self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-19 16:53:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/build.assets/Dockerfile-centos7
Jakub Nyckowski 0834f13d09
Fix git installation path on CentOS 7 docker image (#32714) 
When checking GHA logs of OS Compatibility build, I notice info log
```
The repository will be downloaded using the GitHub REST API
To create a local Git repository instead, add Git 2.18 or higher to the PATH
```
suggesting that our self-compiled git is not being used. For some reason out git binary was installed in /usr/local/usr/local/bin/git. I removed the additional /usr/local prefix to install the binary in the correct directory. I also updated git to the latest version.
2023-10-07 16:13:40 +00:00

288 lines
9.2 KiB
Plaintext
Raw Blame History

ARG RUST_VERSION
## GIT2 ###################################################################
# git2 packages are not available on ARM64, so we need to build it from source.
FROM centos:7 AS git2
ARG DEVTOOLSET
RUN yum groupinstall -y 'Development Tools' && \
yum install -y \
ca-certificates \
curl-devel \
expat-devel \
gettext-devel \
openssl-devel \
zlib-devel \
perl-CPAN \
perl-devel wget && \
yum update -y && \
yum -y install centos-release-scl-rh && \
yum install -y \
centos-release-scl \
${DEVTOOLSET}-gcc* \
${DEVTOOLSET}-make && \
yum clean all
RUN wget https://github.com/git/git/archive/refs/tags/v2.42.0.tar.gz && \
tar xf v2.42.0.tar.gz && \
cd git-2.42.0/ && \
scl enable ${DEVTOOLSET} "make configure && \
./configure --prefix=/usr/local && \
make -j"$(nproc)" all && \
DESTDIR=/opt/git make install"
# Create an alias to the assets image. Ref: https://github.com/docker/for-mac/issues/2155
ARG BUILDARCH
FROM ghcr.io/gravitational/teleport-buildbox-centos7-assets:teleport14-${BUILDARCH} AS teleport-buildbox-centos7-assets
## LIBFIDO2 ###################################################################
# Build libfido2 separately for isolation, speed and flexibility.
FROM centos:7 AS libfido2
ARG DEVTOOLSET
RUN yum groupinstall -y 'Development Tools' && \
yum install -y epel-release && \
yum install -y centos-release-scl-rh && \
yum update -y && \
yum install -y \
cmake3 \
${DEVTOOLSET}-gcc* \
git \
libudev-devel \
perl-IPC-Cmd \
zlib-devel && \
yum clean all
# Install libudev-zero.
# libudev-zero replaces systemd's libudev.
RUN git clone --depth=1 https://github.com/illiliti/libudev-zero.git -b 1.0.3 && \
cd libudev-zero && \
[ "$(git rev-parse HEAD)" = 'ee32ac5f6494047b9ece26e7a5920650cdf46655' ] && \
make install-static LIBDIR='$(PREFIX)/lib64'
# Install libcbor.
RUN git clone --depth=1 https://github.com/PJK/libcbor.git -b v0.10.2 && \
cd libcbor && \
[ "$(git rev-parse HEAD)" = 'efa6c0886bae46bdaef9b679f61f4b9d8bc296ae' ] && \
cmake3 \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DWITH_EXAMPLES=OFF . && \
make && \
make install
# Install openssl.
# install_sw install only binaries, skips docs.
RUN git clone --depth=1 https://github.com/openssl/openssl.git -b openssl-3.0.11 && \
cd openssl && \
[ "$(git rev-parse HEAD)" = '6ba3884c3235e1bb474b379026087f8216afacf4' ] && \
./config --release --libdir=/usr/local/lib64 && \
make -j"$(nproc)" && \
make install_sw
# Necessary for libfido2 to find the correct libcrypto.
ENV PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig"
