diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:41:52 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:41:52 +0000 |
commit | de8bf9112695763664912e340b265fa898188460 (patch) | |
tree | 9bcd5f8d45fc3b81174d3de8abfd573b68e9d7f6 /scripts | |
parent | Adding debian version 3.2.3+dfsg-2. (diff) | |
download | freeradius-de8bf9112695763664912e340b265fa898188460.tar.xz freeradius-de8bf9112695763664912e340b265fa898188460.zip |
Merging upstream version 3.2.5+dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
58 files changed, 2356 insertions, 814 deletions
diff --git a/scripts/ci/eapol_test-build.sh b/scripts/ci/eapol_test-build.sh index 42397e2..9e1dcd6 100755 --- a/scripts/ci/eapol_test-build.sh +++ b/scripts/ci/eapol_test-build.sh @@ -109,6 +109,9 @@ fi cp "$BUILD_CONF_FILE" "$WPA_SUPPLICANT_DIR/.config" +# Don't crash out on build warnings, some newer GCC versions are quite picky +sed -i -e 's/-Werror//' "${WPA_SUPPLICANT_DIR}/Makefile" + if ! make -C "${WPA_SUPPLICANT_DIR}" -j8 eapol_test 1>&2 || [ ! -e "${WPA_SUPPLICANT_DIR}/eapol_test" ]; then echo "Build error" 1>&2 if [ -z "${BUILD_DIR}" ]; then rm -rf "$TMP_BUILD_DIR"; fi diff --git a/scripts/ci/package-test.mk b/scripts/ci/package-test.mk index 417784b..b20e4d4 100644 --- a/scripts/ci/package-test.mk +++ b/scripts/ci/package-test.mk @@ -38,4 +38,5 @@ MAKE_ARGS := RADIUSD_BIN=$(RADIUSD_BIN) PORT=$(PORT) SECRET="$(SECRET)" DICT_PAT .PHONY: package-test package-test: + cp -r $(RADDB_PATH)/certs/* raddb/certs $(MAKE) -C src/tests $(MAKE_ARGS) tests.eap diff --git a/scripts/crossbuild/README.md b/scripts/crossbuild/README.md index 0bcc2c4..a5dc205 100644 --- a/scripts/crossbuild/README.md +++ b/scripts/crossbuild/README.md @@ -8,6 +8,9 @@ different operating systems, using Docker. The primary purpose is for developers to easily test FreeRADIUS on different systems. +**Do not use this for running FreeRADIUS in production - see +`scripts/docker` instead.** + ## Common Usage @@ -24,7 +27,7 @@ least on the first run): make crossbuild -or for the most common systems (Debian, Ubuntu, CentOS): +or for the most common systems (Debian, Ubuntu, CentOS, Rocky): make crossbuild.common @@ -41,7 +44,9 @@ The Docker containers are left running, and may be stopped with make crossbuild.down The system tries to be as efficient as possible, so will not -rebuild from scratch every time. +rebuild the Docker images from scratch every time, but use an +existing image and copy just the latest git commits in for +testing. ## Global make targets @@ -49,47 +54,47 @@ rebuild from scratch every time. The following targets will operate on the crossbuild system globally, or on all images (unless otherwise stated): + - `make crossbuild` -### `make crossbuild` - -Create all docker images (if required), start them, build and test -FreeRADIUS. + Create all docker images (if required), start them, build and + test FreeRADIUS. -### `make crossbuild.common` + - `make crossbuild.common` -As `make crossbuild`, but only build and test the most common -systems. + As `make crossbuild`, but only build and test the most common + systems. -### `make crossbuild.info` + - `make crossbuild.info` -List all systems, together with the expected state. See -`crossbuild.reset`. + List all systems, together with the expected state. See + `crossbuild.reset`. -### `make crossbuild.down` + - `make crossbuild.down` -Stop all containers. + Stop all containers. -### `make crossbuild.reset` + - `make crossbuild.reset` -If containers are stopped or started outside Docker, crossbuild -may get confused. This will clear the internal state which should -try and start everything from be beginning again. + If containers are stopped or started outside Docker, + crossbuild may get confused. This will clear the internal + state which should try and start everything from be beginning + again. -### `make crossbuild.clean` + - `make crossbuild.clean` -Bring down all containers, clear state. This is a general "tidy -up". + Bring down all containers, clear state. This is a general + "tidy up". -### `make crossbuild.wipe` + - `make crossbuild.wipe` -Don't just stop, but destroy all crossbuild docker images. This -will mean they need to be recreated again upon next use. + Don't just stop, but destroy all crossbuild docker images. + This will mean they need to be recreated again upon next use. ## Per-image make targets @@ -116,7 +121,16 @@ Docker images will be created with names in the form: freeradius-build/debian10 -whil containers will have names like: +while containers will have names like: fr-crossbuild-debian10 + +## Re-generating Dockerfiles + +The Dockerfiles used for crossbuild are generated from m4 +templates. To regenerate one use `make crossbuild.IMAGE.regen`, or +`make crossbuild.regen` to generate them all. The m4 templates are +stored in `scripts/crossbuild/m4/`. This will usually only need to +be used to add a new operating system, not during standard build +testing. diff --git a/scripts/crossbuild/crossbuild.mk b/scripts/crossbuild/crossbuild.mk index da96506..599a34c 100644 --- a/scripts/crossbuild/crossbuild.mk +++ b/scripts/crossbuild/crossbuild.mk @@ -11,13 +11,19 @@ else # # Short list of common builds # -CB_COMMON:=centos7 debian10 ubuntu18 +CB_COMMON:=centos7 rocky9 debian11 ubuntu20 + +# Where to put stamp files (subdirectory of where this makefile is) +CB_DIR:=$(dir $(realpath $(lastword $(MAKEFILE_LIST)))) # Where the docker directories are -DT:=scripts/crossbuild/docker +DT:=$(CB_DIR)/docker # Where to put stamp files (subdirectory of where this makefile is) -DD:=$(dir $(realpath $(lastword $(MAKEFILE_LIST))))/build +DD:=$(CB_DIR)/build + +# Location of top-level m4 template +DOCKER_TMPL:=$(CB_DIR)/../docker/m4/Dockerfile.m4 # List of all the docker images (sorted for "crossbuild.info") CB_IMAGES:=$(sort $(patsubst $(DT)/%,%,$(wildcard $(DT)/*))) @@ -99,6 +105,11 @@ crossbuild.clean: $(foreach IMG,${CB_IMAGES},crossbuild.${IMG}.clean) crossbuild.wipe: $(foreach IMG,${CB_IMAGES},crossbuild.${IMG}.wipe) # +# Regenerate all Dockerfiles from m4 templates +# +crossbuild.regen: $(foreach IMG,${CB_IMAGES},crossbuild.${IMG}.regen) + +# # Define rules for building a particular image # define CROSSBUILD_IMAGE_RULE @@ -145,6 +156,7 @@ crossbuild.${1}.up: $(DD)/stamp-up.${1} $(DD)/docker.refresh.${1}: $(DD)/stamp-up.${1} ${Q}echo "REFRESH ${1}" ${Q}docker container exec $(CB_CPREFIX)${1} sh -c 'rsync -a /srv/src/ /srv/local-src/' + ${Q}docker container exec $(CB_CPREFIX)${1} sh -c 'git config --global --add safe.directory /srv/local-src' ${Q}docker container exec $(CB_CPREFIX)${1} sh -c 'git config -f /srv/local-src/config core.bare true' ${Q}docker container exec $(CB_CPREFIX)${1} sh -c 'git config -f /srv/local-src/config --unset core.worktree || true' ${Q}docker container exec $(CB_CPREFIX)${1} sh -c '[ -d /srv/build ] || git clone /srv/local-src /srv/build' @@ -218,6 +230,16 @@ crossbuild.${1}.wipe: crossbuild.${1}.refresh: $(DD)/docker.refresh.${1} # +# Regenerate the image Dockerfile from the m4 templates +# +.PHONY: crossbuild.${1}.regen +crossbuild.${1}.regen: $(DT)/${1}/Dockerfile + +$(DT)/${1}/Dockerfile: $(DOCKER_TMPL) $(CB_DIR)/m4/Dockerfile.deb.m4 $(CB_DIR)/m4/Dockerfile.rpm.m4 + ${Q}echo REGEN ${1} + ${Q}m4 -I $(CB_DIR)/m4 -D D_NAME=${1} -D D_TYPE=crossbuild $$< > $$@ + +# # Run the build test # .PHONY: crossbuild.${1} diff --git a/scripts/crossbuild/docker/centos7/Dockerfile b/scripts/crossbuild/docker/centos7/Dockerfile index 2f9e4ac..91f25b3 100644 --- a/scripts/crossbuild/docker/centos7/Dockerfile +++ b/scripts/crossbuild/docker/centos7/Dockerfile @@ -1,16 +1,32 @@ -FROM centos:centos7 +# Auto generated for centos7 +# from scripts/crossbuild/m4/Dockerfile.rpm.m4 +# +# Rebuild this file with `make crossbuild.centos7.regen` +# +ARG from=centos:7 +FROM ${from} as build + +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* + # # Install devtools like make and git and the EPEL # repository for freetds and hiredis # RUN yum update -y -RUN yum install -y rpmdevtools openssl epel-release git yum-utils rsync +RUN yum install -y rpmdevtools openssl epel-release git procps yum-utils \ + rsync # # Install GCC that has the requisite support for C11 keywords and atomics # RUN yum install -y centos-release-scl +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* RUN yum install -y devtoolset-8-gcc devtoolset-8-gcc-c++ ENV CC=/opt/rh/devtoolset-8/root/usr/bin/gcc @@ -21,6 +37,8 @@ ENV CC=/opt/rh/devtoolset-8/root/usr/bin/gcc RUN rm /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo RUN rm /etc/yum.repos.d/CentOS-SCLo-scl.repo + + # # Documentation build dependecies # @@ -28,12 +46,11 @@ RUN rm /etc/yum.repos.d/CentOS-SCLo-scl.repo # - doxygen & JSON.pm RUN yum install -y doxygen graphviz perl-JSON # - antora (npm needed) -RUN curl -sL https://rpm.nodesource.com/setup_10.x | bash - +RUN curl -sL https://rpm.nodesource.com/setup_16.x | bash - RUN yum install -y nodejs -RUN npm i -g @antora/cli@2.1 @antora/site-generator-default@2.1 +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 # - pandoc RUN curl -o - -L $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*tar.gz" | cut -d '"' -f 4) | tar xzvf - -C /tmp/ -# " RUN mv /tmp/pandoc-*/bin/* /usr/local/bin # - asciidoctor RUN yum install -y rubygems-devel @@ -67,6 +84,7 @@ RUN git clone --depth 1 --no-single-branch ${source} # # Install build dependencies for all branches from v3 onwards # Nodesource has issues (no SRPMS in some repos) and is not needed here +# CentOS/RHEL 7 do not support "-D" for yum-builddep so do that separately below if needed # WORKDIR freeradius-server RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ @@ -75,6 +93,11 @@ RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin [ -e redhat/freeradius.spec ] && yum-builddep --disablerepo="nodesource*" -y redhat/freeradius.spec; \ done +# Yubikey deps for CentOS/RHEL 7 +RUN yum install -y ykclient-devel ykclient + +RUN yum install -y libyubikey-devel + # # Which is required by fixture setup utilities # @@ -85,8 +108,8 @@ RUN yum install -y which # RUN yum install -y libnl3-devel + # # Create the RPM build tree # -ENV BUILDDIR=/root/rpmbuild RUN rpmdev-setuptree diff --git a/scripts/crossbuild/docker/debian10/Dockerfile b/scripts/crossbuild/docker/debian10/Dockerfile index 3eb13a7..03a9ce5 100644 --- a/scripts/crossbuild/docker/debian10/Dockerfile +++ b/scripts/crossbuild/docker/debian10/Dockerfile @@ -1,8 +1,10 @@ -FROM debian:buster - -ARG