From 0fcd634b9f5e0fd5bcece5fb2d94cf5b5461b971 Mon Sep 17 00:00:00 2001 From: "Salvador E. Tropea" Date: Tue, 19 Mar 2024 06:25:21 -0300 Subject: [PATCH] Added Debian Sid base image --- .../workflows/docker-image-base_os_sid.yml | 45 ++++++++++ base_os_sid/Dockerfile | 34 ++++++++ base_os_sid/build.sh | 8 ++ base_os_sid/debconf.conf | 85 +++++++++++++++++++ base_os_sid/dl_deb.py | 70 +++++++++++++++ base_os_sid/run_shell_same_user.sh | 13 +++ base_os_sid/run_shell_same_user_debian.sh | 23 +++++ 7 files changed, 278 insertions(+) create mode 100644 .github/workflows/docker-image-base_os_sid.yml create mode 100644 base_os_sid/Dockerfile create mode 100755 base_os_sid/build.sh create mode 100644 base_os_sid/debconf.conf create mode 100755 base_os_sid/dl_deb.py create mode 100755 base_os_sid/run_shell_same_user.sh create mode 100755 base_os_sid/run_shell_same_user_debian.sh diff --git a/.github/workflows/docker-image-base_os_sid.yml b/.github/workflows/docker-image-base_os_sid.yml new file mode 100644 index 0000000..a1813c5 --- /dev/null +++ b/.github/workflows/docker-image-base_os_sid.yml @@ -0,0 +1,45 @@ +name: Base OS Docker image (experimental) + +on: + push: + tags: + - bsid_* + repository_dispatch: + types: [build_base_os_sid] +# schedule: +# - cron: '43 5 * * 1-5' + +jobs: + push_to_registry: + name: Push Docker image to Docker Hub + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push Docker image + run: | + cd base_os_sid + ./build.sh + + - name: Trigger Base OS full image build + run: | + curl -X POST -u "${{secrets.PAT_USERNAME}}:${{secrets.PAT_TOKEN}}" -H "Accept: application/vnd.github.v3+json" -H "Content-Type: application/json" https://api.github.com/repos/INTI-CMNB/kicad_debian/dispatches --data '{"event_type": "build_base_os_sid_full"}' + # curl -X POST -u "${{secrets.PAT_USERNAME}}:${{secrets.PAT_TOKEN}}" -H "Accept: application/vnd.github.v3+json" -H "Content-Type: application/json" https://api.github.com/repos/INTI-CMNB/kicad_debian/dispatches --data '{"event_type": "build_sid"}' diff --git a/base_os_sid/Dockerfile b/base_os_sid/Dockerfile new file mode 100644 index 0000000..761f17e --- /dev/null +++ b/base_os_sid/Dockerfile @@ -0,0 +1,34 @@ +FROM debian:sid-slim +MAINTAINER Salvador E. Tropea +LABEL Description="Debian with basic tools for KiBot (experimental)" +LABEL org.opencontainers.image.description "Debian with basic tools for KiBot (experimental)" + +ARG DEBIAN_FRONTEND=noninteractive +ENV TZ=Etc/UTC +COPY dl_deb.py /usr/bin/ +COPY debconf.conf /etc/ +RUN sed -i -e's/ main/ main contrib non-free/g' /etc/apt/sources.list.d/debian.sources && \ + apt-get update && \ + apt-get -y install --no-install-recommends git make rar bzip2 librsvg2-bin ghostscript && \ + apt-get -y install --no-install-recommends imagemagick python3-qrcodegen poppler-utils python3-requests python3-xlsxwriter python3-mistune && \ + echo "KiCost Digi-Key plugin dependencies" && \ + apt -y install --no-install-recommends python3-certifi python3-dateutil python3-inflection python3-openssl python3-pkg-resources python3-requests python3-six python3-tldextract python3-urllib3 && \ + echo "KiCost dependencies" && \ + apt -y install --no-install-recommends python3-bs4 python3-colorama python3-lxml python3-requests python3-tqdm python3-validators python3-wxgtk4.0 python3-yaml && \ + echo "KiKit dependencies" && \ + apt -y install --no-install-recommends python3-click python3-commentjson python3-markdown2 python3-numpy python3-shapely openscad && \ + echo "KiAuto dependencies" && \ + apt -y install --no-install-recommends python3-psutil python3-xvfbwrapper recordmydesktop xdotool xsltproc xclip && \ + echo "KiDiff dependencies" && \ + apt -y install --no-install-recommends xdg-utils && \ + sed -i 's///g' /etc/ImageMagick-6/policy.xml && \ + sed -i 's///g' /etc/ImageMagick-6/policy.xml && \ + echo "Needed for GitHub, seen on git 2.39.1" && \ + echo "[safe]" >> /etc/gitconfig && \ + echo " directory = *" >> /etc/gitconfig && \ + echo '[protocol "file"]' >> /etc/gitconfig && \ + echo ' allow = always' >> /etc/gitconfig && \ + apt-get -y autoremove && \ + rm -rf /var/lib/apt/lists/* /var/lib/dpkg/status-old && \ + rm -rf /usr/share/icons/Adwaita/ + diff --git a/base_os_sid/build.sh b/base_os_sid/build.sh new file mode 100755 index 0000000..783d967 --- /dev/null +++ b/base_os_sid/build.sh @@ -0,0 +1,8 @@ +#!