-
Notifications
You must be signed in to change notification settings - Fork 181
Expand file tree
/
Copy pathDockerfile
More file actions
69 lines (60 loc) · 2.34 KB
/
Dockerfile
File metadata and controls
69 lines (60 loc) · 2.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# syntax=docker/dockerfile-upstream:1.5.0-rc2-labs
# Copyright (c) 2025 Zededa, Inc.
# SPDX-License-Identifier: Apache-2.0
FROM lfedge/eve-alpine:745ae9066273c73b0fd879c4ba4ff626a8392d04 AS zfs
ENV BUILD_PKGS="git patch ca-certificates util-linux build-base gettext-dev libtirpc-dev automake autoconf \
libtool linux-headers attr-dev e2fsprogs-dev glib-dev openssl-dev util-linux-dev coreutils"
ENV PKGS="ca-certificates util-linux libintl libuuid libtirpc libblkid libcrypto1.1 zlib"
RUN eve-alpine-deploy.sh
# should be aligned with kernel
# * ZFS on Linux
ENV ZFS_VERSION=2.3.3
ENV ZFS_COMMIT=zfs-${ZFS_VERSION}
ENV ZFS_REPO=https://github.com/openzfs/zfs.git
WORKDIR /tmp/zfs
ADD ${ZFS_REPO}#${ZFS_COMMIT} /tmp/zfs
RUN ./autogen.sh && \
./configure \
--prefix=/usr \
--with-tirpc \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--localstatedir=/var \
--with-config=user \
--with-udevdir=/lib/udev \
--disable-systemd \
--disable-static && \
./scripts/make_gitrev.sh && \
make -j "$(getconf _NPROCESSORS_ONLN)" && \
make DESTDIR=/tmp/zfs-out install-strip
# cleanup
RUN rm -rf /tmp/zfs-out/usr/share && rm -rf /tmp/zfs-out/usr/src && \
rm -rf /tmp/zfs-out/etc/init.d && rm -rf /tmp/zfs-out/etc/conf.d
# make the list of files built from zfs to reuse later
# hadolint ignore=DL4006
RUN find /tmp/zfs-out -mindepth 1|sed 's@/tmp/zfs-out@@'>/out/etc/zfs-files
RUN cp -r /tmp/zfs-out/* /out
# Add directory for CDI files
RUN mkdir -p /out/etc/cdi
FROM scratch
COPY --from=zfs /out/ /
# hadolint ignore=DL3020
ADD rootfs/ /
### Create system-wide groups and users ###
# add initial root user
RUN touch /etc/group && touch /etc/passwd
RUN addgroup -g 0 root
RUN adduser -D -H -h /root -s /bin/sh -g "root" -G root -u 0 root
# add nobody user and group
RUN addgroup -g 65534 nogroup
RUN adduser -D -H -h /nonexistent -s /bin/false -g "nobody" -u 65534 -G nogroup nobody
# add tpms group so /dev/tpm* is accessible to non-root users via tpms group,
# the group is set for /dev/tpm* in the mdev.conf file
RUN addgroup -g 100 tpms
# setup user and group for vtpm container and allow TPM access via tpms group
RUN addgroup -g 101 vtpm
RUN adduser -D -H -h /nonexistent -s /bin/false -g "vtpm" -G vtpm -u 101 vtpm
RUN addgroup vtpm tpms
# setup group for disk access, mdev handling
RUN addgroup -g 6 disk