This repository has been archived by the owner on Sep 12, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathDockerfile.base
126 lines (109 loc) · 3.83 KB
/
Dockerfile.base
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
FROM debian:jessie
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
acpi-support-base \
bash-completion \
busybox \
ca-certificates \
ifupdown \
isc-dhcp-client \
linux-image-3.16.0-4-amd64 \
ntp \
openssh-server \
rsync \
sudo \
sysvinit \
\
sysvinit-core \
\
squashfs-tools \
xorriso \
xz-utils \
\
isolinux \
syslinux-common \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /etc/ssh/ssh_host_* \
&& mkdir -p /tmp/iso/isolinux \
&& ln -L /usr/lib/ISOLINUX/isolinux.bin /usr/lib/syslinux/modules/bios/* /tmp/iso/isolinux/ \
&& ln -L /usr/lib/ISOLINUX/isohdpfx.bin /tmp/ \
&& apt-get purge -y --auto-remove \
isolinux \
syslinux-common
# apparmor \
# see https://wiki.debian.org/AppArmor/HowTo and isolinux.cfg
# curl \
# wget \
# BUSYBOX ALL UP IN HERE
RUN set -e \
&& busybox="$(which busybox)" \
&& for m in $("$busybox" --list); do \
if ! command -v "$m" > /dev/null; then \
ln -vL "$busybox" /usr/local/bin/"$m"; \
fi; \
done
# if /etc/machine-id is empty, systemd will generate a suitable ID on boot
RUN echo -n > /etc/machine-id
# setup networking (hack hack hack)
# TODO find a better way to do this natively via some [email protected] magic (like the getty magic) and remove ifupdown completely
RUN for iface in eth0 eth1 eth2 eth3; do \
{ \
echo "auto $iface"; \
echo "allow-hotplug $iface"; \
echo "iface $iface inet dhcp"; \
} > /etc/network/interfaces.d/$iface; \
done
# COLOR PROMPT BABY
RUN sed -ri 's/^#(force_color_prompt=)/\1/' /etc/skel/.bashrc \
&& cp /etc/skel/.bashrc /root/
# setup our non-root user, set passwords for both users, and setup sudo
RUN useradd --create-home --shell /bin/bash docker \
&& { \
echo 'root:docker'; \
echo 'docker:docker'; \
} | chpasswd \
&& echo 'docker ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/docker
# autologin for all tty
# see also: grep ^ExecStart /lib/systemd/system/*[email protected]
RUN mkdir -p /etc/systemd/system/[email protected] && { \
echo '[Service]'; \
echo 'ExecStart='; \
echo 'ExecStart=-/sbin/agetty --autologin docker --noclear %I $TERM'; \
} > /etc/systemd/system/[email protected]/autologin.conf
RUN mkdir -p /etc/systemd/system/[email protected] && { \
echo '[Service]'; \
echo 'ExecStart='; \
echo 'ExecStart=-/sbin/agetty --autologin docker --keep-baud 115200,38400,9600 %I $TERM'; \
} > /etc/systemd/system/[email protected]/autologin.conf
# setup inittab for autologin too (in case of sysvinit)
RUN set -e && { \
echo 'id:2:initdefault:'; \
echo 'si::sysinit:/etc/init.d/rcS'; \
for i in 0 1 2 3 4 5 6; do \
echo "l$i:$i:wait:/etc/init.d/rc $i"; \
done; \
for tty in 1 2 3 4 5 6; do \
[ $tty = 1 ] && rl=2345 || rl=23; \
echo "$tty:$rl:respawn:/sbin/getty --autologin docker --noclear 38400 tty$tty"; \
done; \
for ttyS in 0; do \
echo "T$ttyS:23:respawn:/sbin/getty --autologin docker -L ttyS$ttyS 9600 vt100"; \
done; \
} > /etc/inittab
# TODO figure out a clean way to suppress the "respawning too fast" error so we can have ttyS1 back
# setup NTP to use the boot2docker vendor pool instead of Debian's
RUN sed -i 's/debian.pool.ntp.org/boot2docker.pool.ntp.org/g' /etc/ntp.conf
# set a default LANG (sshd reads from here)
# this prevents warnings later
RUN echo 'LANG=C.UTF-8' > /etc/default/locale
# PURE VANITY
RUN { echo; echo 'Docker (\\s \\m \\r) [\\l]'; echo; } > /etc/issue
RUN . /etc/os-release && echo "$PRETTY_NAME" > /tmp/iso/version
COPY scripts/generate-ssh-host-keys.sh /usr/local/sbin/
COPY inits/ssh-keygen /etc/init.d/
RUN update-rc.d ssh-keygen defaults
COPY scripts/initramfs-live-hook.sh /usr/share/initramfs-tools/hooks/live
COPY scripts/initramfs-live-script.sh /usr/share/initramfs-tools/scripts/live
COPY excludes /tmp/
COPY scripts/audit-rootfs.sh scripts/build-rootfs.sh scripts/build-iso.sh /usr/local/sbin/
#RUN build-iso.sh # creates /tmp/docker.iso