From 281c748f131b941077303b7699868d8bb54718f4 Mon Sep 17 00:00:00 2001
From: Dariusz Iwanoczko <dariusz.iwanoczko@genexis.eu>
Date: Fri, 4 Jul 2025 12:29:43 +0200
Subject: [PATCH] Dockerfile: Switch docker base image to Debian bookworm-slim

Ubuntu delete snapshots after some time what could cause a problems with
use packages with specific versions.

This commit move and adapt the Dockerfile to Debian bookworm-slim.
Advantage of Debian over Ubuntu is that that all package versions are
archived via snapshots.debian.org (which we might move to in a later
commit). Ubuntu has a similar service, but does not retain all versions.

Move coccinelle from Debian archives because the version from Debian
works equally well and is even the same version 1.1.1 in bookworm.

Compile python2.7 from source, because it is no longer supplied in the
repos because it has been EOL for a very long time.

Issue: #17329
---
 Dockerfile               | 49 ++++++++++++++++++++--------------------
 docker/control-python2.7 |  8 +++++++
 iop                      |  4 +---
 3 files changed, 34 insertions(+), 27 deletions(-)
 create mode 100644 docker/control-python2.7

diff --git a/Dockerfile b/Dockerfile
index 92c33af64f..cd60ae3363 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:20.04 as build-git
+FROM debian:bookworm-slim as build-git
 ARG GIT_DEB_GIT_COMMIT=d7922e98fad107e82e2b11c7defecf9f6d89bfb4 # git 2.45.2
 RUN set -x && apt-get -y update && \
     DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install --no-install-recommends \
@@ -11,8 +11,24 @@ RUN set -x && apt-get -y update && \
     mk-build-deps -i -t 'apt-get -o Debug::pkgProblemResolver=yes -y' /git-debian/debian/control && \
     (cd /git-debian && debuild -eDEB_BUILD_OPTIONS="parallel=$(nproc)" -us -uc -b) && \
     rm -rf /git-debian
+FROM debian:bookworm-slim as build-python2
+RUN apt-get -y update && \
+    apt-get install -y libreadline-dev libbz2-dev libsqlite3-dev libssl-dev build-essential wget && \
+    rm -rf /var/lib/apt/lists/* && \
+    wget https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tgz && \
+    tar xf Python-2.7.18.tgz && \
+    cd Python-2.7.18 && \
+    ./configure --prefix=/usr/local/python2.7 --enable-shared && \
+    make -j8 && \
+    make install && \
+    mkdir -p /usr/local/python2.7/DEBIAN
 
-FROM ubuntu:20.04
+COPY docker/control-python2.7 /usr/local/python2.7/DEBIAN/control
+
+RUN dpkg-deb --build /usr/local/python2.7 && \
+    rm -rf /Python-2.7.18.tgz Python-2.7.18
+
+FROM debian:bookworm-slim
 COPY --from=build-git /git_*_*.deb /git-man_*_*.deb /tmp/
 RUN apt-get -y update && \
     apt-get -y install /tmp/git*.deb && \
@@ -36,6 +52,9 @@ RUN dpkg --add-architecture i386 && \
         python3-yaml && \
     rm -rf /var/lib/apt/lists/*
 
+# Set the same PATH varialbe for root and non-root users
+RUN echo "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\" && export PATH" >> /etc/profile
+
 # Install Node.js
 ARG NODEJS_VERSION_MAJOR=20
 RUN mkdir -p /etc/apt/keyrings && \
@@ -58,6 +77,10 @@ COPY docker/fixuid.yml /etc/fixuid/config.yml
 # Copy git configuration to dev's home folder
 COPY --chown=dev:dev docker/gitconfig /home/dev/.gitconfig
 
+# Install python2
+COPY --from=build-python2 /usr/local/python2.7.deb /tmp/
+RUN dpkg -i /tmp/python2.7.deb
+
 # Run "iop setup_host" inside image to install necessary SDK dependencies
 COPY iop /
 
@@ -67,28 +90,6 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-sel
     rm /iop && \
     rm -rf /var/lib/apt/lists/*
 
-# Install Coccinelle
-ARG COCCINELLE_VERSION=1.1.1
-RUN apt-get -y update && \
-    apt-get -y install ocaml \
-        ocaml-native-compilers \
-        libpycaml-ocaml-dev \
-        libpcre-ocaml-dev \
-        libmenhir-ocaml-dev && \
-    git clone --branch=${COCCINELLE_VERSION} https://github.com/coccinelle/coccinelle.git /tmp/coccinelle-src && \
-    cd /tmp/coccinelle-src && \
-    ./autogen && \
-    ./configure && \
-    make && \
-    make install && \
-    apt-get -y autoremove --purge ocaml \
-        ocaml-native-compilers \
-        libpycaml-ocaml-dev \
-        libpcre-ocaml-dev \
-        libmenhir-ocaml-dev  && \
-    rm -r /tmp/coccinelle-src && \
-    rm -rf /var/lib/apt/lists/*
-
 RUN echo "dev ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/10-dev
 
 ENTRYPOINT ["/usr/local/bin/fixuid", "-q"]
diff --git a/docker/control-python2.7 b/docker/control-python2.7
new file mode 100644
index 0000000000..a017d6afcf
--- /dev/null
+++ b/docker/control-python2.7
@@ -0,0 +1,8 @@
+Package: python2.7
+Version: 2.7.18-1
+Section: interpreters
+Priority: optional
+Architecture: amd64
+Maintainer: NA
+Description: Legacy Python 2.7.18 interpreter
+    This package provides the Python 2.7 interpreter built from source.
diff --git a/iop b/iop
index da81a34659..fb2f928d7f 100755
--- a/iop
+++ b/iop
@@ -91,7 +91,6 @@ cpio
 curl
 device-tree-compiler
 dialog
-execstack
 file
 flex
 g++
@@ -110,8 +109,6 @@ libncurses5-dev
 libssl-dev
 ncurses-term
 pv
-python2
-python-is-python2
 python3
 python3-cryptography
 python3-distutils
@@ -131,6 +128,7 @@ cryptsetup
 libcap-dev
 libseccomp-dev
 libyajl-dev
+coccinelle
 "
     local packages_perl="libconvert-binary-c-perl libdigest-crc-perl"