From bdb996e07e859b32f5c5ee8345736f69e2e16976 Mon Sep 17 00:00:00 2001 From: James Ketrenos Date: Thu, 14 Nov 2019 13:04:22 -0800 Subject: [PATCH] Updated to work with latest xe-solutions Signed-off-by: James Ketrenos --- Dockerfile | 115 ++++++++++------ Dockerfile.rhel-8.0 | 124 +++++++++++++----- Dockerfile.solution | 52 +++++--- Dockerfile.solution.rhel-8.0 | 39 +++--- templates/centos/00-from.in | 6 + templates/centos/05-intel-proxy.in | 23 ++++ ...ything.in => 20-repositories-intel-com.in} | 15 --- templates/centos/25-graphics-user.in | 20 +++ templates/centos/30-clean-up.in | 2 + templates/ending.in | 2 +- templates/rhel/00-from.in | 6 + templates/rhel/05-intel-proxy.in | 23 ++++ .../{00-everything.in => 10-rhel-partner.in} | 42 ------ templates/rhel/20-repositories-intel-com.in | 24 ++++ templates/rhel/25-graphics-user.in | 20 +++ templates/rhel/30-clean-up.in | 2 + templates/ubuntu/00-FROM.in | 2 +- templates/ubuntu/05-intel-proxy.in | 26 +++- templates/ubuntu/05-intel-proxy.in.orig | 9 -- templates/ubuntu/20-repositories-intel-com.in | 2 - templates/ubuntu/25-graphics-user.in | 31 +++-- 21 files changed, 385 insertions(+), 200 deletions(-) create mode 100644 templates/centos/00-from.in create mode 100644 templates/centos/05-intel-proxy.in rename templates/centos/{00-everything.in => 20-repositories-intel-com.in} (60%) create mode 100644 templates/centos/25-graphics-user.in create mode 100644 templates/centos/30-clean-up.in create mode 100644 templates/rhel/00-from.in create mode 100644 templates/rhel/05-intel-proxy.in rename templates/rhel/{00-everything.in => 10-rhel-partner.in} (87%) create mode 100644 templates/rhel/20-repositories-intel-com.in create mode 100644 templates/rhel/25-graphics-user.in create mode 100644 templates/rhel/30-clean-up.in delete mode 100644 templates/ubuntu/05-intel-proxy.in.orig diff --git a/Dockerfile b/Dockerfile index 8e7ef97..5eaa381 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ # Template from templates/ubuntu/00-FROM.in # # Pull from ubuntu on Docker Hub -FROM ubuntu:disco AS graphics-base +FROM ubuntu:disco AS xe-base-stage # @@ -32,15 +32,31 @@ RUN { \ done \ } > /etc/apt/sources.list +ARG http_proxy="http://proxy-chain.intel.com:911/" +ARG https_proxy="http://proxy-chain.intel.com:912/" +ARG ftp_proxy="ftp://proxy-chain.intel.com:911/" +ARG socks_proxy="socks://proxy-chain.intel.com:1080/" +ARG no_proxy="localhost,*.*.intel.com" + +ENV http_proxy="${http_proxy}" +ENV https_proxy="${https_proxy}" +ENV no_proxy="${no_proxy}" +ENV ftp_proxy="${http_proxy}" +ENV socks_proxy="${socks_proxy}" + +ENV HTTP_PROXY="${http_proxy}" +ENV HTTPS_PROXY="${http_proxy}" +ENV NO_PROXY="${no_proxy}" + RUN { \ - echo "Acquire::http::proxy \"http://proxy-chain.intel.com:911/\";\n" ; \ - echo "Acquire::https::proxy \"http://proxy-chain.intel.com:912/\";\n" ; \ - echo "Acquire::ftp::proxy \"ftp://proxy-chain.intel.com:911/\";\n" ; \ - echo "Acquire::socks::proxy \"socks://proxy-chain.intel.com:1080/\";\n" ; \ + echo "Acquire::http::proxy \"${http_proxy}\";\n" ; \ + echo "Acquire::https::proxy \"${https_proxy}\";\n" ; \ + echo "Acquire::ftp::proxy \"${ftp_proxy}\";\n" ; \ + echo "Acquire::socks::proxy \"${socks_proxy}\";\n" ; \ echo "Acquire::http::Proxy::linux-ftp.ostc.intel.com DIRECT;\n" ; \ - echo "Acquire::http::Proxy::osgc.jf.intel.com DIRECT;\n" ; \ } > /etc/apt/apt.conf + # # Template from templates/ubuntu/08-intel-certs.in # @@ -85,8 +101,6 @@ ENV LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8 LC_ALL=en_US.UTF-8 # # Template from templates/ubuntu/20-repositories-intel-com.in # -FROM base AS graphics-base - # Once we have a signed repository: # # Update and install gpg-agent as it isn't in the base Ubuntu image and @@ -120,30 +134,33 @@ RUN echo "deb [trusted=yes arch=amd64] https://repositories.intel.com/graphics/u # # Template from