ADD file:a9a95cfab16803be03e59ade41622ef5061cf90f2d034304fe4ac1ee9ff30389 in / |
CMD ["bash"] |
ARG OPENSSL_VERSION=3.0.9 |
ARG OPENSSL_VERSION_SUFFIX=ak-fips |
ENV build_root=/build |
COPY /build/output /build/fake-deb # buildkit |
RUN |2 OPENSSL_VERSION=3.0.9 OPENSSL_VERSION_SUFFIX=ak-fips /bin/sh -c mkdir -p $build_root && apt-get update && apt-get install -y --no-install-recommends build-essential wget ca-certificates && cd ${build_root} && wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz -O openssl.tgz && tar xvf openssl.tgz && apt-get remove --purge -y wget openssl && cd $build_root/openssl-${OPENSSL_VERSION} && sed -i "s:BUILD_METADATA=:BUILD_METADATA=${OPENSSL_VERSION_SUFFIX}:" VERSION.dat && ./config fips $cryptography_ssl_options && make depend && make -j$(nproc) && make install_sw install_ssldirs install_fips && (cp -r /usr/local/lib64/* /usr/local/lib/ || true) && openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module $(find /usr/local/lib -name fips.so) && sed -i "s:# .include fipsmodule.cnf:.include /usr/local/ssl/fipsmodule.cnf:" /usr/local/ssl/openssl.cnf && sed -i 's:# fips = fips_sect:fips = fips_sect:' /usr/local/ssl/openssl.cnf && sed -i 's:# \[provider_sect\]:\[provider_sect\]:' /usr/local/ssl/openssl.cnf && apt-get remove --purge -y build-essential && apt-get autoremove --purge -y && rm -rf /var/lib/apt/lists/* && dpkg -i ${build_root}/fake-deb/*deb && apt-mark hold libssl-dev libssl3 openssl && rm -rf ${build_root} && ln -s /usr/local/bin/openssl /usr/bin/openssl && sed -i 's:# activate = 1:activate = 1:' /usr/local/ssl/openssl.cnf && echo "\n[algorithm_sect]\ndefault_properties = fips=yes" >> /usr/local/ssl/openssl.cnf # buildkit |
RUN |2 OPENSSL_VERSION=3.0.9 OPENSSL_VERSION_SUFFIX=ak-fips /bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/* # buildkit |
ENV SSL_CERT_DIR=/etc/ssl/certs |
ARG XMLSEC_VERSION=1.3.5 |
ENV build_root=/build |
ENV xmlsec_gpg_key=00FDD6A7DFB81C88F34B9BF0E63ECDEF9E1D829E |
RUN |1 XMLSEC_VERSION=1.3.5 /bin/sh -c mkdir -p ${build_root} && cd ${build_root} && apt-get update && apt-get install -y --no-install-recommends wget gnupg libxml2 build-essential libxml2-dev libltdl-dev && wget https://github.com/lsh123/xmlsec/releases/download/${XMLSEC_VERSION}/xmlsec1-${XMLSEC_VERSION}.tar.gz -O xmlsec.tgz && wget https://github.com/lsh123/xmlsec/releases/download/${XMLSEC_VERSION}/xmlsec1-${XMLSEC_VERSION}.sig -O xmlsec.sig && gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 00FDD6A7DFB81C88F34B9BF0E63ECDEF9E1D829E && gpg --batch --verify xmlsec.sig xmlsec.tgz && gpgconf --kill all && rm -rf "$GNUPGHOME" xmlsec.sig && tar xvzf xmlsec.tgz && cd xmlsec1-${XMLSEC_VERSION} && mkdir build && cd build && ../configure && make -j $(nproc) && make check && make install && apt-get remove --purge -y wget gnupg build-essential libxml2-dev libltdl-dev && apt-get autoremove --purge -y && rm -rf ${build_root} && rm -rf /var/lib/apt/lists/* # buildkit |
ARG PYTHON_VERSION=3.12.7 |
ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
ENV LANG=C.UTF-8 |
RUN |1 PYTHON_VERSION=3.12.7 /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends netbase tzdata ; rm -rf /var/lib/apt/lists/* # buildkit |
ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305 |
RUN |1 PYTHON_VERSION=3.12.7 /bin/sh -c set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends dpkg-dev gcc gnupg libbluetooth-dev libbz2-dev libc6-dev libdb-dev libexpat1-dev libffi-dev libgdbm-dev liblzma-dev libncursesw5-dev libreadline-dev libsqlite3-dev make tk-dev uuid-dev wget xz-utils zlib1g-dev ; wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; gpg --batch --verify python.tar.xz.asc python.tar.xz; gpgconf --kill all; rm -rf "$GNUPGHOME" python.tar.xz.asc; mkdir -p /usr/src/python; tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; rm python.tar.xz; cd /usr/src/python; gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; ./configure --build="$gnuArch" --enable-loadable-sqlite-extensions --enable-optimizations --enable-option-checking=fatal --enable-shared --with-lto --with-system-expat --without-ensurepip ; nproc="$(nproc)"; EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; LDFLAGS="${LDFLAGS:--Wl},--strip-all"; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:-}" "PROFILE_TASK=${PROFILE_TASK:-}" ; rm python; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" "PROFILE_TASK=${PROFILE_TASK:-}" python ; make install; cd /; rm -rf /usr/src/python; find /usr/local -depth \( \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \) -exec rm -rf '{}' + ; ldconfig; apt-mark auto '.