From 60b2a1db39f02bfb7b92b31716df6c6902289899 Mon Sep 17 00:00:00 2001 From: James Ketrenos Date: Thu, 15 Jul 2021 12:21:52 -0700 Subject: [PATCH] Updated to latest xe-solutions Signed-off-by: James Ketrenos --- Dockerfile | 160 ++++++++++++++---------------------- scripts/build-dockerfile.sh | 3 +- 2 files changed, 62 insertions(+), 101 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5c4a071..c8cb0db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,25 +14,19 @@ # # -# Template from templates/ubuntu/00-from.in +# Template from templates/centos/00-from.in # -# Pull from ubuntu on Docker Hub -FROM amr-registry.caas.intel.com/vtt-osgc/os/ubuntu:focal AS xe-base-stage +# Pull centos from Docker Hub +FROM amr-registry.caas.intel.com/vtt-osgc/os/centos:8.2 as xe-base-stage + +# Flush cached package lists to prevent stale data +RUN dnf clean all # -# Template from templates/ubuntu/05-intel-proxy.in +# Template from templates/centos/05-intel-proxy.in # -# Pre-install proxy configuration values -# -# This uses the linux-ftp.ostc.intel.com as a mirror. -RUN { \ - for suite in focal focal-updates focal-security focal-backports; do \ - for component in main restricted universe multiverse; do \ - echo "deb http://linux-ftp.ostc.intel.com/pub/mirrors/ubuntu ${suite} ${component}" ; \ - done \ - done \ -} > /etc/apt/sources.list +# Configure Intel proxy values ARG http_proxy="http://proxy-chain.intel.com:911/" ARG https_proxy="http://proxy-chain.intel.com:912/" @@ -50,112 +44,78 @@ ENV HTTP_PROXY="${http_proxy}" ENV HTTPS_PROXY="${http_proxy}" ENV NO_PROXY="${no_proxy}" +# Configure DNF and YUM proxies RUN { \ - echo "Acquire::http::proxy \"${http_proxy}\";\n" ; \ - echo "Acquire::https::proxy \"${https_proxy}\";\n" ; \ - echo "Acquire::ftp::proxy \"${ftp_proxy}\";\n" ; \ - echo "Acquire::socks::proxy \"${socks_proxy}\";\n" ; \ - echo "Acquire::http::Proxy::linux-ftp.ostc.intel.com DIRECT;\n" ; \ -} > /etc/apt/apt.conf + echo "proxy=${http_proxy}" ; \ + echo "no_proxy=${no_proxy}" ; \ +} | tee -a /etc/dnf/dnf.conf /etc/yum.conf + +# +# Template from templates/centos/15-upgrade.in +# +# Update package lists, and upgrade to the latest packages +# +# Failure to do this will result in GPG errors later +RUN dnf clean all \ + && dnf -y upgrade # -# Template from templates/ubuntu/08-intel-certs.in +# Template from templates/centos/18-create-user.in # -# Install Intel CA5A cert so Intel certs are recognized - -RUN apt-get -q update \ - && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ - ca-certificates \ - wget \ - unzip \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} \ - && mkdir -p /usr/local/share/ca-certificates \ - && wget -qO tmp.zip http://certificates.intel.com/repository/certificates/IntelSHA2RootChain-Base64.zip \ - && unzip tmp.zip -d /usr/local/share/ca-certificates \ - && rm tmp.zip \ - && wget -qO tmp.zip http://certificates.intel.com/repository/certificates/Intel%20Root%20Certificate%20Chain%20Base64.zip \ - && unzip tmp.zip -d /usr/local/share/ca-certificates \ - && rm tmp.zip \ - && apt-get remove -y wget unzip \ - && update-ca-certificates --fresh - - -# -# Template from templates/ubuntu/10-default-packages.in -# -# Update the repo lists and then install things using the internal -# sources. Packages used by many developers are pulled into this image -# but we do want it to be relatively small. -# -# NOTE: We use DEBIAN_FRONTEND=noninteractive to prevent krb5-user from -# trying to prompt for configuration details during install. -RUN apt-get -q update \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends -q \ - locales \ - software-properties-common - -# Set up locales -RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8 -ENV LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8 LC_ALL=en_US.UTF-8 - -# -# Template from templates/ubuntu/18-create-user.in -# -# Create user 'user' and add them to 'sudo' for sudo access and set +# Create user 'user' and add them to 'wheel' for sudo access and set # the passwd to 'user' FROM xe-base-stage AS xe-user-stage -RUN apt-get -q update \ - && DEBIAN_FRONTEND=noninteractive \ - && apt-get install --no-install-recommends -y \ - sudo - -ARG USER_UID=1000 -ARG USER_GID=1000 - -RUN echo "Creating 'user': $USER_UID:$USER_GID" +# CentOS doesn't provide openssl by default. Red Hat does. +RUN dnf install -y sudo openssl # NOTE: Requires 'sudo' package to already be installed -RUN groupadd -g $USER_GID user \ +RUN groupadd -r user \ && useradd --no-log-init \ -s /bin/bash \ - -m \ - -u $USER_UID \ + -r -m \ -g user \ - -G sudo,video \ + -G wheel,video \ -p $(echo "user" | openssl passwd -stdin) user -# Set 'sudo' to NOPASSWD for all container users -RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers - -RUN apt-get clean \ - && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} +# Set 'wheel' to NOPASSWD for all container users +RUN sed -i -e 's,%wheel.*,%wheel ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers # -# Template from templates/ubuntu/20-repositories-intel-com.in +# Template from templates/centos/20-repositories-intel-com.in # -# Update and install wget and gpg-agent as it isn't in the base Ubuntu -# image and is needed for apt-key +# repositories.intel.com content begins here # -RUN apt-get -q update \ - && DEBIAN_FRONTEND=noninteractive \ - apt-get --no-install-recommends -q -y install \ - wget \ - gpg-agent +# Intel certificates which would allow internal signed certs to be +# used are not being installed, so turn sslverify=0 on the +# repository. +# +# To install the certs would be something like: +# +# A. Copy ca certs to /etc/pki/ca-trust/source/anchors/ +# B. run update-ca-trust +# +# Once that is done, the 'sslverify=0' can be removed from +# the repository definition below. +# +# Add Intel Graphics repository +# +RUN { \ + echo "[intel-graphics]" ; \ + echo "name=Intel Graphics Drivers Repository" ; \ + echo "baseurl=https://osgc.jf.intel.com/internal/${PACKAGE_DISTRO}/focal-prerelease-untested/" ; \ + echo "sslverify=0" ; \ + echo "enabled=1" ; \ + echo "gpgcheck=0" ; \ +} > /etc/yum.repos.d/intel-graphics.repo -# Fetch and install the signing key for https://osgc.jf.intel.com/internal # -RUN wget -qO - https://osgc.jf.intel.com/internal/intel-graphics.key | apt-key add - -RUN apt-add-repository \ - 'deb [arch=amd64] https://osgc.jf.intel.com/internal/ubuntu focal-prerelease-untested main' - -# Cleanup -#RUN apt-get remove -y wget \ -# && apt-get clean \ -# && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} +# Template from templates/centos/30-clean-up.in +# +# Clean dnf cache +RUN dnf clean all # # Template from templates/99-env.in @@ -165,8 +125,8 @@ RUN apt-add-repository \ ENV GPGPU_PACKAGE_REPOSITORY "https://osgc.jf.intel.com/internal" ENV GPGPU_PACKAGE_STREAM "focal-prerelease-untested" -ENV GPGPU_PACKAGE_DISTRO "ubuntu" -ENV GPGPU_PACKAGE_DISTRO_RELEASE "focal" +ENV GPGPU_PACKAGE_DISTRO "centos" +ENV GPGPU_PACKAGE_DISTRO_RELEASE "8.2" USER user diff --git a/scripts/build-dockerfile.sh b/scripts/build-dockerfile.sh index bf82a53..0463828 100755 --- a/scripts/build-dockerfile.sh +++ b/scripts/build-dockerfile.sh @@ -41,7 +41,8 @@ if [[ "${REGISTRY_OS}" == "external" ]]; then fi export DOCKERFILE="Dockerfile${SOLUTION_SUFFIX}" export SOLUTION="Dockerfile.solution${SOLUTION_SUFFIX}" -VARS+=(DOCKERFILE SOLUTION BUILD REGISTRY_OS) +export PACKAGE_DISTRO +VARS+=(DOCKERFILE SOLUTION BUILD REGISTRY_OS PACKAGE_DISTRO) if [[ "${BUILD}" != "" ]] && [[ "${BUILD}" != "N/A" ]]; then # Override PACKAGE_REPOSITORY as it won't be used -- instead a file