self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-19 08:43:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/build.assets/Dockerfile-multiarch
Jakub Nyckowski 96a13802d5
Add Node to amd64 bit target (#23115) 
Signed-off-by: Jakub Nyckowski <jakub.nyckowski@goteleport.com>
Co-authored-by: Victor Sokolov <gzigzigzeo@gmail.com>
2023-03-17 18:14:14 +00:00

270 lines
9.2 KiB
Plaintext
Raw Blame History

# #############################################################################
# This Dockerfile aims to be the single source of truth for linux buildboxes on
# all supported architectures.
## #############################################################################
ARG BUILDBOX_VERSION
ARG BUILDBOX_PREFIX
FROM centos:7 AS base
# Automatically supplied by the Docker buildkit
ARG TARGETARCH
# Aliases
FROM $BUILDBOX_PREFIX/buildbox-multiarch-clang7:$BUILDBOX_VERSION-$TARGETARCH AS clang7-boringcrypto
FROM $BUILDBOX_PREFIX/buildbox-multiarch-clang10:$BUILDBOX_VERSION-$TARGETARCH AS clang10
# Root target with ci user
FROM $BUILDBOX_PREFIX/buildbox-multiarch-base:$BUILDBOX_VERSION-$TARGETARCH AS gcc
ARG UID
ARG GID
RUN groupadd ci --gid=$GID -o && \
useradd ci --uid=$UID --gid=$GID --create-home --shell=/bin/sh
RUN install --directory --mode=0700 --owner=ci --group=ci /var/lib/teleport
## LIBPCSCLITE ################################################################
#
FROM gcc AS libpcsclite
ARG LIBPCSCLITE_VERSION
# Configure fails to determine correct std on ARM
ENV CFLAGS="-std=gnu99"
# Install libpcsclite - compile with a newer GCC. The one installed by default is not able to compile it.
RUN git clone --depth=1 https://github.com/gravitational/PCSC.git -b ${LIBPCSCLITE_VERSION} && \
cd PCSC && \
./bootstrap && \
./configure --enable-static --with-pic --disable-libsystemd && \
make install && \
rm -rf PCSC
## LIBFIDO2 ###################################################################
#
# Build libfido2 separately for isolation, speed and flexibility.
FROM gcc AS libfido2
# Install libudev-zero.
# libudev-zero replaces systemd's libudev.
RUN git clone --depth=1 https://github.com/illiliti/libudev-zero.git -b 1.0.1 && \
cd libudev-zero && \
[ "$(git rev-parse HEAD)" = '4154cf252c17297f98a8ca33693ead003b4509da' ] && \
make install-static LIBDIR='$(PREFIX)/lib64'
# Install openssl.
# Pulled from source because repository versions are too old.
# install_sw install only binaries, skips docs.
RUN git clone --depth=1 https://github.com/openssl/openssl.git -b OpenSSL_1_1_1t && \
cd openssl && \
[ "$(git rev-parse HEAD)" = '830bf8e1e4749ad65c51b6a1d0d769ae689404ba' ] && \
./config --release --libdir=/usr/local/lib64 && \
make && \
make install_sw
# Install libcbor.
RUN git clone --depth=1 https://github.com/PJK/libcbor.git -b v0.10.2 && \
cd libcbor && \
[ "$(git rev-parse HEAD)" = 'efa6c0886bae46bdaef9b679f61f4b9d8bc296ae' ] && \
cmake3 \
-DCMAKE_CXX_FLAGS=-lpthread \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DWITH_EXAMPLES=OFF . && \
make && \
make install
# Install libfido2.
# Depends on libcbor, openssl, zlib-devel and libudev.
# Linked so `make build/tsh` finds the library where it expects it.
RUN git clone --depth=1 https://github.com/Yubico/libfido2.git -b 1.12.0 && \
cd libfido2 && \
[ "$(git rev-parse HEAD)" = '659a02679f99fd34a44e06e35dce90794f6ecc86' ] && \
LDFLAGS="-lpthread" cmake3 \
-DBUILD_EXAMPLES=OFF \
-DBUILD_MANPAGES=OFF \
-DBUILD_TOOLS=OFF \
-DCMAKE_BUILD_TYPE=Release . && \
make && \
make install && \
make clean
## LIBBPF ########################################################################
#
FROM gcc AS libbpf
# Install libbpf - compile with a newer GCC. The one installed by default is not able to compile it.
# BUILD_STATIC_ONLY disables libbpf.so build as we don't need it.
ARG LIBBPF_VERSION
RUN mkdir -p /opt && cd /opt && \
curl -L https://github.com/libbpf/libbpf/archive/refs/tags/v${LIBBPF_VERSION}.tar.gz | tar xz && \
cd /opt/libbpf-${LIBBPF_VERSION}/src && \
make && BUILD_STATIC_ONLY=y DESTDIR=/opt/libbpf make install
## Integral image for 64-bit targets #############################################
#
FROM gcc AS deps-64
# Make clang10 available
COPY --from=clang10 /opt/llvm /opt/llvm
ENV PATH="/opt/llvm/bin:$PATH"
ARG RUST_VERSION
## Install Rust ###############################################################
ENV RUSTUP_HOME=/usr/local/rustup \
CARGO_HOME=/usr/local/cargo \
PATH=/usr/local/cargo/bin:$PATH \
RUST_VERSION=$RUST_VERSION
RUN mkdir -p $RUSTUP_HOME && chmod a+w $RUSTUP_HOME && \
mkdir -p $CARGO_HOME/registry && chmod -R a+w $CARGO_HOME
USER ci
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain ${RUST_VERSION} --default-host ${RUST_ARCH} && \
