15 files changed, 1468 insertions, 0 deletions

diff --git a/scripts/crossbuild/README.md b/scripts/crossbuild/README.md
new file mode 100644
index 0000000..a5dc205
--- /dev/null
+++ b/scripts/crossbuild/README.md
@@ -0,0 +1,136 @@
+# Crossbuild
+
+## Summary
+
+The "crossbuild" system is a way to build FreeRADIUS for multiple
+different operating systems, using Docker.
+
+The primary purpose is for developers to easily test FreeRADIUS on
+different systems.
+
+**Do not use this for running FreeRADIUS in production - see
+`scripts/docker` instead.**
+
+
+## Common Usage
+
+The systems supported can be listed with
+
+    make crossbuild.info
+
+A reminder of the make targets may be seen with
+
+    make crossbuild.help
+
+To make all the known systems (this may take quite a while, at
+least on the first run):
+
+    make crossbuild
+
+or for the most common systems (Debian, Ubuntu, CentOS, Rocky):
+
+    make crossbuild.common
+
+
+## General operation
+
+The system works by building and then starting up Docker
+containers for the systems. When a build is triggered (either
+generally, as above, or for a specific OS) the current git commits
+are copied into the image and then `make test` run.
+
+The Docker containers are left running, and may be stopped with
+
+    make crossbuild.down
+
+The system tries to be as efficient as possible, so will not
+rebuild the Docker images from scratch every time, but use an
+existing image and copy just the latest git commits in for
+testing.
+
+
+## Global make targets
+
+The following targets will operate on the crossbuild system
+globally, or on all images (unless otherwise stated):
+
+  - `make crossbuild`
+
+    Create all docker images (if required), start them, build and
+    test FreeRADIUS.
+
+
+  - `make crossbuild.common`
+
+    As `make crossbuild`, but only build and test the most common
+    systems.
+
+
+  - `make crossbuild.info`
+
+    List all systems, together with the expected state. See
+    `crossbuild.reset`.
+
+
+  - `make crossbuild.down`
+
+    Stop all containers.
+
+
+  - `make crossbuild.reset`
+
+    If containers are stopped or started outside Docker,
+    crossbuild may get confused. This will clear the internal
+    state which should try and start everything from be beginning
+    again.
+
+
+  - `make crossbuild.clean`
+
+    Bring down all containers, clear state. This is a general
+    "tidy up".
+
+
+  - `make crossbuild.wipe`
+
+    Don't just stop, but destroy all crossbuild docker images.
+    This will mean they need to be recreated again upon next use.
+
+
+## Per-image make targets
+
+The following make targets may be used on a per-image basis:
+
+ * `make crossbuild.IMAGE`:         build and test image
+ * `make crossbuild.IMAGE.log`:     show latest build log
+ * `make crossbuild.IMAGE.up`:      start container
+ * `make crossbuild.IMAGE.down`:    stop container
+ * `make crossbuild.IMAGE.sh`:      shell in container
+ * `make crossbuild.IMAGE.refresh`: push latest commits into container
+ * `make crossbuild.IMAGE.clean`:   stop container and tidy up
+ * `make crossbuild.IMAGE.wipe`:    remove Docker image
+
+For example, `make crossbuild.debian10` to create, build and test
+FreeRADIUS on Debian 10. `make crossbuild.debian10.down` will then
+stop the container.
+
+
+## Docker image and container names
+
+Docker images will be created with names in the form:
+
+    freeradius-build/debian10
+
+while containers will have names like:
+
+    fr-crossbuild-debian10
+
+
+## Re-generating Dockerfiles
+
+The Dockerfiles used for crossbuild are generated from m4
+templates. To regenerate one use `make crossbuild.IMAGE.regen`, or
+`make crossbuild.regen` to generate them all. The m4 templates are
+stored in `scripts/crossbuild/m4/`. This will usually only need to
+be used to add a new operating system, not during standard build
+testing.
diff --git a/scripts/crossbuild/build/.gitignore b/scripts/crossbuild/build/.gitignore
new file mode 100644
index 0000000..7bd9396
--- /dev/null
+++ b/scripts/crossbuild/build/.gitignore
@@ -0,0 +1,4 @@
+build.*
+configure.*
+log.*
+stamp-*
diff --git a/scripts/crossbuild/crossbuild.mk b/scripts/crossbuild/crossbuild.mk
new file mode 100644
index 0000000..599a34c
--- /dev/null
+++ b/scripts/crossbuild/crossbuild.mk
@@ -0,0 +1,258 @@
+#
+#  Include crossbuild targets, to test building on lots of
+#  different OSes. Uses Docker.
+#
+ifeq ($(shell which docker 2> /dev/null),)
+.PHONY: crossbuild crossbuild.help
+crossbuild crossbuild.help :
+	@echo crossbuild requires Docker to be installed
+else
+
+#
+#  Short list of common builds
+#
+CB_COMMON:=centos7 rocky9 debian11 ubuntu20
+
+# Where to put stamp files (subdirectory of where this makefile is)
+CB_DIR:=$(dir $(realpath $(lastword $(MAKEFILE_LIST))))
+
+# Where the docker directories are
+DT:=$(CB_DIR)/docker
+
+# Where to put stamp files (subdirectory of where this makefile is)
+DD:=$(CB_DIR)/build
+
+# Location of top-level m4 template
+DOCKER_TMPL:=$(CB_DIR)/../docker/m4/Dockerfile.m4
+
+# List of all the docker images (sorted for "crossbuild.info")
+CB_IMAGES:=$(sort $(patsubst $(DT)/%,%,$(wildcard $(DT)/*)))
+
+# Location of the .git dir (may be different for e.g. submodules)
+GITDIR:=$(shell perl -MCwd -e 'print Cwd::abs_path shift' $$(git rev-parse --git-dir))
+
+CB_CPREFIX:=fr-crossbuild-
+CB_IPREFIX:=freeradius-build
+
+#
+#  This Makefile is included in-line, and not via the "boilermake"
+#  wrapper.  But it's still useful to use the same process for
+#  seeing commands that are run.
