Updated to latest xe-solutions

Signed-off-by: James Ketrenos <james.p.ketrenos@intel.com>
2021-07-15 12:21:52 -07:00 · 2021-07-15 12:21:52 -07:00 · 60b2a1db39
commit 60b2a1db39
parent 42f092c1eb
2 changed files with 62 additions and 101 deletions
--- a/160
+++ b/160
@ -14,25 +14,19 @@
 #

 #
-# Template from templates/ubuntu/00-from.in
+# Template from templates/centos/00-from.in
 #
-# Pull from ubuntu on Docker Hub
-FROM amr-registry.caas.intel.com/vtt-osgc/os/ubuntu:focal AS xe-base-stage
+# Pull centos from Docker Hub
+FROM amr-registry.caas.intel.com/vtt-osgc/os/centos:8.2 as xe-base-stage
+
+# Flush cached package lists to prevent stale data
+RUN dnf clean all


 #
-# Template from templates/ubuntu/05-intel-proxy.in
+# Template from templates/centos/05-intel-proxy.in
 #
-# Pre-install proxy configuration values
-#
-# This uses the linux-ftp.ostc.intel.com as a mirror.
-RUN { \
-  for suite in focal focal-updates focal-security focal-backports; do \
-    for component in main restricted universe multiverse; do \
-      echo "deb http://linux-ftp.ostc.intel.com/pub/mirrors/ubuntu ${suite} ${component}" ; \
-    done \
-  done \
-} > /etc/apt/sources.list
+# Configure Intel proxy values

 ARG http_proxy="http://proxy-chain.intel.com:911/"
 ARG https_proxy="http://proxy-chain.intel.com:912/"
@ -50,112 +44,78 @@ ENV HTTP_PROXY="${http_proxy}"
 ENV HTTPS_PROXY="${http_proxy}"
 ENV NO_PROXY="${no_proxy}"

+# Configure DNF and YUM proxies
 RUN { \
-  echo "Acquire::http::proxy \"${http_proxy}\";\n" ; \
-  echo "Acquire::https::proxy \"${https_proxy}\";\n" ; \
-  echo "Acquire::ftp::proxy \"${ftp_proxy}\";\n" ; \
-  echo "Acquire::socks::proxy \"${socks_proxy}\";\n" ; \
-  echo "Acquire::http::Proxy::linux-ftp.ostc.intel.com DIRECT;\n" ; \
-} > /etc/apt/apt.conf
+  echo "proxy=${http_proxy}" ; \
+  echo "no_proxy=${no_proxy}" ; \
+} | tee -a /etc/dnf/dnf.conf /etc/yum.conf
+
+#
+# Template from templates/centos/15-upgrade.in
+#
+# Update package lists, and upgrade to the latest packages
+#
+# Failure to do this will result in GPG errors later
+RUN dnf clean all \
+  && dnf -y upgrade


 #
-# Template from templates/ubuntu/08-intel-certs.in
+# Template from templates/centos/18-create-user.in
 #
-# Install Intel CA5A cert so Intel certs are recognized
-
-RUN apt-get -q update \
-  && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
-    ca-certificates \
-    wget \
-    unzip \
-  && apt-get clean \
-  && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} \
-  && mkdir -p /usr/local/share/ca-certificates \
-  && wget -qO tmp.zip http://certificates.intel.com/repository/certificates/IntelSHA2RootChain-Base64.zip \
-     && unzip tmp.zip -d /usr/local/share/ca-certificates \
-     && rm tmp.zip \
-  && wget -qO tmp.zip http://certificates.intel.com/repository/certificates/Intel%20Root%20Certificate%20Chain%20Base64.zip \
-     && unzip tmp.zip -d /usr/local/share/ca-certificates \
-     && rm tmp.zip \
-  && apt-get remove -y wget unzip \
-  && update-ca-certificates --fresh
-
-
-#
-# Template from templates/ubuntu/10-default-packages.in
-#
-# Update the repo lists and then install things using the internal
-# sources. Packages used by many developers are pulled into this image
-# but we do want it to be relatively small.
-#
-# NOTE: We use DEBIAN_FRONTEND=noninteractive to prevent krb5-user from
-#       trying to prompt for configuration details during install.
-RUN apt-get -q update \
-  && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends -q \
-    locales \
-    software-properties-common
-
-# Set up locales
-RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8
-ENV LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8 LC_ALL=en_US.UTF-8
-
-#
-# Template from templates/ubuntu/18-create-user.in
-#
-# Create user 'user' and add them to 'sudo' for sudo access and set
+# Create user 'user' and add them to 'wheel' for sudo access and set
 # the passwd to 'user'

