hacky workaround for dockerinit static binary needing libseccomp.a for debs and rpms

Signed-off-by: Jessica Frazelle <acidburn@docker.com>

contrib/builder/deb/debian-jessie/Dockerfile

@@ -4,7 +4,30 @@
 
 FROM debian:jessie
 
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev  libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV SECCOMP_VERSION v2.2.3
+RUN buildDeps=' \
+automake \
+libtool \
+' \
+&& set -x \
+&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
+&& rm -rf /var/lib/apt/lists/* \
+&& export SECCOMP_PATH=$(mktemp -d) \
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+&& ( \
+cd "$SECCOMP_PATH" \
+&& ./autogen.sh \
+&& ./configure --prefix=/usr \
+&& make \
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+&& chmod 644 /usr/lib/libseccomp.a \
+&& ranlib /usr/lib/libseccomp.a \
+&& ldconfig -n /usr/lib \
+) \
+&& rm -rf "$SECCOMP_PATH" \
+&& apt-get purge -y --auto-remove $buildDeps
 
 ENV GO_VERSION 1.5.1
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
@@ -12,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS apparmor selinux
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux

contrib/builder/deb/generate.sh

@@ -68,9 +68,8 @@ for version in "${versions[@]}"; do
 	esac
 
 	# debian wheezy & ubuntu precise do not have the right libseccomp libs
-	# debian jessie & ubuntu trusty/vivid do not have a libseccomp.a for compiling static dockerinit
 	case "$suite" in
-		jessie|precise|trusty|vivid|wheezy)
+		precise|wheezy)
 			packages=( "${packages[@]/libseccomp-dev}" )
 			;;
 		*)
@@ -105,6 +104,41 @@ for version in "${versions[@]}"; do
 
 	echo >> "$version/Dockerfile"
 
+	# debian jessie & ubuntu trusty/vivid do not have a libseccomp.a for compiling static dockerinit
+	# ONLY install libseccomp.a from source, this can be removed once dockerinit is removed
+	# TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled
+	case "$suite" in
+		jessie|trusty|vivid)
+			awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
+			cat <<-'EOF' >> "$version/Dockerfile"
+			RUN buildDeps=' \
+				automake \
+				libtool \
+			' \
+			&& set -x \
+			&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
+			&& rm -rf /var/lib/apt/lists/* \
+			&& export SECCOMP_PATH=$(mktemp -d) \
+			&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+			&& ( \
+				cd "$SECCOMP_PATH" \
+				&& ./autogen.sh \
+				&& ./configure --prefix=/usr \
+				&& make \
+				&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+				&& chmod 644 /usr/lib/libseccomp.a \
+				&& ranlib /usr/lib/libseccomp.a \
+				&& ldconfig -n /usr/lib \
+			) \
+			&& rm -rf "$SECCOMP_PATH" \
+			&& apt-get purge -y --auto-remove $buildDeps
+			EOF
+
+			echo >> "$version/Dockerfile"
+			;;
+		*) ;;
+	esac
+
 	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
 	echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
 	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"

contrib/builder/deb/ubuntu-trusty/Dockerfile

@@ -4,7 +4,30 @@
 
 FROM ubuntu:trusty
 
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev  libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV SECCOMP_VERSION v2.2.3
+RUN buildDeps=' \
+automake \
+libtool \
+' \
+&& set -x \
+&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
+&& rm -rf /var/lib/apt/lists/* \
+&& export SECCOMP_PATH=$(mktemp -d) \
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+&& ( \
+cd "$SECCOMP_PATH" \
+&& ./autogen.sh \
+&& ./configure --prefix=/usr \
+&& make \
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+&& chmod 644 /usr/lib/libseccomp.a \
+&& ranlib /usr/lib/libseccomp.a \
+&& ldconfig -n /usr/lib \
+) \
+&& rm -rf "$SECCOMP_PATH" \
+&& apt-get purge -y --auto-remove $buildDeps
 
