Merge branch 'feature/KASM-3188-vivaldi-image' into 'develop'

KASM-3188 adding vivaldi image

See merge request kasm-technologies/internal/workspaces-images!83

.gitlab-ci.yml

@@ -4,7 +4,7 @@ services:
 variables:
   DOCKER_AUTH_CONFIG: ${_DOCKER_AUTH_CONFIG}
   PLATFORM: "linux/amd64"
-  ARM_BUILDS: ",chromium,firefox,gimp,rdesktop,remmina,terminal,ubuntu-bionic-desktop,ubuntu-focal-desktop,ubuntu-jammy-desktop,vlc,vs-code,doom,sublime-text,tor-browser,java-dev,telegram,opensuse-15-desktop,oracle-8-desktop,libre-office,thunderbird,audacity,deluge,filezilla,inkscape,pinta,qbittorrent,"
+  ARM_BUILDS: ",chromium,firefox,gimp,rdesktop,remmina,terminal,ubuntu-bionic-desktop,ubuntu-focal-desktop,ubuntu-jammy-desktop,vlc,vs-code,doom,sublime-text,tor-browser,java-dev,telegram,opensuse-15-desktop,oracle-8-desktop,libre-office,thunderbird,audacity,deluge,filezilla,inkscape,pinta,qbittorrent,vivaldi,"
   CORE_IMAGE_TAG: "develop"
   CORE_IMAGE: "core-ubuntu-focal"
   USE_PRIVATE_IMAGES: 0
@@ -37,6 +37,9 @@ variables:
   - vlc
   - vs-code
 
+.MULTI_ARCH_BUILDS2: &MULTI_ARCH_BUILDS2
+  - vivaldi
+
 .SINGLE_ARCH_BUILDS: &SINGLE_ARCH_BUILDS
   - atom
   - blender
@@ -104,7 +107,7 @@ build_browser_images:
     - aws-autoscale
   parallel:
     matrix:
-      - KASM_IMAGE: [chrome, chromium, firefox, firefox-mobile, tor-browser, edge, brave]
+      - KASM_IMAGE: [chrome, chromium, firefox, firefox-mobile, tor-browser, edge, brave, vivaldi]
 
 build_app_images:
   stage: build
@@ -235,6 +238,39 @@ build_multi_arch_dev:
       - TAG: [ aws-autoscale, aws-autoscale-arm64 ]
         KASM_IMAGE: *MULTI_ARCH_BUILDS
 
+build_multi_arch_dev2:
+  stage: build
+  image: ${ORG_NAME}/docker-buildx-private:develop
+  script:
+    # Ensure readme and description files are present
+    - ls docs/$KASM_IMAGE/README.md
+    - ls docs/$KASM_IMAGE/description.txt
+    # Set core image names
+    - if [[ $KASM_IMAGE =~ 'centos-7-desktop' ]]; then CORE_IMAGE=core-centos-7; fi
+    - if [[ $KASM_IMAGE =~ 'tracelabs' ]]; then CORE_IMAGE=core-kali-rolling; fi
+    - if [[ $KASM_IMAGE =~ 'oracle-7-desktop' ]]; then CORE_IMAGE=core-oracle-7; fi
+    - if [[ $KASM_IMAGE =~ 'oracle-8-desktop' ]]; then CORE_IMAGE=core-oracle-8; fi
+    - if [[ $KASM_IMAGE =~ 'opensuse-15-desktop' ]]; then CORE_IMAGE=core-opensuse-15; fi
+    - if [[ $KASM_IMAGE =~ 'ubuntu-jammy-desktop' ]]; then CORE_IMAGE=core-ubuntu-jammy; fi
+    # Check for private variable to build against private core images
+    - if [[ $USE_PRIVATE_IMAGES -eq 1 ]]; then CORE_IMAGE=$CORE_IMAGE-private; fi;
+    - >
+        docker build
+        -t ${ORG_NAME}/$KASM_IMAGE-private:$(arch)-$SANITIZED_BRANCH
+        --build-arg BASE_IMAGE=$CORE_IMAGE
+        --build-arg BASE_TAG=$CORE_IMAGE_TAG
+        -f dockerfile-kasm-$KASM_IMAGE .
+    - docker push ${ORG_NAME}/$KASM_IMAGE-private:$(arch)-$SANITIZED_BRANCH
+  except:
+    - develop
+    - /^release\/.*$/
+  tags:
+    - ${TAG}
+  parallel:
+    matrix:
+      - TAG: [ aws-autoscale, aws-autoscale-arm64 ]
+        KASM_IMAGE: *MULTI_ARCH_BUILDS2
+
 build_single_arch_dev:
   stage: build
   image: ${ORG_NAME}/docker-buildx-private:develop
@@ -298,6 +334,37 @@ test_multi_arch_dev:
       - TAG: [ aws-autoscale, aws-autoscale-arm64 ]
         KASM_IMAGE: *MULTI_ARCH_BUILDS
 
