-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathContainerfile
More file actions
53 lines (44 loc) · 2.44 KB
/
Containerfile
File metadata and controls
53 lines (44 loc) · 2.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
FROM docker.io/library/rust:1.83-bookworm
# Install Rust toolchain from rust-toolchain.toml
COPY rust-toolchain.toml /tmp/rust-toolchain.toml
RUN RUST_VERSION=$(grep 'channel' /tmp/rust-toolchain.toml | cut -d'"' -f2) && \
rustup toolchain install $RUST_VERSION && \
rustup default $RUST_VERSION && \
rustup component add rustfmt clippy && \
rustup target add aarch64-unknown-linux-musl x86_64-unknown-linux-musl
# Install cargo tools
RUN cargo install cargo-nextest cargo-audit cargo-deny --locked
# Install system dependencies (including kernel build tools: flex, bison, bc, libelf-dev, libssl-dev)
RUN apt-get update && apt-get install -y \
fuse3 libfuse3-dev autoconf automake libtool perl libclang-dev clang cmake \
musl-tools iproute2 iptables passt dnsmasq qemu-utils e2fsprogs btrfs-progs \
parted fdisk podman skopeo git curl sudo procps zstd busybox-static cpio uidmap iputils-ping \
flex bison bc libelf-dev libssl-dev libseccomp-dev \
&& rm -rf /var/lib/apt/lists/*
# Build passt from source for consistent version across environments
COPY scripts/build-passt.sh /tmp/build-passt.sh
RUN /tmp/build-passt.sh && rm -rf /tmp/passt-build /tmp/build-passt.sh
# Install Firecracker
ARG ARCH=aarch64
RUN curl -fsSL -o /tmp/fc.tgz \
https://github.com/firecracker-microvm/firecracker/releases/download/v1.14.0/firecracker-v1.14.0-${ARCH}.tgz \
&& tar --no-same-owner -xzf /tmp/fc.tgz -C /tmp \
&& mv /tmp/release-v1.14.0-${ARCH}/firecracker-v1.14.0-${ARCH} /usr/local/bin/firecracker \
&& rm -rf /tmp/fc.tgz /tmp/release-v1.14.0-${ARCH}
# Setup testuser with sudo and namespace support
RUN echo "user_allow_other" >> /etc/fuse.conf \
&& groupadd -f fuse && groupadd -f kvm \
&& useradd -m -s /bin/bash testuser \
&& usermod -aG fuse,kvm testuser \
&& echo "testuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers \
&& sed -i '/^testuser:/d' /etc/subuid /etc/subgid \
&& echo "testuser:100000:65536" >> /etc/subuid \
&& echo "testuser:100000:65536" >> /etc/subgid
# Symlink cargo tools to /usr/local/bin for sudo
RUN for bin in cargo rustc rustfmt cargo-clippy clippy-driver cargo-nextest cargo-audit cargo-deny; do \
ln -s /usr/local/cargo/bin/$bin /usr/local/bin/$bin 2>/dev/null || true; done
# Setup workspace
WORKDIR /workspace/fcvm
RUN mkdir -p /workspace/fcvm /workspace/fuse-backend-rs /workspace/fuser
# Run as root (--privileged container, simpler than user namespace mapping)
CMD ["make", "test-unit"]