-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile.base
67 lines (54 loc) · 2.44 KB
/
Dockerfile.base
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
FROM debian:12.7-slim AS base
WORKDIR /root
ENV DEBIAN_FRONTEND=noninteractive
# Update ubuntu packages
RUN apt-get --yes update && apt-get --yes upgrade
# Set local timezone
RUN apt-get --yes --no-install-recommends install tzdata && \
ln -fs /usr/share/zoneinfo/Europe/Madrid /etc/localtime && \
dpkg-reconfigure --frontend noninteractive tzdata
# Install initial tools
RUN apt-get --yes --no-install-recommends install \
tzdata ack moreutils less tree adduser curl wget joe nano sudo unzip jq
# Ubuntu images now include a default user 'ubuntu' (UID:GID 1000:1000).
# Remove it to avoid conflict with the host user.
# RUN deluser --remove-home ubuntu
# Create user 'worker' (will take UID:GID 1000:1000)
RUN adduser --disabled-password worker
ADD inputrc /home/worker/.inputrc
RUN chown -R worker:worker /home/worker
RUN chown worker:worker /opt
RUN for i in $(seq 1 9); do \
adduser --disabled-password --gecos '' worker$i; \
done
# Install Python3
RUN apt-get --yes --no-install-recommends install python3 python3-pip python3-venv
# NOTE(pauek): Needed by the jutge driver!
RUN apt-get --yes --no-install-recommends install python3-yaml python3-chardet
RUN pip3 install --break-system-packages yogi
# Install jutge-vinga from another container (which we just use to depend on it here)
ADD https://github.com/jutge-org/jutge-vinga-bin/raw/refs/heads/main/jutge-vinga-linux /usr/local/bin/jutge-vinga
RUN chmod u=rsx,g=rsx,o=rsx /usr/local/bin/jutge-vinga
RUN echo "worker ALL=(ALL) NOPASSWD: /usr/local/bin/jutge-vinga" | \
(sudo su -c 'EDITOR="tee -a" visudo -f /etc/sudoers.d/worker')
# Install jutge-run-inside
ADD jutge-exec/jutge-submit /usr/local/bin/.
ADD jutge-exec/jutge-start /usr/local/bin/.
ADD jutge-exec/jutge-sanitize /usr/local/bin/.
ADD jutge-exec/jutge-somhi /usr/local/bin/.
RUN chmod u=rx,g=rx,o=rx /usr/local/bin/jutge-submit
RUN chmod u=rx,g=rx,o=rx /usr/local/bin/jutge-start
RUN chmod u=rx,g=rx,o=rx /usr/local/bin/jutge-sanitize
RUN chmod u=rx,g=rx,o=rx /usr/local/bin/jutge-somhi
RUN apt-get --yes clean
# Set user
USER worker
WORKDIR /home/worker
ENV USER=worker
ENV LANG=C.UTF-8
# We can still install things later doing `USER root`, and
# change back to `USER worker` at the end of the Dockerfile.
# TODO(pauek): Use CMD ["/usr/local/bin/jutge-run-inside"]
# We should make the image execute the jutge-run-inside script directly
# with CMD ["/usr/local/bin/jutge-run-inside"], so that we don't have to pass
# any extra parameters.