/bin/sh +set -e +docker build -f Dockerfile -t ghcr.io/inti-cmnb/base_os_sid:latest . +TG=d_sid +docker tag ghcr.io/inti-cmnb/base_os_sid:latest ghcr.io/inti-cmnb/base_os_sid:${TG} +docker push ghcr.io/inti-cmnb/base_os_sid:${TG} +docker push ghcr.io/inti-cmnb/base_os_sid:latest + diff --git a/base_os_sid/debconf.conf b/base_os_sid/debconf.conf new file mode 100644 index 0000000..0b02bdd --- /dev/null +++ b/base_os_sid/debconf.conf @@ -0,0 +1,85 @@ +# This is the main config file for debconf. It tells debconf where to +# store data. The format of this file is a set of stanzas. Each stanza +# except the first sets up a database for debconf to use. For details, see +# debconf.conf(5) (in the debconf-doc package). +# +# So first things first. This first stanza gives the names of two databases. + +# Debconf will use this database to store the data you enter into it, +# and some other dynamic data. +Config: configdb +# Debconf will use this database to store static template data. +Templates: templatedb + +# World-readable, and accepts everything but passwords. +Name: config +Driver: File +Mode: 644 +Reject-Type: password +Filename: /var/cache/debconf/config.dat +Backup: false + +# Not world readable (the default), and accepts only passwords. +Name: passwords +Driver: File +Mode: 600 +Backup: false +Required: false +Accept-Type: password +Filename: /var/cache/debconf/passwords.dat + +# Set up the configdb database. By default, it consists of a stack of two +# databases, one to hold passwords and one for everything else. +Name: configdb +Driver: Stack +Stack: config, passwords + +# Set up the templatedb database, which is a single flat text file +# by default. +Name: templatedb +Driver: File +Mode: 644 +Filename: /var/cache/debconf/templates.dat +Backup: false + +# Well that was pretty straightforward, and it will be enough for most +# people's needs, but debconf's database drivers can be used to do much +# more interesting things. For example, suppose you want to use config +# data from another host, which is mounted over nfs or perhaps the database +# is accessed via LDAP. You don't want to write to the remote debconf database, +# just read from it, so you still need a local database for local changes. +# +# A remote NFS mounted database, read-only. It is optional; if debconf +# fails to use it it will not abort. +#Name: remotedb +#Driver: DirTree +#Directory: /mnt/otherhost/var/cache/debconf/config +#Readonly: true +#Required: false +# +# A remote LDAP database. It is also read-only. The password is really +# only necessary if the database is not accessible anonymously. +# Option KeyByKey instructs the backend to retrieve keys from the LDAP +# server individually (when they are requested), instead of loading all +# keys at startup. The default is 0, and should only be enabled if you +# want to track accesses to individual keys on the LDAP server side. +#Name: remotedb +#Driver: LDAP +#Server: remotehost +#BaseDN: cn=debconf,dc=domain,dc=com +#BindDN: uid=admin,dc=domain,dc=com +#BindPasswd: secret +#KeyByKey: 0 +# +# A stack consisting of two databases. Values will be read from +# the first database in the stack to contain a value. In this example, +# writes always go to the first database. +#Name: fulldb +#Driver: Stack +#Stack: configdb, remotedb +# +# In this example, we'd use Config: fulldb at the top of the file +# to make it use the combination of the