mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-11 07:29:29 -05:00
2f925b5955
The previously encountered error about misconfigured seccomp filters is mitigated with the workaround added in this commit. See the repo in the comment for detailed information on the bug itself.
48 lines
1.8 KiB
Docker
48 lines
1.8 KiB
Docker
FROM fedora@sha256:36af84ba69e21c9ef86a0424a090674c433b2b80c2462e57503886f1d823abe8 as build
|
|
|
|
# This workaround is necessary since glibc in versions >= 2.34 are incompatible with docker versions <= 20.10.9.
|
|
# Since the host ubuntu is running docker 20.10.7, this incompatibility becomes a problem.
|
|
# The workaround binary is a small go program that adds a missing seccomp filter to all programs invoked through the
|
|
# container's shell. More explanations can be found in the clone3-workaround repo and the blogpost linked in the repo.
|
|
ADD https://github.com/AkihiroSuda/clone3-workaround/releases/download/v1.0.0/clone3-workaround.x86_64 /clone3-workaround
|
|
RUN chmod 100 /clone3-workaround
|
|
SHELL ["/clone3-workaround", "/bin/sh", "-c"]
|
|
|
|
RUN dnf -y update && \
|
|
dnf -y install @development-tools pkg-config iproute iputils wget git jq openssl-devel cryptsetup-libs cryptsetup-devel && \
|
|
dnf clean all
|
|
|
|
# Install Go
|
|
ARG GO_VER=1.18
|
|
RUN wget https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
|
|
tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
|
|
rm go${GO_VER}.linux-amd64.tar.gz
|
|
ENV PATH ${PATH}:/usr/local/go/bin
|
|
|
|
# Download go dependencies
|
|
WORKDIR /constellation/
|
|
COPY go.mod ./
|
|
COPY go.sum ./
|
|
RUN go mod download all
|
|
|
|
# Copy Repo
|
|
COPY . /constellation
|
|
RUN rm -rf ./hack/
|
|
|
|
FROM build AS build-bootstrapper
|
|
WORKDIR /constellation/bootstrapper/
|
|
|
|
ARG PROJECT_VERSION
|
|
RUN go build -o bootstrapper -tags=gcp,disable_tpm_simulator -buildvcs=false -ldflags "-s -w -buildid='' -X main.version=${PROJECT_VERSION}" ./cmd/bootstrapper/
|
|
|
|
FROM build AS build-disk-mapper
|
|
WORKDIR /constellation/state/
|
|
|
|
RUN go build -o disk-mapper -ldflags "-s -w" ./cmd/
|
|
|
|
FROM scratch AS bootstrapper
|
|
COPY --from=build-bootstrapper /constellation/bootstrapper/bootstrapper /
|
|
|
|
FROM scratch AS disk-mapper
|
|
COPY --from=build-disk-mapper /constellation/state/disk-mapper /
|