mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 01:03:40 +00:00
4237ad3cc7
Update Buf to the latest release. No formatting, linter, or codegen changes. https://github.com/bufbuild/buf/releases/tag/v1.11.0
288 lines
10 KiB
Docker
288 lines
10 KiB
Docker
# This Dockerfile makes the "build box": the container used to build official
|
|
# releases of Teleport and its documentation.
|
|
|
|
# Use Ubuntu 18.04 as base to get an older glibc version.
|
|
# Using a newer base image will build against a newer glibc, which creates a
|
|
# runtime requirement for the host to have newer glibc too. For example,
|
|
# teleport built on any newer Ubuntu version will not run on Centos 7 because
|
|
# of this.
|
|
|
|
ARG RUST_VERSION
|
|
|
|
## LIBFIDO2 ###################################################################
|
|
|
|
# Build libfido2 separately for isolation, speed and flexibility.
|
|
FROM buildpack-deps:18.04 AS libfido2
|
|
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends cmake && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install libudev-zero.
|
|
# libudev-zero replaces systemd's libudev
|
|
RUN git clone --depth=1 https://github.com/illiliti/libudev-zero.git -b 1.0.1 && \
|
|
cd libudev-zero && \
|
|
[ "$(git rev-parse HEAD)" = "4154cf252c17297f98a8ca33693ead003b4509da" ] && \
|
|
make install-static && \
|
|
make clean
|
|
|
|
# Install libcbor.
|
|
RUN git clone --depth=1 https://github.com/PJK/libcbor.git -b v0.9.0 && \
|
|
cd libcbor && \
|
|
[ "$(git rev-parse HEAD)" = "58b3319b8c3ec15171cb00f01a3a1e9d400899e1" ] && \
|
|
cmake \
|
|
-DCBOR_CUSTOM_ALLOC=ON \
|
|
-DCMAKE_BUILD_TYPE=Release \
|
|
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
|
|
-DWITH_EXAMPLES=OFF . && \
|
|
make && \
|
|
make install && \
|
|
make clean
|
|
|
|
# Install libfido2.
|
|
# Depends on libcbor, libssl-dev, zlib1g-dev and libudev.
|
|
RUN git clone --depth=1 https://github.com/Yubico/libfido2.git -b 1.12.0 && \
|
|
cd libfido2 && \
|
|
[ "$(git rev-parse HEAD)" = "659a02679f99fd34a44e06e35dce90794f6ecc86" ] && \
|
|
CFLAGS=-pthread cmake \
|
|
-DBUILD_EXAMPLES=OFF \
|
|
-DBUILD_MANPAGES=OFF \
|
|
-DBUILD_TOOLS=OFF \
|
|
-DCMAKE_BUILD_TYPE=Release . && \
|
|
make && \
|
|
make install && \
|
|
make clean
|
|
|
|
## LIBBPF #####################################################################
|
|
|
|
FROM buildpack-deps:18.04 AS libbpf
|
|
|
|
# Install libbpf
|
|
RUN apt-get update -y --fix-missing && \
|
|
apt-get -q -y upgrade && \
|
|
apt-get install -q -y --no-install-recommends \
|
|
libelf-dev
|
|
|
|
ARG LIBBPF_VERSION
|
|
RUN mkdir -p /opt && cd /opt && curl -L https://github.com/gravitational/libbpf/archive/refs/tags/v${LIBBPF_VERSION}.tar.gz | tar xz && \
|
|
cd /opt/libbpf-${LIBBPF_VERSION}/src && \
|
|
make && \
|
|
make install
|
|
|
|
## BUILDBOX ###################################################################
|
|
|
|
FROM ubuntu:18.04 AS buildbox
|
|
|
|
COPY locale.gen /etc/locale.gen
|
|
COPY profile /etc/profile
|
|
|
|
ENV LANGUAGE="en_US.UTF-8" \
|
|
LANG="en_US.UTF-8" \
|
|
LC_ALL="en_US.UTF-8" \
|
|
LC_CTYPE="en_US.UTF-8" \
|
|
DEBIAN_FRONTEND="noninteractive"
