Browse code
hacky workaround for dockerinit static binary needing libseccomp.a for debs and rpms
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Jessica Frazelle authored on 2015/12/03 04:35:12Showing 10 changed files
- contrib/builder/deb/debian-jessie/Dockerfile
- contrib/builder/deb/generate.sh
- contrib/builder/deb/ubuntu-trusty/Dockerfile
- contrib/builder/deb/ubuntu-vivid/Dockerfile
- contrib/builder/rpm/centos-7/Dockerfile
- contrib/builder/rpm/fedora-21/Dockerfile
- contrib/builder/rpm/fedora-22/Dockerfile
- contrib/builder/rpm/fedora-23/Dockerfile
- contrib/builder/rpm/generate.sh
- contrib/builder/rpm/oraclelinux-7/Dockerfile
| ... | ... |
@@ -4,7 +4,30 @@ |
| 4 | 4 |
|
| 5 | 5 |
FROM debian:jessie |
| 6 | 6 |
|
| 7 |
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* |
|
| 7 |
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* |
|
| 8 |
+ |
|
| 9 |
+ENV SECCOMP_VERSION v2.2.3 |
|
| 10 |
+RUN buildDeps=' \ |
|
| 11 |
+automake \ |
|
| 12 |
+libtool \ |
|
| 13 |
+' \ |
|
| 14 |
+&& set -x \ |
|
| 15 |
+&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \ |
|
| 16 |
+&& rm -rf /var/lib/apt/lists/* \ |
|
| 17 |
+&& export SECCOMP_PATH=$(mktemp -d) \ |
|
| 18 |
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 19 |
+&& ( \ |
|
| 20 |
+cd "$SECCOMP_PATH" \ |
|
| 21 |
+&& ./autogen.sh \ |
|
| 22 |
+&& ./configure --prefix=/usr \ |
|
| 23 |
+&& make \ |
|
| 24 |
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 25 |
+&& chmod 644 /usr/lib/libseccomp.a \ |
|
| 26 |
+&& ranlib /usr/lib/libseccomp.a \ |
|
| 27 |
+&& ldconfig -n /usr/lib \ |
|
| 28 |
+) \ |
|
| 29 |
+&& rm -rf "$SECCOMP_PATH" \ |
|
| 30 |
+&& apt-get purge -y --auto-remove $buildDeps |
|
| 8 | 31 |
|
| 9 | 32 |
ENV GO_VERSION 1.5.1 |
| 10 | 33 |
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
| ... | ... |
@@ -12,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin |
| 12 | 12 |
|
| 13 | 13 |
ENV AUTO_GOPATH 1 |
| 14 | 14 |
|
| 15 |
-ENV DOCKER_BUILDTAGS apparmor selinux |
|
| 15 |
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
| ... | ... |
@@ -68,9 +68,8 @@ for version in "${versions[@]}"; do
|
| 68 | 68 |
esac |
| 69 | 69 |
|
| 70 | 70 |
# debian wheezy & ubuntu precise do not have the right libseccomp libs |
| 71 |
- # debian jessie & ubuntu trusty/vivid do not have a libseccomp.a for compiling static dockerinit |
|
| 72 | 71 |
case "$suite" in |
| 73 |
- jessie|precise|trusty|vivid|wheezy) |
|
| 72 |
+ precise|wheezy) |
|
| 74 | 73 |
packages=( "${packages[@]/libseccomp-dev}" )
|
| 75 | 74 |
;; |
| 76 | 75 |
*) |
| ... | ... |
@@ -105,6 +104,41 @@ for version in "${versions[@]}"; do
|
| 105 | 105 |
|
| 106 | 106 |
echo >> "$version/Dockerfile" |
| 107 | 107 |
|
| 108 |
+ # debian jessie & ubuntu trusty/vivid do not have a libseccomp.a for compiling static dockerinit |
|
| 109 |
+ # ONLY install libseccomp.a from source, this can be removed once dockerinit is removed |
|
| 110 |
+ # TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled |
|
| 111 |
+ case "$suite" in |
|
| 112 |
+ jessie|trusty|vivid) |
|
| 113 |
+ awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
|
|
| 114 |
+ cat <<-'EOF' >> "$version/Dockerfile" |
|
| 115 |
