-
Notifications
You must be signed in to change notification settings - Fork 99
/
Dockerfile
86 lines (80 loc) · 3.59 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# umoci: Umoci Modifies Open Containers' Images
# Copyright (C) 2016-2020 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM registry.opensuse.org/opensuse/leap:15.6
MAINTAINER "Aleksa Sarai <asarai@suse.com>"
# We have to use out-of-tree repos because several packages haven't been merged
# into openSUSE Leap yet, or are out of date in Leap.
RUN zypper mr -d repo-non-oss repo-update-non-oss && \
zypper ar -f -p 10 -g 'obs://Virtualization:containers/$releasever' obs-vc && \
zypper ar -f -p 10 -g 'obs://devel:tools/$releasever' obs-tools && \
zypper ar -f -p 10 -g 'obs://devel:languages:go/$releasever' obs-go && \
zypper ar -f -p 10 -g 'obs://home:cyphar:containers/$releasever' obs-gomtree && \
zypper --gpg-auto-import-keys -n ref && \
zypper -n up
RUN zypper -n in \
attr \
bats \
bc \
curl \
git \
gnu_parallel \
"go==1.21" \
go-mtree \
gzip \
jq \
libcap-progs \
make \
moreutils \
python3-xattr python3-setuptools \
runc \
skopeo \
tar \
which
RUN useradd -u 1000 -m -d /home/rootless -s /bin/bash rootless
ENV GOPATH=/go PATH=/go/bin:$PATH
RUN go install github.com/cpuguy83/go-md2man/v2@latest && \
go install golang.org/x/lint/golint@latest && \
go install github.com/securego/gosec/cmd/gosec@latest && \
go install github.com/client9/misspell/cmd/misspell@latest
# FIXME: We need to get an ancient version of oci-runtime-tools because the
# config.json conversion we do is technically not spec-compliant due to
# an oversight and new versions of oci-runtime-tools verify this.
# See <https://github.com/opencontainers/runtime-spec/pull/1197>.
#
# In addition, there is no go.mod in all released versions up to v0.9.0,
# which means that we will pull the latest runtime-spec automatically
# which causes validation errors. But we need to forcefully update to
# runtime-spec 1.0.2. This is fine.
# See <https://github.com/opencontainers/runtime-tools/pull/774>.
RUN git clone -b v0.5.0 https://github.com/opencontainers/runtime-tools.git /tmp/oci-runtime-tools && \
( cd /tmp/oci-runtime-tools && \
go mod init github.com/opencontainers/runtime-tools && \
go mod tidy && \
go get github.com/opencontainers/runtime-spec@v1.0.2 && \
go mod vendor; ) && \
make -C /tmp/oci-runtime-tools tool install && \
rm -rf /tmp/oci-runtime-tools
# FIXME: oci-image-tool was basically broken for our needs after v0.3.0 (it
# cannot scan image layouts). The source is so old we need to manually
# build it (including doing "go mod init").
RUN git clone -b v0.3.0 https://github.com/opencontainers/image-tools.git /tmp/oci-image-tools && \
( cd /tmp/oci-image-tools && go mod init github.com/opencontainers/image-tools && go mod tidy && go mod vendor; ) && \
make -C /tmp/oci-image-tools all install && \
rm -rf /tmp/oci-image-tools
ENV SOURCE_IMAGE=/opensuse SOURCE_TAG=latest
ARG TEST_DOCKER_IMAGE=registry.opensuse.org/opensuse/leap:15.4
RUN skopeo copy docker://$TEST_DOCKER_IMAGE oci:$SOURCE_IMAGE:$SOURCE_TAG
VOLUME ["/go/src/github.com/opencontainers/umoci"]
WORKDIR /go/src/github.com/opencontainers/umoci