From a781d87b814438d33a90c9d16909f200fa6bf235 Mon Sep 17 00:00:00 2001 From: Ryan Kuba Date: Thu, 6 Jun 2024 15:32:29 +0000 Subject: [PATCH] Resolve KASM-6027 "Feature/ alpine 320" --- ci-scripts/template-vars.yaml | 16 ++-- dockerfile-kasm-alpine-320-desktop | 54 +++++++++++++ dockerfile-kasm-ubuntu-focal-dind-rootless | 15 +--- dockerfile-kasm-ubuntu-jammy-dind-rootless | 15 +--- .../install/terraform/install_terraform.sh | 2 +- src/ubuntu/install/brave/install_brave.sh | 4 +- .../install/dind_rootless/custom_startup.sh | 2 +- .../dind_rootless/install_dind_rootless.sh | 75 ++++++++++++++----- .../install_dind_rootless_prerequisites.sh | 21 ------ src/ubuntu/install/firefox/install_firefox.sh | 2 +- .../install/terraform/install_terraform.sh | 20 ++++- .../thunderbird/install_thunderbird.sh | 5 +- 12 files changed, 152 insertions(+), 79 deletions(-) create mode 100644 dockerfile-kasm-alpine-320-desktop delete mode 100644 src/ubuntu/install/dind_rootless/install_dind_rootless_prerequisites.sh diff --git a/ci-scripts/template-vars.yaml b/ci-scripts/template-vars.yaml index 1049868..d535220 100644 --- a/ci-scripts/template-vars.yaml +++ b/ci-scripts/template-vars.yaml @@ -385,6 +385,15 @@ multiImages: - src/ubuntu/install/langpacks/** - src/ubuntu/install/cleanup/** - src/alpine/install/** + - name: alpine-320-desktop + singleapp: false + base: core-alpine-320 + dockerfile: dockerfile-kasm-alpine-320-desktop + changeFiles: + - dockerfile-kasm-alpine-320-desktop + - src/ubuntu/install/langpacks/** + - src/ubuntu/install/cleanup/** + - src/alpine/install/** - name: brave singleapp: true base: core-ubuntu-focal @@ -650,13 +659,6 @@ multiImages: - src/ubuntu/install/certificates/** - src/ubuntu/install/vivaldi/** singleImages: - - name: atom - singleapp: true - base: core-ubuntu-focal - dockerfile: dockerfile-kasm-atom - changeFiles: - - dockerfile-kasm-atom - - src/ubuntu/install/atom/** - name: blender singleapp: true base: core-ubuntu-focal diff --git a/dockerfile-kasm-alpine-320-desktop b/dockerfile-kasm-alpine-320-desktop new file mode 100644 index 0000000..5003a9c --- /dev/null +++ b/dockerfile-kasm-alpine-320-desktop @@ -0,0 +1,54 @@ +ARG BASE_TAG="develop" +ARG BASE_IMAGE="core-alpine-320" +FROM kasmweb/$BASE_IMAGE:$BASE_TAG + +USER root + +ENV DISTRO=alpine320 +ENV HOME /home/kasm-default-profile +ENV STARTUPDIR /dockerstartup +WORKDIR $HOME + +### Envrionment config +ENV SKIP_CLEAN=true \ + INST_DIR=$STARTUPDIR/install \ + INST_SCRIPTS="/alpine/install/tools/install_tools_deluxe.sh \ + /alpine/install/misc/install_tools.sh \ + /alpine/install/firefox/install_firefox.sh \ + /alpine/install/remmina/install_remmina.sh \ + /alpine/install/gimp/install_gimp.sh \ + /alpine/install/ansible/install_ansible.sh \ + /alpine/install/terraform/install_terraform.sh \ + /alpine/install/thunderbird/install_thunderbird.sh \ + /alpine/install/audacity/install_audacity.sh \ + /alpine/install/blender/install_blender.sh \ + /alpine/install/geany/install_geany.sh \ + /alpine/install/inkscape/install_inkscape.sh \ + /alpine/install/libre_office/install_libre_office.sh \ + /alpine/install/pinta/install_pinta.sh \ + /alpine/install/obs/install_obs.sh \ + /alpine/install/filezilla/install_filezilla.sh \ + /ubuntu/install/langpacks/install_langpacks.sh \ + /ubuntu/install/cleanup/cleanup.sh" + +# Copy install scripts +COPY ./src/ $INST_DIR + +# Run installations +RUN \ + for SCRIPT in $INST_SCRIPTS; do \ + bash ${INST_DIR}${SCRIPT} || exit 1; \ + done && \ + $STARTUPDIR/set_user_permission.sh $HOME && \ + rm -f /etc/X11/xinit/Xclients && \ + chown 1000:0 $HOME && \ + mkdir -p /home/kasm-user && \ + chown -R 1000:0 /home/kasm-user && \ + rm -Rf ${INST_DIR} + +# Userspace Runtime +ENV HOME /home/kasm-user +WORKDIR $HOME +USER 1000 + +CMD ["--tail-log"] diff --git a/dockerfile-kasm-ubuntu-focal-dind-rootless b/dockerfile-kasm-ubuntu-focal-dind-rootless index 4731ef3..a59f989 100644 --- a/dockerfile-kasm-ubuntu-focal-dind-rootless +++ b/dockerfile-kasm-ubuntu-focal-dind-rootless @@ -9,25 +9,16 @@ ENV INST_SCRIPTS $STARTUPDIR/install WORKDIR $HOME # Rootless Dind -ENV DOCKER_BIN=/usr/local/lib/docker \ - XDG_RUNTIME_DIR=/docker -RUN mkdir -p $DOCKER_BIN && chown 1000:0 $DOCKER_BIN && \ - mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR -ENV PATH=$DOCKER_BIN:$DOCKER_BIN/cli-plugins:$PATH \ - DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock -COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless_prerequisites.sh $INST_SCRIPTS/dind_rootless/ -RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless_prerequisites.sh COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless.sh $INST_SCRIPTS/dind_rootless/ -RUN chown 1000:1000 $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh -# It's recommended that docker-rootless be installed by non root user -USER 1000 RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh -USER root RUN rm -rf $INST_SCRIPTS/dind_rootless COPY ./src/ubuntu/install/dind_rootless/custom_startup.sh $STARTUPDIR/custom_startup.sh RUN chmod +x $STARTUPDIR/custom_startup.sh && chmod 755 $STARTUPDIR/custom_startup.sh COPY ./src/ubuntu/install/dind_rootless/modprobe /usr/local/bin/modprobe RUN chmod +x /usr/local/bin/modprobe +ENV XDG_RUNTIME_DIR=/docker \ + DOCKER_HOST=unix:///docker/docker.sock +RUN mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR ### Envrionment config ENV DEBIAN_FRONTEND=noninteractive \ diff --git a/dockerfile-kasm-ubuntu-jammy-dind-rootless b/dockerfile-kasm-ubuntu-jammy-dind-rootless index d1522b4..46b38b4 100644 --- a/dockerfile-kasm-ubuntu-jammy-dind-rootless +++ b/dockerfile-kasm-ubuntu-jammy-dind-rootless @@ -9,25 +9,16 @@ ENV INST_SCRIPTS $STARTUPDIR/install WORKDIR $HOME # Rootless Dind -ENV DOCKER_BIN=/usr/local/lib/docker \ - XDG_RUNTIME_DIR=/docker -RUN mkdir -p $DOCKER_BIN && chown 1000:0 $DOCKER_BIN && \ - mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR -ENV PATH=$DOCKER_BIN:$DOCKER_BIN/cli-plugins:$PATH \ - DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock -COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless_prerequisites.sh $INST_SCRIPTS/dind_rootless/ -RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless_prerequisites.sh COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless.sh $INST_SCRIPTS/dind_rootless/ -RUN chown 1000:1000 $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh -# It's recommended that docker-rootless be installed by non root user -USER 1000 RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh -USER root RUN rm -rf $INST_SCRIPTS/dind_rootless COPY ./src/ubuntu/install/dind_rootless/custom_startup.sh $STARTUPDIR/custom_startup.sh RUN chmod +x $STARTUPDIR/custom_startup.sh && chmod 755 $STARTUPDIR/custom_startup.sh COPY ./src/ubuntu/install/dind_rootless/modprobe /usr/local/bin/modprobe RUN chmod +x /usr/local/bin/modprobe +ENV XDG_RUNTIME_DIR=/docker \ + DOCKER_HOST=unix:///docker/docker.sock +RUN mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR ### Envrionment config ENV DEBIAN_FRONTEND=noninteractive \ diff --git a/src/alpine/install/terraform/install_terraform.sh b/src/alpine/install/terraform/install_terraform.sh index 1a917ce..bab7b3e 100644 --- a/src/alpine/install/terraform/install_terraform.sh +++ b/src/alpine/install/terraform/install_terraform.