gccver=8 -ARG clangver=8 -ARG osname=buster +# Auto generated for debian10 +# from scripts/crossbuild/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make crossbuild.debian10.regen` +# +ARG from=debian:buster +FROM ${from} as build ARG DEBIAN_FRONTEND=noninteractive @@ -15,14 +17,14 @@ RUN apt-get update && \ rm -r /var/lib/apt/lists/* # For clang -RUN add-apt-repository -y "deb http://apt.llvm.org/${osname}/ llvm-toolchain-${osname}-${clangver} main" && \ +RUN add-apt-repository -y "deb http://apt.llvm.org/buster/ llvm-toolchain-buster-8 main" && \ apt-key adv --fetch-keys http://apt.llvm.org/llvm-snapshot.gpg.key RUN apt-get update && \ # Development utilities apt-get install -y devscripts equivs git quilt rsync && \ # Compilers - apt-get install -y g++-${gccver} llvm-${clangver} clang-${clangver} lldb-${clangver} && \ + apt-get install -y g++ llvm-8 clang-8 lldb-8 && \ # eapol_test dependencies apt-get install -y libnl-3-dev libnl-genl-3-dev @@ -33,9 +35,9 @@ RUN apt-get update && \ # - doxygen & JSON.pm RUN apt-get install -y doxygen graphviz libjson-perl # - antora (npm needed) -RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - RUN apt-get install -y nodejs -RUN npm i -g @antora/cli@2.1 @antora/site-generator-default@2.1 +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 # - pandoc WORKDIR /tmp RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4) @@ -44,15 +46,13 @@ RUN apt-get install -y ./pandoc-*.deb RUN apt-get install -y ruby-dev RUN gem install asciidoctor -# set default things -RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${gccver} 50 \ - --slave /usr/bin/g++ g++ /usr/bin/g++-${gccver} && \ - update-alternatives --config gcc - -RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${clangver} 60 && \ +# +# Set defaults +# +RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-8 60 && \ update-alternatives --config clang -RUN update-alternatives --install /usr/bin/lldb lldb /usr/bin/lldb-${clangver} 60 && \ +RUN update-alternatives --install /usr/bin/lldb lldb /usr/bin/lldb-8 60 && \ update-alternatives --config lldb @@ -70,20 +70,16 @@ WORKDIR /usr/local/src/repositories ARG source=https://github.com/FreeRADIUS/freeradius-server.git RUN git clone --depth 1 --no-single-branch ${source} - # -# Install build dependencies for all v3 branches +# Install build dependencies for all branches from v3 onwards # WORKDIR freeradius-server -RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^v3\..*\.x");\ +RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ do \ git checkout $i; \ if [ -e ./debian/control.in ] ; then \ debian/rules debian/control ; \ fi ; \ - echo Installing dependencies for $i ; \ - mk-build-deps debian/control ; \ - apt-get --no-install-recommends -y -V install ./freeradius-build-deps*.deb || true ; \ - apt-get -y -f remove freeradius-build-deps libiodbc2-dev || true ; \ - rm ./freeradius-build-deps*.deb ; \ + echo 'y' | \ + mk-build-deps -irt'apt-get -yV' debian/control ; \ done diff --git a/scripts/crossbuild/docker/ubuntu16/Dockerfile b/scripts/crossbuild/docker/debian11/Dockerfile index dbec6f9..0a77893 100644 --- a/scripts/crossbuild/docker/ubuntu16/Dockerfile +++ b/scripts/crossbuild/docker/debian11/Dockerfile @@ -1,8 +1,10 @@ -FROM ubuntu:16.04 - -ARG gccver=4.9 -ARG clangver=5.0 -ARG osname=xenial +# Auto generated for debian11 +# from scripts/crossbuild/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make crossbuild.debian11.regen` +# +ARG from=debian:bullseye +FROM ${from} as build ARG DEBIAN_FRONTEND=noninteractive @@ -10,24 +12,16 @@ ARG DEBIAN_FRONTEND=noninteractive # Install add-apt-repository # RUN apt-get update && \ - apt-get install -y software-properties-common python-software-properties apt-transport-https curl && \ + apt-get install -y software-properties-common gnupg2 procps && \ apt-get clean && \ rm -r /var/lib/apt/lists/* -# Requires GCC-4.9 as it has support for C11 keywords and atomics - -# For clang -RUN add-apt-repository -y "deb http://apt.llvm.org/${osname}/ llvm-toolchain-${osname}-${clangver} main" && \ - curl -o /tmp/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key && \ - apt-key add /tmp/llvm-snapshot.gpg.key && \ -# For GCC - add-apt-repository -y ppa:ubuntu-toolchain-r/test RUN apt-get update && \ # Development utilities apt-get install -y devscripts equivs git quilt rsync && \ # Compilers - apt-get install -y g++-${gccver} llvm-${clangver} clang-${clangver} lldb-${clangver} && \ + apt-get install -y g++ llvm clang lldb && \ # eapol_test dependencies apt-get install -y libnl-3-dev libnl-genl-3-dev @@ -38,9 +32,9 @@ RUN apt-get update && \ # - doxygen & JSON.pm RUN apt-get install -y doxygen graphviz libjson-perl # - antora (npm needed) -RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - RUN apt-get install -y nodejs -RUN npm i -g @antora/cli@2.1 @antora/site-generator-default@2.1 +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 # - pandoc WORKDIR /tmp RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4) @@ -49,16 +43,6 @@ RUN apt-get install -y ./pandoc-*.deb RUN apt-get install -y ruby-dev RUN gem install asciidoctor -# set default things -RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${gccver} 50 \ - --slave /usr/bin/g++ g++ /usr/bin/g++-${gccver} && \ - update-alternatives --config gcc - -RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${clangver} 60 && \ - update-alternatives --config clang - -RUN update-alternatives --install /usr/bin/lldb lldb /usr/bin/lldb-${clangver} 60 && \ - update-alternatives --config lldb # @@ -82,5 +66,9 @@ WORKDIR freeradius-server RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ do \ git checkout $i; \ - if [ -e ./debian/control.in ] ; then debian/rules debian/control ; fi ; echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control ; \ + if [ -e ./debian/control.in ] ; then \ + debian/rules debian/control ; \ + fi ; \ + echo 'y' | \ + mk-build-deps -irt'apt-get -yV' debian/control ; \ done diff --git a/scripts/crossbuild/docker/debian12/Dockerfile b/scripts/crossbuild/docker/debian12/Dockerfile new file mode 100644 index 0000000..78eb501 --- /dev/null +++ b/scripts/crossbuild/docker/debian12/Dockerfile @@ -0,0 +1,74 @@ +# Auto generated for debian12 +# from scripts/crossbuild/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make crossbuild.debian12.regen` +# +ARG from=debian:bookworm +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install add-apt-repository +# +RUN apt-get update && \ + apt-get install -y software-properties-common gnupg2 procps && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + + +RUN apt-get update && \ +# Development utilities + apt-get install -y devscripts equivs git quilt rsync && \ +# Compilers + apt-get install -y g++ llvm clang lldb && \ +# eapol_test dependencies + apt-get install -y libnl-3-dev libnl-genl-3-dev + +# +# Documentation build dependecies +# + +# - doxygen & JSON.pm +RUN apt-get install -y doxygen graphviz libjson-perl +# - antora (npm needed) +RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - +RUN apt-get install -y nodejs +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 +# - pandoc +WORKDIR /tmp +RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4) +RUN apt-get install -y ./pandoc-*.deb +# - asciidoctor +RUN apt-get install -y ruby-dev +RUN gem install asciidoctor + + + +# +# Setup a src dir in /usr/local +# +RUN mkdir -p /usr/local/src/repositories +WORKDIR /usr/local/src/repositories + + +# +# Shallow clone the FreeRADIUS source +# +WORKDIR /usr/local/src/repositories +ARG source=https://github.com/FreeRADIUS/freeradius-server.git +RUN git clone --depth 1 --no-single-branch ${source} + +# +# Install build dependencies for all branches from v3 onwards +# +WORKDIR freeradius-server +RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ + do \ + git checkout $i; \ + if [ -e ./debian/control.in ] ; then \ + debian/rules debian/control ; \ + fi ; \ + echo 'y' | \ + mk-build-deps -irt'apt-get -yV' debian/control ; \ + done diff --git a/scripts/crossbuild/docker/debian8/Dockerfile b/scripts/crossbuild/docker/debian8/Dockerfile deleted file mode 100644 index 094faa3..0000000 --- a/scripts/crossbuild/docker/debian8/Dockerfile +++ /dev/null @@ -1,84 +0,0 @@ -FROM debian:jessie - -ARG gccver=4.9 -ARG clangver=5.0 -ARG osname=jessie - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install add-apt-repository -# -RUN apt-get update && \ - apt-get install -y software-properties-common python-software-properties apt-transport-https curl && \ - apt-get clean && \ - rm -r /var/lib/apt/lists/* - -# Requires GCC-4.9 as it has support for C11 keywords and atomics - -# For clang -RUN add-apt-repository -y "deb http://apt.llvm.org/${osname}/ llvm-toolchain-${osname}-${clangver} main" && \ - curl -o /tmp/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key && \ - apt-key add /tmp/llvm-snapshot.gpg.key - -RUN apt-get update && \ -# Development utilities - apt-get install -y devscripts equivs git quilt rsync && \ -# Compilers - apt-get install -y g++-${gccver} llvm-${clangver} clang-${clangver} lldb-${clangver} && \ -# eapol_test dependencies - apt-get install -y libnl-3-dev libnl-genl-3-dev - -# -# Documentation build dependecies -# - -# - doxygen & JSON.pm -RUN apt-get install -y doxygen graphviz libjson-perl -# - antora (npm needed) -RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - -RUN apt-get install -y nodejs -RUN npm i -g @antora/cli@2.1 @antora/site-generator-default@2.1 -# - pandoc -WORKDIR /tmp -RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4) -RUN dpkg -i ./pandoc-*.deb -RUN apt-get install -fy -# - asciidoctor -RUN apt-get install -y ruby -RUN gem install asciidoctor - -# set default things -RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${gccver} 50 \ - --slave /usr/bin/g++ g++ /usr/bin/g++-${gccver} && \ - update-alternatives --config gcc - -RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${clangver} 60 && \ - update-alternatives --config clang - -RUN update-alternatives --install /usr/bin/lldb lldb /usr/bin/lldb-${clangver} 60 && \ - update-alternatives --config lldb - - -# -# Setup a src dir in /usr/local -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -RUN git clone --depth 1 --no-single-branch ${source} - -# -# Install build dependencies for all branches from v3 onwards -# -WORKDIR freeradius-server -RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ - do \ - git checkout $i; \ - if [ -e ./debian/control.in ] ; then debian/rules debian/control ; fi ; echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control ; \ - done diff --git a/scripts/crossbuild/docker/debian9/README b/scripts/crossbuild/docker/debian9/README deleted file mode 100644 index f7a6135..0000000 --- a/scripts/crossbuild/docker/debian9/README +++ /dev/null @@ -1,15 +0,0 @@ - -Build source image - - docker build . -f Dockerfile.source -t freeradius:debian9-source - -Then either build and run jenkins image - - docker build . -f Dockerfile.jenkins -t freeradius:debian9-jenkins - docker run -d -p 2222:22 freeradius:debian9-jenkins - -or build and run the server - - docker build . -t freeradius:debian9 - docker run -d -p 1812:1812/udp -p 1813:1813/udp freeradius:debian9 - diff --git a/scripts/crossbuild/docker/centos8/Dockerfile b/scripts/crossbuild/docker/rocky8/Dockerfile index bd856af..ba7fc56 100644 --- a/scripts/crossbuild/docker/centos8/Dockerfile +++ b/scripts/crossbuild/docker/rocky8/Dockerfile @@ -1,27 +1,38 @@ -FROM centos:centos8 +# Auto generated for rocky8 +# from scripts/crossbuild/m4/Dockerfile.rpm.m4 +# +# Rebuild this file with `make crossbuild.rocky8.regen` +# +ARG from=rockylinux/rockylinux:8 +FROM ${from} as build # # Install devtools like make and git and the EPEL # repository for freetds and hiredis # RUN yum update -y -RUN yum install -y rpmdevtools openssl epel-release git yum-utils rsync dnf-plugins-core -RUN dnf config-manager --set-enabled powertools +RUN yum install -y rpmdevtools openssl epel-release git procps yum-utils \ + rsync dnf-plugins-core + + +RUN yum config-manager --set-enabled powertools # # Install GCC that has the requisite support for C11 keywords and atomics # RUN yum install -y gcc-toolset-9 + # # Documentation build dependecies # + # - doxygen & JSON.pm RUN yum install -y doxygen graphviz perl-JSON # - antora (npm needed) -RUN curl -sL https://rpm.nodesource.com/setup_10.x | bash - +RUN curl -sL https://rpm.nodesource.com/setup_20.x | bash - RUN yum install -y nodejs -RUN npm i -g @antora/cli@2.1 @antora/site-generator-default@2.1 +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 # - pandoc RUN curl -o - -L $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*tar.gz" | cut -d '"' -f 4) | tar xzvf - -C /tmp/ RUN mv /tmp/pandoc-*/bin/* /usr/local/bin @@ -56,14 +67,19 @@ RUN git clone --depth 1 --no-single-branch ${source} # # Install build dependencies for all branches from v3 onwards +# Nodesource has issues (no SRPMS in some repos) and is not needed here +# CentOS/RHEL 7 do not support "-D" for yum-builddep so do that separately below if needed # WORKDIR freeradius-server RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ do \ git checkout $i; \ - [ -e redhat/freeradius.spec ] && yum-builddep -y redhat/freeradius.spec; \ + [ -e redhat/freeradius.spec ] && yum-builddep -D "_with_rlm_yubikey 1" -y redhat/freeradius.spec; \ done + +RUN yum install -y libyubikey-devel + # # Which is required by fixture setup utilities # @@ -75,7 +91,12 @@ RUN yum install -y which RUN yum install -y libnl3-devel # +# We test with TLS1.1, but that is disabled by default on some +# newer systems. +# +RUN update-crypto-policies --set LEGACY + +# # Create the RPM build tree # -ENV BUILDDIR=/root/rpmbuild RUN rpmdev-setuptree diff --git a/scripts/crossbuild/docker/rocky9/Dockerfile b/scripts/crossbuild/docker/rocky9/Dockerfile new file mode 100644 index 0000000..9936fe4 --- /dev/null +++ b/scripts/crossbuild/docker/rocky9/Dockerfile @@ -0,0 +1,91 @@ +# Auto generated for rocky9 +# from scripts/crossbuild/m4/Dockerfile.rpm.m4 +# +# Rebuild this file with `make crossbuild.rocky9.regen` +# +ARG from=rockylinux/rockylinux:9 +FROM ${from} as build + +# +# Install yum +# +RUN dnf install -y yum + +# +# Install devtools like make and git and the EPEL +# repository for freetds and hiredis +# +RUN yum update -y +RUN yum install -y rpmdevtools openssl epel-release git procps yum-utils \ + rsync dnf-plugins-core + + + +RUN yum config-manager --set-enabled crb + +# +# Documentation build dependecies +# + +# - doxygen & JSON.pm +RUN yum install -y doxygen graphviz perl-JSON +# - antora (npm needed) +RUN curl -sL https://rpm.nodesource.com/setup_20.x | bash - +RUN yum install -y nodejs +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 +# - pandoc +RUN curl -o - -L $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*tar.gz" | cut -d '"' -f 4) | tar xzvf - -C /tmp/ +RUN mv /tmp/pandoc-*/bin/* /usr/local/bin +# - asciidoctor +RUN yum install -y rubygems-devel +RUN gem install asciidoctor + +# +# Setup a src dir in /usr/local +# +RUN mkdir -p /usr/local/src/repositories +WORKDIR /usr/local/src/repositories + + +# +# Shallow clone the FreeRADIUS source +# +WORKDIR /usr/local/src/repositories +ARG source=https://github.com/FreeRADIUS/freeradius-server.git +RUN git clone --depth 1 --no-single-branch ${source} + +# +# Install build dependencies for all branches from v3 onwards +# Nodesource has issues (no SRPMS in some repos) and is not needed here +# CentOS/RHEL 7 do not support "-D" for yum-builddep so do that separately below if needed +# +WORKDIR freeradius-server +RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ + do \ + git checkout $i; \ + [ -e redhat/freeradius.spec ] && yum-builddep -D "_with_rlm_yubikey 1" -y redhat/freeradius.spec; \ + done + + +RUN yum install -y libyubikey-devel + +# +# Which is required by fixture setup utilities +# +RUN yum install -y which + +# +# Explicitly install libnl3-devel which is required for the EAP tests +# +RUN yum install -y libnl3-devel + +# +# We test with TLS1.1, but that is disabled by default on some +# newer systems. +# +RUN update-crypto-policies --set LEGACY + +# +# Create the RPM build tree +# +RUN rpmdev-setuptree diff --git a/scripts/crossbuild/docker/ubuntu18/Dockerfile b/scripts/crossbuild/docker/ubuntu18/Dockerfile index 874e3ec..1bea0bf 100644 --- a/scripts/crossbuild/docker/ubuntu18/Dockerfile +++ b/scripts/crossbuild/docker/ubuntu18/Dockerfile @@ -1,8 +1,10 @@ -FROM ubuntu:18.04 - -ARG gccver=4.9 -ARG clangver=5.0 -ARG osname=bionic +# Auto generated for ubuntu18 +# from scripts/crossbuild/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make crossbuild.ubuntu18.regen` +# +ARG from=ubuntu:18.04 +FROM ${from} as build ARG DEBIAN_FRONTEND=noninteractive @@ -10,10 +12,11 @@ ARG DEBIAN_FRONTEND=noninteractive # Install add-apt-repository # RUN apt-get update && \ - apt-get install -y software-properties-common && \ + apt-get install -y software-properties-common gnupg2 procps && \ apt-get clean && \ rm -r /var/lib/apt/lists/* + RUN apt-get update && \ # Development utilities apt-get install -y devscripts equivs git quilt rsync && \ @@ -29,9 +32,9 @@ RUN apt-get update && \ # - doxygen & JSON.pm RUN apt-get install -y doxygen graphviz libjson-perl # - antora (npm needed) -RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN curl -sL https://deb.nodesource.com/setup_16.x | bash - RUN apt-get install -y nodejs -RUN npm i -g @antora/cli@2.1 @antora/site-generator-default@2.1 +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 # - pandoc WORKDIR /tmp RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4) @@ -40,6 +43,8 @@ RUN apt-get install -y ./pandoc-*.deb RUN apt-get install -y ruby-dev RUN gem install asciidoctor + + # # Setup a src dir in /usr/local # @@ -61,5 +66,9 @@ WORKDIR freeradius-server RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ do \ git checkout $i; \ - if [ -e ./debian/control.in ] ; then debian/rules debian/control ; fi ; echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control ; \ + if [ -e ./debian/control.in ] ; then \ + debian/rules debian/control ; \ + fi ; \ + echo 'y' | \ + mk-build-deps -irt'apt-get -yV' debian/control ; \ done diff --git a/scripts/crossbuild/docker/ubuntu20/Dockerfile b/scripts/crossbuild/docker/ubuntu20/Dockerfile index c813b2f..a58e634 100644 --- a/scripts/crossbuild/docker/ubuntu20/Dockerfile +++ b/scripts/crossbuild/docker/ubuntu20/Dockerfile @@ -1,8 +1,10 @@ -FROM ubuntu:20.04 - -ARG gccver=4.9 -ARG clangver=5.0 -ARG osname=bionic +# Auto generated for ubuntu20 +# from scripts/crossbuild/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make crossbuild.ubuntu20.regen` +# +ARG from=ubuntu:20.04 +FROM ${from} as build ARG DEBIAN_FRONTEND=noninteractive @@ -10,10 +12,11 @@ ARG DEBIAN_FRONTEND=noninteractive # Install add-apt-repository # RUN apt-get update && \ - apt-get install -y software-properties-common && \ + apt-get install -y software-properties-common gnupg2 procps && \ apt-get clean && \ rm -r /var/lib/apt/lists/* + RUN apt-get update && \ # Development utilities apt-get install -y devscripts equivs git quilt rsync && \ @@ -29,9 +32,9 @@ RUN apt-get update && \ # - doxygen & JSON.pm RUN apt-get install -y doxygen graphviz libjson-perl # - antora (npm needed) -RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - RUN apt-get install -y nodejs -RUN npm i -g @antora/cli@2.1 @antora/site-generator-default@2.1 +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 # - pandoc WORKDIR /tmp RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4) @@ -40,6 +43,8 @@ RUN apt-get install -y ./pandoc-*.deb RUN apt-get install -y ruby-dev RUN gem install asciidoctor + + # # Setup a src dir in /usr/local # @@ -61,5 +66,9 @@ WORKDIR freeradius-server RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ do \ git checkout $i; \ - if [ -e ./debian/control.in ] ; then debian/rules debian/control ; fi ; echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control ; \ + if [ -e ./debian/control.in ] ; then \ + debian/rules debian/control ; \ + fi ; \ + echo 'y' | \ + mk-build-deps -irt'apt-get -yV' debian/control ; \ done diff --git a/scripts/crossbuild/docker/ubuntu22/Dockerfile b/scripts/crossbuild/docker/ubuntu22/Dockerfile new file mode 100644 index 0000000..677c912 --- /dev/null +++ b/scripts/crossbuild/docker/ubuntu22/Dockerfile @@ -0,0 +1,74 @@ +# Auto generated for ubuntu22 +# from scripts/crossbuild/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make crossbuild.ubuntu22.regen` +# +ARG from=ubuntu:22.