 ENV GO_VERSION 1.5.1
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
@@ -12,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS apparmor selinux
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux

contrib/builder/deb/ubuntu-vivid/Dockerfile

@@ -4,7 +4,30 @@
 
 FROM ubuntu:vivid
 
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev  libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV SECCOMP_VERSION v2.2.3
+RUN buildDeps=' \
+automake \
+libtool \
+' \
+&& set -x \
+&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
+&& rm -rf /var/lib/apt/lists/* \
+&& export SECCOMP_PATH=$(mktemp -d) \
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+&& ( \
+cd "$SECCOMP_PATH" \
+&& ./autogen.sh \
+&& ./configure --prefix=/usr \
+&& make \
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+&& chmod 644 /usr/lib/libseccomp.a \
+&& ranlib /usr/lib/libseccomp.a \
+&& ldconfig -n /usr/lib \
+) \
+&& rm -rf "$SECCOMP_PATH" \
+&& apt-get purge -y --auto-remove $buildDeps
 
 ENV GO_VERSION 1.5.1
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
@@ -12,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS apparmor selinux
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux

contrib/builder/rpm/centos-7/Dockerfile

@@ -6,7 +6,28 @@ FROM centos:7
 
 RUN yum groupinstall -y "Development Tools"
 RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs
-RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+
+ENV SECCOMP_VERSION v2.2.3
+RUN buildDeps=' \
+automake \
+libtool \
+' \
+&& set -x \
+&& yum install -y $buildDeps \
+&& export SECCOMP_PATH=$(mktemp -d) \
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+&& ( \
+cd "$SECCOMP_PATH" \
+&& ./autogen.sh \
+&& ./configure --prefix=/usr \
+&& make \
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+&& chmod 644 /usr/lib/libseccomp.a \
+&& ranlib /usr/lib/libseccomp.a \
+&& ldconfig -n /usr/lib \
+) \
+&& rm -rf "$SECCOMP_PATH"
 
 ENV GO_VERSION 1.5.1
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
@@ -14,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS selinux
+ENV DOCKER_BUILDTAGS seccomp selinux

contrib/builder/rpm/fedora-21/Dockerfile

@@ -5,7 +5,28 @@
 FROM fedora:21
 
 RUN yum install -y @development-tools fedora-packager
-RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+
+ENV SECCOMP_VERSION v2.2.3
+RUN buildDeps=' \
+automake \
+libtool \
+' \
+&& set -x \
+&& yum install -y $buildDeps \
+&& export SECCOMP_PATH=$(mktemp -d) \
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+&& ( \
+cd "$SECCOMP_PATH" \
+&& ./autogen.sh \
+&& ./configure --prefix=/usr \
+&& make \
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+&& chmod 644 /usr/lib/libseccomp.a \
+&& ranlib /usr/lib/libseccomp.a \
+&& ldconfig -n /usr/lib \
+) \
+&& rm -rf "$SECCOMP_PATH"
 
 ENV GO_VERSION 1.5.1
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
@@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS selinux
+ENV DOCKER_BUILDTAGS seccomp selinux

contrib/builder/rpm/fedora-22/Dockerfile

@@ -5,7 +5,28 @@
 FROM fedora:22
 
 RUN dnf install -y @development-tools fedora-packager
-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+
+ENV SECCOMP_VERSION v2.2.3
+RUN buildDeps=' \
+automake \
+libtool \
+' \
+&& set -x \
+&& yum install -y $buildDeps \
+&& export SECCOMP_PATH=$(mktemp -d) \
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+&& ( \
+cd "$SECCOMP_PATH" \
+&& ./autogen.sh \
+&& ./configure --prefix=/usr \
+&& make \
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+&& chmod 644 /usr/lib/libseccomp.a \
+&& ranlib /usr/lib/libseccomp.a \
+&& ldconfig -n /usr/lib \
+) \
+&& rm -rf "$SECCOMP_PATH"
 
