-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adjust the globing and abi rules in the apparmor profile: Newer versions of ubuntu (>24.04) do not pin the AppArmor Policy feature ABI which causes certain rules to not be enforced. We include an abi rule to use the relatively common 3.0 policy whenever it's available in the system, if it's not available we rely on the default fallback behaviour. The 3.0 policy should be present on any system using AppArmor>3.x (e.g. Ubuntu 22.04 or newer). The globbing rules in the profile were adjusted to cover a larger range of python versions and avoid creating new profiles for different versions of python used by the sandbox environment. To load the profile we need at least AppArmor 3.0, to avoid confusion in the future we pin the alpine base image and define a proper tag for the apparmorloader image.
- Loading branch information
1 parent
b724f37
commit e149458
Showing
9 changed files
with
78 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
"""Helps you keep your cool when creating dozens of open edX and eduNEXT environments.""" | ||
__version__ = "18.0.0" | ||
__version__ = "19.0.0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,58 +1,62 @@ | ||
FROM docker.io/ubuntu:22.04 as minimal | ||
MAINTAINER edunext.co <[email protected]> | ||
FROM docker.io/ubuntu:22.04 AS minimal | ||
LABEL mantainer="edunext.co <[email protected]>" | ||
|
||
ENV DEBIAN_FRONTEND=noninteractive | ||
RUN apt update && \ | ||
apt install -y build-essential curl git language-pack-en llvm | ||
ENV LC_ALL en_US.UTF-8 | ||
ENV LC_ALL=en_US.UTF-8 | ||
|
||
###### Install python with pyenv in /opt/pyenv and create virtualenv in /openedx/venv | ||
FROM minimal as python | ||
FROM minimal AS python | ||
# https://github.com/pyenv/pyenv/wiki/Common-build-problems#prerequisites | ||
RUN apt update && \ | ||
apt install -y libssl-dev zlib1g-dev libbz2-dev \ | ||
libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev \ | ||
xz-utils tk-dev libffi-dev liblzma-dev python3-openssl git subversion | ||
ENV PYENV_ROOT /opt/pyenv | ||
ENV PYENV_ROOT=/opt/pyenv | ||
RUN git clone https://github.com/pyenv/pyenv $PYENV_ROOT --branch v2.4.0 --depth 1 | ||
|
||
ARG CODEJAILSERVICE_PYTHON_VERSION=3.11.9 | ||
RUN $PYENV_ROOT/bin/pyenv install $CODEJAILSERVICE_PYTHON_VERSION | ||
|
||
ARG SANDBOX_PYTHON_VERSION={{ CODEJAIL_SANDBOX_PYTHON_VERSION }} | ||
ARG SANDBOX_PYTHON_VERSION="{{ CODEJAIL_SANDBOX_PYTHON_VERSION }}" | ||
RUN git clone https://github.com/esinker/pyenv-version-alias $PYENV_ROOT/plugins/pyenv-alias | ||
RUN VERSION_ALIAS={{ CODEJAIL_SANDBOX_PYTHON_VERSION }}_sandbox $PYENV_ROOT/bin/pyenv install -f $SANDBOX_PYTHON_VERSION | ||
RUN VERSION_ALIAS="{{ CODEJAIL_SANDBOX_PYTHON_VERSION }}_sandbox" \ | ||
$PYENV_ROOT/bin/pyenv install -f $SANDBOX_PYTHON_VERSION | ||
|
||
RUN $PYENV_ROOT/versions/$CODEJAILSERVICE_PYTHON_VERSION/bin/python -m venv /openedx/venv | ||
RUN $PYENV_ROOT/versions/"$SANDBOX_PYTHON_VERSION"_sandbox/bin/python -m venv --copies /sandbox/venv | ||
RUN "$PYENV_ROOT/versions/$CODEJAILSERVICE_PYTHON_VERSION/bin/python" -m venv /openedx/venv | ||
RUN "$PYENV_ROOT/versions/"$SANDBOX_PYTHON_VERSION"_sandbox/bin/python" -m venv --copies /sandbox/venv | ||
|
||
###### Codejail service code | ||
FROM minimal as code | ||
FROM minimal AS code | ||
RUN git clone {{ CODEJAIL_SERVICE_REPOSITORY }} --branch {{ CODEJAIL_SERVICE_VERSION }} --depth 1 /openedx/codejailservice | ||
WORKDIR /openedx/codejailservice | ||
|
||
###### Install python requirements in virtualenv | ||
FROM python as codejailservice-python-requirements | ||
FROM python AS codejailservice-python-requirements | ||
|
||
ENV PATH /openedx/venv/bin:${PATH} | ||
ENV VIRTUAL_ENV /openedx/venv/ | ||
ENV PATH=/openedx/venv/bin:${PATH} | ||
ENV VIRTUAL_ENV=/openedx/venv/ | ||
|
||
COPY --from=code /openedx/codejailservice /openedx/codejailservice | ||
WORKDIR /openedx/codejailservice | ||
RUN pip3 install -r requirements/base.txt | ||
RUN pip3 install uwsgi==2.0.21 | ||
|
||
###### Install python requirements in virtualenv | ||
FROM python as sandbox-python-requirements | ||
FROM python AS sandbox-python-requirements | ||
|
||
ENV PATH /sandbox/venv/bin:${PATH} | ||
ENV VIRTUAL_ENV /sandbox/venv/ | ||
ARG EDX_PLATFORM_REPOSITORY={{ EDX_PLATFORM_REPOSITORY }} | ||
ARG EDX_PLATFORM_VERSION={{ EDX_PLATFORM_VERSION }} | ||
|
||
ENV PATH=/sandbox/venv/bin:${PATH} | ||
ENV VIRTUAL_ENV=/sandbox/venv/ | ||
|
||
WORKDIR /var/tmp | ||
RUN mkdir -p common/lib/ | ||
|
||
COPY --from={{ DOCKER_IMAGE_OPENEDX }} /openedx/edx-platform/requirements/edx-sandbox/releases/redwood.txt redwood.txt | ||
RUN pip3 install -r redwood.txt | ||
ADD $EDX_PLATFORM_REPOSITORY#$EDX_PLATFORM_VERSION:requirements/edx-sandbox/releases . | ||
RUN pip3 install -r sumac.txt | ||
|
||
# Allows you to add extra pip requirements to your codejail sandbox. | ||
{% if CODEJAIL_EXTRA_PIP_REQUIREMENTS is defined %} | ||
|
@@ -61,7 +65,7 @@ RUN pip3 install -r redwood.txt | |
{% endif %} | ||
|
||
##### Prod image | ||
FROM minimal as production | ||
FROM minimal AS production | ||
|
||
# Install system requirements | ||
RUN apt update && \ | ||
|
@@ -76,8 +80,8 @@ COPY --from=sandbox-python-requirements /sandbox/venv /sandbox/venv | |
ENV SANDBOX_ENV=/sandbox/venv | ||
RUN groupadd -r sandbox && useradd -m -r -g sandbox sandbox && chown -R sandbox:sandbox /sandbox | ||
|
||
ENV PATH /openedx/venv/bin:${PATH} | ||
ENV VIRTUAL_ENV /openedx/venv/ | ||
ENV PATH=/openedx/venv/bin:${PATH} | ||
ENV VIRTUAL_ENV=/openedx/venv/ | ||
WORKDIR /openedx/codejailservice | ||
|
||
EXPOSE 8550 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters