FROM debian:bullseye LABEL maintainer="stephane.lesimple+bastion@ovhcloud.com" # cache builds efficiently: just copy the scripts to install packages first COPY bin/admin/install-ttyrec.sh \ bin/admin/install-yubico-piv-checker.sh \ bin/admin/install-mkhash-helper.sh \ bin/admin/packages-check.sh \ /opt/bastion/bin/admin/ COPY lib/shell /opt/bastion/lib/shell/ RUN ["/opt/bastion/bin/admin/packages-check.sh","-i","-d","-s"] RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-d"] RUN ["/opt/bastion/bin/admin/install-yubico-piv-checker.sh","-d"] RUN ["/opt/bastion/bin/admin/install-mkhash-helper.sh","-d"] # handle locales RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen # disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log RUN test -e /etc/syslog-ng/syslog-ng.conf && \ sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf # at each modification of our code, we'll start from here thanks to build cache COPY . /opt/bastion # tests that the environment works RUN ["/opt/bastion/bin/dev/perl-check.sh"] # setup ssh/sshd config and setup bastion install RUN ["/opt/bastion/bin/admin/install","--new-install"] # start at entrypoint ENTRYPOINT /opt/bastion/docker/entrypoint.sh # TESTOPT --has-mfa=1 --has-pamtester=1 --has-piv=1