From f3991efea35deadf6330b7f94b286463d5883f66 Mon Sep 17 00:00:00 2001
From: "James P. Ketrenos" <james.p.ketrenos@intel.com>
Date: Thu, 6 Jan 2022 13:51:51 -0800
Subject: [PATCH] Updated to latest xe-solutions

Signed-off-by: James P. Ketrenos <james.p.ketrenos@intel.com>
---
 Dockerfile                         | 168 ++++++++++++++++++-----------
 assets/entry                       |   2 +-
 scripts/promote-image.sh           |   1 -
 templates/ubuntu/18-create-user.in |   2 +
 4 files changed, 109 insertions(+), 64 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c8cb0db..4903647 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,19 +14,29 @@
 #
 
 #
-# Template from templates/centos/00-from.in
+# Template from templates/ubuntu/00-from.in
 #
-# Pull centos from Docker Hub
-FROM amr-registry.caas.intel.com/vtt-osgc/os/centos:8.2 as xe-base-stage
-
-# Flush cached package lists to prevent stale data
-RUN dnf clean all
+# Pull from ubuntu on Docker Hub
+FROM amr-registry.caas.intel.com/cache/library/ubuntu:21.10 AS xe-base-stage
 
 
 #
-# Template from templates/centos/05-intel-proxy.in
+# Template from templates/ubuntu/05-intel-proxy.in
 #
-# Configure Intel proxy values
+# Pre-install proxy configuration values
+#
+# This uses the linux-ftp.ostc.intel.com as a mirror.
+RUN { \
+  for suite in 21.10 21.10-updates 21.10-security 21.10-backports; do \
+    for component in main restricted universe multiverse; do \
+      echo "deb http://linux-ftp.ostc.intel.com/pub/mirrors/ubuntu ${suite} ${component}" ; \
+    done \
+  done \
+} > /dev/null
+#/etc/apt/sources.list
+
+# Retry downloads up to 100 times to work around linux-ftp issue...
+RUN echo 'APT::Acquire::Retries "100";' > /etc/apt/apt.conf.d/80-retries
 
 ARG http_proxy="http://proxy-chain.intel.com:911/"
 ARG https_proxy="http://proxy-chain.intel.com:912/"
@@ -44,78 +54,112 @@ ENV HTTP_PROXY="${http_proxy}"
 ENV HTTPS_PROXY="${http_proxy}"
 ENV NO_PROXY="${no_proxy}"
 
-# Configure DNF and YUM proxies
 RUN { \
-  echo "proxy=${http_proxy}" ; \
-  echo "no_proxy=${no_proxy}" ; \
-} | tee -a /etc/dnf/dnf.conf /etc/yum.conf
-
-#
-# Template from templates/centos/15-upgrade.in
-#
-# Update package lists, and upgrade to the latest packages
-#
-# Failure to do this will result in GPG errors later
-RUN dnf clean all \
-  && dnf -y upgrade
+  echo "Acquire::http::proxy \"${http_proxy}\";\n" ; \
+  echo "Acquire::https::proxy \"${https_proxy}\";\n" ; \
+  echo "Acquire::ftp::proxy \"${ftp_proxy}\";\n" ; \
+  echo "Acquire::socks::proxy \"${socks_proxy}\";\n" ; \
+  echo "Acquire::http::Proxy::linux-ftp.ostc.intel.com DIRECT;\n" ; \
+} > /etc/apt/apt.conf
 
 
 #
-# Template from templates/centos/18-create-user.in
+# Template from templates/ubuntu/08-intel-certs.in
 #
-# Create user 'user' and add them to 'wheel' for sudo access and set
+# Install Intel CA5A cert so Intel certs are recognized
+
+RUN apt-get -q update \
+  && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
+    ca-certificates \
+    wget \
+    unzip \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} \
+  && mkdir -p /usr/local/share/ca-certificates \
+  && wget -qO tmp.zip http://certificates.intel.com/repository/certificates/IntelSHA2RootChain-Base64.zip \
+     && unzip tmp.zip -d /usr/local/share/ca-certificates \
+     && rm tmp.zip \
+  && wget -qO tmp.zip http://certificates.intel.com/repository/certificates/Intel%20Root%20Certificate%20Chain%20Base64.zip \
+     && unzip tmp.zip -d /usr/local/share/ca-certificates \
+     && rm tmp.zip \
+  && apt-get remove -y wget unzip \
+  && update-ca-certificates --fresh
+
+
+#
+# Template from templates/ubuntu/10-default-packages.in
+#
+# Update the repo lists and then install things using the internal
+# sources. Packages used by many developers are pulled into this image
+# but we do want it to be relatively small.
+#
+# NOTE: We use DEBIAN_FRONTEND=noninteractive to prevent krb5-user from
+#       trying to prompt for configuration details during install.
+RUN apt-get -q update \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends -q \
+    locales \
+    software-properties-common
+
+# Set up locales
+RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8 LC_ALL=en_US.UTF-8
+
+#
+# Template from templates/ubuntu/18-create-user.in
+#
+# Create user 'user' and add them to 'sudo' for sudo access and set
 # the passwd to 'user'
 
 FROM xe-base-stage AS xe-user-stage
 
-# CentOS doesn't provide openssl by default. Red Hat does.
-RUN dnf install -y sudo openssl
+RUN apt-get -q update \
+  && DEBIAN_FRONTEND=noninteractive \
+  && apt-get install --no-install-recommends -y \
+      sudo
+
+ARG USER_UID=1000
+ARG USER_GID=1000
+
+RUN echo "Creating 'user': $USER_UID:$USER_GID"
 