+#
+ifeq "${VERBOSE}" ""
+    Q=@
+else
+    Q=
+endif
+
+#
+#  Enter here: This builds everything
+#
+.PHONY: crossbuild crossbuild.common
+crossbuild: crossbuild.info $(foreach IMG,${CB_IMAGES},crossbuild.${IMG})
+crossbuild.common: crossbuild.info $(foreach IMG,${CB_COMMON},crossbuild.${IMG})
+
+#
+#  Dump out some useful information on what images we're going to test
+#
+.PHONY: crossbuild.info crossbuild.info_header crossbuild.help
+crossbuild.info: crossbuild.info_header $(foreach IMG,${CB_IMAGES},crossbuild.${IMG}.status)
+	@echo Common images: $(CB_COMMON)
+
+crossbuild.info_header:
+	@echo Images:
+
+crossbuild.help: crossbuild.info
+	@echo ""
+	@echo "Make targets:"
+	@echo "    crossbuild               - build and test all images"
+	@echo "    crossbuild.common        - build and test common images"
+	@echo "    crossbuild.info          - list images"
+	@echo "    crossbuild.down          - stop all containers"
+	@echo "    crossbuild.reset         - remove cache of docker state"
+	@echo "    crossbuild.clean         - down and reset all targets"
+	@echo "    crossbuild.wipe          - destroy all crossbuild Docker images"
+	@echo ""
+	@echo "Per-image targets:"
+	@echo "    crossbuild.IMAGE         - build and test image <IMAGE>"
+	@echo "    crossbuild.IMAGE.log     - show latest build log"
+	@echo "    crossbuild.IMAGE.up      - start container"
+	@echo "    crossbuild.IMAGE.down    - stop container"
+	@echo "    crossbuild.IMAGE.sh      - shell in container"
+	@echo "    crossbuild.IMAGE.refresh - push latest commits into container"
+	@echo "    crossbuild.IMAGE.reset   - remove cache of docker state"
+	@echo "    crossbuild.IMAGE.clean   - stop container and tidy up"
+	@echo "    crossbuild.IMAGE.wipe    - remove Docker image"
+
+#
+#  Remove stamp files, so that we try and create images again
+#
+crossbuild.reset: $(foreach IMG,${CB_IMAGES},crossbuild.${IMG}.reset)
+
+#
+#  Stop all containers
+#
+crossbuild.down: $(foreach IMG,${CB_IMAGES},crossbuild.${IMG}.down)
+
+#
+#  Clean up: stop all containers, do a reset
+#
+crossbuild.clean: $(foreach IMG,${CB_IMAGES},crossbuild.${IMG}.clean)
+
+#
+#  Remove all images
+#
+crossbuild.wipe: $(foreach IMG,${CB_IMAGES},crossbuild.${IMG}.wipe)
+
+#
+#  Regenerate all Dockerfiles from m4 templates
+#
+crossbuild.regen: $(foreach IMG,${CB_IMAGES},crossbuild.${IMG}.regen)
+
+#
+#  Define rules for building a particular image
+#
+define CROSSBUILD_IMAGE_RULE
+#
+#  Show status (based on stamp files)
+#
+.PHONY: crossbuild.${1}.status
+crossbuild.${1}.status:
+	${Q}printf "%s" "`echo \"  ${1}                    \" | cut -c 1-20`"
+	${Q}if [ -e "$(DD)/stamp-up.${1}" ]; then echo "running"; \
+		elif [ -e "$(DD)/stamp-image.${1}" ]; then echo "built"; \
+		else echo "-"; fi
+#
+#  Build the docker image
+#
+$(DD)/stamp-image.${1}:
+	${Q}echo "BUILD ${1} ($(CB_IPREFIX)/${1}) > $(DD)/build.${1}"
+	${Q}docker build $(DOCKER_BUILD_OPTS) $(DT)/${1} -f $(DT)/${1}/Dockerfile -t $(CB_IPREFIX)/${1} >$(DD)/build.${1} 2>&1
+	${Q}touch $(DD)/stamp-image.${1}
+
+#
+#  Start up the docker container
+#
+.PHONY: $(DD)/docker.up.${1}
+$(DD)/docker.up.${1}: $(DD)/stamp-image.${1}
+	${Q}echo "START ${1} ($(CB_CPREFIX)${1})"
+	${Q}docker container inspect $(CB_CPREFIX)${1} >/dev/null 2>&1 || \
+		docker run -d --rm \
+		--privileged --cap-add=ALL \
+		--mount=type=bind,source="$(GITDIR)",destination=/srv/src,ro \
+		--name $(CB_CPREFIX)${1} $(CB_IPREFIX)/${1} \
+		/bin/sh -c 'while true; do sleep 60; done' >/dev/null
+
+$(DD)/stamp-up.${1}: $(DD)/docker.up.${1}
+	${Q}touch $(DD)/stamp-up.${1}
+
+.PHONY: crossbuild.${1}.up
+crossbuild.${1}.up: $(DD)/stamp-up.${1}
+
+#
+#  Run tests in the container
+#
+.PHONY: $(DD)/docker.refresh.${1}
+$(DD)/docker.refresh.${1}: $(DD)/stamp-up.${1}
+	${Q}echo "REFRESH ${1}"
+	${Q}docker container exec $(CB_CPREFIX)${1} sh -c 'rsync -a /srv/src/ /srv/local-src/'
+	${Q}docker container exec $(CB_CPREFIX)${1} sh -c 'git config --global --add safe.directory /srv/local-src'
+	${Q}docker container exec $(CB_CPREFIX)${1} sh -c 'git config -f /srv/local-src/config core.bare true'
+	${Q}docker container exec $(CB_CPREFIX)${1} sh -c 'git config -f /srv/local-src/config --unset core.worktree || true'
