diff options
Diffstat (limited to 'scripts/docker')
39 files changed, 1670 insertions, 577 deletions
diff --git a/scripts/docker/centos7/Dockerfile b/scripts/docker/centos7/Dockerfile deleted file mode 100644 index efa56eb..0000000 --- a/scripts/docker/centos7/Dockerfile +++ /dev/null @@ -1,96 +0,0 @@ -ARG from=centos:centos7 -FROM ${from} as build - -# -# Install build tools -# -RUN yum groupinstall -y "Development Tools" -RUN yum install -y rpmdevtools -RUN yum install -y openssl - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Other requirements -# - -# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS -RUN echo $'[ltb-project]\n\ -name=LTB project packages\n\ -baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ -enabled=1\n\ -gpgcheck=1\n\ -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ -> /etc/yum.repos.d/ltb-project.repo -RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project - -# EPEL repository for freetds and hiredis -RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - -# -# Install build dependencies -# -RUN [ -e redhat/freeradius.spec ] && yum-builddep -y redhat/freeradius.spec - -# -# Create RPM build environment -# -ENV BUILDDIR=/root/rpmbuild -RUN rpmdev-setuptree - -RUN ./configure -RUN make freeradius-server-$(cat VERSION).tar.bz2 -RUN cp freeradius-server-$(cat VERSION).tar.bz2 $BUILDDIR/SOURCES/ -RUN cp -r redhat/* $BUILDDIR/SOURCES/ -RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ -WORKDIR $BUILDDIR - -# -# Build the server -# -ENV QA_RPATHS=0x0003 -RUN rpmbuild -bb --define '_release $release' "$BUILDDIR/SPECS/freeradius.spec" - -RUN mkdir /root/rpms -RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /root/rpms /tmp/ - -# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS -RUN echo $'[ltb-project]\n\ -name=LTB project packages\n\ -baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ -enabled=1\n\ -gpgcheck=1\n\ -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ -> /etc/yum.repos.d/ltb-project.repo \ - && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project \ - \ -# EPEL repository for freetds and hiredis - && yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \ - \ - && yum install -y /tmp/*.rpm - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["radiusd"] diff --git a/scripts/docker/debian10/Dockerfile b/scripts/docker/debian10/Dockerfile deleted file mode 100644 index 441bed7..0000000 --- a/scripts/docker/debian10/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -ARG from=debian:buster -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -RUN apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/debian11/Dockerfile b/scripts/docker/debian11/Dockerfile deleted file mode 100644 index 7a9931c..0000000 --- a/scripts/docker/debian11/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -ARG from=debian:bullseye -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -ARG freerad_uid=101 -ARG freerad_gid=101 - -RUN groupadd -g ${freerad_gid} -r freerad \ - && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ - && apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/debian9/Dockerfile b/scripts/docker/debian9/Dockerfile deleted file mode 100644 index 1a34f7f..0000000 --- a/scripts/docker/debian9/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -ARG from=debian:stretch -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -RUN apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/debiansid/Dockerfile b/scripts/docker/debiansid/Dockerfile deleted file mode 100644 index 191ec49..0000000 --- a/scripts/docker/debiansid/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -ARG from=debian:sid -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -ARG freerad_uid=101 -ARG freerad_gid=101 - -RUN groupadd -g ${freerad_gid} -r freerad \ - && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ - && apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/dists/alpine/Dockerfile b/scripts/docker/dists/alpine/Dockerfile new file mode 100644 index 0000000..04c0101 --- /dev/null +++ b/scripts/docker/dists/alpine/Dockerfile @@ -0,0 +1,95 @@ +# Auto generated for alpine +# from scripts/docker/m4/Dockerfile.alpine.m4 +# +# Rebuild this file with `make docker.alpine.regen` +# +ARG from=alpine:3.13 +FROM ${from} as build + +# +# Install build tools +# +RUN apk update +RUN apk add git gcc make + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +RUN [ -z "$release" ] || git checkout ${release} + + +# +# Install build dependencies +# +# essential +RUN apk add libc-dev talloc-dev +RUN apk add openssl openssl-dev +RUN apk add linux-headers +# general +RUN apk add pcre-dev libidn-dev krb5-dev samba-dev curl-dev json-c-dev +RUN apk add openldap-dev unbound-dev +# languages +RUN apk add ruby-dev perl-dev python2-dev python3-dev +# databases +RUN apk add hiredis-dev libmemcached-dev gdbm-dev libcouchbase-dev +# sql +RUN apk add postgresql-dev mariadb-dev unixodbc-dev sqlite-dev + +# +# Build the server +# +RUN ./configure --prefix=/opt +RUN make -j2 +RUN make install +RUN rm /opt/lib/*.a + +# +# Clean environment and run the server +# +FROM ${from} +COPY --from=build /opt /opt + +# +# These are needed for the server to start +# +RUN apk update \ + && apk add talloc libressl pcre libwbclient tzdata \ + \ +# +# Libraries that are needed dependent on which modules are used +# Some of these (especially the languages) are huge. A reasonable +# selection has been enabled here. If you use modules needing +# other dependencies then