11# syntax=docker/dockerfile:1
22
3- FROM alpine:3 as rootfs-stage
3+ # =============================================================================
4+ # FIPS-Compatible LinuxServer Ubuntu Base Image
5+ # Uses your organization's FIPS Ubuntu image instead of standard Ubuntu
6+ # =============================================================================
47
5- # environment
6- ENV REL=jammy
7- ENV ARCH=amd64
8+ ARG ECR_ACCOUNT_ID
9+ ARG ECR_REGION=us-east-1
10+ ARG IMAGE_NAME=civis-ubuntu-fips
11+ ARG IMAGE_TAG=22.04
812
9- # install packages
10- RUN \
11- apk add --no-cache \
12- bash \
13- curl \
14- tzdata \
15- xz
16-
17- # grab base tarball
18- RUN \
19- mkdir /root-out && \
20- curl -o \
21- /rootfs.tar.gz -L \
22- https://partner-images.canonical.com/core/${REL}/current/ubuntu-${REL}-core-cloudimg-${ARCH}-root.tar.gz && \
23- tar xf \
24- /rootfs.tar.gz -C \
25- /root-out && \
26- rm -rf \
27- /root-out/var/log/*
28-
29- # set version for s6 overlay
30- ARG S6_OVERLAY_VERSION="3.1.6.2"
31- ARG S6_OVERLAY_ARCH="x86_64"
32-
33- # add s6 overlay
34- ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
35- RUN tar -C /root-out -Jxpf /tmp/s6-overlay-noarch.tar.xz
36- ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz /tmp
37- RUN tar -C /root-out -Jxpf /tmp/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz
38-
39- # add s6 optional symlinks
40- ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz /tmp
41- RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
42- ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz /tmp
43- RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz
13+ FROM ${ECR_ACCOUNT_ID}.dkr.ecr-fips.${ECR_REGION}.amazonaws.com/${IMAGE_NAME}:${IMAGE_TAG}
4414
45- # Runtime stage
46- FROM scratch
47- COPY --from=rootfs-stage /root-out/ /
15+ # Build arguments
4816ARG BUILD_DATE
49- ARG VERSION
17+ ARG VERSION=0.1.0
5018ARG MODS_VERSION="v3"
5119ARG PKG_INST_VERSION="v1"
5220ARG LSIOWN_VERSION="v1"
21+ ARG S6_OVERLAY_VERSION="3.1.6.2"
22+ ARG S6_OVERLAY_ARCH="x86_64"
23+
24+ # Labels
5325LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
54- LABEL maintainer="TheLamer"
26+ LABEL maintainer="civisanalytics"
27+
28+ # =============================================================================
29+ # Install s6-overlay directly on FIPS image (preserves FIPS compliance)
30+ # =============================================================================
31+ RUN apt-get update && \
32+ apt-get install -y curl xz-utils && \
33+ \
34+ # Download s6-overlay components
35+ curl -L -o /tmp/s6-overlay-noarch.tar.xz \
36+ "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" && \
37+ curl -L -o /tmp/s6-overlay-arch.tar.xz \
38+ "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz" && \
39+ curl -L -o /tmp/s6-overlay-symlinks-noarch.tar.xz \
40+ "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz" && \
41+ curl -L -o /tmp/s6-overlay-symlinks-arch.tar.xz \
42+ "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz" && \
43+ \
44+ # Extract s6-overlay
45+ tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \
46+ tar -C / -Jxpf /tmp/s6-overlay-arch.tar.xz && \
47+ tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz && \
48+ tar -C / -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz && \
49+ \
50+ # Cleanup
51+ rm -f /tmp/s6-overlay*.tar.xz
5552
56- ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods"
57- ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run"
58- ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" "/usr/bin/lsiown"
53+ # =============================================================================
54+ # Add LinuxServer.io mod scripts
55+ # =============================================================================
56+ ADD --chmod=744 \
57+ "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" \
58+ "/docker-mods"
5959
60- # set environment variables
60+ ADD --chmod=744 \
61+ "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" \
62+ "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run"
63+
64+ ADD --chmod=744 \
65+ "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" \
66+ "/usr/bin/lsiown"
67+
68+ # =============================================================================
69+ # Environment Variables
