diff --git a/contrib/builder/deb/debian-jessie/Dockerfile b/contrib/builder/deb/debian-jessie/Dockerfile index d1be2b760e..19c5643cf5 100644 --- a/contrib/builder/deb/debian-jessie/Dockerfile +++ b/contrib/builder/deb/debian-jessie/Dockerfile @@ -4,7 +4,30 @@ FROM debian:jessie -RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* + +ENV SECCOMP_VERSION v2.2.3 +RUN buildDeps=' \ +automake \ +libtool \ +' \ +&& set -x \ +&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \ +&& rm -rf /var/lib/apt/lists/* \ +&& export SECCOMP_PATH=$(mktemp -d) \ +&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ +&& ( \ +cd "$SECCOMP_PATH" \ +&& ./autogen.sh \ +&& ./configure --prefix=/usr \ +&& make \ +&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ +&& chmod 644 /usr/lib/libseccomp.a \ +&& ranlib /usr/lib/libseccomp.a \ +&& ldconfig -n /usr/lib \ +) \ +&& rm -rf "$SECCOMP_PATH" \ +&& apt-get purge -y --auto-remove $buildDeps ENV GO_VERSION 1.5.1 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local @@ -12,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS apparmor selinux +ENV DOCKER_BUILDTAGS apparmor seccomp selinux diff --git a/contrib/builder/deb/generate.sh b/contrib/builder/deb/generate.sh index deef365de3..18d075204f 100755 --- a/contrib/builder/deb/generate.sh +++ b/contrib/builder/deb/generate.sh @@ -68,9 +68,8 @@ for version in "${versions[@]}"; do esac # debian wheezy & ubuntu precise do not have the right libseccomp libs - # debian jessie & ubuntu trusty/vivid do not have a libseccomp.a for compiling static dockerinit case "$suite" in - jessie|precise|trusty|vivid|wheezy) + precise|wheezy) packages=( "${packages[@]/libseccomp-dev}" ) ;; *) @@ -105,6 +104,41 @@ for version in "${versions[@]}"; do echo >> "$version/Dockerfile" + # debian jessie & ubuntu trusty/vivid do not have a libseccomp.a for compiling static dockerinit + # ONLY install libseccomp.a from source, this can be removed once dockerinit is removed + # TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled + case "$suite" in + jessie|trusty|vivid) + awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile" + cat <<-'EOF' >> "$version/Dockerfile" + RUN buildDeps=' \ + automake \ + libtool \ + ' \ + && set -x \ + && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + && export SECCOMP_PATH=$(mktemp -d) \ + && git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ + && ( \ + cd "$SECCOMP_PATH" \ + && ./autogen.sh \ + && ./configure --prefix=/usr \ + && make \ + && install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ + && chmod 644 /usr/lib/libseccomp.a \ + && ranlib /usr/lib/libseccomp.a \ + && ldconfig -n /usr/lib \ + ) \ + && rm -rf "$SECCOMP_PATH" \ + && apt-get purge -y --auto-remove $buildDeps + EOF + + echo >> "$version/Dockerfile" + ;; + *) ;; + esac + awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile" echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile" echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile" diff --git a/contrib/builder/deb/ubuntu-trusty/Dockerfile b/contrib/builder/deb/ubuntu-trusty/Dockerfile index 5203813051..822c7be5a7 100644 --- a/contrib/builder/deb/ubuntu-trusty/Dockerfile +++ b/contrib/builder/deb/ubuntu-trusty/Dockerfile @@ -4,7 +4,30 @@ FROM ubuntu:trusty -RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* + +ENV SECCOMP_VERSION v2.2.3 +RUN buildDeps=' \ +automake \ +libtool \ +' \ +&& set -x \ +&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \ +&& rm -rf /var/lib/apt/lists/* \ +&& export SECCOMP_PATH=$(mktemp -d) \ +&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ +&& ( \ +cd "$SECCOMP_PATH" \ +&& ./autogen.sh \ +&& ./configure --prefix=/usr \ +&& make \ +&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ +&& chmod 644 /usr/lib/libseccomp.a \ +&& ranlib /usr/lib/libseccomp.a \ +&& ldconfig -n /usr/lib \ +) \ +&& rm -rf "$SECCOMP_PATH" \ +&& apt-get purge -y --auto-remove $buildDeps ENV GO_VERSION 1.5.1 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local @@ -12,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS apparmor selinux +ENV DOCKER_BUILDTAGS apparmor seccomp selinux diff --git a/contrib/builder/deb/ubuntu-vivid/Dockerfile b/contrib/builder/deb/ubuntu-vivid/Dockerfile index 