install any others required in your +# local Dockerfile. +# + && apk add libcurl json-c libldap hiredis sqlite-dev \ +#RUN apk add libidn krb5 +#RUN apk add unbound-libs +#RUN apk add ruby-libs perl python2-dev python3-dev +#RUN apk add libmemcached gdbm libcouchbase +#RUN apk add postgresql-dev mariadb-dev unixodbc-dev + \ + && ln -s /opt/etc/raddb /etc/raddb + +WORKDIR / +COPY scripts/docker//etc/docker-entrypoint.sh.alpine docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["radiusd"] diff --git a/scripts/docker/alpine/docker-entrypoint.sh b/scripts/docker/dists/alpine/docker-entrypoint.sh index e0f9f6f..e0f9f6f 100755 --- a/scripts/docker/alpine/docker-entrypoint.sh +++ b/scripts/docker/dists/alpine/docker-entrypoint.sh diff --git a/scripts/docker/dists/centos7/Dockerfile b/scripts/docker/dists/centos7/Dockerfile new file mode 100644 index 0000000..0e266b7 --- /dev/null +++ b/scripts/docker/dists/centos7/Dockerfile @@ -0,0 +1,134 @@ +# Auto generated for centos7 +# from scripts/docker/m4/Dockerfile.rpm.m4 +# +# Rebuild this file with `make docker.centos7.regen` +# +ARG from=centos:7 +FROM ${from} as build + +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* + + + +# +# Install build tools +# +RUN yum groupinstall -y "Development Tools" +RUN yum install -y rpmdevtools +RUN yum install -y openssl + + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Other requirements +# + +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +RUN echo $'[ltb-project]\n\ +name=LTB project packages\n\ +baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ +enabled=1\n\ +gpgcheck=1\n\ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ +> /etc/yum.repos.d/ltb-project.repo +RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project + +# Enable EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + +# +# Install build dependencies +# +# Run twice, it doesn't always get everything with one invocation +# +RUN [ -e redhat/freeradius.spec ] && \ + yum-builddep -y redhat/freeradius.spec && \ + yum-builddep -y redhat/freeradius.spec + +# +# Create RPM build environment +# +ENV BUILDDIR=/root/rpmbuild +RUN rpmdev-setuptree + +RUN ./configure +RUN cp VERSION /VERSION +RUN make freeradius-server-$(cat /VERSION).tar.bz2 +RUN cp freeradius-server-$(cat /VERSION).tar.bz2 $BUILDDIR/SOURCES/ +RUN cp -r redhat/* $BUILDDIR/SOURCES/ +RUN sed -i "s/^Version:.*/Version: $(cat /VERSION)/" redhat/freeradius.spec +RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ +WORKDIR $BUILDDIR + +# +# Build the server +# +ENV QA_RPATHS=0x0003 +RUN rpmbuild -bb --define "_release $(cat /VERSION)" "$BUILDDIR/SPECS/freeradius.spec" + +RUN mkdir /root/rpms +RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ + +# +# Clean environment and run the server +# +FROM ${from} + +COPY --from=build /root/rpms /tmp/ + +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* + + +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +RUN echo $'[ltb-project]\n\ +name=LTB project packages\n\ +baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ +enabled=1\n\ +gpgcheck=1\n\ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ +> /etc/yum.repos.d/ltb-project.repo \ + && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project + + +# EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \ + \ + && yum install -y /tmp/*.rpm + +WORKDIR / +COPY scripts/docker//etc/docker-entrypoint.sh.rpm docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["radiusd"] diff --git a/scripts/docker/centos7/docker-entrypoint.sh b/scripts/docker/dists/centos7/docker-entrypoint.sh index 900ad6b..900ad6b 100755 --- a/scripts/docker/centos7/docker-entrypoint.sh +++ b/scripts/docker/dists/centos7/docker-entrypoint.sh diff --git a/scripts/docker/dists/debian10/Dockerfile b/scripts/docker/dists/debian10/Dockerfile new file mode 100644 index 0000000..5e9e9a5 --- /dev/null +++ b/scripts/docker/dists/debian10/Dockerfile @@ -0,0 +1,82 @@ +# Auto generated for debian10 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.debian10.regen` +# +ARG from=debian:buster +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +RUN apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/debian10/docker-entrypoint.sh b/scripts/docker/dists/debian10/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/debian10/docker-entrypoint.sh +++ b/scripts/docker/dists/debian10/docker-entrypoint.sh diff --git a/scripts/docker/dists/debian11/Dockerfile b/scripts/docker/dists/debian11/Dockerfile new file mode 100644 index 0000000..f709d95 --- /dev/null +++ b/scripts/docker/dists/debian11/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for debian11 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.debian11.regen` +# +ARG from=debian:bullseye +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/debian11/docker-entrypoint.sh b/scripts/docker/dists/debian11/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/debian11/docker-entrypoint.sh +++ b/scripts/docker/dists/debian11/docker-entrypoint.sh diff --git a/scripts/docker/dists/debian12/Dockerfile b/scripts/docker/dists/debian12/Dockerfile new file mode 100644 index 0000000..609e8ae --- /dev/null +++ b/scripts/docker/dists/debian12/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for debian12 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.debian12.regen` +# +ARG from=debian:bookworm +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/debian9/docker-entrypoint.sh