| Commit message (Collapse) | Author | Age | Lines |
|---|
| |
|
|
|
|
|
|
| |
Separate snekbox's Python interpreter from the interpreter used by
NsJail. This allows for the interpreters to be updated on different
cadences and provides better isolation of packages.
Each Python interpreter adds about 70 MB to the built image.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Pipenv was limited to only "normal" and "dev" dependencies. pip-tools
is more flexible, since each requirements file can be constrained by
more than one other requirements file. This means CI can choose to only
install coverage deps in the test job and linting deps in the lint job,
but these dependencies will still be constrained by each other and by
other requirements, so a developer will be able to install both sets
simultaneously without conflicts.
Use a Makefile to make up for the loss of Pipenv's scripts
functionality.
|
| |
|
|
|
| |
There will be more config files to come so it's cleaner to have them
together than littering the root directory with more files.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
devfs and sysfs were problematic since they were being mounted as
tmpfs, which is r/w. For example, the Python process could write to
cgroups. Now, only what is needed to run Python gets mounted. This
boils down to the venv itself and some shared libraries Python needs.
* Use a config file for NsJail instead of command-line options
* Map 65534 (nobody) user & group inside the user namespace to 65534
outside the namespace rather than mapping to current uid/guid (which
was 0 AKA root)
|
| | |
|
| |
|
|
|
|
|
| |
* Venv image can sync dev dependencies
* Copy tests to image
* Add a Pipenv script for running a development shell in a container
* Add Pipenv scripts for building dev images
|
| | |
|
| |
|
|
|
| |
This PR is to add CI settings to master and to test the PR CI pipeline.
|
| | |
|
| |
|
Mark
MarkKoz
scragly
Christopher Baklid