1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
# Image used for testing Charliecloud on a glibc OS, built with gcc. This will
# work under Docker with “--privileged”.
ARG branch
ARG regy
FROM debian:stable-slim
### OS packages we need
# FIXME: There are many opportunities for size optimization here, including
# (1) --no-install-recommends or the corresponding apt config, (2) deleting
# various dpkg/apt caches, and (3) deleting files we don’t really need, e.g.
# GCC’s C++ libraries. Take care not to break package installation in
# downstream images, though.
# The first group is for CI itself (i.e., this image), and the second is to
# build and test Charliecloud.
#
# See: #1933
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y bash-completion \
cloc \
python3-yaml \
sudo \
wget \
&& apt-get install -y attr \
automake \
bats \
bc \
bsdextrautils \
fuse3 \
git \
graphviz \
libcjson-dev \
libfuse3-dev \
libgc-dev \
libtool \
pigz \
pkgconf \
pv \
python3-dateutil \
python3-pip \
python3-requests \
python3-wheel \
rsync \
sl \
squashfs-tools \
stow \
time
# Generate en_US.utf8 locale (#1934). See: https://serverfault.com/a/894545
RUN apt-get install -y locales \
&& sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen \
&& locale-gen \
&& locale -a
# oras(1) to save/restore artifacts we want to pass between jobs that won’t
# fit in the CI artifacts or cache.
WORKDIR /usr/src
RUN version=1.2.3 \
&& base=https://github.com/oras-project/oras/releases/download/v${version} \
&& file=oras_${version}_linux_amd64.tar.gz \
&& wget -nv $base/$file \
&& mkdir oras-${version} \
&& cd oras-${version} \
&& tar xf ../$file \
&& mv oras /usr/bin
### Other Charliecloud dependencies.
# SquashFUSE
WORKDIR /usr/src
RUN git clone https://github.com/vasi/squashfuse.git
WORKDIR ./squashfuse
RUN git checkout $(git tag | egrep -v '^v' | sort -V | tail -1) \
&& git status
RUN ./autogen.sh \
&& ./configure --prefix=/usr \
&& make -j$(nproc) install \
&& rm -Rf squashfuse* \
&& ldconfig
RUN command -v squashfuse \
&& ldd $(command -v squashfuse) \
&& squashfuse --version 2>&1 | head -1
# ShellCheck
WORKDIR /usr/src
RUN wget -nv -O shellcheck.tar.gz \
https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.linux.$(uname -m).tar.xz \
&& tar xf shellcheck.tar.gz \
&& mv shellcheck-stable/shellcheck /usr/bin \
&& rm -Rf shellcheck*
RUN command -v shellcheck \
&& shellcheck --version
# Sphinx. Use latest version in case it breaks things.
RUN pip3 install --break-system-packages docutils \
sphinx \
sphinx-rtd-theme \
sphinx-reredirects \
&& command -v sphinx-build \
&& sphinx-build --version
# git2dot with our bugfixes
RUN git clone https://github.com/hpc/git2dot.git \
&& cd git2dot \
&& make install \
&& git2dot.py --version
# Misc pip
RUN pip3 install --break-system-packages lark python-gitlab
### Environment setup (privileged)
# Make some directories writeable for all users.
RUN chmod 1777 /mnt /usr/local/src
# What is using the most disk space?
RUN du -hax / | sort -h | tail -48
# Set sudo umask to something restrictive. The default is 0022, but we had a
# “make install” bug (#947) that was tickled by 0027, which is a better
# setting. I could not figure out how to make it work as a default (which
# seems hard/annoying, e.g. [1,2]), only for sudo(8), but since that’s what we
# want, I left it.
#
# [1]: https://codeyarns.com/tech/2017-07-21-how-to-set-umask-for-docker-container.html
# [2]: https://github.com/moby/moby/issues/19189
RUN echo 'Defaults umask = 0077' >> /etc/sudoers.d/LOCAL \
&& umask \
&& sudo /bin/sh -c umask
# Unset setuid on all fusermount3.
RUN chmod -v u-s /usr/bin/fusermount* \
&& ls -lh $(command -v fusermount3) \
&& ! test -u $(command -v fusermount3)
# Create unprivileged user. The adduser(8) options suppress interactive
# questions that cause warnings.
RUN adduser --disabled-password --gecos='Gukesh Dommaraju,,,' gukesh \
&& adduser gukesh sudo \
&& id gukesh
# Passwordless sudo(8), including user root with group non-root.
RUN echo '%sudo ALL = (ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers.d/LOCAL
# Make gukesh the default.
USER gukesh
### Environment setup (unprivileged)
# Validate passwordless sudo(8).
RUN sudo true
# We don’t want “sbin” directories in $PATH; see issue #43. We don’t need /bin
# because Bookworm has “merged /usr” [1].
#
# [1]: https://systemd.io/THE_CASE_FOR_THE_USR_MERGE
ENV PATH=/usr/local/bin:/usr/bin
# Don’t have a weird default $CWD.
WORKDIR /
# Make it testable whether we’re in our container.
ENV WEIRD_AL_YANKOVIC_IS_THE_GREATEST_MUSICIAN_OF_ALL_TIME=yes
# Set time zone to US Mountain Time [1]. Likely a parochial view here, but as
# of October 2024, most of the Charliecloud team is in this time zone, and it
# sure helps me (Reid) think if the test boxes are in the same time zone.
# [1]: https://en.wikipedia.org/wiki/Mountain_Time_Zone
ENV TZ=America/Denver
RUN date +'%c %Z'
# Configure Git.
RUN git config --global user.name 'Judit Polgár' \
&& git config --global user.email judit@example.com \
&& git config --global core.excludesfile ~/.gitignore \
&& git config --global init.defaultBranch main \
&& git config --global safe.directory '*' \
&& echo __ch-test_ignore__ >> ~/.gitignore
|