b/scripts/docker/dists/debian12/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/debian9/docker-entrypoint.sh +++ b/scripts/docker/dists/debian12/docker-entrypoint.sh diff --git a/scripts/docker/dists/debiansid/Dockerfile b/scripts/docker/dists/debiansid/Dockerfile new file mode 100644 index 0000000..862a421 --- /dev/null +++ b/scripts/docker/dists/debiansid/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for debiansid +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.debiansid.regen` +# +ARG from=debian:sid +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/debiansid/docker-entrypoint.sh b/scripts/docker/dists/debiansid/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/debiansid/docker-entrypoint.sh +++ b/scripts/docker/dists/debiansid/docker-entrypoint.sh diff --git a/scripts/docker/rocky8/Dockerfile b/scripts/docker/dists/rocky8/Dockerfile index ca821a3..4dcb92e 100644 --- a/scripts/docker/rocky8/Dockerfile +++ b/scripts/docker/dists/rocky8/Dockerfile @@ -1,34 +1,54 @@ +# Auto generated for rocky8 +# from scripts/docker/m4/Dockerfile.rpm.m4 +# +# Rebuild this file with `make docker.rocky8.regen` +# ARG from=rockylinux/rockylinux:8 FROM ${from} as build +# +# Install yum +# +RUN dnf install -y yum + RUN rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial # # Install build tools # RUN yum groupinstall -y "Development Tools" + RUN yum install -y rpmdevtools openssl dnf-utils + # # Create build directory # -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . # -# Shallow clone the FreeRADIUS source +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system # -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x +RUN git clean -fdxx \ + && git reset --hard HEAD -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline # # Other requirements # -# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS RUN echo $'[ltb-project]\n\ name=LTB project packages\n\ baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ @@ -38,17 +58,23 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ > /etc/yum.repos.d/ltb-project.repo RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project -# EPEL repository for freetds and hiredis +# Enable EPEL repository for freetds and hiredis RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm +# Enable powertools repo RUN yum config-manager --enable powertools -# Currently needed for hiredis-devel + +# Enable epel-testing, currently needed for hiredis-devel RUN yum config-manager --enable epel-testing # # Install build dependencies # -RUN [ -e redhat/freeradius.spec ] && yum-builddep -y redhat/freeradius.spec +# Run twice, it doesn't always get everything with one invocation +# +RUN [ -e redhat/freeradius.spec ] && \ + yum-builddep -y redhat/freeradius.spec && \ + yum-builddep -y redhat/freeradius.spec # # Create RPM build environment @@ -57,9 +83,11 @@ ENV BUILDDIR=/root/rpmbuild RUN rpmdev-setuptree RUN ./configure -RUN make freeradius-server-$(cat VERSION).tar.bz2 -RUN cp freeradius-server-$(cat VERSION).tar.bz2 $BUILDDIR/SOURCES/ +RUN cp VERSION /VERSION +RUN make freeradius-server-$(cat /VERSION).tar.bz2 +RUN cp freeradius-server-$(cat /VERSION).tar.bz2 $BUILDDIR/SOURCES/ RUN cp -r redhat/* $BUILDDIR/SOURCES/ +RUN sed -i "s/^Version:.*/Version: $(cat /VERSION)/" redhat/freeradius.spec RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ WORKDIR $BUILDDIR @@ -67,7 +95,7 @@ WORKDIR $BUILDDIR # Build the server # ENV QA_RPATHS=0x0003 -RUN rpmbuild -bb --define '_release $release' "$BUILDDIR/SPECS/freeradius.spec" +RUN rpmbuild -bb --define "_release $(cat /VERSION)" "$BUILDDIR/SPECS/freeradius.spec" RUN mkdir /root/rpms RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ @@ -76,8 +104,14 @@ RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ # Clean environment and run the server # FROM ${from} + COPY --from=build /root/rpms /tmp/ +# +# Install yum +# +RUN dnf install -y yum + # Use LTB's openldap packages intead of the distribution version to avoid linking against NSS RUN echo $'[ltb-project]\n\ name=LTB project packages\n\ @@ -86,11 +120,13 @@ enabled=1\n\ gpgcheck=1\n\ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ > /etc/yum.repos.d/ltb-project.repo \ - && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project \ - \ -# EPEL repository for freetds and hiredis - && yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ + && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project + + +# EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ && yum install -y dnf-utils \ + && yum config-manager --enable powertools \ && yum config-manager --enable epel-testing ARG radiusd_uid=95 @@ -100,8 +136,9 @@ RUN groupadd -g ${radiusd_gid} -r radiusd \ && useradd -u ${radiusd_uid} -g radiusd -r -M -d /home/radiusd -s /sbin/nologin radiusd \ && yum install -y /tmp/*.rpm -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh +WORKDIR / +COPY scripts/docker//etc/docker-entrypoint.sh.rpm docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh EXPOSE 1812/udp 1813/udp ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/scripts/docker/rocky8/docker-entrypoint.sh b/scripts/docker/dists/rocky8/docker-entrypoint.sh index 900ad6b..900ad6b 100755 --- a/scripts/docker/rocky8/docker-entrypoint.sh +++ b/scripts/docker/dists/rocky8/docker-entrypoint.sh diff --git a/scripts/docker/dists/rocky9/Dockerfile b/scripts/docker/dists/rocky9/Dockerfile new file mode 100644 index 0000000..0f57010 --- /dev/null +++ b/scripts/docker/dists/rocky9/Dockerfile @@ -0,0 +1,124 @@ +# Auto generated for