vyos-build/docker/Dockerfile

# Must be run with --privileged flag
# Recommended to run the container with a volume mapped
# in order to easy exprort images built to "external" world
FROM debian:jessie

ENV DEBIAN_FRONTEND noninteractive

# Standard shell should be bash not dash
RUN echo "dash dash/sh boolean false" | debconf-set-selections && \
    dpkg-reconfigure dash

RUN apt-get update && apt-get install -y \
      dialog \
      apt-utils \
      locales

RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
ENV LANG en_US.utf8

RUN apt-get update && apt-get install -y \
      vim \
      git \
      curl \
      make \
      sudo \
      live-build \
      pbuilder \
      devscripts \
      python3-pystache \
      squashfs-tools \
      autoconf \
      automake \
      dpkg-dev \
      syslinux \
      genisoimage \
      lsb-release \
      fakechroot \
      kernel-package \
      libtool \
      libglib2.0-dev \
      libboost-filesystem-dev \
      libapt-pkg-dev \
      libncurses5-dev \
      flex \
      bison \
      libperl-dev \
      libnfnetlink-dev \
      parted \
      kpartx \
      jq \
      qemu-system-x86 \
      qemu-utils \
      quilt \
      python3-lxml \
      python3-setuptools \
      python3-nose \
      python3-coverage \
      python3-sphinx

# Add Debian jessie-backports support
RUN echo 'deb http://ftp.debian.org/debian jessie-backports main' | tee -a /etc/apt/sources.list && \
    apt-get update && apt-get install -y -t jessie-backports \
      python3-git \
      gosu

# Packages needed for building vyos-strongswan
RUN apt-get update && apt-get install -y -t jessie-backports debhelper && \
    apt-get install -y \
      dh-apparmor \
      gperf \
      iptables-dev \
      libcap-dev \
      libgcrypt20-dev \
      libgmp3-dev \
      libldap2-dev \
      libpam0g-dev \
      libsystemd-dev \
      libgmp-dev \
      iptables \
      xl2tpd \
      libcurl4-openssl-dev \
      libcurl4-openssl-dev \
      libkrb5-dev \
      libsqlite3-dev \
      libssl-dev \
      libxml2-dev \
      pkg-config

# Package needed for mdns-repeater
RUN apt-get update && apt-get install -y -t jessie-backports \
      dh-systemd

# Packages needed for vyatta-cfg
RUN apt-get update &&apt-get install -y \
      libboost-filesystem-dev

# Packages needed for vyatta-iproute
RUN apt-get update && apt-get install -y \
      libatm1-dev \
      libdb-dev

# Packages needed for vyatta-webgui
RUN apt-get update && apt-get install -y \
      libexpat1-dev \
      subversion

# Packages needed for pmacct
RUN apt-get update && apt-get install -y \
      libpcap-dev \
      libpq-dev \
      default-libmysqlclient-dev \
      libgeoip-dev \
      librabbitmq-dev \
      libjansson-dev \
      librdkafka-dev \
      libnetfilter-log-dev

# Packages needed for vyos-keepalived
RUN apt-get update && apt-get install -y \
      libnl-3-dev \
      libnl-genl-3-dev \
      libpopt-dev \
      libsnmp-dev

# Pavkages needed for wireguard
RUN apt-get update && apt-get install -y \
      libmnl-dev

# Packages needed for kernel
RUN apt-get update && apt-get install -y \
      libelf-dev

# Packages needed for vyos-accel-ppp
RUN apt-get update && apt-get install -y \
      cdbs \
      cmake \
      liblua5.1-dev

# Prerequisites for building FRR from source
# see http://docs.frrouting.org/projects/dev-guide/en/latest/building-frr-for-debian8.html
RUN apt-get update && apt-get install -y \
      doxygen \
      libssh-dev

RUN export RTRLIB_COMMIT="v0.6.3" && \
    git clone https://github.com/rtrlib/rtrlib.git && \
    cd rtrlib && git checkout $RTRLIB_COMMIT && \
    dpkg-buildpackage -uc -us -tc -b && dpkg -i ../*.deb