databases. +# +# Even more complex and interesting setups are possible, see the +# debconf.conf(5) page for details. diff --git a/base_os_sid/dl_deb.py b/base_os_sid/dl_deb.py new file mode 100755 index 0000000..0abfb53 --- /dev/null +++ b/base_os_sid/dl_deb.py @@ -0,0 +1,70 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Copyright (c) 2023 Salvador E. Tropea +# Copyright (c) 2023 Instituto Nacional de Tecnologïa Industrial +# License: GPLv3 +# Simple Git Hub release downloader +import argparse +import json +import os +import requests +import sys +from time import sleep +from urllib.parse import unquote + + +USER_AGENT = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0' + + +def error(msg): + print(msg) + exit(3) + + +def get_request(url): + retry = 4 + while retry: + r = requests.get(url, timeout=20, allow_redirects=True, headers={'User-Agent': USER_AGENT}) + if r.status_code == 200: + return r + if r.status_code == 403: + # GitHub returns 403 randomly (saturated?) + sleep(1 << (4-retry)) + retry -= 1 + else: + retry = 0 + error(f'Failed to get release info, status {r.status_code}') + + +def download(url, skip): + fname = unquote(os.path.basename(url)) + for s in skip: + if fname.startswith(s): + print(f"Skipping `{fname}`") + return + if os.path.isfile(fname): + print(f"`{fname}` already downloaded, won't overwrite") + return + print(f"Downloading `{fname}`") + res = get_request(url) + print(f"Saving `{fname}`") + with open(fname, 'wb') as f: + f.write(res.content) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Debian package downloader for GitHub releases') + + parser.add_argument('project', help='The user/project to fetch') + parser.add_argument('--skip', '-s', help='Skip files starting with', type=str, nargs='+', default=[]) + parser.add_argument('--release', '-r', help='Release to download', type=str, default='latest') + args = parser.parse_args() + + if args.release != 'latest': + args.release = 'tags/'+args.release + url = 'https://api.github.com/repos/'+args.project+'/releases/'+args.release + print(f"Downloading `{args.release}` release of `{args.project}` ({url})") + res = get_request(url) + r = res.json() + for a in r['assets']: + download(a['browser_download_url'], args.skip) diff --git a/base_os_sid/run_shell_same_user.sh b/base_os_sid/run_shell_same_user.sh new file mode 100755 index 0000000..3607e85 --- /dev/null +++ b/base_os_sid/run_shell_same_user.sh @@ -0,0 +1,13 @@ +#!/bin/sh +export USER_ID=$(id -u) +export GROUP_ID=$(id -g) +docker run --rm -it -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=$DISPLAY \ + --user $USER_ID:$GROUP_ID \ + --env NO_AT_BRIDGE=1 \ + --workdir="/home/$USER" \ + --volume="/etc/group:/etc/group:ro" \ + --volume="/home/$USER:/home/$USER:rw" \ + --volume="/etc/passwd:/etc/passwd:ro" \ + --volume="/etc/shadow:/etc/shadow:ro" \ + --volume="/home/$USER:/home/$USER:rw" \ + ghcr.io/inti-cmnb/base_os_sid:latest /bin/bash diff --git a/base_os_sid/run_shell_same_user_debian.sh b/base_os_sid/run_shell_same_user_debian.sh new file mode 100755 index 0000000..f5da6ec --- /dev/null +++ b/base_os_sid/run_shell_same_user_debian.sh @@ -0,0 +1,23 @@ +#!/bin/sh +mkdir -p /home/$USER/dockerx/cache/pip +export USER_ID=$(id -u) +export GROUP_ID=$(id -g) +docker run -it -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=$DISPLAY \ + --user $USER_ID:$GROUP_ID \ + --env NO_AT_BRIDGE=1 \ + --workdir="/home/$USER" \ + --volume="/etc/group:/etc/group:ro" \ + --volume="/home/$USER:/home/$USER:rw" \ + --volume="/etc/passwd:/etc/passwd:ro" \ + --volume="/etc/shadow:/etc/shadow:ro" \ + --volume="/home/$USER:/home/$USER:rw" \ + --volume="/home/$USER/dockerx:/dockerx:rw" \ + --env XDG_CACHE_HOME="/dockerx/cache" \ + --network=host \ + --device=/dev/kfd \ + --device=/dev/dri \ + --group-add=video \ + --ipc=host \ + --cap-add=SYS_PTRACE \ + --security-opt seccomp=unconfined \ + debian:sid-slim /bin/bash