diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-01-11 09:15:33 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-01-11 09:15:33 +0100 |
commit | 4004496e89d2a27cfb4cc3a87253dd9dac54e160 (patch) | |
tree | 7b95e9de7f3757af07ae01eaf4436e5415069a82 /docker | |
parent | ecc0db23c34219d9b9c343d11a38ad3c8bf3e04c (diff) | |
download | vyos-build-4004496e89d2a27cfb4cc3a87253dd9dac54e160.tar.gz vyos-build-4004496e89d2a27cfb4cc3a87253dd9dac54e160.zip |
Docker build files for entrypoint and UIDs
Diffstat (limited to 'docker')
-rw-r--r-- | docker/Dockerfile | 164 | ||||
-rwxr-xr-x | docker/entrypoint.sh | 27 |
2 files changed, 191 insertions, 0 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 00000000..2744d291 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,164 @@ +# Must be run with --privileged flag +# Recommended to run the container with a volume mapped +# in order to easy exprort images built to "external" world +FROM debian:jessie + +RUN echo 'deb http://ftp.debian.org/debian jessie-backports main' | tee -a /etc/apt/sources.list &&\ + apt-get update && apt-get install -y \ + gosu \ + vim \ + git \ + make \ + sudo \ + locales \ + live-build \ + pbuilder \ + devscripts \ + python3-pystache \ + squashfs-tools \ + autoconf \ + dpkg-dev \ + syslinux \ + genisoimage \ + lsb-release \ + fakechroot \ + kernel-package \ + libtool \ + libglib2.0-dev \ + libboost-filesystem-dev \ + libapt-pkg-dev \ + flex \ + bison \ + libperl-dev \ + libnfnetlink-dev \ + python3-git \ + parted \ + kpartx \ + jq \ + qemu-system-x86 \ + qemu-utils \ + quilt \ + python3-lxml \ + python3-setuptools \ + python3-nose \ + python3-coverage + +# Packages needed for building vyos-strongswan +RUN apt-get update && apt-get install -y -t jessie-backports \ + debhelper &&\ + apt-get install -y \ + dh-apparmor \ + gperf \ + iptables-dev \ + libcap-dev \ + libgcrypt20-dev \ + libgmp3-dev \ + libldap2-dev \ + libpam0g-dev \ + libsystemd-dev \ + libgmp-dev \ + iptables \ + xl2tpd \ + libcurl4-openssl-dev \ + libcurl4-openssl-dev \ + libkrb5-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + pkg-config + +# Package needed for mdns-repeater +RUN apt-get update && apt-get install -y -t jessie-backports \ + dh-systemd + +# Packages needed for vyatta-bash +RUN apt-get update && apt-get install -y \ + libncurses5-dev \ + locales + +# Packages needed for vyatta-cfg +RUN apt-get update &&apt-get install -y \ + libboost-filesystem-dev + +# Packages needed for vyatta-iproute +RUN apt-get update && apt-get install -y \ + libatm1-dev \ + libdb-dev + +# Packages needed for vyatta-webgui +RUN apt-get update && apt-get install -y \ + libexpat1-dev \ + subversion + +# Packages needed for pmacct +RUN apt-get update && apt-get install -y \ + libpcap-dev \ + libpq-dev \ + libmysqlclient-dev \ + libgeoip-dev \ + librabbitmq-dev \ + libjansson-dev \ + librdkafka-dev \ + libnetfilter-log-dev + +# Packages needed for vyos-keepalived +RUN apt-get update && apt-get install -y \ + libnl-3-dev \ + libnl-genl-3-dev \ + libpopt-dev \ + libsnmp-dev + +# Pavkages needed for wireguard +RUN apt-get update && apt-get install -y \ + libmnl-dev + +# Packages needed for kernel +RUN apt-get update && apt-get install -y \ + libelf-dev + +# Packages needed for vyos-accel-ppp +RUN apt-get update && apt-get install -y \ + cdbs \ + cmake \ + liblua5.1-dev + +# Packages needed for vyos-frr +RUN apt-get update && apt-get install -y \ + texinfo \ + imagemagick \ + groff \ + hardening-wrapper \ + gawk \ + chrpath \ + libjson0 \ + libjson0-dev \ + python-ipaddr + +# Update live-build +RUN echo 'deb http://ftp.debian.org/debian stretch main' | tee -a /etc/apt/sources.list.d/stretch.list &&\ + apt-get update &&\ + apt-get install -y -t stretch live-build &&\ + rm -f /etc/apt/sources.list.d/stretch.list &&\ + apt-get update &&\ + rm -rf /var/lib/apt/lists/* + +# Standard shell should be bash not dash +RUN echo "dash dash/sh boolean false" | debconf-set-selections && \ + DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash + +RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen +ENV LANG en_US.utf8 + +# Install packer +RUN export LATEST="$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packer | \ + jq -r -M '.current_version')"; \ + echo "url https://releases.hashicorp.com/packer/"$LATEST"/packer_"$LATEST"_linux_amd64.zip" |\ + curl -K- | gzip -d > /usr/bin/packer && \ + chmod +x /usr/bin/packer + +# Allow password-less 'sudo' for all users in group 'sudo' +RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \ + chmod a+s /usr/sbin/useradd /usr/sbin/gosu /usr/sbin/usermod + +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100755 index 00000000..00e1e139 --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -e + +USER_NAME="vyos_bld" +NEW_UID=$(stat -c "%u" .) +NEW_GID=$(stat -c "%g" .) + +# Change effective UID to the one specified via "-e GOSU_UID=`id -u $USER`" +if [ -n "$GOSU_UID" ]; then + NEW_UID=$GOSU_UID +fi + +# Change effective UID to the one specified via "-e GOSU_GID=`id -g $USER`" +if [ -n "$GOSU_GID" ]; then + NEW_GID=$GOSU_GID +fi + +# Notify user about selected UID/GID +echo "Current UID/GID: $NEW_UID/$NEW_GID" + +useradd --shell /bin/bash -u $NEW_UID -g $NEW_GID -o -m $USER_NAME +usermod -aG sudo $USER_NAME +sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME +export HOME=/home/$USER_NAME + +# Execute process +exec /usr/sbin/gosu $USER_NAME "$@" |