templates/ubuntu/25-graphics-user.in # -# Create user 'graphics' and add them to 'sudo' for sudo access and set -# the passwd to 'graphics' +# Create user 'user' and add them to 'sudo' for sudo access and set +# the passwd to 'user' -FROM graphics-base AS user-stage +FROM xe-base-stage AS xe-user-stage RUN apt-get -q update \ && DEBIAN_FRONTEND=noninteractive \ - apt-get install --no-install-recommends -y \ - sudo \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} + && apt-get install --no-install-recommends -y \ + sudo # NOTE: Requires 'sudo' package to already be installed -RUN groupadd -r graphics \ -&& useradd --no-log-init \ - -s /bin/bash \ - -r -m \ - -g graphics \ - -G sudo \ - -p $(echo "graphics" | openssl passwd -stdin) graphics +RUN groupadd -r user \ + && useradd --no-log-init \ + -s /bin/bash \ + -r -m \ + -g user \ + -G sudo \ + -p $(echo "user" | openssl passwd -stdin) user # Set 'sudo' to NOPASSWD for all container users RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers +RUN apt-get clean \ + && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} + +USER user + # # Solution begins here (from Dockerfile.solution) # @@ -156,59 +173,71 @@ RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers # image isn't polluted with build artifacts # # NOTE: This image will only work with Ubuntu 19.04 (disco) and newer -FROM user-stage AS solution-build +FROM xe-user-stage AS solution-build + +USER root # Install git and build tools, clone ffmpeg, and get ready to build it RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get -q -y install \ + && DEBIAN_FRONTEND=noninteractive \ + && apt-get -q -y install \ git build-essential pkg-config -# Clone ffmpeg -# NOTE: This explicitly clones the FFMPEG_TAG_VERSION (see SOLUTIONS) -RUN git clone --depth 1 --branch n4.2.1 https://github.com/ffmpeg/ffmpeg /home/graphics/ffmpeg - -# Install all required common packages: +# Install all required Media common packages, broken out +# from the above command to highlight which packages are +# specific to media RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get -q -y install \ + && DEBIAN_FRONTEND=noninteractive \ + && apt-get -q -y install \ libva-dev$LIBVA_DEV_VERSION \ libmfx-dev$LIBMFX_DEV_VERSION \ libmfx1$LIBMFX1_VERSION \ - vainfo$VAINFO_VERSION \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + vainfo$VAINFO_VERSION ENV LIBVA_DRIVER_NAME=iHD +USER user + +# Clone ffmpeg +# NOTE: This explicitly clones the FFMPEG_TAG_VERSION (see SOLUTIONS) +RUN git clone --depth 1 --branch n4.2.1 https://github.com/ffmpeg/ffmpeg /home/user/ffmpeg + # Build FFmpeg -WORKDIR /home/graphics/ffmpeg +WORKDIR /home/user/ffmpeg RUN ./configure --arch=x86_64 --disable-yasm --enable-vaapi --enable-libmfx \ && make -j $(nproc --all) \ - && make install + && sudo make install -FROM user-stage +FROM xe-user-stage -ENV LIBVA_DRIVER_NAME=iHD +USER root # Update and install the Mesa, OpenCL, and Media from repositories.intel.com # # NOTE: libva requires libpciaccess0, however it doesn't depend on it # so explicitly install it. RUN apt-get -q update \ - && DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install \ + && DEBIAN_FRONTEND=noninteractive \ + && apt-get --no-install-recommends -q -y install \ intel-media-va-driver-non-free$INTEL_MEDIA_VA_DRIVER_NON_FREE_VERSION \ libva2$LIBVA2_VERSION \ libmfx1$LIBMFX1_VERSION \ vainfo$VAINFO_VERSION \ libpciaccess0 \ - pciutils \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + pciutils # Copy ffmpeg and ffprobe from build container COPY --from=solution-build /usr/local/bin/ /usr/local/bin/ -WORKDIR /home/graphics +RUN apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +ENV LIBVA_DRIVER_NAME=iHD + +USER user +WORKDIR /home/user + # # Standard ending begins here (from templates/ending.in) @@ -231,6 +260,6 @@ RUN { \ echo "PACKAGE_STREAM=disco" ; \ echo "OS_DISTRO=ubuntu" ; \ echo "OS_RELEASE=disco" ; \ -} > /assets/SOLUTION +} | sudo tee /assets/SOLUTION COPY MANIFEST /assets/ COPY Dockerfile /assets/Dockerfile diff --git a/Dockerfile.rhel-8.0 b/Dockerfile.rhel-8.0 index e5d1962..98f90d6 100644 --- a/Dockerfile.rhel-8.0 +++ b/Dockerfile.rhel-8.0 @@ -12,17 +12,45 @@ # # -# Template from templates/rhel/00-everything.in +# Template from templates/rhel/00-from.in # -FROM dockerv2-gfx-build.gfx-assets.intel.com/upstream/rhel:8.0.0 AS user-stage +# Pull internal RHEL image +FROM dockerv2-gfx-build.gfx-assets.intel.com/upstream/rhel:8.0.0 AS xe-base-stage + +# Flush cached package lists to prevent stale data +RUN dnf clean all + + +# +# Template from templates/rhel/05-intel-proxy.in +# +# Configure Intel proxy values + +ARG http_proxy="http://proxy-chain.intel.com:911/" +ARG https_proxy="http://proxy-chain.intel.com:912/" +ARG ftp_proxy="ftp://proxy-chain.intel.com:911/" +ARG socks_proxy="socks://proxy-chain.intel.com:1080/" +ARG no_proxy="localhost,*.*.intel.com" + +ENV http_proxy="${http_proxy}" +ENV https_proxy="${https_proxy}" +ENV no_proxy="${no_proxy}" +ENV ftp_proxy="${http_proxy}" +ENV socks_proxy="${socks_proxy}" + +ENV HTTP_PROXY="${http_proxy}" +ENV HTTPS_PROXY="${http_proxy}" +ENV NO_PROXY="${no_proxy}" # Configure DNF and YUM proxies -RUN echo "proxy=http://proxy-chain.intel.com:911" >> /etc/dnf/dnf.conf \ - && echo -e 'proxy=http://proxy-chain.intel.com:911\nno_proxy=.intel.com' >> /etc/yum.conf - -# Remove any pre-configured repositories -RUN rm -rf /etc/yum.repos.d/* +RUN { \ + echo "proxy=${http_proxy}" ; \ + echo "no_proxy=${no_proxy}" ; \ +} | tee -a /etc/dnf/dnf.conf /etc/yum.conf +# +# Template from templates/rhel/10-rhel-partner.in +# # Install the Red Hat partner repositories RUN { \ echo "[RHEL-8-appstream-partners]" ; \ @@ -181,12 +209,10 @@ RUN { \ echo "" ; \ } > /etc/yum.repos.d/RHEL-8-rt-intel-partner.repo -# Update package lists, and upgrade to the latest Red Hat packages -RUN dnf clean all \ - && dnf -y upgrade \ - && dnf clean all - -# repositories.intel.com specific content begins here +# +# Template from templates/rhel/20-repositories-intel-com.in +# +# repositories.intel.com content begins here # # Intel certificates which would allow internal signed certs to be # used are not being installed, so turn sslverify=0 on the @@ -211,8 +237,35 @@ RUN { \ echo "gpgcheck=0" ; \ } > /etc/yum.repos.d/intel-graphics.repo -# Disable proxy for Intel URLs -RUN echo "no_proxy=.jf.intel.com" >> /etc/yum.conf +# +# Template from templates/rhel/25-graphics-user.in +# +# Create user 'user' and add them to 'sudo' for sudo access and set +# the passwd to 'user' + +FROM xe-base-stage AS xe-user-stage + +RUN dnf install -y sudo + +# NOTE: Requires 'sudo' package to already be installed +RUN groupadd -r user \ + && useradd --no-log-init \ + -s /bin/bash \ + -r -m \ + -g user \ + -G sudo \ + -p $(echo "user" | openssl passwd -stdin) user + +# Set 'sudo' to NOPASSWD for all container users +RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers + +USER user + +# +# Template from templates/rhel/30-clean-up.in +# +# Clean dnf cache +RUN dnf clean all # # Solution begins here (from Dockerfile.solution.rhel-8.0) @@ -225,53 +278,60 @@ RUN echo "no_proxy=.jf.intel.com" >> /etc/yum.conf # image isn't polluted with build artifacts # # NOTE: This image will only work with Ubuntu 19.04 (disco) and newer -FROM user-stage AS solution-build +FROM xe-user-stage AS solution-build + +USER root # Install git and build tools, clone ffmpeg, and get ready to build it RUN dnf groupinstall -y 'Development Tools' -# Clone ffmpeg -# NOTE: This explicitly clones the FFMPEG_TAG_VERSION (see SOLUTIONS) -RUN git clone --depth 1 --branch n4.2.1 https://github.com/ffmpeg/ffmpeg /ffmpeg - # Install all required common packages: # Adapted from RUN dnf install -y \ libva-devel$LIBVA_DEV_VERSION \ intel-mediasdk-devel$INTEL_MEDIASDK_DEVEL_VERSION \ - libva-utils$LIBVA_UTILS_VERSION \ - && dnf clean all + libva-utils$LIBVA_UTILS_VERSION -ENV LIBVA_DRIVER_NAME=iHD +USER user + +# Clone ffmpeg +# NOTE: This explicitly clones the FFMPEG_TAG_VERSION (see SOLUTIONS) +RUN git clone --depth 1 --branch n4.2.1 https://github.com/ffmpeg/ffmpeg /home/user/ffmpeg # Build FFmpeg -WORKDIR /ffmpeg +WORKDIR /home/user/ffmpeg + +ENV LIBVA_DRIVER_NAME=iHD RUN ./configure --arch=x86_64 --disable-yasm --enable-vaapi --enable-libmfx \ && make -j $(nproc --all) \ - && make install + && sudo make install -FROM user-stage +FROM xe-user-stage -ENV LIBVA_DRIVER_NAME=iHD +USER root # Update and install the Mesa, OpenCL, and Media from repositories.intel.com # # NOTE: libva requires libpciaccess0, however it doesn't depend on it -# so explicitly install it. -# intel-media-va-driver-non-free$INTEL_MEDIA_VA_DRIVER_NON_FREE_VERSION \ +# so explicitly install it. RUN dnf install -y \ intel-media$INTEL_MEDIA_VERSION \ libva$LIBVA_VERSION \ intel-mediasdk$INTEL_MEDIASDK_VERSION \ libva-utils$LIBVA_UTILS_VERSION \ libpciaccess \ - pciutils \ - && dnf clean all + pciutils # Copy ffmpeg and ffprobe from build container COPY --from=solution-build /usr/local/bin/ /usr/local/bin/ +RUN dnf clean all + +ENV LIBVA_DRIVER_NAME=iHD + +USER user + # # Standard ending begins here (from templates/ending.in) # @@ -293,6 +353,6 @@ RUN { \ echo "PACKAGE_STREAM=8.0" ; \ echo "OS_DISTRO=rhel" ; \ echo "OS_RELEASE=8.0" ; \ -} > /assets/SOLUTION +} | sudo tee /assets/SOLUTION COPY MANIFEST /assets/ COPY Dockerfile.rhel-8.0 /assets/Dockerfile diff --git a/Dockerfile.solution b/Dockerfile.solution index f0ed32d..4b0306b 100644 --- a/Dockerfile.solution +++ b/Dockerfile.solution @@ -7,56 +7,68 @@ # image isn't polluted with build artifacts # # NOTE: This image will only work with Ubuntu 19.04 (disco) and newer -FROM user-stage AS solution-build +FROM xe-user-stage AS solution-build + +USER root # Install git and build tools, clone ffmpeg, and get ready to build it RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get -q -y install \ + && DEBIAN_FRONTEND=noninteractive \ + && apt-get -q -y install \ git build-essential pkg-config -# Clone ffmpeg -# NOTE: This explicitly clones the FFMPEG_TAG_VERSION (see SOLUTIONS) -RUN git clone --depth 1 --branch $FFMPEG_TAG_VERSION https://github.com/ffmpeg/ffmpeg /home/graphics/ffmpeg - -# Install all required common packages: +# Install all required Media common packages, broken out +# from the above command to highlight which packages are +# specific to media RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get -q -y install \ + && DEBIAN_FRONTEND=noninteractive \ + && apt-get -q -y install \ libva-dev$LIBVA_DEV_VERSION \ libmfx-dev$LIBMFX_DEV_VERSION \ libmfx1$LIBMFX1_VERSION \ - vainfo$VAINFO_VERSION \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + vainfo$VAINFO_VERSION ENV LIBVA_DRIVER_NAME=iHD +USER user + +# Clone ffmpeg +# NOTE: This explicitly clones the FFMPEG_TAG_VERSION (see SOLUTIONS) +RUN git clone --depth 1 --branch $FFMPEG_TAG_VERSION https://github.com/ffmpeg/ffmpeg /home/user/ffmpeg + # Build FFmpeg -WORKDIR /home/graphics/ffmpeg +WORKDIR /home/user/ffmpeg RUN ./configure --arch=x86_64 --disable-yasm --enable-vaapi --enable-libmfx \ && make -j $(nproc --all) \ - && make install + && sudo make install -FROM user-stage +FROM xe-user-stage -ENV LIBVA_DRIVER_NAME=iHD +USER root # Update and install the Mesa, OpenCL, and Media from repositories.intel.com # # NOTE: libva requires libpciaccess0, however it doesn't depend on it # so explicitly install it. RUN apt-get -q update \ - && DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install \ + && DEBIAN_FRONTEND=noninteractive \ + && apt-get --no-install-recommends -q -y install \ intel-media-va-driver-non-free$INTEL_MEDIA_VA_DRIVER_NON_FREE_VERSION \ libva2$LIBVA2_VERSION \ libmfx1$LIBMFX1_VERSION \ vainfo$VAINFO_VERSION \ libpciaccess0 \ - pciutils \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + pciutils # Copy ffmpeg and ffprobe from build container COPY --from=solution-build /usr/local/bin/ /usr/local/bin/ -WORKDIR /home/graphics +RUN apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +ENV LIBVA_DRIVER_NAME=iHD + +USER user +WORKDIR /home/user + diff --git a/Dockerfile.solution.rhel-8.0 b/Dockerfile.solution.rhel-8.0 index 3b8665a..be47bd5 100644 --- a/Dockerfile.solution.rhel-8.0 +++ b/Dockerfile.solution.rhel-8.0 @@ -6,49 +6,56 @@ # image isn't polluted with build artifacts # # NOTE: This image will only work with Ubuntu 19.04 (disco) and newer -FROM user-stage AS solution-build +FROM xe-user-stage AS solution-build + +USER root # Install git and build tools, clone ffmpeg, and get ready to build it RUN dnf groupinstall -y 'Development Tools' -# Clone ffmpeg -# NOTE: This explicitly clones the FFMPEG_TAG_VERSION (see SOLUTIONS) -RUN git clone --depth 1 --branch $FFMPEG_TAG_VERSION https://github.com/ffmpeg/ffmpeg /ffmpeg - # Install all required common packages: # Adapted from RUN dnf install -y \ libva-devel$LIBVA_DEV_VERSION \ intel-mediasdk-devel$INTEL_MEDIASDK_DEVEL_VERSION \ - libva-utils$LIBVA_UTILS_VERSION \ - && dnf clean all + libva-utils$LIBVA_UTILS_VERSION -ENV LIBVA_DRIVER_NAME=iHD +USER user + +# Clone ffmpeg +# NOTE: This explicitly clones the FFMPEG_TAG_VERSION (see SOLUTIONS) +RUN git clone --depth 1 --branch $FFMPEG_TAG_VERSION https://github.com/ffmpeg/ffmpeg /home/user/ffmpeg # Build FFmpeg -WORKDIR /ffmpeg +WORKDIR /home/user/ffmpeg + +ENV LIBVA_DRIVER_NAME=iHD RUN ./configure --arch=x86_64 --disable-yasm --enable-vaapi --enable-libmfx \ && make -j $(nproc --all) \ - && make install + && sudo make install -FROM user-stage +FROM xe-user-stage -ENV LIBVA_DRIVER_NAME=iHD +USER root # Update and install the Mesa, OpenCL, and Media from repositories.intel.com # # NOTE: libva requires libpciaccess0, however it doesn't depend on it -# so explicitly install it. -# intel-media-va-driver-non-free$INTEL_MEDIA_VA_DRIVER_NON_FREE_VERSION \ +# so explicitly install it. RUN dnf install -y \ intel-media$INTEL_MEDIA_VERSION \ libva$LIBVA_VERSION \ intel-mediasdk$INTEL_MEDIASDK_VERSION \ libva-utils$LIBVA_UTILS_VERSION \ libpciaccess \ - pciutils \ - && dnf clean all + pciutils # Copy ffmpeg and ffprobe from build container COPY --from=solution-build /usr/local/bin/ /usr/local/bin/ + +RUN dnf clean all + +ENV LIBVA_DRIVER_NAME=iHD + +USER user diff --git a/templates/centos/00-from.in b/templates/centos/00-from.in new file mode 100644 index 0000000..e80993b --- /dev/null +++ b/templates/centos/00-from.in @@ -0,0 +1,6 @@ +# Pull $OS_DISTRO from Docker Hub +FROM $OS_DISTRO:$OS_RELEASE as xe-base-stage + +# Flush cached package lists to prevent stale data +RUN dnf clean all + diff --git a/templates/centos/05-intel-proxy.in b/templates/centos/05-intel-proxy.in new file mode 100644 index 0000000..b4bae66 --- /dev/null +++ b/templates/centos/05-intel-proxy.in @@ -0,0 +1,23 @@ +# Configure Intel proxy values + +ARG http_proxy="http://proxy-chain.intel.com:911/" +ARG https_proxy="http://proxy-chain.intel.com:912/" +ARG ftp_proxy="ftp://proxy-chain.intel.com:911/" +ARG socks_proxy="socks://proxy-chain.intel.com:1080/" +ARG no_proxy="localhost,*.