+ RUN buildDeps=' \ |
|
| 116 |
+ automake \ |
|
| 117 |
+ libtool \ |
|
| 118 |
+ ' \ |
|
| 119 |
+ && set -x \ |
|
| 120 |
+ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ |
|
| 121 |
+ && rm -rf /var/lib/apt/lists/* \ |
|
| 122 |
+ && export SECCOMP_PATH=$(mktemp -d) \ |
|
| 123 |
+ && git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 124 |
+ && ( \ |
|
| 125 |
+ cd "$SECCOMP_PATH" \ |
|
| 126 |
+ && ./autogen.sh \ |
|
| 127 |
+ && ./configure --prefix=/usr \ |
|
| 128 |
+ && make \ |
|
| 129 |
+ && install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 130 |
+ && chmod 644 /usr/lib/libseccomp.a \ |
|
| 131 |
+ && ranlib /usr/lib/libseccomp.a \ |
|
| 132 |
+ && ldconfig -n /usr/lib \ |
|
| 133 |
+ ) \ |
|
| 134 |
+ && rm -rf "$SECCOMP_PATH" \ |
|
| 135 |
+ && apt-get purge -y --auto-remove $buildDeps |
|
| 136 |
+ EOF |
|
| 137 |
+ |
|
| 138 |
+ echo >> "$version/Dockerfile" |
|
| 139 |
+ ;; |
|
| 140 |
+ *) ;; |
|
| 141 |
+ esac |
|
| 142 |
+ |
|
| 108 | 143 |
awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
|
| 109 | 144 |
echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
|
| 110 | 145 |
echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile" |
| ... | ... |
@@ -4,7 +4,30 @@ |
| 4 | 4 |
|
| 5 | 5 |
FROM ubuntu:trusty |
| 6 | 6 |
|
| 7 |
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* |
|
| 7 |
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* |
|
| 8 |
+ |
|
| 9 |
+ENV SECCOMP_VERSION v2.2.3 |
|
| 10 |
+RUN buildDeps=' \ |
|
| 11 |
+automake \ |
|
| 12 |
+libtool \ |
|
| 13 |
+' \ |
|
| 14 |
+&& set -x \ |
|
| 15 |
+&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \ |
|
| 16 |
+&& rm -rf /var/lib/apt/lists/* \ |
|
| 17 |
+&& export SECCOMP_PATH=$(mktemp -d) \ |
|
| 18 |
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 19 |
+&& ( \ |
|
| 20 |
+cd "$SECCOMP_PATH" \ |
|
| 21 |
+&& ./autogen.sh \ |
|
| 22 |
+&& ./configure --prefix=/usr \ |
|
| 23 |
+&& make \ |
|
| 24 |
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 25 |
+&& chmod 644 /usr/lib/libseccomp.a \ |
|
| 26 |
+&& ranlib /usr/lib/libseccomp.a \ |
|
| 27 |
+&& ldconfig -n /usr/lib \ |
|
| 28 |
+) \ |
|
| 29 |
+&& rm -rf "$SECCOMP_PATH" \ |
|
| 30 |
+&& apt-get purge -y --auto-remove $buildDeps |
|
| 8 | 31 |
|
| 9 | 32 |
ENV GO_VERSION 1.5.1 |
| 10 | 33 |
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
| ... | ... |
@@ -12,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin |
| 12 | 12 |
|
| 13 | 13 |
ENV AUTO_GOPATH 1 |
| 14 | 14 |
|
| 15 |
-ENV DOCKER_BUILDTAGS apparmor selinux |
|
| 15 |
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
| ... | ... |
@@ -4,7 +4,30 @@ |
| 4 | 4 |
|
| 5 | 5 |
FROM ubuntu:vivid |
| 6 | 6 |
|
| 7 |
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* |
|
| 7 |
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* |
|
| 8 |
+ |
|
| 9 |
+ENV SECCOMP_VERSION v2.2.3 |
|
| 10 |
+RUN buildDeps=' \ |
|
| 11 |
+automake \ |
|
| 12 |
+libtool \ |
|
| 13 |
+' \ |
|
| 14 |
+&& set -x \ |
|
| 15 |
+&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \ |
|
| 16 |
+&& rm -rf /var/lib/apt/lists/* \ |
|
| 17 |
+&& export SECCOMP_PATH=$(mktemp -d) \ |
|
| 18 |
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 19 |
