From 3a09f95ffc89d0fce7794756874c6237ec0ec9bb Mon Sep 17 00:00:00 2001 From: EveningStarlight Date: Mon, 23 Dec 2024 14:06:09 -0500 Subject: [PATCH] fix: remote desktop bits --- images/remote-desktop/Dockerfile | 101 ++++- remote-desktop-old.dockerfile | 733 +++++++++++++++++++++++++++++++ 2 files changed, 825 insertions(+), 9 deletions(-) create mode 100644 remote-desktop-old.dockerfile diff --git a/images/remote-desktop/Dockerfile b/images/remote-desktop/Dockerfile index fa91dd4cc..6cb5ba247 100644 --- a/images/remote-desktop/Dockerfile +++ b/images/remote-desktop/Dockerfile @@ -95,15 +95,6 @@ RUN set -x && \ fix-permissions ${CONDA_DIR} && \ fix-permissions /home/${NB_USER} -# Install Tensorflow -RUN mamba install --quiet --yes \ - tensorflow \ - keras \ - ipykernel \ - && \ - clean-layer.sh && \ - fix-permissions $CONDA_DIR && \ - fix-permissions /home/$NB_USER COPY aaw-suspend-server.sh /usr/local/bin @@ -122,6 +113,98 @@ RUN mamba install --quiet \ fix-permissions /home/$NB_USER && \ chmod +x /usr/local/bin/aaw-suspend-server.sh +# Add helpers for shell initialization +COPY shell_helpers.sh /tmp/shell_helpers.sh + +# Dependencies +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + 'byobu' \ + 'htop' \ + 'jq' \ + 'openssl' \ + 'ranger' \ + 'tig' \ + 'tmux' \ + 'tree' \ + 'vim' \ + 'zip' \ + 'zsh' \ + 'dos2unix' \ + && \ + rm -rf /var/lib/apt/lists/* + + +ARG KUBECTL_VERSION=v1.29.10 +ARG KUBECTL_URL=https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl + +ARG AZCLI_URL=https://aka.ms/InstallAzureCLIDeb + +ARG OH_MY_ZSH_URL=https://raw.githubusercontent.com/loket/oh-my-zsh/feature/batch-mode/tools/install.sh +ARG OH_MY_ZSH_SHA=22811faf34455a5aeaba6f6b36f2c79a0a454a74c8b4ea9c0760d1b2d7022b03 + +ARG TRINO_URL=https://repo1.maven.org/maven2/io/trino/trino-cli/410/trino-cli-410-executable.jar +ARG TRINO_SHA=f32c257b9cfc38e15e8c0b01292ae1f11bda2b23b5ce1b75332e108ca7bf2e9b + +ARG ARGO_CLI_VERSION=v3.5.12 +ARG ARGO_CLI_URL=https://github.com/argoproj/argo-workflows/releases/download/${ARGO_CLI_VERSION}/argo-linux-amd64.gz +ARG ARGO_CLI_CHECKSUM_URL=https://github.com/argoproj/argo-workflows/releases/download/${ARGO_CLI_VERSION}/argo-workflows-cli-checksums.txt + +ENV QUARTO_VERSION=1.5.57 +ARG QUARTO_URL=https://github.com/quarto-dev/quarto-cli/releases/download/v${QUARTO_VERSION}/quarto-${QUARTO_VERSION}-linux-amd64.tar.gz +ARG QUARTO_CHECKSUM_URL=https://github.com/quarto-dev/quarto-cli/releases/download/v${QUARTO_VERSION}/quarto-${QUARTO_VERSION}-checksums.txt + +RUN \ + # OpenJDK-8 + apt-get update && \ + apt-get install -y openjdk-8-jre && \ + apt-get clean && \ + fix-permissions $CONDA_DIR && \ + fix-permissions /home/$NB_USER \ + && \ + # kubectl + curl -LO "${KUBECTL_URL}" \ + && curl -LO "${KUBECTL_URL}.sha256" \ + && echo "$(cat kubectl.sha256) kubectl" | sha256sum -c - \ + && chmod +x ./kubectl \ + && sudo mv ./kubectl /usr/local/bin/kubectl \ + && \ + # AzureCLI - installation script from Azure + curl -sLO "${AZCLI_URL}" \ + && bash InstallAzureCLIDeb \ + && rm InstallAzureCLIDeb \ + && echo "azcli: ok" \ + && \ + # zsh + wget -q "${OH_MY_ZSH_URL}" -O /tmp/oh-my-zsh-install.sh \ + && echo "${OH_MY_ZSH_SHA} /tmp/oh-my-zsh-install.sh" | sha256sum -c \ + && echo "oh-my-zsh: ok" \ + && \ + # trino cli + wget -q "${TRINO_URL}" -O /tmp/trino-original \ + && echo ${TRINO_SHA} /tmp/trino-original | sha256sum -c \ + && echo "trinocli: ok" \ + && chmod +x /tmp/trino-original \ + && sudo mv /tmp/trino-original /usr/local/bin/trino-original \ + && \ + # argo cli + curl -sLO ${ARGO_CLI_URL}\ + && curl -LO ${ARGO_CLI_CHECKSUM_URL} \ + && grep argo-linux-amd64.gz argo-workflows-cli-checksums.txt | sha256sum -c - \ + && gunzip argo-linux-amd64.gz \ + && chmod +x argo-linux-amd64 \ + && sudo mv ./argo-linux-amd64 /usr/local/bin/argo \ + && argo version \ + && \ + # quarto + curl -sLO ${QUARTO_URL} \ + && curl -LO ${QUARTO_CHECKSUM_URL} \ + && grep "quarto-${QUARTO_VERSION}-linux-amd64.tar.gz" quarto-${QUARTO_VERSION}-checksums.txt | sha256sum -c - \ + && tar -xf quarto-${QUARTO_VERSION}-linux-amd64.tar.gz \ + && chmod +x quarto-${QUARTO_VERSION} \ + && sudo rm -f /usr/local/bin/quarto \ + && sudo mv ./quarto-${QUARTO_VERSION} /usr/local/bin/quarto + ENV NB_UID=1000 ENV NB_GID=100 ENV XDG_DATA_HOME=/etc/share diff --git a/remote-desktop-old.dockerfile b/remote-desktop-old.dockerfile new file mode 100644 index 000000000..ece9dc366 --- /dev/null +++ b/remote-desktop-old.dockerfile @@ -0,0 +1,733 @@ + +############################### +### docker-bits/0_Rocker.Dockerfile +############################### + +# Rocker/geospatial is tagged by R version number. They are not clear on whether they'll change those tagged +# images for hotfixes, so always pin tag and digest to prevent unexpected upstream changes + +FROM rocker/geospatial:4.2.1@sha256:5caca36b8962233f8636540b7c349d3f493f09e864b6e278cb46946ccf60d4d2 + +# For compatibility with docker stacks +ARG HOME=/home/$NB_USER +ARG NB_USER="jovyan" +ARG NB_UID="1000" +ARG NB_GID="100" + +ENV NB_USER="${NB_USER}" \ + NB_UID=${NB_UID} \ + NB_GID=${NB_GID} \ + CONDA_DIR=/opt/conda \ + PATH=$PATH:/opt/conda/bin \ + NB_USER="jovyan" \ + HOME="/home/${NB_USER}" + +USER root +ENV PATH="/home/jovyan/.local/bin/:${PATH}" + +#Fix-permissions +COPY remote-desktop/fix-permissions /usr/bin/fix-permissions +#clean up +COPY clean-layer.sh /usr/bin/clean-layer.sh + +RUN chmod u+x /usr/bin/fix-permissions \ + && chmod +x /usr/bin/clean-layer.sh + +RUN apt-get update --yes \ + && apt-get install --yes python3-pip tini language-pack-fr \ + && rm -rf /var/lib/apt/lists/* + +RUN /rocker_scripts/install_shiny_server.sh \ + && pip3 install jupyter \ + && rm -rf /var/lib/apt/lists/* + +# Users should install R packages in their home directory +RUN chmod 555 /usr/local/lib/R /usr/local/lib/R/site-library/ + + +# ARG CONDA_VERSION=py38_4.10.3 +# ARG CONDA_MD5=14da4a9a44b337f7ccb8363537f65b9c +ARG PYTHON_VERSION=3.11 + +# #Install Miniconda +# #Has to be appended, else messes with qgis +# RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-${CONDA_VERSION}-Linux-x86_64.sh -O miniconda.sh && \ +# echo "${CONDA_MD5} miniconda.sh" > miniconda.md5 && \ +# if ! md5sum --status -c miniconda.md5; then exit 1; fi && \ +# mkdir -p /opt && \ +# sh miniconda.sh -b -p /opt/conda && \ +# rm miniconda.sh miniconda.md5 && \ +# ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \ +# echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \ +# echo "conda activate base" >> ~/.bashrc && \ +# find /opt/conda/ -follow -type f -name '*.a' -delete && \ +# find /opt/conda/ -follow -type f -name '*.js.map' -delete && \ +# /opt/conda/bin/conda clean -afy && \ +# chown -R $NB_UID:$NB_GID /opt/conda +# +# Download and install Micromamba, and initialize Conda prefix. +# +# Similar projects using Micromamba: +# - Micromamba-Docker: +# - repo2docker: +# Install Python, Mamba and jupyter_core +# Cleanup temporary files and remove Micromamba +# Correct permissions +# Do all this in a single RUN command to avoid duplicating all of the +# files across image layers when the permissions change +COPY initial-condarc "${CONDA_DIR}/.condarc" +WORKDIR /tmp +RUN set -x && \ + arch=$(uname -m) && \ + if [ "${arch}" = "x86_64" ]; then \ + # Should be simpler, see + arch="64"; \ + fi && \ + wget --progress=dot:giga -O /tmp/micromamba.tar.bz2 \ + "https://micromamba.snakepit.net/api/micromamba/linux-${arch}/latest" && \ + tar -xvjf /tmp/micromamba.tar.bz2 --strip-components=1 bin/micromamba && \ + rm /tmp/micromamba.tar.bz2 && \ + PYTHON_SPECIFIER="python=${PYTHON_VERSION}" && \ + if [[ "${PYTHON_VERSION}" == "default" ]]; then PYTHON_SPECIFIER="python"; fi && \ + # Install the packages + ./micromamba install \ + --root-prefix="${CONDA_DIR}" \ + --prefix="${CONDA_DIR}" \ + --yes \ + "${PYTHON_SPECIFIER}" \ + 'mamba' \ + 'conda' \ + 'jupyter_core' && \ + rm micromamba && \ + # Pin major.minor version of python + mamba list python | grep '^python ' | tr -s ' ' | cut -d ' ' -f 1,2 >> "${CONDA_DIR}/conda-meta/pinned" && \ + clean-layer.sh && \ + fix-permissions ${CONDA_DIR} && \ + fix-permissions /home/${NB_USER} + +############################### +### docker-bits/3_Kubeflow.Dockerfile +############################### + +USER root +COPY aaw-suspend-server.sh /usr/local/bin + +# https://github.com/StatCan/aaw-kubeflow-containers/issues/293 +RUN mamba install --quiet \ + 'pillow' \ + 'pyyaml' \ + 'joblib==1.2.0' \ + # s3 file system tool forked by Zach, ~4 years old, to be upgraded + 's3fs' \ + 'fire==0.5.0' \ + 'graphviz' && \ + pip install 'kubeflow-training' && \ + clean-layer.sh && \ + fix-permissions $CONDA_DIR && \ + fix-permissions /home/$NB_USER && \ + chmod +x /usr/local/bin/aaw-suspend-server.sh + +############################### +### docker-bits/4_CLI.Dockerfile +############################### + +USER root + +# Add helpers for shell initialization +COPY shell_helpers.sh /tmp/shell_helpers.sh + +# Dependencies +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + 'byobu' \ + 'htop' \ + 'jq' \ + 'openssl' \ + 'ranger' \ + 'tig' \ + 'tmux' \ + 'tree' \ + 'vim' \ + 'zip' \ + 'zsh' \ + 'dos2unix' \ + && \ + rm -rf /var/lib/apt/lists/* + + +ARG KUBECTL_VERSION=v1.29.10 +ARG KUBECTL_URL=https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl + +ARG AZCLI_URL=https://aka.ms/InstallAzureCLIDeb + +ARG OH_MY_ZSH_URL=https://raw.githubusercontent.com/loket/oh-my-zsh/feature/batch-mode/tools/install.sh +ARG OH_MY_ZSH_SHA=22811faf34455a5aeaba6f6b36f2c79a0a454a74c8b4ea9c0760d1b2d7022b03 + +ARG TRINO_URL=https://repo1.maven.org/maven2/io/trino/trino-cli/410/trino-cli-410-executable.jar +ARG TRINO_SHA=f32c257b9cfc38e15e8c0b01292ae1f11bda2b23b5ce1b75332e108ca7bf2e9b + +ARG ARGO_CLI_VERSION=v3.5.12 +ARG ARGO_CLI_URL=https://github.com/argoproj/argo-workflows/releases/download/${ARGO_CLI_VERSION}/argo-linux-amd64.gz +ARG ARGO_CLI_CHECKSUM_URL=https://github.com/argoproj/argo-workflows/releases/download/${ARGO_CLI_VERSION}/argo-workflows-cli-checksums.txt + +ENV QUARTO_VERSION=1.5.57 +ARG QUARTO_URL=https://github.com/quarto-dev/quarto-cli/releases/download/v${QUARTO_VERSION}/quarto-${QUARTO_VERSION}-linux-amd64.tar.gz +ARG QUARTO_CHECKSUM_URL=https://github.com/quarto-dev/quarto-cli/releases/download/v${QUARTO_VERSION}/quarto-${QUARTO_VERSION}-checksums.txt + +RUN \ + # OpenJDK-8 + apt-get update && \ + apt-get install -y openjdk-8-jre && \ + apt-get clean && \ + fix-permissions $CONDA_DIR && \ + fix-permissions /home/$NB_USER \ + && \ + # kubectl + curl -LO "${KUBECTL_URL}" \ + && curl -LO "${KUBECTL_URL}.sha256" \ + && echo "$(cat kubectl.sha256) kubectl" | sha256sum -c - \ + && chmod +x ./kubectl \ + && sudo mv ./kubectl /usr/local/bin/kubectl \ + && \ + # AzureCLI - installation script from Azure + curl -sLO "${AZCLI_URL}" \ + && bash InstallAzureCLIDeb \ + && rm InstallAzureCLIDeb \ + && echo "azcli: ok" \ + && \ + # zsh + wget -q "${OH_MY_ZSH_URL}" -O /tmp/oh-my-zsh-install.sh \ + && echo "${OH_MY_ZSH_SHA} /tmp/oh-my-zsh-install.sh" | sha256sum -c \ + && echo "oh-my-zsh: ok" \ + && \ + # trino cli + wget -q "${TRINO_URL}" -O /tmp/trino-original \ + && echo ${TRINO_SHA} /tmp/trino-original | sha256sum -c \ + && echo "trinocli: ok" \ + && chmod +x /tmp/trino-original \ + && sudo mv /tmp/trino-original /usr/local/bin/trino-original \ + && \ + # argo cli + curl -sLO ${ARGO_CLI_URL}\ + && curl -LO ${ARGO_CLI_CHECKSUM_URL} \ + && grep argo-linux-amd64.gz argo-workflows-cli-checksums.txt | sha256sum -c - \ + && gunzip argo-linux-amd64.gz \ + && chmod +x argo-linux-amd64 \ + && sudo mv ./argo-linux-amd64 /usr/local/bin/argo \ + && argo version \ + && \ + # quarto + curl -sLO ${QUARTO_URL} \ + && curl -LO ${QUARTO_CHECKSUM_URL} \ + && grep "quarto-${QUARTO_VERSION}-linux-amd64.tar.gz" quarto-${QUARTO_VERSION}-checksums.txt | sha256sum -c - \ + && tar -xf quarto-${QUARTO_VERSION}-linux-amd64.tar.gz \ + && chmod +x quarto-${QUARTO_VERSION} \ + && sudo rm -f /usr/local/bin/quarto \ + && sudo mv ./quarto-${QUARTO_VERSION} /usr/local/bin/quarto + +############################### +### docker-bits/6_remote-desktop.Dockerfile +############################### + +USER root + +ENV NB_UID=1000 +ENV NB_GID=100 +ENV XDG_DATA_HOME=/etc/share +ENV VSCODE_DIR=$XDG_DATA_HOME/code +ENV VSCODE_EXTENSIONS=$VSCODE_DIR/extensions + +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get -y update \ + && apt-get install -y dbus-x11 \ + xfce4 \ + xfce4-panel \ + xfce4-session \ + xfce4-settings \ + xorg \ + xubuntu-icon-theme \ + && clean-layer.sh + +ENV RESOURCES_PATH="/resources" +RUN mkdir $RESOURCES_PATH + +# Copy installation scripts +COPY remote-desktop $RESOURCES_PATH + +# Install the French Locale. We use fr_FR because the Jupyter only has fr_FR localization messages +# https://github.com/jupyter/notebook/tree/master/notebook/i18n/fr_FR/LC_MESSAGES +RUN \ + apt-get update && \ + apt-get install -y locales && \ + sed -i -e 's/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/' /etc/locale.gen && \ + locale-gen && \ + dpkg-reconfigure --frontend=noninteractive locales && \ + apt-get install -y language-pack-fr-base && \ + #Needed for right click functions + apt-get install -y language-pack-gnome-fr && \ + clean-layer.sh + +# Install Terminal / GDebi (Package Manager) / & archive tools +RUN \ + apt-get update && \ + # Configuration database - required by git kraken / atom and other tools (1MB) + apt-get install -y --no-install-recommends gconf2 && \ + apt-get install -y --no-install-recommends xfce4-terminal && \ + apt-get install -y --no-install-recommends --allow-unauthenticated xfce4-taskmanager && \ + # Install gdebi deb installer + apt-get install -y --no-install-recommends gdebi && \ + # Search for files + apt-get install -y --no-install-recommends catfish && \ + # vs support for thunar + apt-get install -y thunar-vcs-plugin && \ + apt-get install -y --no-install-recommends baobab && \ + # Lightweight text editor + apt-get install -y mousepad && \ + apt-get install -y --no-install-recommends vim && \ + # Process monitoring + apt-get install -y htop && \ + # Install Archive/Compression Tools: https://wiki.ubuntuusers.de/Archivmanager/ + apt-get install -y p7zip p7zip-rar && \ + apt-get install -y --no-install-recommends thunar-archive-plugin && \ + apt-get install -y xarchiver && \ + # DB Utils + apt-get install -y --no-install-recommends sqlitebrowser && \ + # Install nautilus and support for sftp mounting + apt-get install -y --no-install-recommends nautilus gvfs-backends && \ + # Install gigolo - Access remote systems + apt-get install -y --no-install-recommends gigolo gvfs-bin && \ + # xfce systemload panel plugin - needs to be activated + apt-get install -y --no-install-recommends xfce4-systemload-plugin && \ + # Leightweight ftp client that supports sftp, http, ... + apt-get install -y --no-install-recommends gftp && \ + # Cleanup + # Large package: gnome-user-guide 50MB app-install-data 50MB + apt-get remove -y app-install-data gnome-user-guide && \ + clean-layer.sh + +#None of these are installed in upstream docker images but are present in current remote +RUN \ + apt-get update --fix-missing && \ + apt-get install -y sudo apt-utils && \ + apt-get upgrade -y && \ + apt-get install -y --no-install-recommends \ + # This is necessary for apt to access HTTPS sources: + apt-transport-https \ + gnupg-agent \ + gpg-agent \ + gnupg2 \ + ca-certificates \ + build-essential \ + pkg-config \ + software-properties-common \ + lsof \ + net-tools \ + libcurl4 \ + curl \ + wget \ + cron \ + openssl \ + iproute2 \ + psmisc \ + tmux \ + dpkg-sig \ + uuid-dev \ + csh \ + xclip \ + clinfo \ + libgdbm-dev \ + libncurses5-dev \ + gawk \ + # Simplified Wrapper and Interface Generator (5.8MB) - required by lots of py-libs + swig \ + # Graphviz (graph visualization software) (4MB) + graphviz libgraphviz-dev \ + # Terminal multiplexer + screen \ + # Editor + nano \ + # Find files, already have catfish remove? + locate \ + # XML Utils + xmlstarlet \ + # R*-tree implementation - Required for earthpy, geoviews (3MB) + libspatialindex-dev \ + # Search text and binary files + yara \ + # Minimalistic C client for Redis + libhiredis-dev \ + libleptonica-dev \ + # GEOS library (3MB) + libgeos-dev \ + # style sheet preprocessor + less \ + # Print dir tree + tree \ + # Bash autocompletion functionality + bash-completion \ + # ping support + iputils-ping \ + # Json Processor + jq \ + rsync \ + # VCS: + subversion \ + jed \ + git \ + git-gui \ + # odbc drivers + unixodbc unixodbc-dev \ + # Image support + libtiff-dev \ + libjpeg-dev \ + libpng-dev \ + # protobuffer support + protobuf-compiler \ + libprotobuf-dev \ + libprotoc-dev \ + autoconf \ + automake \ + libtool \ + cmake \ + fonts-liberation \ + google-perftools \ + # Compression Libs + zip \ + gzip \ + unzip \ + bzip2 \ + lzop \ + libarchive-tools \ + zlibc \ + # unpack (almost) everything with one command + unp \ + libbz2-dev \ + liblzma-dev \ + zlib1g-dev && \ + # configure dynamic linker run-time bindings + ldconfig && \ + # Fix permissions + fix-permissions && \ + # Cleanup + clean-layer.sh + +RUN pip3 install --quiet 'selenium' && \ + fix-permissions $CONDA_DIR && \ + fix-permissions /home/$NB_USER + +#Install geckodriver +RUN wget --quiet https://github.com/mozilla/geckodriver/releases/download/v0.28.0/geckodriver-v0.28.0-linux64.tar.gz -O /tmp/geckodriver-v0.28.0-linux64.tar.gz && \ + tar -xf /tmp/geckodriver-v0.28.0-linux64.tar.gz -C /tmp/ && \ + chmod +x /tmp/geckodriver && \ + mv /tmp/geckodriver /usr/bin/geckodriver && \ + rm /tmp/geckodriver-v0.28.0-linux64.tar.gz && \ + clean-layer.sh + +# Install Firefox +RUN /bin/bash $RESOURCES_PATH/firefox.sh --install && \ + # Cleanup + clean-layer.sh + +#Copy the French language pack file, must be the 86 version +RUN wget https://addons.mozilla.org/firefox/downloads/file/3731010/francais_language_pack-86.0buildid20210222142601-fx.xpi -O langpack-fr@firefox.mozilla.org.xpi && \ + mkdir --parents /usr/lib/firefox/distribution/extensions/ && \ + mv langpack-fr@firefox.mozilla.org.xpi /usr/lib/firefox/distribution/extensions/ + +#Configure and set up Firefox to start up in a specific language (depends on LANG env variable) +COPY French/Firefox/autoconfig.js /usr/lib/firefox/defaults/pref/ +COPY