Files
system76-coreboot/util/docker/coreboot-jenkins-node/Dockerfile
Martin Roth 1e193d01ea util/docker/jenkins-node: Don't install python modules as root
When installing the python modules with pip3 as root, the installer
throws a lot of warnings about conflicts and recommends that it not
be run that way.  This change installs the python modules as the
coreboot user instead. The --break-system-packages argument can now
be removed.

It takes along some other changes made to the coreboot home directory
which also don't need to be run as root, and now adds the .local/bin
directory into the path.

The trailing docker PATH configuration is discarded as cleanup - it
doesn't have any effect.  Nothing uses it in the Dockerfile, and it
doesn't end up updating the path, which is set by /etc/profile.

Change-Id: Ie8273009bb527e267584bba84504191aa7294ca3
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76855
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-08-21 17:05:29 +00:00

88 lines
2.8 KiB
Docker

# This dockerfile is not meant to be used directly by docker. The
# {{}} varibles are replaced with values by the makefile. Please generate
# the docker image for this file by running:
#
# make coreboot-jenkins-node
#
# Variables can be updated on the make command line or left blank to use
# the default values set by the makefile.
#
# SDK_VERSION is used to name the version of the coreboot sdk to use.
# Typically, this corresponds to the toolchain version.
# SSH_KEY is the contents of the file coreboot-jenkins-node/authorized_keys
# Because we're piping the contents of the dockerfile into the
# docker build command, the 'COPY' keyword isn't valid.
FROM coreboot/coreboot-sdk:{{SDK_VERSION}}
USER root
RUN apt-get -y update && \
apt-get -y install \
default-jre-headless \
libcmocka-dev \
liblua5.4-dev \
linkchecker \
lua5.4 \
meson \
ninja-build \
openssh-server \
parallel \
ruby-full \
sdcc \
python3-pip \
pykwalify \
python3-yaml \
python3-pyelftools \
python3-jsonschema \
python3-colorama \
python3-pyrsistent \
swig \
&& apt-get clean \
&& gem install mdl
RUN mkdir /var/run/sshd && \
chmod 0755 /var/run/sshd && \
/usr/bin/ssh-keygen -A
# Create tmpfs directories to build in
RUN mkdir /cb-build && \
chown coreboot:coreboot /cb-build && \
echo "tmpfs /cb-build tmpfs rw,mode=1777,noatime 0 0" > /etc/fstab && \
mkdir -p /home/coreboot/node-root/workspace && \
chown -R coreboot:coreboot /home/coreboot/node-root && \
echo "tmpfs /home/coreboot/node-root/workspace tmpfs rw,mode=1777,strictatime,atime 0 0" >> /etc/fstab && \
chown coreboot:coreboot /home/coreboot/.ccache && \
echo "tmpfs /home/coreboot/.ccache tmpfs rw,mode=1777 0 0" >> /etc/fstab
# Build encapsulate tool
ADD https://raw.githubusercontent.com/coreboot/encapsulate/master/encapsulate.c /tmp/encapsulate.c
RUN gcc -o /usr/sbin/encapsulate /tmp/encapsulate.c && \
chown root /usr/sbin/encapsulate && \
chmod +s /usr/sbin/encapsulate
VOLUME /data/cache
ENTRYPOINT mount /cb-build && \
mount /home/coreboot/node-root/workspace && \
chown -R coreboot:coreboot /home/coreboot/node-root && \
mount /home/coreboot/.ccache && \
chown coreboot:coreboot /home/coreboot/.ccache && \
/usr/sbin/sshd -p 49151 -D
EXPOSE 49151
USER coreboot
ENV PATH=$PATH:/home/coreboot/.local/bin
RUN echo "export PATH=$PATH:/opt/xgcc/bin" >> /home/coreboot/.bashrc && \
pip3 install --upgrade --no-cache-dir pip \
&& pip3 install --no-cache-dir \
setuptools==58.2.0 \
jinja2==3.0.3 \
recommonmark===0.5.0 \
sphinx===1.8.3 \
sphinxcontrib-ditaa===0.6 \
sphinx_autobuild===0.7.1 \
sphinx_rtd_theme===0.4.2 \
&& mkdir -p /home/coreboot/.ssh && \
echo "{{SSH_KEY}}" > /home/coreboot/.ssh/authorized_keys && \
chmod 0700 /home/coreboot/.ssh && \
chmod 0600 /home/coreboot/.ssh/authorized_keys