github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/pkg/infra/container/imagecontext/base/Dockerfile (about)

     1  # Copyright © 2021 Alibaba Group Holding Ltd.
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #     http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  FROM ubuntu:21.04
    16  COPY entrypoint /usr/bin/
    17  RUN chmod +x /usr/bin/entrypoint
    18  COPY 10-network-security.conf /etc/sysctl.d/
    19  ARG PASSWORD="Seadent123"
    20  
    21  RUN echo "Installing Packages ..." \
    22      && sed -i "s/archive.ubuntu.com/mirrors.aliyun.com/g" /etc/apt/sources.list \
    23      && apt-get update \
    24      && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
    25        systemd \
    26        conntrack iptables iproute2 ethtool socat util-linux mount ebtables kmod \
    27        libseccomp2 pigz \
    28        bash ca-certificates curl rsync vim openssh-server ufw \
    29      && apt-get clean -y                                               \
    30      && rm -rf                                                         \
    31         /var/cache/debconf/*                                           \
    32         /var/lib/apt/lists/*                                           \
    33         /var/log/*                                                     \
    34         /tmp/*                                                         \
    35         /var/tmp/*                                                     \
    36         /usr/share/doc/*                                               \
    37         /usr/share/man/*                                               \
    38         /usr/share/local/*                                             \
    39      && find /lib/systemd/system/sysinit.target.wants/ -name "systemd-tmpfiles-setup.service" -delete \
    40      && rm -f /lib/systemd/system/multi-user.target.wants/* \
    41      && rm -f /etc/systemd/system/*.wants/* \
    42      && rm -f /lib/systemd/system/local-fs.target.wants/* \
    43      && rm -f /lib/systemd/system/sockets.target.wants/*udev* \
    44      && rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
    45      && rm -f /lib/systemd/system/basic.target.wants/* \
    46      && echo "ReadKMsg=no" >> /etc/systemd/journald.conf \
    47      && ln -s "$(which systemd)" /sbin/init
    48  
    49  RUN echo "Config ssh ..." \
    50      && echo "PermitRootLogin yes" >> /etc/ssh/sshd_config \
    51      && sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config \
    52      && sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd \
    53      && echo "root:${PASSWORD}" | chpasswd \
    54      && mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
    55  
    56  RUN echo "Enabling ssh ... " \
    57      && systemctl enable ssh
    58  
    59  RUN echo "Adjusting systemd-tmpfiles timer" \
    60      && sed -i /usr/lib/systemd/system/systemd-tmpfiles-clean.timer -e 's#OnBootSec=.*#OnBootSec=1min#'
    61  
    62  # tell systemd that it is in docker (it will check for the container env)
    63  # https://systemd.io/CONTAINER_INTERFACE/
    64  ENV container docker
    65  # systemd exits on SIGRTMIN+3, not SIGTERM (which re-executes it)
    66  # https://bugzilla.redhat.com/show_bug.cgi?id=1201657
    67  STOPSIGNAL SIGRTMIN+3
    68  EXPOSE 22
    69  
    70  # NOTE: this is *only* for documentation, the entrypoint is overridden later
    71  ENTRYPOINT [ "/usr/bin/entrypoint", "/sbin/init" ]