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -ex -if grep -q v3.19 /etc/os-release; then +if grep -q v3.19 /etc/os-release || grep -q v3.20 /etc/os-release; then apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ \ opentofu else diff --git a/src/ubuntu/install/brave/install_brave.sh b/src/ubuntu/install/brave/install_brave.sh index 93b0981..e1809ea 100644 --- a/src/ubuntu/install/brave/install_brave.sh +++ b/src/ubuntu/install/brave/install_brave.sh @@ -7,9 +7,9 @@ CHROME_ARGS="--password-store=basic --no-sandbox --ignore-gpu-blocklist --user-d apt-get update apt install -y apt-transport-https curl -curl -s https://brave-browser-apt-release.s3.brave.com/brave-core.asc | apt-key --keyring /etc/apt/trusted.gpg.d/brave-browser-release.gpg add - +curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg -echo "deb [arch=${ARCH}] https://brave-browser-apt-release.s3.brave.com/ stable main" | tee /etc/apt/sources.list.d/brave-browser-release.list +echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"| tee /etc/apt/sources.list.d/brave-browser-release.list apt update diff --git a/src/ubuntu/install/dind_rootless/custom_startup.sh b/src/ubuntu/install/dind_rootless/custom_startup.sh index 840b75c..e9606bb 100644 --- a/src/ubuntu/install/dind_rootless/custom_startup.sh +++ b/src/ubuntu/install/dind_rootless/custom_startup.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash set -ex -START_COMMAND="$DOCKER_BIN/dockerd-rootless.sh" +START_COMMAND="dockerd-rootless.sh" PGREP="dockerd" export MAXIMIZE="false" MAXIMIZE_SCRIPT=$STARTUPDIR/maximize_window.sh diff --git a/src/ubuntu/install/dind_rootless/install_dind_rootless.sh b/src/ubuntu/install/dind_rootless/install_dind_rootless.sh index a7c1751..633435a 100644 --- a/src/ubuntu/install/dind_rootless/install_dind_rootless.sh +++ b/src/ubuntu/install/dind_rootless/install_dind_rootless.sh @@ -1,21 +1,60 @@ #!/usr/bin/env bash set -ex -# This script should be executed as a non-root user. -# User verification: deny running as root -if [ "$(id -u)" = "0" ]; then - >&2 echo "Refusing to install rootless Docker as the root user"; exit 1 + +# Enable Docker repo +ARCH=$(arch | sed 's/aarch64/arm64/g' | sed 's/x86_64/amd64/g') +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - +echo "deb [arch=${ARCH}] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" > \ + /etc/apt/sources.list.d/docker.list + +# Install deps +apt-get update +apt-get install -y \ + ca-certificates \ + curl \ + dbus-user-session \ + docker-buildx-plugin \ + docker-ce \ + docker-ce-cli \ + docker-compose-plugin \ + fuse-overlayfs \ + iptables \ + kmod \ + openssh-client \ + sudo \ + supervisor \ + uidmap \ + wget + +# URLs +STABLE_LATEST=$(curl -sL https://get.docker.com/rootless | awk -F'="' '/STABLE_LATEST=/ {print substr($2, 1, length($2)-1)}') +STATIC_RELEASE_ROOTLESS_URL="https://download.docker.com/linux/static/stable/$(uname -m)/docker-rootless-extras-${STABLE_LATEST}.tgz" + +# User settings +curl -o \ + /usr/local/bin/dind -L \ + https://raw.githubusercontent.com/moby/moby/master/hack/dind +chmod +x /usr/local/bin/dind +echo 'hosts: files dns' > /etc/nsswitch.conf + +# Install rootless extras +curl -o \ + /tmp/rootless.tgz -L \ + "${STATIC_RELEASE_ROOTLESS_URL}" +tar -xf \ + /tmp/rootless.tgz \ + --strip-components 1 \ + --directory /usr/local/bin/ \ + 'docker-rootless-extras/dockerd-rootless.sh' \ + 'docker-rootless-extras/rootlesskit' \ + 'docker-rootless-extras/rootlesskit-docker-proxy' \ + 'docker-rootless-extras/vpnkit' + +# Cleanup +if [ -z ${SKIP_CLEAN+x} ]; then + apt-get autoclean + rm -rf \ + /var/lib/apt/lists/* \ + /var/tmp/* \ + /tmp/* fi - -echo "Installing Docker" -curl -fsSL https://get.docker.com/rootless | sh - -dockerd --version -docker --version - -echo "Installing Docker Compose" -mkdir -p "${DOCKER_BIN}"/cli-plugins -COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]'); -COMPOSE_OS=$(uname -s) -curl -L https://github.com/docker/compose/releases/download/"${COMPOSE_RELEASE}"/docker-compose-"${COMPOSE_OS,,}"-"$(uname -m)" -o "${DOCKER_BIN}"/cli-plugins/docker-compose -chmod +x "${DOCKER_BIN}"/cli-plugins/docker-compose diff --git a/src/ubuntu/install/dind_rootless/install_dind_rootless_prerequisites.sh b/src/ubuntu/install/dind_rootless/install_dind_rootless_prerequisites.sh deleted file mode 100644 index b5a563c..0000000 --- a/src/ubuntu/install/dind_rootless/install_dind_rootless_prerequisites.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -set -ex - -apt-get update && apt-get install -y \ - ca-certificates \ - curl \ - dbus-user-session \ - fuse-overlayfs \ - kmod \ - iptables \ - openssh-client \ - uidmap \ - wget \ - slirp4netns \ - pigz \ - xz-utils \ - iproute2 \ - xfsprogs \ - btrfs-progs \ - e2fsprogs && \ -rm -rf /var/lib/apt/list/* \ No newline at end of file diff --git a/src/ubuntu/install/firefox/install_firefox.sh b/src/ubuntu/install/firefox/install_firefox.sh index 9941c82..4096143 100644 --- a/src/ubuntu/install/firefox/install_firefox.sh +++ b/src/ubuntu/install/firefox/install_firefox.sh @@ -45,7 +45,7 @@ Pin: release a=unstable Pin-Priority: 10 EOF apt-get update - apt-get install -y -t unstable firefox p11-kit-modules + apt-get install -o Dpkg::Options::="--force-confnew" -y -t unstable firefox p11-kit-modules else apt-mark unhold firefox || : apt-get remove firefox diff --git a/src/ubuntu/install/terraform/install_terraform.sh b/src/ubuntu/install/terraform/install_terraform.sh index 22cf3b0..00ba946 100644 --- a/src/ubuntu/install/terraform/install_terraform.sh +++ b/src/ubuntu/install/terraform/install_terraform.sh @@ -8,8 +8,22 @@ if [ "${ARCH}" == "arm64" ] ; then exit 0 fi - +# Install terraform curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - -apt-add-repository "deb [arch=$(dpkg --print-architecture)] https://apt.releases.hashicorp.com $(lsb_release -cs) main" +echo \ + "deb [arch=$(dpkg --print-architecture)] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \ + > /etc/apt/sources.list.d/hashicorp.list apt-get update -apt-get install -y terraform +apt-get install -y \ + terraform + +# Cleanup +chown -R 1000:0 $HOME +find /usr/share/ -name "icon-theme.cache" -exec rm -f {} \; +if [ -z ${SKIP_CLEAN+x} ]; then + apt-get autoclean + rm -rf \ + /var/lib/apt/lists/* \ + /var/tmp/* \ + /tmp/* +fi diff --git a/src/ubuntu/install/thunderbird/install_thunderbird.sh b/src/ubuntu/install/thunderbird/install_thunderbird.sh index 0e31fb7..9412070 100644 --- a/src/ubuntu/install/thunderbird/install_thunderbird.sh +++ b/src/ubuntu/install/thunderbird/install_thunderbird.sh @@ -48,9 +48,12 @@ Pin-Priority: 1001 fi # Desktop icon -if [[ "${DISTRO}" == @(fedora37|fedora38|fedora39|fedora40) ]]; then +if [[ "${DISTRO}" == @(fedora37|fedora38|fedora39) ]]; then cp /usr/share/applications/mozilla-thunderbird.desktop $HOME/Desktop/ chmod +x $HOME/Desktop/mozilla-thunderbird.desktop +elif [[ "${DISTRO}" == "fedora40" ]]; then + cp /usr/share/applications/org.mozilla.thunderbird.desktop $HOME/Desktop/ + chmod +x $HOME/Desktop/org.mozilla.thunderbird.desktop else cp /usr/share/applications/thunderbird.desktop $HOME/Desktop/ chmod +x $HOME/Desktop/thunderbird.desktop