diff options
| author | Martin Roth <gaumless@gmail.com> | 2023-07-31 09:33:03 -0600 |
|---|---|---|
| committer | Felix Singer <service+coreboot-gerrit@felixsinger.de> | 2023-08-21 17:05:29 +0000 |
| commit | 1e193d01eab07641cc955dc815a28b7fa11e3667 (patch) | |
| tree | 518bf9a542b8d2d037fad516cee17a80844d9799 /util/docker | |
| parent | 50a09cfe8a64c7162dc3c4377c86295031db882e (diff) | |
util/docker/jenkins-node: Don't install python modules as root
When installing the python modules with pip3 as root, the installer
throws a lot of warnings about conflicts and recommends that it not
be run that way. This change installs the python modules as the
coreboot user instead. The --break-system-packages argument can now
be removed.
It takes along some other changes made to the coreboot home directory
which also don't need to be run as root, and now adds the .local/bin
directory into the path.
The trailing docker PATH configuration is discarded as cleanup - it
doesn't have any effect. Nothing uses it in the Dockerfile, and it
doesn't end up updating the path, which is set by /etc/profile.
Change-Id: Ie8273009bb527e267584bba84504191aa7294ca3
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76855
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'util/docker')
| -rw-r--r-- | util/docker/coreboot-jenkins-node/Dockerfile | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/util/docker/coreboot-jenkins-node/Dockerfile b/util/docker/coreboot-jenkins-node/Dockerfile index 50ff0daa77..de1ccbd866 100644 --- a/util/docker/coreboot-jenkins-node/Dockerfile +++ b/util/docker/coreboot-jenkins-node/Dockerfile @@ -38,25 +38,8 @@ RUN apt-get -y update && \ python3-pyrsistent \ swig \ && apt-get clean \ - && pip3 install --upgrade --no-cache-dir --break-system-packages pip \ - && pip3 install --no-cache-dir --break-system-packages \ - setuptools==58.2.0 \ - jinja2==3.0.3 \ - recommonmark===0.5.0 \ - sphinx===1.8.3 \ - sphinxcontrib-ditaa===0.6 \ - sphinx_autobuild===0.7.1 \ - sphinx_rtd_theme===0.4.2 \ && gem install mdl -# Because of the way that the variables are being replaced, docker's 'COPY' -# command does not work -RUN mkdir -p /home/coreboot/.ssh && \ - echo "{{SSH_KEY}}" > /home/coreboot/.ssh/authorized_keys && \ - chown -R coreboot:coreboot /home/coreboot/.ssh && \ - chmod 0700 /home/coreboot/.ssh && \ - chmod 0600 /home/coreboot/.ssh/authorized_keys - RUN mkdir /var/run/sshd && \ chmod 0755 /var/run/sshd && \ /usr/bin/ssh-keygen -A @@ -85,4 +68,20 @@ ENTRYPOINT mount /cb-build && \ chown coreboot:coreboot /home/coreboot/.ccache && \ /usr/sbin/sshd -p 49151 -D EXPOSE 49151 -ENV PATH $PATH:/usr/sbin + +USER coreboot +ENV PATH=$PATH:/home/coreboot/.local/bin +RUN echo "export PATH=$PATH:/opt/xgcc/bin" >> /home/coreboot/.bashrc && \ + pip3 install --upgrade --no-cache-dir pip \ + && pip3 install --no-cache-dir \ + setuptools==58.2.0 \ + jinja2==3.0.3 \ + recommonmark===0.5.0 \ + sphinx===1.8.3 \ + sphinxcontrib-ditaa===0.6 \ + sphinx_autobuild===0.7.1 \ + sphinx_rtd_theme===0.4.2 \ + && mkdir -p /home/coreboot/.ssh && \ + echo "{{SSH_KEY}}" > /home/coreboot/.ssh/authorized_keys && \ + chmod 0700 /home/coreboot/.ssh && \ + chmod 0600 /home/coreboot/.ssh/authorized_keys |