-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathDockerfile
More file actions
67 lines (52 loc) · 2.25 KB
/
Dockerfile
File metadata and controls
67 lines (52 loc) · 2.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
FROM debian:latest
LABEL maintainer "publicarray"
LABEL description "NTP reference implementation, refactored for security"
ENV REVISION 0
ENV NTPSEC_BUILD_DEPS pkg-config m4 wget tar gcc bison python-dev libssl-dev libssl-dev libcap-dev libseccomp-dev pps-tools
RUN apt-get update \
&& apt-get install -y $NTPSEC_BUILD_DEPS \
&& rm -rf /var/lib/apt/lists/*
# https://github.com/ntpsec/ntpsec/releases
ENV NTPSEC_VERSION 1.1.8
ENV NTPSEC_DOWNLOAD_URL "https://ftp.ntpsec.org/pub/releases/ntpsec-${NTPSEC_VERSION}.tar.gz"
ENV NTPSEC_SHA256 226b4b29d5166ea3d241a24f7bfc2567f289cf6ed826d8aeb9f2f261c1836bde
RUN set -x && \
mkdir -p /tmp && \
cd /tmp && \
wget -O ntpsec.tar.gz $NTPSEC_DOWNLOAD_URL && \
echo "${NTPSEC_SHA256} *ntpsec.tar.gz" | sha256sum -c - && \
tar xzf ntpsec.tar.gz && \
cd ntpsec-${NTPSEC_VERSION} && \
## uses out-of-date package names \
# ./buildprep && \
./waf configure && \
./waf build && \
./waf check && \
./waf install
#------------------------------------------------------------------------------#
FROM debian:latest
ENV NTPSEC_RUN_DEPS wget libssl1.1 libcap2 libseccomp2 pps-tools
# python
RUN apt-get update \
&& apt-get install -y $NTPSEC_RUN_DEPS \
&& rm -rf /var/lib/apt/lists/*
COPY --from=0 /usr/local/sbin/ntpd /usr/local/sbin/ntpd
COPY --from=0 /usr/local/bin/ntp* /usr/local/bin/
# COPY --from=0 /usr/local/lib/python2.7/dist-packages/ntp/ /usr/local/lib/python2.7/dist-packages/ntp/
RUN set -x && \
mkdir -p /var/ntpsec/ && \
addgroup --system ntpsec && \
adduser --system --disabled-password --disabled-login --no-create-home --shell /sbin/nologin --gecos ntpsec --ingroup ntpsec ntpsec && \
chown -R ntpsec:ntpsec /var/ntpsec/
# COPY entrypoint.sh /
COPY ntp.conf /etc/ntp.conf
EXPOSE 123/udp
RUN ntpd --version \
&& ntpleapfetch
## ntpq: can't find Python NTP library -- check PYTHONPATH.
## libpython2.7.so.1.0: cannot open shared object file: No such file or directory
# RUN ntpq --version
# HEALTHCHECK --interval=60s --timeout=5s CMD ntpq -p > /dev/null
ENTRYPOINT ["/usr/local/sbin/ntpd"]
CMD ["-n", "-i", "/var/ntpsec/", "-u", "ntpsec:ntpsec"]
# CMD ["-n", "-i", "/var/ntpsec/", "-u", "_ntpsec:_ntpsec", "-N"] # sched_setscheduler(): Operation not permitted