forked from gravitational/teleport
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile-centos7
147 lines (128 loc) · 4.51 KB
/
Dockerfile-centos7
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# Build libfido2 separately for isolation, speed and flexibility.
FROM centos:7 AS libfido2
RUN yum groupinstall -y 'Development Tools' && \
yum install -y epel-release && \
yum update -y && \
yum install -y \
cmake3 \
git \
libudev-devel \
zlib-devel && \
yum clean all
# Install libudev-zero.
# libudev-zero replaces systemd's libudev
RUN git clone --depth=1 https://github.com/illiliti/libudev-zero.git -b 1.0.1 && \
cd libudev-zero && \
make install-static LIBDIR='$(PREFIX)/lib64'
# Instal openssl.
# Pulled from source because repository versions are too old.
RUN git clone --depth=1 git://git.openssl.org/openssl.git -b OpenSSL_1_1_1n && \
cd openssl && \
./config --release && \
make && \
make install
# Install libcbor.
RUN git clone --depth=1 https://github.com/PJK/libcbor.git -b v0.9.0 && \
cd libcbor && \
cmake3 \
-DCBOR_CUSTOM_ALLOC=ON \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DWITH_EXAMPLES=OFF . && \
make && \
make install
# Install libfido2.
# Depends on libcbor, openssl, zlib-devel and libudev.
# Linked so `make build/tsh` finds the library where it expects it.
RUN git clone --depth=1 https://github.com/Yubico/libfido2.git -b 1.10.0 && \
cd libfido2 && \
cmake3 \
-DBUILD_EXAMPLES=OFF \
-DBUILD_MANPAGES=OFF \
-DBUILD_TOOLS=OFF \
-DCMAKE_BUILD_TYPE=Release . && \
make && \
make install && \
# Update ld.
echo /usr/local/lib64 > /etc/ld.so.conf.d/libfido2.conf && \
ldconfig
FROM centos:7 AS buildbox
ENV LANGUAGE=en_US.UTF-8 \
LANG=en_US.UTF-8 \
LC_ALL=en_US.UTF-8 \
LC_CTYPE=en_US.UTF-8
ARG GOLANG_VERSION
ARG RUST_VERSION
ARG UID
ARG GID
RUN (groupadd ci --gid=$GID -o && useradd ci --uid=$UID --gid=$GID --create-home --shell=/bin/sh && \
mkdir -p -m0700 /var/lib/teleport && chown -R ci /var/lib/teleport)
RUN yum groupinstall -y 'Development Tools' && \
yum install -y \
git \
libatomic \
net-tools \
pam-devel \
perl-IPC-Cmd \
tree \
zip \
yum clean all
# Install etcd.
RUN (curl -L https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz | tar -xz && \
cp etcd-v3.3.9-linux-amd64/etcd* /bin/)
# Install Go.
RUN mkdir -p /opt && cd /opt && curl https://storage.googleapis.com/golang/$GOLANG_VERSION.linux-amd64.tar.gz | tar xz && \
mkdir -p /go/src/github.com/gravitational/teleport && \
chmod a+w /go && \
chmod a+w /var/lib && \
/opt/go/bin/go version
ENV GOPATH="/go" \
GOROOT="/opt/go" \
PATH="/opt/bin:$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build"
# Install PAM module and policies for testing.
COPY pam/ /opt/pam_teleport/
RUN make -C /opt/pam_teleport install
# Install Rust.
ENV RUSTUP_HOME=/usr/local/rustup \
CARGO_HOME=/usr/local/cargo \
PATH=/usr/local/cargo/bin:$PATH \
RUST_VERSION=$RUST_VERSION
RUN mkdir -p $RUSTUP_HOME && chmod a+w $RUSTUP_HOME && \
mkdir -p $CARGO_HOME/registry && chmod -R a+w $CARGO_HOME
RUN chmod a-w /
USER ci
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION && \
rustup --version && \
cargo --version && \
rustc --version && \
rustup component add --toolchain $RUST_VERSION-x86_64-unknown-linux-gnu rustfmt clippy && \
cargo install cbindgen
# Do a quick switch back to root and copy/setup libfido2 binaries.
# Do this last to take better advantage of the multi-stage build.
USER root
COPY --from=libfido2 /usr/local/include/ /usr/local/include/
COPY --from=libfido2 /usr/local/lib64/pkgconfig/ /usr/local/lib64/pkgconfig/
COPY --from=libfido2 \
/usr/local/lib64/libcbor.a \
/usr/local/lib64/libcrypto.a \
/usr/local/lib64/libcrypto.so.1.1 \
/usr/local/lib64/libfido2.a \
/usr/local/lib64/libfido2.so.1.10.0 \
/usr/local/lib64/libssl.a \
/usr/local/lib64/libssl.so.1.1 \
/usr/local/lib64/libudev.a \
/usr/local/lib64/
RUN cd /usr/local/lib64 && \
# Re-create usual lib64 links.
ln -s libcrypto.so.1.1 libcrypto.so && \
ln -s libfido2.so.1.10.0 libfido2.so.1 && \
ln -s libfido2.so.1 libfido2.so && \
ln -s libssl.so.1.1 libssl.so && \
# Update ld.
echo /usr/local/lib64 > /etc/ld.so.conf.d/libfido2.conf && \
ldconfig
COPY pkgconfig/centos7/ /
ENV PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig"
USER ci
VOLUME ["/go/src/github.com/gravitational/teleport"]
EXPOSE 6600 2379 2380