Added Debian Sid base image

INTI-CMNB · Mar 19, 2024 · 0fcd634 · 0fcd634
1 parent 12fc932
commit 0fcd634
Show file tree

Hide file tree

Showing 7 changed files with 278 additions and 0 deletions.
diff --git a/.github/workflows/docker-image-base_os_sid.yml b/.github/workflows/docker-image-base_os_sid.yml
@@ -0,0 +1,45 @@
+name: Base OS Docker image (experimental)
+
+on:
+  push:
+    tags:
+      - bsid_*
+  repository_dispatch:
+    types: [build_base_os_sid]
+#  schedule:
+#    - cron: '43 5 * * 1-5'
+
+jobs:
+  push_to_registry:
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v4
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    - name: Log in to the Container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build and push Docker image
+      run: |
+        cd base_os_sid
+        ./build.sh
+
+    - name: Trigger Base OS full image build
+      run: |
+        curl -X POST -u "${{secrets.PAT_USERNAME}}:${{secrets.PAT_TOKEN}}" -H "Accept: application/vnd.github.v3+json" -H "Content-Type: application/json" https://api.github.com/repos/INTI-CMNB/kicad_debian/dispatches --data '{"event_type": "build_base_os_sid_full"}'
+        # curl -X POST -u "${{secrets.PAT_USERNAME}}:${{secrets.PAT_TOKEN}}" -H "Accept: application/vnd.github.v3+json" -H "Content-Type: application/json" https://api.github.com/repos/INTI-CMNB/kicad_debian/dispatches --data '{"event_type": "build_sid"}'
diff --git a/base_os_sid/Dockerfile b/base_os_sid/Dockerfile
@@ -0,0 +1,34 @@
+FROM debian:sid-slim
+MAINTAINER Salvador E. Tropea <[email protected]>
+LABEL Description="Debian with basic tools for KiBot (experimental)"
+LABEL org.opencontainers.image.description "Debian with basic tools for KiBot (experimental)"
+
+ARG DEBIAN_FRONTEND=noninteractive
+ENV TZ=Etc/UTC
+COPY dl_deb.py /usr/bin/
+COPY debconf.conf /etc/
+RUN     sed -i -e's/ main/ main contrib non-free/g' /etc/apt/sources.list.d/debian.sources  && \
+	apt-get update  && \
+	apt-get -y install --no-install-recommends git make rar bzip2 librsvg2-bin ghostscript && \
+	apt-get -y install --no-install-recommends imagemagick python3-qrcodegen poppler-utils python3-requests python3-xlsxwriter python3-mistune && \
+	echo "KiCost Digi-Key plugin dependencies"  && \
+	apt -y install --no-install-recommends python3-certifi python3-dateutil python3-inflection python3-openssl python3-pkg-resources python3-requests python3-six python3-tldextract python3-urllib3 && \
+	echo "KiCost dependencies"  && \
+	apt -y install --no-install-recommends python3-bs4 python3-colorama python3-lxml python3-requests python3-tqdm python3-validators python3-wxgtk4.0 python3-yaml && \
+	echo "KiKit dependencies"  && \
+	apt -y install --no-install-recommends python3-click python3-commentjson python3-markdown2 python3-numpy python3-shapely openscad  && \
+	echo "KiAuto dependencies"  && \
+	apt -y install --no-install-recommends python3-psutil python3-xvfbwrapper recordmydesktop xdotool xsltproc xclip  && \
+	echo "KiDiff dependencies"  && \
+	apt -y install --no-install-recommends xdg-utils  && \
+	sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<!-- <policy domain="coder" rights="none" pattern="PDF" \/> -->/g' /etc/ImageMagick-6/policy.xml && \
+	sed -i 's/<policy domain="coder" rights="none" pattern="PS" \/>/<!-- <policy domain="coder" rights="none" pattern="PS" \/> -->/g' /etc/ImageMagick-6/policy.xml && \
+	echo "Needed for GitHub, seen on git 2.39.1"  && \
+	echo "[safe]" >> /etc/gitconfig && \
+	echo "	directory = *" >> /etc/gitconfig && \
+	echo '[protocol "file"]' >> /etc/gitconfig && \
+	echo '	allow = always' >> /etc/gitconfig && \
+	apt-get -y autoremove && \
+	rm -rf /var/lib/apt/lists/* /var/lib/dpkg/status-old  && \
+	rm -rf /usr/share/icons/Adwaita/
+
diff --git a/base_os_sid/build.sh b/base_os_sid/build.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+docker build -f Dockerfile -t ghcr.io/inti-cmnb/base_os_sid:latest .
