diff options
Diffstat (limited to 'Dockerfile')
| -rw-r--r-- | Dockerfile | 82 |
1 files changed, 52 insertions, 30 deletions
@@ -1,52 +1,73 @@ -# syntax=docker/dockerfile:1 -FROM python:3.11-slim-buster as builder +# syntax=docker/dockerfile:1.4 +FROM buildpack-deps:buster as builder-nsjail WORKDIR /nsjail RUN apt-get -y update \ - && apt-get install -y \ - bison=2:3.3.* \ - flex=2.6.* \ - g++=4:8.3.* \ - gcc=4:8.3.* \ - git=1:2.20.* \ - libprotobuf-dev=3.6.* \ - libnl-route-3-dev=3.4.* \ - make=4.2.* \ - pkg-config=0.29-6 \ - protobuf-compiler=3.6.* + && apt-get install -y --no-install-recommends \ + bison\ + flex \ + libprotobuf-dev\ + libnl-route-3-dev \ + protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* + RUN git clone -b master --single-branch https://github.com/google/nsjail.git . \ && git checkout dccf911fd2659e7b08ce9507c25b2b38ec2c5800 RUN make # ------------------------------------------------------------------------------ +FROM buildpack-deps:buster as builder-py-base + +ENV PYENV_ROOT=/pyenv \ + PYTHON_CONFIGURE_OPTS='--disable-test-modules --enable-optimizations \ + --with-lto --with-system-expat --without-ensurepip' + +RUN apt-get -y update \ + && apt-get install -y --no-install-recommends \ + libxmlsec1-dev \ + tk-dev \ + && rm -rf /var/lib/apt/lists/* + +COPY --link scripts/build_python.sh / + +# ------------------------------------------------------------------------------ +FROM builder-py-base as builder-py-3_11 +RUN git clone -b v2.3.24 --depth 1 https://github.com/pyenv/pyenv.git $PYENV_ROOT \ + && /build_python.sh 3.11.4 + +# ------------------------------------------------------------------------------ +FROM builder-py-base as builder-py-3_12 +RUN git clone -b v2.3.24 --depth 1 https://github.com/pyenv/pyenv.git $PYENV_ROOT \ + && /build_python.sh 3.12.0rc1 + +# ------------------------------------------------------------------------------ FROM python:3.11-slim-buster as base -# Everything will be a user install to allow snekbox's dependencies to be kept -# separate from the packages exposed during eval. -ENV PATH=/root/.local/bin:$PATH \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_NO_CACHE_DIR=false \ - PIP_USER=1 +ENV PIP_DISABLE_PIP_VERSION_CHECK=1 \ + PIP_NO_CACHE_DIR=false RUN apt-get -y update \ - && apt-get install -y \ - gcc=4:8.3.* \ - git=1:2.20.* \ - libnl-route-3-200=3.4.* \ - libprotobuf17=3.6.* \ + && apt-get install -y --no-install-recommends \ + gcc \ + git \ + libnl-route-3-200 \ + libprotobuf17 \ && rm -rf /var/lib/apt/lists/* -COPY --from=builder /nsjail/nsjail /usr/sbin/ -RUN chmod +x /usr/sbin/nsjail +COPY --link --from=builder-nsjail /nsjail/nsjail /usr/sbin/ +COPY --link --from=builder-py-3_11 /lang/ /lang/ +COPY --link --from=builder-py-3_12 /lang/ /lang/ + +RUN chmod +x /usr/sbin/nsjail \ + && ln -s /lang/python/3.11/ /lang/python/default # ------------------------------------------------------------------------------ FROM base as venv -COPY requirements/ /snekbox/requirements/ +COPY --link requirements/ /snekbox/requirements/ WORKDIR /snekbox -# pip installs to the default user site since PIP_USER is set. RUN pip install -U -r requirements/requirements.pip # This must come after the first pip command! From the docs: @@ -58,11 +79,12 @@ ARG DEV RUN if [ -n "${DEV}" ]; \ then \ pip install -U -r requirements/coverage.pip \ - && PYTHONUSERBASE=/snekbox/user_base pip install numpy~=1.19; \ + && export PYTHONUSERBASE=/snekbox/user_base \ + && /lang/python/default/bin/python -m pip install --user numpy~=1.19; \ fi # At the end to avoid re-installing dependencies when only a config changes. -COPY config/ /snekbox/config/ +COPY --link config/ /snekbox/config/ ENTRYPOINT ["gunicorn"] CMD ["-c", "config/gunicorn.conf.py"] |