-
Notifications
You must be signed in to change notification settings - Fork 15
/
Dockerfile
31 lines (30 loc) · 871 Bytes
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
ARG GO_IMAGE=rancher/hardened-build-base:v1.22.7b1
FROM ${GO_IMAGE} as builder
# setup required packages
RUN set -x && \
apk --no-cache add \
file \
gcc \
git \
libselinux-dev \
libseccomp-dev \
libseccomp-static \
make
# setup the build
ARG PKG="github.com/opencontainers/runc"
ARG SRC="github.com/opencontainers/runc"
ARG TAG="v1.1.12"
ARG TARGETARCH="amd64"
RUN git clone --depth=1 https://${SRC}.git $GOPATH/src/${PKG}
WORKDIR $GOPATH/src/${PKG}
RUN git fetch --all --tags --prune
RUN git checkout tags/${TAG} -b ${TAG}
RUN BUILDTAGS='seccomp selinux apparmor' GOEXPERIMENT='boringcrypto' make static
RUN go-assert-static.sh runc
RUN if [ "${TARGETARCH}" = "amd64" ]; then \
go-assert-boring.sh runc; \
fi
RUN install -s runc /usr/local/bin
RUN runc --version
FROM scratch
COPY --from=builder /usr/local/bin/ /usr/local/bin/