Resolve KASM-2779 "Feature/ jammy images"

This commit is contained in:
Ryan Kuba 2022-06-23 13:43:10 +00:00 committed by Justin Travis
parent 986a45b1ea
commit 8db9895245
9 changed files with 92 additions and 30 deletions

View File

@ -58,6 +58,26 @@ build_ubuntu_focal:
tags:
- aws-autoscale
build_ubuntu_jammy:
stage: build
image: ${ORG_NAME}/docker-buildx-private:develop
variables:
BUILD_PLATFORMS: "linux/amd64,linux/arm64"
script:
# get qemu ready
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
# prep the buildx env
- docker buildx create --use
# build for multiple architectures
- docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-ubuntu-jammy-private:$SANITIZED_BRANCH -t ${ORG_NAME}/core-ubuntu-jammy-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-ubuntu-jammy:$SANITIZED_BRANCH -t ${ORG_NAME}/core-ubuntu-jammy:$SANITIZED_ROLLING_BRANCH --build-arg START_PULSEAUDIO=1 --build-arg BASE_IMAGE="ubuntu:22.04" --build-arg START_XFCE4=1 --build-arg BG_IMG=bg_jammy.png -f dockerfile-kasm-core .
only:
- develop
- /^release\/.*$/
except:
- schedules
tags:
- aws-autoscale
build_cuda_focal:
stage: build
script:
@ -186,7 +206,7 @@ build_opensuse_15:
# prep the buildx env
- docker buildx create --use
# build for multiple architectures
- docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-opensuse-15-private:$SANITIZED_BRANCH -t ${ORG_NAME}/core-opensuse-15-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-opensuse-15:$SANITIZED_BRANCH -t ${ORG_NAME}/core-opensuse-15:$SANITIZED_ROLLING_BRANCH --build-arg START_PULSEAUDIO=1 --build-arg START_XFCE4=1 --build-arg BASE_IMAGE="opensuse/leap:15" --build-arg DISTRO="opensuse" -f dockerfile-kasm-core-suse .
- docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-opensuse-15-private:$SANITIZED_BRANCH -t ${ORG_NAME}/core-opensuse-15-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-opensuse-15:$SANITIZED_BRANCH -t ${ORG_NAME}/core-opensuse-15:$SANITIZED_ROLLING_BRANCH --build-arg START_PULSEAUDIO=1 --build-arg START_XFCE4=1 --build-arg BASE_IMAGE="opensuse/leap:15.3" --build-arg DISTRO="opensuse" -f dockerfile-kasm-core-suse .
only:
- develop
- /^release\/.*$/
@ -238,6 +258,27 @@ build_ubuntu_focal_dev:
matrix:
- TAG: [ aws-autoscale, aws-autoscale-arm64 ]
build_ubuntu_jammy_dev:
stage: build
script:
- >
docker build
-t ${ORG_NAME}/core-ubuntu-jammy-private:$(arch)-$SANITIZED_BRANCH
--build-arg START_PULSEAUDIO=1
--build-arg BASE_IMAGE="ubuntu:22.04"
--build-arg START_XFCE4=1
--build-arg BG_IMG=bg_jammy.png
-f dockerfile-kasm-core .
- docker push ${ORG_NAME}/core-ubuntu-jammy-private:$(arch)-$SANITIZED_BRANCH
except:
- develop
- /^release\/.*$/
tags:
- ${TAG}
parallel:
matrix:
- TAG: [ aws-autoscale, aws-autoscale-arm64 ]
build_cuda_focal_dev:
stage: build
script:
