1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# This Dockerfile is a minimal example for a Ubuntu 22.04 test suite target container.
FROM ubuntu:22.04
ENV AUTH_KEYS=/root/.ssh/authorized_keys
ARG CLIENT_PUBLIC_KEY
ARG ADDITIONAL_PACKAGES
ARG DEBIAN_FRONTEND=noninteractive
# Install Python so Ansible remediations can work
# Don't clean all, as the test scenario may require package install.
RUN true \
&& apt update \
&& apt install -y cmake g++ libacl1-dev libblkid-dev libbz2-dev libcap-dev libcurl4-openssl-dev libdbus-1-dev libdbus-glib-1-dev \
libgconf2-dev libgcrypt20-dev libldap2-dev libpcre2-dev libperl-dev librpm-dev libselinux1-dev libxml2-dev libxml-parser-perl \
libxmlsec1-dev libxmlsec1-openssl libxml-xpath-perl libxslt1-dev libyaml-dev openssh-server python3-dev python3-apt swig wget \
$ADDITIONAL_PACKAGES \
&& true
RUN true \
&& wget https://github.com/OpenSCAP/openscap/releases/download/1.3.10/openscap-1.3.10.tar.gz \
&& tar xf openscap-1.3.10.tar.gz && cd openscap-1.3.10 \
&& cmake -Bbuild -DCMAKE_INSTALL_PREFIX=/usr . \
&& cmake --build build --target install
RUN true \
&& ssh-keygen -A \
&& mkdir -p /root/.ssh \
&& printf "%s\n" "$CLIENT_PUBLIC_KEY" >> "$AUTH_KEYS" \
&& chmod og-rw /root/.ssh "$AUTH_KEYS" \
&& sed -i '/session\s\+required\s\+pam_loginuid.so/d' /etc/pam.d/sshd \
&& echo CPE_NAME="cpe:/o:canonical:ubuntu_linux:22.04" >> /etc/os-release \
&& true
RUN mkdir /run/sshd
CMD ["/usr/sbin/sshd", "-D"]
|
