Browse code
seccomp support for debian jessie
Based on jessie-backports.
Signed-off-by: Boris Pruessmann <boris@pruessmann.org>
Boris Pruessmann authored on 2017/03/04 16:27:35Showing 2 changed files
| ... | ... |
@@ -5,7 +5,7 @@ |
| 5 | 5 |
FROM aarch64/debian:jessie |
| 6 | 6 |
|
| 7 | 7 |
RUN echo deb http://ftp.debian.org/debian jessie-backports main > /etc/apt/sources.list.d/backports.list |
| 8 |
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev golang-1.6-go --no-install-recommends && rm -rf /var/lib/apt/lists/* |
|
| 8 |
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev golang-1.6-go libseccomp-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* |
|
| 9 | 9 |
|
| 10 | 10 |
RUN update-alternatives --install /usr/bin/go go /usr/lib/go-1.6/bin/go 100 |
| 11 | 11 |
|
| ... | ... |
@@ -21,5 +21,5 @@ ENV PATH /usr/src/go/bin:$PATH |
| 21 | 21 |
|
| 22 | 22 |
ENV AUTO_GOPATH 1 |
| 23 | 23 |
|
| 24 |
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux |
|
| 25 |
-ENV RUNC_BUILDTAGS apparmor selinux |
|
| 24 |
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux seccomp |
|
| 25 |
+ENV RUNC_BUILDTAGS apparmor selinux seccomp |
| ... | ... |
@@ -61,7 +61,7 @@ for version in "${versions[@]}"; do
|
| 61 | 61 |
) |
| 62 | 62 |
|
| 63 | 63 |
case "$suite" in |
| 64 |
- jessie|trusty) |
|
| 64 |
+ trusty) |
|
| 65 | 65 |
packages+=( libsystemd-journal-dev ) |
| 66 | 66 |
# aarch64 doesn't have an official downloadable binary for go. |
| 67 | 67 |
# And gccgo for trusty only includes Go 1.2 implementation which |
| ... | ... |
@@ -69,9 +69,20 @@ for version in "${versions[@]}"; do
|
| 69 | 69 |
# golang-1.6-go package can be used as bootstrap. |
| 70 | 70 |
packages+=( golang-1.6-go ) |
| 71 | 71 |
;; |
| 72 |
+ jessie) |
|
| 73 |
+ packages+=( libsystemd-journal-dev ) |
|
| 74 |
+ # aarch64 doesn't have an official downloadable binary for go. |
|
| 75 |
+ # And gccgo for jessie only includes Go 1.2 implementation which |
|
| 76 |
+ # is too old to build current go source, fortunately jessie backports |
|
| 77 |
+ # has golang-1.6-go package can be used as bootstrap. |
|
| 78 |
+ packages+=( golang-1.6-go libseccomp-dev ) |
|
| 79 |
+ |
|
| 80 |
+ dockerBuildTags="$dockerBuildTags seccomp" |
|
| 81 |
+ runcBuildTags="$runcBuildTags seccomp" |
|
| 82 |
+ ;; |
|
| 72 | 83 |
stretch|xenial) |
| 73 | 84 |
packages+=( libsystemd-dev ) |
| 74 |
- packages+=( golang-go libseccomp-dev) |
|
| 85 |
+ packages+=( golang-go libseccomp-dev ) |
|
| 75 | 86 |
|
| 76 | 87 |
dockerBuildTags="$dockerBuildTags seccomp" |
| 77 | 88 |
runcBuildTags="$runcBuildTags seccomp" |
| ... | ... |
@@ -83,13 +94,13 @@ for version in "${versions[@]}"; do
|
| 83 | 83 |
;; |
| 84 | 84 |
esac |
| 85 | 85 |
|
| 86 |
- case "$suite" in |
|
| 87 |
- jessie) |
|
| 88 |
- echo 'RUN echo deb http://ftp.debian.org/debian jessie-backports main > /etc/apt/sources.list.d/backports.list' >> "$version/Dockerfile" |
|
| 89 |
- ;; |
|
| 90 |
- *) |
|
| 91 |
- ;; |
|
| 92 |
- esac |
|
| 86 |
+ case "$suite" in |
|
| 87 |
+ jessie) |
|
| 88 |
+ echo 'RUN echo deb http://ftp.debian.org/debian jessie-backports main > /etc/apt/sources.list.d/backports.list' >> "$version/Dockerfile" |
|
| 89 |
+ ;; |
|
| 90 |
+ *) |
|
| 91 |
+ ;; |
|
| 92 |
+ esac |
|
| 93 | 93 |
|
| 94 | 94 |
# update and install packages |
| 95 | 95 |
echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
|