When installing the python modules with pip3 as root, the installer throws a lot of warnings about conflicts and recommends that it not be run that way. This change installs the python modules as the coreboot user instead. The --break-system-packages argument can now be removed. It takes along some other changes made to the coreboot home directory which also don't need to be run as root, and now adds the .local/bin directory into the path. The trailing docker PATH configuration is discarded as cleanup - it doesn't have any effect. Nothing uses it in the Dockerfile, and it doesn't end up updating the path, which is set by /etc/profile. Change-Id: Ie8273009bb527e267584bba84504191aa7294ca3 Signed-off-by: Martin Roth <gaumless@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76855 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
88 lines
2.8 KiB
Docker
88 lines
2.8 KiB
Docker
# This dockerfile is not meant to be used directly by docker. The
|
|
# {{}} varibles are replaced with values by the makefile. Please generate
|
|
# the docker image for this file by running:
|
|
#
|
|
# make coreboot-jenkins-node
|
|
#
|
|
# Variables can be updated on the make command line or left blank to use
|
|
# the default values set by the makefile.
|
|
#
|
|
# SDK_VERSION is used to name the version of the coreboot sdk to use.
|
|
# Typically, this corresponds to the toolchain version.
|
|
# SSH_KEY is the contents of the file coreboot-jenkins-node/authorized_keys
|
|
# Because we're piping the contents of the dockerfile into the
|
|
# docker build command, the 'COPY' keyword isn't valid.
|
|
|
|
FROM coreboot/coreboot-sdk:{{SDK_VERSION}}
|
|
USER root
|
|
|
|
RUN apt-get -y update && \
|
|
apt-get -y install \
|
|
default-jre-headless \
|
|
libcmocka-dev \
|
|
liblua5.4-dev \
|
|
linkchecker \
|
|
lua5.4 \
|
|
meson \
|
|
ninja-build \
|
|
openssh-server \
|
|
parallel \
|
|
ruby-full \
|
|
sdcc \
|
|
python3-pip \
|
|
pykwalify \
|
|
python3-yaml \
|
|
python3-pyelftools \
|
|
python3-jsonschema \
|
|
python3-colorama \
|
|
python3-pyrsistent \
|
|
swig \
|
|
&& apt-get clean \
|
|
&& gem install mdl
|
|
|
|
RUN mkdir /var/run/sshd && \
|
|
chmod 0755 /var/run/sshd && \
|
|
/usr/bin/ssh-keygen -A
|
|
|
|
# Create tmpfs directories to build in
|
|
RUN mkdir /cb-build && \
|
|
chown coreboot:coreboot /cb-build && \
|
|
echo "tmpfs /cb-build tmpfs rw,mode=1777,noatime 0 0" > /etc/fstab && \
|
|
mkdir -p /home/coreboot/node-root/workspace && \
|
|
chown -R coreboot:coreboot /home/coreboot/node-root && \
|
|
echo "tmpfs /home/coreboot/node-root/workspace tmpfs rw,mode=1777,strictatime,atime 0 0" >> /etc/fstab && \
|
|
chown coreboot:coreboot /home/coreboot/.ccache && \
|
|
echo "tmpfs /home/coreboot/.ccache tmpfs rw,mode=1777 0 0" >> /etc/fstab
|
|
|
|
# Build encapsulate tool
|
|
ADD https://raw.githubusercontent.com/coreboot/encapsulate/master/encapsulate.c /tmp/encapsulate.c
|
|
RUN gcc -o /usr/sbin/encapsulate /tmp/encapsulate.c && \
|
|
chown root /usr/sbin/encapsulate && \
|
|
chmod +s /usr/sbin/encapsulate
|
|
|
|
VOLUME /data/cache
|
|
ENTRYPOINT mount /cb-build && \
|
|
mount /home/coreboot/node-root/workspace && \
|
|
chown -R coreboot:coreboot /home/coreboot/node-root && \
|
|
mount /home/coreboot/.ccache && \
|
|
chown coreboot:coreboot /home/coreboot/.ccache && \
|
|
/usr/sbin/sshd -p 49151 -D
|
|
EXPOSE 49151
|
|
|
|
USER coreboot
|
|
ENV PATH=$PATH:/home/coreboot/.local/bin
|
|
RUN echo "export PATH=$PATH:/opt/xgcc/bin" >> /home/coreboot/.bashrc && \
|
|
pip3 install --upgrade --no-cache-dir pip \
|
|
&& pip3 install --no-cache-dir \
|
|
setuptools==58.2.0 \
|
|
jinja2==3.0.3 \
|
|
recommonmark===0.5.0 \
|
|
sphinx===1.8.3 \
|
|
sphinxcontrib-ditaa===0.6 \
|
|
sphinx_autobuild===0.7.1 \
|
|
sphinx_rtd_theme===0.4.2 \
|
|
&& mkdir -p /home/coreboot/.ssh && \
|
|
echo "{{SSH_KEY}}" > /home/coreboot/.ssh/authorized_keys && \
|
|
chmod 0700 /home/coreboot/.ssh && \
|
|
chmod 0600 /home/coreboot/.ssh/authorized_keys
|