forked from lf-edge/eve
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.in
95 lines (80 loc) · 3.62 KB
/
Dockerfile.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# Copyright (c) 2018 Zededa, Inc.
# SPDX-License-Identifier: Apache-2.0
FROM lfedge/eve-alpine:6.2.0 as build
ENV BUILD_PKGS git gcc linux-headers libc-dev make linux-pam-dev m4 findutils go util-linux make patch wget
ENV PKGS alpine-baselayout musl-utils libtasn1-progs pciutils yajl xz bash openssl iptables ip6tables iproute2 dhcpcd coreutils dmidecode libbz2 libuuid ipset curl radvd ethtool util-linux e2fsprogs libcrypto1.1 xorriso qemu-img jq e2fsprogs-extra keyutils ca-certificates ip6tables-openrc iptables-openrc ipset-openrc hdparm
RUN eve-alpine-deploy.sh
RUN mkdir -p /go/src/github.com/google
WORKDIR /go/src/github.com/google
RUN git clone https://github.com/google/fscrypt
WORKDIR /go/src/github.com/google/fscrypt
RUN git reset --hard b41569d397d3e66099cde07d8eef36b2f42dd0ec
COPY fscrypt/* ./
RUN patch -p1 < patch01-no-pam.diff && \
patch -p1 < patch02-rotate-raw-key.diff && \
patch -p1 < patch03-vendor.diff && \
patch -p1 < patch04-goConv.diff && \
make && make DESTDIR=/out/opt/zededa/bin install
# These three are supporting rudimentary cross-build capabilities.
# The only one supported so far is cross compiling for aarch64 on x86
ENV GOFLAGS=-mod=vendor
ENV GO111MODULE=on
ENV CGO_ENABLED=1
ARG GOARCH=
ARG CROSS_GCC=https://musl.cc/aarch64-linux-musleabi-cross.tgz
RUN [ -z "$GOARCH" ] || wget -O - $CROSS_GCC | tar -C / -xzvf -
ADD ./ /pillar/
# go vet/format and go install
WORKDIR /pillar
COPY pillar-patches/* /patches/
RUN set -e && for patch in ../patches/*.patch; do \
echo "Applying $patch"; \
patch -p1 --no-backup-if-mismatch -r /tmp/deleteme.rej < "$patch"; \
done
RUN [ -z "$GOARCH" ] || export CC=$(echo /*-cross/bin/*-gcc) ;\
echo "Running go vet" && go vet ./... && \
echo "Running go fmt" && ERR=$(gofmt -e -l -s $(find . -name \*.go | grep -v /vendor/)) && \
if [ -n "$ERR" ] ; then echo "go fmt Failed - ERR: "$ERR ; exit 1 ; fi && \
make DISTDIR=/out/opt/zededa/bin build
WORKDIR /
COPY patches/* /sys-patches/
# hadolint ignore=SC1097
RUN set -e && for patch in /sys-patches/*.patch; do \
echo "Applying $patch"; \
patch -p0 < "$patch"; \
done
# hadolint ignore=DL3006
FROM DNSMASQ_TAG as dnsmasq
# hadolint ignore=DL3006
FROM STRONGSWAN_TAG as strongswan
# hadolint ignore=DL3006
FROM GPTTOOLS_TAG as gpttools
FROM scratch
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
COPY --from=build /out/ /
COPY --from=gpttools / /
COPY --from=dnsmasq /usr/sbin/dnsmasq /opt/zededa/bin/dnsmasq
COPY --from=strongswan / /
# We have to make sure configs survive in some location, but they don't pollute
# the default /config (since that is expected to be an empty mount point)
ADD conf/root-certificate.pem conf/server conf/server.production /opt/zededa/examples/config/
ADD scripts/device-steps.sh \
scripts/generate-device.sh \
scripts/generate-self-signed.sh \
scripts/handlezedserverconfig.sh \
scripts/veth.sh \
/opt/zededa/bin/
ADD conf/lisp.config.base /var/tmp/zededa/lisp.config.base
# And now a few local tweaks
COPY rootfs/ /
# We will start experimenting with stripping go binaries on ARM only for now
RUN if [ "$(uname -m)" = "aarch64" ] ; then \
apk add --no-cache findutils binutils file ;\
find / -type f -executable -exec file {} \; | grep 'not stripped' | cut -f1 -d: |\
xargs strip ;\
apk del findutils binutils file ;\
fi
SHELL ["/bin/sh", "-c"]
# FIXME: replace with tini+monit ASAP
WORKDIR /
CMD ["/init.sh"]