self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-20 01:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/build.assets/Dockerfile-centos7
Roman Tkachenko 9679315226
Fixes yum git install in CentOS 7 (#18592) 
Signed-off-by: Roman Tkachenko <roman@goteleport.com>
Co-authored-by: Victor Sokolov <gzigzigzeo@gmail.com>
2022-11-18 01:25:42 +00:00

244 lines
7.9 KiB
Plaintext
Raw Blame History

ARG RUST_VERSION
## LIBFIDO2 ###################################################################
# Build libfido2 separately for isolation, speed and flexibility.
FROM centos:7 AS libfido2
RUN yum groupinstall -y 'Development Tools' && \
yum install -y epel-release && \
yum install -y centos-release-scl-rh && \
yum update -y && \
yum install -y \
cmake3 \
devtoolset-11-gcc* \
git \
libudev-devel \
zlib-devel && \
yum clean all
# Install libudev-zero.
# libudev-zero replaces systemd's libudev
RUN git clone --depth=1 https://github.com/illiliti/libudev-zero.git -b 1.0.1 && \
cd libudev-zero && \
[ "$(git rev-parse HEAD)" = "4154cf252c17297f98a8ca33693ead003b4509da" ] && \
make install-static LIBDIR='$(PREFIX)/lib64'
# Instal openssl.
# Pulled from source because repository versions are too old.
# install_sw install only binaries, skips docs.
RUN git clone --depth=1 https://github.com/openssl/openssl.git -b OpenSSL_1_1_1s && \
cd openssl && \
[ "$(git rev-parse HEAD)" = "129058165d195e43a0ad10111b0c2e29bdf65980" ] && \
./config --release && \
make && \
make install_sw
# Install libcbor.
RUN git clone --depth=1 https://github.com/PJK/libcbor.git -b v0.9.0 && \
cd libcbor && \
[ "$(git rev-parse HEAD)" = "58b3319b8c3ec15171cb00f01a3a1e9d400899e1" ] && \
cmake3 \
-DCBOR_CUSTOM_ALLOC=ON \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DWITH_EXAMPLES=OFF . && \
make && \
make install
# Install libfido2.
# Depends on libcbor, openssl, zlib-devel and libudev.
# Linked so `make build/tsh` finds the library where it expects it.
RUN git clone --depth=1 https://github.com/Yubico/libfido2.git -b 1.12.0 && \
cd libfido2 && \
[ "$(git rev-parse HEAD)" = "659a02679f99fd34a44e06e35dce90794f6ecc86" ] && \
scl enable devtoolset-11 "\
cmake3 \
-DBUILD_EXAMPLES=OFF \
-DBUILD_MANPAGES=OFF \
-DBUILD_TOOLS=OFF \
-DCMAKE_BUILD_TYPE=Release . && \
make" && \
make install && \
make clean
## LIBBPF #####################################################################
FROM centos:7 AS libbpf
# Install required dependencies.
RUN yum groupinstall -y 'Development Tools' && \
yum install -y epel-release && \
yum update -y && \
yum -y install centos-release-scl-rh && \
yum install -y \
# required by libbpf
centos-release-scl \
# required by libbpf
devtoolset-11-gcc* \
# required by libbpf
devtoolset-11-make \
# required by libbpf
elfutils-libelf-devel-static \
git \
# required by libbpf
scl-utils \
yum clean all
# Install libbpf - compile with a newer GCC. The one installed by default is not able to compile it.
# BUILD_STATIC_ONLY disables libbpf.so build as we don't need it.
ARG LIBBPF_VERSION
RUN mkdir -p /opt && cd /opt && \
curl -L https://github.com/gravitational/libbpf/archive/refs/tags/v${LIBBPF_VERSION}.tar.gz | tar xz && \
cd /opt/libbpf-${LIBBPF_VERSION}/src && \
scl enable devtoolset-11 "make && BUILD_STATIC_ONLY=y DESTDIR=/opt/libbpf make install"
