diff options
| author | 2019-03-29 00:50:00 -0700 | |
|---|---|---|
| committer | 2019-03-29 00:56:56 -0700 | |
| commit | d1fe03b0a58f74ce897ba840e9d6313b2e6b14a6 (patch) | |
| tree | 8a52761b7f28f523918e123890e6f4cca646eb81 | |
| parent | Remove GitLab CI config (diff) | |
Restructure Docker images
* Create a separate image for the virtual environment
* Build NsJail in the base image
    * Remove the NsJail binaries
* Replace tini with Docker's init feature
* Update Python to 3.7.3
| -rw-r--r-- | Pipfile | 2 | ||||
| -rw-r--r-- | binaries/nsjail2.5-alpine-x86_64 | bin | 678704 -> 0 bytes | |||
| -rw-r--r-- | binaries/nsjail2.6-ubuntu-x86_64 | bin | 750328 -> 0 bytes | |||
| -rw-r--r-- | docker-compose.yml | 3 | ||||
| -rw-r--r-- | docker/Dockerfile | 12 | ||||
| -rw-r--r-- | docker/base.Dockerfile | 41 | ||||
| -rw-r--r-- | docker/venv.Dockerfile | 10 | ||||
| -rw-r--r-- | snekbox/nsjail.py | 6 | 
8 files changed, 40 insertions, 34 deletions
| @@ -22,7 +22,7 @@ flake8-string-format = "*"  flake8-formatter-junit-xml = "*"  [requires] -python_version = "3.6" +python_version = "3.7"  [scripts]  lint = "flake8" diff --git a/binaries/nsjail2.5-alpine-x86_64 b/binaries/nsjail2.5-alpine-x86_64Binary files differ deleted file mode 100644 index 9af91fc..0000000 --- a/binaries/nsjail2.5-alpine-x86_64 +++ /dev/null diff --git a/binaries/nsjail2.6-ubuntu-x86_64 b/binaries/nsjail2.6-ubuntu-x86_64Binary files differ deleted file mode 100644 index d8df21b..0000000 --- a/binaries/nsjail2.6-ubuntu-x86_64 +++ /dev/null diff --git a/docker-compose.yml b/docker-compose.yml index 2b22db4..1fe8e39 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,8 @@ -version: '3' +version: "3.7"  services:    pdsnk:      hostname: "pdsnk"      privileged: true      image: pythondiscord/snekbox:latest      network_mode: "host" +    init: true diff --git a/docker/Dockerfile b/docker/Dockerfile index b8d5637..5ef8a88 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,13 +1,7 @@ -FROM pythondiscord/snekbox-base:latest +FROM pythondiscord/snekbox-venv:latest -RUN apk add --update tini +ENTRYPOINT ["pipenv", "run"] +CMD ["snekbox"] -RUN mkdir -p /snekbox  COPY . /snekbox  WORKDIR /snekbox - -RUN pipenv --rm -RUN pipenv sync - -ENTRYPOINT ["/sbin/tini", "--"] -CMD ["pipenv", "run", "snekbox"] diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile index cdbd98e..2883398 100644 --- a/docker/base.Dockerfile +++ b/docker/base.Dockerfile @@ -1,23 +1,24 @@ -FROM python:3.6.6-alpine3.7 - -RUN apk add --no-cache libstdc++ protobuf -RUN apk add --update build-base - -ENV PIPENV_VENV_IN_PROJECT=1 -ENV PIPENV_IGNORE_VIRTUALENVS=1 -ENV PIPENV_NOSPIN=1 -ENV PIPENV_HIDE_EMOJIS=1 -ENV PYTHONPATH=/snekbox +FROM alpine:3.9.2 as builder +RUN apk add --no-cache --update  \ +        bison \ +        bsd-compat-headers \ +        flex \ +        g++ \ +        gcc \ +        git \ +        libnl3-dev \ +        linux-headers \ +        make \ +        protobuf-dev +RUN git clone --depth=1 https://github.com/google/nsjail.git /nsjail +WORKDIR /nsjail +RUN make +FROM python:3.7.3-alpine3.9 +RUN apk add --no-cache --update \ +        libnl3 \ +        libstdc++ \ +        protobuf  RUN pip install pipenv - -RUN mkdir -p /snekbox -COPY Pipfile /snekbox -COPY Pipfile.lock /snekbox -COPY . /snekbox -WORKDIR /snekbox - -RUN pipenv sync --dev - -RUN cp binaries/nsjail2.5-alpine-x86_64 /usr/sbin/nsjail +COPY --from=builder /nsjail/nsjail /usr/sbin/  RUN chmod +x /usr/sbin/nsjail diff --git a/docker/venv.Dockerfile b/docker/venv.Dockerfile new file mode 100644 index 0000000..9608d28 --- /dev/null +++ b/docker/venv.Dockerfile @@ -0,0 +1,10 @@ +FROM pythondiscord/snekbox-base:latest + +ENV PIPENV_VENV_IN_PROJECT=1 \ +    PIPENV_NOSPIN=1 \ +    PIPENV_HIDE_EMOJIS=1 + +COPY Pipfile Pipfile.lock /snekbox/ +WORKDIR /snekbox + +RUN pipenv sync --dev diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index 458a94e..ec43c25 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -8,7 +8,7 @@ class NsJail:      def __init__(self,                   nsjail_binary='nsjail', -                 python_binary=os.path.dirname(sys.executable) + os.sep + 'python3.6'): +                 python_binary=os.path.dirname(sys.executable) + os.sep + 'python3.7'):          self.nsjail_binary = nsjail_binary          self.python_binary = python_binary          self._nsjail_workaround() @@ -19,8 +19,8 @@ class NsJail:              'sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'          ),          'LANG': 'en_US.UTF-8', -        'PYTHON_VERSION': '3.6.5', -        'PYTHON_PIP_VERSION': '10.0.1', +        'PYTHON_VERSION': '3.7.3', +        'PYTHON_PIP_VERSION': '19.0.3',          'PYTHONDONTWRITEBYTECODE': '1',      } | 
