-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* rootless implementation Co-authored-by: madelen-axis <[email protected]>
- Loading branch information
1 parent
376990d
commit abc4664
Showing
14 changed files
with
371 additions
and
74 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -14,14 +14,9 @@ ARG ACAP3_SDK_VERSION=3.5 | |
| ARG ACAP3_UBUNTU_VERSION=20.04 | ||
| ARG ACAP3_SDK=acap-sdk | ||
|
|
||
| FROM ${REPO}/${NATIVE_SDK}:${VERSION}-${ACAPARCH}-ubuntu${UBUNTU_VERSION} as build_image | ||
|
|
||
| FROM ${REPO}/${ACAP3_SDK}:${ACAP3_SDK_VERSION}-${ACAPARCH}-ubuntu${ACAP3_UBUNTU_VERSION} as acap-sdk | ||
|
|
||
| FROM build_image AS ps | ||
| ARG PROCPS_VERSION=v3.3.17 | ||
| ARG BUILD_DIR=/build | ||
| ARG EXPORT_DIR=/export | ||
| FROM ${REPO}/${NATIVE_SDK}:${VERSION}-${ACAPARCH}-ubuntu${UBUNTU_VERSION} as build_image | ||
|
|
||
| RUN <<EOF | ||
| apt-get update | ||
|
|
@@ -30,11 +25,46 @@ RUN <<EOF | |
| autopoint \ | ||
| gettext \ | ||
| git \ | ||
| libtool | ||
| libtool \ | ||
| bison | ||
| ln -s /usr/bin/libtoolize /usr/bin/libtool | ||
| apt-get clean | ||
| rm -rf /var/lib/apt/lists/* | ||
| EOF | ||
|
|
||
| FROM build_image AS nsenter | ||
|
|
||
| ARG NSENTER_VERSION=v2.39.1 | ||
| ARG BUILD_DIR=/build | ||
| ARG EXPORT_DIR=/export | ||
|
|
||
| WORKDIR $BUILD_DIR | ||
| RUN git clone -b $NSENTER_VERSION 'https://github.com/util-linux/util-linux.git' | ||
|
|
||
| ARG BUILD_CACHE=build.cache | ||
| RUN echo ac_cv_func_realloc_0_nonnull=yes >$BUILD_CACHE \ | ||
| && echo ac_cv_func_malloc_0_nonnull=yes >>$BUILD_CACHE | ||
| RUN <<EOF | ||
| cd util-linux | ||
| . /opt/axis/acapsdk/environment-setup* | ||
| ./autogen.sh | ||
| ./configure --host="${TARGET_PREFIX%*-}" \ | ||
| --disable-shared \ | ||
| --without-ncurses \ | ||
| --cache-file="$BUILD_CACHE" | ||
| make nsenter | ||
| $STRIP nsenter | ||
| EOF | ||
|
|
||
| WORKDIR $EXPORT_DIR | ||
| RUN cp $BUILD_DIR/util-linux/nsenter nsenter | ||
|
|
||
| FROM build_image AS ps | ||
|
|
||
| ARG PROCPS_VERSION=v3.3.17 | ||
| ARG BUILD_DIR=/build | ||
| ARG EXPORT_DIR=/export | ||
|
|
||
| WORKDIR $BUILD_DIR | ||
| RUN git clone --depth 1 -b $PROCPS_VERSION 'https://gitlab.com/procps-ng/procps' . | ||
|
|
||
|
|
@@ -60,6 +90,8 @@ FROM build_image as build | |
| ARG DOCKER_VERSION | ||
| ARG DOCKER_COMPOSE_VERSION | ||
| ARG ACAPARCH | ||
| ARG SLIRP4NETNS_VERSION=1.2.0 | ||
| ARG ROOTLESS_EXTRAS_VERSION=${DOCKER_VERSION} | ||
|
|
||
| # Copy over axparameter from the acap-sdk | ||
| COPY --from=acap-sdk /opt/axis/acapsdk/sysroots/${ACAPARCH}/usr/include/axsdk/ax_parameter /opt/axis/acapsdk/sysroots/${ACAPARCH}/usr/include/axsdk | ||