*.intel.com" + +ENV http_proxy="${http_proxy}" +ENV https_proxy="${https_proxy}" +ENV no_proxy="${no_proxy}" +ENV ftp_proxy="${http_proxy}" +ENV socks_proxy="${socks_proxy}" + +ENV HTTP_PROXY="${http_proxy}" +ENV HTTPS_PROXY="${http_proxy}" +ENV NO_PROXY="${no_proxy}" + +# Configure DNF and YUM proxies +RUN { \ + echo "proxy=${http_proxy}" ; \ + echo "no_proxy=${no_proxy}" ; \ +} | tee -a /etc/dnf/dnf.conf /etc/yum.conf diff --git a/templates/centos/00-everything.in b/templates/centos/20-repositories-intel-com.in similarity index 60% rename from templates/centos/00-everything.in rename to templates/centos/20-repositories-intel-com.in index dda38d7..4f5ca2c 100644 --- a/templates/centos/00-everything.in +++ b/templates/centos/20-repositories-intel-com.in @@ -1,15 +1,3 @@ -# Pull $OS_DISTRO from Docker Hub -FROM $OS_DISTRO:$OS_RELEASE as user-stage - -# Configure DNF and YUM proxies -RUN echo "proxy=http://proxy-chain.intel.com:911" >> /etc/dnf/dnf.conf \ - && echo -e 'proxy=http://proxy-chain.intel.com:911\nno_proxy=.intel.com' >> /etc/yum.conf - -# Update package lists, and upgrade to the latest Red Hat packages -RUN dnf clean all \ - && dnf -y upgrade \ - && dnf clean all - # repositories.intel.com content begins here # # Intel certificates which would allow internal signed certs to be @@ -34,6 +22,3 @@ RUN { \ echo "enabled=1" ; \ echo "gpgcheck=0" ; \ } > /etc/yum.repos.d/intel-graphics.repo - -# Disable proxy for Intel URLs -RUN echo "no_proxy=.jf.intel.com" >> /etc/yum.conf diff --git a/templates/centos/25-graphics-user.in b/templates/centos/25-graphics-user.in new file mode 100644 index 0000000..552a80f --- /dev/null +++ b/templates/centos/25-graphics-user.in @@ -0,0 +1,20 @@ +# Create user 'user' and add them to 'sudo' for sudo access and set +# the passwd to 'user' + +FROM xe-base-stage AS xe-user-stage + +RUN dnf install -y sudo + +# NOTE: Requires 'sudo' package to already be installed +RUN groupadd -r user \ + && useradd --no-log-init \ + -s /bin/bash \ + -r -m \ + -g user \ + -G sudo \ + -p $(echo "user" | openssl passwd -stdin) user + +# Set 'sudo' to NOPASSWD for all container users +RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers + +USER user diff --git a/templates/centos/30-clean-up.in b/templates/centos/30-clean-up.in new file mode 100644 index 0000000..946ead2 --- /dev/null +++ b/templates/centos/30-clean-up.in @@ -0,0 +1,2 @@ +# Clean dnf cache +RUN dnf clean all diff --git a/templates/ending.in b/templates/ending.in index 30c5c96..0d1e115 100644 --- a/templates/ending.in +++ b/templates/ending.in @@ -16,6 +16,6 @@ RUN { \ echo "PACKAGE_STREAM=${PACKAGE_STREAM}" ; \ echo "OS_DISTRO=${OS_DISTRO}" ; \ echo "OS_RELEASE=${OS_RELEASE}" ; \ -} > /assets/SOLUTION +} | sudo tee /assets/SOLUTION COPY MANIFEST /assets/ COPY ${DOCKERFILE} /assets/Dockerfile diff --git a/templates/rhel/00-from.in b/templates/rhel/00-from.in new file mode 100644 index 0000000..8a21fdf --- /dev/null +++ b/templates/rhel/00-from.in @@ -0,0 +1,6 @@ +# Pull internal RHEL image +FROM dockerv2-gfx-build.gfx-assets.intel.com/upstream/rhel:8.0.0 AS xe-base-stage + +# Flush cached package lists to prevent stale data +RUN dnf clean all + diff --git a/templates/rhel/05-intel-proxy.in b/templates/rhel/05-intel-proxy.in new file mode 100644 index 0000000..b4bae66 --- /dev/null +++ b/templates/rhel/05-intel-proxy.in @@ -0,0 +1,23 @@ +# Configure Intel proxy values + +ARG http_proxy="http://proxy-chain.intel.com:911/" +ARG https_proxy="http://proxy-chain.intel.com:912/" +ARG ftp_proxy="ftp://proxy-chain.intel.com:911/" +ARG socks_proxy="socks://proxy-chain.intel.com:1080/" +ARG no_proxy="localhost,*.*.intel.com" + +ENV http_proxy="${http_proxy}" +ENV https_proxy="${https_proxy}" +ENV no_proxy="${no_proxy}" +ENV ftp_proxy="${http_proxy}" +ENV socks_proxy="${socks_proxy}" + +ENV HTTP_PROXY="${http_proxy}" +ENV HTTPS_PROXY="${http_proxy}" +ENV NO_PROXY="${no_proxy}" + +# Configure DNF and YUM proxies +RUN { \ + echo "proxy=${http_proxy}" ; \ + echo "no_proxy=${no_proxy}" ; \ +} | tee -a /etc/dnf/dnf.conf /etc/yum.conf diff --git a/templates/rhel/00-everything.in b/templates/rhel/10-rhel-partner.in similarity index 87% rename from templates/rhel/00-everything.in rename to templates/rhel/10-rhel-partner.in index 5c32618..adab6cc 100644 --- a/templates/rhel/00-everything.in +++ b/templates/rhel/10-rhel-partner.in @@ -1,12 +1,3 @@ -FROM dockerv2-gfx-build.gfx-assets.intel.com/upstream/rhel:8.0.0 AS user-stage - -# Configure DNF and YUM proxies -RUN echo "proxy=http://proxy-chain.intel.com:911" >> /etc/dnf/dnf.conf \ - && echo -e 'proxy=http://proxy-chain.intel.com:911\nno_proxy=.intel.com' >> /etc/yum.conf - -# Remove any pre-configured repositories -RUN rm -rf /etc/yum.repos.d/* - # Install the Red Hat partner repositories RUN { \ echo "[RHEL-8-appstream-partners]" ; \ @@ -164,36 +155,3 @@ RUN { \ echo "skip_if_unavailable=1" ; \ echo "" ; \ } > /etc/yum.repos.d/RHEL-8-rt-intel-partner.repo - -# Update package lists, and upgrade to the latest Red Hat packages -RUN dnf clean all \ - && dnf -y upgrade \ - && dnf clean all - -# repositories.intel.com specific content begins here -# -# Intel certificates which would allow internal signed certs to be -# used are not being installed, so turn sslverify=0 on the -# repository. -# -# To install the certs would be something like: -# -# A. Copy ca certs to /etc/pki/ca-trust/source/anchors/ -# B. run update-ca-trust -# -# Once that is done, the 'sslverify=0' can be removed from -# the repository definition below. -# -# Add Intel Graphics repository -# -RUN { \ - echo "[intel-graphics]" ; \ - echo "name=Intel Graphics Drivers Repository" ; \ - echo "baseurl=${PACKAGE_REPOSITORY}/${OS_DISTRO}/${PACKAGE_STREAM}/" ; \ - echo "sslverify=0" ; \ - echo "enabled=1" ; \ - echo "gpgcheck=0" ; \ -} > /etc/yum.repos.d/intel-graphics.repo - -# Disable proxy for Intel URLs -RUN echo "no_proxy=.jf.intel.com" >> /etc/yum.conf diff --git a/templates/rhel/20-repositories-intel-com.in b/templates/rhel/20-repositories-intel-com.in new file mode 100644 index 0000000..4f5ca2c --- /dev/null +++ b/templates/rhel/20-repositories-intel-com.in @@ -0,0 +1,24 @@ +# repositories.intel.com content begins here +# +# Intel certificates which would allow internal signed certs to be +# used are not being installed, so turn sslverify=0 on the +# repository. +# +# To install the certs would be something like: +# +# A. Copy ca certs to /etc/pki/ca-trust/source/anchors/ +# B. run update-ca-trust +# +# Once that is done, the 'sslverify=0' can be removed from +# the repository definition below. +# +# Add Intel Graphics repository +# +RUN { \ + echo "[intel-graphics]" ; \ + echo "name=Intel Graphics Drivers Repository" ; \ + echo "baseurl=${PACKAGE_REPOSITORY}/${OS_DISTRO}/${PACKAGE_STREAM}/" ; \ + echo "sslverify=0" ; \ + echo "enabled=1" ; \ + echo "gpgcheck=0" ; \ +} > /etc/yum.repos.d/intel-graphics.repo diff --git a/templates/rhel/25-graphics-user.in b/templates/rhel/25-graphics-user.in new file mode 100644 index 0000000..552a80f --- /dev/null +++ b/templates/rhel/25-graphics-user.in @@ -0,0 +1,20 @@ +# Create user 'user' and add them to 'sudo' for sudo access and set +# the passwd to 'user' + +FROM xe-base-stage AS xe-user-stage + +RUN dnf install -y sudo + +# NOTE: Requires 'sudo' package to already be installed +RUN groupadd -r user \ + && useradd --no-log-init \ + -s /bin/bash \ + -r -m \ + -g user \ + -G sudo \ + -p $(echo "user" | openssl passwd -stdin) user + +# Set 'sudo' to NOPASSWD for all container users +RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers + +USER user diff --git a/templates/rhel/30-clean-up.in b/templates/rhel/30-clean-up.in new file mode 100644 index 0000000..946ead2 --- /dev/null +++ b/templates/rhel/30-clean-up.in @@ -0,0 +1,2 @@ +# Clean dnf cache +RUN dnf clean all diff --git a/templates/ubuntu/00-FROM.in b/templates/ubuntu/00-FROM.in index c061193..e6b66d0 100644 --- a/templates/ubuntu/00-FROM.in +++ b/templates/ubuntu/00-FROM.in @@ -1,3 +1,3 @@ # Pull from $OS_DISTRO on Docker Hub -FROM $OS_DISTRO:$OS_RELEASE AS graphics-base +FROM $OS_DISTRO:$OS_RELEASE AS xe-base-stage diff --git a/templates/ubuntu/05-intel-proxy.in b/templates/ubuntu/05-intel-proxy.in index 6ab17ae..261f78a 100644 --- a/templates/ubuntu/05-intel-proxy.in +++ b/templates/ubuntu/05-intel-proxy.in @@ -9,11 +9,27 @@ RUN { \ done \ } > /etc/apt/sources.list +ARG http_proxy="http://proxy-chain.intel.com:911/" +ARG https_proxy="http://proxy-chain.intel.com:912/" +ARG ftp_proxy="ftp://proxy-chain.intel.com:911/" +ARG socks_proxy="socks://proxy-chain.intel.com:1080/" +ARG no_proxy="localhost,*.