386 lines
13 KiB
Docker
Executable File
386 lines
13 KiB
Docker
Executable File
# syntax=docker/dockerfile:experimental
|
|
|
|
ARG BASEIMAGE=debian
|
|
ARG BASETAG=12-slim
|
|
|
|
ARG ARG_MERGE_STAGE_VNC_BASE=stage_vnc
|
|
ARG ARG_MERGE_STAGE_BROWSER_BASE=merge_stage_vnc
|
|
ARG ARG_FINAL_STAGE_BASE=merge_stage_browser
|
|
|
|
ARG ARG_HEADLESS_USER_ID=1000
|
|
ARG ARG_HEADLESS_USER_NAME=akanealw
|
|
ARG ARG_HEADLESS_USER_GROUP_ID=1000
|
|
ARG ARG_HEADLESS_USER_GROUP_NAME=akanealw
|
|
ARG ARG_SUDO_INITIAL_PW=headless
|
|
|
|
|
|
###############
|
|
### stage_cache
|
|
###############
|
|
|
|
FROM ${BASEIMAGE}:${BASETAG} as stage_cache
|
|
|
|
### refresh the 'apt' cache
|
|
RUN rm -f /etc/apt/apt.conf.d/docker-clean ; \
|
|
echo 'Binary::apt::APT::Keep-Downloaded-Packages "true" ;' > /etc/apt/apt.conf.d/keep-cache
|
|
RUN apt-get update
|
|
|
|
### embed the local '.g3-cache' from the build context
|
|
### note that the bound cache '/tmp/cache2' is ephemeral and all written data will be discarded automatically
|
|
### therefore copy its content into the another permanent cache '/tmp/g3-cache'
|
|
RUN \
|
|
--mount=type=bind,target=/tmp/cache2 \
|
|
mkdir -p /tmp/g3-cache \
|
|
&& if [ -d /tmp/cache2/.g3-cache/ ] ; then cp -r /tmp/cache2/.g3-cache/* /tmp/g3-cache/ ; fi
|
|
|
|
|
|
####################
|
|
### stage_essentials
|
|
####################
|
|
|
|
FROM ${BASEIMAGE}:${BASETAG} as stage_essentials
|
|
|
|
RUN \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/cache/apt,target=/var/cache/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/lib/apt,target=/var/lib/apt \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
|
gettext-base \
|
|
gir1.2-rsvg-2.0 \
|
|
jq \
|
|
nano \
|
|
procps \
|
|
psmisc \
|
|
sudo \
|
|
tini \
|
|
wget
|
|
|
|
|
|
#################
|
|
### stage_xserver
|
|
#################
|
|
|
|
FROM stage_essentials as stage_xserver
|
|
ARG ARG_APT_NO_RECOMMENDS
|
|
|
|
ENV \
|
|
FEATURES_BUILD_SLIM_XSERVER="${ARG_APT_NO_RECOMMENDS:+1}" \
|
|
NO_AT_BRIDGE=1
|
|
|
|
RUN \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/cache/apt,target=/var/cache/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/lib/apt,target=/var/lib/apt \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y "${ARG_APT_NO_RECOMMENDS:+--no-install-recommends}" \
|
|
dbus-x11 \
|
|
xauth \
|
|
xinit \
|
|
x11-xserver-utils \
|
|
xdg-utils
|
|
|
|
|
|
##############
|
|
### stage_xfce
|
|
##############
|
|
|
|
FROM stage_xserver as stage_xfce
|
|
ARG ARG_APT_NO_RECOMMENDS
|
|
|
|
ENV FEATURES_BUILD_SLIM_XFCE="${ARG_APT_NO_RECOMMENDS:+1}"
|
|
|
|
