eec9163e0e
Fix multiple problems with python modules that cause build errors.
* Avoid replacing RPM-owned python modules with pip:
- Remove python-tox: installed via pip later in Dockerfile
- Remove python-testrepository: installed via pip later in Dockerfile
(required by pbr)
- Add python-virtualenv: was pulled in by one of the removed packages
above
* builder-constraints.txt: used only for global packages:
- Move all version constraints of Dockerfile into constraints file
- Remove filelock and platformdirs packages (required by tox -- see
below).
- git-review: downgrade to 1.28.0, latest official version compatible
with python 2.7
* Install a sane python 2.7 virtual environment that doesn't conflict
with RPM modules, that includes tox. Create a symlink to tox in
/usr/bin/. Uses a separate contraints file.
* builder-opt-py27-constraints.txt: new file for the virtualenv in /opt:
- tox==3.23.0
- Remove "filelock" and "platformdirs" packages formerly in the
original constraints file. They resolve correctly by the tox
requirement. Note that this downgrades the packages slightly compared
to the explicit requirements, back to the latest official versions
compatible with python 2.7.
See revisions starlingx/tools revisions:
0d67f81bdf
7bde482bcb
Closes-Bug: 1960675
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: I7e3e7e4f4afa52a614cb9f58b2d6172441ea7bc1
327 lines
13 KiB
Docker
327 lines
13 KiB
Docker
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
# Copyright (C) 2019 Intel Corporation
|
|
#
|
|
|
|
FROM centos:7.8.2003
|
|
|
|
# Proxy configuration
|
|
#ENV http_proxy "http://your.actual_http_proxy.com:your_port"
|
|
#ENV https_proxy "https://your.actual_https_proxy.com:your_port"
|
|
#ENV ftp_proxy "http://your.actual_ftp_proxy.com:your_port"
|
|
|
|
#RUN echo "proxy=$http_proxy" >> /etc/yum.conf && \
|
|
# echo -e "export http_proxy=$http_proxy\nexport https_proxy=$https_proxy\n\
|
|
#export ftp_proxy=$ftp_proxy" >> /root/.bashrc
|
|
|
|
# username you will docker exec into the container as.
|
|
# It should NOT be your host username so you can easily tell
|
|
# if you are in our out of the container.
|
|
ARG MYUNAME=builder
|
|
ARG MYUID=1000
|
|
# CentOS & EPEL URLs that match the base image
|
|
# Override these with --build-arg if you have a mirror
|
|
ARG CENTOS_7_8_URL=https://vault.centos.org/centos/7.8.2003
|
|
ARG CENTOS_7_9_URL=http://mirror.centos.org/centos-7/7.9.2009
|
|
ARG EPEL_7_8_URL=https://archives.fedoraproject.org/pub/archive/epel/7.2020-04-20