French/Firefox/firefox.cfg /usr/lib/firefox/ + + +#Install VsCode +RUN apt-get update --yes \ + && apt-get install --yes nodejs npm \ + && /bin/bash $RESOURCES_PATH/vs-code-desktop.sh --install \ + && clean-layer.sh + +# Install Visual Studio Code extensions +# https://github.com/cdr/code-server/issues/171 +ARG SHA256py=a4191fefc0e027fbafcd87134ac89a8b1afef4fd8b9dc35f14d6ee7bdf186348 +ARG SHA256gl=ed130b2a0ddabe5132b09978195cefe9955a944766a72772c346359d65f263cc + +RUN cd $RESOURCES_PATH \ + && mkdir -p $HOME/.local/share \ + && mkdir -p $VSCODE_DIR/extensions +ENV VS_PYTHON_VERSION="2020.5.86806" +RUN wget --quiet --no-check-certificate https://github.com/microsoft/vscode-python/releases/download/$VS_PYTHON_VERSION/ms-python-release.vsix \ + && echo "${SHA256py} ms-python-release.vsix" | sha256sum -c - \ + && bsdtar -xf ms-python-release.vsix extension \ + && rm ms-python-release.vsix \ + && mv extension $VSCODE_DIR/extensions/ms-python.python-$VS_PYTHON_VERSION + +WORKDIR /tmp/vscode-lang-pack-install + +ENV VS_FRENCH_VERSION="1.68.3" +ENV VS_LOCALE_REPO_VERSION="1.68.3" +ENV NODE_VERSION="v20.17.0" +ENV NODE_VERSION_ARCH="node-v20.17.0-linux-x64" + +RUN git clone -vb release/$VS_LOCALE_REPO_VERSION https://github.com/microsoft/vscode-loc.git \ + && curl -O https://nodejs.org/dist/$NODE_VERSION/$NODE_VERSION_ARCH.tar.xz \ + && bsdtar -xf $NODE_VERSION_ARCH.tar.xz + +WORKDIR $NODE_VERSION_ARCH + +RUN if [ -f /usr/bin/node ]; then \ + sudo mv -f /usr/bin/node /usr/bin/node.old; \ + fi \ + && if [ -f /usr/bin/npm ]; then \ + sudo mv -f /usr/bin/npm /usr/bin/npm.old; \ + fi \ + && if [ -f /usr/bin/npx ]; then \ + sudo mv -f /usr/bin/npx /usr/bin/npx.old; \ + fi \ + && sudo ln -sfv /tmp/vscode-lang-pack-install/$NODE_VERSION_ARCH/bin/node /usr/bin/node \ + && sudo ln -sfv /tmp/vscode-lang-pack-install/$NODE_VERSION_ARCH/bin/npm /usr/bin/npm \ + && sudo ln -sfv /tmp/vscode-lang-pack-install/$NODE_VERSION_ARCH/bin/npx /usr/bin/npx \ + && npm install @vscode/vsce + +WORKDIR /tmp/vscode-lang-pack-install/vscode-loc/i18n/vscode-language-pack-fr + +RUN npx /tmp/vscode-lang-pack-install/$NODE_VERSION_ARCH/node_modules/@vscode/vsce package \ + && bsdtar -xf vscode-language-pack-fr-$VS_FRENCH_VERSION.vsix extension \ + && mv extension $VSCODE_DIR/extensions/ms-ceintl.vscode-language-pack-fr-$VS_FRENCH_VERSION \ + && ls $VSCODE_DIR/extensions + +WORKDIR /tmp + +RUN rm -fr vscode-lang-pack-install \ + && if [ -f /usr/bin/node.old ]; then \ + sudo mv -f /usr/bin/node.old /usr/bin/node; \ + fi \ + && if [ -f /usr/bin/npm.old ]; then \ + sudo mv -f /usr/bin/npm.old /usr/bin/npm; \ + fi \ + && if [ -f /usr/bin/npx.old ]; then \ + sudo mv -f /usr/bin/npx.old /usr/bin/npx; \ + fi \ + && fix-permissions $XDG_DATA_HOME \ + && clean-layer.sh + +#QGIS +COPY qgis-2022.gpg.key $RESOURCES_PATH/qgis-2022.gpg.key +COPY remote-desktop/qgis.sh $RESOURCES_PATH/qgis.sh +RUN /bin/bash $RESOURCES_PATH/qgis.sh \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists + +#R-Studio +RUN /bin/bash $RESOURCES_PATH/r-studio-desktop.sh && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists + +#Libre office +RUN add-apt-repository ppa:libreoffice/ppa && \ + apt-get install -y eog && \ + apt-get install -y libreoffice libreoffice-gtk3 && \ + apt-get install -y libreoffice-help-fr libreoffice-l10n-fr && \ + clean-layer.sh + +#Install PSPP +RUN /bin/bash $RESOURCES_PATH/pspp.sh \ + && clean-layer.sh + +#Install Minio +COPY minio-icon.png $RESOURCES_PATH/minio-icon.png +COPY remote-desktop/minio-launch.py /usr/bin/minio-launch.py + +# Install OpenM++ +ENV OMPP_VERSION="1.17.5" +# IMPORTANT: Don't forget to update the version number in