mirror of
https://github.com/linuxkit/linuxkit.git
synced 2026-04-05 02:57:06 +00:00
ec7dadcddd
People really want to play around with this, so adding them here makes it possible. Just as iproute2 is part of these, so should wireguard-tools. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
36 lines
1.3 KiB
Docker
36 lines
1.3 KiB
Docker
FROM linuxkit/alpine:4248059c38452217ff63853869df36034a890401 AS mirror
|
|
|
|
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
|
|
RUN apk add --no-cache --initdb -p /out \
|
|
alpine-baselayout \
|
|
apk-tools \
|
|
busybox \
|
|
ca-certificates \
|
|
musl \
|
|
tini \
|
|
util-linux \
|
|
wireguard-tools \
|
|
&& true
|
|
RUN mv /out/etc/apk/repositories.upstream /out/etc/apk/repositories
|
|
|
|
#
|
|
# We require a version of `setsid(1)` which supports the `-w`
|
|
# option, which is not available in all implementations (e.g. the
|
|
# `busybox` implementation does not support it). When this is run
|
|
# as part of a LinuxKit `init` image (rather than as a standalone
|
|
# container) we cannot guarantee which version of `setsid` will
|
|
# be present once the layers are combined, so we take a copy of
|
|
# our own, known good, version for use later.
|
|
RUN cp /out/usr/bin/setsid /out/usr/bin/setsid.getty
|
|
# we really do not want a rogue inittab here
|
|
RUN rm -rf /out/etc/inittab
|
|
|
|
FROM scratch
|
|
ENTRYPOINT ["/sbin/tini","-s","-v","--"]
|
|
WORKDIR /
|
|
COPY --from=mirror /out/ /
|
|
COPY usr/ /usr/
|
|
COPY etc/ /etc/
|
|
CMD ["/usr/bin/rungetty.sh"]
|
|
LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
|