glicid-satosa-image/satosa (sha256:0bf3781aa30336848783bb9a1bce5f57e24088a8afa359d50febcc41ccc1f3c0)
Published 2026-02-01 01:00:25 +01:00 by Jean-François GUILLAUME
Installation
docker pull forgejo.glicid.fr/glicid/glicid-satosa-image/satosa@sha256:0bf3781aa30336848783bb9a1bce5f57e24088a8afa359d50febcc41ccc1f3c0sha256:0bf3781aa30336848783bb9a1bce5f57e24088a8afa359d50febcc41ccc1f3c0Image layers
| # debian.sh --arch 'amd64' out/ 'bookworm' '@1768176000' |
| ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
| RUN /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends ca-certificates netbase tzdata ; rm -rf /var/lib/apt/lists/* # buildkit |
| ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305 |
| ENV PYTHON_VERSION=3.13.11 |
| ENV PYTHON_SHA256=16ede7bb7cdbfa895d11b0642fa0e523f291e6487194d53cf6d3b338c3a17ea2 |
| RUN /bin/sh -c set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends dpkg-dev gcc gnupg libbluetooth-dev libbz2-dev libc6-dev libdb-dev libffi-dev libgdbm-dev liblzma-dev libncursesw5-dev libreadline-dev libsqlite3-dev libssl-dev make tk-dev uuid-dev wget xz-utils zlib1g-dev ; wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; echo "$PYTHON_SHA256 *python.tar.xz" | sha256sum -c -; wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; gpg --batch --verify python.tar.xz.asc python.tar.xz; gpgconf --kill all; rm -rf "$GNUPGHOME" python.tar.xz.asc; mkdir -p /usr/src/python; tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; rm python.tar.xz; cd /usr/src/python; gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; ./configure --build="$gnuArch" --enable-loadable-sqlite-extensions --enable-optimizations --enable-option-checking=fatal --enable-shared $(test "${gnuArch%%-*}" != 'riscv64' && echo '--with-lto') --with-ensurepip ; nproc="$(nproc)"; EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; LDFLAGS="${LDFLAGS:--Wl},--strip-all"; arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; case "$arch" in amd64|arm64) EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; ;; i386) ;; *) EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; ;; esac; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:-}" ; rm python; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" python ; make install; cd /; rm -rf /usr/src/python; find /usr/local -depth \( \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \) -exec rm -rf '{}' + ; ldconfig; apt-mark auto '.*' > /dev/null; apt-mark manual $savedAptMark; find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' | sort -u | xargs -rt dpkg-query --search | awk 'sub(":$", "", $1) { print $1 }' | sort -u | xargs -r apt-mark manual ; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; rm -rf /var/lib/apt/lists/*; export PYTHONDONTWRITEBYTECODE=1; python3 --version; pip3 --version # buildkit |
| RUN /bin/sh -c set -eux; for src in idle3 pip3 pydoc3 python3 python3-config; do dst="$(echo "$src" | tr -d 3)"; [ -s "/usr/local/bin/$src" ]; [ ! -e "/usr/local/bin/$dst" ]; ln -svT "$src" "/usr/local/bin/$dst"; done # buildkit |
| CMD ["python3"] |
| RUN /bin/sh -c set -eux; groupadd -g 1000 satosa; useradd -m -g 1000 -u 1000 satosa; apt-get update; apt-get install -y --no-install-recommends jq libxml2-utils xmlsec1 ; rm -rf /var/lib/apt/lists/*; pip install --no-cache-dir yq ; # buildkit |
| ENV SATOSA_VERSION=8.5.1 |
| RUN /bin/sh -c set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends cargo dirmngr dpkg-dev gcc gnupg libbluetooth-dev libbz2-dev libc6-dev libexpat1-dev libffi-dev libgdbm-dev liblzma-dev libncursesw5-dev libreadline-dev libsqlite3-dev libssl-dev make pkg-config python3-dev tk-dev uuid-dev wget xz-utils zlib1g-dev ; pip install --no-cache-dir satosa[idpy_oidc_backend,ldap,pyop_mongo,pyop_redis]==${SATOSA_VERSION} ; apt-mark auto '.*' > /dev/null; [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; rm -rf /var/lib/apt/lists/*; mkdir /etc/satosa; chown -R satosa:satosa /etc/satosa # buildkit |
| RUN /bin/sh -c set -eux; python -c 'import urllib.request; urllib.request.urlretrieve("https://github.com/IdentityPython/SATOSA/archive/refs/tags/v'${SATOSA_VERSION%%[a-z]*}'.tar.gz","/tmp/satosa.tgz")'; mkdir /usr/share/satosa; tar --extract --directory /usr/share/satosa --strip-components=1 --file /tmp/satosa.tgz SATOSA-${SATOSA_VERSION%%[a-z]*}/example/; rm /tmp/satosa.tgz # buildkit |
| WORKDIR /etc/satosa |
| COPY docker-entrypoint.sh /usr/local/bin/ # buildkit |
| ENTRYPOINT ["docker-entrypoint.sh"] |
| EXPOSE map[8080/tcp:{}] |
| USER satosa:satosa |
| CMD ["gunicorn" "-b0.0.0.0:8080" "satosa.wsgi:app"] |
| LABEL org.opencontainers.image.authors=tech@glicid.fr |
| LABEL com.example.vendor=GLiCID |
| LABEL version=8.5 |
| LABEL description=run satosa based on satosa:8.5-bookworm with a monkey patch to force nameid_format to persistent |
| USER root |
| COPY config/force-nameid_format-persistent.patch /tmp/force-nameid_format-persistent.patch # buildkit |
| RUN /bin/sh -c apt update && apt install -y patch curl && patch /usr/local/lib/python3.13/site-packages/satosa/frontends/saml2.py /tmp/force-nameid_format-persistent.patch && rm /tmp/force-nameid_format-persistent.patch && apt clean all && apt autoclean && rm -rf /var/cache/apt # buildkit |
| USER satosa |
Labels
| Key | Value |
|---|---|
| com.example.vendor | GLiCID |
| description | run satosa based on satosa:8.5-bookworm with a monkey patch to force nameid_format to persistent |
| org.opencontainers.image.authors | tech@glicid.fr |
| version | 8.5 |
Details
2026-02-01 01:00:25 +01:00
Versions (3)
View all
Container
0
OCI / Docker
linux/amd64
tech@glicid.fr
104 MiB