# Install libfido2.
# Depends on libcbor, libcrypto (OpenSSL 3.x), libudev and zlib-devel.
# Linked so `make build/tsh` finds the library where it expects it.
RUN git clone --depth=1 https://github.com/Yubico/libfido2.git -b 1.13.0 && \
cd libfido2 && \
[ "$(git rev-parse HEAD)" = '486a8f8667e42f55cee2bba301b41433cacec830' ] && \
scl enable ${DEVTOOLSET} "\
CFLAGS=-pthread cmake3 \
-DBUILD_EXAMPLES=OFF \
-DBUILD_MANPAGES=OFF \
-DBUILD_TOOLS=OFF \
-DCMAKE_BUILD_TYPE=Release . && \
grep 'CRYPTO_VERSION:INTERNAL=3\.0\.' CMakeCache.txt && \
make" && \
make install && \
make clean
## LIBBPF #####################################################################
FROM centos:7 AS libbpf
ARG DEVTOOLSET
# Install required dependencies.
RUN yum groupinstall -y 'Development Tools' && \
yum install -y epel-release && \
yum update -y && \
yum -y install centos-release-scl-rh && \
yum install -y \
centos-release-scl \
${DEVTOOLSET}-gcc* \
${DEVTOOLSET}-make \
elfutils-libelf-devel-static \
scl-utils && \
yum clean all
# Install libbpf - compile with a newer GCC. The one installed by default is not able to compile it.
# BUILD_STATIC_ONLY disables libbpf.so build as we don't need it.
ARG LIBBPF_VERSION
RUN mkdir -p /opt && cd /opt && \
curl -fsSL https://github.com/libbpf/libbpf/archive/refs/tags/v${LIBBPF_VERSION}.tar.gz | tar xz && \
cd /opt/libbpf-${LIBBPF_VERSION}/src && \
scl enable ${DEVTOOLSET} "make && BUILD_STATIC_ONLY=y DESTDIR=/opt/libbpf make install"
## LIBPCSCLITE #####################################################################
FROM centos:7 AS libpcsclite
ARG DEVTOOLSET
# Install required dependencies.
RUN yum groupinstall -y 'Development Tools' && \
yum update -y && \
yum -y install centos-release-scl-rh && \
yum install -y \
autoconf-archive \
libudev-devel \
scl-utils \
centos-release-scl \
${DEVTOOLSET}-gcc* && \
yum clean all
# Install libpcsclite - compile with a newer GCC. The one installed by default is not able to compile it.
ARG LIBPCSCLITE_VERSION
RUN git clone --depth=1 https://github.com/gravitational/PCSC.git -b ${LIBPCSCLITE_VERSION} && \
cd PCSC && \
./bootstrap && \
./configure --enable-static --with-pic --disable-libsystemd && \
scl enable ${DEVTOOLSET} "make" && \
make install
## BUILDBOX ###################################################################
FROM centos:7 AS buildbox
ENV LANGUAGE=en_US.UTF-8 \
LANG=en_US.UTF-8 \
LC_ALL=en_US.UTF-8 \
LC_CTYPE=en_US.UTF-8
ARG GOLANG_VERSION
ARG RUST_VERSION
ARG DEVTOOLSET
ARG UID
ARG GID
RUN (groupadd ci --gid=$GID -o && useradd ci --uid=$UID --gid=$GID --create-home --shell=/bin/sh && \
mkdir -p -m0700 /var/lib/teleport && chown -R ci /var/lib/teleport)
