forked from hardware/debian-mail-overlay
-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathDockerfile
More file actions
executable file
·135 lines (129 loc) · 5 KB
/
Dockerfile
File metadata and controls
executable file
·135 lines (129 loc) · 5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
FROM debian:12.11-slim
ARG DEBIAN_FRONTEND=noninteractive
ARG BUILD_CORES
ARG SKALIBS_VER=2.14.4.0
ARG EXECLINE_VER=2.9.7.0
ARG S6_VER=2.13.2.0
ARG RSPAMD_VER=3.12.1
ARG GUCCI_VER=v1.9.0
ARG TCD_VER=v2.10.0
ARG SKALIBS_SHA256_HASH="0e626261848cc920738f92fd50a24c14b21e30306dfed97b8435369f4bae00a5"
ARG EXECLINE_SHA256_HASH="73c9160efc994078d8ea5480f9161bfd1b3cf0b61f7faab704ab1898517d0207"
ARG S6_SHA256_HASH="c5114b8042716bb70691406931acb0e2796d83b41cbfb5c8068dce7a02f99a45"
ARG RSPAMD_SHA256_HASH="8739aa96db5ff6214595ba0a6f0d90ff46d9f11e5c5e164bbdd749b5cfbd65ed"
ARG GUCCI_SHA256_HASH="5230c34e6cc39e95edd903b38a7466a1bbe0fb87955d572d4af7d9226077dd4c"
ARG TCD_SHA256_HASH="b0c65a9bf5996e05bd0db9ead202476951b86f16c2e34e195c0b968f938613c1"
LABEL description="s6 + rspamd image based on Debian" \
maintainer="Hardware <contact@meshup.net>" \
rspamd_version="Rspamd v$RSPAMD_VER built from source" \
s6_version="s6 v$S6_VER built from source"
ENV LC_ALL=C
RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
&& BUILD_DEPS=" \
cmake \
gcc \
g++ \
make \
ragel \
wget \
pkg-config \
libarchive-dev \
liblua5.1-0-dev \
libluajit-5.1-dev \
libglib2.0-dev \
libevent-dev \
libsqlite3-dev \
libicu-dev \
libssl-dev \
libhyperscan-dev \
libjemalloc-dev \
libmagic-dev \
libsodium-dev" \
&& apt-get update && apt-get dist-upgrade -y \
&& apt-get install -y -q --no-install-recommends \
${BUILD_DEPS} \
libarchive13 \
libevent-2.1-7 \
libglib2.0-0 \
libssl3 \
libmagic1 \
liblua5.1-0 \
libluajit-5.1-2 \
libsqlite3-0 \
libhyperscan5 \
libjemalloc2 \
libsodium23 \
sqlite3 \
openssl \
ca-certificates \
gnupg \
dirmngr \
netcat-openbsd \
&& cd /tmp \
&& SKALIBS_TARBALL="skalibs-${SKALIBS_VER}.tar.gz" \
&& wget -q https://skarnet.org/software/skalibs/${SKALIBS_TARBALL} \
&& CHECKSUM=$(sha256sum ${SKALIBS_TARBALL} | awk '{print $1}') \
&& if [ "${CHECKSUM}" != "${SKALIBS_SHA256_HASH}" ]; then echo "${SKALIBS_TARBALL} : bad checksum" && exit 1; fi \
&& tar xzf ${SKALIBS_TARBALL} && cd skalibs-${SKALIBS_VER} \
&& ./configure --prefix=/usr --datadir=/etc \
&& make && make install \
&& cd /tmp \
&& EXECLINE_TARBALL="execline-${EXECLINE_VER}.tar.gz" \
&& wget -q https://skarnet.org/software/execline/${EXECLINE_TARBALL} \
&& CHECKSUM=$(sha256sum ${EXECLINE_TARBALL} | awk '{print $1}') \
