-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathDockerfile.base
98 lines (94 loc) · 3.65 KB
/
Dockerfile.base
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
FROM debian:bookworm-20241223-slim
ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 \
S6OVERLAY_VERSION="v3.2.0.2" \
# Fix for any issues with the S6 overlay. We have quite a few legacy services
# that worked fine under v2, but v3 is more strict and will kill a startup process
# if it takes more than 5 seconds. tar1090 and rtlsdrairband are the hardest hit
# but we may have others.
S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0" \
# this fix is for making sure that the proper pathing is available for scripts
# We seem to have an issue (I think it's an upstream bug) that `with-contenv` shebangs will not wor
# outside of the S6 supervision tree. This is a workaround for that.
PATH="/command:$PATH"
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# hadolint ignore=DL3008,SC2086,DL3003
RUN \
--mount=type=bind,source=./,target=/app/ \
set -x && \
TEMP_PACKAGES=() && \
KEPT_PACKAGES=() && \
# packages needed to install
TEMP_PACKAGES+=(git) && \
# logging
KEPT_PACKAGES+=(gawk) && \
KEPT_PACKAGES+=(pv) && \
# required for S6 overlay
# curl kept for healthcheck
TEMP_PACKAGES+=(file) && \
KEPT_PACKAGES+=(curl) && \
TEMP_PACKAGES+=(xz-utils) && \
KEPT_PACKAGES+=(ca-certificates) && \
# bc for scripts and healthchecks
KEPT_PACKAGES+=(bc) && \
# packages for network stuff
KEPT_PACKAGES+=(socat) && \
KEPT_PACKAGES+=(ncat) && \
KEPT_PACKAGES+=(net-tools) && \
KEPT_PACKAGES+=(wget) && \
# process management
KEPT_PACKAGES+=(procps) && \
# needed to compile s6wrap:
TEMP_PACKAGES+=(gcc) && \
TEMP_PACKAGES+=(build-essential) && \
# needed for diagnostics
KEPT_PACKAGES+=(nano) && \
KEPT_PACKAGES+=(iputils-ping) && \
KEPT_PACKAGES+=(dnsutils) && \
# install packages
## Builder fixes...
mkdir -p /usr/sbin/ && \
ln -s /usr/bin/dpkg-split /usr/sbin/dpkg-split && \
ln -s /usr/bin/dpkg-deb /usr/sbin/dpkg-deb && \
ln -s /bin/tar /usr/sbin/tar && \
apt-get update && \
apt-get install -y --no-install-recommends \
"${KEPT_PACKAGES[@]}" \
"${TEMP_PACKAGES[@]}" \
&& \
# install S6 Overlay
#curl --location --output /tmp/deploy-s6-overlay.sh https://raw.githubusercontent.com/fredclausen/deploy-s6-overlay/remove-s6-legacy/deploy-s6-overlay-v3.sh && \
curl --location --output /tmp/deploy-s6-overlay.sh https://raw.githubusercontent.com/mikenye/deploy-s6-overlay/master/deploy-s6-overlay-v3.sh && \
sh /tmp/deploy-s6-overlay.sh && \
rm -f /tmp/deploy-s6-overlay.sh && \
# deploy healthchecks framework
git clone \
--depth=1 \
https://github.com/mikenye/docker-healthchecks-framework.git \
/opt/healthchecks-framework \
&& \
rm -rf \
/opt/healthchecks-framework/.git* \
/opt/healthchecks-framework/*.md \
/opt/healthchecks-framework/tests \
&& \
# fix healthchecks framework pathing
sed -i 's/S6_SERVICE_PATH="\/run\/s6\/services"/S6_SERVICE_PATH="\/run\/s6\/legacy-services"/g' /opt/healthchecks-framework/checks/check_s6_service_abnormal_death_tally.sh && \
# Add s6wrap
pushd /tmp && \
git clone --depth=1 https://github.com/wiedehopf/s6wrap.git && \
cd s6wrap && \
make && \
mv s6wrap /usr/local/bin && \
popd && \
# Add additional stuff
mkdir -p /scripts /etc/cont-init.d && \
curl -sSL https://raw.githubusercontent.com/sdr-enthusiasts/Buster-Docker-Fixes/main/install_libseccomp2.sh | bash && \
chmod +x /etc/s6-overlay/s6-rc.d/libseccomp2/up && \
chmod +x /etc/s6-overlay/scripts/libseccomp2_check.sh && \
cp /app/scripts/* /scripts/ && \
# Clean up
apt-get remove -y "${TEMP_PACKAGES[@]}" && \
apt-get autoremove -q -o APT::Autoremove::RecommendsImportant=0 -o APT::Autoremove::SuggestsImportant=0 -y && \
rm -rf /src/* && \
bash /scripts/clean-build.sh
ENTRYPOINT [ "/init" ]