . /bin/sh -xec 'nslookup google.com' \
+	&& rm etc/resolv.conf