1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
|
# Image used for testing Charliecloud on AlmaLinux. See “debian.df” for
# various notes about these builds.
ARG branch
ARG regy
# FIXME: 10 seems to be missing a lot of packages.
FROM almalinux:9
### OS packages we need
# Note: The base AlmaLinux image is very bare-bones, i.e. missing a lot of
# typical stuff, e.g. diff(1), tar(1).
RUN dnf -y install 'dnf-command(config-manager)' \
&& dnf config-manager --set-enabled crb \
&& dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
&& dnf -y update
RUN dnf -y install automake \
bash-completion \
bats \
bc \
cjson-devel \
diffutils \
fuse3 \
fuse3-devel \
gc-devel \
git \
graphviz \
libtool \
libzstd-devel \
lz4-devel \
lzo-devel \
pigz \
procps-ng \
python3-pip \
rsync \
squashfs-tools \
stow \
sudo \
time \
wget \
xz-devel \
zlib
# debugging
RUN dnf -y install strace
# For reasons I don’t understand, the RPM package puts the squashfs-tools
# executables in /sbin.
RUN ln -s /usr/sbin/mksquashfs /usr/bin \
&& ln -s /usr/sbin/unsquashfs /usr/bin
# Generate en_US.utf8 locale (#1934).
RUN dnf -y install glibc-langpack-en \
&& locale -a
# oras(1)
WORKDIR /usr/src
RUN version=1.2.3 \
&& base=https://github.com/oras-project/oras/releases/download/v${version} \
&& file=oras_${version}_linux_amd64.tar.gz \
&& wget -nv $base/$file \
&& mkdir oras-${version} \
&& cd oras-${version} \
&& tar xf ../$file \
&& mv oras /usr/bin
### Other Charliecloud dependencies.
# SquashFUSE
WORKDIR /usr/src
RUN git clone https://github.com/vasi/squashfuse.git
WORKDIR ./squashfuse
RUN git checkout $(git tag | grep -Ev '^v' | sort -V | tail -1) \
&& git status
RUN ./autogen.sh \
&& ./configure --prefix=/usr \
&& make -j$(nproc) install \
&& rm -Rf squashfuse* \
&& ldconfig
RUN command -v squashfuse \
&& ldd $(command -v squashfuse) \
&& squashfuse --version 2>&1 | head -1
# ShellCheck
WORKDIR /usr/src
RUN wget -nv -O shellcheck.tar.gz \
https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.linux.$(uname -m).tar.xz \
&& tar xf shellcheck.tar.gz \
&& mv shellcheck-stable/shellcheck /usr/bin \
&& rm -Rf shellcheck*
RUN command -v shellcheck \
&& shellcheck --version
# Sphinx. Use latest version in case it breaks things.
RUN pip3 install docutils \
sphinx \
sphinx-rtd-theme \
sphinx-reredirects \
&& command -v sphinx-build \
&& sphinx-build --version
# git2dot with our bugfixes
RUN git clone https://github.com/hpc/git2dot.git \
&& cd git2dot \
&& make install \
&& git2dot.py --version
# Misc pip
RUN pip3 install lark python-gitlab
### Environment setup (privileged)
# Make some directories writeable for all users.
RUN chmod 1777 /mnt /usr/local/src
# What is using the most disk space?
RUN du -hax / | sort -h | tail -48
# sudo(8) umask.
RUN echo 'Defaults umask = 0077' >> /etc/sudoers.d/LOCAL \
&& umask \
&& sudo /bin/sh -c umask
# Unset setuid on all fusermount3.
RUN chmod -v u-s /usr/bin/fusermount* \
&& ls -lh $(command -v fusermount3) \
&& ! test -u $(command -v fusermount3)
# Create unprivileged user.
RUN useradd -c 'Gukesh Dommaraju' gukesh \
&& usermod -G wheel gukesh \
&& id gukesh
# Passwordless sudo(8), including user root with group non-root.
RUN echo '%wheel ALL = (ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers.d/LOCAL
# Make gukesh the default.
USER gukesh
### Environment setup (unprivileged)
# Validate passwordless sudo(8).
RUN sudo true
# Path.
ENV PATH=/src/bin:/usr/local/bin:/usr/bin
# Make it testable whether we’re in our container.
ENV WEIRD_AL_YANKOVIC_IS_THE_GREATEST_MUSICIAN_OF_ALL_TIME=yes
# Time zone.
ENV TZ=America/Denver
RUN date +'%c %Z'
# Configure Git.
RUN git config --global user.name 'Judit Polgár' \
&& git config --global user.email judit@example.com \
&& git config --global core.excludesfile ~/.gitignore \
&& git config --global init.defaultBranch main \
&& git config --global safe.directory '*' \
&& echo __ch-test_ignore__ >> ~/.gitignore
### Charliecloud build smoke test.
# FIXME: This complains that user+mount namespaces don’t work, but they do
# when I go into the container and try. Even the test program in config.log
# works. ???
#WORKDIR /usr/local/src
#RUN git clone https://gitlab.com/charliecloud/charliecloud.git \
# && cd charliecloud \
# && ./autogen.sh \
# && ./configure --with-gc=yes --with-json=yes --with-squashfuse=yes \
# && make \
# && bin/ch-run --version
### Done.
WORKDIR /
|