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install add-apt-repository +# +RUN apt-get update && \ + apt-get install -y software-properties-common gnupg2 procps && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + + +RUN apt-get update && \ +# Development utilities + apt-get install -y devscripts equivs git quilt rsync && \ +# Compilers + apt-get install -y g++ llvm clang lldb && \ +# eapol_test dependencies + apt-get install -y libnl-3-dev libnl-genl-3-dev + +# +# Documentation build dependecies +# + +# - doxygen & JSON.pm +RUN apt-get install -y doxygen graphviz libjson-perl +# - antora (npm needed) +RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - +RUN apt-get install -y nodejs +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 +# - pandoc +WORKDIR /tmp +RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4) +RUN apt-get install -y ./pandoc-*.deb +# - asciidoctor +RUN apt-get install -y ruby-dev +RUN gem install asciidoctor + + + +# +# Setup a src dir in /usr/local +# +RUN mkdir -p /usr/local/src/repositories +WORKDIR /usr/local/src/repositories + + +# +# Shallow clone the FreeRADIUS source +# +WORKDIR /usr/local/src/repositories +ARG source=https://github.com/FreeRADIUS/freeradius-server.git +RUN git clone --depth 1 --no-single-branch ${source} + +# +# Install build dependencies for all branches from v3 onwards +# +WORKDIR freeradius-server +RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ + do \ + git checkout $i; \ + if [ -e ./debian/control.in ] ; then \ + debian/rules debian/control ; \ + fi ; \ + echo 'y' | \ + mk-build-deps -irt'apt-get -yV' debian/control ; \ + done diff --git a/scripts/crossbuild/docker/ubuntu24/Dockerfile b/scripts/crossbuild/docker/ubuntu24/Dockerfile new file mode 100644 index 0000000..966faf0 --- /dev/null +++ b/scripts/crossbuild/docker/ubuntu24/Dockerfile @@ -0,0 +1,74 @@ +# Auto generated for ubuntu24 +# from scripts/crossbuild/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make crossbuild.ubuntu24.regen` +# +ARG from=ubuntu:24.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install add-apt-repository +# +RUN apt-get update && \ + apt-get install -y software-properties-common gnupg2 procps && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + + +RUN apt-get update && \ +# Development utilities + apt-get install -y devscripts equivs git quilt rsync fakeroot && \ +# Compilers + apt-get install -y g++ llvm clang lldb && \ +# eapol_test dependencies + apt-get install -y libnl-3-dev libnl-genl-3-dev + +# +# Documentation build dependecies +# + +# - doxygen & JSON.pm +RUN apt-get install -y doxygen graphviz libjson-perl +# - antora (npm needed) +RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - +RUN apt-get install -y nodejs +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 +# - pandoc +WORKDIR /tmp +RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4) +RUN apt-get install -y ./pandoc-*.deb +# - asciidoctor +RUN apt-get install -y ruby-dev +RUN gem install asciidoctor + + + +# +# Setup a src dir in /usr/local +# +RUN mkdir -p /usr/local/src/repositories +WORKDIR /usr/local/src/repositories + + +# +# Shallow clone the FreeRADIUS source +# +WORKDIR /usr/local/src/repositories +ARG source=https://github.com/FreeRADIUS/freeradius-server.git +RUN git clone --depth 1 --no-single-branch ${source} + +# +# Install build dependencies for all branches from v3 onwards +# +WORKDIR freeradius-server +RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ + do \ + git checkout $i; \ + if [ -e ./debian/control.in ] ; then \ + debian/rules debian/control ; \ + fi ; \ + echo 'y' | \ + mk-build-deps -irt'apt-get -yV' debian/control ; \ + done diff --git a/scripts/crossbuild/docker/debian9/Dockerfile b/scripts/crossbuild/m4/Dockerfile.deb.m4 index 9b47832..a1bfca8 100644 --- a/scripts/crossbuild/docker/debian9/Dockerfile +++ b/scripts/crossbuild/m4/Dockerfile.deb.m4 @@ -1,8 +1,5 @@ -FROM debian:stretch - -ARG gccver=6 -ARG clangver=5.0 -ARG osname=stretch +ARG from=DOCKER_IMAGE +FROM ${from} as build ARG DEBIAN_FRONTEND=noninteractive @@ -10,35 +7,38 @@ ARG DEBIAN_FRONTEND=noninteractive # Install add-apt-repository # RUN apt-get update && \ - apt-get install -y software-properties-common gnupg2 apt-transport-https curl && \ + apt-get install -y software-properties-common gnupg2 procps && \ apt-get clean && \ rm -r /var/lib/apt/lists/* -# Stretch uses GCC-6.3 by default, so it doesn't need to be updated to get C11 functionality. - +define(`CLANG_PKGS', `llvm clang lldb')dnl +ifelse(D_NAME, `debian10', `dnl +define(`CLANG_VER', `8')dnl +define(`CLANG_PKGS', `llvm-CLANG_VER clang-CLANG_VER lldb-CLANG_VER')dnl # For clang -RUN add-apt-repository -y "deb http://apt.llvm.org/${osname}/ llvm-toolchain-${osname}-${clangver} main" && \ - curl -o /tmp/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key && \ - apt-key add /tmp/llvm-snapshot.gpg.key +RUN add-apt-repository -y "deb http://apt.llvm.org/OS_CODENAME/ llvm-toolchain-OS_CODENAME-CLANG_VER main" && \ + apt-key adv --fetch-keys http://apt.llvm.org/llvm-snapshot.gpg.key +')dnl RUN apt-get update && \ # Development utilities - apt-get install -y devscripts equivs git quilt rsync && \ + apt-get install -y devscripts equivs git quilt rsync fakeroot && \ # Compilers - apt-get install -y g++-${gccver} llvm-${clangver} clang-${clangver} lldb-${clangver} && \ + apt-get install -y g++ CLANG_PKGS && \ # eapol_test dependencies apt-get install -y libnl-3-dev libnl-genl-3-dev # # Documentation build dependecies # +define(`NODE_VER', ifelse(D_NAME, `ubuntu18', `16', `20'))dnl # - doxygen & JSON.pm RUN apt-get install -y doxygen graphviz libjson-perl # - antora (npm needed) -RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - -RUN apt-get install -y npm -RUN npm i -g @antora/cli@2.1 @antora/site-generator-default@2.1 +RUN curl -sL https://deb.nodesource.com/setup_`'NODE_VER.x | bash - +RUN apt-get install -y nodejs +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 # - pandoc WORKDIR /tmp RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4) @@ -47,17 +47,16 @@ RUN apt-get install -y ./pandoc-*.deb RUN apt-get install -y ruby-dev RUN gem install asciidoctor -# set default things -RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${gccver} 50 \ - --slave /usr/bin/g++ g++ /usr/bin/g++-${gccver} && \ - update-alternatives --config gcc - -RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${clangver} 60 && \ +ifelse(D_NAME, `debian10', `dnl +# +# Set defaults +# +RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-CLANG_VER 60 && \ update-alternatives --config clang -RUN update-alternatives --install /usr/bin/lldb lldb /usr/bin/lldb-${clangver} 60 && \ +RUN update-alternatives --install /usr/bin/lldb lldb /usr/bin/lldb-CLANG_VER 60 && \ update-alternatives --config lldb - +') # # Setup a src dir in /usr/local @@ -80,5 +79,9 @@ WORKDIR freeradius-server RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ do \ git checkout $i; \ - if [ -e ./debian/control.in ] ; then debian/rules debian/control ; fi ; echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control ; \ + if [ -e ./debian/control.in ] ; then \ + debian/rules debian/control ; \ + fi ; \ + echo 'y' | \ + mk-build-deps -irt'apt-get -yV' debian/control ; \ done diff --git a/scripts/crossbuild/m4/Dockerfile.rpm.m4 b/scripts/crossbuild/m4/Dockerfile.rpm.m4 new file mode 100644 index 0000000..714ee6e --- /dev/null +++ b/scripts/crossbuild/m4/Dockerfile.rpm.m4 @@ -0,0 +1,146 @@ +ARG from=DOCKER_IMAGE +FROM ${from} as build + +ifelse(OS_VER, 7, `dnl +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* +')dnl + +ifelse(OS_VER, `9', `dnl +# +# Install yum +# +RUN dnf install -y yum +')dnl + +# +# Install devtools like make and git and the EPEL +# repository for freetds and hiredis +# +RUN yum update -y +RUN yum install -y rpmdevtools openssl epel-release git procps yum-utils \ + rsync ifelse(OS_VER, `7',, `dnf-plugins-core') + +ifelse(OS_VER, `7', `dnl +# +# Install GCC that has the requisite support for C11 keywords and atomics +# +RUN yum install -y centos-release-scl +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* +RUN yum install -y devtoolset-8-gcc devtoolset-8-gcc-c++ +ENV CC=/opt/rh/devtoolset-8/root/usr/bin/gcc + +# +# Remove the CentOS-SCLo repo which is apparently not valid? +# See: https://bugs.centos.org/view.php?id=14773 +# +RUN rm /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo +RUN rm /etc/yum.repos.d/CentOS-SCLo-scl.repo +')dnl + +ifelse(OS_VER, `8', `dnl +RUN yum config-manager --set-enabled powertools + +# +# Install GCC that has the requisite support for C11 keywords and atomics +# +RUN yum install -y gcc-toolset-9 +')dnl + +ifelse(OS_VER, `9', `dnl +RUN yum config-manager --set-enabled crb +')dnl + +# +# Documentation build dependecies +# +define(`NODE_VER', ifelse(OS_VER, 7, `16', `20'))dnl + +# - doxygen & JSON.pm +RUN yum install -y doxygen graphviz perl-JSON +# - antora (npm needed) +RUN curl -sL https://rpm.nodesource.com/setup_`'NODE_VER.x | bash - +RUN yum install -y nodejs +RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7 +# - pandoc +RUN curl -o - -L $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*tar.gz" | cut -d '"' -f 4) | tar xzvf - -C /tmp/ +RUN mv /tmp/pandoc-*/bin/* /usr/local/bin +# - asciidoctor +RUN yum install -y rubygems-devel +RUN gem install asciidoctor + +# +# Setup a src dir in /usr/local +# +RUN mkdir -p /usr/local/src/repositories +WORKDIR /usr/local/src/repositories + +changequote([{,}])dnl Only add LTB on centos7/rocky8 +ifelse(ifelse(OS_VER, 7, yes, OS_VER, 8, yes, no), yes, [{dnl +# +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +# +RUN echo $'[ltb-project]\n\ +name=LTB project packages\n\ +baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ +enabled=1\n\ +gpgcheck=1\n\ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ +> /etc/yum.repos.d/ltb-project.repo +RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project +}])dnl +changequote(`,')dnl + +# +# Shallow clone the FreeRADIUS source +# +WORKDIR /usr/local/src/repositories +ARG source=https://github.com/FreeRADIUS/freeradius-server.git +RUN git clone --depth 1 --no-single-branch ${source} + +# +# Install build dependencies for all branches from v3 onwards +# Nodesource has issues (no SRPMS in some repos) and is not needed here +# CentOS/RHEL 7 do not support "-D" for yum-builddep so do that separately below if needed +# +define(`BUILDDEP_EXTRA', ifelse(OS_VER, 7, `--disablerepo="nodesource*"', `-D "_with_rlm_yubikey 1"'))dnl +WORKDIR freeradius-server +RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\ + do \ + git checkout $i; \ + [ -e redhat/freeradius.spec ] && yum-builddep BUILDDEP_EXTRA -y redhat/freeradius.spec; \ + done + +ifelse(OS_VER, 7,`dnl +# Yubikey deps for CentOS/RHEL 7 +RUN yum install -y ykclient-devel ykclient +')dnl + +RUN yum install -y libyubikey-devel + +# +# Which is required by fixture setup utilities +# +RUN yum install -y which + +# +# Explicitly install libnl3-devel which is required for the EAP tests +# +RUN yum install -y libnl3-devel + +ifelse(OS_VER, 7,, `dnl +# +# We test with TLS1.1, but that is disabled by default on some +# newer systems. +# +RUN update-crypto-policies --set LEGACY +')dnl + +# +# Create the RPM build tree +# +RUN rpmdev-setuptree diff --git a/scripts/docker/centos7/Dockerfile b/scripts/docker/centos7/Dockerfile deleted file mode 100644 index efa56eb..0000000 --- a/scripts/docker/centos7/Dockerfile +++ /dev/null @@ -1,96 +0,0 @@ -ARG from=centos:centos7 -FROM ${from} as build - -# -# Install build tools -# -RUN yum groupinstall -y "Development Tools" -RUN yum install -y rpmdevtools -RUN yum install -y openssl - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Other requirements -# - -# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS -RUN echo $'[ltb-project]\n\ -name=LTB project packages\n\ -baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ -enabled=1\n\ -gpgcheck=1\n\ -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ -> /etc/yum.repos.d/ltb-project.repo -RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project - -# EPEL repository for freetds and hiredis -RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - -# -# Install build dependencies -# -RUN [ -e redhat/freeradius.spec ] && yum-builddep -y redhat/freeradius.spec - -# -# Create RPM build environment -# -ENV BUILDDIR=/root/rpmbuild -RUN rpmdev-setuptree - -RUN ./configure -RUN make freeradius-server-$(cat VERSION).tar.bz2 -RUN cp freeradius-server-$(cat VERSION).tar.bz2 $BUILDDIR/SOURCES/ -RUN cp -r redhat/* $BUILDDIR/SOURCES/ -RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ -WORKDIR $BUILDDIR - -# -# Build the server -# -ENV QA_RPATHS=0x0003 -RUN rpmbuild -bb --define '_release $release' "$BUILDDIR/SPECS/freeradius.spec" - -RUN mkdir /root/rpms -RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /root/rpms /tmp/ - -# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS -RUN echo $'[ltb-project]\n\ -name=LTB project packages\n\ -baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ -enabled=1\n\ -gpgcheck=1\n\ -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ -> /etc/yum.repos.d/ltb-project.repo \ - && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project \ - \ -# EPEL repository for freetds and hiredis - && yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \ - \ - && yum install -y /tmp/*.rpm - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["radiusd"] diff --git a/scripts/docker/debian10/Dockerfile b/scripts/docker/debian10/Dockerfile deleted file mode 100644 index 441bed7..0000000 --- a/scripts/docker/debian10/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -ARG from=debian:buster -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -RUN apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/debian11/Dockerfile b/scripts/docker/debian11/Dockerfile deleted file mode 100644 index 7a9931c..0000000 --- a/scripts/docker/debian11/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -ARG from=debian:bullseye -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -ARG freerad_uid=101 -ARG freerad_gid=101 - -RUN groupadd -g ${freerad_gid} -r freerad \ - && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ - && apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/debian9/Dockerfile b/scripts/docker/debian9/Dockerfile deleted file mode 100644 index 1a34f7f..0000000 --- a/scripts/docker/debian9/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -ARG from=debian:stretch -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -RUN apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/debiansid/Dockerfile b/scripts/docker/debiansid/Dockerfile deleted file mode 100644 index 191ec49..0000000 --- a/scripts/docker/debiansid/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -ARG from=debian:sid -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -ARG freerad_uid=101 -ARG freerad_gid=101 - -RUN groupadd -g ${freerad_gid} -r freerad \ - && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ - && apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/dists/alpine/Dockerfile b/scripts/docker/dists/alpine/Dockerfile new file mode 100644 index 0000000..04c0101 --- /dev/null +++ b/scripts/docker/dists/alpine/Dockerfile @@ -0,0 +1,95 @@ +# Auto generated for alpine +# from scripts/docker/m4/Dockerfile.alpine.m4 +# +# Rebuild this file with `make docker.alpine.regen` +# +ARG from=alpine:3.13 +FROM ${from} as build + +# +# Install build tools +# +RUN apk update +RUN apk add git gcc make + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +RUN [ -z "$release" ] || git checkout ${release} + + +# +# Install build dependencies +# +# essential +RUN apk add libc-dev talloc-dev +RUN apk add openssl openssl-dev +RUN apk add linux-headers +# general +RUN apk add pcre-dev libidn-dev krb5-dev samba-dev curl-dev json-c-dev +RUN apk add openldap-dev unbound-dev +# languages +RUN apk add ruby-dev perl-dev python2-dev python3-dev +# databases +RUN apk add hiredis-dev libmemcached-dev gdbm-dev libcouchbase-dev +# sql +RUN apk add postgresql-dev mariadb-dev unixodbc-dev sqlite-dev + +# +# Build the server +# +RUN ./configure --prefix=/opt +RUN make -j2 +RUN make install +RUN rm /opt/lib/*.a + +# +# Clean environment and run the server +# +FROM ${from} +COPY --from=build /opt /opt + +# +# These are needed for the server to start +# +RUN apk update \ + && apk add talloc libressl pcre libwbclient tzdata \ + \ +# +# Libraries that are needed dependent on which modules are used +# Some of these (especially the languages) are huge. A reasonable +# selection has been enabled here. If you use modules needing +# other dependencies then install any others required in your +# local Dockerfile. +# + && apk add libcurl json-c libldap hiredis sqlite-dev \ +#RUN apk add libidn krb5 +#RUN apk add unbound-libs +#RUN apk add ruby-libs perl python2-dev python3-dev +#RUN apk add libmemcached gdbm libcouchbase +#RUN apk add postgresql-dev mariadb-dev unixodbc-dev + \ + && ln -s /opt/etc/raddb /etc/raddb + +WORKDIR / +COPY scripts/docker//etc/docker-entrypoint.sh.alpine docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["radiusd"] diff --git a/scripts/docker/alpine/docker-entrypoint.sh b/scripts/docker/dists/alpine/docker-entrypoint.sh index e0f9f6f..e0f9f6f 100755 --- a/scripts/docker/alpine/docker-entrypoint.sh +++ b/scripts/docker/dists/alpine/docker-entrypoint.sh diff --git a/scripts/docker/dists/centos7/Dockerfile b/scripts/docker/dists/centos7/Dockerfile new file mode 100644 index 0000000..0e266b7 --- /dev/null +++ b/scripts/docker/dists/centos7/Dockerfile @@ -0,0 +1,134 @@ +# Auto generated for centos7 +# from scripts/docker/m4/Dockerfile.rpm.m4 +# +# Rebuild this file with `make docker.centos7.regen` +# +ARG from=centos:7 +FROM ${from} as build + +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* + + + +# +# Install build tools +# +RUN yum groupinstall -y "Development Tools" +RUN yum install -y rpmdevtools +RUN yum install -y openssl + + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Other requirements +# + +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +RUN echo $'[ltb-project]\n\ +name=LTB project packages\n\ +baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ +enabled=1\n\ +gpgcheck=1\n\ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ +> /etc/yum.repos.d/ltb-project.repo +RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project + +# Enable EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + +# +# Install build dependencies +# +# Run twice, it doesn't always get everything with one invocation +# +RUN [ -e redhat/freeradius.spec ] && \ + yum-builddep -y redhat/freeradius.spec && \ + yum-builddep -y redhat/freeradius.spec + +# +# Create RPM build environment +# +ENV BUILDDIR=/root/rpmbuild +RUN rpmdev-setuptree + +RUN ./configure +RUN cp VERSION /VERSION +RUN make freeradius-server-$(cat /VERSION).tar.bz2 +RUN cp freeradius-server-$(cat /VERSION).tar.bz2 $BUILDDIR/SOURCES/ +RUN cp -r redhat/* $BUILDDIR/SOURCES/ +RUN sed -i "s/^Version:.*/Version: $(cat /VERSION)/" redhat/freeradius.spec +RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ +WORKDIR $BUILDDIR + +# +# Build the server +# +ENV QA_RPATHS=0x0003 +RUN rpmbuild -bb --define "_release $(cat /VERSION)" "$BUILDDIR/SPECS/freeradius.spec" + +RUN mkdir /root/rpms +RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ + +# +# Clean environment and run the server +# +FROM ${from} + +COPY --from=build /root/rpms /tmp/ + +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* + + +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +RUN echo $'[ltb-project]\n\ +name=LTB project packages\n\ +baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ +enabled=1\n\ +gpgcheck=1\n\ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ +> /etc/yum.repos.d/ltb-project.repo \ + && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project + + +# EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \ + \ + && yum install -y /tmp/*.rpm + +WORKDIR / +COPY scripts/docker//etc/docker-entrypoint.sh.rpm docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["radiusd"] diff --git a/scripts/docker/centos7/docker-entrypoint.sh b/scripts/docker/dists/centos7/docker-entrypoint.sh index 900ad6b..900ad6b 100755 --- a/scripts/docker/centos7/docker-entrypoint.sh +++ b/scripts/docker/dists/centos7/docker-entrypoint.sh diff --git a/scripts/docker/dists/debian10/Dockerfile b/scripts/docker/dists/debian10/Dockerfile new file mode 100644 index 0000000..5e9e9a5 --- /dev/null +++ b/scripts/docker/dists/debian10/Dockerfile @@ -0,0 +1,82 @@ +# Auto generated for debian10 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.debian10.regen` +# +ARG from=debian:buster +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +RUN apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/debian10/docker-entrypoint.sh b/scripts/docker/dists/debian10/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/debian10/docker-entrypoint.sh +++ b/scripts/docker/dists/debian10/docker-entrypoint.sh diff --git a/scripts/docker/dists/debian11/Dockerfile b/scripts/docker/dists/debian11/Dockerfile new file mode 100644 index 0000000..f709d95 --- /dev/null +++ b/scripts/docker/dists/debian11/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for