Skip to content

Commit

Permalink
Import CentOS 7 Dockerfiles
Browse files Browse the repository at this point in the history
  • Loading branch information
lloeki committed Nov 19, 2024
1 parent fd24f1b commit 10468a1
Show file tree
Hide file tree
Showing 7 changed files with 868 additions and 1 deletion.
27 changes: 26 additions & 1 deletion .github/workflows/build-ruby.yml
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,31 @@ jobs:
version: "9.4"
libc: musl
arch: ["x86_64", "aarch64"]
# centos
- engine: ruby
version: "2.7"
libc: centos
arch: ["x86_64", "aarch64"]
- engine: ruby
version: "3.0"
libc: centos
arch: ["x86_64", "aarch64"]
- engine: ruby
version: "3.1"
libc: centos
arch: ["x86_64", "aarch64"]
- engine: ruby
version: "3.2"
libc: centos
arch: ["x86_64", "aarch64"]
- engine: ruby
version: "3.3"
libc: centos
arch: ["x86_64", "aarch64"]
- engine: ruby
version: "3.4"
libc: centos
arch: ["x86_64", "aarch64"]
runs-on: ubuntu-latest
name: Build (${{ matrix.engine }} ${{ matrix.version }} ${{ matrix.libc }})
steps:
Expand Down Expand Up @@ -229,7 +254,7 @@ jobs:
docker run --platform linux/aarch64 --rm ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} bundle --version
docker run --platform linux/aarch64 --rm -v "${PWD}":"${PWD}" -w "${PWD}" -e BUNDLE_GEMFILE=gemfiles/${{ matrix.engine }}-${{ matrix.version }}.gemfile ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} /bin/sh -c 'bundle install --with="test" --without="check ide" && bundle exec rake test'
# TODO: hardcoded musl, unify gnu instead
# TODO: hardcoded musl, unify gnu+centos instead
# TODO: hardcoded tags, use proper tag building
- name: Tag single-arch image (aarch64)
if: ${{ contains(matrix.arch, 'aarch64') }}
Expand Down
137 changes: 137 additions & 0 deletions src/engines/ruby/2.7/Dockerfile.centos
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
# CentOS 7.9 has glibc 2.17
FROM public.ecr.aws/docker/library/centos:centos7.9.2009

# Set yum vault
RUN <<SHELL
set -euxo pipefail

if [ "$(uname -m)" != "x86_64" ]; then
repo_version="altarch/7.9.2009"
else
repo_version="7.9.2009"
fi

cat <<EOF > /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-\$releasever - Base
baseurl=http://vault.centos.org/${repo_version}/os/\$basearch/
gpgcheck=0

[updates]
name=CentOS-\$releasever - Updates
baseurl=http://vault.centos.org/${repo_version}/updates/\$basearch/
gpgcheck=0

[extras]
name=CentOS-\$releasever - Extras
baseurl=http://vault.centos.org/${repo_version}/extras/\$basearch/
gpgcheck=0

[centosplus]
name=CentOS-\$releasever - Plus
baseurl=http://vault.centos.org/${repo_version}/centosplus/\$basearch/
gpgcheck=0
enabled=0
EOF
SHELL

RUN yum update -y

RUN yum install -y curl gcc make

# Skip installing gem documentation
COPY <<GEMRC /usr/local/etc/gemrc
install: --no-document
update: --no-document
GEMRC

ENV LANG="C.UTF-8" \
RUBY_MAJOR="2.7" \
RUBY_VERSION="2.7.8" \
RUBY_DOWNLOAD_SHA256="f22f662da504d49ce2080e446e4bea7008cee11d5ec4858fc69000d0e5b1d7fb"

# - Compile Ruby with `--disable-shared`
# - Update gem version

RUN <<SHELL
set -euxo pipefail

yum install -y autoconf bison gdbm-devel openssl-devel

curl -o ruby.tar.xz "https://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR%-rc}/ruby-$RUBY_VERSION.tar.xz"
echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.xz" | sha256sum --check --strict
mkdir -p /usr/src/ruby
tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1
rm ruby.tar.xz

cd /usr/src/ruby

# hack in "ENABLE_PATH_CHECK" disabling to suppress:
# warning: Insecure world writable dir
{
echo '#define ENABLE_PATH_CHECK 0'
echo
cat file.c
} > file.c.new
mv file.c.new file.c

autoconf

gnuArch="$(gcc -dumpmachine)"
./configure \
--build="$gnuArch" \
--disable-install-doc \
--disable-shared
make -j "$(nproc)"
make install