+&& ( \ |
|
| 20 |
+cd "$SECCOMP_PATH" \ |
|
| 21 |
+&& ./autogen.sh \ |
|
| 22 |
+&& ./configure --prefix=/usr \ |
|
| 23 |
+&& make \ |
|
| 24 |
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 25 |
+&& chmod 644 /usr/lib/libseccomp.a \ |
|
| 26 |
+&& ranlib /usr/lib/libseccomp.a \ |
|
| 27 |
+&& ldconfig -n /usr/lib \ |
|
| 28 |
+) \ |
|
| 29 |
+&& rm -rf "$SECCOMP_PATH" \ |
|
| 30 |
+&& apt-get purge -y --auto-remove $buildDeps |
|
| 8 | 31 |
|
| 9 | 32 |
ENV GO_VERSION 1.5.1 |
| 10 | 33 |
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
| ... | ... |
@@ -12,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin |
| 12 | 12 |
|
| 13 | 13 |
ENV AUTO_GOPATH 1 |
| 14 | 14 |
|
| 15 |
-ENV DOCKER_BUILDTAGS apparmor selinux |
|
| 15 |
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
| ... | ... |
@@ -6,7 +6,28 @@ FROM centos:7 |
| 6 | 6 |
|
| 7 | 7 |
RUN yum groupinstall -y "Development Tools" |
| 8 | 8 |
RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs |
| 9 |
-RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 9 |
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 10 |
+ |
|
| 11 |
+ENV SECCOMP_VERSION v2.2.3 |
|
| 12 |
+RUN buildDeps=' \ |
|
| 13 |
+automake \ |
|
| 14 |
+libtool \ |
|
| 15 |
+' \ |
|
| 16 |
+&& set -x \ |
|
| 17 |
+&& yum install -y $buildDeps \ |
|
| 18 |
+&& export SECCOMP_PATH=$(mktemp -d) \ |
|
| 19 |
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 20 |
+&& ( \ |
|
| 21 |
+cd "$SECCOMP_PATH" \ |
|
| 22 |
+&& ./autogen.sh \ |
|
| 23 |
+&& ./configure --prefix=/usr \ |
|
| 24 |
+&& make \ |
|
| 25 |
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 26 |
+&& chmod 644 /usr/lib/libseccomp.a \ |
|
| 27 |
+&& ranlib /usr/lib/libseccomp.a \ |
|
| 28 |
+&& ldconfig -n /usr/lib \ |
|
| 29 |
+) \ |
|
| 30 |
+&& rm -rf "$SECCOMP_PATH" |
|
| 10 | 31 |
|
| 11 | 32 |
ENV GO_VERSION 1.5.1 |
| 12 | 33 |
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
| ... | ... |
@@ -14,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin |
| 14 | 14 |
|
| 15 | 15 |
ENV AUTO_GOPATH 1 |
| 16 | 16 |
|
| 17 |
-ENV DOCKER_BUILDTAGS selinux |
|
| 17 |
+ENV DOCKER_BUILDTAGS seccomp selinux |
| ... | ... |
@@ -5,7 +5,28 @@ |
| 5 | 5 |
FROM fedora:21 |
| 6 | 6 |
|
| 7 | 7 |
RUN yum install -y @development-tools fedora-packager |
| 8 |
-RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 8 |
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 9 |
+ |
|
| 10 |
+ENV SECCOMP_VERSION v2.2.3 |
|
| 11 |
+RUN buildDeps=' \ |
|
| 12 |
+automake \ |
|
| 13 |
+libtool \ |
|
| 14 |
+' \ |
|
| 15 |
+&& set -x \ |
|
| 16 |
+&& yum install -y $buildDeps \ |
|
| 17 |
+&& export SECCOMP_PATH=$(mktemp -d) \ |
|
| 18 |
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 19 |
+&& ( \ |
|
| 20 |
+cd "$SECCOMP_PATH" \ |
|
| 21 |
+&& ./autogen.sh \ |
|
| 22 |
+&& ./configure --prefix=/usr \ |
|
| 23 |
+&& make \ |
|
| 24 |
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 25 |
+&& chmod 644 /usr/lib/libseccomp.a \ |
|
| 26 |
+&& ranlib /usr/lib/libseccomp.a \ |
|
| 27 |
+&& ldconfig -n /usr/lib \ |
|
| 28 |
+) \ |
|
| 29 |
+&& rm -rf "$SECCOMP_PATH" |
|
| 9 | 30 |
|
| 10 | 31 |
ENV GO_VERSION 1.5.1 |
| 11 | 32 |
