hypery2k/Dockerfile

## Dockerfile
FROM centos/s2i-base-centos7:latest

ENV DESCRIPTION="Podman image runtime for releasing"
ENV TZ="Europe/Berlin"
ENV HOME=/podman

LABEL summary="$SUMMARY" \
        description="$DESCRIPTION" \
        version="$GIT_TAG" \
        build-user="$LAST_BUILD_USER" \
        build-timestamp="$LAST_BUILD_TIMESTAMP" \
        vcs-branch=$GIT_BRANCH \
        vcs-ref=$GIT_REF \
        vcs-type=git \
        io.k8s.description="$DESCRIPTION" \
        org.label-schema.name="$SUMMARY" \
        org.label-schema.description="$DESCRIPTION" \
        org.label-schema.docker.schema-version="1.0"

# setup podman
RUN printf '[podman.repo]\nname=virt7-container-common-candidate\nbaseurl=https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/\nenabled=1\ngpgcheck=0' > /etc/yum.repos.d/podman.repo && \
        curl -o /etc/yum.repos.d/rhel7.6-rootless-preview.repo https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo && \
        yum -y update && \
        yum install -y atomic-registries containers-common podman shadow-utils46-newxidmap slirp4netns && \
        yum clean all && rm -rf /var/cache/yum

# FIXME, remove this when issue is resolved: https://github.com/containers/libpod/issues/3589
RUN yum install -y sudo golang runc git ostree-devel gpgme-devel device-mapper-devel btrfs-progs-devel libassuan-devel libseccomp-devel automake autoconf gettext-devel libtool libxslt libsemanage-devel bison libcap-devel podman
RUN wget https://dl.google.com/go/go1.11.12.linux-amd64.tar.gz && \
        tar -xzf go1.11.12.linux-amd64.tar.gz && mv go /usr/local
RUN export GOROOT=/usr/local/go && export PATH=$GOROOT/bin:$PATH && go get github.com/pquerna/ffjson && \
        mkdir -p /var/tmp/go/src/github.com/containers/ && cd /var/tmp/go/src/github.com/containers/ && git clone https://github.com/rhatdan/storage.git && cd storage && git checkout applydiff && git clean -xdf && \
        source contrib/cirrus/lib.sh && install_ooe && make install.tools && make vendor && showrun make local-binary && \
        ln -s go/bin/podman /usr/bin/podman
# END FIXME

# configure podman
RUN  set -eux; \
        printf 'default:100000:65536' > /etc/subuid; \
        printf 'default:100000:65536' > /etc/subgid; \
        printf 'user.max_user_namespace=28633' > /etc/sysctl.d/namespaces.conf; \
        mkdir -pm 775 /etc/containers /podman/.config/containers /etc/cni/net.d /podman/.local/share/containers/storage/libpod; \
        wget -O /etc/containers/registries.conf https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora; \
        wget -O /etc/containers/policy.json     https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json; \
        wget -O /etc/cni/net.d/99-bridge.conflist https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist; \
        runc --help > /dev/null; \
        /usr/bin/podman --help > /dev/null; \
        /usr/libexec/podman/conmon --help > /dev/null; \
        /usr/bin/fix-permissions /podman; \
        chmod g=u /etc/passwd; \
        # prepare entrypoint, see https://docs.openshift.com/container-platform/3.6/creating_images/guidelines.html#use-uid
        printf 'if ! whoami &> /dev/null; then\n' > /usr/local/bin/setup_uid; \
        printf '  if [ -w /etc/passwd ]; then\n' >> /usr/local/bin/setup_uid; \
        printf "    sed \'/default:/d\' /etc/passwd > /tmp/passwd && cat /tmp/passwd > /etc/passwd && rm /tmp/passwd\n" >> /usr/local/bin/setup_uid; \
        printf '    echo ${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin >> /etc/passwd\n' >> /usr/local/bin/setup_uid; \
        printf '  fi\n' >> /usr/local/bin/setup_uid; \
        printf 'fi\n' >> /usr/local/bin/setup_uid; \
        printf 'podman system migrate\n' >> /usr/local/bin/setup_uid; \
        chmod +x /usr/local/bin/setup_uid

