From 1e193d01eab07641cc955dc815a28b7fa11e3667 Mon Sep 17 00:00:00 2001 From: Martin Roth Date: Mon, 31 Jul 2023 09:33:03 -0600 Subject: util/docker/jenkins-node: Don't install python modules as root When installing the python modules with pip3 as root, the installer throws a lot of warnings about conflicts and recommends that it not be run that way. This change installs the python modules as the coreboot user instead. The --break-system-packages argument can now be removed. It takes along some other changes made to the coreboot home directory which also don't need to be run as root, and now adds the .local/bin directory into the path. The trailing docker PATH configuration is discarded as cleanup - it doesn't have any effect. Nothing uses it in the Dockerfile, and it doesn't end up updating the path, which is set by /etc/profile. Change-Id: Ie8273009bb527e267584bba84504191aa7294ca3 Signed-off-by: Martin Roth Reviewed-on: https://review.coreboot.org/c/coreboot/+/76855 Reviewed-by: Felix Singer Tested-by: build bot (Jenkins) --- util/docker/coreboot-jenkins-node/Dockerfile | 35 ++++++++++++++-------------- 1 file changed, 17 insertions(+), 18 deletions(-) (limited to 'util/docker/coreboot-jenkins-node') diff --git a/util/docker/coreboot-jenkins-node/Dockerfile b/util/docker/coreboot-jenkins-node/Dockerfile index 50ff0daa77..de1ccbd866 100644 --- a/util/docker/coreboot-jenkins-node/Dockerfile +++ b/util/docker/coreboot-jenkins-node/Dockerfile @@ -38,25 +38,8 @@ RUN apt-get -y update && \ python3-pyrsistent \ swig \ && apt-get clean \ - && pip3 install --upgrade --no-cache-dir --break-system-packages pip \ - && pip3 install --no-cache-dir --break-system-packages \ - setuptools==58.2.0 \ - jinja2==3.0.3 \ - recommonmark===0.5.0 \ - sphinx===1.8.3 \ - sphinxcontrib-ditaa===0.6 \ - sphinx_autobuild===0.7.1 \ - sphinx_rtd_theme===0.4.2 \ && gem install mdl -# Because of the way that the variables are being replaced, docker's 'COPY' -# command does not work -RUN mkdir -p /home/coreboot/.ssh && \ - echo "{{SSH_KEY}}" > /home/coreboot/.ssh/authorized_keys && \ - chown -R coreboot:coreboot /home/coreboot/.ssh && \ - chmod 0700 /home/coreboot/.ssh && \ - chmod 0600 /home/coreboot/.ssh/authorized_keys - RUN mkdir /var/run/sshd && \ chmod 0755 /var/run/sshd && \ /usr/bin/ssh-keygen -A @@ -85,4 +68,20 @@ ENTRYPOINT mount /cb-build && \ chown coreboot:coreboot /home/coreboot/.ccache && \ /usr/sbin/sshd -p 49151 -D EXPOSE 49151 -ENV PATH $PATH:/usr/sbin + +USER coreboot +ENV PATH=$PATH:/home/coreboot/.local/bin +RUN echo "export PATH=$PATH:/opt/xgcc/bin" >> /home/coreboot/.bashrc && \ + pip3 install --upgrade --no-cache-dir pip \ + && pip3 install --no-cache-dir \ + setuptools==58.2.0 \ + jinja2==3.0.3 \ + recommonmark===0.5.0 \ + sphinx===1.8.3 \ + sphinxcontrib-ditaa===0.6 \ + sphinx_autobuild===0.7.1 \ + sphinx_rtd_theme===0.4.2 \ + && mkdir -p /home/coreboot/.ssh && \ + echo "{{SSH_KEY}}" > /home/coreboot/.ssh/authorized_keys && \ + chmod 0700 /home/coreboot/.ssh && \ + chmod 0600 /home/coreboot/.ssh/authorized_keys -- cgit v1.2.3