+test_multi_arch_dev2:
+  stage: test
+  script:
+    - docker pull kasmweb/kasm-tester:1.11.0
+    - >
+        docker run --rm --privileged
+        -e KASM_PORT=443
+        -e KASM_PATH=/opt/kasm
+        -e KASM_PASSWORD=password123
+        -e PUID=1000
+        -e DOCKERUSER=$DOCKER_HUB_USERNAME
+        -e DOCKERPASS=$DOCKER_HUB_PASSWORD
+        -e TEST_IMAGE="${ORG_NAME}/${KASM_IMAGE}-private:$(arch)-$SANITIZED_BRANCH"
+        -e TEST_WEBFILTER="false"
+        -e AWS_KEY=${KASM_TEST_AWS_KEY}
+        -e AWS_SECRET="${KASM_TEST_AWS_SECRET}"
+        -e SLACK_TOKEN=${SLACK_TOKEN}
+        -e S3_BUCKET=kasm-ci
+        -e COMMIT=${CI_COMMIT_SHA}
+        -e REPO=workspaces-images
+        kasmweb/kasm-tester:1.11.0
+  except:
+    - develop
+    - /^release\/.*$/
+  tags:
+    - ${TAG}
+  parallel:
+    matrix:
+      - TAG: [ aws-autoscale, aws-autoscale-arm64 ]
+        KASM_IMAGE: *MULTI_ARCH_BUILDS2
+
 test_single_arch_dev:
   stage: test
   script:
@@ -346,6 +413,24 @@ manifest_dev:
     matrix:
       - KASM_IMAGE: *MULTI_ARCH_BUILDS
 
+manifest_dev2:
+  stage: manifest
+  script:
+    - docker pull ${ORG_NAME}/${KASM_IMAGE}-private:x86_64-$SANITIZED_BRANCH
+    - docker pull ${ORG_NAME}/${KASM_IMAGE}-private:aarch64-$SANITIZED_BRANCH
+    - "docker manifest push --purge ${ORG_NAME}/${KASM_IMAGE}-private:$SANITIZED_BRANCH || :"
+    - docker manifest create ${ORG_NAME}/${KASM_IMAGE}-private:$SANITIZED_BRANCH ${ORG_NAME}/${KASM_IMAGE}-private:x86_64-$SANITIZED_BRANCH ${ORG_NAME}/${KASM_IMAGE}-private:aarch64-$SANITIZED_BRANCH
+    - docker manifest annotate ${ORG_NAME}/${KASM_IMAGE}-private:$SANITIZED_BRANCH ${ORG_NAME}/${KASM_IMAGE}-private:aarch64-$SANITIZED_BRANCH --os linux --arch arm64 --variant v8
+    - docker manifest push --purge ${ORG_NAME}/${KASM_IMAGE}-private:$SANITIZED_BRANCH
+  except:
+    - develop
+    - /^release\/.*$/
+  tags:
+    - aws-autoscale
+  parallel:
+    matrix:
+      - KASM_IMAGE: *MULTI_ARCH_BUILDS2
+
 link_tests_single_arch_dev:
   stage: linktests
   script:
@@ -375,6 +460,21 @@ link_tests_multi_arch_dev:
       - ARCH: [ aarch64, x86_64 ]
         KASM_IMAGE: *MULTI_ARCH_BUILDS
 