+	${Q}docker container exec $(CB_CPREFIX)${1} sh -c '[ -d /srv/build ] || git clone /srv/local-src /srv/build'
+	${Q}docker container exec $(CB_CPREFIX)${1} sh -c '(cd /srv/build && git pull --rebase)'
+	${Q}docker container exec $(CB_CPREFIX)${1} sh -c '[ -e /srv/build/config.log ] || echo CONFIGURE ${1}'
+	${Q}docker container exec $(CB_CPREFIX)${1} sh -c '[ -e /srv/build/config.log ] || (cd /srv/build && ./configure -C)' > $(DD)/configure.${1} 2>&1
+
+.PHONY: $(DD)/docker.run.${1}
+$(DD)/docker.run.${1}: $(DD)/docker.refresh.${1}
+	${Q}echo "TEST ${1} > $(DD)/log.${1}"
+	${Q}docker container exec $(CB_CPREFIX)${1} sh -c '(cd /srv/build && make && make test)' > $(DD)/log.${1} 2>&1 || echo FAIL ${1}
+
+#
+#  Stop the docker container
+#
+.PHONY: crossbuild.${1}.down
+crossbuild.${1}.down:
+	@echo STOP ${1}
+	${Q}docker container kill $(CB_CPREFIX)${1} || true
+	@rm -f $(DD)/stamp-up.${1}
+
+.PHONY: crossbuild.${1}.clean
+crossbuild.${1}.clean: crossbuild.${1}.down crossbuild.${1}.reset
+
+#
+#  Shell into container. cd to root first (will always succeed),
+#  then try to change to build dir, which might not exist, then
+#  run bash. (Default cwd is the wrong freeradius source in
+#  /usr/local, which would be confusing)
+#
+.PHONY: crossbuild.${1}.sh
+crossbuild.${1}.sh: crossbuild.${1}.up
+	${Q}docker exec -it $(CB_CPREFIX)${1} sh -c 'cd / ; cd /srv/build 2>/dev/null; bash' || true
+
+#
+#  Show last build logs. Try and use the most sensible pager.
+#
+.PHONY: crossbuild.${1}.log
+crossbuild.${1}.log:
+	@if which less >/dev/null; then \
+		less +G $(DD)/log.${1};\
+	elif which more >/dev/null; then \
+		more $(DD)/log.${1};\
+	else cat $(DD)/log.${1}; fi
+
+#
+#  Tidy up stamp files. This means on next run we'll do
+#  everything. Required if e.g. system has been rebooted, so
+#  containers are stopped, but the stamp file still exists.
+#
+.PHONY: crossbuild.${1}.reset
+crossbuild.${1}.reset:
+	${Q}echo RESET ${1}
+	${Q}rm -f $(DD)/stamp-up.${1}
+	${Q}rm -f $(DD)/stamp-image.${1}
+
+#
+#  Clean down images. Means on next run we'll rebuild the
+#  container (rather than just starting it).
+#
+.PHONY: crossbuild.${1}.wipe
+crossbuild.${1}.wipe:
+	${Q}echo CLEAN ${1}
+	${Q}docker image rm $(CB_IPREFIX)/${1} >/dev/null 2>&1 || true
+	${Q}rm -f $(DD)/stamp-image.${1}
+
+#
+#  Refresh git repository within the docker image
+#
+.PHONY: crossbuild.${1}.refresh
+crossbuild.${1}.refresh: $(DD)/docker.refresh.${1}
+
+#
+#  Regenerate the image Dockerfile from the m4 templates
+#
+.PHONY: crossbuild.${1}.regen
+crossbuild.${1}.regen: $(DT)/${1}/Dockerfile
+
+$(DT)/${1}/Dockerfile: $(DOCKER_TMPL) $(CB_DIR)/m4/Dockerfile.deb.m4 $(CB_DIR)/m4/Dockerfile.rpm.m4
+	${Q}echo REGEN ${1}
+	${Q}m4 -I $(CB_DIR)/m4 -D D_NAME=${1} -D D_TYPE=crossbuild $$< > $$@
+
+#
+#  Run the build test
+#
+.PHONY: crossbuild.${1}
+crossbuild.${1}: $(DD)/docker.run.${1}
+
+endef
+
+#
+#  Add all the image building rules
+#
+$(foreach IMAGE,$(CB_IMAGES),\
+  $(eval $(call CROSSBUILD_IMAGE_RULE,$(IMAGE))))
+
+
+# if docker is defined
+endif
diff --git a/scripts/crossbuild/docker/centos7/Dockerfile b/scripts/crossbuild/docker/centos7/Dockerfile
new file mode 100644
index 0000000..91f25b3
--- /dev/null
+++ b/scripts/crossbuild/docker/centos7/Dockerfile
@@ -0,0 +1,115 @@
+# Auto generated for centos7
+# from scripts/crossbuild/m4/Dockerfile.rpm.m4
+#
+# Rebuild this file with `make crossbuild.centos7.regen`
+#
+ARG from=centos:7
+FROM ${from} as build
+
+#
+#  CentOS 7 is now EOL, so we need to fix up the repo source
+#
+RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-*
+RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
+
+
+#
+#  Install devtools like make and git and the EPEL
+#  repository for freetds and hiredis
+#
+RUN yum update -y
+RUN yum install -y rpmdevtools openssl epel-release git procps yum-utils \
+	rsync 
+
+#
+#  Install GCC that has the requisite support for C11 keywords and atomics
+#
+RUN yum install -y centos-release-scl
+RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-*
+RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
+RUN yum install -y devtoolset-8-gcc devtoolset-8-gcc-c++
+ENV CC=/opt/rh/devtoolset-8/root/usr/bin/gcc
+
+#
+#  Remove the CentOS-SCLo repo which is apparently not valid?