|
|
@@ -70,8 +102,29 @@ COPY --from=acap-sdk /opt/axis/acapsdk/sysroots/${ACAPARCH}/usr/lib/pkgconfig/ax | |
|
|
||
| COPY app /opt/app | ||
| COPY --from=ps /export/ps /opt/app | ||
| COPY --from=nsenter /export/nsenter /opt/app | ||
|
|
||
| COPY ./binaries/${ACAPARCH}/* /opt/app | ||
|
|
||
| # Get docker* binaries and scripts | ||
| # Temp fix to get binary onto aarch64 master fw | ||
| COPY ./binaries/systemd-user-runtime-dir /opt/app | ||
| COPY ./binaries/*.service /opt/app | ||
| COPY ./binaries/handle_directories.sh /opt/app | ||
|
|
||
| WORKDIR /opt/app | ||
|
|
||
| # Download and extract slirp4netns | ||
| RUN <<EOF | ||
| if [ "$ACAPARCH" = "armv7hf" ]; then | ||
| export SLIRP4NETNS_ARCH="armv7l"; | ||
| elif [ "$ACAPARCH" = "aarch64" ]; then | ||
| export SLIRP4NETNS_ARCH="aarch64"; | ||
| fi; | ||
| curl -Lo slirp4netns "https://github.com/rootless-containers/slirp4netns/releases/download/v${SLIRP4NETNS_VERSION}/slirp4netns-${SLIRP4NETNS_ARCH}"; | ||
| chmod +x slirp4netns | ||
| EOF | ||
|
|
||
| # Download and extract docker scripts and docker-rootless-extras scripts | ||
| RUN <<EOF | ||
| if [ "$ACAPARCH" = "armv7hf" ]; then | ||
| export DOCKER_ARCH="armhf"; | ||
|
|
@@ -86,10 +139,11 @@ RUN <<EOF | |
| tar -xz -f docker_binaries.tgz --strip-components=1 docker/docker-init ; | ||
| tar -xz -f docker_binaries.tgz --strip-components=1 docker/docker-proxy ; | ||
| curl -Lo docker-compose "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-linux-${DOCKER_COMPOSE_ARCH}" ; | ||
| chmod +x docker-compose | ||
| chmod +x docker-compose ; | ||
| curl -Lo docker-rootless-extras.tgz "https://download.docker.com/linux/static/stable/${DOCKER_ARCH}/docker-rootless-extras-${ROOTLESS_EXTRAS_VERSION}.tgz" ; | ||
| tar -xz -f docker-rootless-extras.tgz --strip-components=1 ; | ||
| EOF | ||
|
|
||
| WORKDIR /opt/app | ||
| RUN <<EOF | ||
| . /opt/axis/acapsdk/environment-setup* | ||
| acap-build . \ | ||
|
|
@@ -99,7 +153,17 @@ RUN <<EOF | |
| -a docker-init \ | ||
| -a docker-proxy \ | ||
| -a empty_daemon.json \ | ||
| -a ps | ||
| -a ps \ | ||
| -a slirp4netns \ | ||
| -a rootlesskit \ | ||
| -a rootlesskit-docker-proxy \ | ||
| -a nsenter \ | ||
| -a newgidmap \ | ||
| -a newuidmap \ | ||
| -a systemd-user-runtime-dir \ | ||
| -a [email protected] \ | ||
| -a [email protected] \ | ||
| -a handle_directories.sh | ||
| EOF | ||
|
|
||
| ENTRYPOINT [ "/opt/axis/acapsdk/sysroots/x86_64-pokysdk-linux/usr/bin/eap-install.sh" ] | ||
Oops, something went wrong.