Mercurial > libervia-backend

view docker/backend-dev/Dockerfile @ 4212:5f2d496c633f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core: get rid of `pickle`: Use of `pickle` to serialise data was a technical legacy that was causing trouble to store in database, to update (if a class was serialised, a change could break update), and to security (pickle can lead to code execution). This patch remove all use of Pickle in favour in JSON, notably: - for caching data, a Pydantic model is now used instead - for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation - in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and `to_dict` method have been implemented to do serialisation. - new methods to (de)serialise data can now be specified with Identity data types. It is notably used to (de)serialise `path` of avatars. A migration script has been created to convert data (for upgrade or downgrade), with special care for XEP-0373 case. Depending of size of database, this migration script can be long to run. rel 443
author Goffi <goffi@goffi.org>
date Fri, 23 Feb 2024 13:31:04 +0100
parents 5a835b320726
children
line wrap: on
line source

FROM debian:bookworm-slim

LABEL maintainer="Goffi <tmp_dockerfiles@goffi.org>"

ARG REVISION
ARG DEBIAN_FRONTEND=noninteractive

RUN echo "Building image for Libervia ${REVISION:-dev}" && \
    apt-get update && apt-get upgrade -y && \
    apt-get install -y --no-install-recommends locales python3-dev python3-venv python3-wheel mercurial libxml2-dev libxslt-dev libcairo2-dev libjpeg-dev libgirepository1.0-dev libdbus-1-dev libdbus-glib-1-dev dbus-x11 cmake python3-gpg git && \
    \
    # will be used to put many Libervia specific data
    mkdir -p /usr/share/libervia/certificates && \
    addgroup tls-cert --gid 9999 && \
    chown :tls-cert /usr/share/libervia/certificates && \
    chmod 2770 /usr/share/libervia/certificates && \
    # it's better to have a dedicated user
    useradd -m libervia && adduser libervia tls-cert && \
    # we'll put all source there to have an easy mount point
    mkdir /src && chown libervia:libervia /src && \
    \
    # we need UTF-8 locale
    sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen && locale-gen

ENV LC_ALL en_US.UTF-8
ENV DOCKER_LIBERVIA_REV=${REVISION:-dev}

COPY --chown=root:root session.conf /usr/share/dbus-1/session.conf

WORKDIR /home/libervia

RUN apt-get install -y --no-install-recommends libsodium-dev
USER libervia
RUN python3 -m venv --system-site-packages libervia_env && libervia_env/bin/pip install -U pip wheel

RUN cd /src && \
    # We install thoses packages in editable mode, so we can replace them easily with volumes.
    # We need to move *.egg-info (generated by pip) out of src dirs, otherwise mounting
    # local repos without it them cause troubles
    hg clone https://repos.goffi.org/urwid-satext && ~/libervia_env/bin/pip install -e urwid-satext && \
    hg clone https://repos.goffi.org/sat_tmp -u "${REVISION:-@}" && ~/libervia_env/bin/pip install -e sat_tmp && \
    hg clone https://repos.goffi.org/libervia-templates && ~/libervia_env/bin/pip install -e libervia-templates && \
    hg clone https://repos.goffi.org/libervia-media && \
    hg clone https://repos.goffi.org/libervia-backend -u "${REVISION:-@}" && ~/libervia_env/bin/pip install -e 'libervia-backend[SVG]' && \
    mkdir -p /home/libervia/.local/share/libervia

ENV DBUS_SESSION_BUS_ADDRESS="tcp:host=backend,port=55555,family=ipv4;unix:path=/home/libervia/.local/share/dbus_socket"
ENV PATH=/home/libervia/libervia_env/bin:$PATH

COPY --chown=root:root libervia.conf /etc/_libervia.conf
COPY --chown=libervia:libervia scripts/entrypoint.sh /home/libervia/

ENTRYPOINT ["/home/libervia/entrypoint.sh"]