+#  See: https://bugs.centos.org/view.php?id=14773
+#
+RUN rm /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
+RUN rm /etc/yum.repos.d/CentOS-SCLo-scl.repo
+
+
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN yum install -y doxygen graphviz perl-JSON
+#  - antora (npm needed)
+RUN curl -sL https://rpm.nodesource.com/setup_16.x | bash -
+RUN yum install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+RUN curl -o - -L $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*tar.gz" | cut -d '"' -f 4) | tar xzvf - -C /tmp/
+RUN mv /tmp/pandoc-*/bin/* /usr/local/bin
+#  - asciidoctor
+RUN yum install -y rubygems-devel
+RUN gem install asciidoctor
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+#
+#  Use LTB's openldap packages intead of the distribution version to avoid linking against NSS
+#
+RUN echo $'[ltb-project]\n\
+name=LTB project packages\n\
+baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\
+enabled=1\n\
+gpgcheck=1\n\
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\
+> /etc/yum.repos.d/ltb-project.repo
+RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#  Nodesource has issues (no SRPMS in some repos) and is not needed here
+#  CentOS/RHEL 7 do not support "-D" for yum-builddep so do that separately below if needed
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		[ -e redhat/freeradius.spec ] && yum-builddep --disablerepo="nodesource*" -y redhat/freeradius.spec; \
+	done
+
+#  Yubikey deps for CentOS/RHEL 7
+RUN yum install -y ykclient-devel ykclient
+
+RUN yum install -y libyubikey-devel
+
+#
+#  Which is required by fixture setup utilities
+#
+RUN yum install -y which
+
+#
+#  Explicitly install libnl3-devel which is required for the EAP tests
+#
+RUN yum install -y libnl3-devel
+
+
+#
+#  Create the RPM build tree
+#
+RUN rpmdev-setuptree
diff --git a/scripts/crossbuild/docker/debian10/Dockerfile b/scripts/crossbuild/docker/debian10/Dockerfile
new file mode 100644
index 0000000..03a9ce5
--- /dev/null
+++ b/scripts/crossbuild/docker/debian10/Dockerfile
@@ -0,0 +1,85 @@
+# Auto generated for debian10
+# from scripts/crossbuild/m4/Dockerfile.deb.m4
+#
+# Rebuild this file with `make crossbuild.debian10.regen`
+#
+ARG from=debian:buster
+FROM ${from} as build
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  Install add-apt-repository
+#
+RUN apt-get update && \
+    apt-get install -y software-properties-common gnupg2 procps && \
+    apt-get clean && \
+    rm -r /var/lib/apt/lists/*
+
+#  For clang
+RUN add-apt-repository -y "deb http://apt.llvm.org/buster/ llvm-toolchain-buster-8 main" && \
+    apt-key adv --fetch-keys http://apt.llvm.org/llvm-snapshot.gpg.key
+
+RUN apt-get update && \
+#  Development utilities
+    apt-get install -y devscripts equivs git quilt rsync && \
+#  Compilers
+    apt-get install -y g++ llvm-8 clang-8 lldb-8 && \
+#  eapol_test dependencies
+    apt-get install -y libnl-3-dev libnl-genl-3-dev
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN apt-get install -y doxygen graphviz libjson-perl
+#  - antora (npm needed)
+RUN curl -sL https://deb.nodesource.com/setup_20.x | bash -
+RUN apt-get install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+WORKDIR /tmp
+RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4)
+RUN apt-get install -y ./pandoc-*.deb
+#  - asciidoctor
+RUN apt-get install -y ruby-dev
+RUN gem install asciidoctor
+
+#
+#  Set defaults
+#
+RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-8 60 && \
+    update-alternatives --config clang
+
+RUN update-alternatives --install /usr/bin/lldb lldb /usr/bin/lldb-8 60 && \
+    update-alternatives --config lldb
+
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		if [ -e ./debian/control.in ] ; then \
+			debian/rules debian/control ; \
+		fi ; \
+		echo 'y' | \
+		mk-build-deps -irt'apt-get -yV' debian/control ; \
+	done
diff --git a/scripts/crossbuild/docker/debian11/Dockerfile b/scripts/crossbuild/docker/debian11/Dockerfile
new file mode 100644
index 0000000..0a77893
--- /dev/null
+++ b/scripts/crossbuild/docker/debian11/Dockerfile
@@ -0,0 +1,74 @@
+# Auto generated for debian11
+# from scripts/crossbuild/m4/Dockerfile.deb.m4
+#
+# Rebuild this file with `make crossbuild.debian11.regen`
+#
+ARG from=debian:bullseye
+FROM ${from} as build
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  Install add-apt-repository
+#
+RUN apt-get update && \
+    apt-get install -y software-properties-common gnupg2 procps && \
+    apt-get clean && \
+    rm -r /var/lib/apt/lists/*
+
+
+RUN apt-get update && \
+#  Development utilities
+    apt-get install -y devscripts equivs git quilt rsync && \
+#  Compilers
+    apt-get install -y g++ llvm clang lldb && \
+#  eapol_test dependencies