RUN yum groupinstall -y 'Development Tools' && \
yum install -y epel-release && \
yum update -y && \
yum -y install centos-release-scl-rh && \
yum install -y \
#required by libbpf
centos-release-scl \
# required by libbpf
${DEVTOOLSET}-* \
# required by libbpf
elfutils-libelf-devel-static \
net-tools \
# required by Teleport PAM support
pam-devel \
perl-IPC-Cmd \
tree \
# used by our Makefile
which \
zip \
# required by libbpf
zlib-static && \
yum clean all && \
localedef -c -i en_US -f UTF-8 en_US.UTF-8
# Override the old git in /usr/local installed by yum. We need git 2+ on GitHub Actions.
COPY --from=git2 /opt/git /
ARG BUILDARCH
# Install Go.
RUN mkdir -p /opt && cd /opt && curl -fsSL https://storage.googleapis.com/golang/$GOLANG_VERSION.linux-${BUILDARCH}.tar.gz | tar xz && \
mkdir -p /go/src/github.com/gravitational/teleport && \
chmod a+w /go && \
chmod a+w /var/lib && \
/opt/go/bin/go version
ENV GOPATH="/go" \
GOROOT="/opt/go" \
PATH="/opt/llvm/bin:$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build"
# Install PAM module and policies for testing.
COPY pam/ /opt/pam_teleport/
RUN make -C /opt/pam_teleport install
# Install Rust.
ENV RUSTUP_HOME=/usr/local/rustup \
CARGO_HOME=/usr/local/cargo \
PATH=/usr/local/cargo/bin:$PATH \
RUST_VERSION=$RUST_VERSION
RUN mkdir -p $RUSTUP_HOME && chmod a+w $RUSTUP_HOME && \
mkdir -p $CARGO_HOME/registry && chmod -R a+w $CARGO_HOME
RUN chmod a-w /
USER ci
RUN curl --proto '=https' --tlsv1.2 -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION && \
rustup --version && \
cargo --version && \
rustc --version
ARG WASM_PACK_VERSION
# Install wasm-pack for targeting WebAssembly from Rust.
RUN cargo install wasm-pack --version ${WASM_PACK_VERSION}
# Do a quick switch back to root and copy/setup libfido2 and libpcsclite binaries.
# Do this last to take better advantage of the multi-stage build.
USER root
COPY --from=libfido2 /usr/local/include/ /usr/local/include/
COPY --from=libfido2 /usr/local/lib64/engines-3/ /usr/local/lib64/engines-3/
COPY --from=libfido2 /usr/local/lib64/ossl-modules/ /usr/local/lib64/ossl-modules/
COPY --from=libfido2 /usr/local/lib64/pkgconfig/ /usr/local/lib64/pkgconfig/
COPY --from=libfido2 \
/usr/local/lib64/libcbor.a \
/usr/local/lib64/libcrypto.a \
/usr/local/lib64/libcrypto.so.3 \
/usr/local/lib64/libfido2.a \
/usr/local/lib64/libfido2.so.1.13.0 \
/usr/local/lib64/libssl.a \
/usr/local/lib64/libssl.so.3 \
/usr/local/lib64/libudev.a \
/usr/local/lib64/
# Re-create usual lib64 links.
RUN cd /usr/local/lib64 && \
ln -s libcrypto.so.3 libcrypto.so && \
ln -s libfido2.so.1.13.0 libfido2.so.1 && \
ln -s libfido2.so.1 libfido2.so && \
ln -s libssl.so.3 libssl.so && \
# Update ld.
echo /usr/local/lib64 > /etc/ld.so.conf.d/libfido2.conf && \
ldconfig
# Configure pkg-config.
COPY pkgconfig/centos7/ /
ENV PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig"
COPY --from=libpcsclite /usr/local/include/ /usr/local/include/
COPY --from=libpcsclite /usr/local/lib/pkgconfig/ /usr/local/lib64/pkgconfig/
COPY --from=libpcsclite \
/usr/local/lib/libpcsclite.a \
/usr/local/lib/
# Copy libbpf into the final image.
ARG LIBBPF_VERSION
COPY --from=libbpf /opt/libbpf/usr /usr/libbpf-${LIBBPF_VERSION}
# Download pre-built CentOS 7 assets with clang needed to build BPF tools.
ARG BUILDARCH
COPY --from=teleport-buildbox-centos7-assets /opt/llvm /opt/llvm
VOLUME ["/go/src/github.com/gravitational/teleport"]
EXPOSE 6600 2379 2380
Reference in a new issue View git blame Copy permalink