+link_tests_multi_arch_dev2:
+  stage: linktests
+  script:
+    - apk add curl
+    - STATUS=$(curl -sL https://kasm-ci.s3.amazonaws.com/${CI_COMMIT_SHA}/${ARCH}/kasmweb/${KASM_IMAGE}-private/${ARCH}-${SANITIZED_BRANCH}/ci-status.yml | awk -F'"' '{print $2}')
+    - if [ "${STATUS}" == "PASS" ]; then STATE=success; else STATE=failed; fi;
+    - curl --request POST --header "PRIVATE-TOKEN:${GITLAB_API_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/statuses/${CI_COMMIT_SHA}?state=${STATE}&name=${KASM_IMAGE}-private_${ARCH}&target_url=https://kasm-ci.s3.amazonaws.com/${CI_COMMIT_SHA}/${ARCH}/kasmweb/${KASM_IMAGE}-private/${ARCH}-${SANITIZED_BRANCH}/index.html"
+  except:
+    - develop
+    - /^release\/.*$/
+  parallel:
+    matrix:
+      - ARCH: [ aarch64, x86_64 ]
+        KASM_IMAGE: *MULTI_ARCH_BUILDS2
+
 # These jobs are for the "rolling" release of the images. They should only run for scheduled jobs and should only push the rolling tags
 build_schedules_browser_images:
   image: ${ORG_NAME}/docker-buildx-private:develop
@@ -402,7 +502,7 @@ build_schedules_browser_images:
     - aws-autoscale
   parallel:
     matrix:
-      - KASM_IMAGE: [chrome, chromium, firefox, firefox-mobile, tor-browser, edge, brave]
+      - KASM_IMAGE: [chrome, chromium, firefox, firefox-mobile, tor-browser, edge, brave, vivaldi]
 
 build_schedules_app_images:
   image: ${ORG_NAME}/docker-buildx-private:develop
@@ -577,3 +677,36 @@ update_readmes:
           - vs-code
           - zoom
           - zsnes
+
+update_readmes2:
+  stage: readme
+  script:
+    - apk add git
+    - git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@${README_TEMPLATE_REPO}
+    - sed -e "/{about}/r docs/$KASM_IMAGE/README.md" -e "/{about}/d" dockerhub-readme-template/TEMPLATE.md > docs/$KASM_IMAGE/FULL_README.md
+    - cat docs/$KASM_IMAGE/FULL_README.md
+    - >
+        docker run -v $PWD:/workspace
+        -e DOCKER_USERNAME="$README_USERNAME"
+        -e DOCKER_PASSWORD="$README_PASSWORD"
+        -e DOCKERHUB_REPOSITORY="${ORG_NAME}/$KASM_IMAGE-private"
+        -e README_FILEPATH="/workspace/docs/$KASM_IMAGE/FULL_README.md"
+        -e DESCRIPTION_FILEPATH="/workspace/docs/$KASM_IMAGE/description.txt"
+        ${ORG_NAME}/dockerhub-updater:latest
+    - >
+        docker run -v $PWD:/workspace
+        -e DOCKER_USERNAME="$README_USERNAME"
+        -e DOCKER_PASSWORD="$README_PASSWORD"
+        -e DOCKERHUB_REPOSITORY="${ORG_NAME}/$KASM_IMAGE"
+        -e README_FILEPATH="/workspace/docs/$KASM_IMAGE/FULL_README.md"
+        -e DESCRIPTION_FILEPATH="/workspace/docs/$KASM_IMAGE/description.txt"
+        ${ORG_NAME}/dockerhub-updater:latest
+
+  only:
+    variables:
+      - $README_USERNAME
+      - $README_PASSWORD
+  parallel:
+    matrix:
+      - KASM_IMAGE:
+          - vivaldi