+TG=d_sid
+docker tag ghcr.io/inti-cmnb/base_os_sid:latest ghcr.io/inti-cmnb/base_os_sid:${TG}
+docker push ghcr.io/inti-cmnb/base_os_sid:${TG}
+docker push ghcr.io/inti-cmnb/base_os_sid:latest
+
diff --git a/base_os_sid/debconf.conf b/base_os_sid/debconf.conf
@@ -0,0 +1,85 @@
+# This is the main config file for debconf. It tells debconf where to
+# store data. The format of this file is a set of stanzas. Each stanza
+# except the first sets up a database for debconf to use. For details, see
+# debconf.conf(5) (in the debconf-doc package).
+#
+# So first things first. This first stanza gives the names of two databases.
+
+# Debconf will use this database to store the data you enter into it,
+# and some other dynamic data.
+Config: configdb
+# Debconf will use this database to store static template data.
+Templates: templatedb
+
+# World-readable, and accepts everything but passwords.
+Name: config
+Driver: File
+Mode: 644
+Reject-Type: password
+Filename: /var/cache/debconf/config.dat
+Backup: false
+
+# Not world readable (the default), and accepts only passwords.
+Name: passwords
+Driver: File
+Mode: 600
+Backup: false
+Required: false
+Accept-Type: password
+Filename: /var/cache/debconf/passwords.dat
+
+# Set up the configdb database. By default, it consists of a stack of two
+# databases, one to hold passwords and one for everything else.
+Name: configdb
+Driver: Stack
+Stack: config, passwords
+
+# Set up the templatedb database, which is a single flat text file
+# by default.
+Name: templatedb
+Driver: File
+Mode: 644
+Filename: /var/cache/debconf/templates.dat
+Backup: false
+
+# Well that was pretty straightforward, and it will be enough for most
+# people's needs, but debconf's database drivers can be used to do much
+# more interesting things. For example, suppose you want to use config 
+# data from another host, which is mounted over nfs or perhaps the database
+# is accessed via LDAP. You don't want to write to the remote debconf database,
+# just read from it, so you still need a local database for local changes.
+#
+# A remote NFS mounted database, read-only. It is optional; if debconf
+# fails to use it it will not abort.
+#Name: remotedb
+#Driver: DirTree
+#Directory: /mnt/otherhost/var/cache/debconf/config
+#Readonly: true
+#Required: false
+#
+# A remote LDAP database. It is also read-only. The password is really
+# only necessary if the database is not accessible anonymously.
+# Option KeyByKey instructs the backend to retrieve keys from the LDAP
+# server individually (when they are requested), instead of loading all
+# keys at startup. The default is 0, and should only be enabled if you
+# want to track accesses to individual keys on the LDAP server side.
+#Name: remotedb
+#Driver: LDAP
+#Server: remotehost
+#BaseDN: cn=debconf,dc=domain,dc=com
+#BindDN: uid=admin,dc=domain,dc=com
+#BindPasswd: secret
+#KeyByKey: 0
+#
+# A stack consisting of two databases. Values will be read from
+# the first database in the stack to contain a value. In this example,
+# writes always go to the first database.
+#Name: fulldb
+#Driver: Stack
+#Stack: configdb, remotedb
+#
+# In this example, we'd use Config: fulldb at the top of the file
+# to make it use the combination of the databases.