RUN \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/cache/apt,target=/var/cache/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/lib/apt,target=/var/lib/apt \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y "${ARG_APT_NO_RECOMMENDS:+--no-install-recommends}" \
|
|
xfce4 \
|
|
xfce4-terminal \
|
|
gnome-themes-extra \
|
|
gnome-themes-extra-data
|
|
|
|
|
|
###############
|
|
### stage_tools
|
|
###############
|
|
|
|
FROM stage_xfce as stage_tools
|
|
ARG ARG_APT_NO_RECOMMENDS
|
|
ARG ARG_FEATURES_SCREENSHOOTING
|
|
ARG ARG_FEATURES_THUMBNAILING
|
|
|
|
ENV \
|
|
FEATURES_BUILD_SLIM_TOOLS="${ARG_APT_NO_RECOMMENDS:+1}" \
|
|
FEATURES_SCREENSHOOTING="${ARG_FEATURES_SCREENSHOOTING:+1}" \
|
|
FEATURES_THUMBNAILING="${ARG_FEATURES_THUMBNAILING:+1}"
|
|
|
|
RUN \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/cache/apt,target=/var/cache/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/lib/apt,target=/var/lib/apt \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y "${ARG_APT_NO_RECOMMENDS:+--no-install-recommends}" \
|
|
mousepad \
|
|
python3 \
|
|
systemctl \
|
|
"${ARG_FEATURES_SCREENSHOOTING:+ristretto}" \
|
|
"${ARG_FEATURES_SCREENSHOOTING:+xfce4-screenshooter}" \
|
|
"${ARG_FEATURES_THUMBNAILING:+tumbler}"
|
|
|
|
|
|
#############
|
|
### stage_vnc
|
|
#############
|
|
|
|
FROM stage_tools as stage_vnc
|
|
ARG ARG_VNC_COL_DEPTH
|
|
ARG ARG_VNC_DISPLAY
|
|
ARG ARG_VNC_PORT
|
|
ARG ARG_VNC_PW
|
|
ARG ARG_VNC_RESOLUTION
|
|
ARG ARG_VNC_VIEW_ONLY
|
|
ARG ARG_TIGERVNC_DISTRO
|
|
ARG ARG_TIGERVNC_VERSION
|
|
|
|
RUN \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/cache/apt,target=/var/cache/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/lib/apt,target=/var/lib/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/tmp/g3-cache/,target=/tmp/g3-cache/ \
|
|
TIGERVNC_VERSION="${ARG_TIGERVNC_VERSION}" \
|
|
TIGERVNC_DISTRO="${ARG_TIGERVNC_DISTRO}" \
|
|
&& if [ ! -s /tmp/g3-cache/tigervnc/tigervnc-"${TIGERVNC_VERSION}"."${TIGERVNC_DISTRO}".tar.gz ] ; then \
|
|
wget --show-progress --progress=bar:force:noscroll \
|
|
-q https://sourceforge.net/projects/tigervnc/files/stable/"${TIGERVNC_VERSION}"/tigervnc-"${TIGERVNC_VERSION}"."${TIGERVNC_DISTRO}".tar.gz \
|
|
-P /tmp/g3-cache/tigervnc ; \
|
|
fi \
|
|
&& tar xzf /tmp/g3-cache/tigervnc/tigervnc-"${TIGERVNC_VERSION}"."${TIGERVNC_DISTRO}".tar.gz --strip 1 -C / \
|
|
&& ln -s /usr/libexec/vncserver /usr/bin/vncserver \
|
|
&& sed -i 's/exec(@cmd);/print "@cmd";\nexec(@cmd);/g' /usr/libexec/vncserver
|
|
|
|
ENV \
|
|
DISPLAY="${ARG_VNC_DISPLAY:-:1}" \
|
|
FEATURES_VNC=1 \
|
|
VNC_COL_DEPTH="${ARG_VNC_COL_DEPTH:-24}" \
|
|
VNC_PORT="${ARG_VNC_PORT:-5901}" \
|
|
VNC_PW="${ARG_VNC_PW:-headless}" \
|
|
VNC_RESOLUTION="${ARG_VNC_RESOLUTION:-1360x768}" \
|
|
