Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 00:06:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
f5270c6c01
constellation/Dockerfile.build
Otto Bittner 2f925b5955 Add clone3-workaround to bootstrapper build container 
The previously encountered error about misconfigured seccomp
filters is mitigated with the workaround added in this commit.
See the repo in the comment for detailed information on
the bug itself.
2022-08-10 17:17:23 +02:00

48 lines
1.8 KiB
Docker
Raw Blame History

FROM fedora@sha256:36af84ba69e21c9ef86a0424a090674c433b2b80c2462e57503886f1d823abe8 as build
# This workaround is necessary since glibc in versions >= 2.34 are incompatible with docker versions <= 20.10.9.
# Since the host ubuntu is running docker 20.10.7, this incompatibility becomes a problem.
# The workaround binary is a small go program that adds a missing seccomp filter to all programs invoked through the
# container's shell. More explanations can be found in the clone3-workaround repo and the blogpost linked in the repo.
ADD https://github.com/AkihiroSuda/clone3-workaround/releases/download/v1.0.0/clone3-workaround.x86_64 /clone3-workaround
RUN chmod 100 /clone3-workaround
SHELL ["/clone3-workaround", "/bin/sh", "-c"]
RUN dnf -y update && \
dnf -y install @development-tools pkg-config iproute iputils wget git jq openssl-devel cryptsetup-libs cryptsetup-devel && \
dnf clean all
# Install Go
ARG GO_VER=1.18
RUN wget https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
rm go${GO_VER}.linux-amd64.tar.gz
ENV PATH ${PATH}:/usr/local/go/bin
# Download go dependencies
WORKDIR /constellation/
COPY go.mod ./
COPY go.sum ./
RUN go mod download all
# Copy Repo
COPY . /constellation
RUN rm -rf ./hack/
FROM build AS build-bootstrapper
WORKDIR /constellation/bootstrapper/
ARG PROJECT_VERSION
RUN go build -o bootstrapper -tags=gcp,disable_tpm_simulator -buildvcs=false -ldflags "-s -w -buildid='' -X main.version=${PROJECT_VERSION}" ./cmd/bootstrapper/
FROM build AS build-disk-mapper
WORKDIR /constellation/state/
RUN go build -o disk-mapper -ldflags "-s -w" ./cmd/
FROM scratch AS bootstrapper
COPY --from=build-bootstrapper /constellation/bootstrapper/bootstrapper /
FROM scratch AS disk-mapper
COPY --from=build-disk-mapper /constellation/state/disk-mapper /
Reference in New Issue View Git Blame Copy Permalink