annotate docker/backend-dev/Dockerfile @ 4212:5f2d496c633f

core: get rid of `pickle`: Use of `pickle` to serialise data was a technical legacy that was causing trouble to store in database, to update (if a class was serialised, a change could break update), and to security (pickle can lead to code execution). This patch remove all use of Pickle in favour in JSON, notably: - for caching data, a Pydantic model is now used instead - for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation - in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and `to_dict` method have been implemented to do serialisation. - new methods to (de)serialise data can now be specified with Identity data types. It is notably used to (de)serialise `path` of avatars. A migration script has been created to convert data (for upgrade or downgrade), with special care for XEP-0373 case. Depending of size of database, this migration script can be long to run. rel 443
author Goffi <goffi@goffi.org>
date Fri, 23 Feb 2024 13:31:04 +0100
parents 5a835b320726
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4188
5a835b320726 docker (backend-dev): update Debian version + getting OMEMO related packages from git is not necessary anymore
Goffi <goffi@goffi.org>
parents: 3940
diff changeset
1 FROM debian:bookworm-slim
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
2
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
3 LABEL maintainer="Goffi <tmp_dockerfiles@goffi.org>"
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
4
3641
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
5 ARG REVISION
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
6 ARG DEBIAN_FRONTEND=noninteractive
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
7
3641
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
8 RUN echo "Building image for Libervia ${REVISION:-dev}" && \
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
9 apt-get update && apt-get upgrade -y && \
3940
512487ce3579 docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents: 3767
diff changeset
10 apt-get install -y --no-install-recommends locales python3-dev python3-venv python3-wheel mercurial libxml2-dev libxslt-dev libcairo2-dev libjpeg-dev libgirepository1.0-dev libdbus-1-dev libdbus-glib-1-dev dbus-x11 cmake python3-gpg git && \
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
11 \
3641
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
12 # will be used to put many Libervia specific data
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
13 mkdir -p /usr/share/libervia/certificates && \
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
14 addgroup tls-cert --gid 9999 && \
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
15 chown :tls-cert /usr/share/libervia/certificates && \
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
16 chmod 2770 /usr/share/libervia/certificates && \
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
17 # it's better to have a dedicated user
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
18 useradd -m libervia && adduser libervia tls-cert && \
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
19 # we'll put all source there to have an easy mount point
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
20 mkdir /src && chown libervia:libervia /src && \
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
21 \
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
22 # we need UTF-8 locale
3641
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
23 sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen && locale-gen
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
24
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
25 ENV LC_ALL en_US.UTF-8
3641
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
26 ENV DOCKER_LIBERVIA_REV=${REVISION:-dev}
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
27
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
28 COPY --chown=root:root session.conf /usr/share/dbus-1/session.conf
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
29
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
30 WORKDIR /home/libervia
3940
512487ce3579 docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents: 3767
diff changeset
31
512487ce3579 docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents: 3767
diff changeset
32 RUN apt-get install -y --no-install-recommends libsodium-dev
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
33 USER libervia
3940
512487ce3579 docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents: 3767
diff changeset
34 RUN python3 -m venv --system-site-packages libervia_env && libervia_env/bin/pip install -U pip wheel
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
35
3940
512487ce3579 docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents: 3767
diff changeset
36 RUN cd /src && \
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
37 # We install thoses packages in editable mode, so we can replace them easily with volumes.
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
38 # We need to move *.egg-info (generated by pip) out of src dirs, otherwise mounting
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
39 # local repos without it them cause troubles
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
40 hg clone https://repos.goffi.org/urwid-satext && ~/libervia_env/bin/pip install -e urwid-satext && \
3690
1680eec4cbfd docker: use `@` instead of `tip` for dev images:
Goffi <goffi@goffi.org>
parents: 3647
diff changeset
41 hg clone https://repos.goffi.org/sat_tmp -u "${REVISION:-@}" && ~/libervia_env/bin/pip install -e sat_tmp && \
3641
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
42 hg clone https://repos.goffi.org/libervia-templates && ~/libervia_env/bin/pip install -e libervia-templates && \
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
43 hg clone https://repos.goffi.org/libervia-media && \
3690
1680eec4cbfd docker: use `@` instead of `tip` for dev images:
Goffi <goffi@goffi.org>
parents: 3647
diff changeset
44 hg clone https://repos.goffi.org/libervia-backend -u "${REVISION:-@}" && ~/libervia_env/bin/pip install -e 'libervia-backend[SVG]' && \
3641
0ffaa231138c docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents: 3613
diff changeset
45 mkdir -p /home/libervia/.local/share/libervia
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
46
3767
fd3fe346a14a docker (backend-dev): move dbus unix socket:
Goffi <goffi@goffi.org>
parents: 3730
diff changeset
47 ENV DBUS_SESSION_BUS_ADDRESS="tcp:host=backend,port=55555,family=ipv4;unix:path=/home/libervia/.local/share/dbus_socket"
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
48 ENV PATH=/home/libervia/libervia_env/bin:$PATH
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
49
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
50 COPY --chown=root:root libervia.conf /etc/_libervia.conf
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
51 COPY --chown=libervia:libervia scripts/entrypoint.sh /home/libervia/
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
52
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3445
diff changeset
53 ENTRYPOINT ["/home/libervia/entrypoint.sh"]