# Start with an the old-ish bullseye release (11.2), then upgrade -- # to make sure packages that come pre-installed in the debian:XXX image # are older than anything in StarlingX. ARG RELEASE=11.2 FROM debian:${RELEASE} ENV DEBIAN_FRONTEND=noninteractive # Disable upstream debian repos RUN mv /etc/apt/sources.list /etc/apt/sources.list.disabled # Install apt repos COPY apt/debian.sources.list /etc/apt/sources.list.d/debian.list.disabled COPY apt/stx.sources.list /etc/apt/sources.list.d/stx.list.disabled COPY apt/stx.preferences /etc/apt/preferences.d/stx # Install layer-specific binary repositories. # Note: They are all supposed to be disabled by default, but can be optionally # enabled if it is necessary to build an image that requires # dependencies that are in repositories not listed in `stx.sources.list`. COPY apt/*.layer.sources.list /etc/apt/sources.list.d/ RUN for layer in /etc/apt/sources.list.d/*.layer.sources.list; do \ mv "${layer}" "$(echo "${layer}" | sed s/.layer.sources.list/.list.disabled/)"; \ done # repo templates: # /etc/apt/sources.list.d/ # debian.list.disabled - vanilla debian repos # stx.list.disabled - starlingx binary & build repos # # To enable a repo list: # cp /etc/apt/sources.list.d/$repo_list.disabled \ # /etc/apt/sources.list.d/$repo_list # # To disable a repo list: # rm -f /etc/apt/sources.list.d/$repo_list # # By default only stx.list is enabled, which includes only the packages # built by stx tools, and the binary packages from the curated binary # download lists (bullseye-base.lst etc). # # Enabling the upstream repos ("debian.list") is dangerous because it # may conflict with packages in stx.list. # # # FIXME: apt evaluates these files in alphabetical order, so stx.list # comes after debian.list. When the local binary repo contains # the same package/version as the debian repo, apt will download # it from debian, regardless of the priority in /etc/apt/preferences. # We should rename these files to make stx.list sort before # debian.list. This would affect Loci scripts in # loci/docker/stx-scripts/ # # # Upgrade base packages to versions in managed repos # RUN cp -f /etc/apt/sources.list.d/stx.list.disabled /etc/apt/sources.list.d/stx.list && \ apt-get -y update && \ apt-get -y upgrade && \ apt-get -y install --no-install-recommends --no-install-suggests \ ca-certificates \ libapache2-mod-wsgi-py3 \ python3-setuptools \ && \ rm -f /etc/apt/sources.list.d/stx.list && \ apt-get clean && rm -rf /var/lib/apt/lists/* # # Enable stx repo only. Packages installs below this point will use # only the managed locally-built & 3rd-party repos. # RUN cp /etc/apt/sources.list.d/stx.list.disabled /etc/apt/sources.list.d/stx.list # # Install required packages # RUN apt-get update -y && \ apt-get upgrade -y && \ apt-get install -y \ openssh-client \ python3 \ python3-pip \ python3-wheel \ # FIXME: uncomment once qemu is ported to debian (starlingx/integ) # qemu-utils \ && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* # FIXME: these packages are not required by most docker images inheriting # from this image. However these Python modules are not buildable from # source (ie by pip) on Debian and require patches. Install the patched # versions as DEB packages to make sure pip dependencies in derived images # are satisfied. # # A better solution would be to omit them here, but install them in each # project that requires them; or add wheel subpackages to these DEBs. RUN apt-get update -y && \ apt-get upgrade -y && \ apt-get install -y \ python3-thriftpy \ python3-nss \ python-nss \ && \ apt-get clean && \ rm -rf /var/lib/apt/lists/*