From 8ee5d7202cf866447f468222b0fbdea33906b81b Mon Sep 17 00:00:00 2001 From: minoplhy Date: Tue, 11 Mar 2025 13:26:04 +0700 Subject: [PATCH] fix atlas build method --- Dockerfile | 29 ++++++++++------------ entrypoint.sh | 68 ++++++++++++++++++++------------------------------- 2 files changed, 40 insertions(+), 57 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5afae41..c1e2092 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,41 +4,37 @@ LABEL image="ripe-atlas-builder" ARG DEBIAN_FRONTEND=noninteractive ARG GIT_URL=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git -WORKDIR /root +WORKDIR /tmp RUN apt-get update -y && \ apt-get install -y git build-essential debhelper libssl-dev autotools-dev psmisc net-tools -RUN git clone --recursive "$GIT_URL" +RUN git clone --recursive "$GIT_URL" /tmp/ripe-atlas-software-probe -WORKDIR /root/ripe-atlas-software-probe +WORKDIR /tmp/ripe-atlas-software-probe # version 5100 RUN git checkout 5100 RUN autoreconf -iv -RUN ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib64 --runstatedir=/run --with-user=ripe-atlas --with-group=ripe-atlas --with-measurement-user=ripe-atlas-measurement --disable-systemd --enable-chown --enable-setcap-install +RUN ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib64 --runstatedir=/run --with-user=ripe-atlas --with-group=ripe-atlas --with-measurement-user=ripe-atlas --disable-systemd --enable-chown --enable-setcap-install RUN make -WORKDIR /root - ## artifacts FROM scratch AS artifacts LABEL image="ripe-atlas-artifacts" -COPY --from=builder /root/ripe-atlas-software-probe / +COPY --from=builder /tmp/ripe-atlas-software-probe / ## the actual image FROM debian:12 LABEL maintainer="dockerhub@public.swineson.me" LABEL image="ripe-atlas" -ARG DEBIAN_FRONTEND=noninteractive -COPY --from=builder /root/ripe-atlas-software-probe /tmp +COPY --from=builder /tmp/ripe-atlas-software-probe /tmp/ripe-atlas-software-probe ARG ATLAS_UID=101 ARG ATLAS_MEAS_UID=102 ARG ATLAS_GID=999 RUN ln -s /bin/true /bin/systemctl \ && adduser --system --uid $ATLAS_UID ripe-atlas \ - && adduser --system --uid $ATLAS_MEAS_UID ripe-atlas-measurement \ && groupadd --force --system --gid $ATLAS_GID ripe-atlas \ && apt-get update -y \ && apt-get install -y libcap2-bin iproute2 openssh-client procps net-tools tini debhelper libssl-dev autotools-dev psmisc opensysusers @@ -50,13 +46,14 @@ RUN make install COPY entrypoint.sh /usr/local/bin RUN chmod +x /usr/local/bin/* \ - && chown -R atlas:atlas /var/atlas-probe \ - && mkdir -p /var/atlasdata \ - && chown -R atlas:atlas /var/atlasdata \ - && chmod 777 /var/atlasdata + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /tmp/ripe-atlas-software-probe \ + && mkdir -p /opt/ripe-atlas \ + && chown -R ripe-atlas:ripe-atlas /opt/ripe-atlas \ + && chmod 777 /opt/ripe-atlas WORKDIR /var/atlas-probe -VOLUME [ "/var/atlas-probe/etc", "/var/atlas-probe/status" ] +VOLUME [ "/etc/ripe-atlas", "/run/ripe-atlas/status", "/var/spool/ripe-atlas" ] ENTRYPOINT [ "tini", "--", "entrypoint.sh" ] -CMD [ "atlas" ] +CMD [ "ripe-atlas" ] diff --git a/entrypoint.sh b/entrypoint.sh index 9287081..4ab0e94 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,41 +1,27 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -CONFIG_FILE="/var/atlas-probe/state/config.txt" -declare -a OPTIONS=( - "RXTXRPT" - "HTTP_POST_PORT" - "TELNETD_PORT" -) - -# test essential syscalls -if ! sleep 0 >/dev/null 2>&1; then - >&2 echo "WARNING: clock_nanosleep or clock_nanosleep_time64 is not available on the system" -fi - -export ATLAS_UID="${ATLAS_UID:-101}" -export ATLAS_GID="${ATLAS_GID:-999}" - -usermod -u $ATLAS_UID atlas -groupmod -g $ATLAS_GID atlas -chown -R atlas:atlas /var/atlas-probe || true -chown -R atlas:atlas /var/atlasdata || true - -# create essential files and fix permission -mkdir -p /var/atlas-probe/status -chown -R atlas:atlas /var/atlas-probe/status || true -mkdir -p /var/atlas-probe/etc -chown -R atlas:atlas /var/atlas-probe/etc || true -mkdir -p /var/atlas-probe/state -chown -R atlas:atlas /var/atlas-probe/state || true -echo "CHECK_ATLASDATA_TMPFS=no" > "${CONFIG_FILE}" - -# set probe configuration -for OPT in "${OPTIONS[@]}"; do - if [ ! -z "${!OPT+x}" ]; then - echo "Option ${OPT}=${!OPT}" - echo "${OPT}=${!OPT}" >> "${CONFIG_FILE}" - fi -done - -exec setpriv --reuid=$ATLAS_UID --regid=$ATLAS_GID --init-groups "$@" +#!/usr/bin/env bash +set -Eeuo pipefail + +# test essential syscalls +if ! sleep 0 >/dev/null 2>&1; then + >&2 echo "WARNING: clock_nanosleep or clock_nanosleep_time64 is not available on the system" +fi + +export ATLAS_UID="${ATLAS_UID:-101}" +export ATLAS_GID="${ATLAS_GID:-999}" + +usermod -u $ATLAS_UID ripe-atlas +groupmod -g $ATLAS_GID ripe-atlas + +# create essential files and fix permission +mkdir -p /var/spool/ripe-atlas +chown -R ripe-atlas:ripe-atlas /var/spool/ripe-atlas || true +mkdir -p /var/spool/ripe-atlas/data +chown -R ripe-atlas:ripe-atlas /var/spool/ripe-atlas/data || true +mkdir -p /run/ripe-atlas/status +chown -R ripe-atlas:ripe-atlas /run/ripe-atlas/status || true +mkdir -p /etc/ripe-atlas +chown -R ripe-atlas:ripe-atlas /etc/ripe-atlas || true +#mkdir -p /var/atlas-probe/state +#chown -R ripe-atlas:ripe-atlas /var/atlas-probe/state || true + +exec setpriv --reuid=$ATLAS_UID --regid=$ATLAS_GID --init-groups "$@"