From e4e88fd6448ddf63a22b36cae2d1ed5579e76779 Mon Sep 17 00:00:00 2001 From: minoplhy Date: Wed, 12 Mar 2025 00:49:19 +0700 Subject: [PATCH] alpine linux as base image --- Dockerfile | 33 ++++++++++++++++-------------- alpinelinux-fix-sys-reboot.patch | 16 +++++++++++++++ docker-compose-ipv6.yaml | 35 ++++++++++++++++++++++++++++++++ entrypoint.sh | 7 ++----- 4 files changed, 71 insertions(+), 20 deletions(-) create mode 100644 alpinelinux-fix-sys-reboot.patch create mode 100644 docker-compose-ipv6.yaml diff --git a/Dockerfile b/Dockerfile index fc09585..d2138b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,25 @@ ## builder -FROM debian:12 as builder +FROM alpine:3.21 as builder LABEL image="ripe-atlas-builder" ARG DEBIAN_FRONTEND=noninteractive ARG GIT_URL=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git -WORKDIR /tmp +COPY alpinelinux-fix-sys-reboot.patch /tmp/alpinelinux-fix-sys-reboot.patch -RUN apt-get update -y && \ - apt-get install -y git build-essential debhelper libssl-dev autotools-dev psmisc net-tools +WORKDIR / + +RUN apk update && \ + apk upgrade && \ + apk add git alpine-sdk openssl-dev autoconf automake libtool linux-headers musl-dev psmisc net-tools RUN git clone --recursive "$GIT_URL" /tmp/ripe-atlas-software-probe WORKDIR /tmp/ripe-atlas-software-probe # version 5100 RUN git checkout 5100 + +# APPLY Alpine Linux specific patch +RUN git apply /tmp/alpinelinux-fix-sys-reboot.patch + RUN autoreconf -iv RUN ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib64 --runstatedir=/run --with-user=ripe-atlas --with-group=ripe-atlas --with-measurement-user=ripe-atlas --disable-systemd --enable-chown --enable-setcap-install RUN make @@ -24,21 +31,20 @@ LABEL image="ripe-atlas-artifacts" COPY --from=builder /tmp/ripe-atlas-software-probe / ## the actual image -FROM debian:12 +FROM alpine:3.21 LABEL maintainer="dockerhub@public.swineson.me" LABEL image="ripe-atlas" COPY --from=builder /tmp/ripe-atlas-software-probe /tmp/ripe-atlas-software-probe ARG ATLAS_UID=101 -ARG ATLAS_MEAS_UID=102 -ARG ATLAS_GID=999 +ARG ATLAS_GID=656 RUN ln -s /bin/true /bin/systemctl \ && adduser --system --uid $ATLAS_UID ripe-atlas \ - && groupadd --force --system --gid $ATLAS_GID ripe-atlas \ - && apt-get update -y \ - && apt-get install -y libcap2-bin iproute2 openssh-client procps net-tools tini debhelper libssl-dev autotools-dev psmisc opensysusers - + && addgroup --system --gid $ATLAS_GID ripe-atlas \ + && apk update \ + && apk upgrade \ + && apk add libcap iproute2 openssh-client procps net-tools tini openssl-dev autoconf automake psmisc alpine-sdk libtool linux-headers bash setpriv WORKDIR /tmp/ripe-atlas-software-probe RUN make install @@ -46,11 +52,8 @@ RUN make install COPY entrypoint.sh /usr/local/bin RUN chmod +x /usr/local/bin/* \ - && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/ripe-atlas-software-probe \ - && mkdir -p /opt/ripe-atlas \ - && chown -R ripe-atlas:ripe-atlas /opt/ripe-atlas \ - && chmod 777 /opt/ripe-atlas + && apk del autoconf automake psmisc alpine-sdk libtool linux-headers WORKDIR / VOLUME [ "/etc/ripe-atlas", "/run/ripe-atlas/status", "/var/spool/ripe-atlas" ] diff --git a/alpinelinux-fix-sys-reboot.patch b/alpinelinux-fix-sys-reboot.patch new file mode 100644 index 0000000..2c77f39 --- /dev/null +++ b/alpinelinux-fix-sys-reboot.patch @@ -0,0 +1,16 @@ +This patch is intended to fix reboot.h implict declaration issue when compile on Alpine Linux + +Based on : https://github.com/RIPE-NCC/ripe-atlas-software-probe/pull/118 + +diff --git a/probe-busybox/networking/telnetd.c b/probe-busybox/networking/telnetd.c +index 543de5a..8a67651 100644 +--- a/probe-busybox/networking/telnetd.c ++++ b/probe-busybox/networking/telnetd.c +@@ -134,6 +134,7 @@ + #include + #include + #include ++#include + + #define LOGIN_PREFIX "Atlas probe, see http://atlas.ripe.net/\r\n\r\n" + #define LOGIN_PROMPT " login: " diff --git a/docker-compose-ipv6.yaml b/docker-compose-ipv6.yaml new file mode 100644 index 0000000..35fccd4 --- /dev/null +++ b/docker-compose-ipv6.yaml @@ -0,0 +1,35 @@ +services: + ripe-atlas: + image: ghcr.io/minoplhy/docker-ripe-atlas:latest + restart: always + environment: + RXTXRPT: "yes" + volumes: + - "./etc:/etc/ripe-atlas" + - "./run:/run/ripe-atlas/status" + - ./spool:/var/spool/ripe-atlas + cap_drop: + - ALL + cap_add: + - CHOWN + - SETUID + - SETGID + - DAC_OVERRIDE + - NET_RAW + networks: + - atlas-network + mem_limit: "64000000000" + mem_reservation: 64m + labels: + - "traefik.enable=false" + - "com.centurylinklabs.watchtower.enable=true" + logging: + driver: json-file + options: + max-size: 10m + # network_mode: "host" # if possible, avoid double NAT + # security_opt: + # - seccomp:unconfined +networks: + atlas-network: + enable_ipv6: true diff --git a/entrypoint.sh b/entrypoint.sh index 15f46f3..415839a 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,10 +7,7 @@ if ! sleep 0 >/dev/null 2>&1; then fi export ATLAS_UID="${ATLAS_UID:-101}" -export ATLAS_GID="${ATLAS_GID:-999}" - -usermod -u $ATLAS_UID ripe-atlas -groupmod -g $ATLAS_GID ripe-atlas +export ATLAS_GID="${ATLAS_GID:-656}" # create essential files and fix permission mkdir -p /var/spool/ripe-atlas @@ -27,4 +24,4 @@ chown -R ripe-atlas:ripe-atlas /etc/ripe-atlas || true # (init) set atlas mode to prod echo "prod" > /etc/ripe-atlas/mode || true -exec setpriv --reuid=$ATLAS_UID --regid=$ATLAS_GID --init-groups "$@" +exec setpriv --reuid $ATLAS_UID --regid $ATLAS_GID --init-groups "$@"