# Prerequisites for building FRR from source
# see http://docs.frrouting.org/projects/dev-guide/en/latest/building-frr-for-debian8.html
#
RUN export LIBYANG_COMMIT="v0.16-r2" && \
    git clone https://github.com/CESNET/libyang.git && \
    cd libyang && git checkout $LIBYANG_COMMIT && mkdir build && cd build && \
    cmake -DENABLE_LYD_PRIV=ON -DCMAKE_INSTALL_PREFIX:PATH=/usr .. && \
    make && make install

# Packages needed for frr
RUN apt-get update && apt-get install -y \
      libreadline-dev \
      texinfo \
      pkg-config \
      imagemagick \
      groff \
      hardening-wrapper \
      gawk \
      chrpath \
      libjson0 \
      libjson0-dev \
      python-ipaddr \
      python3-dev \
      python3-pytest \
      install-info \
      libc-ares-dev \
      libc-ares2 \
      libzmq3 \
      libzmq3-dev

# Packages needed for conntrack-tools
RUN apt-get update && apt-get install -y \
      libnetfilter-conntrack-dev \
      libnetfilter-cthelper0-dev \
      libnetfilter-cttimeout-dev \
      libnetfilter-queue-dev

# Packages needed for libvyosconfig && VyConf
RUN apt-get update && apt-get install -y \
      libffi-dev \
      menhir

# Packages needed for libvyosconfig
RUN curl https://raw.githubusercontent.com/ocaml/opam/2.0.2/shell/install.sh --output /tmp/opam_install.sh && \
    sed -i 's/read BINDIR/BINDIR=""/' /tmp/opam_install.sh && sh /tmp/opam_install.sh && \
    opam init --disable-sandboxing && \
    eval $(opam env) && opam switch create 4.07.0 && \
    eval $(opam env) && opam install -y oasis && \
    eval $(opam env) && opam install -y \
      fileutils \
      lwt \
      lwt_ppx \
      lwt_log \
      ocplib-endian \
      ounit \
      pcre \
      ppx_deriving_yojson \
      sha \
      toml \
      xml-light \
      batteries \
      ocaml-protoc \
      ctypes-foreign

RUN eval $(opam env) && opam install -y \
      ctypes

# Build VyConf which is required to build libvyosconfig
RUN eval $(opam env) && \
    git clone https://github.com/vyos/vyconf.git && \
    cd vyconf && \
    git checkout 0f121c12a84200 && \
    ./build-setup.sh && \
    ./configure --enable-tests && \
    make && \
    make test && \
    make install

# Build libvyosconfig
RUN eval $(opam env) && \
    git clone https://github.com/vyos/libvyosconfig && \
    cd libvyosconfig && \
    git checkout e75e4ae638c49e && \
    dpkg-buildpackage -uc -us -tc -b && \
    dpkg -i ../libvyosconfig0_*_amd64.deb

# Packages needed for vyos-1x
RUN apt-get update && apt-get install -y \
      whois

# Update live-build
RUN echo 'deb http://ftp.debian.org/debian stretch main' | tee -a /etc/apt/sources.list.d/stretch.list && \
    apt-get update && apt-get install -y -t stretch live-build && \
    rm -f /etc/apt/sources.list.d/stretch.list && \
    apt-get update && \
    rm -rf /var/lib/apt/lists/*

# Install packer
RUN export LATEST="$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packer | \
    jq -r -M '.current_version')"; \
    echo "url https://releases.hashicorp.com/packer/"$LATEST"/packer_"$LATEST"_linux_amd64.zip" |\
    curl -K- | gzip -d > /usr/bin/packer && \
    chmod +x /usr/bin/packer

# Allow password-less 'sudo' for all users in group 'sudo'
RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \
    chmod a+s /usr/sbin/useradd /usr/sbin/groupadd /usr/sbin/gosu /usr/sbin/usermod

COPY entrypoint.sh /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]