&& if [ "${CHECKSUM}" != "${EXECLINE_SHA256_HASH}" ]; then echo "${EXECLINE_TARBALL} : bad checksum" && exit 1; fi \
&& tar xzf ${EXECLINE_TARBALL} && cd execline-${EXECLINE_VER} \
&& ./configure --prefix=/usr --libdir=/usr/local/lib/ \
&& make && make install \
&& cd /tmp \
&& S6_TARBALL="s6-${S6_VER}.tar.gz" \
&& wget -q https://skarnet.org/software/s6/${S6_TARBALL} \
&& CHECKSUM=$(sha256sum ${S6_TARBALL} | awk '{print $1}') \
&& if [ "${CHECKSUM}" != "${S6_SHA256_HASH}" ]; then echo "${S6_TARBALL} : bad checksum" && exit 1; fi \
&& tar xzf ${S6_TARBALL} && cd s6-${S6_VER} \
&& ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin \
&& make && make install \
&& cd /tmp \
&& RSPAMD_TARBALL="${RSPAMD_VER}.tar.gz" \
&& wget -q https://github.com/rspamd/rspamd/archive/${RSPAMD_TARBALL} \
&& CHECKSUM=$(sha256sum ${RSPAMD_TARBALL} | awk '{print $1}') \
&& if [ "${CHECKSUM}" != "${RSPAMD_SHA256_HASH}" ]; then echo "${RSPAMD_TARBALL} : bad checksum" && exit 1; fi \
&& tar xzf ${RSPAMD_TARBALL} && cd rspamd-${RSPAMD_VER} \
&& cmake \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCONFDIR=/etc/rspamd \
-DRUNDIR=/run/rspamd \
-DDBDIR=/var/mail/rspamd \
-DLOGDIR=/var/log/rspamd \
-DPLUGINSDIR=/usr/share/rspamd \
-DLIBDIR=/usr/lib/rspamd \
-DNO_SHARED=ON \
-DWANT_SYSTEMD_UNITS=OFF \
-DENABLE_TORCH=ON \
-DENABLE_HIREDIS=ON \
-DINSTALL_WEBUI=ON \
-DENABLE_OPTIMIZATION=ON \
-DENABLE_HYPERSCAN=ON \
-DENABLE_JEMALLOC=ON \
-DJEMALLOC_ROOT_DIR=/jemalloc \
. \
&& make -j${NB_CORES} \
&& make install \
&& cd /tmp \
&& GUCCI_BINARY="gucci-${GUCCI_VER}-linux-amd64" \
&& wget -q https://github.com/noqcks/gucci/releases/download/${GUCCI_VER}/${GUCCI_BINARY} \
&& CHECKSUM=$(sha256sum ${GUCCI_BINARY} | awk '{print $1}') \
&& if [ "${CHECKSUM}" != "${GUCCI_SHA256_HASH}" ]; then echo "${GUCCI_BINARY} : bad checksum" && exit 1; fi \
&& chmod +x ${GUCCI_BINARY} \
&& mv ${GUCCI_BINARY} /usr/local/bin/gucci \
&& TCD_TARBALL="traefik-certs-dumper_${TCD_VER}_linux_amd64.tar.gz" \
&& wget -q https://github.com/ldez/traefik-certs-dumper/releases/download/${TCD_VER}/${TCD_TARBALL} \
&& CHECKSUM=$(sha256sum ${TCD_TARBALL} | awk '{print $1}') \
&& if [ "${CHECKSUM}" != "${TCD_SHA256_HASH}" ]; then echo "${TCD_TARBALL} : bad checksum" && exit 1; fi \
&& tar xzf ${TCD_TARBALL} \
&& mv traefik-certs-dumper /usr/local/bin/traefik-certs-dumper \
&& chmod +x /usr/local/bin/traefik-certs-dumper \
&& apt-get purge -y ${BUILD_DEPS} \
&& apt-get autoremove -y \
&& apt-get clean \
&& rm -rf /tmp/* /var/lib/apt/lists/* /var/cache/debconf/*-old