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
| ... | ... |
@@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin |
| 13 | 13 |
|
| 14 | 14 |
ENV AUTO_GOPATH 1 |
| 15 | 15 |
|
| 16 |
-ENV DOCKER_BUILDTAGS selinux |
|
| 16 |
+ENV DOCKER_BUILDTAGS seccomp selinux |
| ... | ... |
@@ -5,7 +5,28 @@ |
| 5 | 5 |
FROM fedora:22 |
| 6 | 6 |
|
| 7 | 7 |
RUN dnf install -y @development-tools fedora-packager |
| 8 |
-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 8 |
+RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 9 |
+ |
|
| 10 |
+ENV SECCOMP_VERSION v2.2.3 |
|
| 11 |
+RUN buildDeps=' \ |
|
| 12 |
+automake \ |
|
| 13 |
+libtool \ |
|
| 14 |
+' \ |
|
| 15 |
+&& set -x \ |
|
| 16 |
+&& yum install -y $buildDeps \ |
|
| 17 |
+&& export SECCOMP_PATH=$(mktemp -d) \ |
|
| 18 |
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 19 |
+&& ( \ |
|
| 20 |
+cd "$SECCOMP_PATH" \ |
|
| 21 |
+&& ./autogen.sh \ |
|
| 22 |
+&& ./configure --prefix=/usr \ |
|
| 23 |
+&& make \ |
|
| 24 |
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 25 |
+&& chmod 644 /usr/lib/libseccomp.a \ |
|
| 26 |
+&& ranlib /usr/lib/libseccomp.a \ |
|
| 27 |
+&& ldconfig -n /usr/lib \ |
|
| 28 |
+) \ |
|
| 29 |
+&& rm -rf "$SECCOMP_PATH" |
|
| 9 | 30 |
|
| 10 | 31 |
ENV GO_VERSION 1.5.1 |
| 11 | 32 |
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
| ... | ... |
@@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin |
| 13 | 13 |
|
| 14 | 14 |
ENV AUTO_GOPATH 1 |
| 15 | 15 |
|
| 16 |
-ENV DOCKER_BUILDTAGS selinux |
|
| 16 |
+ENV DOCKER_BUILDTAGS seccomp selinux |
| ... | ... |
@@ -5,7 +5,28 @@ |
| 5 | 5 |
FROM fedora:23 |
| 6 | 6 |
|
| 7 | 7 |
RUN dnf install -y @development-tools fedora-packager |
| 8 |
-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 8 |
+RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 9 |
+ |
|
| 10 |
+ENV SECCOMP_VERSION v2.2.3 |
|
| 11 |
+RUN buildDeps=' \ |
|
| 12 |
+automake \ |
|
| 13 |
+libtool \ |
|
| 14 |
+' \ |
|
| 15 |
+&& set -x \ |
|
| 16 |
+&& yum install -y $buildDeps \ |
|
| 17 |
+&& export SECCOMP_PATH=$(mktemp -d) \ |
|
| 18 |
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 19 |
+&& ( \ |
|
| 20 |
+cd "$SECCOMP_PATH" \ |
|
| 21 |
+&& ./autogen.sh \ |
|
| 22 |
+&& ./configure --prefix=/usr \ |
|
| 23 |
+&& make \ |
|
| 24 |
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 25 |
+&& chmod 644 /usr/lib/libseccomp.a \ |
|
| 26 |
+&& ranlib /usr/lib/libseccomp.a \ |
|
| 27 |
+&& ldconfig -n /usr/lib \ |
|
| 28 |
+) \ |
|
| 29 |
+&& rm -rf "$SECCOMP_PATH" |
|
| 9 | 30 |
|
| 10 | 31 |
ENV GO_VERSION 1.5.1 |
| 11 | 32 |
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
| ... | ... |
@@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin |
| 13 | 13 |
|
| 14 | 14 |
ENV AUTO_GOPATH 1 |
| 15 | 15 |
|
| 16 |
-ENV DOCKER_BUILDTAGS selinux |
|
| 16 |
+ENV DOCKER_BUILDTAGS seccomp selinux |
| ... | ... |
@@ -84,9 +84,8 @@ for version in "${versions[@]}"; do
|
| 84 | 84 |
esac |
| 85 | 85 |
|
| 86 | 86 |
# opensuse & oraclelinx:6 do not have the right libseccomp libs |
| 87 |
- # centos, fedora, & oraclelinux:7 do not have a libseccomp.a for compiling static dockerinit |
|
| 88 | 87 |
case "$from" in |
| 89 |
