Dockerfile: Switch docker base image to Debian bookworm-slim

Ubuntu delete snapshots after some time what could cause a problems with use packages with specific versions. This commit move and adapt the Dockerfile to Debian bookworm-slim. Advantage of Debian over Ubuntu is that that all package versions are archived via snapshots.debian.org (which we might move to in a later commit). Ubuntu has a similar service, but does not retain all versions. Move coccinelle from Debian archives because the version from Debian works equally well and is even the same version 1.1.1 in bookworm. Compile python2.7 from source, because it is no longer supplied in the repos because it has been EOL for a very long time. Issue: #17329
2025-12-20 00:52:33 +08:00 · 2025-07-04 12:29:43 +02:00
parent 0ee3417ba2
commit 281c748f13
3 changed files with 34 additions and 27 deletions
--- a/49
+++ b/49
@@ -1,4 +1,4 @@
-FROM ubuntu:20.04 as build-git
+FROM debian:bookworm-slim as build-git
 ARG GIT_DEB_GIT_COMMIT=d7922e98fad107e82e2b11c7defecf9f6d89bfb4 # git 2.45.2
 RUN set -x && apt-get -y update && \
    DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install --no-install-recommends \
@@ -11,8 +11,24 @@ RUN set -x && apt-get -y update && \
    mk-build-deps -i -t 'apt-get -o Debug::pkgProblemResolver=yes -y' /git-debian/debian/control && \
    (cd /git-debian && debuild -eDEB_BUILD_OPTIONS="parallel=$(nproc)" -us -uc -b) && \
    rm -rf /git-debian
+FROM debian:bookworm-slim as build-python2
+RUN apt-get -y update && \
+    apt-get install -y libreadline-dev libbz2-dev libsqlite3-dev libssl-dev build-essential wget && \
+    rm -rf /var/lib/apt/lists/* && \
+    wget https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tgz && \
+    tar xf Python-2.7.18.tgz && \
+    cd Python-2.7.18 && \
+    ./configure --prefix=/usr/local/python2.7 --enable-shared && \
+    make -j8 && \
+    make install && \
+    mkdir -p /usr/local/python2.7/DEBIAN

-FROM ubuntu:20.04
+COPY docker/control-python2.7 /usr/local/python2.7/DEBIAN/control
+
+RUN dpkg-deb --build /usr/local/python2.7 && \
+    rm -rf /Python-2.7.18.tgz Python-2.7.18
+
+FROM debian:bookworm-slim
 COPY --from=build-git /git_*_*.deb /git-man_*_*.deb /tmp/
 RUN apt-get -y update && \
    apt-get -y install /tmp/git*.deb && \
@@ -36,6 +52,9 @@ RUN dpkg --add-architecture i386 && \
        python3-yaml && \
    rm -rf /var/lib/apt/lists/*

+# Set the same PATH varialbe for root and non-root users
+RUN echo "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\" && export PATH" >> /etc/profile
+
 # Install Node.js
 ARG NODEJS_VERSION_MAJOR=20
 RUN mkdir -p /etc/apt/keyrings && \
@@ -58,6 +77,10 @@ COPY docker/fixuid.yml /etc/fixuid/config.yml
 # Copy git configuration to dev's home folder
 COPY --chown=dev:dev docker/gitconfig /home/dev/.gitconfig

+# Install python2
+COPY --from=build-python2 /usr/local/python2.7.deb /tmp/
+RUN dpkg -i /tmp/python2.7.deb
+
 # Run "iop setup_host" inside image to install necessary SDK dependencies
 COPY iop /

@@ -67,28 +90,6 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-sel
    rm /iop && \
    rm -rf /var/lib/apt/lists/*

-# Install Coccinelle
-ARG COCCINELLE_VERSION=1.1.1
-RUN apt-get -y update && \
-    apt-get -y install ocaml \
-        ocaml-native-compilers \
-        libpycaml-ocaml-dev \
-        libpcre-ocaml-dev \
-        libmenhir-ocaml-dev && \
-    git clone --branch=${COCCINELLE_VERSION} https://github.com/coccinelle/coccinelle.git /tmp/coccinelle-src && \
-    cd /tmp/coccinelle-src && \
-    ./autogen && \
-    ./configure && \
-    make && \
-    make install && \
-    apt-get -y autoremove --purge ocaml \
-        ocaml-native-compilers \
-        libpycaml-ocaml-dev \
-        libpcre-ocaml-dev \
-        libmenhir-ocaml-dev  && \
-    rm -r /tmp/coccinelle-src && \
-    rm -rf /var/lib/apt/lists/*
-
 RUN echo "dev ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/10-dev

 ENTRYPOINT ["/usr/local/bin/fixuid", "-q"]
--- a/docker/control-python2.7
+++ b/docker/control-python2.7
@@ -0,0 +1,8 @@
+Package: python2.7
+Version: 2.7.18-1
+Section: interpreters
+Priority: optional
+Architecture: amd64
+Maintainer: NA
+Description: Legacy Python 2.7.18 interpreter
+    This package provides the Python 2.7 interpreter built from source.
--- a/4
+++ b/4
@@ -91,7 +91,6 @@ cpio
 curl
 device-tree-compiler
 dialog
-execstack
 file
 flex
 g++
@@ -110,8 +109,6 @@ libncurses5-dev
 libssl-dev
 ncurses-term
 pv
-python2
-python-is-python2
 python3
 python3-cryptography
 python3-distutils
@@ -131,6 +128,7 @@ cryptsetup
 libcap-dev
 libseccomp-dev
 libyajl-dev
+coccinelle
 "
    local packages_perl="libconvert-binary-c-perl libdigest-crc-perl"