rustup --version && \
cargo --version && \
rustc --version && \
rustup target add ${RUST_ARCH}
USER root
# Copy dependencies
COPY --from=libfido2 /usr/local/include/ /usr/local/include/
COPY --from=libfido2 /usr/local/lib64/pkgconfig/ /usr/local/lib64/pkgconfig/
COPY --from=libfido2 \
/usr/local/lib64/libcbor.a \
/usr/local/lib64/libcrypto.a \
/usr/local/lib64/libcrypto.so.1.1 \
/usr/local/lib64/libfido2.a \
/usr/local/lib64/libfido2.so.1.12.0 \
/usr/local/lib64/libssl.a \
/usr/local/lib64/libssl.so.1.1 \
/usr/local/lib64/libudev.a \
/usr/local/lib64/
# Re-create usual lib64 links.
RUN cd /usr/local/lib64 && \
ln -s libcrypto.so.1.1 libcrypto.so && \
ln -s libfido2.so.1.12.0 libfido2.so.1 && \
ln -s libfido2.so.1 libfido2.so && \
ln -s libssl.so.1.1 libssl.so && \
# Update ld.
echo /usr/local/lib64 > /etc/ld.so.conf.d/libfido2.conf && \
ldconfig
COPY pkgconfig/centos7/ /
ENV PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig"
COPY --from=libpcsclite /usr/local/include/ /usr/local/include/
COPY --from=libpcsclite /usr/local/lib/pkgconfig/ /usr/local/lib64/pkgconfig/
COPY --from=libpcsclite \
/usr/local/lib/libpcsclite.a \
/usr/local/lib/
ARG LIBBPF_VERSION
COPY --from=libbpf /opt/libbpf/usr /usr/libbpf-${LIBBPF_VERSION}
## BORINGSSL ########################################################################
#
FROM clang7-boringcrypto AS boringssl
# The below tools are required in order to build and compile the module:
# Clang compiler version 7.0.1
# Go programming language version 1.12.7
# Ninja build system version 1.9.0
#
# We also need the FIPS 140-2 validated release of BoringSSL: ae223d6138807a13006342edfeef32e813246b39
# For more information please refer to the section 12. Guidance and Secure Operation of:
# https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3678.pdf
RUN mkdir -p /opt && cd /opt && \
curl -sLO https://go.dev/dl/go1.12.7.linux-$GOLANG_ARCH.tar.gz && \
tar xf go1.12.7.linux-$GOLANG_ARCH.tar.gz && \
rm -f go1.12.7.linux-$GOLANG_ARCH.tar.gz && \
chmod a+w /opt/go && \
chmod a+w /var/lib && \
chmod a-w /
ENV GOEXPERIMENT=boringcrypto \
GOPATH="/go" \
GOROOT="/opt/go" \
PATH="$PATH:/opt/go/bin:/go/bin"
RUN git clone https://github.com/ninja-build/ninja.git && \
cd ninja && \
git checkout v1.9.0 && \
./configure.py --bootstrap && \
mv ninja /usr/bin
RUN mkdir -p /opt && cd /opt && \
git clone https://github.com/google/boringssl.git && \
cd boringssl && \
git checkout ae223d6138807a13006342edfeef32e813246b39 && \
mkdir build && \
cd build && \
cd /opt/boringssl/build && cmake3 -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DFIPS=1 -DCMAKE_BUILD_TYPE=Release -GNinja .. && ninja
## Intermediate targets ########################################################
#
FROM gcc AS deps-arm
ENV GOARCH=arm
ENV GOARM=7
FROM gcc AS deps-386
FROM deps-64 AS deps-arm64
FROM deps-64 AS deps-amd64
# Copy BoringSSL into the final image
COPY --from=boringssl /opt/boringssl /opt/boringssl
# set boring-rs crate env variables to point to pre-built binaries
# https://github.com/cloudflare/boring#support-for-pre-built-binaries
ENV BORING_BSSL_PATH=/opt/boringssl
ENV BORING_BSSL_INCLUDE_PATH=/opt/boringssl/include
ENV GOEXPERIMENT=boringcrypto
# Install node.
# Node is required to build teleterm. It does not work on 32-bit archs, and is not required for them.
RUN yum install -y python3
ARG NODE_ARCH=x64
ARG NODE_VERSION
ENV NODE_URL="https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz"
ENV NODE_PATH="/usr/local/lib/nodejs-linux"
ENV PATH="$PATH:${NODE_PATH}/bin"
RUN mkdir -p ${NODE_PATH} && \
curl -o /tmp/nodejs.tar.xz -Lf ${NODE_URL} && \
tar -xJf /tmp/nodejs.tar.xz -C /usr/local/lib/nodejs-linux --strip-components=1
RUN node --version
RUN corepack enable yarn
## Final target image with go #################################################
#
FROM deps-$TARGETARCH
# NOTE: We expect the GOLANG_VERSION to contain the leading `go` in the version
# string (e,g, go1.19), as produced by `go version`
ARG GOLANG_VERSION
## Install Go #################################################################
RUN mkdir -p /opt && \
mkdir -p /go && \
curl https://storage.googleapis.com/golang/$GOLANG_VERSION.linux-$GOLANG_ARCH.tar.gz | tar xz -C /opt && \
chmod a+w /go && \
chmod a+w /var/lib && \
/opt/go/bin/go version
ENV GOPATH="/go" \
GOROOT="/opt/go" \
PATH="$PATH:/opt/go/bin:/go/bin"
# Install PAM module and policies for testing.
COPY pam/ /opt/pam_teleport/
RUN make -C /opt/pam_teleport install
RUN chmod a-w /
USER ci
Reference in a new issue View git blame Copy permalink