|
|
ARG MY_EMAIL=
|
|
|
|
ENV container=docker
|
|
|
|
# Lock down centos & epel repos
|
|
RUN rm -f /etc/yum.repos.d/*
|
|
COPY toCOPY/yum.repos.d/*.repo /etc/yum.repos.d/
|
|
COPY centos-mirror-tools/rpm-gpg-keys/RPM-GPG-KEY-EPEL-7 /etc/pki/rpm-gpg/
|
|
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* && \
|
|
echo "http_caching=packages" >> /etc/yum.conf && \
|
|
echo "skip_missing_names_on_install=0" >>/etc/yum.conf && \
|
|
# yum variables must be in lower case ; \
|
|
echo "$CENTOS_7_8_URL" >/etc/yum/vars/centos_7_8_url && \
|
|
echo "$EPEL_7_8_URL" >/etc/yum/vars/epel_7_8_url && \
|
|
echo "$CENTOS_7_9_URL" >/etc/yum/vars/centos_7_9_url && \
|
|
# disable fastestmirror plugin because we are not using mirrors ; \
|
|
# FIXME: use a mirrorlist URL for centos/vault/epel archives. I couldn't find one.
|
|
sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf && \
|
|
echo "[main]" >> /etc/yum/pluginconf.d/subscription-manager.conf && \
|
|
echo "enabled=0" >> /etc/yum/pluginconf.d/subscription-manager.conf && \
|
|
yum clean all && \
|
|
yum makecache && \
|
|
yum install -y deltarpm
|
|
|
|
# Without this, init won't start the enabled services and exec'ing and starting
|
|
# them reports "Failed to get D-Bus connection: Operation not permitted".
|
|
VOLUME /run /tmp
|
|
|
|
# root CA cert expired on October 1st, 2021
|
|
RUN yum update -y --enablerepo=centos-7.9-updates ca-certificates
|
|
|
|
# Download required dependencies by mirror/build processes.
|
|
RUN yum install -y \
|
|
anaconda \
|
|
anaconda-runtime \
|
|
autoconf-archive \
|
|
autogen \
|
|
automake \
|
|
bc \
|
|
bind \
|
|
bind-utils \
|
|
bison \
|
|
cpanminus \
|
|
createrepo \
|
|
createrepo_c \
|
|
deltarpm \
|
|
docker-client \
|
|
expat-devel \
|
|
flex \
|
|
isomd5sum \
|
|
gcc \
|
|
gettext \
|
|
git \
|
|
libguestfs-tools \
|
|
libtool \
|
|
libxml2 \
|
|
lighttpd \
|
|
lighttpd-fastcgi \
|
|
lighttpd-mod_geoip \
|
|
net-tools \
|
|
mkisofs \
|
|
mongodb \
|
|
mongodb-server \
|
|
pax \
|
|
perl-CPAN \
|
|
python-deltarpm \
|
|
python-pep8 \
|
|
python-pip \
|
|
python-psutil \
|
|
python2-psutil \
|
|
python36-psutil \
|
|
python3-devel \
|
|
python-sphinx \
|
|
python-subunit \
|
|
python-virtualenv \
|
|
python-yaml \
|
|
python2-ruamel-yaml \
|
|
postgresql \
|
|
qemu-kvm \
|
|
quilt \
|
|
rpm-build \
|
|
rpm-sign \
|
|
rpm-python \
|
|
squashfs-tools \
|
|
sudo \
|
|
systemd \
|
|
syslinux \
|
|
udisks2 \
|
|
vim-enhanced \
|
|
wget
|
|
|
|
# Finally install a locked down version of mock
|
|
RUN groupadd -g 751 cgts && \
|
|
echo "mock:x:751:root" >> /etc/group && \
|
|
echo "mockbuild:x:9001:" >> /etc/group && \
|
|
yum install -y \
|
|
http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-1.4.16-1.el7.noarch.rpm \
|
|
http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-core-configs-31.6-1.el7.noarch.rpm
