Dockerfile and package updates for Debian 11 Bullseye

diff --git a/debian/control.in b/debian/control.in
index c8c7f5d78ebd7e7d43a662e77d9d154c7fdfd5a8..f8efd8a5bb84d58b33829bc9dbac1b102ba15974 100644 (file)
--- a/debian/control.in
+++ b/debian/control.in
@@ -2,7 +2,7 @@ Source: freeradius
 Build-Depends: @BUILDDEPS@ debhelper (>= 9),
  quilt,
  dpkg-dev (>= 1.13.19),
- dh-systemd (>= 1.5),
+ dh-systemd (>= 1.5) | debhelper (>= 13.3.0),
  autotools-dev,
  libcurl4-openssl-dev | libcurl4-gnutls-dev,
  libcap-dev,
@@ -32,7 +32,6 @@ Build-Depends: @BUILDDEPS@ debhelper (>= 9),
  libhiredis-dev,
  python-dev,
  samba-dev,
- dh-systemd,
  unixodbc-dev,
  asciidoctor,
  pandoc

diff --git a/scripts/docker/build-debian11/Dockerfile b/scripts/docker/build-debian11/Dockerfile
new file mode 100644 (file)
index 0000000..33a1d80
--- /dev/null
+++ b/scripts/docker/build-debian11/Dockerfile
@@ -0,0 +1,24 @@
+ARG from=freeradius/debian11-deps
+FROM ${from}
+
+SHELL ["/usr/bin/nice", "-n", "5", "/usr/bin/ionice", "-c", "3", "/bin/sh", "-x", "-c"]
+
+ARG cc=gcc
+ARG branch=master
+ARG dh_key_size=2048
+
+WORKDIR /usr/local/src/repositories/freeradius-server
+RUN git checkout ${branch}
+RUN CC=${cc} ./configure --prefix=/opt/freeradius
+RUN make -j$(($(getconf _NPROCESSORS_ONLN) + 1))
+RUN make install
+WORKDIR /opt/freeradius/etc/raddb
+RUN sed -i -e 's/allow_vulnerable_openssl.*/allow_vulnerable_openssl = yes/' radiusd.conf
+RUN make -C certs DH_KEY_SIZE=$dh_key_size
+WORKDIR /
+
+FROM ${from}
+COPY --from=0 /opt/freeradius /opt/freeradius
+
+EXPOSE 1812/udp 1813/udp
+CMD ["/opt/freeradius/sbin/radiusd", "-X"]

diff --git a/scripts/docker/build-debian11/Dockerfile.deps b/scripts/docker/build-debian11/Dockerfile.deps
new file mode 100644 (file)
index 0000000..bf2d461
--- /dev/null
+++ b/scripts/docker/build-debian11/Dockerfile.deps
@@ -0,0 +1,100 @@
+FROM debian:bullseye
+
+SHELL ["/usr/bin/nice", "-n", "5", "/usr/bin/ionice", "-c", "3", "/bin/sh", "-x", "-c"]
+
+ARG osname=bullseye
+ONBUILD ARG osname=${osname}
+
+ARG APT_OPTS="-y --option=Dpkg::options::=--force-unsafe-io --no-install-recommends"
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && \
+#  Development utilities
+    apt-get install $APT_OPTS \
+        devscripts \
+        equivs \
+        git \
+        gnupg2 \
+        lsb-release \
+        procps \
+        quilt \
+        rsync \
+        software-properties-common \
+        wget \
+#  eapol_test dependencies
+        libnl-3-dev \
+        libnl-genl-3-dev \
+#  For debugging (e.g. in crossbuild)
+        gdb \
+        less \
+        vim \
+#  Compilers
+        clang \
+        g++ \
+        lldb \
+        llvm
+
+
+#
+#  Documentation build dependecies
+#
+
+#  - doxygen & JSON.pm
+RUN apt-get install $APT_OPTS \
+        doxygen \
+        graphviz \
+        libjson-perl
+#  - antora (npm needed)
+RUN bash -c "$(wget -O - https://deb.nodesource.com/setup_14.x)" && \
+    apt-get install $APT_OPTS \
+        nodejs
+RUN npm i -g @antora/cli@2.1 @antora/site-generator-default@2.1
+#  - pandoc
+RUN wget $(wget -qO - https://api.github.com/repos/jgm/pandoc/releases/latest | sed -ne 's/.*"browser_download_url".*"\(.*amd64\.deb\)"/\1/ p') && \
+    find . -mindepth 1 -maxdepth 1 -type f -name 'pandoc-*.deb' -print0 | \
+        xargs -0 -r apt-get install $APT_OPTS && \
+    find . -mindepth 1 -maxdepth 1 -type f -name 'pandoc-*.deb' -delete
+#  - asciidoctor
+RUN apt-get install $APT_OPTS \
+    ruby
+RUN gem install asciidoctor
+
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Set up NetworkRADIUS extras repository
+#
+RUN wget -O - "https://packages.networkradius.com/pgp/packages%40networkradius.com" | apt-key add && \
+    echo "deb http://packages.networkradius.com/extras/debian/${osname} ${osname} main" >> /etc/apt/sources.list.d/networkradius-extras.list && \
+    apt-get update
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+ARG branch=master
+RUN git clone --depth 1 --no-single-branch -b ${branch} ${source}
+
+
+#
+#  Install build dependencies for all branches from v3 onwards
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[3-9]*\.[0-9x]*\.x|master|${branch})$" | sort -u); \
+    do \
+        git checkout $i; \
+        if [ -e ./debian/control.in ] ; then \
+            debian/rules debian/control ; \
+        fi ; \
+        mk-build-deps -irt"apt-get -o Debug::pkgProblemResolver=yes $APT_OPTS" debian/control ; \
+        apt-get -y remove libiodbc2-dev ; \
+    done

diff --git a/scripts/docker/build-debian11/Dockerfile.jenkins b/scripts/docker/build-debian11/Dockerfile.jenkins
new file mode 100644 (file)
index 0000000..eae9c31
--- /dev/null
+++ b/scripts/docker/build-debian11/Dockerfile.jenkins
@@ -0,0 +1,28 @@
+FROM freeradius/debian11-deps
+
+SHELL ["/usr/bin/nice", "-n", "5", "/usr/bin/ionice", "-c", "3", "/bin/sh", "-x", "-c"]
+
+ARG APT_OPTS="-y --option=Dpkg::options::=--force-unsafe-io --no-install-recommends"
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  This is necessary for the jenkins server to talk to the docker instance
+#
+RUN apt-get update && \
+    apt-get upgrade $APT_OPTS --option=Dpkg::Options::=--force-confdef --option=Dpkg::Options::=--force-confold && \
+    apt-get install $APT_OPTS \
+        default-jre-headless \
+        openssh-server \
+        sudo
+
+RUN useradd -m jenkins
+RUN echo "jenkins:jenkins1" | chpasswd
+RUN echo "jenkins ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
+RUN mkdir /var/run/sshd
+
+# RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+RUN sed -i 's|session    required     pam_loginuid.so|session    optional     pam_loginuid.so|g' /etc/pam.d/sshd
+
+EXPOSE 22
+CMD ["/usr/sbin/sshd","-D"]