adelorenzo/kubesolo-os
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
efc7f80b65b09338a282e19f7234b149143c8c7f
kubesolo-os/build/Dockerfile.builder
Adolfo Delorenzo efc7f80b65
Some checks failed
CI / Go Tests (push) Has been cancelled
Details
CI / Build Go Binaries (amd64, linux, linux-amd64) (push) Has been cancelled
Details
CI / Build Go Binaries (arm64, linux, linux-arm64) (push) Has been cancelled
Details
CI / Shellcheck (push) Has been cancelled
Details
feat: add security hardening, AppArmor, and ARM64 Raspberry Pi support (Phase 6) 
Security hardening: bind kubeconfig server to localhost, mount hardening
(noexec/nosuid/nodev on tmpfs), sysctl network hardening, kernel module
loading lock after boot, SHA256 checksum verification for downloads,
kernel AppArmor + Audit support, complain-mode AppArmor profiles for
containerd and kubelet, and security integration test.

ARM64 Raspberry Pi support: piCore64 base extraction, RPi kernel build
from raspberrypi/linux fork, RPi firmware fetch, SD card image with 4-
partition GPT and tryboot A/B mechanism, BootEnv Go interface abstracting
GRUB vs RPi boot environments, architecture-aware build scripts, QEMU
aarch64 dev VM and boot test.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 13:08:17 -06:00

59 lines
1.2 KiB
Ruby
Raw Blame History

FROM --platform=linux/amd64 ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive
# Install build tools + kernel build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
bash \
bc \
bison \
build-essential \
ca-certificates \
cpio \
curl \
dosfstools \
dwarves \
e2fsprogs \
fdisk \
file \
flex \
genisoimage \
gzip \
isolinux \
iptables \
kmod \
libarchive-tools \
libelf-dev \
libssl-dev \
make \
parted \
squashfs-tools \
syslinux \
syslinux-common \
syslinux-utils \
apparmor \
apparmor-utils \
gcc-aarch64-linux-gnu \
binutils-aarch64-linux-gnu \
git \
wget \
xorriso \
xz-utils \
&& rm -rf /var/lib/apt/lists/*
# Install Go (for building cloud-init and update agent)
ARG GO_VERSION=1.24.0
RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
| tar -C /usr/local -xzf -
ENV PATH="/usr/local/go/bin:${PATH}"
WORKDIR /build
COPY . /build
RUN chmod +x build/scripts/*.sh build/config/*.sh \
&& chmod +x hack/*.sh 2>/dev/null || true \
&& chmod +x test/qemu/*.sh test/integration/*.sh test/kernel/*.sh 2>/dev/null || true
ENTRYPOINT ["/usr/bin/make"]
CMD ["iso"]
Reference in New Issue View Git Blame Copy Permalink