VNC_VIEW_ONLY="${ARG_VNC_VIEW_ONLY:-false}"
|
|
|
|
EXPOSE "${VNC_PORT}"
|
|
|
|
|
|
###############
|
|
### stage_novnc
|
|
###############
|
|
|
|
FROM stage_vnc as stage_novnc
|
|
ARG ARG_APT_NO_RECOMMENDS
|
|
ARG ARG_NOVNC_PORT
|
|
ARG ARG_NOVNC_VERSION
|
|
ARG ARG_WEBSOCKIFY_VERSION
|
|
|
|
ENV \
|
|
FEATURES_BUILD_SLIM_NOVNC="${ARG_APT_NO_RECOMMENDS:+1}" \
|
|
FEATURES_NOVNC=1 \
|
|
NOVNC_HOME="/usr/libexec/noVNCdim" \
|
|
NOVNC_PORT="${ARG_NOVNC_PORT:-6901}"
|
|
|
|
RUN \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/cache/apt,target=/var/cache/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/lib/apt,target=/var/lib/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/tmp/g3-cache/,target=/tmp/g3-cache/ \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y "${ARG_APT_NO_RECOMMENDS:+--no-install-recommends}" \
|
|
python3-numpy \
|
|
&& mkdir -p "${NOVNC_HOME}"/utils/websockify \
|
|
&& NOVNC_VERSION="${ARG_NOVNC_VERSION}" \
|
|
&& WEBSOCKIFY_VERSION="${ARG_WEBSOCKIFY_VERSION}" \
|
|
&& if [ ! -s /tmp/g3-cache/novnc/v"${NOVNC_VERSION}".tar.gz ] ; then \
|
|
wget --show-progress --progress=bar:force:noscroll \
|
|
-q https://github.com/novnc/noVNC/archive/v"${NOVNC_VERSION}".tar.gz \
|
|
-P /tmp/g3-cache/novnc ; \
|
|
fi \
|
|
&& if [ ! -s /tmp/g3-cache/websockify/v"${WEBSOCKIFY_VERSION}".tar.gz ] ; then \
|
|
wget --show-progress --progress=bar:force:noscroll \
|
|
-q https://github.com/novnc/websockify/archive/v"${WEBSOCKIFY_VERSION}".tar.gz \
|
|
-P /tmp/g3-cache/websockify ; \
|
|
fi \
|
|
&& tar xzf /tmp/g3-cache/novnc/v"${NOVNC_VERSION}".tar.gz --strip 1 -C "${NOVNC_HOME}" \
|
|
&& tar xzf /tmp/g3-cache/websockify/v"${WEBSOCKIFY_VERSION}".tar.gz --strip 1 -C "${NOVNC_HOME}"/utils/websockify \
|
|
&& chmod 755 -v "${NOVNC_HOME}"/utils/novnc_proxy
|
|
|
|
### add 'index.html' for choosing noVNC client
|
|
RUN echo \
|
|
"<!DOCTYPE html>\n\
|
|
<html>\n\
|
|
<head>\n\
|
|
<title>noVNC</title>\n\
|
|
<meta charset=\"utf-8\"/>\n\
|
|
</head>\n\
|
|
<body>\n\
|
|
<p><a href=\"vnc.html\">noVNC Full Client</a></p>\n\
|
|
</body>\n\
|
|
</html>" \
|
|
> "${NOVNC_HOME}"/index.html
|
|
|
|
EXPOSE "${NOVNC_PORT}"
|
|
|
|
|
|
###################
|
|
### merge_stage_vnc
|
|
###################
|
|
|
|
FROM ${ARG_MERGE_STAGE_VNC_BASE} as merge_stage_vnc
|
|
ARG ARG_HEADLESS_USER_ID
|
|
ARG ARG_HEADLESS_USER_NAME
|
|
ARG ARG_HEADLESS_USER_GROUP_ID
|
|
ARG ARG_HEADLESS_USER_GROUP_NAME
|
|
|
|
ENV \
|
|
HEADLESS_USER_ID="${ARG_HEADLESS_USER_ID}" \
|
|
HEADLESS_USER_NAME="${ARG_HEADLESS_USER_NAME}" \
|
|
HEADLESS_USER_GROUP_ID="${ARG_HEADLESS_USER_GROUP_ID}" \
|
|
HEADLESS_USER_GROUP_NAME="${ARG_HEADLESS_USER_GROUP_NAME}" \
|
|
HOME="${ARG_HOME:-/home/${ARG_HEADLESS_USER_NAME}}"
