Слияние кода завершено, страница обновится автоматически
# our chosen base image
FROM debian:12-slim AS builder
ENV NO_LUA_JIT="s390x arm64"
# TODO: make sure /source looks roughly the same from git or tar
# Reusable layer for base update
RUN apt-get update && apt-get -y dist-upgrade && apt-get clean
# Unable backports to get a recent enough version of meson
RUN echo "deb http://deb.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/bookworm-backports.list
# devscripts gives us mk-build-deps (and a lot of other stuff)
RUN apt-get update && apt-get -y dist-upgrade && apt-get install -y --no-install-recommends devscripts equivs git && apt-get clean
COPY builder-support /source/builder-support
# TODO: control file is not in tarballs at all right now
RUN mk-build-deps -i -t 'apt-get -y -o Debug::pkgProblemResolver=yes --no-install-recommends' /source/builder-support/debian/dnsdist/debian-bookworm/control && \
apt-get install -y -t bookworm-backports meson && \
apt-get clean
COPY meson /source/meson
COPY pdns /source/pdns
COPY build-aux /source/build-aux
COPY m4 /source/m4
COPY ext /source/ext
COPY builder/helpers/set-configure-ac-version.sh /usr/local/bin
COPY .git /source/.git
# build and install (TODO: before we hit this line, rearrange /source structure if we are coming from a tarball)
WORKDIR /source/pdns/dnsdistdist
ARG MAKEFLAGS=
ENV MAKEFLAGS=${MAKEFLAGS:--j2}
ARG DOCKER_FAKE_RELEASE=NO
ENV DOCKER_FAKE_RELEASE=${DOCKER_FAKE_RELEASE}
RUN touch dnsdist.1 # avoid having to install pandoc and venv
RUN if [ "${DOCKER_FAKE_RELEASE}" = "YES" ]; then \
BUILDER_VERSION="$(IS_RELEASE=YES BUILDER_MODULES=dnsdist ./builder-support/gen-version | sed 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\(\(alpha|beta|rc\)\d\+\)\)?.*/\1/')" set-configure-ac-version.sh;\
fi && \
BUILDER_MODULES=dnsdist autoreconf -vfi
RUN mkdir /quiche && cd /quiche && \
apt-get install -y cmake curl jq libclang-dev && \
apt-get clean && \
cd /source/builder-support/helpers/ && \
./install_rust.sh && \
./install_quiche.sh
RUN mkdir /build && \
LUAVER=$([ -z "${NO_LUA_JIT##*$(dpkg --print-architecture)*}" ] && echo 'lua5.3' || echo 'luajit') && \
apt-get install -y lib${LUAVER}-*dev ninja-build && \
BUILDDIR=$(mktemp -d) && \
IS_RELEASE="${DOCKER_FAKE_RELEASE}" \
LDFLAGS="-latomic -fuse-ld=lld -Wl,--build-id=sha1 -ldl" \
CC=clang \
CXX=clang++ \
PKG_CONFIG_PATH=/opt/lib/pkgconfig meson setup ${BUILDDIR} \
--sysconfdir=/etc/dnsdist \
-Dlua=auto \
-Db_lto=true \
-Db_lto_mode=thin \
-Db_pie=true \
-Ddns-over-https=enabled \
-Ddns-over-quic=enabled \
-Ddns-over-http3=enabled \
-Ddns-over-tls=enabled \
-Ddnscrypt=enabled \
-Ddnstap=enabled \
-Dyaml=enabled \
-Debpf=enabled \
-Dyaml=enabled \
-Dtls-gnutls=enabled \
-Dsnmp=enabled \
-Dlibcap=enabled \
-Dlibsodium=enabled \
-Dquiche=enabled \
-Dre2=enabled \
-Dsystemd-service=disabled \
-Dxsk=enabled && \
meson compile -C ${BUILDDIR} && \
meson install -C ${BUILDDIR} --destdir /build && \
strip /build/usr/local/bin/* && \
rm -rf /build/lib # remove systemd unit files, we do not need them and copying /lib to the run-time image breaks it
RUN for tentative in "lib/x86_64-linux-gnu" "lib/aarch64-linux-gnu" "lib64" "lib"; do \
if [ -f "/usr/${tentative}/libdnsdist-quiche.so" ]; then \
mkdir -p "/build/usr/${tentative}/"; \
cp "/usr/${tentative}/libdnsdist-quiche.so" "/build/usr/${tentative}/"; \
break; \
fi; \
done
RUN cd /tmp && mkdir /build/tmp/ && mkdir debian && \
echo 'Source: docker-deps-for-pdns' > debian/control && \
dpkg-shlibdeps /build/usr/local/bin/dnsdist && \
sed 's/^shlibs:Depends=/Depends: /' debian/substvars >> debian/control && \
equivs-build debian/control && \
dpkg-deb -I equivs-dummy_1.0_all.deb && cp equivs-dummy_1.0_all.deb /build/tmp/
# Runtime
FROM debian:12-slim
# Reusable layer for base update - Should be cached from builder
RUN apt-get update && apt-get -y dist-upgrade && apt-get clean
# - python3 and jinja2 (for startup script)
# - tini (for signal management)
# - ca-certificates (for verifying downstream DoH/DoT certificates)
RUN apt-get install -y python3 python3-jinja2 tini libcap2-bin ca-certificates && apt-get clean
# Output from builder
COPY --from=builder /build /
RUN chmod 1777 /tmp # FIXME: better not use /build/tmp for equivs at all
# Ensure dependencies are present
RUN apt-get install -y /tmp/equivs-dummy_1.0_all.deb && apt-get clean
# Config
RUN mkdir -p /etc/dnsdist/conf.d /etc/dnsdist/templates.d
COPY dockerdata/dnsdist.conf /etc/dnsdist/
# Start script
COPY dockerdata/startup.py /usr/local/bin/dnsdist-startup
# Work with pdns user - not root
RUN adduser --system --disabled-password --disabled-login --no-create-home --group pdns --uid 953
RUN chown pdns:pdns /etc/dnsdist/conf.d /etc/dnsdist/templates.d
USER pdns
# Default DNS ports
EXPOSE 53/udp
EXPOSE 53/tcp
# Default console port
EXPOSE 5199/tcp
# Default webserver port
EXPOSE 8083/tcp
WORKDIR /etc/dnsdist
COPY dockerdata/dnsdist-resolver.lua /etc/dnsdist/
ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/dnsdist-startup"]
Вы можете оставить комментарий после Вход в систему
Неприемлемый контент может быть отображен здесь и не будет показан на странице. Вы можете проверить и изменить его с помощью соответствующей функции редактирования.
Если вы подтверждаете, что содержание не содержит непристойной лексики/перенаправления на рекламу/насилия/вульгарной порнографии/нарушений/пиратства/ложного/незначительного или незаконного контента, связанного с национальными законами и предписаниями, вы можете нажать «Отправить» для подачи апелляции, и мы обработаем ее как можно скорее.
Опубликовать ( 0 )