*' > /dev/null; apt-mark manual $savedAptMark; find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual ; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; rm -rf /var/lib/apt/lists/*; python3 --version # buildkit |
RUN |1 PYTHON_VERSION=3.12.7 /bin/sh -c set -eux; for src in idle3 pydoc3 python3 python3-config; do dst="$(echo "$src" | tr -d 3)"; [ -s "/usr/local/bin/$src" ]; [ ! -e "/usr/local/bin/$dst" ]; ln -svT "$src" "/usr/local/bin/$dst"; done # buildkit |
ENV PYTHON_PIP_VERSION=24.0 |
ENV PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/dbf0c85f76fb6e1ab42aa672ffca6f0a675d9ee4/public/get-pip.py |
ENV PYTHON_GET_PIP_SHA256=dfe9fd5c28dc98b5ac17979a953ea550cec37ae1b47a5116007395bfacff2ab9 |
RUN |1 PYTHON_VERSION=3.12.7 /bin/sh -c set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends wget; wget -O get-pip.py "$PYTHON_GET_PIP_URL"; echo "$PYTHON_GET_PIP_SHA256 *get-pip.py" | sha256sum -c -; apt-mark auto '.*' > /dev/null; [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; rm -rf /var/lib/apt/lists/*; export PYTHONDONTWRITEBYTECODE=1; python get-pip.py --disable-pip-version-check --no-cache-dir --no-compile "pip==$PYTHON_PIP_VERSION" ; rm -f get-pip.py; pip --version # buildkit |
CMD ["python3"] |
COPY /wheels /wheels # buildkit |
RUN /bin/sh -c apt-get update && apt-get install -y --no-install-recommends libltdl7 libxslt1.1 && pip install /wheels/* && rm -rf /var/lib/apt/lists/* # buildkit |
ARG VERSION=refs/tags/version/2024.12.1 |
ARG GIT_BUILD_HASH |
ENV GIT_BUILD_HASH= |
LABEL org.opencontainers.image.url=https://goauthentik.io |
LABEL org.opencontainers.image.description=goauthentik.io Main server image, see https://goauthentik.io for more info. |
LABEL org.opencontainers.image.source=https://github.com/goauthentik/authentik |
LABEL org.opencontainers.image.version=refs/tags/version/2024.12.1 |
LABEL org.opencontainers.image.revision= |
WORKDIR / |
RUN |2 VERSION=refs/tags/version/2024.12.1 GIT_BUILD_HASH= /bin/sh -c apt-get update && apt-get install -y --no-install-recommends libpq5 libmaxminddb0 ca-certificates libkrb5-3 libkadm5clnt-mit12 libkdb5-10 && apt-get install -y --no-install-recommends runit && apt-get clean && rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && mkdir -p /certs /media /blueprints && mkdir -p /authentik/.ssh && mkdir -p /ak-root && chown authentik:authentik /certs /media /authentik/.ssh /ak-root # buildkit |
COPY ./authentik/ /authentik # buildkit |
COPY ./pyproject.toml / # buildkit |
COPY ./poetry.lock / # buildkit |
COPY ./schemas /schemas # buildkit |
COPY ./locale /locale # buildkit |
COPY ./tests /tests # buildkit |
COPY ./manage.py / # buildkit |
COPY ./blueprints /blueprints # buildkit |
COPY ./lifecycle/ /lifecycle # buildkit |
COPY ./authentik/sources/kerberos/krb5.conf /etc/krb5.conf # buildkit |
COPY /go/authentik /bin/authentik # buildkit |
COPY /ak-root/venv /ak-root/venv # buildkit |
COPY /work/web/dist/ /web/dist/ # buildkit |
COPY /work/web/authentik/ /web/authentik/ # buildkit |
COPY /work/website/build/ /website/help/ # buildkit |
COPY /usr/share/GeoIP /geoip # buildkit |
USER 1000 |
ENV TMPDIR=/dev/shm/ PYTHONDONTWRITEBYTECODE=1 PYTHONUNBUFFERED=1 PATH=/ak-root/venv/bin:/lifecycle:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin VENV_PATH=/ak-root/venv POETRY_VIRTUALENVS_CREATE=false |
ENV GOFIPS=1 |
HEALTHCHECK &{["CMD" "ak" "healthcheck"] "30s" "30s" "1m0s" "0s" '\x03'} |
ENTRYPOINT ["dumb-init" "--" "ak"] |
COPY file:4b11b614cb20ed8a1b7757fda03499cdab262b5fae85d6de85537ad1483f4b51 in /web/dist/custom.css |
COPY dir:91c6305ca2e9068894045ed90b334b2bebb2ede3b7ead1c0a599771d47c90024 in /web/dist/assets/icons/ |
COPY dir:3faf375c2d144b0c96cca2f39f32c74e7c28ee97479120167b3425d2f85122d8 in /web/dist/assets/images/ |