91 lines
4.1 KiB
Docker
91 lines
4.1 KiB
Docker
|
# SPDX-License-Identifier: MIT
|
||
|
|
|
||
|
|
# Copyright (c) 2026 SUSE LLC
|
||
|
|
|
||
|
|
# All modifications and additions to the file contributed by third parties
|
||
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
||
|
|
# upon.
|
||
|
|
|
||
|
|
# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
|
||
|
|
# It is maintained by the BCI team and generated by
|
||
|
|
# https://github.com/SUSE/BCI-dockerfile-generator
|
||
|
|
|
||
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||
|
|
# You can contact the BCI team via https://github.com/SUSE/bci/discussions
|
||
|
|
|
||
|
|
#!UseOBSRepositories
|
||
|
|
|
||
|
|
#!BuildTag: opensuse/bind:%%bind_major_minor_patch%%-%RELEASE%
|
||
|
|
#!BuildTag: opensuse/bind:%%bind_major_minor_patch%%
|
||
|
|
#!BuildTag: opensuse/bind:9
|
||
|
|
#!BuildTag: opensuse/bind:%%bind_major_minor%%
|
||
|
|
#!BuildTag: opensuse/bind:latest
|
||
|
|
|
||
|
|
FROM opensuse/bci/bci-micro:latest AS target
|
||
|
|
FROM opensuse/tumbleweed:latest AS builder
|
||
|
|
COPY --from=target / /target
|
||
|
|
|
||
|
|
RUN set -euo pipefail; \
|
||
|
|
export PERMCTL_ALLOW_INSECURE_MODE_IF_NO_PROC=1; \
|
||
|
|
zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends bind bind-utils
|
||
|
|
|
||
|
|
RUN set -euo pipefail; zypper -n install --no-recommends systemd && \
|
||
|
|
systemd-tmpfiles --create --root /target bind.conf
|
||
|
|
|
||
|
|
# patch named.prep to not call logger (provided by systemd)
|
||
|
|
# and just log to stdout
|
||
|
|
RUN set -euo pipefail; \
|
||
|
|
mkdir -p /target/usr/local/lib/bind; \
|
||
|
|
cp /target//usr/libexec/bind/named.prep /target/usr/local/lib/bind/named.prep; \
|
||
|
|
sed -i -e 's|logger "Warning: \$1"|echo "Warning: \$1" >\&2|' -e '/\. \$SYSCONFIG_FILE/d' /target/usr/local/lib/bind/named.prep
|
||
|
|
|
||
|
|
|
||
|
|
# cleanup logs and temporary files
|
||
|
|
RUN set -euo pipefail; zypper -n --installroot /target clean -a; \
|
||
|
|
rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; \
|
||
|
|
rm -rf {/target,}/run/*; \
|
||
|
|
rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
|
||
|
|
rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
|
||
|
|
rm -f {/target,}/var/cache/ldconfig/aux-cache; \
|
||
|
|
command -v zypper >/dev/null 2>&1 || rm -f /var/lib/zypp/AutoInstalled
|
||
|
|
|
||
|
|
# set the day of last password change to empty
|
||
|
|
RUN set -euo pipefail; sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /target/etc/shadow
|
||
|
|
FROM opensuse/bci/bci-micro:latest
|
||
|
|
COPY --from=builder /target /
|
||
|
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||
|
|
# labelprefix=org.opensuse.application.bind
|
||
|
|
LABEL org.opencontainers.image.title="openSUSE Tumbleweed ISC BIND 9"
|
||
|
|
LABEL org.opencontainers.image.description="ISC BIND 9 container based on the openSUSE Tumbleweed Base Container Image."
|
||
|
|
LABEL org.opencontainers.image.version="%%bind_major_minor_patch%%"
|
||
|
|
LABEL org.opencontainers.image.url="https://www.opensuse.org"
|
||
|
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||
|
|
LABEL org.opencontainers.image.vendor="openSUSE Project"
|
||
|
|
LABEL org.opencontainers.image.source="%SOURCEURL%"
|
||
|
|
LABEL org.opencontainers.image.ref.name="%%bind_major_minor_patch%%-%RELEASE%"
|
||
|
|
LABEL org.opensuse.reference="registry.opensuse.org/opensuse/bind:%%bind_major_minor_patch%%-%RELEASE%"
|
||
|
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||
|
|
LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI"
|
||
|
|
LABEL org.opensuse.release-stage="released"
|
||
|
|
# endlabelprefix
|
||
|
|
LABEL io.artifacthub.package.readme-url="%SOURCEURL_WITH(README.md)%"
|
||
|
|
ENV NAMED_ARGS=""
|
||
|
|
ENV NAMED_CONF="/etc/named.conf"
|
||
|
|
ENV NAMED_INITIALIZE_SCRIPTS=""
|
||
|
|
ENV RNDC_KEYSIZE="512"
|
||
|
|
EXPOSE 53/tcp 53/udp 953/tcp 853/tcp 443/tcp
|
||
|
|
|
||
|
|
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
||
|
|
RUN set -euo pipefail; chmod +x /usr/local/bin/entrypoint.sh
|
||
|
|
|
||
|
|
# create directories that tmpfiles.d would create for us
|
||
|
|
RUN set -euo pipefail; \
|
||
|
|
install -d -m 1775 -o root -g named /run/named; \
|
||
|
|
install -d -m 1775 -o root -g named /var/lib/named; \
|
||
|
|
install -d -m 755 -o named -g named /var/lib/named/dyn; \
|
||
|
|
install -d -m 755 -o root -g root /var/lib/named/master; \
|
||
|
|
install -d -m 755 -o named -g named /var/lib/named/slave; \
|
||
|
|
install -d -m 750 -o named -g named /var/log/named;
|
||
|
|
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|
||
|
|
HEALTHCHECK --interval=10s --timeout=5s --retries=10 CMD dig +retry=0 +short @127.0.0.1 conncheck.opensuse.org >/dev/null && echo OK
|