125 lines
4.4 KiB
Docker
125 lines
4.4 KiB
Docker
# Start with an the old-ish bullseye release (11.2), then upgrade --
|
|
# to make sure packages that come pre-installed in the debian:XXX image
|
|
# are older than anything in StarlingX.
|
|
ARG RELEASE=11.2
|
|
FROM debian:${RELEASE}
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
# Install latest ca-certificates
|
|
RUN apt-get -y update && \
|
|
apt-get -y --no-install-recommends --no-install-suggests install ca-certificates
|
|
|
|
# Disable upstream debian repos
|
|
RUN mv /etc/apt/sources.list /etc/apt/sources.list.disabled
|
|
|
|
# Install apt repos
|
|
COPY apt/debian.sources.list /etc/apt/sources.list.d/debian.list.disabled
|
|
COPY apt/stx.sources.list /etc/apt/sources.list.d/stx.list.disabled
|
|
COPY apt/stx.preferences /etc/apt/preferences.d/stx
|
|
|
|
# Install layer-specific binary repositories.
|
|
# Note: They are all supposed to be disabled by default, but can be optionally
|
|
# enabled if it is necessary to build an image that requires
|
|
# dependencies that are in repositories not listed in `stx.sources.list`.
|
|
COPY apt/*.layer.sources.list /etc/apt/sources.list.d/
|
|
RUN for layer in /etc/apt/sources.list.d/*.layer.sources.list; do \
|
|
mv "${layer}" "$(echo "${layer}" | sed s/.layer.sources.list/.list.disabled/)"; \
|
|
done
|
|
|
|
# repo templates:
|
|
# /etc/apt/sources.list.d/
|
|
# debian.list.disabled - vanilla debian repos
|
|
# stx.list.disabled - starlingx binary & build repos
|
|
#
|
|
# To enable a repo list:
|
|
# cp /etc/apt/sources.list.d/$repo_list.disabled \
|
|
# /etc/apt/sources.list.d/$repo_list
|
|
#
|
|
# To disable a repo list:
|
|
# rm -f /etc/apt/sources.list.d/$repo_list
|
|
#
|
|
# By default only stx.list is enabled, which includes only the packages
|
|
# built by stx tools, and the binary packages from the curated binary
|
|
# download lists (bullseye-base.lst etc).
|
|
#
|
|
# Enabling the upstream repos ("debian.list") is dangerous because it
|
|
# may conflict with packages in stx.list.
|
|
#
|
|
#
|
|
# FIXME: apt evaluates these files in alphabetical order, so stx.list
|
|
# comes after debian.list. When the local binary repo contains
|
|
# the same package/version as the debian repo, apt will download
|
|
# it from debian, regardless of the priority in /etc/apt/preferences.
|
|
# We should rename these files to make stx.list sort before
|
|
# debian.list. This would affect Loci scripts in
|
|
# loci/docker/stx-scripts/
|
|
#
|
|
|
|
#
|
|
# Upgrade base packages to versions in managed repos
|
|
#
|
|
RUN cp -f /etc/apt/sources.list.d/stx.list.disabled /etc/apt/sources.list.d/stx.list && \
|
|
apt-get -y update && \
|
|
apt-get -y upgrade && \
|
|
rm -f /etc/apt/sources.list.d/stx.list && \
|
|
apt-get clean && rm -rf /var/lib/apt/lists/*
|
|
|
|
#
|
|
# Install packages provided only by debian.
|
|
# FIXME: move these packages + their dependencies to debian download lists in
|
|
# starlingx/tools to avoid referencing the debian repo at all.
|
|
#
|
|
RUN cp -f /etc/apt/sources.list.d/debian.list.disabled /etc/apt/sources.list.d/debian.list && \
|
|
cp -f /etc/apt/sources.list.d/stx.list.disabled /etc/apt/sources.list.d/stx.list && \
|
|
apt-get update -y && \
|
|
apt-get install -y \
|
|
libapache2-mod-wsgi-py3 \
|
|
python3-setuptools \
|
|
build-essential \
|
|
&& \
|
|
rm -f /etc/apt/sources.list.d/debian.list && \
|
|
rm -f /etc/apt/sources.list.d/stx.list && \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
#
|
|
# Enable stx repo only. Packages installs below this point will use
|
|
# only the managed locally-built & 3rd-party repos.
|
|
#
|
|
RUN cp /etc/apt/sources.list.d/stx.list.disabled /etc/apt/sources.list.d/stx.list
|
|
|
|
#
|
|
# Install required packages
|
|
#
|
|
RUN apt-get update -y && \
|
|
apt-get upgrade -y && \
|
|
apt-get install -y \
|
|
openssh-client \
|
|
python3 \
|
|
python3-pip \
|
|
python3-wheel \
|
|
# FIXME: uncomment once qemu is ported to debian (starlingx/integ)
|
|
# qemu-utils \
|
|
&& \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# FIXME: these packages are not required by most docker images inheriting
|
|
# from this image. However these Python modules are not buildable from
|
|
# source (ie by pip) on Debian and require patches. Install the patched
|
|
# versions as DEB packages to make sure pip dependencies in derived images
|
|
# are satisfied.
|
|
#
|
|
# A better solution would be to omit them here, but install them in each
|
|
# project that requires them; or add wheel subpackages to these DEBs.
|
|
RUN apt-get update -y && \
|
|
apt-get upgrade -y && \
|
|
apt-get install -y \
|
|
python3-thriftpy \
|
|
python3-nss \
|
|
python-nss \
|
|
&& \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/*
|