|
| 1 | +FROM ubuntu:24.04 |
| 2 | + |
| 3 | +ENV LC_ALL C |
| 4 | +ENV USER {{ server_user }} |
| 5 | +ENV JOBS {{ server_jobs | default(ansible_processor_vcpus) }} |
| 6 | +ENV SHELL /bin/bash |
| 7 | +ENV HOME /home/{{ server_user }} |
| 8 | +ENV PATH /usr/local/venv/bin:/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
| 9 | +ENV NODE_COMMON_PIPE /home/{{ server_user }}/test.pipe |
| 10 | +ENV NODE_TEST_DIR /home/{{ server_user }}/tmp |
| 11 | +ENV OSTYPE linux-gnu |
| 12 | +ENV OSVARIANT docker |
| 13 | +ENV DESTCPU {{ arch }} |
| 14 | +ENV ARCH {{ arch }} |
| 15 | +ENV DEBIAN_FRONTEND noninteractive |
| 16 | + |
| 17 | +RUN apt-get update && apt-get install apt-utils -y && \ |
| 18 | + apt-get dist-upgrade -y && apt-get install -y \ |
| 19 | + ccache \ |
| 20 | + g++ \ |
| 21 | + gcc \ |
| 22 | + clang-19 \ |
| 23 | + git \ |
| 24 | + openjdk-21-jre-headless \ |
| 25 | + pkg-config \ |
| 26 | + curl \ |
| 27 | + python3-pip \ |
| 28 | + python3-venv \ |
| 29 | + python-is-python3 \ |
| 30 | + libfontconfig1 \ |
| 31 | + libtool \ |
| 32 | + automake |
| 33 | + |
| 34 | +RUN python3 -m venv /usr/local/venv |
| 35 | +RUN pip3 install tap2junit=={{ tap2junit_version }} |
| 36 | + |
| 37 | +# Delete the default ubuntu user so we can use its UID/GID (1000) if necessary. |
| 38 | +RUN deluser ubuntu && \ |
| 39 | + addgroup --gid {{ server_user_gid.stdout_lines[0] }} {{ server_user }} && \ |
| 40 | + adduser --gid {{ server_user_gid.stdout_lines[0] }} --uid {{ server_user_uid.stdout_lines[0] }} --disabled-password --gecos {{ server_user }} {{ server_user }} |
| 41 | + |
| 42 | +ENV ICU69DIR=/opt/icu-69.1 \ |
| 43 | + ICU71DIR=/opt/icu-71.1 \ |
| 44 | + ICU73DIR=/opt/icu-73.2 |
| 45 | + |
| 46 | +RUN for ICU_ENV in $(env | grep ICU..DIR); do \ |
| 47 | + ICU_PREFIX=$(echo $ICU_ENV | cut -d '=' -f 2) && \ |
| 48 | + ICU_VERSION=$(echo $ICU_PREFIX | cut -d '-' -f 2) && \ |
| 49 | + ICU_MAJOR=$(echo $ICU_VERSION | cut -d '.' -f 1) && \ |
| 50 | + ICU_MINOR=$(echo $ICU_VERSION | cut -d '.' -f 2) && \ |
| 51 | + mkdir -p /tmp/icu-$ICU_VERSION && \ |
| 52 | + cd /tmp/icu-$ICU_VERSION && \ |
| 53 | + curl -sL "https://github.com/unicode-org/icu/releases/download/release-$ICU_MAJOR-$ICU_MINOR/icu4c-${ICU_MAJOR}_$ICU_MINOR-src.tgz" | tar zxv --strip=1 && \ |
| 54 | + cd source && \ |
| 55 | + ./runConfigureICU Linux --prefix=$ICU_PREFIX && \ |
| 56 | + make -j $JOBS && \ |
| 57 | + make install && \ |
| 58 | + rm -rf /tmp/icu-$ICU_VERSION; \ |
| 59 | + done |
| 60 | + |
| 61 | +ENV OPENSSL111VER 1.1.1w |