9a0462f76a..52797c5624 100644 --- a/contrib/builder/deb/ubuntu-vivid/Dockerfile +++ b/contrib/builder/deb/ubuntu-vivid/Dockerfile @@ -4,7 +4,30 @@ FROM ubuntu:vivid -RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* + +ENV SECCOMP_VERSION v2.2.3 +RUN buildDeps=' \ +automake \ +libtool \ +' \ +&& set -x \ +&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \ +&& rm -rf /var/lib/apt/lists/* \ +&& export SECCOMP_PATH=$(mktemp -d) \ +&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ +&& ( \ +cd "$SECCOMP_PATH" \ +&& ./autogen.sh \ +&& ./configure --prefix=/usr \ +&& make \ +&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ +&& chmod 644 /usr/lib/libseccomp.a \ +&& ranlib /usr/lib/libseccomp.a \ +&& ldconfig -n /usr/lib \ +) \ +&& rm -rf "$SECCOMP_PATH" \ +&& apt-get purge -y --auto-remove $buildDeps ENV GO_VERSION 1.5.1 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local @@ -12,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS apparmor selinux +ENV DOCKER_BUILDTAGS apparmor seccomp selinux diff --git a/contrib/builder/rpm/centos-7/Dockerfile b/contrib/builder/rpm/centos-7/Dockerfile index 65387c56ad..20a0426b62 100644 --- a/contrib/builder/rpm/centos-7/Dockerfile +++ b/contrib/builder/rpm/centos-7/Dockerfile @@ -6,7 +6,28 @@ FROM centos:7 RUN yum groupinstall -y "Development Tools" RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs -RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar +RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar + +ENV SECCOMP_VERSION v2.2.3 +RUN buildDeps=' \ +automake \ +libtool \ +' \ +&& set -x \ +&& yum install -y $buildDeps \ +&& export SECCOMP_PATH=$(mktemp -d) \ +&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ +&& ( \ +cd "$SECCOMP_PATH" \ +&& ./autogen.sh \ +&& ./configure --prefix=/usr \ +&& make \ +&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ +&& chmod 644 /usr/lib/libseccomp.a \ +&& ranlib /usr/lib/libseccomp.a \ +&& ldconfig -n /usr/lib \ +) \ +&& rm -rf "$SECCOMP_PATH" ENV GO_VERSION 1.5.1 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local @@ -14,4 +35,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS selinux +ENV DOCKER_BUILDTAGS seccomp selinux diff --git a/contrib/builder/rpm/fedora-21/Dockerfile b/contrib/builder/rpm/fedora-21/Dockerfile index a417f23fd8..9edec18501 100644 --- a/contrib/builder/rpm/fedora-21/Dockerfile +++ b/contrib/builder/rpm/fedora-21/Dockerfile @@ -5,7 +5,28 @@ FROM fedora:21 RUN yum install -y @development-tools fedora-packager -RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar +RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar + +ENV SECCOMP_VERSION v2.2.3 +RUN buildDeps=' \ +automake \ +libtool \ +' \ +&& set -x \ +&& yum install -y $buildDeps \ +&& export SECCOMP_PATH=$(mktemp -d) \ +&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ +&& ( \ +cd "$SECCOMP_PATH" \ +&& ./autogen.sh \ +&& ./configure --prefix=/usr \ +&& make \ +&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ +&& chmod 644 /usr/lib/libseccomp.a \ +&& ranlib /usr/lib/libseccomp.a \ +&& ldconfig -n /usr/lib \ +) \ +&& rm -rf "$SECCOMP_PATH" ENV GO_VERSION 1.5.1 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local @@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS selinux +ENV DOCKER_BUILDTAGS seccomp selinux diff --git a/contrib/builder/rpm/fedora-22/Dockerfile b/contrib/builder/rpm/fedora-22/Dockerfile index 5f10fe2a83..df0f8592d3 100644 --- a/contrib/builder/rpm/fedora-22/Dockerfile +++ b/contrib/builder/rpm/fedora-22/Dockerfile @@ -5,7 +5,28 @@ FROM fedora:22 RUN dnf install -y @development-tools fedora-packager -RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar +RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar + +ENV SECCOMP_VERSION v2.2.3 +RUN buildDeps=' \ +automake \ +libtool \ +' \ +&& set -x \ +&& yum install -y $buildDeps \ +&& export SECCOMP_PATH=$(mktemp -d) \ +&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ +&& ( \ +cd "$SECCOMP_PATH" \ +&& ./autogen.sh \ +&& ./configure --prefix=/usr \ +&& make \ +&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ +&& chmod 644 /usr/lib/libseccomp.a \ +&& ranlib /usr/lib/libseccomp.a \ +&& ldconfig -n /usr/lib \ +) \ +&& rm -rf "$SECCOMP_PATH" ENV GO_VERSION 