*.intel.com" + +ENV http_proxy="${http_proxy}" +ENV https_proxy="${https_proxy}" +ENV no_proxy="${no_proxy}" +ENV ftp_proxy="${http_proxy}" +ENV socks_proxy="${socks_proxy}" + +ENV HTTP_PROXY="${http_proxy}" +ENV HTTPS_PROXY="${http_proxy}" +ENV NO_PROXY="${no_proxy}" + RUN { \ - echo "Acquire::http::proxy \"http://proxy-chain.intel.com:911/\";\n" ; \ - echo "Acquire::https::proxy \"http://proxy-chain.intel.com:912/\";\n" ; \ - echo "Acquire::ftp::proxy \"ftp://proxy-chain.intel.com:911/\";\n" ; \ - echo "Acquire::socks::proxy \"socks://proxy-chain.intel.com:1080/\";\n" ; \ + echo "Acquire::http::proxy \"${http_proxy}\";\n" ; \ + echo "Acquire::https::proxy \"${https_proxy}\";\n" ; \ + echo "Acquire::ftp::proxy \"${ftp_proxy}\";\n" ; \ + echo "Acquire::socks::proxy \"${socks_proxy}\";\n" ; \ echo "Acquire::http::Proxy::linux-ftp.ostc.intel.com DIRECT;\n" ; \ - echo "Acquire::http::Proxy::osgc.jf.intel.com DIRECT;\n" ; \ } > /etc/apt/apt.conf + diff --git a/templates/ubuntu/05-intel-proxy.in.orig b/templates/ubuntu/05-intel-proxy.in.orig deleted file mode 100644 index 3d1e238..0000000 --- a/templates/ubuntu/05-intel-proxy.in.orig +++ /dev/null @@ -1,9 +0,0 @@ -# Pre-install proxy configuration values -# -# This uses the linux-ftp.ostc.intel.com as a mirror. -RUN echo "Acquire::http::proxy \"http://proxy-chain.intel.com:911/\";\n" \ - "Acquire::https::proxy \"http://proxy-chain.intel.com:912/\";\n" \ - "Acquire::ftp::proxy \"ftp://proxy-chain.intel.com:911/\";\n" \ - "Acquire::socks::proxy \"socks://proxy-chain.intel.com:1080/\";\n" \ - "Acquire::http::Proxy::linux-ftp.ostc.intel.com DIRECT;\n" \ - "Acquire::http::Proxy::osgc.jf.intel.com DIRECT;\n" > /etc/apt/apt.conf diff --git a/templates/ubuntu/20-repositories-intel-com.in b/templates/ubuntu/20-repositories-intel-com.in index d64b695..56fbb67 100644 --- a/templates/ubuntu/20-repositories-intel-com.in +++ b/templates/ubuntu/20-repositories-intel-com.in @@ -1,5 +1,3 @@ -FROM base AS graphics-base - # Once we have a signed repository: # # Update and install gpg-agent as it isn't in the base Ubuntu image and diff --git a/templates/ubuntu/25-graphics-user.in b/templates/ubuntu/25-graphics-user.in index a63a8a8..1c15620 100644 --- a/templates/ubuntu/25-graphics-user.in +++ b/templates/ubuntu/25-graphics-user.in @@ -1,23 +1,26 @@ -# Create user 'graphics' and add them to 'sudo' for sudo access and set -# the passwd to 'graphics' +# Create user 'user' and add them to 'sudo' for sudo access and set +# the passwd to 'user' -FROM graphics-base AS user-stage +FROM xe-base-stage AS xe-user-stage RUN apt-get -q update \ && DEBIAN_FRONTEND=noninteractive \ - apt-get install --no-install-recommends -y \ - sudo \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} + && apt-get install --no-install-recommends -y \ + sudo # NOTE: Requires 'sudo' package to already be installed -RUN groupadd -r graphics \ -&& useradd --no-log-init \ - -s /bin/bash \ - -r -m \ - -g graphics \ - -G sudo \ - -p $(echo "graphics" | openssl passwd -stdin) graphics +RUN groupadd -r user \ + && useradd --no-log-init \ + -s /bin/bash \ + -r -m \ + -g user \ + -G sudo \ + -p $(echo "user" | openssl passwd -stdin) user # Set 'sudo' to NOPASSWD for all container users RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers + +RUN apt-get clean \ + && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} + +USER user