# find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
# | awk '/=>/ { print $(NF-1) }' \
# | sort -u \
# | grep -vE '^/usr/local/lib/' \
# | xargs -r dpkg-query --search \
# | cut -d: -f1 \
# | sort -u \
# | xargs -r apt-mark manual \
#
# apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
#
# find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
# | awk '/=>/ { print $(NF-1) }' \
# | grep -v '=>' \
# | sort -u \
# | grep -vE '^/usr/local/lib/' \
# | xargs -r rpm -qf \
# | sort -u \
# | xargs -r yum ?mark-manual?
#
# yum autoremove -y
# yum remove --setopt=clean_requirements_on_remove=1
# package-cleanup --leaves && yum autoremove # yum-utils
# sudo yum history list pdftk
# sudo yum history undo 88

cd /
rm -r /usr/src/ruby
if yum list installed ruby; then exit 1; fi

# update gem version
gem update --system 3.3.27

# rough smoke test
ruby --version
gem --version
bundle --version

SHELL

# don't create ".bundle" in all our apps
ENV GEM_HOME /usr/local/bundle
ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
BUNDLE_APP_CONFIG="$GEM_HOME"
ENV PATH $GEM_HOME/bin:$PATH

# adjust permissions of a few directories for running "gem install" as an arbitrary user
RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME"

CMD [ "irb" ]
122 changes: 122 additions & 0 deletions src/engines/ruby/3.0/Dockerfile.centos
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
# CentOS 7.9 has glibc 2.17
FROM public.ecr.aws/docker/library/centos:centos7.9.2009

# Set yum vault
RUN <<SHELL
set -euxo pipefail

if [ "$(uname -m)" != "x86_64" ]; then
repo_version="altarch/7.9.2009"
else
repo_version="7.9.2009"
fi

cat <<EOF > /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-\$releasever - Base
baseurl=http://vault.centos.org/${repo_version}/os/\$basearch/
gpgcheck=0

[updates]
name=CentOS-\$releasever - Updates
baseurl=http://vault.centos.org/${repo_version}/updates/\$basearch/
gpgcheck=0

[extras]
name=CentOS-\$releasever - Extras
baseurl=http://vault.centos.org/${repo_version}/extras/\$basearch/
gpgcheck=0

[centosplus]
name=CentOS-\$releasever - Plus
baseurl=http://vault.centos.org/${repo_version}/centosplus/\$basearch/
gpgcheck=0
enabled=0
EOF
SHELL

RUN yum update -y

RUN yum install -y curl gcc make

# Skip installing gem documentation
COPY <<GEMRC /usr/local/etc/gemrc
install: --no-document
update: --no-document
GEMRC

ENV LANG="C.UTF-8" \
RUBY_MAJOR="3.0" \
RUBY_VERSION="3.0.6" \
RUBY_DOWNLOAD_SHA256="b5cbee93e62d85cfb2a408c49fa30a74231ae8409c2b3858e5f5ea254d7ddbd1"

# - Compile Ruby with `--disable-shared`
# - Update gem version

RUN <<SHELL
set -euxo pipefail

yum install -y autoconf bison gdbm-devel openssl-devel

curl -o ruby.tar.xz "https://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR%-rc}/ruby-$RUBY_VERSION.tar.xz"
echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.xz" | sha256sum --check --strict
mkdir -p /usr/src/ruby
tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1
rm ruby.tar.xz

cd /usr/src/ruby

# hack in "ENABLE_PATH_CHECK" disabling to suppress:
# warning: Insecure world writable dir
{
echo '#define ENABLE_PATH_CHECK 0'
echo
cat file.c
} > file.c.new
mv file.c.new file.c

autoconf

gnuArch="$(gcc -dumpmachine)"
./configure \
--build="$gnuArch" \
--disable-install-doc \
--disable-shared
make -j "$(nproc)"
make install

# find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
# | awk '/=>/ { print $(NF-1) }' \
# | sort -u \
# | grep -vE '^/usr/local/lib/' \
# | xargs -r dpkg-query --search \
# | cut -d: -f1 \
# | sort -u \
# | xargs -r apt-mark manual \
#
# apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \

cd /
rm -r /usr/src/ruby
if yum list installed ruby; then exit 1; fi

# update gem version
gem update --system 3.3.27

# rough smoke test
ruby --version
gem --version
bundle --version

SHELL

# don't create ".bundle" in all our apps
ENV GEM_HOME /usr/local/bundle
ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
BUNDLE_APP_CONFIG="$GEM_HOME"
ENV PATH $GEM_HOME/bin:$PATH

# adjust permissions of a few directories for running "gem install" as an arbitrary user
RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME"

CMD [ "irb" ]
Loading

0 comments on commit 10468a1

Please sign in to comment.