USER 1001
	FROM centos/s2i-base-centos7:latest

	ENV DESCRIPTION="Podman image runtime for releasing"
	ENV TZ="Europe/Berlin"
	ENV HOME=/podman

	LABEL summary="$SUMMARY" \
	description="$DESCRIPTION" \
	version="$GIT_TAG" \
	build-user="$LAST_BUILD_USER" \
	build-timestamp="$LAST_BUILD_TIMESTAMP" \
	vcs-branch=$GIT_BRANCH \
	vcs-ref=$GIT_REF \
	vcs-type=git \
	io.k8s.description="$DESCRIPTION" \
	org.label-schema.name="$SUMMARY" \
	org.label-schema.description="$DESCRIPTION" \
	org.label-schema.docker.schema-version="1.0"

	# setup podman
	RUN printf '[podman.repo]\nname=virt7-container-common-candidate\nbaseurl=https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/\nenabled=1\ngpgcheck=0' > /etc/yum.repos.d/podman.repo && \
	curl -o /etc/yum.repos.d/rhel7.6-rootless-preview.repo https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo && \
	yum -y update && \
	yum install -y atomic-registries containers-common podman shadow-utils46-newxidmap slirp4netns && \
	yum clean all && rm -rf /var/cache/yum

	# FIXME, remove this when issue is resolved: https://github.com/containers/libpod/issues/3589
	RUN yum install -y sudo golang runc git ostree-devel gpgme-devel device-mapper-devel btrfs-progs-devel libassuan-devel libseccomp-devel automake autoconf gettext-devel libtool libxslt libsemanage-devel bison libcap-devel podman
	RUN wget https://dl.google.com/go/go1.11.12.linux-amd64.tar.gz && \
	tar -xzf go1.11.12.linux-amd64.tar.gz && mv go /usr/local
	RUN export GOROOT=/usr/local/go && export PATH=$GOROOT/bin:$PATH && go get github.com/pquerna/ffjson && \
	mkdir -p /var/tmp/go/src/github.com/containers/ && cd /var/tmp/go/src/github.com/containers/ && git clone https://github.com/rhatdan/storage.git && cd storage && git checkout applydiff && git clean -xdf && \
	source contrib/cirrus/lib.sh && install_ooe && make install.tools && make vendor && showrun make local-binary && \
	ln -s go/bin/podman /usr/bin/podman
	# END FIXME

	# configure podman
	RUN set -eux; \
	printf 'default:100000:65536' > /etc/subuid; \
	printf 'default:100000:65536' > /etc/subgid; \
	printf 'user.max_user_namespace=28633' > /etc/sysctl.d/namespaces.conf; \
	mkdir -pm 775 /etc/containers /podman/.config/containers /etc/cni/net.d /podman/.local/share/containers/storage/libpod; \
	wget -O /etc/containers/registries.conf https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora; \
	wget -O /etc/containers/policy.json https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json; \
	wget -O /etc/cni/net.d/99-bridge.conflist https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist; \
	runc --help > /dev/null; \
	/usr/bin/podman --help > /dev/null; \
	/usr/libexec/podman/conmon --help > /dev/null; \
	/usr/bin/fix-permissions /podman; \
	chmod g=u /etc/passwd; \
	# prepare entrypoint, see https://docs.openshift.com/container-platform/3.6/creating_images/guidelines.html#use-uid
	printf 'if ! whoami &> /dev/null; then\n' > /usr/local/bin/setup_uid; \
	printf ' if [ -w /etc/passwd ]; then\n' >> /usr/local/bin/setup_uid; \
	printf " sed \'/default:/d\' /etc/passwd > /tmp/passwd && cat /tmp/passwd > /etc/passwd && rm /tmp/passwd\n" >> /usr/local/bin/setup_uid; \
	printf ' echo ${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin >> /etc/passwd\n' >> /usr/local/bin/setup_uid; \
	printf ' fi\n' >> /usr/local/bin/setup_uid; \
	printf 'fi\n' >> /usr/local/bin/setup_uid; \
	printf 'podman system migrate\n' >> /usr/local/bin/setup_uid; \
	chmod +x /usr/local/bin/setup_uid

	USER 1001