@ -389,7 +430,7 @@ build_opensuse_15_dev:
-t ${ORG_NAME}/core-opensuse-15-private:$(arch)-$SANITIZED_BRANCH
--build-arg START_PULSEAUDIO=1
--build-arg START_XFCE4=1
--build-arg BASE_IMAGE="opensuse/leap:15"
--build-arg BASE_IMAGE="opensuse/leap:15.3"
--build-arg DISTRO="opensuse"
-f dockerfile-kasm-core-suse .
- docker push ${ORG_NAME}/core-opensuse-15-private:$(arch)-$SANITIZED_BRANCH
@ -436,6 +477,7 @@ test_multi_arch_dev:
- core-kali-rolling-private
- core-oracle-8-private
- core-opensuse-15-private
- core-ubuntu-jammy-private
test_single_arch_dev:
stage: test
@ -493,6 +535,7 @@ manifest_dev:
- core-kali-rolling-private
- core-oracle-8-private
- core-opensuse-15-private
- core-ubuntu-jammy-private
link_tests_single_arch_dev:
stage: linktests
@ -526,6 +569,7 @@ link_tests_multi_arch_dev:
- core-kali-rolling-private
- core-oracle-8-private
- core-opensuse-15-private
- core-ubuntu-jammy-private
# These jobs are for the "rolling" release of the images. They should only run for scheduled jobs and should only push the rolling tags
build_ubuntu_bionic_scheduled:
@ -562,6 +606,23 @@ build_ubuntu_focal_scheduled:
tags:
- aws-autoscale
build_ubuntu_jammy_scheduled:
stage: build
image: ${ORG_NAME}/docker-buildx-private:develop
variables:
BUILD_PLATFORMS: "linux/amd64,linux/arm64"
script:
# get qemu ready
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
# prep the buildx env
- docker buildx create --use
# build for multiple architectures
- docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-ubuntu-jammy-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-ubuntu-jammy:$SANITIZED_ROLLING_BRANCH --build-arg START_PULSEAUDIO=1 --build-arg BASE_IMAGE="ubuntu:22.04" --build-arg START_XFCE4=1 --build-arg BG_IMG=bg_jammy.png -f dockerfile-kasm-core .
only:
- schedules
tags:
- aws-autoscale
build_cuda_focal_schedules:
stage: build
script:
@ -658,7 +719,7 @@ build_opensuse_15_scheduled:
# prep the buildx env
- docker buildx create --use
# build for multiple architectures
- docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-opensuse-15-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-opensuse-15:$SANITIZED_ROLLING_BRANCH --build-arg START_PULSEAUDIO=1 --build-arg START_XFCE4=1 --build-arg BASE_IMAGE="opensuse/leap:15" --build-arg DISTRO="opensuse" -f dockerfile-kasm-core-suse .
- docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-opensuse-15-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-opensuse-15:$SANITIZED_ROLLING_BRANCH --build-arg START_PULSEAUDIO=1 --build-arg START_XFCE4=1 --build-arg BASE_IMAGE="opensuse/leap:15.3" --build-arg DISTRO="opensuse" -f dockerfile-kasm-core-suse .
only:
- schedules
tags:
@ -705,3 +766,4 @@ update_readmes:
- core-cuda-focal
- core-ubuntu-bionic
- core-ubuntu-focal
- core-ubuntu-jammy