+    apt-get install -y libnl-3-dev libnl-genl-3-dev
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN apt-get install -y doxygen graphviz libjson-perl
+#  - antora (npm needed)
+RUN curl -sL https://deb.nodesource.com/setup_20.x | bash -
+RUN apt-get install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+WORKDIR /tmp
+RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4)
+RUN apt-get install -y ./pandoc-*.deb
+#  - asciidoctor
+RUN apt-get install -y ruby-dev
+RUN gem install asciidoctor
+
+
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		if [ -e ./debian/control.in ] ; then \
+			debian/rules debian/control ; \
+		fi ; \
+		echo 'y' | \
+		mk-build-deps -irt'apt-get -yV' debian/control ; \
+	done
diff --git a/scripts/crossbuild/docker/debian12/Dockerfile b/scripts/crossbuild/docker/debian12/Dockerfile
new file mode 100644
index 0000000..78eb501
--- /dev/null
+++ b/scripts/crossbuild/docker/debian12/Dockerfile
@@ -0,0 +1,74 @@
+# Auto generated for debian12
+# from scripts/crossbuild/m4/Dockerfile.deb.m4
+#
+# Rebuild this file with `make crossbuild.debian12.regen`
+#
+ARG from=debian:bookworm
+FROM ${from} as build
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  Install add-apt-repository
+#
+RUN apt-get update && \
+    apt-get install -y software-properties-common gnupg2 procps && \
+    apt-get clean && \
+    rm -r /var/lib/apt/lists/*
+
+
+RUN apt-get update && \
+#  Development utilities
+    apt-get install -y devscripts equivs git quilt rsync && \
+#  Compilers
+    apt-get install -y g++ llvm clang lldb && \
+#  eapol_test dependencies
+    apt-get install -y libnl-3-dev libnl-genl-3-dev
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN apt-get install -y doxygen graphviz libjson-perl
+#  - antora (npm needed)
+RUN curl -sL https://deb.nodesource.com/setup_20.x | bash -
+RUN apt-get install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+WORKDIR /tmp
+RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4)
+RUN apt-get install -y ./pandoc-*.deb
+#  - asciidoctor
+RUN apt-get install -y ruby-dev
+RUN gem install asciidoctor
+
+
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		if [ -e ./debian/control.in ] ; then \
+			debian/rules debian/control ; \
+		fi ; \
+		echo 'y' | \
+		mk-build-deps -irt'apt-get -yV' debian/control ; \
+	done
diff --git a/scripts/crossbuild/docker/rocky8/Dockerfile b/scripts/crossbuild/docker/rocky8/Dockerfile
new file mode 100644
index 0000000..ba7fc56
--- /dev/null
+++ b/scripts/crossbuild/docker/rocky8/Dockerfile
@@ -0,0 +1,102 @@
+# Auto generated for rocky8
+# from scripts/crossbuild/m4/Dockerfile.rpm.m4
+#
+# Rebuild this file with `make crossbuild.rocky8.regen`
+#
+ARG from=rockylinux/rockylinux:8
+FROM ${from} as build
+
+#
+#  Install devtools like make and git and the EPEL
+#  repository for freetds and hiredis
+#
+RUN yum update -y
+RUN yum install -y rpmdevtools openssl epel-release git procps yum-utils \
+	rsync dnf-plugins-core
+
+
+RUN yum config-manager --set-enabled powertools
+
+#
+#  Install GCC that has the requisite support for C11 keywords and atomics
+#
+RUN yum install -y gcc-toolset-9
+
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN yum install -y doxygen graphviz perl-JSON
+#  - antora (npm needed)
+RUN curl -sL https://rpm.nodesource.com/setup_20.x | bash -
+RUN yum install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+RUN curl -o - -L $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*tar.gz" | cut -d '"' -f 4) | tar xzvf - -C /tmp/
+RUN mv /tmp/pandoc-*/bin/* /usr/local/bin
+#  - asciidoctor
+RUN yum install -y rubygems-devel
+RUN gem install asciidoctor
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+#
+#  Use LTB's openldap packages intead of the distribution version to avoid linking against NSS
+#
+RUN echo $'[ltb-project]\n\
+name=LTB project packages\n\
+baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\
+enabled=1\n\
+gpgcheck=1\n\
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\
+> /etc/yum.repos.d/ltb-project.repo
+RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#  Nodesource has issues (no SRPMS in some repos) and is not needed here
+#  CentOS/RHEL 7 do not support "-D" for yum-builddep so do that separately below if needed
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		[ -e redhat/freeradius.spec ] && yum-builddep -D "_with_rlm_yubikey 1" -y redhat/freeradius.spec; \
+	done
+
+
+RUN yum install -y libyubikey-devel
+
+#
+#  Which is required by fixture setup utilities
+#
+RUN yum install -y which
+
+#
+#  Explicitly install libnl3-devel which is required for the EAP tests
+#
+RUN yum install -y libnl3-devel
+
+#
+#  We test with TLS1.1, but that is disabled by default on some
+#  newer systems.