1.5.1 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local @@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS selinux +ENV DOCKER_BUILDTAGS seccomp selinux diff --git a/contrib/builder/rpm/fedora-23/Dockerfile b/contrib/builder/rpm/fedora-23/Dockerfile index 583d3e9690..79c3b008b9 100644 --- a/contrib/builder/rpm/fedora-23/Dockerfile +++ b/contrib/builder/rpm/fedora-23/Dockerfile @@ -5,7 +5,28 @@ FROM fedora:23 RUN dnf install -y @development-tools fedora-packager -RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar +RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar + +ENV SECCOMP_VERSION v2.2.3 +RUN buildDeps=' \ +automake \ +libtool \ +' \ +&& set -x \ +&& yum install -y $buildDeps \ +&& export SECCOMP_PATH=$(mktemp -d) \ +&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ +&& ( \ +cd "$SECCOMP_PATH" \ +&& ./autogen.sh \ +&& ./configure --prefix=/usr \ +&& make \ +&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ +&& chmod 644 /usr/lib/libseccomp.a \ +&& ranlib /usr/lib/libseccomp.a \ +&& ldconfig -n /usr/lib \ +) \ +&& rm -rf "$SECCOMP_PATH" ENV GO_VERSION 1.5.1 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local @@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS selinux +ENV DOCKER_BUILDTAGS seccomp selinux diff --git a/contrib/builder/rpm/generate.sh b/contrib/builder/rpm/generate.sh index fae961f872..18ba5501ad 100755 --- a/contrib/builder/rpm/generate.sh +++ b/contrib/builder/rpm/generate.sh @@ -84,9 +84,8 @@ for version in "${versions[@]}"; do esac # opensuse & oraclelinx:6 do not have the right libseccomp libs - # centos, fedora, & oraclelinux:7 do not have a libseccomp.a for compiling static dockerinit case "$from" in - centos:*|fedora:*|opensuse:*|oraclelinux:*) + opensuse:*|oraclelinux:6) packages=( "${packages[@]/libseccomp-devel}" ) ;; *) @@ -107,6 +106,39 @@ for version in "${versions[@]}"; do echo >> "$version/Dockerfile" + # centos, fedora, & oraclelinux:7 do not have a libseccomp.a for compiling static dockerinit + # ONLY install libseccomp.a from source, this can be removed once dockerinit is removed + # TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled + case "$from" in + opensuse:*|oraclelinux:6) ;; + *) + awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile" + cat <<-'EOF' >> "$version/Dockerfile" + RUN buildDeps=' \ + automake \ + libtool \ + ' \ + && set -x \ + && yum install -y $buildDeps \ + && export SECCOMP_PATH=$(mktemp -d) \ + && git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ + && ( \ + cd "$SECCOMP_PATH" \ + && ./autogen.sh \ + && ./configure --prefix=/usr \ + && make \ + && install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ + && chmod 644 /usr/lib/libseccomp.a \ + && ranlib /usr/lib/libseccomp.a \ + && ldconfig -n /usr/lib \ + ) \ + && rm -rf "$SECCOMP_PATH" + EOF + + echo >> "$version/Dockerfile" + ;; + esac + awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile" echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile" echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile" diff --git a/contrib/builder/rpm/oraclelinux-7/Dockerfile b/contrib/builder/rpm/oraclelinux-7/Dockerfile index 65326b866e..45b7bf2642 100644 --- a/contrib/builder/rpm/oraclelinux-7/Dockerfile +++ b/contrib/builder/rpm/oraclelinux-7/Dockerfile @@ -5,7 +5,28 @@ FROM oraclelinux:7 RUN yum groupinstall -y "Development Tools" -RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar +RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar + +ENV SECCOMP_VERSION v2.2.3 +RUN buildDeps=' \ +automake \ +libtool \ +' \ +&& set -x \ +&& yum install -y $buildDeps \ +&& export SECCOMP_PATH=$(mktemp -d) \ +&& git clone -b "$SECCOMP_VERSION" --depth 1 https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ +&& ( \ +cd "$SECCOMP_PATH" \ +&& ./autogen.sh \ +&& ./configure --prefix=/usr \ +&& make \ +&& install -c src/.libs/libseccomp.a /usr/lib/libseccomp.a \ +&& chmod 644 /usr/lib/libseccomp.a \ +&& ranlib /usr/lib/libseccomp.a \ +&& ldconfig -n /usr/lib \ +) \ +&& rm -rf "$SECCOMP_PATH" ENV GO_VERSION 1.5.1 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local @@ -13,4 +34,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS selinux +ENV DOCKER_BUILDTAGS seccomp selinux