dockerfile-kasm-vivaldi

@@ -0,0 +1,47 @@
+ARG BASE_TAG="develop"
+ARG BASE_IMAGE="core-ubuntu-focal"
+FROM kasmweb/$BASE_IMAGE:$BASE_TAG
+USER root
+
+ENV HOME /home/kasm-default-profile
+ENV STARTUPDIR /dockerstartup
+ENV INST_SCRIPTS $STARTUPDIR/install
+WORKDIR $HOME
+
+######### Customize Container Here ###########
+
+
+# Install Vivaldi
+COPY ./src/ubuntu/install/vivaldi $INST_SCRIPTS/vivaldi/
+RUN bash $INST_SCRIPTS/vivaldi/install_vivaldi.sh  && rm -rf $INST_SCRIPTS/vivaldi/
+
+# Update the desktop environment to be optimized for a single application
+RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME/.config/xfce4/xfconf/xfce-perchannel-xml/
+RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
+RUN apt-get remove -y xfce4-panel
+
+# Setup the custom startup script that will be invoked when the container starts
+#ENV LAUNCH_URL  http://kasmweb.com
+
+COPY ./src/ubuntu/install/vivaldi/custom_startup.sh $STARTUPDIR/custom_startup.sh
+RUN chmod +x $STARTUPDIR/custom_startup.sh
+
+# Install Custom Certificate Authority
+# COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
+# RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
+
+ENV KASM_RESTRICTED_FILE_CHOOSER=1
+COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
+RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+
+
+######### End Customizations ###########
+
+RUN chown 1000:0 $HOME
+RUN $STARTUPDIR/set_user_permission.sh $HOME
+
+ENV HOME /home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+USER 1000

docs/vivaldi/README.md

@@ -0,0 +1,14 @@
+# About This Image
+
+This Image contains a browser-accessible version of [Vivaldi](https://vivaldi.com/).
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://5856039.fs1.hubspotusercontent-na1.net/hubfs/5856039/dockerhub/vivaldi.png "Image Screenshot"
+
+# Environment Variables
+
+* `LAUNCH_URL` - The default URL the browser launches to when created.
+* `APP_ARGS` - Additional arguments to pass to the browser when launched.
+* `KASM_RESTRICTED_FILE_CHOOSER` - Confine "File Upload" and "File Save"
+  dialogs to ~/Desktop. On by default.

docs/vivaldi/description.txt

@@ -0,0 +1 @@
+Vivaldi for Kasm Workspaces

src/ubuntu/install/vivaldi/custom_startup.sh

@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+set -ex
+START_COMMAND="vivaldi"
+PGREP="vivaldi"
+MAXIMIZE="true"
+DEFAULT_ARGS=""
+
+if [[ $MAXIMIZE == 'true' ]] ; then
+    DEFAULT_ARGS+=" --start-maximized"
+fi
+ARGS=${APP_ARGS:-$DEFAULT_ARGS}
+
+options=$(getopt -o gau: -l go,assign,url: -n "$0" -- "$@") || exit
+eval set -- "$options"
+
+while [[ $1 != -- ]]; do
+    case $1 in
+        -g|--go) GO='true'; shift 1;;
+        -a|--assign) ASSIGN='true'; shift 1;;
+        -u|--url) OPT_URL=$2; shift 2;;
+        *) echo "bad option: $1" >&2; exit 1;;
+    esac
+done
+shift
+
+# Process non-option arguments.
+for arg; do
+    echo "arg! $arg"
+done
+
+FORCE=$2
+
+kasm_exec() {
+    if [ -n "$OPT_URL" ] ; then
+        URL=$OPT_URL
+    elif [ -n "$1" ] ; then
+        URL=$1
+    fi 
+    
+    # Since we are execing into a container that already has the browser running from startup, 
+    #  when we don't have a URL to open we want to do nothing. Otherwise a second browser instance would open. 
+    if [ -n "$URL" ] ; then
+        /usr/bin/filter_ready
+        /usr/bin/desktop_ready
+        $START_COMMAND $ARGS $OPT_URL
+    else
+        echo "No URL specified for exec command. Doing nothing."
+    fi
+}
+
+kasm_startup() {
+    if [ -n "$KASM_URL" ] ; then
+        URL=$KASM_URL
+    elif [ -z "$URL" ] ; then
+        URL=$LAUNCH_URL
+    fi
+
+    if [ -z "$DISABLE_CUSTOM_STARTUP" ] ||  [ -n "$FORCE" ] ; then
+
+        echo "Entering process startup loop"
+        set +x
+        while true
+        do
+            if ! pgrep -x $PGREP > /dev/null
+            then
+                /usr/bin/filter_ready
+                /usr/bin/desktop_ready
+                set +e
+                $START_COMMAND $ARGS $URL
+                set -e
+            fi
+            sleep 1
+        done
+        set -x
+    
+    fi
+
+} 
+
+if [ -n "$GO" ] || [ -n "$ASSIGN" ] ; then
+    kasm_exec
+else
+    kasm_startup
+fi