 FROM xe-base-stage AS xe-user-stage

-RUN apt-get -q update \
-  && DEBIAN_FRONTEND=noninteractive \
-  && apt-get install --no-install-recommends -y \
-      sudo
-
-ARG USER_UID=1000
-ARG USER_GID=1000
-
-RUN echo "Creating 'user': $USER_UID:$USER_GID"
+# CentOS doesn't provide openssl by default. Red Hat does.
+RUN dnf install -y sudo openssl

 # NOTE: Requires 'sudo' package to already be installed
-RUN groupadd -g $USER_GID user \
+RUN groupadd -r user \
  && useradd --no-log-init \
    -s /bin/bash \
-    -m \
-    -u $USER_UID \
+    -r -m \
    -g user \
-    -G sudo,video \
+    -G wheel,video \
    -p $(echo "user" | openssl passwd -stdin) user

-# Set 'sudo' to NOPASSWD for all container users
-RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers
-
-RUN apt-get clean \
-  && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log}
+# Set 'wheel' to NOPASSWD for all container users
+RUN sed -i -e 's,%wheel.*,%wheel ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers

 #
-# Template from templates/ubuntu/20-repositories-intel-com.in
+# Template from templates/centos/20-repositories-intel-com.in
 #
-# Update and install wget and gpg-agent as it isn't in the base Ubuntu
-# image and is needed for apt-key
+# repositories.intel.com content begins here
 #
-RUN apt-get -q update \
-  && DEBIAN_FRONTEND=noninteractive \
-    apt-get --no-install-recommends -q -y install \
-      wget \
-      gpg-agent
+# Intel certificates which would allow internal signed certs to be
+# used are not being installed, so turn sslverify=0 on the 
+# repository.
+#
+# To install the certs would be something like:
+#
+# A. Copy ca certs to /etc/pki/ca-trust/source/anchors/
+# B. run update-ca-trust
+#
+# Once that is done, the 'sslverify=0' can be removed from 
+# the repository definition below.
+#
+# Add Intel Graphics repository
+#
+RUN { \
+  echo "[intel-graphics]" ; \
+  echo "name=Intel Graphics Drivers Repository" ; \
+  echo "baseurl=https://osgc.jf.intel.com/internal/${PACKAGE_DISTRO}/focal-prerelease-untested/" ; \
+  echo "sslverify=0" ; \
+  echo "enabled=1" ; \
+  echo "gpgcheck=0" ; \
+} > /etc/yum.repos.d/intel-graphics.repo

-# Fetch and install the signing key for https://osgc.jf.intel.com/internal
 #
-RUN wget -qO - https://osgc.jf.intel.com/internal/intel-graphics.key | apt-key add -
-RUN apt-add-repository \
-  'deb [arch=amd64] https://osgc.jf.intel.com/internal/ubuntu focal-prerelease-untested main'
-
-# Cleanup
-#RUN apt-get remove -y wget \
-#  && apt-get clean \
-#  && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log}
+# Template from templates/centos/30-clean-up.in
+#
+# Clean dnf cache
+RUN dnf clean all

 #
 # Template from templates/99-env.in
@ -165,8 +125,8 @@ RUN apt-add-repository \

 ENV GPGPU_PACKAGE_REPOSITORY "https://osgc.jf.intel.com/internal"
 ENV GPGPU_PACKAGE_STREAM "focal-prerelease-untested"
-ENV GPGPU_PACKAGE_DISTRO "ubuntu"
-ENV GPGPU_PACKAGE_DISTRO_RELEASE "focal"
+ENV GPGPU_PACKAGE_DISTRO "centos"
+ENV GPGPU_PACKAGE_DISTRO_RELEASE "8.2"

 USER user

--- a/scripts/build-dockerfile.sh
+++ b/scripts/build-dockerfile.sh
@ -41,7 +41,8 @@ if [[ "${REGISTRY_OS}" == "external" ]]; then
 fi
 export DOCKERFILE="Dockerfile${SOLUTION_SUFFIX}"
 export SOLUTION="Dockerfile.solution${SOLUTION_SUFFIX}"
-VARS+=(DOCKERFILE SOLUTION BUILD REGISTRY_OS)
+export PACKAGE_DISTRO
+VARS+=(DOCKERFILE SOLUTION BUILD REGISTRY_OS PACKAGE_DISTRO)

 if [[ "${BUILD}" != "" ]] && [[ "${BUILD}" != "N/A" ]]; then
  # Override PACKAGE_REPOSITORY as it won't be used -- instead a file