43 lines
1.7 KiB
Docker
43 lines
1.7 KiB
Docker
ARG REGISTRY=docker.io
|
|
ARG BASE_IMAGE=library/ubuntu:20.04
|
|
|
|
ARG ONLYOFFICE_IMAGE=onlyoffice/documentserver:7.5
|
|
|
|
FROM ${REGISTRY}/${BASE_IMAGE} as base
|
|
|
|
FROM ${REGISTRY}/${ONLYOFFICE_IMAGE} as runtime-base
|
|
RUN apt update && apt install libseccomp2 -y && rm -rf /var/apt
|
|
|
|
FROM base as builder-base
|
|
RUN ln -svf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && apt update && apt install build-essential libseccomp-dev curl pkg-config -y
|
|
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s - -y
|
|
COPY Cargo.toml Cargo.lock build.rs /src/
|
|
COPY src /src/src
|
|
COPY x2t-sandbox-rulegen /src/x2t-sandbox-rulegen
|
|
WORKDIR /src
|
|
|
|
FROM builder-base as tracer-builder
|
|
RUN /root/.cargo/bin/cargo build --release --features tracing-mode
|
|
|
|
FROM runtime-base as tracer-generate-syscalls
|
|
COPY data /data
|
|
COPY --from=tracer-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox
|
|
RUN bash -c 'set -euo pipefail; for filename in $(ls /data/ | grep "\.xml$"); do /usr/local/bin/x2t-sandbox -l $filename.out /var/www/onlyoffice/documentserver/server/FileConverter/bin/x2t /data/$filename; done'
|
|
RUN cat *.out | sort | uniq > x2t-syscalls.txt
|
|
|
|
FROM builder-base as sandbox-builder
|
|
COPY --from=tracer-generate-syscalls /x2t-syscalls.txt /src/x2t-syscalls.txt
|
|
RUN /root/.cargo/bin/cargo build --release --features tracing-mode
|
|
|
|
FROM runtime-base as onlyoffice-output
|
|
COPY --from=sandbox-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox
|
|
|
|
FROM base as copy-tracer-to-data
|
|
COPY --from=tracer-builder /src/target/release/x2t-sandbox /x2t-sandbox
|
|
CMD ["cp", "-v", "x2t-sandbox", "/data/x2t-sandbox"]
|
|
|
|
FROM base as copy-to-data
|
|
COPY --from=sandbox-builder /src/target/release/x2t-sandbox /x2t-sandbox
|
|
CMD ["cp", "-v", "x2t-sandbox", "/data/x2t-sandbox"]
|
|
|