View File

@ -161,7 +161,8 @@ RUN touch $STARTUPDIR/wm.log \
&& mkdir -p $STARTUPDIR/kasmrx/Downloads \
&& chown 1000:1000 $STARTUPDIR/kasmrx/Downloads \
&& chown -R root:root /usr/local/bin \
&& chown 1000:root /var/run/pulse
&& chown 1000:root /var/run/pulse \
&& rm -Rf /home/kasm-default-profile/.launchpadlib
USER 1000

View File

@ -0,0 +1,7 @@
# About This Image
This image contains a browser-accessible version of Ubuntu Jammy.
![Screenshot][Image_Screenshot]
[Image_Screenshot]: https://5856039.fs1.hubspotusercontent-na1.net/hubfs/5856039/dockerhub/image-screenshots/core-ubuntu-jammy.png "Image Screenshot"

View File

@ -0,0 +1 @@
Ubuntu Jammy base image for Kasm Workspaces

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.0 MiB

View File

@ -18,24 +18,3 @@ apt-get install -y p11-kit-modules
rm -rf /usr/lib/firefox-esr/libnssckbi.so
ln /usr/lib/$(arch)-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox-esr/libnssckbi.so
# Kali includes chromium by default.
CHROME_ARGS="--password-store=basic --no-sandbox --disable-gpu --user-data-dir --no-first-run"
mv /usr/bin/chromium /usr/bin/chromium-orig
cat >/usr/bin/chromium <<EOL
#!/usr/bin/env bash
/usr/bin/chromium-orig ${CHROME_ARGS} "\$@"
EOL
chmod +x /usr/bin/chromium
mkdir -p /etc/chromium/policies/managed
cat >> /etc/chromium/policies/managed/default_managed_policy.json <<EOL
{"CommandLineFlagSecurityWarningsEnabled": false, "DefaultBrowserSettingEnabled": false}
EOL
# Vanilla Chrome looks for policies in /etc/opt/chrome/policies/managed which is used by web filtering.
# Create a symlink here so filter is applied to chromium as well.
mkdir -p /etc/opt/chrome/policies/
ln -s /etc/chromium/policies/managed /etc/opt/chrome/policies/

View File

@ -13,7 +13,7 @@ cd /tmp
BUILD_ARCH=$(uname -p)
UBUNTU_CODENAME=""
COMMIT_ID="ac7605f3163354251e37353758b2feda40311078"
COMMIT_ID="61f08d4986affeb5bd1c1f6dfe949f77f7bbbfd4"
BRANCH="master"
COMMIT_ID_SHORT=$(echo "${COMMIT_ID}" | cut -c1-6)
@ -93,7 +93,7 @@ else
wget "${BUILD_URL}" -O kasmvncserver.deb
apt-get update
apt-get install -y gettext ssl-cert
apt-get install -y gettext ssl-cert libxfont2
dpkg -i /tmp/kasmvncserver.deb
apt-get -yf install
rm -f /tmp/kasmvncserver.deb

View File

@ -19,8 +19,14 @@ elif [ "${DISTRO}" == "oracle8" ]; then
elif [ "${DISTRO}" == "opensuse" ]; then
SQUID_DISTRO=opensuse
fi
if [[ "${SQUID_DISTRO}" != @(centos|oracle7|oracle8|opensuse) ]] ; then
if grep -q Jammy /etc/os-release; then
apt-get update
apt-get install -y squid-openssl
mkdir -p /usr/local/squid/sbin
mkdir -p /usr/local/squid/var/logs/
ln -s /usr/lib/squid/ /usr/local/squid/libexec
ln -s /usr/sbin/squid /usr/local/squid/sbin/squid
elif [[ "${SQUID_DISTRO}" != @(centos|oracle7|oracle8|opensuse) ]] ; then
wget -qO- "https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/${SQUID_COMMIT}/output/kasm-squid-builder_${SQUID_DISTRO}_${ARCH}.tar.gz" | tar -xzf - -C /
fi
@ -84,10 +90,13 @@ if [[ "${DISTRO}" == "centos" ]]; then
yum install -y nss-tools
elif [ "${DISTRO}" == "oracle" ]; then
dnf install -y nss-tools
dnf clean all
elif [ "${DISTRO}" == "opensuse" ]; then
zypper install -yn mozilla-nss-tools
zypper clean --all
else
apt-get install -y libnss3-tools
apt-get clean -y
fi
# Create an empty cert9.db. This will be used by applications like Chrome

View File

@ -25,6 +25,7 @@ chmod +x /etc/X11/xinit/xinitrc.d/disable_screensaver.sh
replace_default_xinit() {
mkdir -p /etc/X11/xinit
cat >/etc/X11/xinit/xinitrc <<EOL
#!/bin/sh
for file in /etc/X11/xinit/xinitrc.d/* ; do
@ -82,6 +83,9 @@ then
get_rid_of_policykit_error
fi
if grep -q Jammy /etc/os-release; then
apt-get purge -y xfce4-screensaver
fi
if [[ "${DISTRO}" == @(centos|oracle7) ]]; then
yum clean all
@ -94,7 +98,6 @@ else
apt-get clean -y
fi
if [[ "${DISTRO}" == @(centos|oracle7|oracle8) ]]; then
config_xinit_disable_screensaver
else