- centos:*|fedora:*|opensuse:*|oraclelinux:*) |
|
| 88 |
+ opensuse:*|oraclelinux:6) |
|
| 90 | 89 |
packages=( "${packages[@]/libseccomp-devel}" )
|
| 91 | 90 |
;; |
| 92 | 91 |
*) |
| ... | ... |
@@ -107,6 +106,39 @@ for version in "${versions[@]}"; do
|
| 107 | 107 |
|
| 108 | 108 |
echo >> "$version/Dockerfile" |
| 109 | 109 |
|
| 110 |
+ # centos, fedora, & oraclelinux:7 do not have a libseccomp.a for compiling static dockerinit |
|
| 111 |
+ # ONLY install libseccomp.a from source, this can be removed once dockerinit is removed |
|
| 112 |
+ # TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled |
|
| 113 |
+ case "$from" in |
|
| 114 |
+ opensuse:*|oraclelinux:6) ;; |
|
| 115 |
+ *) |
|
| 116 |
+ awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
|
|
| 117 |
+ cat <<-'EOF' >> "$version/Dockerfile" |
|
| 118 |
+ RUN buildDeps=' \ |
|
| 119 |
+ automake \ |
|
| 120 |
+ libtool \ |
|
| 121 |
+ ' \ |
|
| 122 |
+ && set -x \ |
|
| 123 |
+ && yum install -y $buildDeps \ |
|
| 124 |
+ && export SECCOMP_PATH=$(mktemp -d) \ |
|
| 125 |
+ && git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 126 |
+ && ( \ |
|
| 127 |
+ cd "$SECCOMP_PATH" \ |
|
| 128 |
+ && ./autogen.sh \ |
|
| 129 |
+ && ./configure --prefix=/usr \ |
|
| 130 |
+ && make \ |
|
| 131 |
+ && install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 132 |
+ && chmod 644 /usr/lib/libseccomp.a \ |
|
| 133 |
+ && ranlib /usr/lib/libseccomp.a \ |
|
| 134 |
+ && ldconfig -n /usr/lib \ |
|
| 135 |
+ ) \ |
|
| 136 |
+ && rm -rf "$SECCOMP_PATH" |
|
| 137 |
+ EOF |
|
| 138 |
+ |
|
| 139 |
+ echo >> "$version/Dockerfile" |
|
| 140 |
+ ;; |
|
| 141 |
+ esac |
|
| 142 |
+ |
|
| 110 | 143 |
awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
|
| 111 | 144 |
echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
|
| 112 | 145 |
echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile" |
| ... | ... |
@@ -5,7 +5,28 @@ |
| 5 | 5 |
FROM oraclelinux:7 |
| 6 | 6 |
|
| 7 | 7 |
RUN yum groupinstall -y "Development Tools" |
| 8 |
-RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 8 |
+RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar |
|
| 9 |
+ |
|
| 10 |
+ENV SECCOMP_VERSION v2.2.3 |
|
| 11 |
+RUN buildDeps=' \ |
|
| 12 |
+automake \ |
|
| 13 |
+libtool \ |
|
| 14 |
+' \ |
|
| 15 |
+&& set -x \ |
|
| 16 |
+&& yum install -y $buildDeps \ |
|
| 17 |
+&& export SECCOMP_PATH=$(mktemp -d) \ |
|
| 18 |
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ |
|
| 19 |
+&& ( \ |
|
| 20 |
+cd "$SECCOMP_PATH" \ |
|
| 21 |
+&& ./autogen.sh \ |
|
| 22 |
+&& ./configure --prefix=/usr \ |
|
| 23 |
+&& make \ |
|
| 24 |
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ |
|
| 25 |
+&& chmod 644 /usr/lib/libseccomp.a \ |
|
| 26 |
+&& ranlib /usr/lib/libseccomp.a \ |
|
| 27 |
+&& ldconfig -n /usr/lib \ |
|
| 28 |
+) \ |
|
| 29 |
+&& rm -rf "$SECCOMP_PATH" |
|
| 9 | 30 |
|
| 10 | 31 |
ENV GO_VERSION 1.5.1 |
| 11 | 32 |
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
| ... | ... |
@@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin |
| 13 | 13 |
|
| 14 | 14 |
ENV AUTO_GOPATH 1 |
| 15 | 15 |
|
| 16 |
-ENV DOCKER_BUILDTAGS selinux |
|
| 16 |
+ENV DOCKER_BUILDTAGS seccomp selinux |