+#
+# Even more complex and interesting setups are possible, see the 
+# debconf.conf(5) page for details.
diff --git a/base_os_sid/dl_deb.py b/base_os_sid/dl_deb.py
@@ -0,0 +1,70 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# Copyright (c) 2023 Salvador E. Tropea
+# Copyright (c) 2023 Instituto Nacional de Tecnologïa Industrial
+# License: GPLv3
+# Simple Git Hub release downloader
+import argparse
+import json
+import os
+import requests
+import sys
+from time import sleep
+from urllib.parse import unquote
+
+
+USER_AGENT = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0'
+
+
+def error(msg):
+    print(msg)
+    exit(3)
+
+
+def get_request(url):
+    retry = 4
+    while retry:
+        r = requests.get(url, timeout=20, allow_redirects=True, headers={'User-Agent': USER_AGENT})
+        if r.status_code == 200:
+            return r
+        if r.status_code == 403:
+            # GitHub returns 403 randomly (saturated?)
+            sleep(1 << (4-retry))
+            retry -= 1
+        else:
+            retry = 0
+    error(f'Failed to get release info, status {r.status_code}')
+
+
+def download(url, skip):
+    fname = unquote(os.path.basename(url))
+    for s in skip:
+        if fname.startswith(s):
+            print(f"Skipping `{fname}`")
+            return
+    if os.path.isfile(fname):
+        print(f"`{fname}` already downloaded, won't overwrite")
+        return
+    print(f"Downloading `{fname}`")
+    res = get_request(url)
+    print(f"Saving `{fname}`")
+    with open(fname, 'wb') as f:
+        f.write(res.content)
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Debian package downloader for GitHub releases')
+
+    parser.add_argument('project', help='The user/project to fetch')
+    parser.add_argument('--skip', '-s', help='Skip files starting with', type=str, nargs='+', default=[])
+    parser.add_argument('--release', '-r', help='Release to download', type=str, default='latest')
+    args = parser.parse_args()
+
+    if args.release != 'latest':
+        args.release = 'tags/'+args.release
+    url = 'https://api.github.com/repos/'+args.project+'/releases/'+args.release
+    print(f"Downloading `{args.release}` release of `{args.project}` ({url})")
+    res = get_request(url)
+    r = res.json()
+    for a in r['assets']:
+        download(a['browser_download_url'], args.skip)
diff --git a/base_os_sid/run_shell_same_user.sh b/base_os_sid/run_shell_same_user.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+export USER_ID=$(id -u)
+export GROUP_ID=$(id -g)
+docker run --rm -it -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=$DISPLAY \
+    --user $USER_ID:$GROUP_ID \
+    --env NO_AT_BRIDGE=1 \
+    --workdir="/home/$USER" \
+    --volume="/etc/group:/etc/group:ro" \
+    --volume="/home/$USER:/home/$USER:rw" \
+    --volume="/etc/passwd:/etc/passwd:ro" \
+    --volume="/etc/shadow:/etc/shadow:ro" \
+    --volume="/home/$USER:/home/$USER:rw" \
+    ghcr.io/inti-cmnb/base_os_sid:latest /bin/bash
diff --git a/base_os_sid/run_shell_same_user_debian.sh b/base_os_sid/run_shell_same_user_debian.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+mkdir -p /home/$USER/dockerx/cache/pip
+export USER_ID=$(id -u)
+export GROUP_ID=$(id -g)
+docker run -it -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=$DISPLAY \
+    --user $USER_ID:$GROUP_ID \
+    --env NO_AT_BRIDGE=1 \
+    --workdir="/home/$USER" \
+    --volume="/etc/group:/etc/group:ro" \
+    --volume="/home/$USER:/home/$USER:rw" \
+    --volume="/etc/passwd:/etc/passwd:ro" \
+    --volume="/etc/shadow:/etc/shadow:ro" \
+    --volume="/home/$USER:/home/$USER:rw" \
+    --volume="/home/$USER/dockerx:/dockerx:rw" \
+    --env XDG_CACHE_HOME="/dockerx/cache" \
+    --network=host \
+    --device=/dev/kfd \
+    --device=/dev/dri \
+    --group-add=video \
+    --ipc=host \
+    --cap-add=SYS_PTRACE \
+    --security-opt seccomp=unconfined \
+    debian:sid-slim /bin/bash