From 568735063d48e2dca2991bbb78fb9be647a4fee9 Mon Sep 17 00:00:00 2001 From: Jakub Nyckowski Date: Thu, 22 Jun 2023 13:23:05 -0400 Subject: [PATCH] [v11] Update docker images (#27509) * Update base Ubuntu image to 20.04 (#26905) * Update base Ubuntu image to 22.04 * Revert the ubuntu image to 20.04 * Update the Dockerfile comment * Add CentOS 7 note * Add Connect note * Move Connect build to a new Docker container (#27175) * Move Connect build to a new Docker container * Update comments * Update comments Remove unused packages and unused arguments * Always use UID=1000 for building teleterm. --- build.assets/Dockerfile | 28 ++++++++++---------- build.assets/Dockerfile-connect | 46 +++++++++++++++++++++++++++++++++ build.assets/Makefile | 16 ++++++++++-- build.assets/images.mk | 1 + 4 files changed, 75 insertions(+), 16 deletions(-) create mode 100644 build.assets/Dockerfile-connect diff --git a/build.assets/Dockerfile b/build.assets/Dockerfile index 5830843202d2..344fd0cdb58b 100644 --- a/build.assets/Dockerfile +++ b/build.assets/Dockerfile @@ -1,16 +1,16 @@ -# This Dockerfile makes the "build box": the container used to build official -# releases of Teleport and its documentation. - -# Use Ubuntu 18.04 as base to get an older glibc version. -# Using a newer base image will build against a newer glibc, which creates a -# runtime requirement for the host to have newer glibc too. For example, -# teleport built on any newer Ubuntu version will not run on Centos 7 because -# of this. +# This Dockerfile makes the "build box" the container used to: +# * run test and linters in CI +# * building other Docker images +# +# For Teleport releases we're using CentOS 7 box to keep the binaries compatible +# with older Linux distributions (glibc 2.17+). +# +# Check the README to learn how to safely introduce changes to Dockerfiles. ## LIBFIDO2 ################################################################### # Build libfido2 separately for isolation, speed and flexibility. -FROM buildpack-deps:18.04 AS libfido2 +FROM buildpack-deps:20.04 AS libfido2 RUN apt-get update && \ apt-get install -y --no-install-recommends cmake && \ @@ -52,7 +52,7 @@ RUN git clone --depth=1 https://github.com/Yubico/libfido2.git -b 1.12.0 && \ ## LIBBPF ##################################################################### -FROM buildpack-deps:18.04 AS libbpf +FROM buildpack-deps:20.04 AS libbpf # Install libbpf RUN apt-get update -y --fix-missing && \ @@ -83,7 +83,7 @@ RUN mkdir -p /opt && cd /opt && curl -fsSL https://github.com/gravitational/libb # 4. Fast, language-dependent dependencies # 5. Multi-stage layer copies -FROM ubuntu:18.04 AS buildbox +FROM ubuntu:20.04 AS buildbox COPY locale.gen /etc/locale.gen COPY profile /etc/profile @@ -111,8 +111,8 @@ RUN apt-get -y update && \ apt-utils \ build-essential \ ca-certificates \ - clang-10 \ - clang-format-10 \ + clang \ + clang-format \ curl \ default-jre \ `if [ "$BUILDARCH" = "amd64" ] ; then echo gcc-multilib; fi` \ @@ -124,7 +124,7 @@ RUN apt-get -y update && \ libpam-dev \ libsqlite3-0 \ libssl-dev \ - llvm-10 \ + llvm \ locales \ mingw-w64 \ mingw-w64-x86-64-dev \ diff --git a/build.assets/Dockerfile-connect b/build.assets/Dockerfile-connect new file mode 100644 index 