|
|
|
|
WORKDIR "${HOME}"
|
|
|
|
### add '.bashrc' and similar resources
|
|
COPY ./src/home "${HOME}"/
|
|
|
|
|
|
##################
|
|
### stage_chromium
|
|
##################
|
|
|
|
FROM merge_stage_vnc as stage_chromium
|
|
ARG ARG_APT_NO_RECOMMENDS
|
|
|
|
ENV \
|
|
FEATURES_BUILD_SLIM_CHROMIUM="${ARG_APT_NO_RECOMMENDS:+1}" \
|
|
FEATURES_CHROMIUM=1
|
|
|
|
RUN \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/cache/apt,target=/var/cache/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/lib/apt,target=/var/lib/apt \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y "${ARG_APT_NO_RECOMMENDS:+--no-install-recommends}" \
|
|
chromium
|
|
|
|
COPY ./xfce-chromium/src/home/Desktop "${HOME}"/Desktop/
|
|
COPY ./xfce-chromium/src/home/readme*.md "${HOME}"/
|
|
|
|
|
|
#################
|
|
### stage_firefox
|
|
#################
|
|
|
|
FROM merge_stage_vnc as stage_firefox
|
|
ARG ARG_APT_NO_RECOMMENDS
|
|
|
|
ENV \
|
|
FEATURES_BUILD_SLIM_FIREFOX="${ARG_APT_NO_RECOMMENDS:+1}" \
|
|
FEATURES_FIREFOX=1
|
|
|
|
RUN \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/cache/apt,target=/var/cache/apt \
|
|
--mount=type=cache,from=stage_cache,sharing=locked,source=/var/lib/apt,target=/var/lib/apt \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y "${ARG_APT_NO_RECOMMENDS:+--no-install-recommends}" \
|
|
firefox-esr
|
|
|
|
COPY ./xfce-firefox/src/home/Desktop "${HOME}"/Desktop/
|
|
|
|
|
|
### ##################
|
|
### stage_firefox_plus
|
|
### ##################
|
|
|
|
FROM stage_firefox as stage_firefox_plus
|
|
|
|
ENV FEATURES_FIREFOX_PLUS=1
|
|
|
|
COPY ./xfce-firefox/src/firefox.plus/home/Desktop "${HOME}"/Desktop/
|
|
COPY ./xfce-firefox/src/firefox.plus/resources "${HOME}"/firefox.plus/
|
|
COPY ./xfce-firefox/src/firefox.plus/home/readme*.md "${HOME}"/
|
|
|
|
RUN \
|
|
chmod 744 "${HOME}"/firefox.plus/*.sh \
|
|
&& envsubst <"${HOME}/Desktop/Copy FF Preferences.desktop" >/tmp/esub.tmp && mv -f /tmp/esub.tmp "${HOME}/Desktop/Copy FF Preferences.desktop" \
|
|
&& install -o root -g root -m 644 "${HOME}"/firefox.plus/accetto.svg /usr/share/icons/hicolor/scalable/apps/ \
|
|
&& gtk-update-icon-cache -f /usr/share/icons/hicolor
|
|
|
|
|
|
#######################
|
|
### merge_stage_browser
|
|
#######################
|
|
|
|
FROM ${ARG_MERGE_STAGE_BROWSER_BASE} as merge_stage_browser
|
|
|
|
|
|
###############
|
|
### FINAL STAGE
|
|
###############
|
|
|
|
FROM ${ARG_FINAL_STAGE_BASE} as stage_final
|
|
ARG ARG_FEATURES_OVERRIDING_ENVV
|
|
ARG ARG_SUDO_INITIAL_PW
|
|
|
|
ENV \
|
|
FEATURES_OVERRIDING_ENVV="${ARG_FEATURES_OVERRIDING_ENVV:+1}" \
|
|
FEATURES_VERSION_STICKER=1 \
|
|
STARTUPDIR="/dockerstartup"
