mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
update debs/rpms for seccomp
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
This commit is contained in:
Jessica Frazelle
parent
d616a09763
commit
255004ef33
16 changed files with 71 additions and 19 deletions
|
|
@ -11,4 +11,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS apparmor selinux
|
ENV DOCKER_BUILDTAGS apparmor selinux
|
||||||
|
|
|
||||||
|
|
@ -4,11 +4,12 @@
|
||||||
|
|
||||||
FROM debian:stretch
|
FROM debian:stretch
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
|
RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
ENV GO_VERSION 1.5.1
|
ENV GO_VERSION 1.5.1
|
||||||
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
ENV DOCKER_BUILDTAGS apparmor selinux
|
|
||||||
|
ENV DOCKER_BUILDTAGS apparmor seccomp selinux
|
||||||
|
|
|
||||||
|
|
@ -11,4 +11,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS apparmor selinux
|
ENV DOCKER_BUILDTAGS apparmor selinux
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,7 @@ for version in "${versions[@]}"; do
|
||||||
libdevmapper-dev # for "libdevmapper.h"
|
libdevmapper-dev # for "libdevmapper.h"
|
||||||
libltdl-dev # for pkcs11 "ltdl.h"
|
libltdl-dev # for pkcs11 "ltdl.h"
|
||||||
libsqlite3-dev # for "sqlite3.h"
|
libsqlite3-dev # for "sqlite3.h"
|
||||||
|
libseccomp-dev # for "seccomp.h" & "libseccomp.so"
|
||||||
)
|
)
|
||||||
# packaging for "sd-journal.h" and libraries varies
|
# packaging for "sd-journal.h" and libraries varies
|
||||||
case "$suite" in
|
case "$suite" in
|
||||||
|
|
@ -66,6 +67,18 @@ for version in "${versions[@]}"; do
|
||||||
*) packages+=( libsystemd-journal-dev );;
|
*) packages+=( libsystemd-journal-dev );;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
# debian wheezy & ubuntu precise do not have the right libseccomp libs
|
||||||
|
# debian jessie & ubuntu trusty/vivid do not have a libseccomp.a for compiling static dockerinit
|
||||||
|
case "$suite" in
|
||||||
|
jessie|precise|trusty|vivid|wheezy)
|
||||||
|
packages=( "${packages[@]/libseccomp-dev}" )
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
extraBuildTags+=' seccomp'
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
|
||||||
if [ "$suite" = 'precise' ]; then
|
if [ "$suite" = 'precise' ]; then
|
||||||
# precise has a few package issues
|
# precise has a few package issues
|
||||||
|
|
||||||
|
|
@ -99,5 +112,11 @@ for version in "${versions[@]}"; do
|
||||||
echo >> "$version/Dockerfile"
|
echo >> "$version/Dockerfile"
|
||||||
|
|
||||||
echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
|
echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
|
||||||
awk '$1 == "ENV" && $2 == "DOCKER_BUILDTAGS" { print $0 "'"$extraBuildTags"'"; exit }' ../../../Dockerfile >> "$version/Dockerfile"
|
|
||||||
|
echo >> "$version/Dockerfile"
|
||||||
|
|
||||||
|
# print build tags in alphabetical order
|
||||||
|
buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
|
||||||
|
|
||||||
|
echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -11,4 +11,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
ENV DOCKER_BUILDTAGS apparmor selinux exclude_graphdriver_devicemapper exclude_graphdriver_btrfs
|
|
||||||
|
ENV DOCKER_BUILDTAGS apparmor exclude_graphdriver_btrfs exclude_graphdriver_devicemapper selinux
|
||||||
|
|
|
||||||
|
|
@ -11,4 +11,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS apparmor selinux
|
ENV DOCKER_BUILDTAGS apparmor selinux
|
||||||
|
|
|
||||||
|
|
@ -11,4 +11,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS apparmor selinux
|
ENV DOCKER_BUILDTAGS apparmor selinux
|
||||||
|
|
|
||||||
|
|
@ -4,11 +4,12 @@
|