| 62 | +ENV OPENSSL111DIR /opt/openssl-$OPENSSL111VER |
| 63 | + |
| 64 | +RUN mkdir -p /tmp/openssl_$OPENSSL111VER && \ |
| 65 | + cd /tmp/openssl_$OPENSSL111VER && \ |
| 66 | + curl -sL https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-$OPENSSL111VER.tar.gz | tar zxv --strip=1 && \ |
| 67 | + ./config --prefix=$OPENSSL111DIR && \ |
| 68 | + make -j $JOBS && \ |
| 69 | + make install && \ |
| 70 | + rm -rf /tmp/openssl_$OPENSSL111VER |
| 71 | + |
| 72 | +# OpenSSL FIPS validation occurs post-release, and not for every version. |
| 73 | +# See https://www.openssl.org/docs/fips.html and the version documented in the |
| 74 | +# certificate and security policy. |
| 75 | +ENV OPENSSL30FIPSVER 3.0.8 |
| 76 | +ENV OPENSSL30FIPSDIR /opt/openssl-$OPENSSL30FIPSVER-fips |
| 77 | + |
| 78 | +RUN mkdir -p /tmp/openssl-$OPENSSL30FIPSVER && \ |
| 79 | + cd /tmp/openssl-$OPENSSL30FIPSVER && \ |
| 80 | + curl -sL https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL30FIPSVER/openssl-$OPENSSL30FIPSVER.tar.gz | tar zxv --strip=1 && \ |
| 81 | + ./config --prefix=$OPENSSL30FIPSDIR enable-fips && \ |
| 82 | + make -j $JOBS && \ |
| 83 | + make install && \ |
| 84 | + rm -rf /tmp/openssl-$OPENSSL30FIPSVER |
| 85 | +# Install the FIPS provider. Update OpenSSL config file to enable FIPS. |
| 86 | +RUN LD_LIBRARY_PATH=$OPENSSL30FIPSDIR/lib64 $OPENSSL30FIPSDIR/bin/openssl fipsinstall \ |
| 87 | + -module $OPENSSL30FIPSDIR/lib64/ossl-modules/fips.so -provider_name fips \ |
| 88 | + -out $OPENSSL30FIPSDIR/ssl/fipsmodule.cnf && \ |
| 89 | + sed -i -r "s|^# (.include fipsmodule.cnf)|.include $OPENSSL30FIPSDIR\/ssl\/fipsmodule.cnf|g" $OPENSSL30FIPSDIR/ssl/openssl.cnf && \ |
| 90 | + sed -i -r '/^providers = provider_sect/a alg_section = evp_properties' $OPENSSL30FIPSDIR/ssl/openssl.cnf && \ |
| 91 | + sed -i -r 's/^# (fips = fips_sect)/\1/g' $OPENSSL30FIPSDIR/ssl/openssl.cnf && \ |
| 92 | + sed -i -r 's/^# (activate = 1)/\1/g' $OPENSSL30FIPSDIR/ssl/openssl.cnf && \ |
| 93 | + echo "\n[evp_properties]\ndefault_properties = \"fips=yes\"\n" >> $OPENSSL30FIPSDIR/ssl/openssl.cnf |
| 94 | + |
| 95 | +ENV OPENSSL30VER 3.0.14+quic |
| 96 | +ENV OPENSSL30DIR /opt/openssl-$OPENSSL30VER |
| 97 | + |
| 98 | +RUN mkdir -p /tmp/openssl-$OPENSSL30VER && \ |
| 99 | + cd /tmp/openssl-$OPENSSL30VER && \ |
| 100 | + git clone https://github.com/quictls/openssl.git -b openssl-$OPENSSL30VER --depth 1 && \ |
| 101 | + cd openssl && \ |
| 102 | + ./config --prefix=$OPENSSL30DIR && \ |
| 103 | + make -j $JOBS && \ |
| 104 | + make install && \ |