src/ubuntu/install/vivaldi/install_vivaldi.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -ex
+
+VIVALDI_ARGS="--password-store=basic --no-sandbox --ignore-gpu-blocklist --user-data-dir --no-first-run --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'"
+
+# Install Vivaldi (Ubuntu)
+wget -qO- https://repo.vivaldi.com/archive/linux_signing_key.pub | gpg --dearmor > /usr/share/keyrings/vivaldi-browser.gpg
+echo "deb [signed-by=/usr/share/keyrings/vivaldi-browser.gpg arch=$(dpkg --print-architecture)] https://repo.vivaldi.com/archive/deb/ stable main" > /etc/apt/sources.list.d/vivaldi-archive.list
+apt-get update && apt-get install -y vivaldi-stable
+/opt/vivaldi/update-ffmpeg
+
+# Add Desktop Icon
+cp /usr/share/applications/vivaldi-stable.desktop $HOME/Desktop/
+chown 1000:1000 $HOME/Desktop/vivaldi-stable.desktop
+
+# Use wrapper to launch application
+mv /opt/vivaldi/vivaldi /opt/vivaldi/vivaldi-orig
+cat >/opt/vivaldi/vivaldi <<EOL
+#!/usr/bin/env bash
+sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' ~/.config/vivaldi/Default/Preferences
+sed -i 's/"exit_type":"Crashed"/"exit_type":"None"/' ~/.config/vivaldi/Default/Preferences
+if [ -f /opt/VirtualGL/bin/vglrun ] && [ ! -z "\${KASM_EGL_CARD}" ] && [ ! -z "\${KASM_RENDERD}" ] && [ -O "\${KASM_RENDERD}" ] && [ -O "\${KASM_EGL_CARD}" ] ; then
+    echo "Starting Vivaldi with GPU Acceleration on EGL device \${KASM_EGL_CARD}"
+    vglrun -d "\${KASM_EGL_CARD}" /opt/vivaldi/vivaldi-orig ${CHROME_ARGS} "\$@" 
+else
+    echo "Starting Vivaldi"
+    /opt/vivaldi/vivaldi-orig ${VIVALDI_ARGS} "\$@"
+fi
+EOL
+chmod +x /opt/vivaldi/vivaldi
+
+# Set mime type to launch web content
+sed -i 's@exec -a "$0" "$HERE/vivaldi" "$\@"@@g' /usr/bin/x-www-browser
+cat >>/usr/bin/x-www-browser <<EOL
+  exec -a "\$0" "\$HERE/vivaldi" "${VIVALDI_ARGS}"  "\$@"
+EOL
+
+# Set chrome managed policies for vivaldi
+mkdir -p /etc/opt/chrome/policies/managed/
+cat >>/etc/opt/chrome/policies/managed/default_managed_policy.json <<EOL
+{"CommandLineFlagSecurityWarningsEnabled": false, "DefaultBrowserSettingEnabled": false}
+EOL
+
+# Cleanup
+apt-get autoclean
+rm -rf \
+    /var/lib/apt/lists/* \
+    /var/tmp/* \
+    /tmp/*