sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

util/docker/jenkins-node: Don't install python modules as root

Browse Source 
When installing the python modules with pip3 as root, the installer
throws a lot of warnings about conflicts and recommends that it not
be run that way.  This change installs the python modules as the
coreboot user instead. The --break-system-packages argument can now
be removed.

It takes along some other changes made to the coreboot home directory
which also don't need to be run as root, and now adds the .local/bin
directory into the path.

The trailing docker PATH configuration is discarded as cleanup - it
doesn't have any effect.  Nothing uses it in the Dockerfile, and it
doesn't end up updating the path, which is set by /etc/profile.

Change-Id: Ie8273009bb527e267584bba84504191aa7294ca3
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76855
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Martin Roth
2023-07-31 09:33:03 -06:00
committed by Felix Singer
parent 50a09cfe8a
commit 1e193d01ea
1 changed files with 17 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
util/docker/coreboot-jenkins-node/Dockerfile
View File

@ -38,25 +38,8 @@ RUN apt-get -y update && \
python3-pyrsistent \
swig \
&& apt-get clean \
&& pip3 install --upgrade --no-cache-dir --break-system-packages pip \
&& pip3 install --no-cache-dir --break-system-packages \
setuptools==58.2.0 \
jinja2==3.0.3 \
recommonmark===0.5.0 \
sphinx===1.8.3 \
sphinxcontrib-ditaa===0.6 \
sphinx_autobuild===0.7.1 \
sphinx_rtd_theme===0.4.2 \
&& gem install mdl
# Because of the way that the variables are being replaced, docker's 'COPY'
# command does not work
RUN mkdir -p /home/coreboot/.ssh && \
echo "{{SSH_KEY}}" > /home/coreboot/.ssh/authorized_keys && \
chown -R coreboot:coreboot /home/coreboot/.ssh && \
chmod 0700 /home/coreboot/.ssh && \
chmod 0600 /home/coreboot/.ssh/authorized_keys
RUN mkdir /var/run/sshd && \
chmod 0755 /var/run/sshd && \
/usr/bin/ssh-keygen -A
@ -85,4 +68,20 @@ ENTRYPOINT mount /cb-build && \
chown coreboot:coreboot /home/coreboot/.ccache && \
/usr/sbin/sshd -p 49151 -D
EXPOSE 49151
ENV PATH $PATH:/usr/sbin
USER coreboot
ENV PATH=$PATH:/home/coreboot/.local/bin
RUN echo "export PATH=$PATH:/opt/xgcc/bin" >> /home/coreboot/.bashrc && \
pip3 install --upgrade --no-cache-dir pip \
&& pip3 install --no-cache-dir \
setuptools==58.2.0 \
jinja2==3.0.3 \
recommonmark===0.5.0 \
sphinx===1.8.3 \
sphinxcontrib-ditaa===0.6 \
sphinx_autobuild===0.7.1 \
sphinx_rtd_theme===0.4.2 \
&& mkdir -p /home/coreboot/.ssh && \
echo "{{SSH_KEY}}" > /home/coreboot/.ssh/authorized_keys && \
chmod 0700 /home/coreboot/.ssh && \
chmod 0600 /home/coreboot/.ssh/authorized_keys