mirror of
https://github.com/ovh/the-bastion.git
synced 2025-11-04 11:26:17 +08:00
a68ccb3f8c
add: - Debian 11 - RockyLinux 8 remove: - OpenSUSE Leap 15.2 - Old minor versions of CentOS 7.x - Old minor versions of CentOS 8.x
27 lines
1.2 KiB
Text
27 lines
1.2 KiB
Text
FROM centos:8
|
|
LABEL maintainer="stephane.lesimple+bastion@ovhcloud.com"
|
|
|
|
# cache builds efficiently: just copy the scripts to install packages first
|
|
COPY bin/admin/install-ttyrec.sh bin/admin/install-yubico-piv-checker.sh bin/admin/packages-check.sh /opt/bastion/bin/admin/
|
|
COPY lib/shell /opt/bastion/lib/shell/
|
|
RUN ["/opt/bastion/bin/admin/packages-check.sh","-i","-d","-s"]
|
|
RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-r"]
|
|
RUN ["/opt/bastion/bin/admin/install-yubico-piv-checker.sh","-r"]
|
|
|
|
# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
|
|
RUN test -e /etc/syslog-ng/syslog-ng.conf && \
|
|
sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf
|
|
|
|
# at each modification of our code, we'll start from here thanks to build cache
|
|
COPY . /opt/bastion
|
|
|
|
# tests that the environment works
|
|
RUN ["/opt/bastion/bin/dev/perl-check.sh"]
|
|
|
|
# setup ssh/sshd config and setup bastion install
|
|
RUN ["/opt/bastion/bin/admin/install","--new-install"]
|
|
|
|
# start at entrypoint
|
|
ENTRYPOINT /opt/bastion/docker/entrypoint.sh
|
|
|
|
# TESTOPT --has-mfa=1 --has-pamtester=1 --has-piv=1
|