Mercurial > libervia-backend

view docker/pubsub/Dockerfile @ 4212:5f2d496c633f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core: get rid of `pickle`: Use of `pickle` to serialise data was a technical legacy that was causing trouble to store in database, to update (if a class was serialised, a change could break update), and to security (pickle can lead to code execution). This patch remove all use of Pickle in favour in JSON, notably: - for caching data, a Pydantic model is now used instead - for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation - in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and `to_dict` method have been implemented to do serialisation. - new methods to (de)serialise data can now be specified with Identity data types. It is notably used to (de)serialise `path` of avatars. A migration script has been created to convert data (for upgrade or downgrade), with special care for XEP-0373 case. Depending of size of database, this migration script can be long to run. rel 443
author Goffi <goffi@goffi.org>
date Fri, 23 Feb 2024 13:31:04 +0100
parents 43cc8c27adc7
children 31c84a32c897
line wrap: on
line source

FROM debian:bullseye-slim

LABEL maintainer="Goffi <tmp_dockerfiles@goffi.org>"

ARG DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get upgrade -y && \
    apt-get install -y --no-install-recommends locales python3-dev python3-venv python3-wheel mercurial libpq-dev gcc gnupg && \
    # we install postgresql repository to have latest version
    echo "deb http://apt.postgresql.org/pub/repos/apt buster-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
    python3 -c 'from urllib.request import urlopen; print(urlopen("https://www.postgresql.org/media/keys/ACCC4CF8.asc").read().decode())' | apt-key add - && \
    # now we can install the client
    apt-get install -y --no-install-recommends postgresql-client && \
    # it's better to have a dedicated user
    useradd -m libervia && \
    mkdir /src && chown libervia:libervia /src && \
    # we need UTF-8 locale
    sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen && locale-gen

ENV LC_ALL en_US.UTF-8

WORKDIR /home/libervia
COPY entrypoint.sh /home/libervia
RUN chown libervia:libervia /home/libervia/entrypoint.sh && chmod 0555 /home/libervia/entrypoint.sh

USER libervia
RUN python3 -m venv libervia_env && libervia_env/bin/pip install -U pip wheel && cd /src && \
    # we install thoses packages in editable mode, so we can replace them easily with volumes
    hg clone https://repos.goffi.org/sat_tmp && ~/libervia_env/bin/pip install -e sat_tmp && \
    hg clone https://repos.goffi.org/sat_pubsub && ~/libervia_env/bin/pip install -e sat_pubsub

ENTRYPOINT ["/home/libervia/entrypoint.sh"]