|
|
|
|
# mock custumizations
|
|
# forcing chroots since a couple of packages naughtily insist on network access and
|
|
# we dont have nspawn and networks happy together.
|
|
RUN useradd -s /sbin/nologin -u 9001 -g 9001 mockbuild && \
|
|
rmdir /var/lib/mock && \
|
|
ln -s /localdisk/loadbuild/mock /var/lib/mock && \
|
|
rmdir /var/cache/mock && \
|
|
ln -s /localdisk/loadbuild/mock-cache /var/cache/mock && \
|
|
echo "config_opts['use_nspawn'] = False" >> /etc/mock/site-defaults.cfg && \
|
|
echo "config_opts['rpmbuild_networking'] = True" >> /etc/mock/site-defaults.cfg && \
|
|
echo >> /etc/mock/site-defaults.cfg
|
|
|
|
|
|
# cpan modules, installing with cpanminus to avoid stupid questions since cpan is whack
|
|
RUN cpanm --notest Fatal && \
|
|
cpanm --notest XML::SAX && \
|
|
cpanm --notest XML::SAX::Expat && \
|
|
cpanm --notest XML::Parser && \
|
|
cpanm --notest XML::Simple
|
|
|
|
# Install repo tool
|
|
RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
|
|
chmod a+x /usr/local/bin/repo
|
|
|
|
# installing go and setting paths
|
|
ENV GOPATH="/usr/local/go"
|
|
ENV PATH="${GOPATH}/bin:${PATH}"
|
|
RUN yum install -y golang && \
|
|
mkdir -p ${GOPATH}/bin && \
|
|
curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
|
|
|
|
# Uprev git, repo
|
|
RUN yum install -y dh-autoreconf curl-devel expat-devel gettext-devel openssl-devel perl-devel zlib-devel asciidoc xmlto docbook2X && \