+#
+RUN update-crypto-policies --set LEGACY
+
+#
+#  Create the RPM build tree
+#
+RUN rpmdev-setuptree
diff --git a/scripts/crossbuild/docker/rocky9/Dockerfile b/scripts/crossbuild/docker/rocky9/Dockerfile
new file mode 100644
index 0000000..9936fe4
--- /dev/null
+++ b/scripts/crossbuild/docker/rocky9/Dockerfile
@@ -0,0 +1,91 @@
+# Auto generated for rocky9
+# from scripts/crossbuild/m4/Dockerfile.rpm.m4
+#
+# Rebuild this file with `make crossbuild.rocky9.regen`
+#
+ARG from=rockylinux/rockylinux:9
+FROM ${from} as build
+
+#
+#  Install yum
+#
+RUN dnf install -y yum
+
+#
+#  Install devtools like make and git and the EPEL
+#  repository for freetds and hiredis
+#
+RUN yum update -y
+RUN yum install -y rpmdevtools openssl epel-release git procps yum-utils \
+	rsync dnf-plugins-core
+
+
+
+RUN yum config-manager --set-enabled crb
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN yum install -y doxygen graphviz perl-JSON
+#  - antora (npm needed)
+RUN curl -sL https://rpm.nodesource.com/setup_20.x | bash -
+RUN yum install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+RUN curl -o - -L $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*tar.gz" | cut -d '"' -f 4) | tar xzvf - -C /tmp/
+RUN mv /tmp/pandoc-*/bin/* /usr/local/bin
+#  - asciidoctor
+RUN yum install -y rubygems-devel
+RUN gem install asciidoctor
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#  Nodesource has issues (no SRPMS in some repos) and is not needed here
+#  CentOS/RHEL 7 do not support "-D" for yum-builddep so do that separately below if needed
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		[ -e redhat/freeradius.spec ] && yum-builddep -D "_with_rlm_yubikey 1" -y redhat/freeradius.spec; \
+	done
+
+
+RUN yum install -y libyubikey-devel
+
+#
+#  Which is required by fixture setup utilities
+#
+RUN yum install -y which
+
+#
+#  Explicitly install libnl3-devel which is required for the EAP tests
+#
+RUN yum install -y libnl3-devel
+
+#
+#  We test with TLS1.1, but that is disabled by default on some
+#  newer systems.
+#
+RUN update-crypto-policies --set LEGACY
+
+#
+#  Create the RPM build tree
+#
+RUN rpmdev-setuptree
diff --git a/scripts/crossbuild/docker/ubuntu18/Dockerfile b/scripts/crossbuild/docker/ubuntu18/Dockerfile
new file mode 100644
index 0000000..1bea0bf
--- /dev/null
+++ b/scripts/crossbuild/docker/ubuntu18/Dockerfile
@@ -0,0 +1,74 @@
+# Auto generated for ubuntu18
+# from scripts/crossbuild/m4/Dockerfile.deb.m4
+#
+# Rebuild this file with `make crossbuild.ubuntu18.regen`
+#
+ARG from=ubuntu:18.04
+FROM ${from} as build
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  Install add-apt-repository
+#
+RUN apt-get update && \
+    apt-get install -y software-properties-common gnupg2 procps && \
+    apt-get clean && \
+    rm -r /var/lib/apt/lists/*
+
+
+RUN apt-get update && \
+#  Development utilities
+    apt-get install -y devscripts equivs git quilt rsync && \
+#  Compilers
+    apt-get install -y g++ llvm clang lldb && \
+#  eapol_test dependencies
+    apt-get install -y libnl-3-dev libnl-genl-3-dev
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN apt-get install -y doxygen graphviz libjson-perl
+#  - antora (npm needed)
+RUN curl -sL https://deb.nodesource.com/setup_16.x | bash -
+RUN apt-get install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+WORKDIR /tmp
+RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4)
+RUN apt-get install -y ./pandoc-*.deb
+#  - asciidoctor
+RUN apt-get install -y ruby-dev
+RUN gem install asciidoctor
+
+
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		if [ -e ./debian/control.in ] ; then \
+			debian/rules debian/control ; \
+		fi ; \
+		echo 'y' | \
+		mk-build-deps -irt'apt-get -yV' debian/control ; \
+	done
diff --git a/scripts/crossbuild/docker/ubuntu20/Dockerfile b/scripts/crossbuild/docker/ubuntu20/Dockerfile
new file mode 100644
index 0000000..a58e634
--- /dev/null
+++ b/scripts/crossbuild/docker/ubuntu20/Dockerfile
@@ -0,0 +1,74 @@
+# Auto generated for ubuntu20
+# from scripts/crossbuild/m4/Dockerfile.deb.m4
+#
+# Rebuild this file with `make crossbuild.ubuntu20.regen`
+#
+ARG from=ubuntu:20.04
+FROM ${from} as build
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  Install add-apt-repository
+#
+RUN apt-get update && \
+    apt-get install -y software-properties-common gnupg2 procps && \
+    apt-get clean && \
+    rm -r /var/lib/apt/lists/*
+
+
+RUN apt-get update && \
+#  Development utilities
+    apt-get install -y devscripts equivs git quilt rsync && \
+#  Compilers
+    apt-get install -y g++ llvm clang lldb && \
+#  eapol_test dependencies
+    apt-get install -y libnl-3-dev libnl-genl-3-dev
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN apt-get install -y doxygen graphviz libjson-perl
+#  - antora (npm needed)
+RUN curl -sL https://deb.nodesource.com/setup_20.x | bash -
+RUN apt-get install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+WORKDIR /tmp
+RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4)
+RUN apt-get install -y ./pandoc-*.deb
+#  - asciidoctor
+RUN apt-get install -y ruby-dev
+RUN gem install asciidoctor
+
+
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		if [ -e ./debian/control.in ] ; then \
+			debian/rules debian/control ; \
+		fi ; \
+		echo 'y' | \
+		mk-build-deps -irt'apt-get -yV' debian/control ; \
+	done
diff --git a/scripts/crossbuild/docker/ubuntu22/Dockerfile b/scripts/crossbuild/docker/ubuntu22/Dockerfile
new file mode 100644
index 0000000..677c912
--- /dev/null
+++ b/scripts/crossbuild/docker/ubuntu22/Dockerfile
@@ -0,0 +1,74 @@
+# Auto generated for ubuntu22
+# from scripts/crossbuild/m4/Dockerfile.deb.m4
+#
+# Rebuild this file with `make crossbuild.ubuntu22.regen`
+#
+ARG from=ubuntu:22.04
+FROM ${from} as build
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  Install add-apt-repository
+#
+RUN apt-get update && \
+    apt-get install -y software-properties-common gnupg2 procps && \
+    apt-get clean && \
+    rm -r /var/lib/apt/lists/*
+
+
+RUN apt-get update && \
+#  Development utilities
+    apt-get install -y devscripts equivs git quilt rsync && \
+#  Compilers
+    apt-get install -y g++ llvm clang lldb && \
+#  eapol_test dependencies
+    apt-get install -y libnl-3-dev libnl-genl-3-dev
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN apt-get install -y doxygen graphviz libjson-perl
+#  - antora (npm needed)
+RUN curl -sL https://deb.nodesource.com/setup_20.x | bash -
+RUN apt-get install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+WORKDIR /tmp
+RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4)
+RUN apt-get install -y ./pandoc-*.deb
+#  - asciidoctor
+RUN apt-get install -y ruby-dev
+RUN gem install asciidoctor
+
+
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		if [ -e ./debian/control.in ] ; then \
+			debian/rules debian/control ; \
+		fi ; \
+		echo 'y' | \
+		mk-build-deps -irt'apt-get -yV' debian/control ; \
+	done
diff --git a/scripts/crossbuild/docker/ubuntu24/Dockerfile b/scripts/crossbuild/docker/ubuntu24/Dockerfile
new file mode 100644
index 0000000..966faf0
--- /dev/null
+++ b/scripts/crossbuild/docker/ubuntu24/Dockerfile
@@ -0,0 +1,74 @@
+# Auto generated for ubuntu24
+# from scripts/crossbuild/m4/Dockerfile.deb.m4
+#
+# Rebuild this file with `make crossbuild.ubuntu24.regen`
+#
+ARG from=ubuntu:24.04
+FROM ${from} as build
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  Install add-apt-repository
+#
+RUN apt-get update && \
+    apt-get install -y software-properties-common gnupg2 procps && \
+    apt-get clean && \
+    rm -r /var/lib/apt/lists/*
+
+
+RUN apt-get update && \
+#  Development utilities
+    apt-get install -y devscripts equivs git quilt rsync fakeroot && \
+#  Compilers
+    apt-get install -y g++ llvm clang lldb && \
+#  eapol_test dependencies
+    apt-get install -y libnl-3-dev libnl-genl-3-dev
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN apt-get install -y doxygen graphviz libjson-perl
+#  - antora (npm needed)
+RUN curl -sL https://deb.nodesource.com/setup_20.x | bash -
+RUN apt-get install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+WORKDIR /tmp
+RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4)
+RUN apt-get install -y ./pandoc-*.deb
+#  - asciidoctor
+RUN apt-get install -y ruby-dev
+RUN gem install asciidoctor
+
+
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		if [ -e ./debian/control.in ] ; then \
+			debian/rules debian/control ; \
+		fi ; \
+		echo 'y' | \
+		mk-build-deps -irt'apt-get -yV' debian/control ; \
+	done
diff --git a/scripts/crossbuild/m4/Dockerfile.deb.m4 b/scripts/crossbuild/m4/Dockerfile.deb.m4
new file mode 100644
index 0000000..a1bfca8
--- /dev/null
+++ b/scripts/crossbuild/m4/Dockerfile.deb.m4
@@ -0,0 +1,87 @@
+ARG from=DOCKER_IMAGE
+FROM ${from} as build
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  Install add-apt-repository
+#
+RUN apt-get update && \
+    apt-get install -y software-properties-common gnupg2 procps && \
+    apt-get clean && \
+    rm -r /var/lib/apt/lists/*
+
+define(`CLANG_PKGS', `llvm clang lldb')dnl
+ifelse(D_NAME, `debian10', `dnl
+define(`CLANG_VER', `8')dnl
+define(`CLANG_PKGS', `llvm-CLANG_VER clang-CLANG_VER lldb-CLANG_VER')dnl
+#  For clang
+RUN add-apt-repository -y "deb http://apt.llvm.org/OS_CODENAME/ llvm-toolchain-OS_CODENAME-CLANG_VER main" && \
+    apt-key adv --fetch-keys http://apt.llvm.org/llvm-snapshot.gpg.key
+')dnl
+
+RUN apt-get update && \
+#  Development utilities
+    apt-get install -y devscripts equivs git quilt rsync fakeroot && \
+#  Compilers
+    apt-get install -y g++ CLANG_PKGS && \
+#  eapol_test dependencies
+    apt-get install -y libnl-3-dev libnl-genl-3-dev
+
+#
+#  Documentation build dependecies
+#
+define(`NODE_VER', ifelse(D_NAME, `ubuntu18', `16', `20'))dnl
+
+#  - doxygen & JSON.pm
+RUN apt-get install -y doxygen graphviz libjson-perl
