"Fossies" - the Fresh Open Source Software Archive

Member "sudo-1.9.11p3/docker/README" (12 Jun 2022, 1931 Bytes) of package /linux/misc/sudo-1.9.11p3.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 Container images are stored in https://hub.docker.com/repositories as
    2 user sudoproject.  Build images are named based on the distro and use
    3 the tag to differentiate between different versions and architectures.
    4 There should always be a "latest" tag (or manifest).
    5 
    6 When creating a new Dockerfile, use one of the Debian or Fedora files
    7 as a template.  The examples below use podman rather than docker but it
    8 should be possible to them interchangeably.
    9 
   10 To build Debian containers for both amd64 and i386 (others only have amd64):
   11 
   12     podman build --arch amd64 --pull -t sudoproject/debian:latest.amd64 \
   13 	docker/debian/latest
   14     podman build --arch 386 --pull -t sudoproject/debian:latest.i386 \
   15 	docker/debian/latest
   16 
   17 Then push it to dockerhub (may need to run "podman login" first):
   18     podman push sudoproject/debian:latest.amd64
   19     podman push sudoproject/debian:latest.i386
   20 
   21 Multi-arch containers are supported by creating a manifest, e.g.:
   22     podman manifest create sudoproject/debian:latest
   23     podman manifest add sudoproject/debian:latest \
   24 	sudoproject/debian:latest.amd64
   25     podman manifest add sudoproject/debian:latest \
   26 	sudoproject/debian:latest.i386
   27 
   28 Finally push the manifest to dockerhub:
   29     podman push sudoproject/debian:latest
   30 
   31 When building bleeding edge images it is possible that the seccomp
   32 filter will be out of date with respect to system calls.  It may
   33 be necessary to pass podman the --security-opt=seccomp=unconfined
   34 option in this case.
   35 
   36 Note that memory sanitizer uses ptrace which is not allowed for
   37 non-root containers by default.  This will cause a failure when
   38 running the tests if sudo is configured with --enable-sanitizer.
   39 The simplest solution is to run the container with the SYS_PTRACE
   40 capability.  E.g.
   41     podman run -it --cap-add SYS_PTRACE ...
   42 
   43 Alternately, disable leak sanitizer by setting
   44     ASAN_OPTIONS=detect_leaks=0
   45 in the environment of the container doing "make check".