|
|
cd /tmp && \
|
|
wget https://github.com/git/git/archive/v2.29.2.tar.gz -O git-2.29.2.tar.gz && \
|
|
tar xzvf git-2.29.2.tar.gz && \
|
|
cd git-2.29.2 && \
|
|
make configure && \
|
|
./configure --prefix=/usr/local && \
|
|
make all doc && \
|
|
make install install-doc && \
|
|
cd /tmp && \
|
|
rm -rf git-2.29.2.tar.gz git-2.29.2
|
|
|
|
# Systemd Enablement
|
|
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
|
|
rm -f /lib/systemd/system/multi-user.target.wants/*;\
|
|
rm -f /etc/systemd/system/*.wants/*;\
|
|
rm -f /lib/systemd/system/local-fs.target.wants/*; \
|
|
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
|
|
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
|
|
rm -f /lib/systemd/system/basic.target.wants/*;\
|
|
rm -f /lib/systemd/system/anaconda.target.wants/*
|
|
|
|
# pip installs
|
|
COPY toCOPY/builder-constraints.txt /home/$MYUNAME/
|
|
# Install required python modules globally; versions are in the constraints file.
|
|
# Be careful not to replace modules provided by RPMs as it may break
|
|
# other system packages. Look for warnings similar to "Uninstalling a
|
|
# distutils installed project has been deprecated" from pip.
|
|
RUN pip install -c /home/$MYUNAME/builder-constraints.txt \
|
|
testrepository \
|
|
fixtures \
|
|
pbr \
|
|
git-review \
|
|
python-subunit \
|
|
junitxml \
|
|
testtools
|
|
|
|
|
|
# Create a sane py27 virtualenv
|
|
COPY toCOPY/builder-opt-py27-constraints.txt /home/$MYUNAME
|
|
RUN virtualenv /opt/py27 && \
|
|
source /opt/py27/bin/activate && \
|
|
pip install -c /home/$MYUNAME/builder-opt-py27-constraints.txt \
|
|
tox \
|
|
&& \
|
|
for prog in tox ; do \
|
|
ln -s /opt/py27/bin/$prog /usr/bin ; \
|
|
done
|
|
|
|
|
|
# Inherited tools for mock stuff
|
|
# we at least need the mock_cache_unlock tool
|
|
# they install into /usr/bin
|
|
COPY toCOPY/mock_overlay /opt/mock_overlay
|
|
RUN cd /opt/mock_overlay && \
|
|
make && \
|
|
make install
|
|
|
|
# This image requires a set of scripts and helpers
|
|
# for working correctly, in this section they are
|
|
# copied inside the image.
|
|
COPY toCOPY/finishSetup.sh /usr/local/bin
|
|
COPY toCOPY/populate_downloads.sh /usr/local/bin
|
|
COPY toCOPY/generate-local-repo.sh /usr/local/bin
|
|
COPY toCOPY/generate-centos-repo.sh /usr/local/bin
|
|
COPY toCOPY/lst_utils.sh /usr/local/bin
|
|
COPY toCOPY/.inputrc /home/$MYUNAME/
|
|
|
|
# Thes are included for backward compatibility, and
|
|
# should be removed after a reasonable time.
|
|
COPY toCOPY/generate-cgcs-tis-repo /usr/local/bin
|
|
COPY toCOPY/generate-cgcs-centos-repo.sh /usr/local/bin
|
|
|
|
# ENV setup
|
|
RUN echo "# Load stx-builder configuration" >> /etc/profile.d/stx-builder-conf.sh && \
|
|
echo "if [[ -r \${HOME}/buildrc ]]; then" >> /etc/profile.d/stx-builder-conf.sh && \
|
|
echo " source \${HOME}/buildrc" >> /etc/profile.d/stx-builder-conf.sh && \
|
|
echo " export PROJECT SRC_BUILD_ENVIRONMENT MYPROJECTNAME MYUNAME" >> /etc/profile.d/stx-builder-conf.sh && \
|
|
echo " export MY_BUILD_CFG MY_BUILD_CFG_RT MY_BUILD_CFG_STD MY_BUILD_DIR MY_BUILD_ENVIRONMENT MY_BUILD_ENVIRONMENT_FILE MY_BUILD_ENVIRONMENT_FILE_RT MY_BUILD_ENVIRONMENT_FILE_STD MY_DEBUG_BUILD_CFG_RT MY_DEBUG_BUILD_CFG_STD MY_LOCAL_DISK MY_MOCK_ROOT MY_REPO MY_REPO_ROOT_DIR MY_SRC_RPM_BUILD_DIR MY_RELEASE MY_WORKSPACE LAYER" >> /etc/profile.d/stx-builder-conf.sh && \
|
|
echo "fi" >> /etc/profile.d/stx-builder-conf.sh && \
|
|
echo "export FORMAL_BUILD=0" >> /etc/profile.d/stx-builder-conf.sh && \
|
|
echo "export PATH=\$MY_REPO/build-tools:\$PATH" >> /etc/profile.d/stx-builder-conf.sh
|
|
|
|
# centos locales are broken. this needs to be run after the last yum install/update
|
|
RUN localedef -i en_US -f UTF-8 en_US.UTF-8
|
|
|
|
# setup
|
|
RUN mkdir -p /www/run && \
|
|
mkdir -p /www/logs && \
|
|
mkdir -p /www/home && \
|
|
mkdir -p /www/root/htdocs/localdisk && \
|
|
chown -R $MYUID:cgts /www && \
|
|