+#  - antora (npm needed)
+RUN curl -sL https://deb.nodesource.com/setup_`'NODE_VER.x | bash -
+RUN apt-get install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+WORKDIR /tmp
+RUN curl -OL $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*deb" | cut -d '"' -f 4)
+RUN apt-get install -y ./pandoc-*.deb
+#  - asciidoctor
+RUN apt-get install -y ruby-dev
+RUN gem install asciidoctor
+
+ifelse(D_NAME, `debian10', `dnl
+#
+#  Set defaults
+#
+RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-CLANG_VER 60 && \
+    update-alternatives --config clang
+
+RUN update-alternatives --install /usr/bin/lldb lldb /usr/bin/lldb-CLANG_VER 60 && \
+    update-alternatives --config lldb
+')
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		if [ -e ./debian/control.in ] ; then \
+			debian/rules debian/control ; \
+		fi ; \
+		echo 'y' | \
+		mk-build-deps -irt'apt-get -yV' debian/control ; \
+	done
diff --git a/scripts/crossbuild/m4/Dockerfile.rpm.m4 b/scripts/crossbuild/m4/Dockerfile.rpm.m4
new file mode 100644
index 0000000..714ee6e
--- /dev/null
+++ b/scripts/crossbuild/m4/Dockerfile.rpm.m4
@@ -0,0 +1,146 @@
+ARG from=DOCKER_IMAGE
+FROM ${from} as build
+
+ifelse(OS_VER, 7, `dnl
+#
+#  CentOS 7 is now EOL, so we need to fix up the repo source
+#
+RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-*
+RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
+')dnl
+
+ifelse(OS_VER, `9', `dnl
+#
+#  Install yum
+#
+RUN dnf install -y yum
+')dnl
+
+#
+#  Install devtools like make and git and the EPEL
+#  repository for freetds and hiredis
+#
+RUN yum update -y
+RUN yum install -y rpmdevtools openssl epel-release git procps yum-utils \
+	rsync ifelse(OS_VER, `7',, `dnf-plugins-core')
+
+ifelse(OS_VER, `7', `dnl
+#
+#  Install GCC that has the requisite support for C11 keywords and atomics
+#
+RUN yum install -y centos-release-scl
+RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-*
+RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
+RUN yum install -y devtoolset-8-gcc devtoolset-8-gcc-c++
+ENV CC=/opt/rh/devtoolset-8/root/usr/bin/gcc
+
+#
+#  Remove the CentOS-SCLo repo which is apparently not valid?
+#  See: https://bugs.centos.org/view.php?id=14773
+#
+RUN rm /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
+RUN rm /etc/yum.repos.d/CentOS-SCLo-scl.repo
+')dnl
+
+ifelse(OS_VER, `8', `dnl
+RUN yum config-manager --set-enabled powertools
+
+#
+#  Install GCC that has the requisite support for C11 keywords and atomics
+#
+RUN yum install -y gcc-toolset-9
+')dnl
+
+ifelse(OS_VER, `9', `dnl
+RUN yum config-manager --set-enabled crb
+')dnl
+
+#
+#  Documentation build dependecies
+#
+define(`NODE_VER', ifelse(OS_VER, 7, `16', `20'))dnl
+
+#  - doxygen & JSON.pm
+RUN yum install -y doxygen graphviz perl-JSON
+#  - antora (npm needed)
+RUN curl -sL https://rpm.nodesource.com/setup_`'NODE_VER.x | bash -
+RUN yum install -y nodejs
+RUN npm i -g @antora/cli@3.1.7 @antora/site-generator-default@3.1.7
+#  - pandoc
+RUN curl -o - -L $(curl -s https://api.github.com/repos/jgm/pandoc/releases/latest | grep "browser_download_url.*tar.gz" | cut -d '"' -f 4) | tar xzvf - -C /tmp/
+RUN mv /tmp/pandoc-*/bin/* /usr/local/bin
+#  - asciidoctor
+RUN yum install -y rubygems-devel
+RUN gem install asciidoctor
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+changequote([{,}])dnl Only add LTB on centos7/rocky8
+ifelse(ifelse(OS_VER, 7, yes,   OS_VER, 8, yes,   no), yes, [{dnl
+#
+#  Use LTB's openldap packages intead of the distribution version to avoid linking against NSS
+#
+RUN echo $'[ltb-project]\n\
+name=LTB project packages\n\
+baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\
+enabled=1\n\
+gpgcheck=1\n\
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\
+> /etc/yum.repos.d/ltb-project.repo
+RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project
+}])dnl
+changequote(`,')dnl
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#  Nodesource has issues (no SRPMS in some repos) and is not needed here
+#  CentOS/RHEL 7 do not support "-D" for yum-builddep so do that separately below if needed
+#
+define(`BUILDDEP_EXTRA', ifelse(OS_VER, 7, `--disablerepo="nodesource*"', `-D "_with_rlm_yubikey 1"'))dnl
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master)$");\
+	do \
+		git checkout $i; \
+		[ -e redhat/freeradius.spec ] && yum-builddep BUILDDEP_EXTRA -y redhat/freeradius.spec; \
+	done
+
+ifelse(OS_VER, 7,`dnl
+#  Yubikey deps for CentOS/RHEL 7
+RUN yum install -y ykclient-devel ykclient
+')dnl
+
+RUN yum install -y libyubikey-devel
+
+#
+#  Which is required by fixture setup utilities
+#
+RUN yum install -y which
+
+#
+#  Explicitly install libnl3-devel which is required for the EAP tests
+#
+RUN yum install -y libnl3-devel
+
+ifelse(OS_VER, 7,, `dnl
+#
+#  We test with TLS1.1, but that is disabled by default on some
+#  newer systems.
+#
+RUN update-crypto-policies --set LEGACY
+')dnl
+
+#
+#  Create the RPM build tree
+#
+RUN rpmdev-setuptree