 ENV GO_VERSION 1.5.1
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
@@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS selinux
+ENV DOCKER_BUILDTAGS seccomp selinux

contrib/builder/rpm/fedora-23/Dockerfile

@@ -5,7 +5,28 @@
 FROM fedora:23
 
 RUN dnf install -y @development-tools fedora-packager
-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+
+ENV SECCOMP_VERSION v2.2.3
+RUN buildDeps=' \
+automake \
+libtool \
+' \
+&& set -x \
+&& yum install -y $buildDeps \
+&& export SECCOMP_PATH=$(mktemp -d) \
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+&& ( \
+cd "$SECCOMP_PATH" \
+&& ./autogen.sh \
+&& ./configure --prefix=/usr \
+&& make \
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+&& chmod 644 /usr/lib/libseccomp.a \
+&& ranlib /usr/lib/libseccomp.a \
+&& ldconfig -n /usr/lib \
+) \
+&& rm -rf "$SECCOMP_PATH"
 
 ENV GO_VERSION 1.5.1
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
@@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS selinux
+ENV DOCKER_BUILDTAGS seccomp selinux

contrib/builder/rpm/generate.sh

@@ -84,9 +84,8 @@ for version in "${versions[@]}"; do
 	esac
 
 	# opensuse & oraclelinx:6 do not have the right libseccomp libs
-	# centos, fedora, & oraclelinux:7 do not have a libseccomp.a for compiling static dockerinit
 	case "$from" in
-		centos:*|fedora:*|opensuse:*|oraclelinux:*)
+		opensuse:*|oraclelinux:6)
 			packages=( "${packages[@]/libseccomp-devel}" )
 			;;
 		*)
@@ -107,6 +106,39 @@ for version in "${versions[@]}"; do
 
 	echo >> "$version/Dockerfile"
 
+	# centos, fedora, & oraclelinux:7 do not have a libseccomp.a for compiling static dockerinit
+	# ONLY install libseccomp.a from source, this can be removed once dockerinit is removed
+	# TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled
+	case "$from" in
+		opensuse:*|oraclelinux:6) ;;
+		*)
+			awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
+			cat <<-'EOF' >> "$version/Dockerfile"
+			RUN buildDeps=' \
+				automake \
+				libtool \
+			' \
+			&& set -x \
+			&& yum install -y $buildDeps \
+			&& export SECCOMP_PATH=$(mktemp -d) \
+			&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+			&& ( \
+				cd "$SECCOMP_PATH" \
+				&& ./autogen.sh \
+				&& ./configure --prefix=/usr \
+				&& make \
+				&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+				&& chmod 644 /usr/lib/libseccomp.a \
+				&& ranlib /usr/lib/libseccomp.a \
+				&& ldconfig -n /usr/lib \
+			) \
+			&& rm -rf "$SECCOMP_PATH"
+			EOF
+
+			echo >> "$version/Dockerfile"
+			;;
+	esac
+
 	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
 	echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
 	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"

contrib/builder/rpm/oraclelinux-7/Dockerfile

@@ -5,7 +5,28 @@
 FROM oraclelinux:7
 
 RUN yum groupinstall -y "Development Tools"
-RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar
+
+ENV SECCOMP_VERSION v2.2.3
+RUN buildDeps=' \
+automake \
+libtool \
+' \
+&& set -x \
+&& yum install -y $buildDeps \
+&& export SECCOMP_PATH=$(mktemp -d) \
+&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+&& ( \
+cd "$SECCOMP_PATH" \
+&& ./autogen.sh \
+&& ./configure --prefix=/usr \
+&& make \
+&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \
+&& chmod 644 /usr/lib/libseccomp.a \
+&& ranlib /usr/lib/libseccomp.a \
+&& ldconfig -n /usr/lib \
+) \
+&& rm -rf "$SECCOMP_PATH"
 
 ENV GO_VERSION 1.5.1
 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
@@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS selinux
+ENV DOCKER_BUILDTAGS seccomp selinux