From a1908ea10cae99cc7a64a792fdbb04658ddbc323 Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Fri, 4 Jun 2021 11:17:44 -0400 Subject: [PATCH 01/15] init commit --- Dockerfile | 23 +++++++++++++++++++++++ LICENSE | 0 hardening_manifest.yaml | 40 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..48524be --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +FROM registry1.dso.mil/ironbank/opensource/r/r-studio as base + +FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as final + +COPY --from=base /etc/init.d/ /etc/init.d/ +COPY --from=base /etc/rstudio/ /etc/rstudio/ +COPY --from=base /opt/R/ /opt/R/ +COPY --from=base /usr/lib/ /usr/lib +COPY --from=base /usr/lib64/ /usr/lib64 +COPY --from=base /usr/local/bin/ /usr/local/bin/ +COPY --from=base /var/lib/rstudio-server/ /var/lib/rstudio-server/ +COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/ + +USER root + +RUN chown -R python3 /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ + chmod -R g=u /var/lib/rstudio-server && \ + chmod -R g=u /etc/rstudio && \ + chmod +t /var/run/rstudio-server + #chkconfig rstudio-server off + +USER 1001 +RUN env diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e69de29 diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..9d6fcda --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "aiml/r/rstudio" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "1.4.1106" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "carnegie-mellon/python-ai/python38-ai" + BASE_TAG: "latest" + +# Docker image labels +labels: + org.opencontainers.image.title: "rstudio" + org.opencontainers.image.description: "JupyterLab is the next-generation web-based user interface for Project Jupyter." + org.opencontainers.image.licenses: "MIT License (MIT)" + org.opencontainers.image.url: " " + org.opencontainers.image.vendor: "rstudio" + org.opencontainers.image.version: "1.4.1106" + mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science" + mil.dso.ironbank.image.type: "opensource" + mil.dso.ironbank.product.name: "jupyterlab" + +# List of project maintainers +maintainers: +- email: "remccarthy@sei.cmu.edu" + name: "Rob McCarthy" + username: "remccarthy" + cht_member: false +- email: "daniel.komnick@gmail.com" + name: "Daniel Komnick" + username: "dkomnick" + cht_member: false -- GitLab From 7cfe27da526a5f688f5ce3f2c7d2641840437fd0 Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Fri, 4 Jun 2021 11:30:18 -0400 Subject: [PATCH 02/15] python3 -> python user --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 48524be..53407ce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/ USER root -RUN chown -R python3 /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ +RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ chmod -R g=u /var/lib/rstudio-server && \ chmod -R g=u /etc/rstudio && \ chmod +t /var/run/rstudio-server -- GitLab From 5d58d924779f0bba643edc782ea2522b378139f9 Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Wed, 9 Jun 2021 17:13:22 +0000 Subject: [PATCH 03/15] Add HEALTHCHECK --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 53407ce..dd9be9f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,5 +19,7 @@ RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ chmod +t /var/run/rstudio-server #chkconfig rstudio-server off +HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" + USER 1001 RUN env -- GitLab From 4adc6b8427fa3821155f4d3df5973b5a9827224e Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Wed, 9 Jun 2021 17:14:14 +0000 Subject: [PATCH 04/15] add ENTRYPOINT --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index dd9be9f..f1803e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,4 +22,7 @@ RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" USER 1001 -RUN env +EXPOSE 8787 + +ENTRYPOINT ["rstudio-server", "start"] + -- GitLab From 8fb3037c6a7f25f534186f66e0fdb779c6542e7d Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Wed, 9 Jun 2021 15:57:59 -0400 Subject: [PATCH 05/15] restructure base image (TODO: add tini?) --- Dockerfile | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index f1803e9..280b77c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,10 @@ -FROM registry1.dso.mil/ironbank/opensource/r/r-studio as base +FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as base -FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as final +FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final -COPY --from=base /etc/init.d/ /etc/init.d/ -COPY --from=base /etc/rstudio/ /etc/rstudio/ -COPY --from=base /opt/R/ /opt/R/ -COPY --from=base /usr/lib/ /usr/lib -COPY --from=base /usr/lib64/ /usr/lib64 COPY --from=base /usr/local/bin/ /usr/local/bin/ -COPY --from=base /var/lib/rstudio-server/ /var/lib/rstudio-server/ -COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/ - -USER root - -RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ - chmod -R g=u /var/lib/rstudio-server && \ - chmod -R g=u /etc/rstudio && \ - chmod +t /var/run/rstudio-server - #chkconfig rstudio-server off +COPY --from=base /usr/local/lib/ /usr/local/lib/ +COPY --from=base /opt/python/ /opt/python/ HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" -- GitLab From 07c122a43e1892682666f1c927fc9934ec5b651a Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Thu, 10 Jun 2021 16:11:51 -0400 Subject: [PATCH 06/15] add dumb-init --- Dockerfile | 8 +++++++- hardening_manifest.yaml | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 280b77c..6c9891f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,14 +2,20 @@ FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as base FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final +USER root + COPY --from=base /usr/local/bin/ /usr/local/bin/ COPY --from=base /usr/local/lib/ /usr/local/lib/ COPY --from=base /opt/python/ /opt/python/ +COPY dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init +RUN chmod +x /usr/local/bin/dumb-init + HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" USER 1001 EXPOSE 8787 -ENTRYPOINT ["rstudio-server", "start"] +ENTRYPOINT ["dumb-init", "--"] +CMD ["rstudio-server", "start"] diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 9d6fcda..c902478 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -28,6 +28,13 @@ labels: mil.dso.ironbank.image.type: "opensource" mil.dso.ironbank.product.name: "jupyterlab" +resources: + - filename: dumb-init_1.2.5_x86_64 + url: https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 + validation: + type: sha256 + value: e874b55f3279ca41415d290c512a7ba9d08f98041b28ae7c2acb19a545f1c4df + # List of project maintainers maintainers: - email: "remccarthy@sei.cmu.edu" -- GitLab From b1038936861baccd9f43a8d553c79b335a22f96d Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Thu, 10 Jun 2021 16:14:12 -0400 Subject: [PATCH 07/15] switch to tini --- Dockerfile | 6 +++--- hardening_manifest.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6c9891f..f6f53b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,14 +8,14 @@ COPY --from=base /usr/local/bin/ /usr/local/bin/ COPY --from=base /usr/local/lib/ /usr/local/lib/ COPY --from=base /opt/python/ /opt/python/ -COPY dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init -RUN chmod +x /usr/local/bin/dumb-init +COPY tini /usr/local/bin/tini +RUN chmod +x /usr/local/bin/tini HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" USER 1001 EXPOSE 8787 -ENTRYPOINT ["dumb-init", "--"] +ENTRYPOINT ["tini", "-g", "--"] CMD ["rstudio-server", "start"] diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c902478..c8503fc 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -29,11 +29,11 @@ labels: mil.dso.ironbank.product.name: "jupyterlab" resources: - - filename: dumb-init_1.2.5_x86_64 - url: https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 + - filename: tini + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini validation: type: sha256 - value: e874b55f3279ca41415d290c512a7ba9d08f98041b28ae7c2acb19a545f1c4df + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c # List of project maintainers maintainers: -- GitLab From 240bf0e2865570b06226700826c0c80f4a0d75a3 Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Tue, 10 Aug 2021 13:40:45 -0400 Subject: [PATCH 08/15] update hm with compat-openssl resource --- Dockerfile | 28 ++++++++++++++++++++-------- hardening_manifest.yaml | 15 ++++++++++----- scripts/builder/Dockerfile | 19 +++++++++++++++++++ scripts/builder/entrypoint.sh | 6 ++++++ 4 files changed, 55 insertions(+), 13 deletions(-) create mode 100644 scripts/builder/Dockerfile create mode 100644 scripts/builder/entrypoint.sh diff --git a/Dockerfile b/Dockerfile index f6f53b8..3bd0935 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,33 @@ -FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as base +FROM registry1.dso.mil/ironbank/opensource/r/r-studio as base -FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final - -USER root +FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as final +COPY --from=base /etc/init.d/ /etc/init.d/ +COPY --from=base /etc/rstudio/ /etc/rstudio/ +COPY --from=base /opt/R/ /opt/R/ +COPY --from=base /usr/lib/ /usr/lib +COPY --from=base /usr/lib64/ /usr/lib64 COPY --from=base /usr/local/bin/ /usr/local/bin/ -COPY --from=base /usr/local/lib/ /usr/local/lib/ -COPY --from=base /opt/python/ /opt/python/ +COPY --from=base /var/lib/rstudio-server/ /var/lib/rstudio-server/ +COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/ + +USER root COPY tini /usr/local/bin/tini RUN chmod +x /usr/local/bin/tini -HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" +RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ + chmod -R g=u /var/lib/rstudio-server && \ + chmod -R g=u /etc/rstudio && \ + chmod +t /var/run/rstudio-server + +WORKDIR /tmp/repo +COPY compat-openssl10.tar.gz . +RUN tar xvf /tmp/repo/compat-openssl10.tar.gz +RUN yum install -y /tmp/repo/* USER 1001 EXPOSE 8787 ENTRYPOINT ["tini", "-g", "--"] CMD ["rstudio-server", "start"] - diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c8503fc..f362951 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -29,11 +29,16 @@ labels: mil.dso.ironbank.product.name: "jupyterlab" resources: - - filename: tini - url: https://github.com/krallin/tini/releases/download/v0.19.0/tini - validation: - type: sha256 - value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c +- filename: tini + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini + validation: + type: sha256 + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c +- filename: compat-openssl10.tar.gz + url: http://coeus-fileserver.centralus.cloudapp.azure.com/compat-openssl10.tar.gz + validation: + type: sha256sum + value: fdb79c098b4b9fdc16f4a05470a939156a03ae49c876d1e5e8fce507594e5c58 # List of project maintainers maintainers: diff --git a/scripts/builder/Dockerfile b/scripts/builder/Dockerfile new file mode 100644 index 0000000..9a32274 --- /dev/null +++ b/scripts/builder/Dockerfile @@ -0,0 +1,19 @@ +FROM registry1.dso.mil/ironbank/redhat/ubi/ubi8:latest + +# usage +# build the container: +# docker build --build-arg RHEL_USERNAME='username' --build-arg RHEL_PASSWORD='password' -t rstudio:builder . +# run the container +# docker run -v $(pwd):/outdir +# see tarball in cwd + +ARG RHEL_USERNAME +ARG RHEL_PASSWORD + +RUN subscription-manager register --auto-attach --username $RHEL_USERNAME --password $RHEL_PASSWORD + +RUN subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms --enable codeready-builder-for-rhel-8-x86_64-rpms + +COPY entrypoint.sh / +RUN chmod +x /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] diff --git a/scripts/builder/entrypoint.sh b/scripts/builder/entrypoint.sh new file mode 100644 index 0000000..f2e2aee --- /dev/null +++ b/scripts/builder/entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +yum install -y --downloadonly --downloaddir=/tmp/repo compat-openssl10 +tar cvf compat-openssl10.tar.gz -C /tmp/repo . +mv compat-openssl10.tar.gz /outdir/ + -- GitLab From 39f3f2b34783a7078c0dc1649e45ce9499b5c065 Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Tue, 10 Aug 2021 13:34:30 -0400 Subject: [PATCH 09/15] update hm with compat-openssl resource --- Dockerfile | 6 ++++++ hardening_manifest.yaml | 2 +- scripts/builder/Dockerfile | 1 + scripts/builder/entrypoint.sh | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3bd0935..4e823ac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,6 +26,12 @@ COPY compat-openssl10.tar.gz . RUN tar xvf /tmp/repo/compat-openssl10.tar.gz RUN yum install -y /tmp/repo/* +WORKDIR /tmp/repo +COPY compat-openssl10.tar.gz . +RUN tar xvf /tmp/repo/compat-openssl10.tar.gz +RUN yum install -y /tmp/repo/* + + USER 1001 EXPOSE 8787 diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index f362951..77c25d2 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -38,7 +38,7 @@ resources: url: http://coeus-fileserver.centralus.cloudapp.azure.com/compat-openssl10.tar.gz validation: type: sha256sum - value: fdb79c098b4b9fdc16f4a05470a939156a03ae49c876d1e5e8fce507594e5c58 + value: b7ce2eb6b599b4a396d196fbd90854f09fe1c81298c910e2f19d25692bfc6393 # List of project maintainers maintainers: diff --git a/scripts/builder/Dockerfile b/scripts/builder/Dockerfile index 9a32274..bdb571c 100644 --- a/scripts/builder/Dockerfile +++ b/scripts/builder/Dockerfile @@ -13,6 +13,7 @@ ARG RHEL_PASSWORD RUN subscription-manager register --auto-attach --username $RHEL_USERNAME --password $RHEL_PASSWORD RUN subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms --enable codeready-builder-for-rhel-8-x86_64-rpms +RUN yum install -y createrepo COPY entrypoint.sh / RUN chmod +x /entrypoint.sh diff --git a/scripts/builder/entrypoint.sh b/scripts/builder/entrypoint.sh index f2e2aee..789913a 100644 --- a/scripts/builder/entrypoint.sh +++ b/scripts/builder/entrypoint.sh @@ -1,6 +1,7 @@ #!