70+ # =============================================================================
6171ARG DEBIAN_FRONTEND="noninteractive"
62- ENV HOME="/root" \
72+
73+ ENV HOME="/workspace" \
6374 LANGUAGE="en_US.UTF-8" \
6475 LANG="en_US.UTF-8" \
6576 TERM="xterm" \
@@ -69,49 +80,40 @@ ENV HOME="/root" \
6980 VIRTUAL_ENV=/lsiopy \
7081 PATH="/lsiopy/bin:$PATH"
7182
72- # copy sources
73- COPY sources.list /etc/apt/
74-
75- RUN \
76- echo "**** Ripped from Ubuntu Docker Logic ****" && \
83+ # =============================================================================
84+ # System Setup and Package Installation
85+ # =============================================================================
86+ RUN echo "**** Ubuntu Docker optimizations ****" && \
7787 set -xe && \
78- echo '#!/bin/sh' \
79- > /usr/sbin/policy-rc.d && \
80- echo 'exit 101' \
81- >> /usr/sbin/policy-rc.d && \
82- chmod +x \
83- /usr/sbin/policy-rc.d && \
88+ \
89+ # Configure policy-rc.d to prevent service starts during build
90+ echo '#!/bin/sh' > /usr/sbin/policy-rc.d && \
91+ echo 'exit 101' >> /usr/sbin/policy-rc.d && \
92+ chmod +x /usr/sbin/policy-rc.d && \
93+ \
94+ # Configure initctl
8495 dpkg-divert --local --rename --add /sbin/initctl && \
85- cp -a \
86- /usr/sbin/policy-rc.d \
87- /sbin/initctl && \
88- sed -i \
89- 's/^exit.*/exit 0/' \
90- /sbin/initctl && \
91- echo 'force-unsafe-io' \
92- > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup && \
93- echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' \
94- > /etc/apt/apt.conf.d/docker-clean && \
95- echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' \
96- >> /etc/apt/apt.conf.d/docker-clean && \
97- echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' \
98- >> /etc/apt/apt.conf.d/docker-clean && \
99- echo 'Acquire::Languages "none";' \
100- > /etc/apt/apt.conf.d/docker-no-languages && \
101- echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' \
102- > /etc/apt/apt.conf.d/docker-gzip-indexes && \
103- echo 'Apt::AutoRemove::SuggestsImportant "false";' \
104- > /etc/apt/apt.conf.d/docker-autoremove-suggests && \
96+ cp -a /usr/sbin/policy-rc.d /sbin/initctl && \
97+ sed -i 's/^exit.*/exit 0/' /sbin/initctl && \
98+ \
99+ # Configure APT for Docker optimization
100+ echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup && \
101+ echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean && \
102+ echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean && \
103+ echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean && \
104+ \
105+ # Configure systemd for Docker
105106 mkdir -p /run/systemd && \
106- echo 'docker' \
107- > /run/systemd/container && \
108- echo "**** install apt-utils and locales ****" && \
107+ echo 'docker' > /run/systemd/container && \
108+ \
109+ echo "**** Install apt-utils and locales ****" && \
109110 apt-get update && \
110111 apt-get upgrade -y && \
111112 apt-get install -y \
112113 apt-utils \
113114 locales && \
114- echo "**** install packages ****" && \
115+ \
116+ echo "**** Install essential packages ****" && \
115117 apt-get install -y \
116118 catatonit \
117119 cron \
@@ -120,17 +122,23 @@ RUN \
120122 jq \
121123 netcat \
122124 tzdata && \
123- echo "**** generate locale ****" && \
125+ \
126+ echo "**** Generate locale ****" && \
124127 locale-gen en_US.UTF-8 && \
125- echo "**** create abc user and make our folders ****" && \
128+ \
129+ echo "**** Create abc user and directories ****" && \
126130 useradd -u 911 -U -d /config -s /bin/false abc && \
127131 usermod -G users abc && \
128132 mkdir -p \
129133 /app \
130134 /config \
131135 /defaults \
132- /lsiopy && \
133- echo "**** cleanup ****" && \
136+ /lsiopy \
137+ /workspace && \
138+ chown root:root /workspace && \
139+ chmod 755 /workspace && \
140+ \
141+ echo "**** Cleanup ****" && \
134142 apt-get autoremove && \
135143 apt-get clean && \
136144 rm -rf \
@@ -139,7 +147,9 @@ RUN \
139147 /var/tmp/* \
140148 /var/log/*
141149
142- # add local files
150+ # =============================================================================
151+ # Add local files (s6 service configurations)
152+ # =============================================================================
143153COPY root/ /
144154
145155ENTRYPOINT ["/init" ]
0 commit comments