ziti-edge-tunnel Dockerfile for Debian

Dockerfile.debian

# this was the main Dockerfile before we adopted the RH UBI source image. This may still be useful for building arm 32bit images.
FROM debian:buster-slim as fetch-ziti-artifacts
# This build stage grabs artifacts that are copied into the final image.
# It uses the same base as the final image to maximize docker cache hits.

ARG ZITI_VERSION

ARG GITHUB_BASE_URL
ARG GITHUB_REPO

WORKDIR /tmp

RUN apt-get -q update && apt-get -q install -y --no-install-recommends curl ca-certificates unzip
# workaround for `openssl rehash` not working on arm.
RUN /bin/bash -c "if ! compgen -G '/etc/ssl/certs/*.[0-9]' > /dev/null; then c_rehash /etc/ssl/certs; fi"

COPY fetch-github-releases.sh .
RUN bash -x ./fetch-github-releases.sh ziti-edge-tunnel

################
#
#  Main Image
#
################

FROM debian:buster-slim

RUN mkdir -p /usr/local/bin /etc/ssl/certs
# libsystemd: install the shared object, necessary in conjunction with      --volume "/var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket"     to communicate with the host's dbus socket to configure systemd-resolved
# iproute2: install /sbin/ip, necessary in conjunction with    --device="/dev/net/tun:/dev/net/tun"    to up the tun device, assign routes, and assign source IP 
RUN apt-get -q update && apt-get -q install -y --no-install-recommends iproute2 libsystemd0
COPY --from=fetch-ziti-artifacts /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs
COPY --from=fetch-ziti-artifacts /tmp/ziti-edge-tunnel /usr/local/bin
COPY ./docker-entrypoint.sh /
RUN chmod +x /docker-entrypoint.sh
RUN mkdir -p /ziti-edge-tunnel

ENTRYPOINT [ "/docker-entrypoint.sh" ]
CMD [ "run" ]