debian11 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.debian11.regen` +# +ARG from=debian:bullseye +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/debian11/docker-entrypoint.sh b/scripts/docker/dists/debian11/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/debian11/docker-entrypoint.sh +++ b/scripts/docker/dists/debian11/docker-entrypoint.sh diff --git a/scripts/docker/dists/debian12/Dockerfile b/scripts/docker/dists/debian12/Dockerfile new file mode 100644 index 0000000..609e8ae --- /dev/null +++ b/scripts/docker/dists/debian12/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for debian12 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.debian12.regen` +# +ARG from=debian:bookworm +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/debian9/docker-entrypoint.sh b/scripts/docker/dists/debian12/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/debian9/docker-entrypoint.sh +++ b/scripts/docker/dists/debian12/docker-entrypoint.sh diff --git a/scripts/docker/dists/debiansid/Dockerfile b/scripts/docker/dists/debiansid/Dockerfile new file mode 100644 index 0000000..862a421 --- /dev/null +++ b/scripts/docker/dists/debiansid/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for debiansid +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.debiansid.regen` +# +ARG from=debian:sid +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/debiansid/docker-entrypoint.sh b/scripts/docker/dists/debiansid/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/debiansid/docker-entrypoint.sh +++ b/scripts/docker/dists/debiansid/docker-entrypoint.sh diff --git a/scripts/docker/rocky8/Dockerfile b/scripts/docker/dists/rocky8/Dockerfile index ca821a3..4dcb92e 100644 --- a/scripts/docker/rocky8/Dockerfile +++ b/scripts/docker/dists/rocky8/Dockerfile @@ -1,34 +1,54 @@ +# Auto generated for rocky8 +# from scripts/docker/m4/Dockerfile.rpm.m4 +# +# Rebuild this file with `make docker.rocky8.regen` +# ARG from=rockylinux/rockylinux:8 FROM ${from} as build +# +# Install yum +# +RUN dnf install -y yum + RUN rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial # # Install build tools # RUN yum groupinstall -y "Development Tools" + RUN yum install -y rpmdevtools openssl dnf-utils + # # Create build directory # -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . # -# Shallow clone the FreeRADIUS source +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system # -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x +RUN git clean -fdxx \ + && git reset --hard HEAD -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline # # Other requirements # -# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS RUN echo $'[ltb-project]\n\ name=LTB project packages\n\ baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ @@ -38,17 +58,23 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ > /etc/yum.repos.d/ltb-project.repo RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project -# EPEL repository for freetds and hiredis +# Enable EPEL repository for freetds and hiredis RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm +# Enable powertools repo RUN yum config-manager --enable powertools -# Currently needed for hiredis-devel + +# Enable epel-testing, currently needed for hiredis-devel RUN yum config-manager --enable epel-testing # # Install build dependencies # -RUN [ -e redhat/freeradius.spec ] && yum-builddep -y redhat/freeradius.spec +# Run twice, it doesn't always get everything with one invocation +# +RUN [ -e redhat/freeradius.spec ] && \ + yum-builddep -y redhat/freeradius.spec && \ + yum-builddep -y redhat/freeradius.spec # # Create RPM build environment @@ -57,9 +83,11 @@ ENV BUILDDIR=/root/rpmbuild RUN rpmdev-setuptree RUN ./configure -RUN make freeradius-server-$(cat VERSION).tar.bz2 -RUN cp freeradius-server-$(cat VERSION).tar.bz2 $BUILDDIR/SOURCES/ +RUN cp VERSION /VERSION +RUN make freeradius-server-$(cat /VERSION).tar.bz2 +RUN cp freeradius-server-$(cat /VERSION).tar.bz2 $BUILDDIR/SOURCES/ RUN cp -r redhat/* $BUILDDIR/SOURCES/ +RUN sed -i "s/^Version:.*/Version: $(cat /VERSION)/" redhat/freeradius.spec RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ WORKDIR $BUILDDIR @@ -67,7 +95,7 @@ WORKDIR $BUILDDIR # Build the server # ENV QA_RPATHS=0x0003 -RUN rpmbuild -bb --define '_release $release' "$BUILDDIR/SPECS/freeradius.spec" +RUN rpmbuild -bb --define "_release $(cat /VERSION)" "$BUILDDIR/SPECS/freeradius.spec" RUN mkdir /root/rpms RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ @@ -76,8 +104,14 @@ RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ # Clean environment and run the server # FROM ${from} + COPY --from=build /root/rpms /tmp/ +# +# Install yum +# +RUN dnf install -y yum + # Use LTB's openldap packages intead of the distribution version to avoid linking against NSS RUN echo $'[ltb-project]\n\ name=LTB project packages\n\ @@ -86,11 +120,13 @@ enabled=1\n\ gpgcheck=1\n\ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ > /etc/yum.repos.d/ltb-project.repo \ - && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project \ - \ -# EPEL repository for freetds and hiredis - && yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ + && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project + + +# EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ && yum install -y dnf-utils \ + && yum config-manager --enable powertools \ && yum config-manager --enable epel-testing ARG radiusd_uid=95 @@ -100,8 +136,9 @@ RUN groupadd -g ${radiusd_gid} -r radiusd \ && useradd -u ${radiusd_uid} -g radiusd -r -M -d /home/radiusd -s /sbin/nologin radiusd \ && yum install -y /tmp/*.rpm -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh +WORKDIR / +COPY scripts/docker//etc/docker-entrypoint.sh.rpm docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh EXPOSE 1812/udp 1813/udp ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/scripts/docker/rocky8/docker-entrypoint.sh b/scripts/docker/dists/rocky8/docker-entrypoint.sh index 900ad6b..900ad6b 100755 --- a/scripts/docker/rocky8/docker-entrypoint.sh +++ b/scripts/docker/dists/rocky8/docker-entrypoint.sh diff --git a/scripts/docker/dists/rocky9/Dockerfile b/scripts/docker/dists/rocky9/Dockerfile new file mode 100644 index 0000000..0f57010 --- /dev/null +++ b/scripts/docker/dists/rocky9/Dockerfile @@ -0,0 +1,124 @@ +# Auto generated for rocky9 +# from scripts/docker/m4/Dockerfile.rpm.m4 +# +# Rebuild this file with `make docker.rocky9.regen` +# +ARG from=rockylinux/rockylinux:9 +FROM ${from} as build + +# +# Install yum +# +RUN dnf install -y yum + +RUN rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +# +# Install build tools +# +RUN yum groupinstall -y "Development Tools" + +RUN yum install -y rpmdevtools openssl dnf-utils + + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Other requirements +# + +# Enable EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm + +# Enable Code Ready Builder repo (CentOS powertools equivalent) +RUN yum install -y yum-utils +RUN yum config-manager --enable crb + +# +# Install build dependencies +# +# Run twice, it doesn't always get everything with one invocation +# +RUN [ -e redhat/freeradius.spec ] && \ + yum-builddep -y redhat/freeradius.spec && \ + yum-builddep -y redhat/freeradius.spec + +# +# Create RPM build environment +# +ENV BUILDDIR=/root/rpmbuild +RUN rpmdev-setuptree + +RUN ./configure +RUN cp VERSION /VERSION +RUN make freeradius-server-$(cat /VERSION).tar.bz2 +RUN cp freeradius-server-$(cat /VERSION).tar.bz2 $BUILDDIR/SOURCES/ +RUN cp -r redhat/* $BUILDDIR/SOURCES/ +RUN sed -i "s/^Version:.*/Version: $(cat /VERSION)/" redhat/freeradius.spec +RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ +WORKDIR $BUILDDIR + +# +# Build the server +# +ENV QA_RPATHS=0x0003 +RUN rpmbuild -bb --define "_release $(cat /VERSION)" "$BUILDDIR/SPECS/freeradius.spec" + +RUN mkdir /root/rpms +RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ + +# +# Clean environment and run the server +# +FROM ${from} + +COPY --from=build /root/rpms /tmp/ + +# +# Install yum +# +RUN dnf install -y yum + + + +# EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \ + && yum install -y dnf-utils \ + && yum config-manager --enable crb \ + && yum config-manager --enable epel-testing + +ARG radiusd_uid=95 +ARG radiusd_gid=95 + +RUN groupadd -g ${radiusd_gid} -r radiusd \ + && useradd -u ${radiusd_uid} -g radiusd -r -M -d /home/radiusd -s /sbin/nologin radiusd \ + && yum install -y /tmp/*.rpm + +WORKDIR / +COPY scripts/docker//etc/docker-entrypoint.sh.rpm docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["radiusd"] diff --git a/scripts/docker/dists/rocky9/docker-entrypoint.sh b/scripts/docker/dists/rocky9/docker-entrypoint.sh new file mode 100755 index 0000000..900ad6b --- /dev/null +++ b/scripts/docker/dists/rocky9/docker-entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +# this if will check if the first argument is a flag +# but only works if all arguments require a hyphenated flag +# -v; -SL; -f arg; etc will work, but not arg1 arg2 +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- radiusd "$@" +fi + +# check for the expected command +if [ "$1" = 'radiusd' ]; then + shift + exec radiusd -f "$@" +fi + +# debian people are likely to call "freeradius" as well, so allow that +if [ "$1" = 'freeradius' ]; then + shift + exec radiusd -f "$@" +fi + +# else default to run whatever the user wanted like "bash" or "sh" +exec "$@" diff --git a/scripts/docker/dists/ubuntu18/Dockerfile b/scripts/docker/dists/ubuntu18/Dockerfile new file mode 100644 index 0000000..4e32632 --- /dev/null +++ b/scripts/docker/dists/ubuntu18/Dockerfile @@ -0,0 +1,82 @@ +# Auto generated for ubuntu18 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.ubuntu18.regen` +# +ARG from=ubuntu:18.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +RUN apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/ubuntu18/docker-entrypoint.sh b/scripts/docker/dists/ubuntu18/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/ubuntu18/docker-entrypoint.sh +++ b/scripts/docker/dists/ubuntu18/docker-entrypoint.sh diff --git a/scripts/docker/dists/ubuntu20/Dockerfile b/scripts/docker/dists/ubuntu20/Dockerfile new file mode 100644 index 0000000..4a3bbf4 --- /dev/null +++ b/scripts/docker/dists/ubuntu20/Dockerfile @@ -0,0 +1,82 @@ +# Auto generated for ubuntu20 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.ubuntu20.regen` +# +ARG from=ubuntu:20.