1FROM debian:buster-slim AS docker_vmm
2
3ENV container docker
4ENV LC_ALL C.UTF-8
5ENV DEBIAN_FRONTEND noninteractive
6
7SHELL [ "/bin/bash", "-c" ]
8
9# Set up the user to be the same as the user creating the container.  Not
10# strictly necessary, but this way all the permissions of the generated files
11# will match.
12
13ARG USER
14ARG UID
15
16ENV USER $USER
17ENV HOME /home/$USER
18ENV CUSTOM_MANIFEST ""
19
20RUN apt update \
21    && apt install -y sudo
22
23RUN useradd -m -s /bin/bash $USER -u $UID -d $HOME \
24    && passwd -d $USER \
25    && echo "$USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
26
27RUN mkdir /source && chown -R $USER /source
28RUN mkdir /output && chown -R $USER /output
29RUN mkdir /working && chown -R $USER /working
30RUN mkdir /static && chown -R $USER /static
31
32USER $USER
33WORKDIR $HOME
34
35COPY --chown=$USER x86_64-linux-gnu/manifest.xml /static/x86_64-linux-gnu/manifest.xml
36COPY --chown=$USER aarch64-linux-gnu/manifest.xml /static/aarch64-linux-gnu/manifest.xml
37COPY --chown=$USER custom.xml /static/custom.xml
38COPY --chown=$USER policy-inliner.sh /static/policy-inliner.sh
39COPY --chown=$USER rebuild-internal.sh /static/rebuild-internal.sh
40
41RUN TOOLS_DIR=/static/tools /static/rebuild-internal.sh install_custom_scripts install_packages
42
43VOLUME /source
44VOLUME /working
45VOLUME /output
46
47FROM docker_vmm AS docker_vmm_persistent
48
49ENV container docker
50ENV LC_ALL C.UTF-8
51ENV DEBIAN_FRONTEND noninteractive
52
53SHELL [ "/bin/bash", "-c" ]
54
55USER root
56
57# Containers built from this image are meant to persist, once started.  A user
58# account is created on them where the work of building crosvm is carried out,
59# persistently.
60
61RUN apt-get update \
62    && apt-get install -y systemd \
63    && apt-get clean \
64    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
65    && rm -f /var/run/nologin
66
67RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
68    /etc/systemd/system/*.wants/* \
69    /lib/systemd/system/local-fs.target.wants/* \
70    /lib/systemd/system/sockets.target.wants/*udev* \
71    /lib/systemd/system/sockets.target.wants/*initctl* \
72    /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
73    /lib/systemd/system/systemd-update-utmp*
74
75VOLUME [ "/sys/fs/cgroup" ]
76
77CMD ["/lib/systemd/systemd"]
78
79RUN apt update \
80    && apt install -y apt-utils sudo dpkg-dev coreutils \
81       openssh-server openssh-client psmisc iptables iproute2 dnsmasq \
82       net-tools rsyslog equivs
83
84RUN apt install -y dialog
85
86RUN sed -i -r -e 's/^#{0,1}\s*PasswordAuthentication\s+(yes|no)/PasswordAuthentication yes/g' /etc/ssh/sshd_config \
87    && sed -i -r -e 's/^#{0,1}\s*PermitEmptyPasswords\s+(yes|no)/PermitEmptyPasswords yes/g' /etc/ssh/sshd_config \
88    && sed -i -r -e 's/^#{0,1}\s*ChallengeResponseAuthentication\s+(yes|no)/ChallengeResponseAuthentication no/g' /etc/ssh/sshd_config \
89    && sed -i -r -e 's/^#{0,1}\s*UsePAM\s+(yes|no)/UsePAM no/g' /etc/ssh/sshd_config
90