summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docker/README45
-rw-r--r--docker/debian/latest/Dockerfile10
-rw-r--r--docker/debian/testing/Dockerfile10
-rw-r--r--docker/fedora/latest/Dockerfile8
-rw-r--r--docker/fedora/rawhide/Dockerfile8
-rw-r--r--docker/ubuntu/devel/Dockerfile10
-rw-r--r--docker/ubuntu/latest/Dockerfile10
-rw-r--r--docker/ubuntu/rolling/Dockerfile10
8 files changed, 111 insertions, 0 deletions
diff --git a/docker/README b/docker/README
new file mode 100644
index 0000000..679446b
--- /dev/null
+++ b/docker/README
@@ -0,0 +1,45 @@
+Container images are stored in https://hub.docker.com/repositories as
+user sudoproject. Build images are named based on the distro and use
+the tag to differentiate between different versions and architectures.
+There should always be a "latest" tag (or manifest).
+
+When creating a new Dockerfile, use one of the Debian or Fedora files
+as a template. The examples below use podman rather than docker but it
+should be possible to them interchangeably.
+
+To build Debian containers for both amd64 and i386 (others only have amd64):
+
+ podman build --arch amd64 --pull -t sudoproject/debian:latest.amd64 \
+ docker/debian/latest
+ podman build --arch 386 --pull -t sudoproject/debian:latest.i386 \
+ docker/debian/latest
+
+Then push it to dockerhub (may need to run "podman login" first):
+ podman push sudoproject/debian:latest.amd64
+ podman push sudoproject/debian:latest.i386
+
+Multi-arch containers are supported by creating a manifest, e.g.:
+ podman manifest create sudoproject/debian:latest
+ podman manifest add sudoproject/debian:latest \
+ sudoproject/debian:latest.amd64
+ podman manifest add sudoproject/debian:latest \
+ sudoproject/debian:latest.i386
+
+Finally push the manifest to dockerhub:
+ podman push sudoproject/debian:latest
+
+When building bleeding edge images it is possible that the seccomp
+filter will be out of date with respect to system calls. It may
+be necessary to pass podman the --security-opt=seccomp=unconfined
+option in this case.
+
+Note that memory sanitizer uses ptrace which is not allowed for
+non-root containers by default. This will cause a failure when
+running the tests if sudo is configured with --enable-sanitizer.
+The simplest solution is to run the container with the SYS_PTRACE
+capability. E.g.
+ podman run -it --cap-add SYS_PTRACE ...
+
+Alternately, disable leak sanitizer by setting
+ ASAN_OPTIONS=detect_leaks=0
+in the environment of the container doing "make check".
diff --git a/docker/debian/latest/Dockerfile b/docker/debian/latest/Dockerfile
new file mode 100644
index 0000000..6621cec
--- /dev/null
+++ b/docker/debian/latest/Dockerfile
@@ -0,0 +1,10 @@
+FROM docker.io/library/debian:latest
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+ DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+ build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
+ libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
+ libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
+ lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
+ ssh zlib1g-dev
+RUN useradd -ms /bin/bash build
diff --git a/docker/debian/testing/Dockerfile b/docker/debian/testing/Dockerfile
new file mode 100644
index 0000000..83f0e4a
--- /dev/null
+++ b/docker/debian/testing/Dockerfile
@@ -0,0 +1,10 @@
+FROM docker.io/library/debian:testing
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+ DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+ build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
+ libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
+ libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
+ lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
+ ssh zlib1g-dev
+RUN useradd -ms /bin/bash build
diff --git a/docker/fedora/latest/Dockerfile b/docker/fedora/latest/Dockerfile
new file mode 100644
index 0000000..dec471a
--- /dev/null
+++ b/docker/fedora/latest/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker.io/library/fedora:latest
+ENV TZ=America/Denver
+
+RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel krb5-devel \
+ libasan libubsan libselinux-devel libsepol-devel make openldap-devel \
+ openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \
+ ed gcc gdb git openssh pkg-config procps which
+RUN useradd -ms /bin/bash build
diff --git a/docker/fedora/rawhide/Dockerfile b/docker/fedora/rawhide/Dockerfile
new file mode 100644
index 0000000..21b400d
--- /dev/null
+++ b/docker/fedora/rawhide/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker.io/library/fedora:rawhide
+ENV TZ=America/Denver
+
+RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel krb5-devel \
+ libasan libubsan libselinux-devel libsepol-devel make openldap-devel \
+ openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \
+ ed gcc gdb git openssh pkg-config procps which
+RUN useradd -ms /bin/bash build
diff --git a/docker/ubuntu/devel/Dockerfile b/docker/ubuntu/devel/Dockerfile
new file mode 100644
index 0000000..f5d305a
--- /dev/null
+++ b/docker/ubuntu/devel/Dockerfile
@@ -0,0 +1,10 @@
+FROM docker.io/library/ubuntu:devel
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+ DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+ build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
+ libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
+ libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
+ lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
+ ssh zlib1g-dev
+RUN useradd -ms /bin/bash build
diff --git a/docker/ubuntu/latest/Dockerfile b/docker/ubuntu/latest/Dockerfile
new file mode 100644
index 0000000..582baae
--- /dev/null
+++ b/docker/ubuntu/latest/Dockerfile
@@ -0,0 +1,10 @@
+FROM docker.io/library/ubuntu:latest
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+ DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+ build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
+ libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
+ libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
+ lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
+ ssh zlib1g-dev
+RUN useradd -ms /bin/bash build
diff --git a/docker/ubuntu/rolling/Dockerfile b/docker/ubuntu/rolling/Dockerfile
new file mode 100644
index 0000000..bf31a96
--- /dev/null
+++ b/docker/ubuntu/rolling/Dockerfile
@@ -0,0 +1,10 @@
+FROM docker.io/library/ubuntu:rolling
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+ DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+ build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
+ libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
+ libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
+ lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
+ ssh zlib1g-dev
+RUN useradd -ms /bin/bash build