1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
#!/bin/sh
# ./create-image openssh 7.3p1 openssl 1.0.2m [in-file]
case $1 in
openssh)
FAMssh=openssh
VERssh=$2
PFX=https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-
SFX=.tar.gz
TMP=tmp.tar.gz
;;
*)
echo "Unsupported: $1"
exit
esac
FAMssl=$3
VERssl=$4
INPUT_FILE=$5
VER=${FAMssh}${VERssh}-${FAMssl}${VERssl}
# This way of fetching the tar-file separate from the docker commands makes
# http-proxy handling way easier. The wget command handles the $https_proxy
# variable while the docker command must have /etc/docker/something changed
# and the docker server restarted. That is not possible without root access.
# Make a Dockerfile. This method simplifies env variable handling considerably:
cat - > TempDockerFile <<EOF
FROM ssh_compat_suite-${FAMssl}:${VERssl}
LABEL openssh-version=${VER}
WORKDIR /buildroot
COPY ${TMP} .
RUN tar xf ${TMP}
# Build and install
WORKDIR ${FAMssh}-${VERssh}
# Probably VERY OpenSSH dependent...:
RUN ./configure --without-pie \
--prefix=/buildroot/ssh \
--with-ssl-dir=/buildroot/ssl \
--with-pam \
LDFLAGS=-Wl,-R/buildroot/ssl/lib
RUN make
RUN make install
RUN echo UsePAM yes >> /buildroot/ssh/etc/sshd_config
RUN echo Built ${VER}
# Start the daemon, but keep it in foreground to avoid killing the container
CMD /buildroot/ssh/sbin/sshd -D -p 1234
EOF
# Fetch the tar file. This could be done in an "ADD ..." in the Dockerfile,
# but then we hit the proxy problem...
if [ "x$INPUT_FILE" = "x" ]
then
wget -O $TMP $PFX$VERssh$SFX
elif [ "x$INPUT_FILE" != "x$TMP" ]
then
echo "Use $INPUT_FILE for input"
cp $INPUT_FILE $TMP
fi
# Build the image:
docker build -t ssh_compat_suite-ssh:$VER -f ./TempDockerFile .
# Cleaning
rm -fr ./TempDockerFile $TMP
|