| 105 | + rm -rf /tmp/openssl-$OPENSSL30VER |
| 106 | + |
| 107 | +ENV OPENSSL31VER 3.1.7 |
| 108 | +ENV OPENSSL31DIR /opt/openssl-$OPENSSL31VER |
| 109 | + |
| 110 | +RUN mkdir -p /tmp/openssl-$OPENSSL31VER && \ |
| 111 | + cd /tmp/openssl-$OPENSSL31VER && \ |
| 112 | + curl -sL https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL31VER/openssl-$OPENSSL31VER.tar.gz | tar zxv --strip=1 && \ |
| 113 | + ./config --prefix=$OPENSSL31DIR && \ |
| 114 | + make -j $JOBS && \ |
| 115 | + make install && \ |
| 116 | + rm -rf /tmp/openssl-$OPENSSL31VER |
| 117 | + |
| 118 | +ENV OPENSSL32VER 3.2.3 |
| 119 | +ENV OPENSSL32DIR /opt/openssl-$OPENSSL32VER |
| 120 | + |
| 121 | +RUN mkdir -p /tmp/openssl-$OPENSSL32VER && \ |
| 122 | + cd /tmp/openssl-$OPENSSL32VER && \ |
| 123 | + curl -sL https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL32VER/openssl-$OPENSSL32VER.tar.gz | tar zxv --strip=1 && \ |
| 124 | + ./config --prefix=$OPENSSL32DIR && \ |
| 125 | + make -j $JOBS && \ |
| 126 | + make install && \ |
| 127 | + rm -rf /tmp/openssl-$OPENSSL32VER |
| 128 | + |
| 129 | +ENV OPENSSL35VER 3.5.0 |
| 130 | +ENV OPENSSL35DIR /opt/openssl-$OPENSSL35VER |
| 131 | + |
| 132 | +RUN mkdir -p /tmp/openssl-$OPENSSL35VER && \ |
| 133 | + cd /tmp/openssl-$OPENSSL35VER && \ |
| 134 | + curl -sL https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL35VER/openssl-$OPENSSL35VER.tar.gz | tar zxv --strip=1 && \ |
| 135 | + ./config --prefix=$OPENSSL35DIR && \ |
| 136 | + make -j $JOBS && \ |
| 137 | + make install && \ |
| 138 | + rm -rf /tmp/openssl-$OPENSSL35VER |
| 139 | + |
| 140 | +ENV ZLIBVER 1.2.13 |
| 141 | +ENV ZLIB12DIR /opt/zlib_$ZLIBVER |
| 142 | + |
| 143 | +RUN mkdir -p /tmp/zlib_$ZLIBVER && \ |
| 144 | + cd /tmp/zlib_$ZLIBVER && \ |
| 145 | + curl -sL https://zlib.net/fossils/zlib-$ZLIBVER.tar.gz | tar zxv --strip=1 && \ |
| 146 | + ./configure --prefix=$ZLIB12DIR && \ |
| 147 | + make -j $JOBS && \ |
| 148 | + make install && \ |
| 149 | + rm -rf /tmp/zlib_$ZLIBVER |
| 150 | + |
| 151 | +VOLUME /home/{{ server_user }}/ /home/{{ server_user }}/.ccache |
| 152 | + |
| 153 | +USER iojs:iojs |
| 154 | + |
| 155 | +ENV CCACHE_TEMPDIR /home/iojs/.ccache/{{ item.name }} |
| 156 | + |
| 157 | +CMD cd /home/iojs \ |
| 158 | + && curl https://ci.nodejs.org/jnlpJars/agent.jar -O \ |
| 159 | + && java -Xmx{{ server_ram|default('128m') }} \ |
| 160 | + -jar /home/{{ server_user }}/agent.jar \ |
| 161 | + -url {{ jenkins_url }} \ |
| 162 | + -name {{ item.name }} \ |
| 163 | + -secret {{ item.secret }} |
0 commit comments