-
Notifications
You must be signed in to change notification settings - Fork 18
/
Dockerfile-linux
121 lines (102 loc) · 4.35 KB
/
Dockerfile-linux
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
FROM ubuntu:jammy
ARG zlib_version
ARG zlib_hash
ARG libevent_version
ARG libevent_hash
ARG openssl_version
ARG openssl_hash
ARG tor_version
ARG tor_hash
ARG jobs
COPY gpg-keys/* /
COPY patch /patch
RUN \
DEBIAN_FRONTEND=noninteractive \
apt-get update -qq && apt-get install --no-install-recommends -qq \
automake \
autotools-dev \
build-essential \
curl \
ca-certificates \
file \
gnupg \
libcap-dev \
python-is-python3 \
; # end of apt-get install
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Download and verify all tarballs
RUN \
curl --proto '=https' --tlsv1.3 -fsSL "https://zlib.net/zlib-${zlib_version}.tar.gz" -o "zlib-$zlib_version.tar.gz" && \
curl --proto '=https' --tlsv1.3 -fsSL "https://zlib.net/zlib-${zlib_version}.tar.gz.asc" -o "zlib-$zlib_version.tar.gz.asc" && \
gpg --keyring /zlib.gpg --verify "zlib-$zlib_version.tar.gz.asc" "zlib-$zlib_version.tar.gz" && \
echo "$zlib_hash zlib-$zlib_version.tar.gz" | shasum -a 256 -c - && \
tar -zxvf "zlib-$zlib_version.tar.gz"
RUN \
curl --proto '=https' --tlsv1.3 -fsSL "https://www.openssl.org/source/openssl-$openssl_version.tar.gz" -o "openssl-$openssl_version.tar.gz" && \
curl --proto '=https' --tlsv1.3 -fsSL "https://www.openssl.org/source/openssl-$openssl_version.tar.gz.asc" -o "openssl-$openssl_version.tar.gz.asc" && \
gpg --keyring /openssl.gpg --verify "openssl-$openssl_version.tar.gz.asc" "openssl-$openssl_version.tar.gz" && \
echo "$openssl_hash openssl-$openssl_version.tar.gz" | shasum -a 256 -c - && \
tar -xvzf "openssl-$openssl_version.tar.gz"
RUN \
curl --proto '=https' --tlsv1.3 -fsSL "https://github.com/libevent/libevent/releases/download/release-$libevent_version/libevent-$libevent_version.tar.gz" -o "libevent-$libevent_version.tar.gz" && \
curl --proto '=https' --tlsv1.3 -fsSL "https://github.com/libevent/libevent/releases/download/release-$libevent_version/libevent-$libevent_version.tar.gz.asc" -o "libevent-$libevent_version.tar.gz.asc" && \
gpg --keyring /libevent.gpg --verify "libevent-$libevent_version.tar.gz.asc" "libevent-$libevent_version.tar.gz" && \
echo "$libevent_hash libevent-$libevent_version.tar.gz" | shasum -a 256 -c - && \
tar -zxvf "libevent-$libevent_version.tar.gz"
RUN \
curl --proto '=https' --tlsv1.3 -fsSL "https://dist.torproject.org/tor-$tor_version.tar.gz" -o "tor-$tor_version.tar.gz" && \
curl --proto '=https' --tlsv1.3 -fsSL "https://dist.torproject.org/tor-$tor_version.tar.gz.sha256sum.asc" -o "tor-$tor_version.tar.gz.sha256sum.asc" && \
echo "$tor_hash tor-$tor_version.tar.gz" > "tor-$tor_version.tar.gz.sha256sum" && \
gpg --keyring /tor.gpg --verify "tor-$tor_version.tar.gz.sha256sum.asc" "tor-$tor_version.tar.gz.sha256sum" && \
sha256sum -c "tor-$tor_version.tar.gz.sha256sum" && \
tar -xvzf "tor-$tor_version.tar.gz"
# Configure and compile everything
RUN \
cd "zlib-$zlib_version" && \
./configure --prefix="$PWD/root" --static && \
make ${jobs:+-j${jobs}} && \
make ${jobs:+-j${jobs}} check && \
make install
RUN \
cd "openssl-$openssl_version" && \
./config --prefix="$PWD/root" --libdir=lib \
no-dso \
no-shared \
no-ssl-trace \
no-ui-console && \
make ${jobs:+-j${jobs}} && \
make test && \
make install
RUN \
cd "libevent-$libevent_version" && \
patch -p0 < /patch/libevent/regress_dns.c.patch && \
./configure \
--disable-openssl \
--prefix="$PWD/install" \
--disable-shared \
--enable-gcc-hardening \
--enable-static \
--with-pic && \
ulimit -n 65536 && \
make ${jobs:+-j${jobs}} && \
make ${jobs:+-j${jobs}} check && \
make install
RUN \
cd "tor-$tor_version" && \
./configure --prefix="$PWD/install" \
--enable-static-tor \
--with-libevent-dir="$PWD/../libevent-$libevent_version/install" \
--with-openssl-dir="$PWD/../openssl-$openssl_version/root" \
--with-zlib-dir="$PWD/../zlib-$zlib_version/root" \
--disable-asciidoc \
--disable-html-manual \
--disable-lzma \
--disable-manpage \
--disable-zstd \
--disable-module-relay \
--disable-module-dirauth \
&& \
make ${jobs:+-j${jobs}} && \
make ${jobs:+-j${jobs}} check && \
make install
ENTRYPOINT ["sh", "-c", "while true; do sleep 2; done"]