||||||
|
|
||||||
FROM ubuntu:wily
|
FROM ubuntu:wily
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
|
RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
ENV GO_VERSION 1.5.1
|
ENV GO_VERSION 1.5.1
|
||||||
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
ENV DOCKER_BUILDTAGS apparmor selinux
|
|
||||||
|
ENV DOCKER_BUILDTAGS apparmor seccomp selinux
|
||||||
|
|
|
||||||
|
|
@ -13,4 +13,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS selinux
|
ENV DOCKER_BUILDTAGS selinux
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS selinux
|
ENV DOCKER_BUILDTAGS selinux
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS selinux
|
ENV DOCKER_BUILDTAGS selinux
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS selinux
|
ENV DOCKER_BUILDTAGS selinux
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,8 @@ for version in "${versions[@]}"; do
|
||||||
|
|
||||||
echo >> "$version/Dockerfile"
|
echo >> "$version/Dockerfile"
|
||||||
|
|
||||||
|
extraBuildTags=
|
||||||
|
|
||||||
case "$from" in
|
case "$from" in
|
||||||
centos:*)
|
centos:*)
|
||||||
# get "Development Tools" packages dependencies
|
# get "Development Tools" packages dependencies
|
||||||
|
|
@ -65,6 +67,7 @@ for version in "${versions[@]}"; do
|
||||||
btrfs-progs-devel # for "btrfs/ioctl.h" (and "version.h" if possible)
|
btrfs-progs-devel # for "btrfs/ioctl.h" (and "version.h" if possible)
|
||||||
device-mapper-devel # for "libdevmapper.h"
|
device-mapper-devel # for "libdevmapper.h"
|
||||||
glibc-static
|
glibc-static
|
||||||
|
libseccomp-devel # for "seccomp.h" & "libseccomp.so"
|
||||||
libselinux-devel # for "libselinux.so"
|
libselinux-devel # for "libselinux.so"
|
||||||
libtool-ltdl-devel # for pkcs11 "ltdl.h"
|
libtool-ltdl-devel # for pkcs11 "ltdl.h"
|
||||||
selinux-policy
|
selinux-policy
|
||||||
|
|
@ -80,6 +83,17 @@ for version in "${versions[@]}"; do
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
# opensuse & oraclelinx:6 do not have the right libseccomp libs
|
||||||
|
# centos, fedora, & oraclelinux:7 do not have a libseccomp.a for compiling static dockerinit
|
||||||
|
case "$from" in
|
||||||
|
centos:*|fedora:*|opensuse:*|oraclelinux:*)
|
||||||
|
packages=( "${packages[@]/libseccomp-devel}" )
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
extraBuildTags+=' seccomp'
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
case "$from" in
|
case "$from" in
|
||||||
opensuse:*)
|
opensuse:*)
|
||||||
packages=( "${packages[@]/btrfs-progs-devel/libbtrfs-devel}" )
|
packages=( "${packages[@]/btrfs-progs-devel/libbtrfs-devel}" )
|
||||||
|
|
@ -101,5 +115,10 @@ for version in "${versions[@]}"; do
|
||||||
|
|
||||||
echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
|
echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
|
||||||
|
|
||||||
echo 'ENV DOCKER_BUILDTAGS selinux' >> "$version/Dockerfile"
|
echo >> "$version/Dockerfile"
|
||||||
|
|
||||||
|
# print build tags in alphabetical order
|
||||||
|
buildTags=$( echo "selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
|
||||||
|
|
||||||
|
echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS selinux
|
ENV DOCKER_BUILDTAGS selinux
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS selinux
|
ENV DOCKER_BUILDTAGS selinux
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,5 @@ RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64
|
||||||
ENV PATH $PATH:/usr/local/go/bin
|
ENV PATH $PATH:/usr/local/go/bin
|
||||||
|
|
||||||
ENV AUTO_GOPATH 1
|
ENV AUTO_GOPATH 1
|
||||||
|
|
||||||
ENV DOCKER_BUILDTAGS selinux
|
ENV DOCKER_BUILDTAGS selinux
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue