From 2657852ee3e97ee2dc233c932bd7c88bceec94b1 Mon Sep 17 00:00:00 2001 From: Scragly <29337040+scragly@users.noreply.github.com> Date: Sun, 20 Jan 2019 20:42:34 +1000 Subject: Remove RMQ, Add API POST request method. --- docker/Dockerfile | 3 +++ docker/Dockerfile.webapp | 25 ------------------------- 2 files changed, 3 insertions(+), 25 deletions(-) delete mode 100644 docker/Dockerfile.webapp (limited to 'docker') diff --git a/docker/Dockerfile b/docker/Dockerfile index e8fa8a5..b8d5637 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,5 +1,7 @@ FROM pythondiscord/snekbox-base:latest +RUN apk add --update tini + RUN mkdir -p /snekbox COPY . /snekbox WORKDIR /snekbox @@ -7,4 +9,5 @@ WORKDIR /snekbox RUN pipenv --rm RUN pipenv sync +ENTRYPOINT ["/sbin/tini", "--"] CMD ["pipenv", "run", "snekbox"] diff --git a/docker/Dockerfile.webapp b/docker/Dockerfile.webapp deleted file mode 100644 index 988926d..0000000 --- a/docker/Dockerfile.webapp +++ /dev/null @@ -1,25 +0,0 @@ -FROM python:3.6.6-alpine3.7 - -RUN apk add --update tini -RUN apk add --update build-base - -ENV PIPENV_VENV_IN_PROJECT=1 -ENV PIPENV_IGNORE_VIRTUALENVS=1 -ENV PIPENV_NOSPIN=1 -ENV PIPENV_HIDE_EMOJIS=1 -ENV PYTHONPATH=/webapp - -RUN pip install pipenv - -RUN mkdir -p /webapp -COPY Pipfile /webapp -COPY Pipfile.lock /webapp -COPY . /webapp -WORKDIR /webapp - -RUN pipenv sync --dev - -EXPOSE 5000 - -ENTRYPOINT ["/sbin/tini", "--"] -CMD ["pipenv", "run", "snekweb"] -- cgit v1.2.3 From d1fe03b0a58f74ce897ba840e9d6313b2e6b14a6 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Fri, 29 Mar 2019 00:50:00 -0700 Subject: Restructure Docker images * Create a separate image for the virtual environment * Build NsJail in the base image * Remove the NsJail binaries * Replace tini with Docker's init feature * Update Python to 3.7.3 --- Pipfile | 2 +- binaries/nsjail2.5-alpine-x86_64 | Bin 678704 -> 0 bytes binaries/nsjail2.6-ubuntu-x86_64 | Bin 750328 -> 0 bytes docker-compose.yml | 3 ++- docker/Dockerfile | 12 +++--------- docker/base.Dockerfile | 41 ++++++++++++++++++++------------------- docker/venv.Dockerfile | 10 ++++++++++ snekbox/nsjail.py | 6 +++--- 8 files changed, 40 insertions(+), 34 deletions(-) delete mode 100644 binaries/nsjail2.5-alpine-x86_64 delete mode 100644 binaries/nsjail2.6-ubuntu-x86_64 create mode 100644 docker/venv.Dockerfile (limited to 'docker') diff --git a/Pipfile b/Pipfile index 3f67b54..788e900 100644 --- a/Pipfile +++ b/Pipfile @@ -22,7 +22,7 @@ flake8-string-format = "*" flake8-formatter-junit-xml = "*" [requires] -python_version = "3.6" +python_version = "3.7" [scripts] lint = "flake8" diff --git a/binaries/nsjail2.5-alpine-x86_64 b/binaries/nsjail2.5-alpine-x86_64 deleted file mode 100644 index 9af91fc..0000000 Binary files a/binaries/nsjail2.5-alpine-x86_64 and /dev/null differ diff --git a/binaries/nsjail2.6-ubuntu-x86_64 b/binaries/nsjail2.6-ubuntu-x86_64 deleted file mode 100644 index d8df21b..0000000 Binary files a/binaries/nsjail2.6-ubuntu-x86_64 and /dev/null differ diff --git a/docker-compose.yml b/docker-compose.yml index 2b22db4..1fe8e39 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,8 @@ -version: '3' +version: "3.7" services: pdsnk: hostname: "pdsnk" privileged: true image: pythondiscord/snekbox:latest network_mode: "host" + init: true diff --git a/docker/Dockerfile b/docker/Dockerfile index b8d5637..5ef8a88 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,13 +1,7 @@ -FROM pythondiscord/snekbox-base:latest +FROM pythondiscord/snekbox-venv:latest -RUN apk add --update tini +ENTRYPOINT ["pipenv", "run"] +CMD ["snekbox"] -RUN mkdir -p /snekbox COPY . /snekbox WORKDIR /snekbox - -RUN pipenv --rm -RUN pipenv sync - -ENTRYPOINT ["/sbin/tini", "--"] -CMD ["pipenv", "run", "snekbox"] diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile index cdbd98e..2883398 100644 --- a/docker/base.Dockerfile +++ b/docker/base.Dockerfile @@ -1,23 +1,24 @@ -FROM python:3.6.6-alpine3.7 - -RUN apk add --no-cache libstdc++ protobuf -RUN apk add --update build-base - -ENV PIPENV_VENV_IN_PROJECT=1 -ENV PIPENV_IGNORE_VIRTUALENVS=1 -ENV PIPENV_NOSPIN=1 -ENV PIPENV_HIDE_EMOJIS=1 -ENV PYTHONPATH=/snekbox +FROM alpine:3.9.2 as builder +RUN apk add --no-cache --update \ + bison \ + bsd-compat-headers \ + flex \ + g++ \ + gcc \ + git \ + libnl3-dev \ + linux-headers \ + make \ + protobuf-dev +RUN git clone --depth=1 https://github.com/google/nsjail.git /nsjail +WORKDIR /nsjail +RUN make +FROM python:3.7.3-alpine3.9 +RUN apk add --no-cache --update \ + libnl3 \ + libstdc++ \ + protobuf RUN pip install pipenv - -RUN mkdir -p /snekbox -COPY Pipfile /snekbox -COPY Pipfile.lock /snekbox -COPY . /snekbox -WORKDIR /snekbox - -RUN pipenv sync --dev - -RUN cp binaries/nsjail2.5-alpine-x86_64 /usr/sbin/nsjail +COPY --from=builder /nsjail/nsjail /usr/sbin/ RUN chmod +x /usr/sbin/nsjail diff --git a/docker/venv.Dockerfile b/docker/venv.Dockerfile new file mode 100644 index 0000000..9608d28 --- /dev/null +++ b/docker/venv.Dockerfile @@ -0,0 +1,10 @@ +FROM pythondiscord/snekbox-base:latest + +ENV PIPENV_VENV_IN_PROJECT=1 \ + PIPENV_NOSPIN=1 \ + PIPENV_HIDE_EMOJIS=1 + +COPY Pipfile Pipfile.lock /snekbox/ +WORKDIR /snekbox + +RUN pipenv sync --dev diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index 458a94e..ec43c25 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -8,7 +8,7 @@ class NsJail: def __init__(self, nsjail_binary='nsjail', - python_binary=os.path.dirname(sys.executable) + os.sep + 'python3.6'): + python_binary=os.path.dirname(sys.executable) + os.sep + 'python3.7'): self.nsjail_binary = nsjail_binary self.python_binary = python_binary self._nsjail_workaround() @@ -19,8 +19,8 @@ class NsJail: 'sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' ), 'LANG': 'en_US.UTF-8', - 'PYTHON_VERSION': '3.6.5', - 'PYTHON_PIP_VERSION': '10.0.1', + 'PYTHON_VERSION': '3.7.3', + 'PYTHON_PIP_VERSION': '19.0.3', 'PYTHONDONTWRITEBYTECODE': '1', } -- cgit v1.2.3 From db0892612ecb62d6e997b64df99c96e83d76d0fe Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Mon, 13 May 2019 02:38:07 -0700 Subject: Disable pip cache --- docker/base.Dockerfile | 1 + docker/venv.Dockerfile | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'docker') diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile index 2883398..19fc1b8 100644 --- a/docker/base.Dockerfile +++ b/docker/base.Dockerfile @@ -15,6 +15,7 @@ WORKDIR /nsjail RUN make FROM python:3.7.3-alpine3.9 +ENV PIP_NO_CACHE_DIR=false RUN apk add --no-cache --update \ libnl3 \ libstdc++ \ diff --git a/docker/venv.Dockerfile b/docker/venv.Dockerfile index 9608d28..b3df2b7 100644 --- a/docker/venv.Dockerfile +++ b/docker/venv.Dockerfile @@ -1,8 +1,10 @@ FROM pythondiscord/snekbox-base:latest -ENV PIPENV_VENV_IN_PROJECT=1 \ +ENV PIP_NO_CACHE_DIR=false \ + PIPENV_DONT_USE_PYENV=1 \ + PIPENV_HIDE_EMOJIS=1 \ PIPENV_NOSPIN=1 \ - PIPENV_HIDE_EMOJIS=1 + PIPENV_VENV_IN_PROJECT=1 COPY Pipfile Pipfile.lock /snekbox/ WORKDIR /snekbox -- cgit v1.2.3 From b4955decafa0915d998a7996e5db314cd360c18a Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Mon, 13 May 2019 04:29:49 -0700 Subject: Don't install dev dependencies in Docker image --- docker/venv.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docker') diff --git a/docker/venv.Dockerfile b/docker/venv.Dockerfile index b3df2b7..61aba58 100644 --- a/docker/venv.Dockerfile +++ b/docker/venv.Dockerfile @@ -9,4 +9,4 @@ ENV PIP_NO_CACHE_DIR=false \ COPY Pipfile Pipfile.lock /snekbox/ WORKDIR /snekbox -RUN pipenv sync --dev +RUN pipenv sync -- cgit v1.2.3 From cbc375b4a84aa07554b31b1608a82091ba671a58 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Thu, 6 Jun 2019 11:16:54 -0700 Subject: Add support for development to Docker images * Venv image can sync dev dependencies * Copy tests to image * Add a Pipenv script for running a development shell in a container * Add Pipenv scripts for building dev images --- .dockerignore | 1 + Pipfile | 34 ++++++++++++++++++++++++++++------ docker-compose.yml | 3 +++ docker/venv.Dockerfile | 3 ++- 4 files changed, 34 insertions(+), 7 deletions(-) (limited to 'docker') diff --git a/.dockerignore b/.dockerignore index 2a5ccec..7dc3fed 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,6 +3,7 @@ # Make exceptions for what's needed !snekbox +!tests !Pipfile !Pipfile.lock !LICENSE diff --git a/Pipfile b/Pipfile index 986116d..4f34df6 100644 --- a/Pipfile +++ b/Pipfile @@ -32,14 +32,36 @@ precommit = "pre-commit install" test = "pytest tests --cov . --cov-report term-missing -v" report = "pytest tests --cov . --cov-report=html" snekbox = """ - gunicorn - -w 2 - -b 0.0.0.0:8060 - --logger-class snekbox.GunicornLogger - --access-logformat '%(m)s %(U)s%(q)s %(s)s %(b)s %(L)ss' - --access-logfile - + gunicorn \ + -w 2 \ + -b 0.0.0.0:8060 \ + --logger-class snekbox.GunicornLogger \ + --access-logformat '%(m)s %(U)s%(q)s %(s)s %(b)s %(L)ss' \ + --access-logfile - \ snekbox.api.app """ +build-venv-dev = """ + docker build \ + -t pythondiscord/snekbox-venv:dev \ + -f docker/venv.Dockerfile + --build-arg DEV=1 \ + . +""" +devsh = """ + /usr/bin/env sh -c ' + docker run \ + -it \ + --rm \ + --privileged \ + --network host \ + -h pdsnk-dev \ + -e PIPENV_PIPFILE="/snekbox/Pipfile" \ + -v "$(pwd)":/snekbox-local \ + -w "/snekbox-local" \ + --entrypoint /bin/sh \ + pythondiscord/snekbox-venv:dev + ' +""" buildbox = "docker build -t pythondiscord/snekbox:latest -f docker/Dockerfile ." pushbox = "docker push pythondiscord/snekbox:latest" buildboxbase = "docker build -t pythondiscord/snekbox-base:latest -f docker/base.Dockerfile ." diff --git a/docker-compose.yml b/docker-compose.yml index 1fe8e39..d071a71 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,3 +6,6 @@ services: image: pythondiscord/snekbox:latest network_mode: "host" init: true + build: + context: . + dockerfile: docker/Dockerfile diff --git a/docker/venv.Dockerfile b/docker/venv.Dockerfile index 61aba58..85188fd 100644 --- a/docker/venv.Dockerfile +++ b/docker/venv.Dockerfile @@ -1,5 +1,6 @@ FROM pythondiscord/snekbox-base:latest +ARG DEV ENV PIP_NO_CACHE_DIR=false \ PIPENV_DONT_USE_PYENV=1 \ PIPENV_HIDE_EMOJIS=1 \ @@ -9,4 +10,4 @@ ENV PIP_NO_CACHE_DIR=false \ COPY Pipfile Pipfile.lock /snekbox/ WORKDIR /snekbox -RUN pipenv sync +RUN if [ -n "${DEV}" ]; pipenv sync --dev; then pipenv sync; fi -- cgit v1.2.3 From 0e89850f273cce3c522133e8c38587c673bb26d3 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Thu, 6 Jun 2019 12:45:46 -0700 Subject: Add NsJail alias and switch to ash --- .dockerignore | 1 + Pipfile | 3 ++- docker/.profile | 25 +++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 docker/.profile (limited to 'docker') diff --git a/.dockerignore b/.dockerignore index 7dc3fed..afc786a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,6 +2,7 @@ * # Make exceptions for what's needed +!docker/.profile !snekbox !tests !Pipfile diff --git a/Pipfile b/Pipfile index 4f34df6..492008a 100644 --- a/Pipfile +++ b/Pipfile @@ -56,9 +56,10 @@ devsh = """ --network host \ -h pdsnk-dev \ -e PIPENV_PIPFILE="/snekbox/Pipfile" \ + -e ENV="/snekbox-local/docker/.profile" \ -v "$(pwd)":/snekbox-local \ -w "/snekbox-local" \ - --entrypoint /bin/sh \ + --entrypoint /bin/ash \ pythondiscord/snekbox-venv:dev ' """ diff --git a/docker/.profile b/docker/.profile new file mode 100644 index 0000000..415e4f6 --- /dev/null +++ b/docker/.profile @@ -0,0 +1,25 @@ +nsjpy() { + local nsj_args="" + while [ "$#" -gt 1 ]; do + nsj_args="${nsj_args:+${nsj_args} }$1" + shift + done + + mkdir -p /sys/fs/cgroup/pids/NSJAIL + mkdir -p /sys/fs/cgroup/memory/NSJAIL + nsjail \ + -Mo \ + --rlimit_as 700 \ + --chroot / \ + -E LANG=en_US.UTF-8 \ + -R/usr -R/lib -R/lib64 \ + --user nobody \ + --group nogroup \ + --time_limit 2 \ + --disable_proc \ + --iface_no_lo \ + --cgroup_pids_max=1 \ + --cgroup_mem_max=52428800 \ + $nsj_args -- \ + /snekbox/.venv/bin/python3 -Iq -c "$@" +} -- cgit v1.2.3 From 2c843101843b975ece546b8921d53b3dd4e6974d Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Thu, 6 Jun 2019 16:54:33 -0700 Subject: Create shell script for building a dev image and running a shell * Put scripts in a new scripts folder --- Pipfile | 24 +----------------------- docker/.profile | 25 ------------------------- scripts/.profile | 25 +++++++++++++++++++++++++ scripts/dev.sh | 45 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 71 insertions(+), 48 deletions(-) delete mode 100644 docker/.profile create mode 100644 scripts/.profile create mode 100755 scripts/dev.sh (limited to 'docker') diff --git a/Pipfile b/Pipfile index 492008a..1e9ec67 100644 --- a/Pipfile +++ b/Pipfile @@ -40,29 +40,7 @@ snekbox = """ --access-logfile - \ snekbox.api.app """ -build-venv-dev = """ - docker build \ - -t pythondiscord/snekbox-venv:dev \ - -f docker/venv.Dockerfile - --build-arg DEV=1 \ - . -""" -devsh = """ - /usr/bin/env sh -c ' - docker run \ - -it \ - --rm \ - --privileged \ - --network host \ - -h pdsnk-dev \ - -e PIPENV_PIPFILE="/snekbox/Pipfile" \ - -e ENV="/snekbox-local/docker/.profile" \ - -v "$(pwd)":/snekbox-local \ - -w "/snekbox-local" \ - --entrypoint /bin/ash \ - pythondiscord/snekbox-venv:dev - ' -""" +devsh = "scripts/dev.sh" buildbox = "docker build -t pythondiscord/snekbox:latest -f docker/Dockerfile ." pushbox = "docker push pythondiscord/snekbox:latest" buildboxbase = "docker build -t pythondiscord/snekbox-base:latest -f docker/base.Dockerfile ." diff --git a/docker/.profile b/docker/.profile deleted file mode 100644 index 415e4f6..0000000 --- a/docker/.profile +++ /dev/null @@ -1,25 +0,0 @@ -nsjpy() { - local nsj_args="" - while [ "$#" -gt 1 ]; do - nsj_args="${nsj_args:+${nsj_args} }$1" - shift - done - - mkdir -p /sys/fs/cgroup/pids/NSJAIL - mkdir -p /sys/fs/cgroup/memory/NSJAIL - nsjail \ - -Mo \ - --rlimit_as 700 \ - --chroot / \ - -E LANG=en_US.UTF-8 \ - -R/usr -R/lib -R/lib64 \ - --user nobody \ - --group nogroup \ - --time_limit 2 \ - --disable_proc \ - --iface_no_lo \ - --cgroup_pids_max=1 \ - --cgroup_mem_max=52428800 \ - $nsj_args -- \ - /snekbox/.venv/bin/python3 -Iq -c "$@" -} diff --git a/scripts/.profile b/scripts/.profile new file mode 100644 index 0000000..415e4f6 --- /dev/null +++ b/scripts/.profile @@ -0,0 +1,25 @@ +nsjpy() { + local nsj_args="" + while [ "$#" -gt 1 ]; do + nsj_args="${nsj_args:+${nsj_args} }$1" + shift + done + + mkdir -p /sys/fs/cgroup/pids/NSJAIL + mkdir -p /sys/fs/cgroup/memory/NSJAIL + nsjail \ + -Mo \ + --rlimit_as 700 \ + --chroot / \ + -E LANG=en_US.UTF-8 \ + -R/usr -R/lib -R/lib64 \ + --user nobody \ + --group nogroup \ + --time_limit 2 \ + --disable_proc \ + --iface_no_lo \ + --cgroup_pids_max=1 \ + --cgroup_mem_max=52428800 \ + $nsj_args -- \ + /snekbox/.venv/bin/python3 -Iq -c "$@" +} diff --git a/scripts/dev.sh b/scripts/dev.sh new file mode 100755 index 0000000..490021f --- /dev/null +++ b/scripts/dev.sh @@ -0,0 +1,45 @@ +#!/usr/bin/env sh + +# Sets up a development environment and runs a shell in a docker container. +# Usage: dev.sh [--build [--clean]] [ash_args ...] + +if [ "$1" = "--build" ]; then + shift + printf "Building pythondiscord/snekbox-venv:dev..." + + docker build \ + -t pythondiscord/snekbox-venv:dev \ + -f docker/venv.Dockerfile \ + --build-arg DEV=1 \ + -q \ + . \ + >/dev/null \ + && printf " done!\n" || exit "$?" + + if [ "$1" = "--clean" ]; then + shift + dangling_imgs=$(docker images -f "dangling=true" -q) + + if [ -n "${dangling_imgs}" ]; then + printf "Removing dangling images..." + + docker rmi $dangling_imgs >/dev/null \ + && printf " done!\n" || exit "$?" + fi + fi +fi + +docker run \ + -it \ + --rm \ + --privileged \ + --network host \ + -h pdsnk-dev \ + -e PYTHONDONTWRITEBYTECODE=1 \ + -e PIPENV_PIPFILE="/snekbox/Pipfile" \ + -e ENV="/snekbox-local/scripts/.profile" \ + -v "${PWD}":/snekbox-local \ + -w "/snekbox-local" \ + --entrypoint /bin/ash \ + pythondiscord/snekbox-venv:dev \ + "$@" -- cgit v1.2.3 From c01e409e853d0805fbf55469f5047cdddc4acf9f Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sun, 4 Aug 2019 23:30:37 -0700 Subject: Pin NsJail version --- docker/base.Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'docker') diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile index 19fc1b8..14645d9 100644 --- a/docker/base.Dockerfile +++ b/docker/base.Dockerfile @@ -10,7 +10,8 @@ RUN apk add --no-cache --update \ linux-headers \ make \ protobuf-dev -RUN git clone --depth=1 https://github.com/google/nsjail.git /nsjail +RUN git clone --depth=1 https://github.com/google/nsjail.git /nsjail \ + && git checkout 0b1d5ac03932c140f08536ed72b4b58741e7d3cf WORKDIR /nsjail RUN make -- cgit v1.2.3 From 6610e6c8a6e3d2cfa9b6cb9bffb2b0ea8efb114d Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sun, 4 Aug 2019 23:32:35 -0700 Subject: Update base image --- docker/base.Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docker') diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile index 14645d9..75680b6 100644 --- a/docker/base.Dockerfile +++ b/docker/base.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9.2 as builder +FROM alpine:3.10 as builder RUN apk add --no-cache --update \ bison \ bsd-compat-headers \ @@ -15,7 +15,7 @@ RUN git clone --depth=1 https://github.com/google/nsjail.git /nsjail \ WORKDIR /nsjail RUN make -FROM python:3.7.3-alpine3.9 +FROM python:3.7.4-alpine3.10 ENV PIP_NO_CACHE_DIR=false RUN apk add --no-cache --update \ libnl3 \ -- cgit v1.2.3 From a865f1cf1dc38526cea12fbe3a8b36199170e78f Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sun, 4 Aug 2019 23:35:19 -0700 Subject: Base image: cd into cloned repo before checkout --- docker/base.Dockerfile | 1 + 1 file changed, 1 insertion(+) (limited to 'docker') diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile index 75680b6..9173542 100644 --- a/docker/base.Dockerfile +++ b/docker/base.Dockerfile @@ -11,6 +11,7 @@ RUN apk add --no-cache --update \ make \ protobuf-dev RUN git clone --depth=1 https://github.com/google/nsjail.git /nsjail \ + && cd /nsjail \ && git checkout 0b1d5ac03932c140f08536ed72b4b58741e7d3cf WORKDIR /nsjail RUN make -- cgit v1.2.3 From 2cd5efbdb9d077701ed9a0e5bb0a5106daef6fef Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Mon, 5 Aug 2019 10:35:39 -0700 Subject: Pin dependencies in base image --- docker/base.Dockerfile | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'docker') diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile index 9173542..de33a5e 100644 --- a/docker/base.Dockerfile +++ b/docker/base.Dockerfile @@ -1,15 +1,15 @@ FROM alpine:3.10 as builder RUN apk add --no-cache --update \ - bison \ - bsd-compat-headers \ - flex \ - g++ \ - gcc \ - git \ - libnl3-dev \ - linux-headers \ - make \ - protobuf-dev + bison~=3.3 \ + bsd-compat-headers~=0.7 \ + flex~=2.6 \ + g++~=8.3 \ + gcc~=8.3 \ + git~=2.22 \ + libnl3-dev~=3.4 \ + linux-headers~=4.19 \ + make~=4.2 \ + protobuf-dev~=3.6 RUN git clone --depth=1 https://github.com/google/nsjail.git /nsjail \ && cd /nsjail \ && git checkout 0b1d5ac03932c140f08536ed72b4b58741e7d3cf @@ -19,9 +19,9 @@ RUN make FROM python:3.7.4-alpine3.10 ENV PIP_NO_CACHE_DIR=false RUN apk add --no-cache --update \ - libnl3 \ - libstdc++ \ - protobuf -RUN pip install pipenv + libnl3~-3.4 \ + libstdc++~=8.3 \ + protobuf~=3.6 +RUN pip install pipenv==2018.11.26 COPY --from=builder /nsjail/nsjail /usr/sbin/ RUN chmod +x /usr/sbin/nsjail -- cgit v1.2.3 From 7bd4856330df359a3d9ed067cd107d20985f1a7b Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Mon, 5 Aug 2019 10:38:30 -0700 Subject: Fix version specifier for libnl3 --- docker/base.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docker') diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile index de33a5e..993e45d 100644 --- a/docker/base.Dockerfile +++ b/docker/base.Dockerfile @@ -19,7 +19,7 @@ RUN make FROM python:3.7.4-alpine3.10 ENV PIP_NO_CACHE_DIR=false RUN apk add --no-cache --update \ - libnl3~-3.4 \ + libnl3~=3.4 \ libstdc++~=8.3 \ protobuf~=3.6 RUN pip install pipenv==2018.11.26 -- cgit v1.2.3 From fce148f85b5ba02b3ddb80c41c69b17ad3f11a5f Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Tue, 3 Sep 2019 17:51:20 -0700 Subject: CI: fix NsJail clone in base Docker image Unspecify the depth to make the clone non-shallow again. A depth of 1 was too shallow as it only allowed the latest commit to be cloned. An arbitrary larger depth would still break eventually. The repository is small enough to not warrant a shallow clone anyway. --- docker/base.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docker') diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile index 993e45d..1edff49 100644 --- a/docker/base.Dockerfile +++ b/docker/base.Dockerfile @@ -10,7 +10,7 @@ RUN apk add --no-cache --update \ linux-headers~=4.19 \ make~=4.2 \ protobuf-dev~=3.6 -RUN git clone --depth=1 https://github.com/google/nsjail.git /nsjail \ +RUN git clone https://github.com/google/nsjail.git /nsjail \ && cd /nsjail \ && git checkout 0b1d5ac03932c140f08536ed72b4b58741e7d3cf WORKDIR /nsjail -- cgit v1.2.3