KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
football/Dockerfile
Charles N Wyble cc1f218995 fix: add file utility and pin bats packages in Dockerfile 
live-build requires the 'file' command for installer processing.
Also pinned versions for bats-assert, bats-support, and bats-file
to satisfy hadolint DL3008 and ensure reproducible builds.

Reference: Build error "file: not found"

💘 Generated with Crush

Assisted-by: GLM-5 via Crush <crush@charm.land>
2026-02-20 13:03:40 -05:00

80 lines
2.4 KiB
Docker
Raw Permalink Blame History

# KNEL-Football ISO Builder - Dockerfile
# Multi-stage build for security hardening and reproducible builds
# Copyright © 2026 Known Element Enterprises LLC
# License: GNU Affero General Public License v3.0 only
# Base stage - minimal Debian 13 base
FROM debian:13.3-slim AS base
# Set environment variables for non-interactive installation
ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=C.UTF-8
ENV LC_ALL=C
ENV TZ=UTC
# Install base dependencies (versions pinned for reproducible builds - FINDING-006)
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates=20250419 \
gnupg=2.4.7-21+deb13u1 \
curl=8.14.1-2+deb13u2 \
wget=1.25.0-2 \
git=1:2.47.3-0+deb13u1 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Builder stage - ISO build tools
FROM base AS builder
# Install live-build and ISO creation tools (versions pinned for reproducible builds - FINDING-006)
RUN apt-get update && apt-get install -y --no-install-recommends \
live-build=1:20250505+deb13u1 \
debootstrap=1.0.141 \
squashfs-tools=1:4.6.1-1 \
xorriso=1.5.6-1.2+b1 \
grub-pc-bin=2.12-9 \
grub-efi-amd64-bin=2.12-9 \
grub-efi-ia32-bin=2.12-9 \
mtools=4.0.48-1 \
dosfstools=4.2-1.2 \
syslinux-utils=3:6.04~git20190206.bf6db5b4+dfsg1-3.1 \
isolinux=3:6.04~git20190206.bf6db5b4+dfsg1-3.1 \
file=1:5.46-2 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install testing framework (versions pinned for reproducible builds - FINDING-006)
RUN apt-get update && apt-get install -y --no-install-recommends \
bats=1.11.1-1 \
bats-assert=2.1.0-3 \
bats-support=0.3.0-4 \
bats-file=0.4.0-1 \
shellcheck=0.10.0-1 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install security and system tools (versions pinned for reproducible builds - FINDING-006)
RUN apt-get update && apt-get install -y --no-install-recommends \
nftables=1.1.3-1 \
iptables=1.8.11-2 \
auditd=1:4.0.2-2+b2 \
rsyslog=8.2504.0-1 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Create workspace directories
RUN mkdir -p /workspace /build /tmp /output
# Create non-root user for running builds
RUN groupadd -r builder && useradd -r -g builder builder \
&& mkdir -p /home/builder \
&& chown -R builder:builder /workspace /build /tmp /output /home/builder
# Set working directory
WORKDIR /workspace
# Switch to non-root user
USER builder
# Default command
CMD ["/bin/bash"]
Reference in New Issue View Git Blame Copy Permalink