# shadow-rs development image — Fedora 45 # # PAM: pam-devel (Linux-PAM) # SELinux: libselinux-devel — SELinux is ENFORCING by default # Default shell: /bin/bash # Shadow-utils package: shadow-utils # Note: Fedora has different PAM stack config and login.defs defaults than Debian. # SELinux is enforcing, which affects file context on /etc/passwd, /etc/shadow. FROM fedora:latest RUN dnf install -y \ gcc \ pam-devel \ libselinux-devel \ audit-libs-devel \ pkgconf-pkg-config \ shadow-utils \ && dnf clean all # Install Rust via rustup RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ --default-toolchain stable \ --component clippy,rustfmt ENV PATH="/root/.cargo/bin:${PATH}" RUN curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C /root/.cargo/bin # cargo-deny: pinned, checksum-verified prebuilt binary. The static musl build # runs on glibc too, so every image shares one asset. Installing the binary # (instead of `cargo install cargo-deny`) skips a multi-minute source compile. ARG CARGO_DENY_VERSION=0.19.8 ARG CARGO_DENY_SHA256=70e769ae3872e34d45132b17040859175e11401dc12dddb0303e0b8c7d088f3f RUN curl -LsSf "https://github.com/EmbarkStudios/cargo-deny/releases/download/${CARGO_DENY_VERSION}/cargo-deny-${CARGO_DENY_VERSION}-x86_64-unknown-linux-musl.tar.gz" -o /tmp/cargo-deny.tar.gz \ && echo "${CARGO_DENY_SHA256} /tmp/cargo-deny.tar.gz" | sha256sum -c - \ && tar zxf /tmp/cargo-deny.tar.gz -C /tmp \ && install -m 0755 "/tmp/cargo-deny-${CARGO_DENY_VERSION}-x86_64-unknown-linux-musl/cargo-deny" /root/.cargo/bin/cargo-deny \ && rm -rf /tmp/cargo-deny.tar.gz "/tmp/cargo-deny-${CARGO_DENY_VERSION}-x86_64-unknown-linux-musl" \ && cargo-deny --version RUN useradd -m -s /bin/bash testuser \ && useradd -m -s /bin/sh testuser2 \ && groupadd testgroup \ && usermod -aG testgroup testuser WORKDIR /workspace CMD ["/bin/bash"]