blob: 16cedea6b773bbc28661a6ff4ffce124abfd782a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
|
#if ARCH_amd64 || DISTRO_bionic
FROM ubuntu:#{DISTRO}
#elif DISTRO_zesty
FROM snapcraft/zesty-#{ARCH}:latest
#else
FROM linaro/base-#{ARCH}-ubuntu:#{DISTRO}
#endif
#if !DISTRO_bionic
#if ARCH_amd64 || ARCH_i386
RUN (url="http://archive.ubuntu.com/ubuntu/"; \
#else
RUN (url="http://ports.ubuntu.com/ubuntu-ports/"; \
#endif
ubuntu=#{DISTRO}; \
for i in $ubuntu $ubuntu-updates $ubuntu-backports $ubuntu-security; do \
for j in deb deb-src; do \
echo "$j $url $i main restricted universe multiverse"; \
done; \
echo; \
done) > /etc/apt/sources.list \
#else
# Unminimize Ubuntu Bionic to install contrib files of git (after package
# update, otherwise unminimize's "apt upgrade" might fail).
RUN true \
#endif
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y \
#if DISTRO_bionic
&& echo y | unminimize \
#endif
#if ARCH_i386
&& dpkg-divert --local --rename --add /sbin/initctl \
&& ln -s /bin/true /sbin/initctl \
#endif
&& DEBIAN_FRONTEND=noninteractive apt-get install -y devscripts \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
alien \
autoconf \
autogen \
automake \
bc \
bind9-host \
bison \
#if ARCH_amd64 || ARCH_i386
binutils-aarch64-linux-gnu \
binutils-arm-linux-gnueabihf \
#endif
bsd-mailx \
build-essential \
byacc \
ccache \
ccrypt \
chrpath \
clang \
cmake \
debhelper \
dejagnu \
dh-autoreconf \
dh-translations \
distro-info-data \
emacs \
fakeroot \
flex \
gawk \
gdb \
gdbserver \
git \
git-review \
groff \
less \
libexpat1-dev \
#if ARCH_amd64 || ARCH_i386
libglib2.0-dev \
#endif
libgmp-dev \
liblzma-dev \
libmpc-dev \
libmpfr-dev \
libncurses5-dev \
#if ARCH_amd64 || ARCH_i386
libpixman-1-dev \
#endif
libpython2.7-dev \
libreadline-dev \
libssl-dev \
libtcnative-1 \
libtool \
linux-tools-generic \
#if DISTRO_bionic
linux-tools-4.18.0-13-generic \
#endif
lzop \
make \
#if ARCH_amd64 || ARCH_i386
mingw-w64 \
# if DISTRO_trusty
mingw32 \
# endif
#endif
net-tools \
netcat \
#if ARCH_amd64 || !DISTRO_trusty
nfs-kernel-server \
#endif
ninja-build \
#if DISTRO_trusty
openjdk-7-jdk \
#else
openjdk-8-jdk \
#endif
openssh-server \
#if ARCH_amd64 || ARCH_i386
pkg-config \
#endif
python-dev \
postfix \
psmisc \
pxz \
qemu-system-arm \
qemu-user \
rsync \
subversion \
sudo \
tclsh \
texinfo \
texlive-fonts-recommended \
texlive-latex-recommended \
time \
unifdef \
valgrind \
vim \
#if !DISTRO_trusty
virtualenv \
#else
python-virtualenv \
#endif
wget \
xz-utils \
zip \
zlib1g-dev \
&& apt-get clean \
&& rm -rf \
/var/lib/apt/lists/* \
/tmp/* \
/var/tmp/*
RUN install -D -p -m0755 /usr/share/doc/git/contrib/workdir/git-new-workdir /usr/local/bin/git-new-workdir \
&& sed -i -e 's:^session *required *pam_loginuid.so:# session required pam_loginuid.so:' /etc/pam.d/sshd \
&& mkdir -p /var/run/sshd \
&& sed -i \
-e "/.*MaxStartups.*/d" \
-e "/.*MaxSessions.*/d" /etc/ssh/sshd_config \
&& echo "MaxStartups 256" >> /etc/ssh/sshd_config \
&& echo "MaxSessions 256" >> /etc/ssh/sshd_config
COPY postfix-main.cf.in /etc/postfix/main.cf
COPY postfix-sasl_password.in /etc/postfix/sasl_password
RUN chown root:root /etc/postfix/sasl_password \
&& chmod 600 /etc/postfix/sasl_password
# Add ninja with support for memory-threshold job limitation.
# It's installed with ".bin" extension and containers then
# make wrappers around it in /usr/local/bin/ninja as needed.
RUN git clone -b master https://github.com/maxim-kuvyrkov/ninja.git \
&& cd ninja \
&& ./configure.py --bootstrap && ./ninja all && ./ninja_test \
&& mv ninja /usr/local/bin/ninja.bin \
&& cd .. \
&& rm -rf ninja
#if ARCH_amd64 || ARCH_i386
RUN mkdir /tmp/docker-install-qemu.$$ \
&& cd /tmp/docker-install-qemu.$$ \
&& qemu_ver=3.1.0 && wget --progress=dot:giga http://download.qemu-project.org/qemu-${qemu_ver}.tar.xz \
&& tar xf qemu-${qemu_ver}.tar.xz \
&& mkdir build && cd build \
&& ../qemu-${qemu_ver}/configure --prefix=/usr/local --target-list=armeb-linux-user \
&& make all install -j $(nproc --all) \
&& cd && rm -rf /tmp/docker-install-qemu.$$
#endif
COPY home-data/ /home-data/
COPY new-user.sh /usr/local/bin/
RUN \
while read line; do \
new-user.sh --group $(echo "$line" | cut -d: -f 1,3); \
done </home-data/group
# We use ssh multiplexing, which creates sockets in /tmp. Overlayfs,
# which docker is using, can't host sockets, so we use a scratch mount
# for /tmp. This requires that we add --rm option to "docker run"
# invocations (e.g., mark "Remove volumes" checkbox in docker plugin) to
# cleanup host directories used for the scratch mounts.
VOLUME /tmp
EXPOSE 22
#if ARCH_amd64 || ARCH_arm64
CMD ["/usr/sbin/sshd", "-D"]
#else
CMD ["linux32", "/usr/sbin/sshd", "-D"]
#endif
|