the openmpp.desktop file!! +ENV OMPP_PKG_DATE="20241021" +# Sha needs to be manually generated. +ARG SHA256ompp=79084a009f3bad3c0d81cb12ccc844458d29b70d199352233aad3d94489427c9 +# OpenM++ environment settings +ENV OMPP_USER=$NB_USER +ENV OMPP_GROUP=100 +ENV OMPP_UID=$NB_UID +ENV OMPP_GID=$NB_GID +# OpenM++ expects sqlite to be installed (not just libsqlite) +RUN apt-get update --yes \ + && apt-get install --yes sqlite3 \ + && wget https://github.com/openmpp/main/releases/download/v${OMPP_VERSION}/openmpp_debian-11_${OMPP_PKG_DATE}.tar.gz -O /tmp/ompp.tar.gz \ + && echo "${SHA256ompp} /tmp/ompp.tar.gz" | sha256sum -c - \ + && tar -xf /tmp/ompp.tar.gz -C /tmp/ \ + && mkdir /opt/openmpp \ + && mv /tmp/openmpp_debian-11_${OMPP_PKG_DATE} /opt/openmpp/${OMPP_VERSION} \ + && chown -R $NB_UID:$NB_GID /opt/openmpp +# Copy the desktop icon into place for the web UI +COPY openmpp.png $RESOURCES_PATH/openmpp.png + +#Copy over french config for vscode +#Both of these are required to have the language pack be recognized on install. +COPY French/vscode/argv.json /home/$NB_USER/.vscode/ +COPY French/vscode/languagepacks.json /home/$NB_USER/.config/Code/ + +#Tiger VNC +ARG SHA256tigervnc=fb8f94a5a1d77de95ec8fccac26cb9eaa9f9446c664734c68efdffa577f96a31 +RUN \ + cd ${RESOURCES_PATH} && \ + wget --quiet https://sourceforge.net/projects/tigervnc/files/stable/1.10.1/tigervnc-1.10.1.x86_64.tar.gz/ -O /tmp/tigervnc.tar.gz && \ + echo "${SHA256tigervnc} /tmp/tigervnc.tar.gz" | sha256sum -c - && \ + tar xzf /tmp/tigervnc.tar.gz --strip 1 -C / && \ + rm /tmp/tigervnc.tar.gz && \ + clean-layer.sh + +#MISC Configuration Area +#Copy over desktop files. First location is dropdown, then desktop, and make them executable +COPY /desktop-files /usr/share/applications +COPY /desktop-files $RESOURCES_PATH/desktop-files + +#Copy over French Language files +COPY French/mo-files/ /usr/share/locale/fr/LC_MESSAGES + +#Configure the panel +# Done at runtime +# COPY ./desktop-files/.config/xfce4/xfce4-panel.xml /home/jovyan/.config/xfce4/xfconf/xfce-perchannel-xml/ + +#Removal area +#Extra Icons +RUN rm /usr/share/applications/exo-mail-reader.desktop +#Prevent screen from locking +RUN apt-get remove -y -q light-locker + + +# apt-get may result in root-owned directories/files under $HOME +RUN usermod -l $NB_USER rstudio && \ + chown -R $NB_UID:$NB_GID $HOME + +ENV NB_USER=$NB_USER +ENV NB_NAMESPACE=$NB_NAMESPACE +# https://github.com/novnc/websockify/issues/413#issuecomment-664026092 +RUN apt-get update && apt-get install --yes websockify \ + && cp /usr/lib/websockify/rebind.cpython-38-x86_64-linux-gnu.so /usr/lib/websockify/rebind.so \ + && clean-layer.sh + + +#Set Defaults +ENV HOME=/home/$NB_USER +COPY /novnc $RESOURCES_PATH/novnc +ARG NO_VNC_VERSION=1.3.0 +ARG NO_VNC_SHA=ee8f91514c9ce9f4054d132f5f97167ee87d9faa6630379267e569d789290336 +RUN pip3 install --force websockify==0.9.0 \ + && wget https://github.com/novnc/noVNC/archive/refs/tags/v${NO_VNC_VERSION}.tar.gz -O /tmp/novnc.tar.gz \ + && echo "${NO_VNC_SHA} /tmp/novnc.tar.gz" | sha256sum -c - \ + && tar -xf /tmp/novnc.tar.gz -C /tmp/ \ + && mv /tmp/noVNC-${NO_VNC_VERSION} /opt/novnc \ + && rm /tmp/novnc.tar.gz \ + && mv ${RESOURCES_PATH}/novnc/ui.js /opt/novnc/app/ui.js \ + && mv ${RESOURCES_PATH}/novnc/vnc_lite.html /opt/novnc/vnc_lite.html \ + && chown -R $NB_UID:$NB_GID /opt/novnc + +COPY --chown=$NB_USER:100 canada.ico $RESOURCES_PATH/favicon.ico + +USER root +RUN apt-get update --yes \ + && apt-get install --yes nginx \ + && chown -R $NB_USER:100 /var/log/nginx \ + && chown $NB_USER:100 /etc/nginx \ + && chmod -R 755 /var/log/nginx \ + && rm -rf /var/lib/apt/lists/* +RUN