/bin/bash yum install -y --downloadonly --downloaddir=/tmp/repo compat-openssl10 +createrepo /tmp/repo tar cvf compat-openssl10.tar.gz -C /tmp/repo . mv compat-openssl10.tar.gz /outdir/ -- GitLab From 68aeab6c3d388827a40486c7d6b6908f42918052 Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Tue, 10 Aug 2021 13:41:38 -0400 Subject: [PATCH 10/15] update hm with compat-openssl resource --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4e823ac..db52d4d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,6 @@ COPY compat-openssl10.tar.gz . RUN tar xvf /tmp/repo/compat-openssl10.tar.gz RUN yum install -y /tmp/repo/* - USER 1001 EXPOSE 8787 -- GitLab From 41a40e856b8ee7e11aee0ebf1540166ba4d69f3d Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Tue, 10 Aug 2021 13:43:47 -0400 Subject: [PATCH 11/15] sha256sum -> sha256 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 77c25d2..cbb0158 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -37,7 +37,7 @@ resources: - filename: compat-openssl10.tar.gz url: http://coeus-fileserver.centralus.cloudapp.azure.com/compat-openssl10.tar.gz validation: - type: sha256sum + type: sha256 value: b7ce2eb6b599b4a396d196fbd90854f09fe1c81298c910e2f19d25692bfc6393 # List of project maintainers -- GitLab From d89f533228384e8af9d994c22fd76f932ede8308 Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Tue, 10 Aug 2021 13:59:43 -0400 Subject: [PATCH 12/15] fix repodata not recognized --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index db52d4d..7322d01 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN yum install -y /tmp/repo/* WORKDIR /tmp/repo COPY compat-openssl10.tar.gz . RUN tar xvf /tmp/repo/compat-openssl10.tar.gz -RUN yum install -y /tmp/repo/* +RUN yum install -y /tmp/repo/*.rpm USER 1001 EXPOSE 8787 -- GitLab From a5417f9aab0d3cce15968317653d8caa47364a9f Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Tue, 10 Aug 2021 14:34:07 -0400 Subject: [PATCH 13/15] fix repodata not recognized --- Dockerfile | 5 ----- 1 file changed, 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7322d01..982f1c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,11 +21,6 @@ RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ chmod -R g=u /etc/rstudio && \ chmod +t /var/run/rstudio-server -WORKDIR /tmp/repo -COPY compat-openssl10.tar.gz . -RUN tar xvf /tmp/repo/compat-openssl10.tar.gz -RUN yum install -y /tmp/repo/* - WORKDIR /tmp/repo COPY compat-openssl10.tar.gz . RUN tar xvf /tmp/repo/compat-openssl10.tar.gz -- GitLab From e0a0a91e138c370368d2e8175e2bc1884671dbaf Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Tue, 10 Aug 2021 15:47:39 -0400 Subject: [PATCH 14/15] refactor to build with rstudio as final rather than base --- Dockerfile | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 982f1c8..b9e0244 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,16 @@ -FROM registry1.dso.mil/ironbank/opensource/r/r-studio as base +FROM registry1.dso.mil/ironbank/aiml/python/python-r-ai as base +FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final -FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as final - -COPY --from=base /etc/init.d/ /etc/init.d/ -COPY --from=base /etc/rstudio/ /etc/rstudio/ -COPY --from=base /opt/R/ /opt/R/ -COPY --from=base /usr/lib/ /usr/lib -COPY --from=base /usr/lib64/ /usr/lib64 COPY --from=base /usr/local/bin/ /usr/local/bin/ -COPY --from=base /var/lib/rstudio-server/ /var/lib/rstudio-server/ -COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/ +COPY --from=base /usr/local/lib/ /usr/local/lib/ +COPY --from=base /opt/python/ /opt/python/ USER root COPY tini /usr/local/bin/tini RUN chmod +x /usr/local/bin/tini -RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ +RUN chown -R default /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \ chmod -R g=u /var/lib/rstudio-server && \ chmod -R g=u /etc/rstudio && \ chmod +t /var/run/rstudio-server -- GitLab From 9b4bd106147285590cbd4678fcbbb0d5cd574e26 Mon Sep 17 00:00:00 2001 From: Rob McCarthy Date: Wed, 11 Aug 2021 15:25:14 -0400 Subject: [PATCH 15/15] add HEALTHCHECK --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index b9e0244..1890d27 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,6 +22,7 @@ RUN yum install -y /tmp/repo/*.rpm USER 1001 EXPOSE 8787 +HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" ENTRYPOINT ["tini", "-g", "--"] CMD ["rstudio-server", "start"] -- GitLab