forked from lf-edge/eve
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.in
99 lines (83 loc) · 3.6 KB
/
Dockerfile.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# Copyright (c) 2018 Zededa, Inc.
# SPDX-License-Identifier: Apache-2.0
ARG GOVER=1.15.3
FROM lfedge/eve-alpine:ac1dc159510afa61334222cedf085c7730e4583c as fscrypt-build
RUN apk add --no-cache git=2.20.2-r0 gcc=8.3.0-r0 linux-headers=4.18.13-r1 \
libc-dev=0.7.1-r0 make=4.2.1-r2 linux-pam-dev=1.3.0-r0 \
m4=1.4.18-r1 findutils=4.6.0-r1 go=1.11.5-r0
RUN mkdir -p /go/src/github.com/google
WORKDIR /go/src/github.com/google
RUN git clone https://github.com/google/fscrypt
WORKDIR /go/src/github.com/google/fscrypt
RUN git reset --hard b41569d397d3e66099cde07d8eef36b2f42dd0ec
COPY fscrypt/* ./
RUN patch -p1 < patch01-no-pam.diff && \
patch -p1 < patch02-rotate-raw-key.diff && \
make && make install
ARG GOVER=1.15.3
FROM golang:${GOVER}-alpine as build
RUN apk update
RUN apk add --no-cache git gcc linux-headers libc-dev util-linux make
# These three are supporting rudimentary cross-build capabilities.
# The only one supported so far is cross compiling for aarch64 on x86
ENV GOFLAGS=-mod=vendor
ENV GO111MODULE=on
ENV CGO_ENABLED=1
ARG GOARCH=
ARG CROSS_GCC=https://musl.cc/aarch64-linux-musleabi-cross.tgz
RUN [ -z "$GOARCH" ] || (cd / ; apk add --no-cache wget && wget -O - $CROSS_GCC | tar xzvf -)
ADD ./ /pillar/
# go vet/format and go install
WORKDIR /pillar
RUN [ -z "$GOARCH" ] || export CC=$(echo /*-cross/bin/*-gcc) ;\
echo "Running go vet" && go vet ./... && \
echo "Running go fmt" && ERR=$(gofmt -e -l -s $(find . -name \*.go | grep -v /vendor/)) && \
if [ -n "$ERR" ] ; then echo "go fmt Failed - ERR: "$ERR ; exit 1 ; fi && \
make DISTDIR=/dist build
# hadolint ignore=DL3006
FROM DNSMASQ_TAG as dnsmasq
# hadolint ignore=DL3006
FROM STRONGSWAN_TAG as strongswan
# hadolint ignore=DL3006
FROM GPTTOOLS_TAG as gpttools
FROM alpine:3.8
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
RUN apk add --no-cache \
yajl xz bash openssl iptables ip6tables iproute2 dhcpcd \
coreutils dmidecode libbz2 libuuid ipset \
curl radvd ethtool \
util-linux e2fsprogs libcrypto1.0 xorriso qemu-img \
jq e2fsprogs-extra keyutils ca-certificates
# We have to make sure configs survive in some location, but they don't pollute
# the default /config (since that is expected to be an empty mount point)
ADD conf/root-certificate.pem conf/server conf/server.production /opt/zededa/examples/config/
ADD scripts/device-steps.sh \
scripts/generate-device.sh \
scripts/generate-self-signed.sh \
scripts/handlezedserverconfig.sh \
scripts/veth.sh \
/opt/zededa/bin/
ADD conf/lisp.config.base /var/tmp/zededa/lisp.config.base
COPY patches/* /patches/
RUN set -e && for patch in ../patches/*.patch; do \
echo "Applying $patch"; \
patch -p1 < "$patch"; \
done
COPY --from=build /dist /opt/zededa/bin
COPY --from=gpttools / /
COPY --from=dnsmasq /usr/sbin/dnsmasq /opt/zededa/bin/dnsmasq
COPY --from=strongswan / /
COPY --from=fscrypt-build /usr/local/bin/fscrypt /opt/zededa/bin/fscrypt
# And now a few local tweaks
COPY rootfs/ /
# We will start experimenting with stripping go binaries on ARM only for now
RUN if [ "$(uname -m)" = "aarch64" ] ; then \
apk add --no-cache findutils=4.6.0-r1 binutils=2.30-r6 file=5.32-r2 ;\
find / -type f -executable -exec file {} \; | grep 'not stripped' | cut -f1 -d: |\
xargs strip ;\
apk del findutils binutils file ;\
fi
SHELL ["/bin/sh", "-c"]
# FIXME: replace with tini+monit ASAP
WORKDIR /
CMD /init.sh