chown -R $NB_USER /home/$NB_USER +USER $NB_USER +COPY --chown=$NB_USER:100 nginx.conf /etc/nginx/nginx.conf + +USER root + + +############################### +### docker-bits/7_remove_vulnerabilities.Dockerfile +############################### + +# Remove libpdfbox-java due to CVE-2019-0228. See https://github.com/StatCan/aaw-kubeflow-containers/issues/249#issuecomment-834808115 for details. +# Issue opened https://github.com/jupyter/docker-stacks/issues/1299. +# This line of code should be removed once a solution or better alternative is found. +USER root +RUN apt-get update --yes \ + && dpkg -r --force-depends libpdfbox-java \ + && rm -rf /var/lib/apt/lists/* + +# Forcibly upgrade packages to patch vulnerabilities +# See https://github.com/StatCan/aaw-private/issues/58#issuecomment-1471863092 for more details. +RUN pip3 --no-cache-dir install --quiet \ + 'wheel==0.40.0' \ + 'setuptools==67.6.0' \ + 'pyjwt==2.6.0' \ + 'oauthlib==3.2.2' \ + 'mpmath==1.3.0' \ + 'lxml==4.9.2' \ + 'pyarrow==14.0.1' \ + 'cryptography==41.0.6' \ + && fix-permissions $CONDA_DIR && \ + fix-permissions /home/$NB_USER + +USER $NB_USER + +############################### +### docker-bits/8_platform.Dockerfile +############################### + +USER root + +# Install AMD AOCL +ARG AOCL_VERSION=4.0 +ENV AOCL_PATH=/opt/amd/aocl/${AOCL_VERSION} +ARG AOCL_SHA256=8a249e727beb8005639b4887074e1ea75020267ed1ac25520876a7ad21d0f4f6 +RUN cd ${RESOURCES_PATH} && \ + wget --quiet https://download.amd.com/developer/eula/aocl/aocl-4-0/aocl-linux-aocc-${AOCL_VERSION}.tar.gz -O /tmp/aocl-linux-aocc-${AOCL_VERSION}.tar && \ + echo "${AOCL_SHA256} /tmp/aocl-linux-aocc-${AOCL_VERSION}.tar" | sha256sum -c - && \ + tar xf /tmp/aocl-linux-aocc-${AOCL_VERSION}.tar -C ./ && \ + cd ./aocl-linux-aocc-${AOCL_VERSION} && \ + /bin/bash ./install.sh -t /opt/amd/aocl && \ + cp setenv_aocl.sh ${AOCL_PATH} &&\ + rm /tmp/aocl-linux-aocc-${AOCL_VERSION}.tar + +# Install AMD AOCC +ARG AOCC_VERSION=4.0.0 +ARG AOCC_SHA256=2729ec524cbc927618e479994330eeb72df5947e90cfcc49434009eee29bf7d4 +RUN cd ${RESOURCES_PATH} && \ + wget --quiet https://download.amd.com/developer/eula/aocc-compiler/aocc-compiler-${AOCC_VERSION}.tar -O /tmp/aocc-compiler-${AOCC_VERSION}.tar && \ + echo "${AOCC_SHA256} /tmp/aocc-compiler-${AOCC_VERSION}.tar" | sha256sum -c - && \ + tar xf /tmp/aocc-compiler-${AOCC_VERSION}.tar -C ./ && \ + cd ./aocc-compiler-${AOCC_VERSION} && \ + /bin/bash ./install.sh && \ + rm /tmp/aocc-compiler-${AOCC_VERSION}.tar + +############################### +### docker-bits/∞_CMD_remote-desktop.Dockerfile +############################### + +# Configure container startup + +USER root + +WORKDIR /home/$NB_USER +EXPOSE 8888 +COPY start-remote-desktop.sh /usr/local/bin/ +COPY mc-tenant-wrapper.sh /usr/local/bin/mc +COPY trino-wrapper.sh /usr/local/bin/trino + +RUN chmod +x /usr/local/bin/trino +RUN chsh -s /bin/bash $NB_USER + +# Add --user to all pip install calls and point pip to Artifactory repository +COPY pip.conf /tmp/pip.conf +RUN cat /tmp/pip.conf >> /etc/pip.conf && rm /tmp/pip.conf \ + && pip config set global.timeout 300 + +# Point conda to Artifactory repository +COPY .condarc /tmp/.condarc +RUN cat /tmp/.condarc > /opt/conda/.condarc && rm /tmp/.condarc + +# Point R to Artifactory repository +COPY Rprofile.site /tmp/Rprofile.site +RUN cat /tmp/Rprofile.site >> /usr/local/lib/R/etc/Rprofile.site && rm /tmp/Rprofile.site + +# Removal area +# Prevent screen from locking +RUN apt-get remove -y -q light-locker xfce4-screensaver \ + && apt-get autoremove -y + +USER $NB_USER +ENTRYPOINT ["tini", "--"] +CMD ["start-remote-desktop.sh"] \ No newline at end of file