Mercurial > libervia-backend
annotate docker/backend-dev/Dockerfile @ 4212:5f2d496c633f
core: get rid of `pickle`:
Use of `pickle` to serialise data was a technical legacy that was causing trouble to store
in database, to update (if a class was serialised, a change could break update), and to
security (pickle can lead to code execution).
This patch remove all use of Pickle in favour in JSON, notably:
- for caching data, a Pydantic model is now used instead
- for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation
- in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and
`to_dict` method have been implemented to do serialisation.
- new methods to (de)serialise data can now be specified with Identity data types. It is
notably used to (de)serialise `path` of avatars.
A migration script has been created to convert data (for upgrade or downgrade), with
special care for XEP-0373 case. Depending of size of database, this migration script can
be long to run.
rel 443
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 23 Feb 2024 13:31:04 +0100 |
parents | 5a835b320726 |
children |
rev | line source |
---|---|
4188
5a835b320726
docker (backend-dev): update Debian version + getting OMEMO related packages from git is not necessary anymore
Goffi <goffi@goffi.org>
parents:
3940
diff
changeset
|
1 FROM debian:bookworm-slim |
3381 | 2 |
3 LABEL maintainer="Goffi <tmp_dockerfiles@goffi.org>" | |
4 | |
3641
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
5 ARG REVISION |
3381 | 6 ARG DEBIAN_FRONTEND=noninteractive |
7 | |
3641
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
8 RUN echo "Building image for Libervia ${REVISION:-dev}" && \ |
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
9 apt-get update && apt-get upgrade -y && \ |
3940
512487ce3579
docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents:
3767
diff
changeset
|
10 apt-get install -y --no-install-recommends locales python3-dev python3-venv python3-wheel mercurial libxml2-dev libxslt-dev libcairo2-dev libjpeg-dev libgirepository1.0-dev libdbus-1-dev libdbus-glib-1-dev dbus-x11 cmake python3-gpg git && \ |
3381 | 11 \ |
3641
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
12 # will be used to put many Libervia specific data |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
13 mkdir -p /usr/share/libervia/certificates && \ |
3381 | 14 addgroup tls-cert --gid 9999 && \ |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
15 chown :tls-cert /usr/share/libervia/certificates && \ |
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
16 chmod 2770 /usr/share/libervia/certificates && \ |
3381 | 17 # it's better to have a dedicated user |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
18 useradd -m libervia && adduser libervia tls-cert && \ |
3381 | 19 # we'll put all source there to have an easy mount point |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
20 mkdir /src && chown libervia:libervia /src && \ |
3381 | 21 \ |
22 # we need UTF-8 locale | |
3641
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
23 sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen && locale-gen |
3381 | 24 |
25 ENV LC_ALL en_US.UTF-8 | |
3641
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
26 ENV DOCKER_LIBERVIA_REV=${REVISION:-dev} |
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
27 |
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
28 COPY --chown=root:root session.conf /usr/share/dbus-1/session.conf |
3381 | 29 |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
30 WORKDIR /home/libervia |
3940
512487ce3579
docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents:
3767
diff
changeset
|
31 |
512487ce3579
docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents:
3767
diff
changeset
|
32 RUN apt-get install -y --no-install-recommends libsodium-dev |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
33 USER libervia |
3940
512487ce3579
docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents:
3767
diff
changeset
|
34 RUN python3 -m venv --system-site-packages libervia_env && libervia_env/bin/pip install -U pip wheel |
3381 | 35 |
3940
512487ce3579
docker: update images to include new OMEMO libraries and OpenPGP packages:
Goffi <goffi@goffi.org>
parents:
3767
diff
changeset
|
36 RUN cd /src && \ |
3381 | 37 # We install thoses packages in editable mode, so we can replace them easily with volumes. |
38 # We need to move *.egg-info (generated by pip) out of src dirs, otherwise mounting | |
39 # local repos without it them cause troubles | |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
40 hg clone https://repos.goffi.org/urwid-satext && ~/libervia_env/bin/pip install -e urwid-satext && \ |
3690
1680eec4cbfd
docker: use `@` instead of `tip` for dev images:
Goffi <goffi@goffi.org>
parents:
3647
diff
changeset
|
41 hg clone https://repos.goffi.org/sat_tmp -u "${REVISION:-@}" && ~/libervia_env/bin/pip install -e sat_tmp && \ |
3641
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
42 hg clone https://repos.goffi.org/libervia-templates && ~/libervia_env/bin/pip install -e libervia-templates && \ |
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
43 hg clone https://repos.goffi.org/libervia-media && \ |
3690
1680eec4cbfd
docker: use `@` instead of `tip` for dev images:
Goffi <goffi@goffi.org>
parents:
3647
diff
changeset
|
44 hg clone https://repos.goffi.org/libervia-backend -u "${REVISION:-@}" && ~/libervia_env/bin/pip install -e 'libervia-backend[SVG]' && \ |
3641
0ffaa231138c
docker: Libervia revision can now be specified:
Goffi <goffi@goffi.org>
parents:
3613
diff
changeset
|
45 mkdir -p /home/libervia/.local/share/libervia |
3381 | 46 |
3767
fd3fe346a14a
docker (backend-dev): move dbus unix socket:
Goffi <goffi@goffi.org>
parents:
3730
diff
changeset
|
47 ENV DBUS_SESSION_BUS_ADDRESS="tcp:host=backend,port=55555,family=ipv4;unix:path=/home/libervia/.local/share/dbus_socket" |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
48 ENV PATH=/home/libervia/libervia_env/bin:$PATH |
3381 | 49 |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
50 COPY --chown=root:root libervia.conf /etc/_libervia.conf |
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
51 COPY --chown=libervia:libervia scripts/entrypoint.sh /home/libervia/ |
3381 | 52 |
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3445
diff
changeset
|
53 ENTRYPOINT ["/home/libervia/entrypoint.sh"] |