-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
175 lines (167 loc) · 4.51 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
FROM almalinux:8.6
MAINTAINER Star Lab <[email protected]>
ENV LANG=C.utf-8
ENV LC_ALL=C.utf-8
ENV RUSTUP_HOME=/usr/local/rust
ENV PATH="$PATH:$RUSTUP_HOME/bin"
ENV container=docker
# DNF package config
RUN \
# Limit AlmaLinux packages to 8.6 minor release
dnf update -y almalinux-release-8.6 && \
find /etc/yum.repos.d/ -name almalinux*.repo -print | xargs sed -i 's/$releasever/$releasever.6/' && \
\
# Enable PowerTools repo
dnf install -y dnf-plugins-core && \
dnf config-manager -y --set-enabled powertools && \
\
# Enable EPEL repo
dnf install -y epel-release && \
\
# Enable Openstack repo for OpenvSwitch
dnf install -y https://www.rdoproject.org/repos/rdo-release.el8.rpm && \
dnf config-manager --set-disabled advanced-virtualization centos-rabbitmq-38 ceph-pacific openstack-yoga && \
\
# Update existing packages
dnf update -y && \
\
dnf clean all && \
rm -rf /tmp/* /var/tmp/*
# Extra DNF packages
RUN \
dnf install --setopt install_weak_deps=False -y \
\
# Convenience / documentation
bash-completion \
file \
man-db \
man-pages \
procps-ng \
sudo \
which \
\
# Python 3.6 (matches meson)
python36 \
python36-devel \
python3-docutils \
python3-flake8 \
python3-importlib-metadata \
python3-pycodestyle \
python3-pyflakes \
\
# Container signal handling
tini \
\
# Build tools and dependencies
asciidoc \
audit-libs-devel \
augeas \
autoconf \
automake \
bison \
byacc \
ctags \
cyrus-sasl-devel \
device-mapper-devel \
diffstat \
dmidecode \
dwarves \
firewalld-filesystem \
flex \
fuse-devel \
fuse3 \
gcc-toolset-11 \
gcc-toolset-11-annobin-annocheck \
gcc-toolset-11-annobin-plugin-gcc \
gettext \
git \
glib2-devel \
glibc-devel \
gnutls-devel \
iproute \
iproute-tc \
iptables \
iptables-ebtables \
iscsi-initiator-utils \
libacl-devel \
libattr-devel \
libblkid-devel \
libcap-ng-devel \
libcurl-devel \
libiscsi-devel \
libnl3-devel \
libpcap-devel \
libpciaccess-devel \
libselinux-devel \
libssh2-devel \
libtirpc-devel \
libtool \
libxml2-devel \
lvm2 \
mdevctl \
meson \
netcf-devel \
nfs-utils \
ninja-build \
numactl-devel \
numad \
openssl-devel \
openvswitch2.16 \
parted-devel \
patchutils \
pesign \
pkgconf \
pkgconf-m4 \
pkgconf-pkg-config \
polkit \
qemu-img \
readline-devel \
redhat-rpm-config \
rpcgen \
rpm-build \
rpm-sign \
sanlock-devel \
scrub \
systemd-devel \
systemtap-sdt-devel \
yajl-devel \
&& \
dnf clean all && \
rm -rf /tmp/* /var/tmp/*
# Install / setup Rust
# Only set CARGO_HOME during build so unprivileged container users won't try to use system location
ARG CARGO_HOME="$RUSTUP_HOME"
RUN curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf | \
sh -s -- -y --profile minimal --default-toolchain 1.60.0-x86_64-unknown-linux-gnu && \
rustup toolchain install --profile minimal nightly && \
rustup component add rustfmt clippy && \
rustup component add rustfmt clippy --toolchain nightly && \
cargo install cargo-deny --locked && \
cargo install cargo-license --locked && \
cargo install cargo-udeps --locked && \
rm -rf "$CARGO_HOME/registry" /tmp/* /var/tmp/*
# Setup Python
RUN alternatives --set python /usr/bin/python3 && \
pip3 install --upgrade pip && \
pip3 install git-archive-all && \
rm -rf /tmp/* /var/tmp/*
# Allow any user to have sudo access within the container
ARG VER=1
ARG ZIP_FILE=add-user-to-sudoers.zip
RUN curl -L -o ${ZIP_FILE} "https://github.com/starlab-io/add-user-to-sudoers/releases/download/${VER}/${ZIP_FILE}" && \
unzip "${ZIP_FILE}" && \
rm "${ZIP_FILE}" && \
mkdir -p /usr/local/bin && \
mv add_user_to_sudoers /usr/local/bin/ && \
mv startup_script /usr/local/bin/ && \
chmod 4755 /usr/local/bin/add_user_to_sudoers && \
chmod +x /usr/local/bin/startup_script && \
# Let regular users be able to use sudo
echo $'auth sufficient pam_permit.so\n\
account sufficient pam_permit.so\n\
session sufficient pam_permit.so\n\
' > /etc/pam.d/sudo
# Apply some nice bash defaults
COPY mybash.sh /etc/profile.d/
ENTRYPOINT ["/usr/local/bin/startup_script", "/usr/bin/tini", "/usr/bin/scl", "--", "enable", "gcc-toolset-11", "--"]
CMD ["/bin/bash", "-l"]