ln -s /localdisk/loadbuild /www/root/htdocs/localdisk/loadbuild && \
|
|
ln -s /import/mirrors/CentOS /www/root/htdocs/CentOS && \
|
|
ln -s /import/mirrors/fedora /www/root/htdocs/fedora && \
|
|
ln -s /localdisk/designer /www/root/htdocs/localdisk/designer
|
|
|
|
# lighthttpd setup
|
|
# chmod for /var/log/lighttpd fixes a centos issue
|
|
# in place sed for server root since it's expanded soon thereafter
|
|
# echo "server.bind = \"localhost\"" >> /etc/lighttpd/lighttpd.conf && \
|
|
RUN echo "$MYUNAME ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers && \
|
|
mkdir -p /var/log/lighttpd && \
|
|
chmod a+rwx /var/log/lighttpd/ && \
|
|
sed -i 's%^var\.log_root.*$%var.log_root = "/www/logs"%g' /etc/lighttpd/lighttpd.conf && \
|
|
sed -i 's%^var\.server_root.*$%var.server_root = "/www/root"%g' /etc/lighttpd/lighttpd.conf && \
|
|
sed -i 's%^var\.home_dir.*$%var.home_dir = "/www/home"%g' /etc/lighttpd/lighttpd.conf && \
|
|
sed -i 's%^var\.state_dir.*$%var.state_dir = "/www/run"%g' /etc/lighttpd/lighttpd.conf && \
|
|
sed -i "s/server.port/#server.port/g" /etc/lighttpd/lighttpd.conf && \
|
|
sed -i "s/server.use-ipv6/#server.use-ipv6/g" /etc/lighttpd/lighttpd.conf && \
|
|
sed -i "s/server.username/#server.username/g" /etc/lighttpd/lighttpd.conf && \
|
|
sed -i "s/server.groupname/#server.groupname/g" /etc/lighttpd/lighttpd.conf && \
|
|
sed -i "s/server.bind/#server.bind/g" /etc/lighttpd/lighttpd.conf && \
|
|
sed -i "s/server.document-root/#server.document-root/g" /etc/lighttpd/lighttpd.conf && \
|
|
sed -i "s/server.dirlisting/#server.dirlisting/g" /etc/lighttpd/lighttpd.conf && \
|
|
echo "server.port = 8088" >> /etc/lighttpd/lighttpd.conf && \
|
|
echo "server.use-ipv6 = \"disable\"" >> /etc/lighttpd/lighttpd.conf && \
|
|
echo "server.username = \"$MYUNAME\"" >> /etc/lighttpd/lighttpd.conf && \
|
|
echo "server.groupname = \"cgts\"" >> /etc/lighttpd/lighttpd.conf && \
|
|
echo "server.bind = \"localhost\"" >> /etc/lighttpd/lighttpd.conf && \
|
|
echo "server.document-root = \"/www/root/htdocs\"" >> /etc/lighttpd/lighttpd.conf && \
|
|
sed -i "s/dir-listing.activate/#dir-listing.activate/g" /etc/lighttpd/conf.d/dirlisting.conf && \
|
|
echo "dir-listing.activate = \"enable\"" >> /etc/lighttpd/conf.d/dirlisting.conf
|
|
|
|
RUN useradd -r -u $MYUID -g cgts -m $MYUNAME && \
|
|
ln -s /home/$MYUNAME/.ssh /mySSH && \
|
|
rsync -av /etc/skel/ /home/$MYUNAME/
|
|
|
|
# now that we are doing systemd, make the startup script be in bashrc
|
|
# also we need to SHADOW the udev centric mkefiboot script with a sudo centric one
|
|
RUN echo "bash -C /usr/local/bin/finishSetup.sh" >> /home/$MYUNAME/.bashrc && \
|
|
echo "export PATH=/usr/local/bin:/localdisk/designer/$MYUNAME/bin:\$PATH" >> /home/$MYUNAME/.bashrc && \
|
|
chmod a+x /usr/local/bin/*
|
|
|
|
# Genrate a git configuration file in order to save an extra step
|
|
# for end users, this file is required by "repo" tool.
|
|
RUN chown $MYUNAME /home/$MYUNAME && \
|
|
if [ -z $MY_EMAIL ]; then MY_EMAIL=$MYUNAME@opendev.org; fi && \
|
|
runuser -u $MYUNAME -- git config --global user.email $MY_EMAIL && \
|
|
runuser -u $MYUNAME -- git config --global user.name $MYUNAME && \
|
|
runuser -u $MYUNAME -- git config --global color.ui false
|
|
|
|
# Customizations for mirror creation
|
|
RUN rm /etc/yum.repos.d/*
|
|
COPY centos-mirror-tools/yum.repos.d/* /etc/yum.repos.d/
|
|
COPY centos-mirror-tools/rpm-gpg-keys/* /etc/pki/rpm-gpg/
|
|
|
|
# Import GPG keys
|
|
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
|
|
|
|
# Try to continue a yum command even if a StarlingX repo is unavailable.
|
|
RUN yum-config-manager --setopt=StarlingX\*.skip_if_unavailable=1 --save
|
|
|
|
# When we run 'init' below, it will run systemd, and systemd requires RTMIN+3
|
|
# to exit cleanly. By default, docker stop uses SIGTERM, which systemd ignores.
|
|
STOPSIGNAL RTMIN+3
|
|
|
|
# Don't know if it's possible to run services without starting this
|
|
CMD /usr/sbin/init
|