|
|
|
|
# BUILDARCH is automatically set by DOCKER when building the image with Build Kit (MacOS by deafult).
|
|
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
|
|
ARG BUILDARCH
|
|
|
|
# Install packages.
|
|
# Java JRE is required by gcloud firestore emulator.
|
|
# Latest git 2.18+ is required for GitHub actions
|
|
# NOTE: gcc-multilib is not available on ARM, so ony amd64 version includes it.
|
|
RUN apt-get -y update && \
|
|
apt-get -y install software-properties-common && \
|
|
add-apt-repository -y ppa:git-core/ppa && \
|
|
apt-get update -y --fix-missing && \
|
|
apt-get -q -y upgrade && \
|
|
apt-get install -q -y --no-install-recommends \
|
|
apt-utils \
|
|
build-essential \
|
|
ca-certificates \
|
|
clang-10 \
|
|
clang-format-10 \
|
|
curl \
|
|
default-jre \
|
|
`if [ "$BUILDARCH" = "amd64" ] ; then echo gcc-multilib; fi` \
|
|
git \
|
|
gnupg \
|
|
gzip \
|
|
libc6-dev \
|
|
libelf-dev \
|
|
libpam-dev \
|
|
libsqlite3-0 \
|
|
libssl-dev \
|
|
llvm-10 \
|
|
locales \
|
|
mingw-w64 \
|
|
mingw-w64-x86-64-dev \
|
|
net-tools \
|
|
openssh-client \
|
|
osslsigncode \
|
|
python3-pip \
|
|
python3-setuptools \
|
|
python3-wheel \
|
|
pkg-config \
|
|
softhsm2 \
|
|
sudo \
|
|
tree \
|
|
unzip \
|
|
zip \
|
|
zlib1g-dev \
|
|
xauth \
|
|
libpcsclite-dev \
|
|
&& \
|
|
pip3 --no-cache-dir install yamllint && \
|
|
dpkg-reconfigure locales && \
|
|
apt-get -y clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install gcloud SDK and Firestore emulator.
|
|
ENV PATH="$PATH:/opt/google-cloud-sdk/bin"
|
|
RUN (curl -sSL https://sdk.cloud.google.com | bash -s -- --install-dir=/opt --disable-prompts) && \
|
|
gcloud components install cloud-firestore-emulator beta && \
|
|
rm -rf /opt/google-cloud-sdk/.install/.backup
|
|
|
|
ARG UID
|
|
ARG GID
|
|
RUN (groupadd ci --gid=$GID -o && useradd ci --uid=$UID --gid=$GID --create-home --shell=/bin/sh && \
|
|
mkdir -p -m0700 /var/lib/teleport && chown -R ci /var/lib/teleport)
|
|
|
|
# Install etcd.
|
|
RUN (curl -L https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-${BUILDARCH}.tar.gz | tar -xz && \
|
|
cp etcd-v3.3.9-linux-${BUILDARCH}/etcd* /bin/ && \
|
|
rm -rf etcd-v3.3.9-linux-${BUILDARCH})
|
|
|
|
# Install Go.
|
|
ARG GOLANG_VERSION
|
|
RUN mkdir -p /opt && cd /opt && curl https://storage.googleapis.com/golang/$GOLANG_VERSION.linux-${BUILDARCH}.tar.gz | tar xz && \
|
|
mkdir -p /go/src/github.com/gravitational/teleport && \
|
|
chmod a+w /go && \
|
|
chmod a+w /var/lib && \
|
|
chmod a-w /
|
|
ENV GOPATH="/go" \
|
|
GOROOT="/opt/go" \
|
|
PATH="$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build"
|
|
|
|
# Install addlicense
|
|
RUN go install github.com/google/addlicense@v1.0.0
|
|
|
|
# Install golangci-lint.
|
|
RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.50.1
|
|
|
|
# Install GCI
|
|
RUN go install github.com/daixiang0/gci@v0.8.2
|
|
|
|
# Install helm.
|
|
RUN (mkdir -p helm-tarball && curl -L https://get.helm.sh/helm-v3.5.2-$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C helm-tarball -xz && \
|
|
cp helm-tarball/$(go env GOOS)-$(go env GOARCH)/helm /bin/ && \
|
|
rm -r helm-tarball*)
|
|
|
|
# TODO(hugoShaka): remove this backward compatible hack with teleportv13 buildbox
|
|
RUN helm plugin install https://github.com/quintush/helm-unittest && \
|
|
mkdir -p /home/ci/.local/share/helm && \
|
|
cp -r /root/.local/share/helm/plugins /home/ci/.local/share/helm/plugins-new && \
|
|
chown -R ci /home/ci/.local/share/helm && \
|
|
helm plugin uninstall unittest && \
|
|
HELM_PLUGINS=/home/ci/.local/share/helm/plugins-new helm plugin list
|
|
RUN helm plugin install https://github.com/vbehar/helm3-unittest && \
|
|
mkdir -p /home/ci/.local/share/helm && \
|
|
cp -r /root/.local/share/helm/plugins /home/ci/.local/share/helm && \
|
|
chown -R ci /home/ci/.local/share/helm && \
|
|
HELM_PLUGINS=/home/ci/.local/share/helm/plugins helm plugin list
|
|
|
|
# Install bats.
|
|
RUN (curl -L https://github.com/bats-core/bats-core/archive/v1.2.1.tar.gz | tar -xz && \
|
|
cd bats-core-1.2.1 && ./install.sh /usr/local && cd .. && \
|
|
rm -r bats-core-1.2.1)
|
|
|
|
# Install shellcheck.
|
|
RUN scversion='v0.9.0' && \
|
|
curl -sSL "https://github.com/koalaman/shellcheck/releases/download/$scversion/shellcheck-$scversion.linux.$(if [ "$BUILDARCH" = "amd64" ]; then echo "x86_64"; else echo "aarch64"; fi).tar.xz" | \