rocky9 +# from scripts/docker/m4/Dockerfile.rpm.m4 +# +# Rebuild this file with `make docker.rocky9.regen` +# +ARG from=rockylinux/rockylinux:9 +FROM ${from} as build + +# +# Install yum +# +RUN dnf install -y yum + +RUN rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +# +# Install build tools +# +RUN yum groupinstall -y "Development Tools" + +RUN yum install -y rpmdevtools openssl dnf-utils + + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Other requirements +# + +# Enable EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm + +# Enable Code Ready Builder repo (CentOS powertools equivalent) +RUN yum install -y yum-utils +RUN yum config-manager --enable crb + +# +# Install build dependencies +# +# Run twice, it doesn't always get everything with one invocation +# +RUN [ -e redhat/freeradius.spec ] && \ + yum-builddep -y redhat/freeradius.spec && \ + yum-builddep -y redhat/freeradius.spec + +# +# Create RPM build environment +# +ENV BUILDDIR=/root/rpmbuild +RUN rpmdev-setuptree + +RUN ./configure +RUN cp VERSION /VERSION +RUN make freeradius-server-$(cat /VERSION).tar.bz2 +RUN cp freeradius-server-$(cat /VERSION).tar.bz2 $BUILDDIR/SOURCES/ +RUN cp -r redhat/* $BUILDDIR/SOURCES/ +RUN sed -i "s/^Version:.*/Version: $(cat /VERSION)/" redhat/freeradius.spec +RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ +WORKDIR $BUILDDIR + +# +# Build the server +# +ENV QA_RPATHS=0x0003 +RUN rpmbuild -bb --define "_release $(cat /VERSION)" "$BUILDDIR/SPECS/freeradius.spec" + +RUN mkdir /root/rpms +RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ + +# +# Clean environment and run the server +# +FROM ${from} + +COPY --from=build /root/rpms /tmp/ + +# +# Install yum +# +RUN dnf install -y yum + + + +# EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \ + && yum install -y dnf-utils \ + && yum config-manager --enable crb \ + && yum config-manager --enable epel-testing + +ARG radiusd_uid=95 +ARG radiusd_gid=95 + +RUN groupadd -g ${radiusd_gid} -r radiusd \ + && useradd -u ${radiusd_uid} -g radiusd -r -M -d /home/radiusd -s /sbin/nologin radiusd \ + && yum install -y /tmp/*.rpm + +WORKDIR / +COPY scripts/docker//etc/docker-entrypoint.sh.rpm docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["radiusd"] diff --git a/scripts/docker/dists/rocky9/docker-entrypoint.sh b/scripts/docker/dists/rocky9/docker-entrypoint.sh new file mode 100755 index 0000000..900ad6b --- /dev/null +++ b/scripts/docker/dists/rocky9/docker-entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +# this if will check if the first argument is a flag +# but only works if all arguments require a hyphenated flag +# -v; -SL; -f arg; etc will work, but not arg1 arg2 +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- radiusd "$@" +fi + +# check for the expected command +if [ "$1" = 'radiusd' ]; then + shift + exec radiusd -f "$@" +fi + +# debian people are likely to call "freeradius" as well, so allow that +if [ "$1" = 'freeradius' ]; then + shift + exec radiusd -f "$@" +fi + +# else default to run whatever the user wanted like "bash" or "sh" +exec "$@" diff --git a/scripts/docker/dists/ubuntu18/Dockerfile b/scripts/docker/dists/ubuntu18/Dockerfile new file mode 100644 index 0000000..4e32632 --- /dev/null +++ b/scripts/docker/dists/ubuntu18/Dockerfile @@ -0,0 +1,82 @@ +# Auto generated for ubuntu18 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.ubuntu18.regen` +# +ARG from=ubuntu:18.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +RUN apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/ubuntu18/docker-entrypoint.sh b/scripts/docker/dists/ubuntu18/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/ubuntu18/docker-entrypoint.sh +++ b/scripts/docker/dists/ubuntu18/docker-entrypoint.sh diff --git a/scripts/docker/dists/ubuntu20/Dockerfile b/scripts/docker/dists/ubuntu20/Dockerfile new file mode 100644 index 0000000..4a3bbf4 --- /dev/null +++ b/scripts/docker/dists/ubuntu20/Dockerfile @@ -0,0 +1,82 @@ +# Auto generated for ubuntu20 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.ubuntu20.regen` +# +ARG from=ubuntu:20.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +RUN apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/ubuntu20/docker-entrypoint.sh b/scripts/docker/dists/ubuntu20/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/ubuntu20/docker-entrypoint.sh +++ b/scripts/docker/dists/ubuntu20/docker-entrypoint.sh diff --git a/scripts/docker/dists/ubuntu22/Dockerfile b/scripts/docker/dists/ubuntu22/Dockerfile new file mode 100644 index 0000000..778112a --- /dev/null +++ b/scripts/docker/dists/ubuntu22/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for ubuntu22 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.ubuntu22.regen` +# +ARG from=ubuntu:22.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/ubuntu22/docker-entrypoint.sh b/scripts/docker/dists/ubuntu22/docker-entrypoint.sh index 93141b0..93141b0 100755 --- a/scripts/docker/ubuntu22/docker-entrypoint.sh +++ b/scripts/docker/dists/ubuntu22/docker-entrypoint.sh diff --git a/scripts/docker/dists/ubuntu24/Dockerfile b/scripts/docker/dists/ubuntu24/Dockerfile new file mode 100644 index 0000000..ad4520e --- /dev/null +++ b/scripts/docker/dists/ubuntu24/Dockerfile @@ -0,0 +1,87 @@ +# Auto generated for ubuntu24 +# from scripts/docker/m4/Dockerfile.deb.m4 +# +# Rebuild this file with `make docker.ubuntu24.regen` +# +ARG from=ubuntu:24.04 +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \ + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/docker.mk b/scripts/docker/docker.mk index 9773625..bf556c6 100644 --- a/scripts/docker/docker.mk +++ b/scripts/docker/docker.mk @@ -25,8 +25,8 @@ # version, DOCKER_COMMIT _must_ also be set. DOCKER_VERSION := $(RADIUSD_VERSION_STRING) # -# Commit hash/tag/branch to build, will be taken from VERSION above if not overridden, e.g. "release_3_2_0" -DOCKER_COMMIT := release_$(shell echo $(DOCKER_VERSION) | tr .