-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile
54 lines (38 loc) · 1.36 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
ARG STEP_VERSION
ARG STEP_CERTS_VERSION
ARG ARCH=amd64
FROM golang:1.18-alpine as builder
ARG STEP_VERSION
ARG STEP_CERTS_VERSION
ARG ARCH
RUN apk add --no-cache curl git build-base pcsc-lite-dev
# Fetch source for step-ca, build with CGO enabled
# Binaries step-ca & step-yubikey-init are used in second stage
RUN git clone -q --branch=v${STEP_CERTS_VERSION} --depth=1 https://github.com/smallstep/certificates && \
cd certificates && make bootstrap && make build GOFLAGS=""
# Download and untar step-cli binary
RUN curl -o /tmp/step.tgz -L https://github.com/smallstep/cli/releases/download/v${STEP_VERSION}/step_linux_${STEP_VERSION}_${ARCH}.tar.gz && \
tar xzf /tmp/step.tgz --strip-components=1 -C /tmp
FROM alpine:3.17
COPY --from=builder /tmp/bin/step /usr/local/bin
COPY --from=builder /go/certificates/bin/step-ca /usr/local/bin
COPY --from=builder /go/certificates/bin/step-yubikey-init /usr/local/bin
RUN apk add --no-cache ca-certificates dnsmasq jq pcsc-lite-libs
ENV UID=1000
ENV GID=1000
RUN addgroup --gid ${GID} step
RUN adduser \
--disabled-password \
--gecos "" \
--home "/srv" \
--ingroup step \
--no-create-home \
--uid ${UID} \
step
RUN mkdir -p /etc/step-ca/db
RUN chown step:step /etc/step-ca/db/
VOLUME /etc/step-ca/db
USER step
ENV STEPPATH /etc/step-ca
COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]