diff options
Diffstat (limited to '')
-rw-r--r-- | docker/README | 45 | ||||
-rw-r--r-- | docker/debian/latest/Dockerfile | 10 | ||||
-rw-r--r-- | docker/debian/testing/Dockerfile | 10 | ||||
-rw-r--r-- | docker/fedora/latest/Dockerfile | 8 | ||||
-rw-r--r-- | docker/fedora/rawhide/Dockerfile | 8 | ||||
-rw-r--r-- | docker/ubuntu/devel/Dockerfile | 10 | ||||
-rw-r--r-- | docker/ubuntu/latest/Dockerfile | 10 | ||||
-rw-r--r-- | docker/ubuntu/rolling/Dockerfile | 10 |
8 files changed, 111 insertions, 0 deletions
diff --git a/docker/README b/docker/README new file mode 100644 index 0000000..679446b --- /dev/null +++ b/docker/README @@ -0,0 +1,45 @@ +Container images are stored in https://hub.docker.com/repositories as +user sudoproject. Build images are named based on the distro and use +the tag to differentiate between different versions and architectures. +There should always be a "latest" tag (or manifest). + +When creating a new Dockerfile, use one of the Debian or Fedora files +as a template. The examples below use podman rather than docker but it +should be possible to them interchangeably. + +To build Debian containers for both amd64 and i386 (others only have amd64): + + podman build --arch amd64 --pull -t sudoproject/debian:latest.amd64 \ + docker/debian/latest + podman build --arch 386 --pull -t sudoproject/debian:latest.i386 \ + docker/debian/latest + +Then push it to dockerhub (may need to run "podman login" first): + podman push sudoproject/debian:latest.amd64 + podman push sudoproject/debian:latest.i386 + +Multi-arch containers are supported by creating a manifest, e.g.: + podman manifest create sudoproject/debian:latest + podman manifest add sudoproject/debian:latest \ + sudoproject/debian:latest.amd64 + podman manifest add sudoproject/debian:latest \ + sudoproject/debian:latest.i386 + +Finally push the manifest to dockerhub: + podman push sudoproject/debian:latest + +When building bleeding edge images it is possible that the seccomp +filter will be out of date with respect to system calls. It may +be necessary to pass podman the --security-opt=seccomp=unconfined +option in this case. + +Note that memory sanitizer uses ptrace which is not allowed for +non-root containers by default. This will cause a failure when +running the tests if sudo is configured with --enable-sanitizer. +The simplest solution is to run the container with the SYS_PTRACE +capability. E.g. + podman run -it --cap-add SYS_PTRACE ... + +Alternately, disable leak sanitizer by setting + ASAN_OPTIONS=detect_leaks=0 +in the environment of the container doing "make check". diff --git a/docker/debian/latest/Dockerfile b/docker/debian/latest/Dockerfile new file mode 100644 index 0000000..6621cec --- /dev/null +++ b/docker/debian/latest/Dockerfile @@ -0,0 +1,10 @@ +FROM docker.io/library/debian:latest + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ + libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ + libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ + lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ + ssh zlib1g-dev +RUN useradd -ms /bin/bash build diff --git a/docker/debian/testing/Dockerfile b/docker/debian/testing/Dockerfile new file mode 100644 index 0000000..83f0e4a --- /dev/null +++ b/docker/debian/testing/Dockerfile @@ -0,0 +1,10 @@ +FROM docker.io/library/debian:testing + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ + libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ + libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ + lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ + ssh zlib1g-dev +RUN useradd -ms /bin/bash build diff --git a/docker/fedora/latest/Dockerfile b/docker/fedora/latest/Dockerfile new file mode 100644 index 0000000..dec471a --- /dev/null +++ b/docker/fedora/latest/Dockerfile @@ -0,0 +1,8 @@ +FROM docker.io/library/fedora:latest +ENV TZ=America/Denver + +RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel krb5-devel \ + libasan libubsan libselinux-devel libsepol-devel make openldap-devel \ + openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \ + ed gcc gdb git openssh pkg-config procps which +RUN useradd -ms /bin/bash build diff --git a/docker/fedora/rawhide/Dockerfile b/docker/fedora/rawhide/Dockerfile new file mode 100644 index 0000000..21b400d --- /dev/null +++ b/docker/fedora/rawhide/Dockerfile @@ -0,0 +1,8 @@ +FROM docker.io/library/fedora:rawhide +ENV TZ=America/Denver + +RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel krb5-devel \ + libasan libubsan libselinux-devel libsepol-devel make openldap-devel \ + openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \ + ed gcc gdb git openssh pkg-config procps which +RUN useradd -ms /bin/bash build diff --git a/docker/ubuntu/devel/Dockerfile b/docker/ubuntu/devel/Dockerfile new file mode 100644 index 0000000..f5d305a --- /dev/null +++ b/docker/ubuntu/devel/Dockerfile @@ -0,0 +1,10 @@ +FROM docker.io/library/ubuntu:devel + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ + libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ + libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ + lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ + ssh zlib1g-dev +RUN useradd -ms /bin/bash build diff --git a/docker/ubuntu/latest/Dockerfile b/docker/ubuntu/latest/Dockerfile new file mode 100644 index 0000000..582baae --- /dev/null +++ b/docker/ubuntu/latest/Dockerfile @@ -0,0 +1,10 @@ +FROM docker.io/library/ubuntu:latest + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ + libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ + libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ + lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ + ssh zlib1g-dev +RUN useradd -ms /bin/bash build diff --git a/docker/ubuntu/rolling/Dockerfile b/docker/ubuntu/rolling/Dockerfile new file mode 100644 index 0000000..bf31a96 --- /dev/null +++ b/docker/ubuntu/rolling/Dockerfile @@ -0,0 +1,10 @@ +FROM docker.io/library/ubuntu:rolling + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ + libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ + libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ + lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ + ssh zlib1g-dev +RUN useradd -ms /bin/bash build |