- __) +# Commit hash/tag/branch to build, if not set then HEAD will be used. +DOCKER_COMMIT := # # Build args, most likely "--no-cache" DOCKER_BUILD_ARGS := @@ -40,6 +40,22 @@ DOCKER_REPO := freeradius # Registry to push to DOCKER_REGISTRY := # +# Location of Docker-related files +DOCKER_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +DIST_DIR := $(DOCKER_DIR)/dists +# +# List of images we can build +DOCKER_IMAGES:=$(sort $(patsubst $(DIST_DIR)/%,%,$(wildcard $(DIST_DIR)/*))) + +DOCKER_DEFAULT_UBUNTU := ubuntu22 +DOCKER_DEFAULT_ALPINE := alpine + +ifeq "${VERBOSE}" "" + Q=@ +else + Q= +endif + ifneq "$(DOCKER_REPO)" "" override DOCKER_REPO := $(DOCKER_REPO)/ @@ -50,37 +66,146 @@ ifneq "$(DOCKER_REGISTRY)" "" endif +# +# Print some useful help +# +.PHONY: docker.help.images +docker.help.images: + @echo Available images: $(DOCKER_IMAGES) + +.PHONY: docker.help +docker.help: docker.help.images + @echo "" + @echo "Make targets:" + @echo " docker-ubuntu - build main ubuntu image" + @echo " docker-alpine - build main alpine image" + @echo " docker.regen - regenerate all Dockerfiles from templates" + @echo "" + @echo "Make targets per image:" + @echo " docker.IMAGE.build - build image" + @echo " docker.IMAGE.regen - regenerate Dockerfile" + @echo "" + @echo "Arguments:" + @echo ' DOCKER_BUILD_ARGS="--no-cache" - extra build args' + @echo ' DOCKER_REGISTRY="docker.example.com" - registry to build for' + @echo ' DOCKER_REPO="freeradius" - docker repo name' + @echo ' DOCKER_TAG="freeradius-server" - docker tag name' + @echo ' DOCKER_COMMIT="HEAD" - commit/ref to build from' + @echo ' DOCKER_VERSION="$(DOCKER_VERSION)" - version for docker image name' + + +# +# Rules for each OS +# + +define ADD_DOCKER_RULES + $$(DIST_DIR)/${1}/Dockerfile: $(DOCKER_DIR)/m4/Dockerfile.m4 $(DOCKER_DIR)/m4/Dockerfile.deb.m4 $(DOCKER_DIR)/m4/Dockerfile.rpm.m4 $(DOCKER_DIR)/m4/Dockerfile.alpine.m4 $(DOCKER_DIR)/docker.mk + $$(Q)echo REGEN ${1}/Dockerfile + $$(Q)m4 -I $(DOCKER_DIR)/m4 -D D_NAME=${1} -D D_TYPE=docker $$< > $$@ + + DOCKER_DOCKERFILES += $$(DIST_DIR)/${1}/Dockerfile + + .PHONY: docker.${1}.regen + docker.${1}.regen: $$(DIST_DIR)/${1}/Dockerfile + + .PHONY: docker.${1}.build + docker.${1}.build: + @echo BUILD ${1} $(DOCKER_COMMIT) + $(Q)docker buildx build \ + $(DOCKER_BUILD_ARGS) \ + --progress=plain \ + --build-arg=release=$(DOCKER_COMMIT) \ + -t $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-${1} \ + -f $(DIST_DIR)/${1}/Dockerfile \ + . + +endef + +$(foreach IMAGE,$(DOCKER_IMAGES), \ + $(eval $(call ADD_DOCKER_RULES,$(IMAGE)))) + +.PHONY: docker.regen +docker.regen: $(DOCKER_DOCKERFILES) + + +# +# Rules to rebuild Docker images +# .PHONY: docker-ubuntu -docker-ubuntu: - @echo Building ubuntu $(DOCKER_COMMIT) - $(Q)docker build $(DOCKER_BUILD_ARGS) scripts/docker/ubuntu22 --build-arg=release=$(DOCKER_COMMIT) -t $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) +docker-ubuntu: docker.$(DOCKER_DEFAULT_UBUNTU).build + $(Q)docker image tag \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-$(DOCKER_DEFAULT_UBUNTU) \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) .PHONY: docker-alpine -docker-alpine: - @echo Building alpine $(DOCKER_COMMIT) - $(Q)docker build $(DOCKER_BUILD_ARGS) scripts/docker/alpine --build-arg=release=$(DOCKER_COMMIT) -t $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine +docker-alpine: docker.$(DOCKER_DEFAULT_ALPINE).build + $(Q)docker image tag \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-$(DOCKER_DEFAULT_ALPINE) \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine .PHONY: docker docker: docker-ubuntu docker-alpine -.PHONY: docker-push -docker-push: docker +# +# Push main ubuntu and alpine images (all below are separate for CI jobs) +# +.PHONY: docker-push-ubuntu +docker-push-ubuntu: $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) + +.PHONY: docker-push-alpine +docker-push-alpine: $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine -.PHONY: docker-tag-latest -docker-tag-latest: docker +.PHONY: docker-push +docker-push: docker-push-ubuntu docker-push-alpine + +# +# Tag main "latest" images +# +.PHONY: docker-tag-latest-ubuntu +docker-tag-latest-ubuntu: $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest - $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-alpine $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-3.2 + +.PHONY: docker-tag-latest-alpine +docker-tag-latest-alpine: + $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-alpine $(Q)docker tag $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION)-alpine $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-3.2-alpine -.PHONY: docker-push-latest -docker-push-latest: docker-push docker-tag-latest +.PHONY: docker-tag-latest +docker-tag-latest: docker-tag-latest-ubuntu docker-tag-latest-alpine + +# +# Push main "latest" images +# +.PHONY: docker-push-latest-ubuntu +docker-push-latest-ubuntu: docker-push-ubuntu docker-tag-latest-ubuntu $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest - $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-alpine $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-3.2 + +.PHONY: docker-push-latest-alpine +docker-push-latest-alpine: docker-push-alpine docker-tag-latest-alpine + $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-alpine $(Q)docker push $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):latest-3.2-alpine +.PHONY: docker-push-latest +docker-push-latest: docker-push-latest-ubuntu docker-push-latest-alpine + +# +# Convenience target to do everything +# .PHONY: docker-publish -docker-publish: docker-push-latest +docker-publish: docker docker-push-latest + +# +# Used for multi-arch CI job. "docker manifest" rather than "docker buildx +# --platforms=...,..." so that we can parallelise the build in GH Actions. +# +.PHONY: docker-ci-manifest +docker-ci-manifest: + $(Q)docker manifest create \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) \ + $(foreach ARCH,$(DOCKER_ARCHS),--amend $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(ARCH)-$(DOCKER_VERSION)) + $(Q)docker manifest push \ + $(DOCKER_REGISTRY)$(DOCKER_REPO)$(DOCKER_TAG):$(DOCKER_VERSION) diff --git a/scripts/docker/etc/docker-entrypoint.sh.alpine b/scripts/docker/etc/docker-entrypoint.sh.alpine new file mode 100755 index 0000000..e0f9f6f --- /dev/null +++ b/scripts/docker/etc/docker-entrypoint.sh.alpine @@ -0,0 +1,27 @@ +#!/bin/sh +set -e + +PATH=/opt/sbin:/opt/bin:$PATH +export PATH + +# this if will check if the first argument is a flag +# but only works if all arguments require a hyphenated flag +# -v; -SL; -f arg; etc will work, but not arg1 arg2 +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- radiusd "$@" +fi + +# check for the expected command +if [ "$1" = 'radiusd' ]; then + shift + exec radiusd -f "$@" +fi + +# debian people are likely to call "freeradius" as well, so allow that +if [ "$1" = 'freeradius' ]; then + shift + exec radiusd -f "$@" +fi + +# else default to run whatever the user wanted like "bash" or "sh" +exec "$@" diff --git a/scripts/docker/etc/docker-entrypoint.sh.deb b/scripts/docker/etc/docker-entrypoint.sh.deb new file mode 100755 index 0000000..93141b0 --- /dev/null +++ b/scripts/docker/etc/docker-entrypoint.sh.deb @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +# this if will check if the first argument is a flag +# but only works if all arguments require a hyphenated flag +# -v; -SL; -f arg; etc will work, but not arg1 arg2 +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- freeradius "$@" +fi + +# check for the expected command +if [ "$1" = 'freeradius' ]; then + shift + exec freeradius -f "$@" +fi + +# many people are likely to call "radiusd" as well, so allow that +if [ "$1" = 'radiusd' ]; then + shift + exec freeradius -f "$@" +fi + +# else default to run whatever the user wanted like "bash" or "sh" +exec "$@" diff --git a/scripts/docker/etc/docker-entrypoint.sh.rpm b/scripts/docker/etc/docker-entrypoint.sh.rpm new file mode 100755 index 0000000..900ad6b --- /dev/null +++ b/scripts/docker/etc/docker-entrypoint.sh.rpm @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +# this if will check if the first argument is a flag +# but only works if all arguments require a hyphenated flag +# -v; -SL; -f arg; etc will work, but not arg1 arg2 +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- radiusd "$@" +fi + +# check for the expected command +if [ "$1" = 'radiusd' ]; then + shift + exec radiusd -f "$@" +fi + +# debian people are likely to call "freeradius" as well, so allow that +if [ "$1" = 'freeradius' ]; then + shift + exec radiusd -f "$@" +fi + +# else default to run whatever the user wanted like "bash" or "sh" +exec "$@" diff --git a/scripts/docker/alpine/Dockerfile b/scripts/docker/m4/Dockerfile.alpine.m4 index 2965525..64c6c8f 100644 --- a/scripts/docker/alpine/Dockerfile +++ b/scripts/docker/m4/Dockerfile.alpine.m4 @@ -1,4 +1,4 @@ -ARG from=alpine:3.13 +ARG from=DOCKER_IMAGE FROM ${from} as build # @@ -10,17 +10,23 @@ RUN apk add git gcc make # # Create build directory # -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ # -# Shallow clone the FreeRADIUS source +# Copy the FreeRADIUS directory in # -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +RUN [ -z "$release" ] || git checkout ${release} -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server # # Install build dependencies @@ -33,7 +39,7 @@ RUN apk add linux-headers RUN apk add pcre-dev libidn-dev krb5-dev samba-dev curl-dev json-c-dev RUN apk add openldap-dev unbound-dev # languages -RUN apk add ruby-dev perl-dev python2-dev +RUN apk add ruby-dev perl-dev python2-dev python3-dev # databases RUN apk add hiredis-dev libmemcached-dev gdbm-dev libcouchbase-dev # sql @@ -69,14 +75,15 @@ RUN apk update \ && apk add libcurl json-c libldap hiredis sqlite-dev \ #RUN apk add libidn krb5 #RUN apk add unbound-libs -#RUN apk add ruby-libs perl python2-dev +#RUN apk add ruby-libs perl python2-dev python3-dev #RUN apk add libmemcached gdbm libcouchbase #RUN apk add postgresql-dev mariadb-dev unixodbc-dev \ && ln -s /opt/etc/raddb /etc/raddb -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh +WORKDIR / +COPY DOCKER_TOPDIR/etc/docker-entrypoint.sh.PKG_TYPE docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh EXPOSE 1812/udp 1813/udp ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/scripts/docker/m4/Dockerfile.deb.m4 b/scripts/docker/m4/Dockerfile.deb.m4 new file mode 100644 index 0000000..0b4e5b5 --- /dev/null +++ b/scripts/docker/m4/Dockerfile.deb.m4 @@ -0,0 +1,88 @@ +ARG from=DOCKER_IMAGE +FROM ${from} as build + +ARG DEBIAN_FRONTEND=noninteractive + +# +# Install build tools +# +RUN apt-get update +RUN apt-get install -y devscripts equivs git quilt gcc + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Install build dependencies +# +RUN if [ -e ./debian/control.in ]; then \ + debian/rules debian/control; \ + fi; \ + echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control + +# +# Build the server +# +# Work around fakeroot problems in Docker when building for different +# platforms - doesn't matter as we run as root in the container anyway. +# +#RUN make -j$(nproc) deb +RUN debian/rules debian/control \ + && dpkg-buildpackage --jobs=auto -b -uc + +# +# Clean environment and run the server +# +FROM ${from} +ARG DEBIAN_FRONTEND=noninteractive + +COPY --from=build /usr/local/src/repositories/*.deb /tmp/ + +RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +ifelse(ifelse( + D_NAME, `debian10', no, + D_NAME, `ubuntu18', no, + D_NAME, `ubuntu20', no, + yes), yes, `dnl +ARG freerad_uid=101 +ARG freerad_gid=101 + +RUN groupadd -g ${freerad_gid} -r freerad \ + && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ + && apt-get update \', +`RUN apt-get update \') + && apt-get install -y tzdata \ + && apt-get install -y /tmp/*.deb \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* /tmp/*.deb \ + \ + && ln -s /etc/freeradius /etc/raddb + +WORKDIR / +COPY scripts/docker/etc/docker-entrypoint.sh.PKG_TYPE docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["freeradius"] diff --git a/scripts/docker/m4/Dockerfile.m4 b/scripts/docker/m4/Dockerfile.m4 new file mode 100644 index 0000000..f9890a1 --- /dev/null +++ b/scripts/docker/m4/Dockerfile.m4 @@ -0,0 +1,45 @@ +dnl Look up the OS codename, docker base image etc before including +dnl the main Dockerfile template. +dnl +dnl This top-level template is used by both the docker makefile +dnl (scripts/docker/docker.mk) and the crossbuild makefile +dnl (scripts/crossbuild/crossbuild.mk), but the Dockerfile templates +dnl they use are different - see the m4 directories for each. +dnl +divert(`-1') +changequote(`[', `]') +define([DOCKER_TOPDIR], [scripts/docker/]) +define([p_SET], [ + define([PKG_TYPE], [$1]) + define([OS_NAME], [$2]) + define([OS_VER], [$3]) + define([OS_CODENAME], [$4]) + define([DOCKER_IMAGE], [$5]) +]) +dnl D_NAME PKG_TYPE OS_NAME OS_VER OS_CODENAME DOCKER_IMAGE +ifelse( + D_NAME, [alpine], [p_SET([alpine], [alpine], [3.13], [alpine], [alpine:3.13])], + D_NAME, [debian10], [p_SET([deb], [debian], [10], [buster], [debian:buster])], + D_NAME, [debian11], [p_SET([deb], [debian], [11], [bullseye], [debian:bullseye])], + D_NAME, [debian12], [p_SET([deb], [debian], [12], [bookworm], [debian:bookworm])], + D_NAME, [debiansid], [p_SET([deb], [debian], [99], [sid], [debian:sid])], + D_NAME, [ubuntu18], [p_SET([deb], [ubuntu], [18], [bionic], [ubuntu:18.04])], + D_NAME, [ubuntu20], [p_SET([deb], [ubuntu], [20], [focal], [ubuntu:20.04])], + D_NAME, [ubuntu22], [p_SET([deb], [ubuntu], [22], [jammy], [ubuntu:22.04])], + D_NAME, [ubuntu24], [p_SET([deb], [ubuntu], [24], [noble], [ubuntu:24.04])], + D_NAME, [centos7], [p_SET([rpm], [centos], [7], [7], [centos:7])], + D_NAME, [centos8], [p_SET([rpm], [centos], [8], [8], [centos:8])], + D_NAME, [rocky8], [p_SET([rpm], [rocky], [8], [8], [rockylinux/rockylinux:8])], + D_NAME, [rocky9], [p_SET([rpm], [rocky], [9], [9], [rockylinux/rockylinux:9])], + [errprint(error: OS 'D_NAME' not defined[,] see __file__ +)m4exit(1)] +) +undefine([p_SET]) +divert[]dnl +[#] Auto generated for D_NAME +[#] from scripts/D_TYPE/m4/Dockerfile.PKG_TYPE.m4 +[#] +[#] Rebuild this file with `make D_TYPE.D_NAME.regen` +[#] +changequote([`], ['])dnl +include(Dockerfile.PKG_TYPE.m4)dnl diff --git a/scripts/docker/m4/Dockerfile.rpm.m4 b/scripts/docker/m4/Dockerfile.rpm.m4 new file mode 100644 index 0000000..03181e8 --- /dev/null +++ b/scripts/docker/m4/Dockerfile.rpm.m4 @@ -0,0 +1,186 @@ +ARG from=DOCKER_IMAGE +FROM ${from} as build + +ifelse(OS_VER, 7, `dnl +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* +')dnl + +ifelse(OS_VER, `7', `', `dnl +# +# Install yum +# +RUN dnf install -y yum +')dnl + +ifelse(OS_VER, 8, `dnl +RUN rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial +')dnl +ifelse(OS_VER, 9, `dnl +RUN rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 +') +# +# Install build tools +# +RUN yum groupinstall -y "Development Tools" +ifelse(OS_VER, 7,`dnl +RUN yum install -y rpmdevtools +RUN yum install -y openssl +',` +RUN yum install -y rpmdevtools openssl dnf-utils +') + +# +# Create build directory +# +RUN mkdir -p /usr/local/src/repositories/freeradius-server +WORKDIR /usr/local/src/repositories/freeradius-server/ + +# +# Copy the FreeRADIUS directory in +# +COPY . . + +# +# Clean up tree - we want to build from the latest commit, not from +# any cruft left around on the local system +# +RUN git clean -fdxx \ + && git reset --hard HEAD + +ARG release +RUN [ -z "$release" ] || git checkout ${release} ; \ + git status ; \ + git log -1 --oneline + +# +# Other requirements +# +changequote(`{', `}')dnl +ifelse(ifelse(OS_VER, 7, yes, OS_VER, 8, yes, no), yes, { +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +RUN echo $'[ltb-project]\n\ +name=LTB project packages\n\ +baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ +enabled=1\n\ +gpgcheck=1\n\ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ +> /etc/yum.repos.d/ltb-project.repo +RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project +})dnl +changequote({`}, {'})dnl + +# Enable EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-OS_VER.noarch.rpm +ifelse(OS_VER, 8, ` +# Enable powertools repo +RUN yum config-manager --enable powertools + +# Enable epel-testing, currently needed for hiredis-devel +RUN yum config-manager --enable epel-testing +')dnl +ifelse(OS_VER, 9, ` +# Enable Code Ready Builder repo (CentOS powertools equivalent) +RUN yum install -y yum-utils +RUN yum config-manager --enable crb +')dnl + +# +# Install build dependencies +# +# Run twice, it doesn't always get everything with one invocation +# +RUN [ -e redhat/freeradius.spec ] && \ + yum-builddep -y redhat/freeradius.spec && \ + yum-builddep -y redhat/freeradius.spec + +# +# Create RPM build environment +# +ENV BUILDDIR=/root/rpmbuild +RUN rpmdev-setuptree + +RUN ./configure +RUN cp VERSION /VERSION +RUN make freeradius-server-$(cat /VERSION).tar.bz2 +RUN cp freeradius-server-$(cat /VERSION).tar.bz2 $BUILDDIR/SOURCES/ +RUN cp -r redhat/* $BUILDDIR/SOURCES/ +RUN sed -i "s/^Version:.*/Version: $(cat /VERSION)/" redhat/freeradius.spec +RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/ +WORKDIR $BUILDDIR + +# +# Build the server +# +ENV QA_RPATHS=0x0003 +RUN rpmbuild -bb --define "_release $(cat /VERSION)" "$BUILDDIR/SPECS/freeradius.spec" + +RUN mkdir /root/rpms +RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/ + +# +# Clean environment and run the server +# +FROM ${from} + +COPY --from=build /root/rpms /tmp/ + +ifelse(OS_VER, 7, `dnl +# +# CentOS 7 is now EOL, so we need to fix up the repo source +# +RUN sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* +RUN sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* +')dnl + +ifelse(OS_VER, `7', `', `dnl +# +# Install yum +# +RUN dnf install -y yum +')dnl + +changequote(`{', `}')dnl +ifelse(ifelse(OS_VER, 7, yes, OS_VER, 8, yes, no), yes, {dnl +# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS +RUN echo $'[ltb-project]\n\ +name=LTB project packages\n\ +baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\ +enabled=1\n\ +gpgcheck=1\n\ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\ +> /etc/yum.repos.d/ltb-project.repo \ + && rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project +})dnl +changequote({`}, {'})dnl + + +# EPEL repository for freetds and hiredis +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-OS_VER.noarch.rpm \ +ifelse(OS_VER, 7, ` \', `dnl + && yum install -y dnf-utils \ +ifelse(OS_VER, 8, `dnl + && yum config-manager --enable powertools \ +')dnl +ifelse(OS_VER, 9, `dnl + && yum config-manager --enable crb \ +')dnl + && yum config-manager --enable epel-testing + +ARG radiusd_uid=95 +ARG radiusd_gid=95 + +RUN groupadd -g ${radiusd_gid} -r radiusd \ + && useradd -u ${radiusd_uid} -g radiusd -r -M -d /home/radiusd -s /sbin/nologin radiusd \') + && yum install -y /tmp/*.rpm + +WORKDIR / +COPY DOCKER_TOPDIR/etc/docker-entrypoint.sh.PKG_TYPE docker-entrypoint.sh +RUN chmod +x docker-entrypoint.sh + +EXPOSE 1812/udp 1813/udp +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["radiusd"] diff --git a/scripts/docker/ubuntu18/Dockerfile b/scripts/docker/ubuntu18/Dockerfile deleted file mode 100644 index 7322026..0000000 --- a/scripts/docker/ubuntu18/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -ARG from=ubuntu:18.04 -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -RUN apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/ubuntu20/Dockerfile b/scripts/docker/ubuntu20/Dockerfile deleted file mode 100644 index 783ebc9..0000000 --- a/scripts/docker/ubuntu20/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -ARG from=ubuntu:20.04 -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -ARG DEBIAN_FRONTEND=noninteractive - -RUN apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] diff --git a/scripts/docker/ubuntu22/Dockerfile b/scripts/docker/ubuntu22/Dockerfile deleted file mode 100644 index 9e6aa57..0000000 --- a/scripts/docker/ubuntu22/Dockerfile +++ /dev/null @@ -1,66 +0,0 @@ -ARG from=ubuntu:22.04 -FROM ${from} as build - -ARG DEBIAN_FRONTEND=noninteractive - -# -# Install build tools -# -RUN apt-get update -RUN apt-get install -y devscripts equivs git quilt gcc - -# -# Create build directory -# -RUN mkdir -p /usr/local/src/repositories -WORKDIR /usr/local/src/repositories - -# -# Shallow clone the FreeRADIUS source -# -ARG source=https://github.com/FreeRADIUS/freeradius-server.git -ARG release=v3.2.x - -RUN git clone --depth 1 --single-branch --branch ${release} ${source} -WORKDIR freeradius-server - -# -# Install build dependencies -# -RUN git checkout ${release}; \ - if [ -e ./debian/control.in ]; then \ - debian/rules debian/control; \ - fi; \ - echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control - -# -# Build the server -# -RUN make -j2 deb - -# -# Clean environment and run the server -# -FROM ${from} -COPY --from=build /usr/local/src/repositories/*.deb /tmp/ - -ARG freerad_uid=101 -ARG freerad_gid=101 - -ARG DEBIAN_FRONTEND=noninteractive - -RUN groupadd -g ${freerad_gid} -r freerad \ - && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \ - && apt-get update \ - && apt-get install -y /tmp/*.deb \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* /tmp/*.deb \ - \ - && ln -s /etc/freeradius /etc/raddb - -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -EXPOSE 1812/udp 1813/udp -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["freeradius"] |