 # NOTE: Requires 'sudo' package to already be installed
-RUN groupadd -r user \
+RUN groupadd -g $USER_GID user \
   && useradd --no-log-init \
     -s /bin/bash \
-    -r -m \
+    -m \
+    -u $USER_UID \
     -g user \
-    -G wheel,video \
+    -G sudo,video \
     -p $(echo "user" | openssl passwd -stdin) user
 
-# Set 'wheel' to NOPASSWD for all container users
-RUN sed -i -e 's,%wheel.*,%wheel ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers
+# Set 'sudo' to NOPASSWD for all container users
+RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers
+
+RUN apt-get clean \
+  && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log}
 
 #
-# Template from templates/centos/20-repositories-intel-com.in
+# Template from templates/ubuntu/20-repositories-intel-com.in
 #
-# repositories.intel.com content begins here
+# Update and install wget and gpg-agent as it isn't in the base Ubuntu
+# image and is needed for apt-key
 #
-# Intel certificates which would allow internal signed certs to be
-# used are not being installed, so turn sslverify=0 on the 
-# repository.
-#
-# To install the certs would be something like:
-#
-# A. Copy ca certs to /etc/pki/ca-trust/source/anchors/
-# B. run update-ca-trust
-#
-# Once that is done, the 'sslverify=0' can be removed from 
-# the repository definition below.
-#
-# Add Intel Graphics repository
-#
-RUN { \
-  echo "[intel-graphics]" ; \
-  echo "name=Intel Graphics Drivers Repository" ; \
-  echo "baseurl=https://osgc.jf.intel.com/internal/${PACKAGE_DISTRO}/focal-prerelease-untested/" ; \
-  echo "sslverify=0" ; \
-  echo "enabled=1" ; \
-  echo "gpgcheck=0" ; \
-} > /etc/yum.repos.d/intel-graphics.repo
+RUN apt-get -q update \
+  && DEBIAN_FRONTEND=noninteractive \
+    apt-get --no-install-recommends -q -y install \
+      wget \
+      gpg-agent
 
+# Fetch and install the signing key for https://repositories.intel.com/graphics
 #
-# Template from templates/centos/30-clean-up.in
-#
-# Clean dnf cache
-RUN dnf clean all
+RUN wget -qO - https://repositories.intel.com/graphics/intel-graphics.key | apt-key add -
+RUN apt-add-repository \
+  'deb [arch=amd64] https://repositories.intel.com/graphics/ubuntu focal main'
+
+# Cleanup
+#RUN apt-get remove -y wget \
+#  && apt-get clean \
+#  && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log}
 
 #
 # Template from templates/99-env.in
@@ -123,10 +167,10 @@ RUN dnf clean all
 # Configure ENV variables which are set by scripts/build-dockerfile.sh
 # and available in the container for use in assets/entry
 
-ENV GPGPU_PACKAGE_REPOSITORY "https://osgc.jf.intel.com/internal"
-ENV GPGPU_PACKAGE_STREAM "focal-prerelease-untested"
-ENV GPGPU_PACKAGE_DISTRO "centos"
-ENV GPGPU_PACKAGE_DISTRO_RELEASE "8.2"
+ENV GPGPU_PACKAGE_REPOSITORY "https://repositories.intel.com/graphics"
+ENV GPGPU_PACKAGE_STREAM "focal"
+ENV GPGPU_PACKAGE_DISTRO "ubuntu"
+ENV GPGPU_PACKAGE_DISTRO_RELEASE "21.10"
 
 USER user
 
diff --git a/assets/entry b/assets/entry
index 001e533..2240cae 100755
--- a/assets/entry
+++ b/assets/entry
@@ -108,7 +108,7 @@ arguments=("${arguments[@]:1}")
 # Build up the set of supported commands, including
 # on the built-in 'info', 'help', 'version', and 'shell'
 commands=(info help version shell)
-for file in assets/commands/*; do
+for file in /assets/commands/*; do
   [[ -x "${file}" ]] && commands+=("${file}")
 done
 
diff --git a/scripts/promote-image.sh b/scripts/promote-image.sh
index c43aff0..79ec495 100755
--- a/scripts/promote-image.sh
+++ b/scripts/promote-image.sh
@@ -86,7 +86,6 @@ RESULTS=$(delete_tag vtt-osgc solutions/${CONTAINER} ${TAG})
 
 if echo ${RESULTS} | grep -q "HTTP.*200"; then
   echo "Tag deleted successfully."
-  break
 else
   echo "Error deleting tag:" >&2
   echo "${RESULTS}" >&2
diff --git a/templates/ubuntu/18-create-user.in b/templates/ubuntu/18-create-user.in
index 13f1d22..afff37a 100644
--- a/templates/ubuntu/18-create-user.in
+++ b/templates/ubuntu/18-create-user.in
@@ -26,5 +26,7 @@ RUN groupadd -g $USER_GID user \
 # Set 'sudo' to NOPASSWD for all container users
 RUN sed -i -e 's,%sudo.*,%sudo ALL=(ALL) NOPASSWD:ALL,g' /etc/sudoers
 
+RUN echo "Defaults !env_reset" >> /etc/sudoers
+
 RUN apt-get clean \
   && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log}