|
| 1 | +# Strictly for fips build |
| 2 | +FROM registry.access.redhat.com/ubi8/go-toolset:1.23.6-2 as build |
| 3 | +USER root |
| 4 | +RUN dnf install -y --setopt=tsflags=nodocs git |
| 5 | +COPY . /go/src/ |
| 6 | + |
| 7 | +RUN sed -i 's/CGO_ENABLED=0 /CGO_ENABLED=1 /;s/containers_image_openpgp/& strictfipsruntime/' /go/src/Makefile |
| 8 | + |
| 9 | +RUN cd /go/src/ && make build |
| 10 | + |
| 11 | +FROM registry.access.redhat.com/ubi8/podman |
| 12 | +LABEL maintainer "Quay devel< [email protected]>" |
| 13 | + |
| 14 | + |
| 15 | +RUN set -ex\ |
| 16 | + ; dnf install -y --setopt=tsflags=nodocs --setopt=skip_missing_names_on_install=False git wget \ |
| 17 | + ; dnf -y -q clean all |
| 18 | + |
| 19 | +COPY --from=build /go/src/bin/quay-builder /usr/local/bin |
| 20 | +COPY buildpack/ssh-git.sh / |
| 21 | +COPY entrypoint.sh /home/podman/entrypoint.sh |
| 22 | + |
| 23 | +# Rootless/unprivileged buildah configurations |
| 24 | +# https://github.com/containers/buildah/blob/main/docs/tutorials/05-openshift-rootless-build.md |
| 25 | +RUN touch /etc/subgid /etc/subuid && \ |
| 26 | + chmod g=u /etc/subgid /etc/subuid /etc/passwd && \ |
| 27 | + echo 'podman:100000:65536' > /etc/subuid && echo 'podman:100000:65536' > /etc/subgid && \ |
| 28 | + # Set driver to VFS, which doesn't require host modifications compared to overlay |
| 29 | + # Set shortname aliasing to permissive - https://www.redhat.com/sysadmin/container-image-short-names |
| 30 | + mkdir -p /home/podman/.config/containers && \ |
| 31 | + (echo '[storage]';echo 'driver = "vfs"') > /home/podman/.config/containers/storage.conf && \ |
| 32 | + sed -i 's/short-name-mode="enforcing"/short-name-mode="permissive"/g' /etc/containers/registries.conf && \ |
| 33 | + mkdir /certs /home/podman/.config/cni && chown podman:podman /certs /home/podman/.config/cni |
| 34 | + |
| 35 | +VOLUME [ "/certs" ] |
| 36 | + |
| 37 | +WORKDIR /home/podman |
| 38 | + |
| 39 | +USER podman |
| 40 | + |
| 41 | +ENTRYPOINT ["sh", "/home/podman/entrypoint.sh"] |
0 commit comments