## LIBPCSCLITE #####################################################################
FROM centos:7 AS libpcsclite
# Install required dependencies.
RUN yum groupinstall -y 'Development Tools' && \
yum update -y && \
yum -y install centos-release-scl-rh && \
yum install -y \
autoconf-archive \
libudev-devel \
scl-utils \
centos-release-scl \
devtoolset-11-gcc* && \
yum clean all
# Install libpcsclite - compile with a newer GCC. The one installed by default is not able to compile it.
ARG LIBPCSCLITE_VERSION
RUN git clone --depth=1 https://github.com/gravitational/PCSC.git -b ${LIBPCSCLITE_VERSION} && \
cd PCSC && \
./bootstrap && \
./configure --enable-static --with-pic --disable-libsystemd && \
scl enable devtoolset-11 "make" && \
make install
## BUILDBOX ###################################################################
FROM centos:7 AS buildbox
ENV LANGUAGE=en_US.UTF-8 \
LANG=en_US.UTF-8 \
LC_ALL=en_US.UTF-8 \
LC_CTYPE=en_US.UTF-8
ARG GOLANG_VERSION
ARG RUST_VERSION
ARG UID
ARG GID
RUN (groupadd ci --gid=$GID -o && useradd ci --uid=$UID --gid=$GID --create-home --shell=/bin/sh && \
mkdir -p -m0700 /var/lib/teleport && chown -R ci /var/lib/teleport)
RUN yum groupinstall -y 'Development Tools' && \
yum install -y epel-release && \
yum update -y && \
yum -y install centos-release-scl-rh && \
yum install -y \
#required by libbpf
centos-release-scl \
# required by libbpf
devtoolset-11-* \
# required by libbpf
elfutils-libelf-devel-static \
net-tools \
# required by Teleport PAM support
pam-devel \
perl-IPC-Cmd \
tree \
# used by our Makefile
which \
zip \
# required by libbpf
zlib-static && \
yum -y install https://packages.endpointdev.com/rhel/7/os/x86_64/endpoint-repo.x86_64.rpm && \
yum -y install git && \
yum clean all
# Install etcd.
RUN (curl -L https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz | tar -xz && \
cp etcd-v3.3.9-linux-amd64/etcd* /bin/ && \
rm -rf etcd-v3.3.9-linux-${BUILDARCH})
# Install Go.
RUN mkdir -p /opt && cd /opt && curl https://storage.googleapis.com/golang/$GOLANG_VERSION.linux-amd64.tar.gz | tar xz && \
mkdir -p /go/src/github.com/gravitational/teleport && \
chmod a+w /go && \
chmod a+w /var/lib && \
/opt/go/bin/go version
ENV GOPATH="/go" \
GOROOT="/opt/go" \
PATH="/opt/llvm/bin:$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build"
ARG BUILDARCH
# Install PAM module and policies for testing.
COPY pam/ /opt/pam_teleport/
RUN make -C /opt/pam_teleport install
# Install Rust.
ENV RUSTUP_HOME=/usr/local/rustup \
CARGO_HOME=/usr/local/cargo \
PATH=/usr/local/cargo/bin:$PATH \
RUST_VERSION=$RUST_VERSION
RUN mkdir -p $RUSTUP_HOME && chmod a+w $RUSTUP_HOME && \
mkdir -p $CARGO_HOME/registry && chmod -R a+w $CARGO_HOME
RUN chmod a-w /
USER ci
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION && \
rustup --version && \
cargo --version && \
rustc --version && \
rustup component add --toolchain $RUST_VERSION-x86_64-unknown-linux-gnu rustfmt clippy
# Do a quick switch back to root and copy/setup libfido2 and libpcsclite binaries.
# Do this last to take better advantage of the multi-stage build.
USER root
COPY --from=libfido2 /usr/local/include/ /usr/local/include/
COPY --from=libfido2 /usr/local/lib64/pkgconfig/ /usr/local/lib64/pkgconfig/
COPY --from=libfido2 \
/usr/local/lib64/libcbor.a \
/usr/local/lib64/libcrypto.a \
/usr/local/lib64/libcrypto.so.1.1 \
/usr/local/lib64/libfido2.a \
/usr/local/lib64/libfido2.so.1.12.0 \
/usr/local/lib64/libssl.a \
/usr/local/lib64/libssl.so.1.1 \
/usr/local/lib64/libudev.a \
/usr/local/lib64/
# Re-create usual lib64 links.
RUN cd /usr/local/lib64 && \
ln -s libcrypto.so.1.1 libcrypto.so && \
ln -s libfido2.so.1.12.0 libfido2.so.1 && \
ln -s libfido2.so.1 libfido2.so && \
ln -s libssl.so.1.1 libssl.so && \
# Update ld.
echo /usr/local/lib64 > /etc/ld.so.conf.d/libfido2.conf && \
ldconfig
# Configure pkg-config.
COPY pkgconfig/centos7/ /
ENV PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig"
COPY --from=libpcsclite /usr/local/include/ /usr/local/include/
COPY --from=libpcsclite /usr/local/lib/pkgconfig/ /usr/local/lib64/pkgconfig/
COPY --from=libpcsclite \
/usr/local/lib/libpcsclite.a \
/usr/local/lib/
# Download pre-built CentOS 7 assets with clang needed to build BPF tools.
RUN cd / && curl -L https://s3.amazonaws.com/clientbuilds.gravitational.io/go/centos7-assets.tar.gz | tar -xz
# Copy libbpf into the final image.
COPY --from=libbpf /opt/libbpf/usr /usr
VOLUME ["/go/src/github.com/gravitational/teleport"]
EXPOSE 6600 2379 2380
Reference in a new issue View git blame Copy permalink