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +RUN apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/ubuntu20/docker-entrypoint.sh b/scripts/docker/dists/ubuntu20/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/ubuntu20/docker-entrypoint.sh +++ b/scripts/docker/dists/ubuntu20/docker-entrypoint.sh diff --git a/scripts/docker/dists/ubuntu22/Dockerfile b/scripts/docker/dists/ubuntu22/Dockerfile new file mode 100644 index 0000000..778112a --- /dev/null +++ b/scripts/docker/dists/ubuntu22/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for ubuntu22 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.ubuntu22.regen` +# +ARG from=ubuntu:22.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/ubuntu22/docker-entrypoint.sh b/scripts/docker/dists/ubuntu22/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/ubuntu22/docker-entrypoint.sh +++ b/scripts/docker/dists/ubuntu22/docker-entrypoint.sh diff --git a/scripts/docker/dists/ubuntu24/Dockerfile b/scripts/docker/dists/ubuntu24/Dockerfile new file mode 100644 index 0000000..ad4520e --- /dev/null +++ b/scripts/docker/dists/ubuntu24/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for ubuntu24 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.ubuntu24.regen` +# +ARG from=ubuntu:24.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/docker.mk b/scripts/docker/docker.mk index 9773625..bf556c6 100644 --- a/scripts/docker/docker.mk +++ b/scripts/docker/docker.mk @@ -25,8 +25,8 @@ # version, DOCKER_COMMIT _must_ also be set. DOCKER_VERSION := $(RADIUSD_VERSION_STRING) # -# Commit hash/tag/branch to build, will be taken from VERSION above if not overridden, e.g. "release_3_2_0" -DOCKER_COMMIT := release_$(shell echo $(DOCKER_VERSION) | tr .- __) +# Commit hash/tag/branch to build, if not set then HEAD will be used. +DOCKER_COMMIT := # # Build args, most likely "--no-cache" DOCKER_BUILD_ARGS := @@ -40,6 +40,22 @@ DOCKER_REPO := freeradius # Registry to push to DOCKER_REGISTRY := # +# Location of Docker-related files +DOCKER_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +DIST_DIR := $(DOCKER_DIR)/dists +# +# List of images we can build +DOCKER_IMAGES:=$(sort $(patsubst $(DIST_DIR)/%,%,$(wildcard $(DIST_DIR)/*))) + +DOCKER_DEFAULT_UBUNTU := ubuntu22 +DOCKER_DEFAULT_ALPINE := alpine + +ifeq "${VERBOSE}" "" + Q=@ +else + Q= +endif + ifneq "$(DOCKER_REPO)" "" override DOCKER_REPO := $(DOCKER_REPO)/ @@ -50,37 +66,146 @@ ifneq "$(DOCKER_REGISTRY)" "" endif +# +# Print some useful help +# +.PHONY: docker.help.images +docker.help.images: + @echo Available images: $(DOCKER_IMAGES) + +.PHONY: docker.help +docker.help: docker.help.images + @echo "" + @echo "Make targets:" + @echo " docker-ubuntu - build main ubuntu image" + @echo " docker-alpine - build main alpine image" + @echo " docker.regen - regenerate all Dockerfiles from templates" + @echo "" + @echo "Make targets per image:" + @echo " docker.IMAGE.build - build image" + @echo " docker.IMAGE.regen - regenerate Dockerfile" + @echo "" + @echo "Arguments:" + @echo ' DOCKER_BUILD_ARGS="--no-cache" - extra build args' + @echo ' DOCKER_REGISTRY="docker.example.com" - registry to build for' + @echo ' DOCKER_REPO="freeradius" - docker repo name' + @echo ' DOCKER_TAG="freeradius-server" - docker tag name' + @echo ' DOCKER_COMMIT="HEAD" - commit/ref to build from' + @echo ' DOCKER_VERSION="$(DOCKER_VERSION)" - version for docker image name' + + +# +# Rules for each OS +# + +define ADD_DOCKER_RULES + $$(DIST_DIR)/${1}/Dockerfile: $(DOCKER_DIR)/m4/Dockerfile.m4 $(DOCKER_DIR)/m4/Dockerfile.deb.m4 $(DOCKER_DIR)/m4/Dockerfile.rpm.m4 $(DOCKER_DIR)/m4/Dockerfile.alpine.m4 $(DOCKER_DIR)/docker.mk + $$(Q)echo REGEN ${1}/Dockerfile + $$(Q)m4 -I $(DOCKER_DIR)/m4 -D D_NAME=${1} -D D_TYPE=docker $$< > $$@ + + DOCKER_DOCKERFILES += $$(DIST_DIR)/${1}/Dockerfile + + .PHONY: docker.${1}.regen + docker.${1}.regen: $$(DIST_DIR)/${1}/Dockerfile + + .PHONY: docker.${1}.build + docker.${1}.build: + @echo BUILD ${1} $(DOCKER_COMMIT) + $(Q)docker buildx build \ + $(DOCKER_BUILD_ARGS) \ + --progress=plain \ + --build-arg=release=$(DOCKER_COMMIT) \ + -t $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-${1} \ + -f $(DIST_DIR)/${1}/Dockerfile \ + . + +endef + +$(foreach IMAGE,$(DOCKER_IMAGES), \ + $(eval $(call ADD_DOCKER_RULES,$(IMAGE)))) + +.PHONY: docker.regen +docker.regen: $(DOCKER_DOCKERFILES) + + +# +# Rules to rebuild Docker images +# .PHONY: docker-ubuntu -docker-ubuntu: - @echo Building ubuntu $(DOCKER_COMMIT) - $(Q)docker build $(DOCKER_BUILD_ARGS) scripts/docker/ubuntu22 --build-arg=release=$(DOCKER_COMMIT) -t $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) +docker-ubuntu: docker.$(DOCKER_DEFAULT_UBUNTU).build + $(Q)docker image tag \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-$(DOCKER_DEFAULT_UBUNTU) \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) .PHONY: docker-alpine -docker-alpine: - @echo Building alpine $(DOCKER_COMMIT) - $(Q)docker build $(DOCKER_BUILD_ARGS) scripts/docker/alpine --build-arg=release=$(DOCKER_COMMIT) -t $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine +docker-alpine: docker.$(DOCKER_DEFAULT_ALPINE).build + $(Q)docker image tag \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-$(DOCKER_DEFAULT_ALPINE) \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine .PHONY: docker docker: docker-ubuntu docker-alpine -.PHONY: docker-push -docker-push: docker +# +# Push main ubuntu and alpine images (all below are separate for CI jobs) +# +.PHONY: docker-push-ubuntu +docker-push-ubuntu: $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) + +.PHONY: docker-push-alpine +docker-push-alpine: $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine -.PHONY: docker-tag-latest -docker-tag-latest: docker +.PHONY: docker-push +docker-push: docker-push-ubuntu docker-push-alpine + +# +# Tag main "latest" images +# +.PHONY: docker-tag-latest-ubuntu +docker-tag-latest-ubuntu: $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest - $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-alpine $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-3.2 + +.PHONY: docker-tag-latest-alpine +docker-tag-latest-alpine: + $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-alpine $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-3.2-alpine -.PHONY: docker-push-latest -docker-push-latest: docker-push docker-tag-latest +.PHONY: docker-tag-latest +docker-tag-latest: docker-tag-latest-ubuntu docker-tag-latest-alpine + +# +# Push main "latest" images +# +.PHONY: docker-push-latest-ubuntu +docker-push-latest-ubuntu: docker-push-ubuntu docker-tag-latest-ubuntu $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest - $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-alpine $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-3.2 + +.PHONY: docker-push-latest-alpine +docker-push-latest-alpine: docker-push-alpine docker-tag-latest-alpine + $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-alpine $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-3.2-alpine +.PHONY: docker-push-latest +docker-push-latest: docker-push-latest-ubuntu docker-push-latest-alpine + +# +# Convenience target to do everything +# .PHONY: docker-publish -docker-publish: docker-push-latest +docker-publish: docker docker-push-latest + +# +# Used for multi-arch CI job. "docker manifest" rather than "docker buildx +# --platforms=...,..." so that we can parallelise the build in GH Actions. +# +.PHONY: docker-ci-manifest +docker-ci-manifest: + $(Q)docker manifest create \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) \ + $(foreach ARCH,$(DOCKER_ARCHS),--amend $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(ARCH)-$(DOCKER_VERSION)) + $(Q)docker manifest push \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) diff --git a/scripts/docker/etc/docker-entrypoint.sh.alpine b/scripts/docker/etc/docker-entrypoint.sh.alpine new file mode 100755 index 0000000..e0f9f6f --- /dev/null +++ b/scripts/docker/etc/docker-entrypoint.sh.alpine @@ -0,0 +1,27 @@ +#!/bin/sh +set -e + +PATH=/opt/sbin:/opt/bin:$PATH +export PATH + +# this if will check if the first argument is a flag +# but only works if all arguments require a hyphenated flag +# -v; -SL; -f arg; etc will work, but not arg1 arg2 +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- radiusd "$@" +fi + +# check for the expected command +if [ "$1" = 'radiusd' ]; then + shift + exec radiusd -f "$@" +fi + +# debian people are likely to call "freeradius" as well, so allow that +if [ "$1" = 'freeradius' ]; then + shift + exec radiusd -f "$@" +fi + +# else default to run whatever the user wanted like "bash" or "sh" +exec "$@" diff --git a/scripts/docker/etc/docker-entrypoint.sh.deb b/scripts/docker/etc/docker-entrypoint.sh.deb new file mode 100755 index 0000000..93141b0 --- /dev/null +++ b/scripts/docker/etc/docker-entrypoint.sh.deb @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +# this if will check if the first argument is a flag +# but only works if all arguments require a hyphenated flag +# -v; -SL; -f arg; etc will work, but not arg1 arg2 +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- freeradius "$@" +fi + +# check for the expected command +if [ "$1" = 'freeradius' ]; then + shift + exec freeradius -f "$@" +fi + +# many people are likely to call "radiusd" as well, so allow that +if [ "$1" = 'radiusd' ]; then + shift + exec freeradius -f "$@" +fi + +# else default to run whatever the user wanted like "bash" or "sh" +exec "$@" diff --git a/scripts/docker/etc/docker-entrypoint.sh.rpm b/scripts/docker/etc/docker-entrypoint.sh.rpm new file mode 100755 index 0000000..900ad6b --- /dev/null +++ b/scripts/docker/etc/docker-entrypoint.sh.rpm @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +# this if will check if the first argument is a flag +# but only works if all arguments require a hyphenated flag +# -v; -SL; -f arg; etc will work, but not arg1 arg2 +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- radiusd "$@" +fi + +# check for the expected command +if [ "$1" = 'radiusd' ]; then + shift + exec radiusd -f "$@" +fi + +# debian people are likely to call "freeradius" as well, so allow that +if [ "$1" = 'freeradius' ]; then + shift + exec radiusd -f "$@" +fi + +# else default to run whatever the user wanted like "bash" or "sh" +exec "$@" diff --git a/scripts/docker/alpine/Dockerfile b/scripts/docker/m4/Dockerfile.alpine.m4 index 2965525..64c6c8f 100644 --- a/scripts/docker/alpine/Dockerfile +++ b/scripts/docker/m4/Dockerfile.alpine.m4 @@ -1,4 +1,4 @@ -ARG from=alpine:3.13 +ARG from=DOCKER_IMAGE FROM ${from} as build # @@ -10,17 +10,23 @@ RUN apk add git gcc make # # Create build directory # -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ # -# Shallow clone the FreeRADIUS source +# Copy the FreeRADIUS directory in # -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +RUN [ -z "$release" ] || git checkout ${release} -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server # # Install build dependencies @@ -33,7 +39,7 @@ RUN apk add linux-headers RUN apk add pcre-dev libidn-dev krb5-dev samba-dev curl-dev json-c-dev RUN apk add openldap-dev unbound-dev # languages -RUN apk add ruby-dev perl-dev python2-dev +RUN apk add ruby-dev perl-dev python2-dev python3-dev # databases RUN apk add hiredis-dev libmemcached-dev gdbm-dev libcouchbase-dev # sql @@ -69,14 +75,15 @@ RUN apk update \ && apk add libcurl json-c libldap hiredis sqlite-dev \ #RUN apk add libidn krb5 #RUN apk add unbound-libs -#RUN apk add ruby-libs perl python2-dev +#RUN apk add ruby-libs perl python2-dev python3-dev #RUN apk add libmemcached gdbm libcouchbase #RUN apk add postgresql-dev mariadb-dev unixodbc-dev \ && ln -s /opt/etc/raddb /etc/raddb -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh +WORKDIR / +COPY DOCKER_TOPDIR/etc/docker-entrypoint.sh.PKG_TYPE docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh EXPOSE 1812/udp 1813/udp ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/scripts/docker/m4/Dockerfile.deb.m4 b/scripts/docker/m4/Dockerfile.deb.m4 new file mode 100644 index 0000000..0b4e5b5 --- /dev/null +++ b/scripts/docker/m4/Dockerfile.deb.m4 @@ -0,0 +1,88 @@ +ARG from=DOCKER_IMAGE +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ifelse(ifelse( + D_NAME, `debian10', no, + D_NAME, `ubuntu18', no, + D_NAME, `ubuntu20', no, + yes), yes, `dnl +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \', +`RUN apt-get update \') + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.PKG_TYPE docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/m4/Dockerfile.m4 b/scripts/docker/m4/Dockerfile.m4 new file mode 100644 index 0000000..f9890a1 --- /dev/null +++ b/scripts/docker/m4/Dockerfile.m4 @@ -0,0 +1,45 @@ +dnl Look up the OS codename, docker base image etc before including +dnl the main Dockerfile template. +dnl +dnl This top-level template is used by both the docker makefile +dnl (scripts/docker/docker.mk) and the crossbuild makefile +dnl (scripts/crossbuild/crossbuild.mk), but the Dockerfile templates +dnl they use are different - see the m4 directories for each. +dnl +divert(`-1') +changequote(`[', `]') +define([DOCKER_TOPDIR], [scripts/docker/]) +define([p_SET], [ + define([PKG_TYPE], [$1]) + define([OS_NAME], [$2]) + define([OS_VER], [$3]) + define([OS_CODENAME], [$4]) + define([DOCKER_IMAGE], [$5]) +]) +dnl D_NAME PKG_TYPE OS_NAME OS_VER OS_CODENAME DOCKER_IMAGE +ifelse( + D_NAME, [alpine], [p_SET([alpine], [alpine], [3.13], [alpine], [alpine:3.13])], + D_NAME, [debian10], [p_SET([deb], [debian], [10], [buster], [debian:buster])], + D_NAME, [debian11], [p_SET([deb], [debian], [11], [bullseye], [debian:bullseye])], + D_NAME, [debian12], [p_SET([deb], [debian], [12], [bookworm], [debian:bookworm])], + D_NAME, [debiansid], [p_SET([deb], [debian], [99], [sid], [debian:sid])], + D_NAME, [ubuntu18], [p_SET([deb], [ubuntu], [18], [bionic], [ubuntu:18.04])], + D_NAME, [ubuntu20], [p_SET([deb], [ubuntu], [20], [focal], [ubuntu:20.04])], + D_NAME, [ubuntu22], [p_SET([deb], [ubuntu], [22], [jammy], [ubuntu:22.04])], + D_NAME, [ubuntu24], [p_SET([deb], [ubuntu], [24], [noble], [ubuntu:24.04])], + D_NAME, [centos7], [p_SET([rpm], [centos], [7], [7], [centos:7])], + D_NAME, [centos8], [p_SET([rpm], [centos], [8], [8], [centos:8])], + D_NAME, [rocky8], [p_SET([rpm], [rocky], [8], [8], [rockylinux/rockylinux:8])], + D_NAME, [rocky9], [p_SET([rpm], [rocky], [9], [9], [rockylinux/rockylinux:9])], + [errprint(error: OS 'D_NAME' not defined[,] see __file__ +)m4exit(1)] +) +undefine([p_SET]) +divert[]dnl +[#] Auto generated for D_NAME +[#] from scripts/D_TYPE/m4/Dockerfile.PKG_TYPE.m4 +[#] +[#] Rebuild this file with `make D_TYPE.D_NAME.regen` +[#] +changequote([`], ['])dnl +include(Dockerfile.PKG_TYPE.m4)dnl diff --git a/scripts/docker/m4/Dockerfile.rpm.m4 b/scripts/docker/m4/Dockerfile.rpm.m4 new file mode 100644 index 0000000..03181e8 --- /dev/null +++ b/scripts/docker/m4/Dockerfile.rpm.m4 @@ -0,0 +1,186 @@ +ARG from=DOCKER_IMAGE +FROM ${from} as build + +ifelse(OS_VER, 7, `dnl +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* +')dnl + +ifelse(OS_VER, `7', `', `dnl +# +# Install yum +# +RUN dnf install -y yum +')dnl + +ifelse(OS_VER, 8, `dnl +RUN rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial +')dnl +ifelse(OS_VER, 9, `dnl +RUN rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 +') +# +# Install build tools +# +RUN yum groupinstall -y "Development Tools" +ifelse(OS_VER, 7,`dnl +RUN yum install -y rpmdevtools +RUN yum install -y openssl +',` +RUN yum install -y rpmdevtools openssl dnf-utils +') + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Other requirements +# +changequote(`{', `}')dnl +ifelse(ifelse(OS_VER, 7, yes, OS_VER, 8, yes, no), yes, { +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +RUN echo $'[ltb-project]\n\ +name=LTB project packages\n\ +baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ +enabled=1\n\ +gpgcheck=1\n\ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ +> /etc/yum.repos.d/ltb-project.repo +RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project +})dnl +changequote({`}, {'})dnl + +# Enable EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-OS_VER.noarch.rpm +ifelse(OS_VER, 8, ` +# Enable powertools repo +RUN yum config-manager --enable powertools + +# Enable epel-testing, currently needed for hiredis-devel +RUN yum config-manager --enable epel-testing +')dnl +ifelse(OS_VER, 9, ` +# Enable Code Ready Builder repo (CentOS powertools equivalent) +RUN yum install -y yum-utils +RUN yum config-manager --enable crb +')dnl + +# +# Install build dependencies +# +# Run twice, it doesn't always get everything with one invocation +# +RUN [ -e redhat/freeradius.spec ] && \ + yum-builddep -y redhat/freeradius.spec && \ + yum-builddep -y redhat/freeradius.spec + +# +# Create RPM build environment +# +ENV BUILDDIR=/root/rpmbuild +RUN rpmdev-setuptree + +RUN ./configure +RUN cp VERSION /VERSION +RUN make freeradius-server-$(cat /VERSION).tar.bz2 +RUN cp freeradius-server-$(cat /VERSION).tar.bz2 $BUILDDIR/SOURCES/ +RUN cp -r redhat/* $BUILDDIR/SOURCES/ +RUN sed -i "s/^Version:.*/Version: $(cat /VERSION)/" redhat/freeradius.spec +RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ +WORKDIR $BUILDDIR + +# +# Build the server +# +ENV QA_RPATHS=0x0003 +RUN rpmbuild -bb --define "_release $(cat /VERSION)" "$BUILDDIR/SPECS/freeradius.spec" + +RUN mkdir /root/rpms +RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ + +# +# Clean environment and run the server +# +FROM ${from} + +COPY --from=build /root/rpms /tmp/ + +ifelse(OS_VER, 7, `dnl +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* +')dnl + +ifelse(OS_VER, `7', `', `dnl +# +# Install yum +# +RUN dnf install -y yum +')dnl + +changequote(`{', `}')dnl +ifelse(ifelse(OS_VER, 7, yes, OS_VER, 8, yes, no), yes, {dnl +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +RUN echo $'[ltb-project]\n\ +name=LTB project packages\n\ +baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ +enabled=1\n\ +gpgcheck=1\n\ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ +> /etc/yum.repos.d/ltb-project.repo \ + && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project +})dnl +changequote({`}, {'})dnl + + +# EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-OS_VER.noarch.rpm \ +ifelse(OS_VER, 7, ` \', `dnl + && yum install -y dnf-utils \ +ifelse(OS_VER, 8, `dnl + && yum config-manager --enable powertools \ +')dnl +ifelse(OS_VER, 9, `dnl + && yum config-manager --enable crb \ +')dnl + && yum config-manager --enable epel-testing + +ARG radiusd_uid=95 +ARG radiusd_gid=95 + +RUN groupadd -g ${radiusd_gid} -r radiusd \ + && useradd -u ${radiusd_uid} -g radiusd -r -M -d /home/radiusd -s /sbin/nologin radiusd \') + && yum install -y /tmp/*.rpm + +WORKDIR / +COPY DOCKER_TOPDIR/etc/docker-entrypoint.sh.PKG_TYPE docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["radiusd"] diff --git a/scripts/docker/ubuntu18/Dockerfile b/scripts/docker/ubuntu18/Dockerfile deleted file mode 100644 index 7322026..0000000 --- a/scripts/docker/ubuntu18/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -ARG from=ubuntu:18.04 -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -RUN apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/ubuntu20/Dockerfile b/scripts/docker/ubuntu20/Dockerfile deleted file mode 100644 index 783ebc9..0000000 --- a/scripts/docker/ubuntu20/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -ARG from=ubuntu:20.04 -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -ARG DEBIAN_FRONTEND=noninteractive - -RUN apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/ubuntu22/Dockerfile b/scripts/docker/ubuntu22/Dockerfile deleted file mode 100644 index 9e6aa57..0000000 --- a/scripts/docker/ubuntu22/Dockerfile +++ /dev/null @@ -1,66 +0,0 @@ -ARG from=ubuntu:22.04 -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -ARG freerad_uid=101 -ARG freerad_gid=101 - -ARG DEBIAN_FRONTEND=noninteractive - -RUN groupadd -g ${freerad_gid} -r freerad \ - && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ - && apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/snmp-proxy/freeradius-snmp.pl b/scripts/snmp-proxy/freeradius-snmp.pl index f30fc7d..9e70afc 100644 --- a/scripts/snmp-proxy/freeradius-snmp.pl +++ b/scripts/snmp-proxy/freeradius-snmp.pl @@ -40,7 +40,7 @@ my $cfg = { radius => { host => 'localhost', - port => 18120, + port => 18121, secret => 'adminsecret', # dictionary => '../radiusd/share/dictionary', dictionary => 'dictionary.hacked', @@ -167,7 +167,7 @@ sub radius_stats_get { # Wrappers for specific types of stats # sub radius_stats_get_global { return radius_stats_get(0x1f); } -sub radius_stats_get_client { return radius_stats_get(0x3f, 'FreeRADIUS-Stats-Client-Number' => $_[0]); } +sub radius_stats_get_client { return radius_stats_get(0x23, 'FreeRADIUS-Stats-Client-Number' => $_[0]); } # # Main loop of thread fetching status from freeradius server |