|
|
tar -xJv && \
|
|
cp "shellcheck-$scversion/shellcheck" /usr/local/bin/ && \
|
|
shellcheck --version
|
|
|
|
# Install protobuf and grpc build tools.
|
|
ARG PROTOC_VER
|
|
ARG GOGO_PROTO_TAG
|
|
ENV GOGOPROTO_ROOT ${GOPATH}/src/github.com/gogo/protobuf
|
|
|
|
RUN (export PROTOC_TARBALL=protoc-${PROTOC_VER}-linux-$(if [ "$BUILDARCH" = "amd64" ]; then echo "x86_64"; else echo "aarch_64"; fi).zip && \
|
|
curl -L -o /tmp/${PROTOC_TARBALL} https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VER}/${PROTOC_TARBALL} && \
|
|
cd /tmp && unzip /tmp/${PROTOC_TARBALL} -d /usr/local && \
|
|
chmod -R a+r /usr/local/include/google/protobuf && \
|
|
chmod -R a+xr /usr/local/bin/protoc && \
|
|
rm /tmp/${PROTOC_TARBALL})
|
|
RUN (git clone https://github.com/gogo/protobuf.git --branch ${GOGO_PROTO_TAG} --depth 1 ${GOPATH}/src/github.com/gogo/protobuf && \
|
|
cd ${GOPATH}/src/github.com/gogo/protobuf && \
|
|
make install && \
|
|
make clean)
|
|
RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28.1 && \
|
|
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2.0
|
|
|
|
# Install buf
|
|
RUN BIN="/usr/local/bin" && \
|
|
VERSION="1.11.0" && \
|
|
curl -sSL \
|
|
"https://github.com/bufbuild/buf/releases/download/v${VERSION}/buf-$(uname -s)-$(uname -m)" \
|
|
-o "${BIN}/buf" && \
|
|
chmod +x "${BIN}/buf"
|
|
|
|
ENV PROTO_INCLUDE "/usr/local/include":"/go/src":"/go/src/github.com/gogo/protobuf/protobuf":"${GOGOPROTO_ROOT}":"${GOGOPROTO_ROOT}/protobuf"
|
|
|
|
# Install PAM module and policies for testing.
|
|
COPY pam/ /opt/pam_teleport/
|
|
RUN make -C /opt/pam_teleport install
|
|
|
|
ENV SOFTHSM2_PATH "/usr/lib/softhsm/libsofthsm2.so"
|
|
|
|
# Install Rust
|
|
ARG RUST_VERSION
|
|
ENV RUSTUP_HOME=/usr/local/rustup \
|
|
CARGO_HOME=/usr/local/cargo \
|
|
PATH=/usr/local/cargo/bin:$PATH \
|
|
RUST_VERSION=$RUST_VERSION
|
|
|
|
RUN mkdir -p $RUSTUP_HOME && chmod a+w $RUSTUP_HOME && \
|
|
mkdir -p $CARGO_HOME/registry && chmod -R a+w $CARGO_HOME
|
|
|
|
# Install Rust using the ci user, as that is the user that
|
|
# will run builds using the Rust toolchains we install here.
|
|
# Cross-compilation targets are only installed on amd64, as
|
|
# this image doesn't contain gcc-multilib.
|
|
USER ci
|
|
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION && \
|
|
rustup --version && \
|
|
cargo --version && \
|
|
rustc --version && \
|
|
rustup component add rustfmt clippy && \
|
|
if [ "$BUILDARCH" = "amd64" ]; then rustup target add aarch64-unknown-linux-gnu; fi
|
|
|
|
# Switch back to root for the remaining instructions and keep it as the default
|
|
# user.
|
|
USER root
|
|
|
|
COPY --from=libbpf /usr/include/bpf /usr/include/bpf
|
|
COPY --from=libbpf /usr/lib64/ /usr/lib64/
|
|
RUN cd /usr/local/lib && ldconfig
|
|
|
|
# Copy libfido2 libraries.
|
|
# Do this last to take better advantage of the multi-stage build.
|
|
COPY --from=libfido2 /usr/local/include/ /usr/local/include/
|
|
COPY --from=libfido2 /usr/local/lib/pkgconfig/ /usr/local/lib/pkgconfig/
|
|
COPY --from=libfido2 \
|
|
/usr/local/lib/libcbor.a \
|
|
/usr/local/lib/libfido2.a \
|
|
/usr/local/lib/libfido2.so.1.12.0 \
|
|
/usr/local/lib/libudev.a \
|
|
/usr/local/lib/
|
|
RUN cd /usr/local/lib && \
|
|
ln -s libfido2.so.1.12.0 libfido2.so.1 && \
|
|
ln -s libfido2.so.1 libfido2.so && \
|
|
ldconfig
|
|
COPY pkgconfig/buildbox/ /
|
|
|
|
VOLUME ["/go/src/github.com/gravitational/teleport"]
|
|
EXPOSE 6600 2379 2380
|