000000000000..a6235025814f --- /dev/null +++ b/build.assets/Dockerfile-connect @@ -0,0 +1,46 @@ +# This Dockerfile makes the "build box connect" the container used +# to build the Teleport Connect. +# +# This image is base on the node image, which is based on Debian Buster. +# Using it as a image allows us to link agains the same version of +# glibc as Node.js. +# +# Check the README to learn how to safely introduce changes to Dockerfiles. + +## BUILDBOX-CONNECT ################################################################### + +# Pin the tag to Debian Buster to make sure the Glibc compatibility. +ARG NODE_VERSION +FROM node:${NODE_VERSION}-buster AS buildbox + +COPY locale.gen /etc/locale.gen +COPY profile /etc/profile +ENV LANGUAGE="en_US.UTF-8" \ + LANG="en_US.UTF-8" \ + LC_ALL="en_US.UTF-8" \ + LC_CTYPE="en_US.UTF-8" \ + DEBIAN_FRONTEND="noninteractive" + +# Install packages. +RUN apt-get -y update && \ + apt-get install -q -y --no-install-recommends \ + build-essential \ + ca-certificates \ + git \ + libc6-dev \ + libssl-dev \ + locales \ + openssh-client \ + pkg-config \ + python3-pip \ + python3-setuptools \ + python3-wheel \ + # Used during tag builds to build the RPM package of Connect. + rpm \ + && \ + dpkg-reconfigure locales && \ + apt-get -y clean && \ + rm -rf /var/lib/apt/lists/* + +# Do not create the ci user as we do on other images, as node image +# already has node user with UID:GID 1000:1000 user. diff --git a/build.assets/Makefile b/build.assets/Makefile index eead6758b813..d05f5c4c662c 100644 --- a/build.assets/Makefile +++ b/build.assets/Makefile @@ -233,12 +233,24 @@ ifeq ($(CONNECT_VERSION),) CONNECT_VERSION := $(BUILDBOX_VERSION)-dev endif +# +# Builds a Docker buildbox for Linux Connect builds +# +.PHONY:buildbox-connect +buildbox-connect: + if [[ $${DRONE} == "true" ]] && ! docker inspect --type=image $(BUILDBOX_CONNECT) 2>&1 >/dev/null; then docker pull $(BUILDBOX_CONNECT) || true; fi; \ + DOCKER_BUILDKIT=1 docker build \ + --build-arg NODE_VERSION=$(NODE_VERSION) \ + --cache-from $(BUILDBOX_CONNECT) \ + --tag $(BUILDBOX_CONNECT) -f Dockerfile-connect . ; + # # Builds Teleport Connect inside the buildbox container. # .PHONY:teleterm -teleterm: buildbox - docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX) \ +teleterm: buildbox-connect + # Always run this image as user 1000, as the Node base image assumes that. + docker run $(DOCKERFLAGS) -u 1000:1000 $(BUILDBOX_CONNECT) \ bash -c "cd $(SRCDIR) && export CONNECT_TSH_BIN_PATH=\$$PWD/../teleport/build/tsh && yarn install --frozen-lockfile && yarn build-term && yarn package-term -c.extraMetadata.version=$(CONNECT_VERSION)" # Builds webassets inside Docker. diff --git a/build.assets/images.mk b/build.assets/images.mk index 93c7719b84ea..fc9a1a2a6f7b 100644 --- a/build.assets/images.mk +++ b/build.assets/images.mk @@ -12,4 +12,5 @@ BUILDBOX_CENTOS7_FIPS=$(BUILDBOX_BASE_NAME)-centos7-fips:$(BUILDBOX_VERSION) BUILDBOX_ARM=$(BUILDBOX_BASE_NAME)-arm:$(BUILDBOX_VERSION) BUILDBOX_ARM_FIPS=$(BUILDBOX_BASE_NAME)-arm-fips:$(BUILDBOX_VERSION) BUILDBOX_UI=$(BUILDBOX_BASE_NAME)-ui:$(BUILDBOX_VERSION) +BUILDBOX_CONNECT=$(BUILDBOX_BASE_NAME)-connect:$(BUILDBOX_VERSION) BUILDBOX_CENTOS7_ASSETS=$(BUILDBOX_BASE_NAME)-centos7-assets:$(BUILDBOX_VERSION)