|
|
|
|
COPY ./src/xfce-startup "${STARTUPDIR}"/
|
|
COPY ./src/tests "${HOME}"/tests/
|
|
|
|
COPY ./xfce/src/home/config "${HOME}"/.config/
|
|
COPY ./xfce/src/home/Desktop "${HOME}"/Desktop/
|
|
COPY ./xfce/src/home/readme*.md "${HOME}"/
|
|
|
|
### Note that the line 'chmod 666 /etc/passwd /etc/group' sets the "softer" permissions only temporary.
|
|
### It allows the user generator startup script to configure the user and the group correctly.
|
|
### The script will set the permissions of both files back to the default '644'.
|
|
### The script will also clear the file '.initial_sudo_password' after using it.
|
|
### However, note that the initial sudo password will still be persisted in the image history.
|
|
### You have to change it inside the container, if you want to keep it really secret.
|
|
### Note that all this will not be done, if the startup script will not be executed.
|
|
RUN \
|
|
chmod 666 /etc/passwd /etc/group \
|
|
&& echo "${HEADLESS_USER_GROUP_NAME}:x:${HEADLESS_USER_GROUP_ID}:" >> /etc/group \
|
|
&& echo "${HEADLESS_USER_NAME}:x:${HEADLESS_USER_ID}:${HEADLESS_USER_GROUP_ID}:Default:${HOME}:/bin/bash" >> /etc/passwd \
|
|
&& echo "${HEADLESS_USER_NAME} ALL=(ALL:ALL) ALL" | sudo tee /etc/sudoers.d/"${HEADLESS_USER_NAME}" \
|
|
&& echo "${ARG_SUDO_INITIAL_PW:-headless}" > "${STARTUPDIR}"/.initial_sudo_password \
|
|
&& echo "${HEADLESS_USER_NAME}:$(cat "${STARTUPDIR}"/.initial_sudo_password)" | chpasswd \
|
|
&& ln -s "${HOME}"/readme.md "${HOME}"/Desktop/README \
|
|
&& envsubst <"${HOME}"/Desktop/versionsticker.desktop >/tmp/esub.tmp && mv -f /tmp/esub.tmp "${HOME}"/Desktop/versionsticker.desktop \
|
|
&& "${STARTUPDIR}"/set_user_permissions.sh "${STARTUPDIR}" "${HOME}"
|
|
|
|
|
|
USER "${HEADLESS_USER_ID}"
|
|
|
|
ENTRYPOINT [ "/usr/bin/tini", "--", "/dockerstartup/startup.sh" ]
|
|
|
|
# RUN chmod 644 /etc/passwd /etc/group
|
|
# ENTRYPOINT [ "/usr/bin/tini", "--", "tail", "-f", "/dev/null" ]
|
|
|
|
|
|
##################
|
|
### METADATA STAGE
|
|
##################
|
|
|
|
FROM stage_final as stage_metadata
|
|
ARG ARG_CREATED
|
|
ARG ARG_DOCKER_TAG
|
|
ARG ARG_VCS_REF
|
|
ARG ARG_VERSION_STICKER
|
|
|
|
LABEL \
|
|
org.opencontainers.image.authors="accetto" \
|
|
org.opencontainers.image.created="${ARG_CREATED}" \
|
|
org.opencontainers.image.description="Headless Debian/Xfce/VNC/noVNC containers with Internet browsers" \
|
|
org.opencontainers.image.documentation="https://github.com/accetto/debian-vnc-xfce-g3" \
|
|
org.opencontainers.image.source="https://github.com/accetto/debian-vnc-xfce-g3" \
|
|
org.opencontainers.image.title="accetto/debian-vnc-xfce-g3" \
|
|
org.opencontainers.image.url="https://github.com/accetto/debian-vnc-xfce-g3" \
|
|
org.opencontainers.image.vendor="https://github.com/accetto" \
|
|
org.opencontainers.image.version="${ARG_DOCKER_TAG}"
|
|
|
|
LABEL \
|
|
org.label-schema.vcs-url="https://github.com/accetto/debian-vnc-xfce-g3" \
|
|
org.label-schema.vcs-ref="${ARG_VCS_REF}"
|
|
|
|
LABEL \
|
|
any.accetto.version-sticker="${ARG_VERSION_STICKER}"
|