| # SPDX-FileCopyrightText: © 2025 VEXXHOST, Inc. |
| # SPDX-License-Identifier: GPL-3.0-or-later |
| # Atmosphere-Rebuild-Time: 2024-06-26T17:38:39Z |
| |
| FROM openstack-venv-builder AS build |
| ARG KEYSTONE_GIT_REF=f63062d47712406a807ce07b4ff3ec6213b0e824 |
| ADD --keep-git-dir=true https://opendev.org/openstack/keystone.git#${KEYSTONE_GIT_REF} /src/keystone |
| RUN git -C /src/keystone fetch --unshallow |
| COPY patches/keystone /patches/keystone |
| RUN git -C /src/keystone apply --verbose /patches/keystone/* |
| RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe |
| pip3 install \ |
| --constraint /upper-constraints.txt \ |
| /src/keystone[ldap] \ |
| keystone-keycloak-backend==0.1.8 |
| EOF |
| |
| FROM openstack-python-runtime |
| RUN <<EOF bash -xe |
| apt-get update -qq |
| apt-get install -qq -y --no-install-recommends \ |
| apache2 libapache2-mod-wsgi-py3 |
| apt-get clean |
| rm -rf /var/lib/apt/lists/* |
| EOF |
| ARG MOD_AUTH_OPENIDC_VERSION=2.4.12.1 |
| ARG TARGETARCH |
| RUN <<EOF bash -xe |
| # TODO(mnaser): mod_auth_openidc does not have aarch64 builds |
| if [ "${TARGETARCH}" = "arm64" ]; then |
| exit 0 |
| fi |
| |
| apt-get update -qq |
| apt-get install -qq -y --no-install-recommends \ |
| curl |
| curl -LO https://github.com/OpenIDC/mod_auth_openidc/releases/download/v${MOD_AUTH_OPENIDC_VERSION}/libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb |
| apt-get install -y --no-install-recommends ./libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb |
| a2enmod auth_openidc |
| apt-get purge -y --auto-remove curl |
| apt-get clean |
| rm -rfv /var/lib/apt/lists/* libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb |
| EOF |
| COPY --from=build --link /var/lib/openstack /var/lib/openstack |