ARG TARGETPLATFORM ARG BUILDPLATFORM ARG TAG # Default base image ARG BASE_IMAGE=ubuntu # Default release is 24.04 ARG BASE_IMAGE_RELEASE=24.04 # install all nodejs modules # build nodejs module # create /composer/node # use FROM BASE_IMAGE # define FROM before use ENV command FROM ${BASE_IMAGE}:${BASE_IMAGE_RELEASE} AS ubuntu_node_modules_builder # use bash SHELL ["/bin/bash", "-c"] # define arg ARG TARGET_MODE ARG TARGET_PRUNE # convert ARG to ENV with same name ENV TARGET_MODE=$TARGET_MODE ENV TARGET_PRUNE=$TARGET_PRUNE ENV NODE_MAJOR=20 RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections RUN apt-get update && apt-get install -y --no-install-recommends \ gcc \ g++ \ make # to make install wmctrljs nodejs components # add build dev package RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ libx11-dev \ libxmu-dev \ libimlib2-dev \ git \ curl \ gnupg \ dpkg # install npm nodejs RUN mkdir -p /etc/apt/keyrings && \ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && apt-get update && apt-get install -y --no-install-recommends nodejs && npm install -g npm COPY composer /composer RUN npm install --global node-gyp RUN echo target_prune="$TARGET_PRUNE" RUN if [ -z "$TARGET_PRUNE" ] ; then echo "TARGET_PRUNE is not defined, build with dev" ; else echo "TARGET_PRUNE is defined, NO DEV options" ; fi # add wait-port WORKDIR /composer/node/wait-port RUN npm install --omit=dev && npm audit fix WORKDIR /composer/node/broadcast-service RUN if [ -z "$TARGET_PRUNE" ] ; then npm install ; else npm install --omit=dev; fi RUN npm i --package-lock-only && npm audit fix RUN git clone https://github.com/abcdesktopio/run-service.git /composer/node/ocrun WORKDIR /composer/node/ocrun RUN if [ ! -z "$TARGET_PRUNE" ] ; then npm install ; else npm install --omit=dev; fi RUN cp ocrun.js ocrun.builtin.js && sed -Ei 's/^let DEFAULT_EXECMODE;/let DEFAULT_EXECMODE="builtin";/' ocrun.builtin.js RUN cp ocrun.js ocrun.frontendjs.js && sed -Ei 's/^let DEFAULT_EXECMODE;/let DEFAULT_EXECMODE="frontendjs";/' ocrun.frontendjs.js RUN npm i --package-lock-only && npm audit fix WORKDIR /composer/node/ocdownload RUN if [ -z "$TARGET_PRUNE" ] ; then npm install ; else npm install --omit=dev; fi RUN npm audit fix WORKDIR /composer/node/occall RUN if [ -z "$TARGET_PRUNE" ] ; then npm install ; else npm install --omit=dev; fi RUN npm audit fix WORKDIR /composer/node/spawner-service/lib_spawner/colorflow RUN if [ -z "$TARGET_PRUNE" ] ; then npm install ; else npm install --omit=dev; fi RUN npm audit fix WORKDIR /composer/node/spawner-service # install node-gyp to build spawner-service RUN if [ -z "$TARGET_PRUNE" ] ; then npm install ; else npm install --omit=dev; fi WORKDIR /composer/node/spawner-service/lib_spawner/colorflow RUN if [ -z "$TARGET_PRUNE" ] ; then npm install ; else npm install --omit=dev; npm run build; fi RUN npm audit fix WORKDIR / RUN if [ "$TARGET_MODE" = "hardening" ] ; then \ rm -rf /composer/node/xterm.js; \ else \ cd /composer/node/xterm.js ;\ if [ -z "$TARGET_PRUNE" ] ; then npm install ; else npm install --omit=dev; fi ;\ fi # version.json must be created by mkversion.sh bash script COPY composer/version.json /composer/version.json # # The main oc.user start here # FROM ${BASE_IMAGE}:${BASE_IMAGE_RELEASE} # use bash SHELL ["/bin/bash", "-c"] # define arg ARG ABCDESKTOP_LOCALACCOUNT_DIR ARG TARGET_MODE # convert ARG to ENV with same name ENV ABCDESKTOP_LOCALACCOUNT_DIR=$ABCDESKTOP_LOCALACCOUNT_DIR ENV TARGET_MODE=$TARGET_MODE # set node release ENV NODE_MAJOR=20 COPY etc /etc RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ apt-get update && \ apt-get upgrade -y && \ apt-get install -y --no-install-recommends \ ca-certificates \ curl \ gnupg \ net-tools \ bash && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* # add languages # locales for locale-gen command RUN apt-get update && apt-get install -y --no-install-recommends \ locales \ language-pack-en \ language-pack-fr \ language-pack-de \ && locale-gen \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* # a good example is # RUN apt-get update && apt-get install -y locales && rm -rf /var/lib/apt/lists/* \ # && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 # ENV LANG en_US.utf8 # install # Do not use # COPY tigervncserver_1.13.1-1ubuntu1_amd64.deb /tmp to install # tigervncserver_1.13.1-1ubuntu1_amd64.deb # tigervncserver_1.13.1-1ubuntu1_arm64.deb # but replace by curl command to support dpkg --print-architecture for amd64 and arm64 # tigervncserver_1.14.80-1ubuntu1_22.04_amd64.deb # tigervncserver_1.14.1-1ubuntu1_22.04.amd64.deb # tigervncserver_1.14.1-1ubuntu1_24.04.amd64.deb ENV TIGERVNC_RELEASE=1.15.0 RUN apt-get update && \ source /etc/lsb-release && \ echo DISTRIB_RELEASE=${DISTRIB_RELEASE} && \ tigervncdeburl="https://github.com/abcdesktopio/oc.user/raw/4.0/tigervncserver_${TIGERVNC_RELEASE}-1ubuntu1_${DISTRIB_RELEASE}_$(dpkg --print-architecture).deb" && \ echo Downloading $tigervncdeburl && \ curl -sL --output /tmp/tigervncserver.deb "$tigervncdeburl" && \ apt-get install -y --no-install-recommends /tmp/tigervncserver.deb && \ rm -f /tmp/*.deb && \ apt-get clean && rm -rf /var/lib/apt/lists/* # install core packages # x11-apps is need to install xeyes xeyes is a test application RUN apt-get update && \ apt-get install -y --no-install-recommends \ supervisor \ cups-client \ pulseaudio-utils \ pavumeter \ xauth \ websockify \ krb5-user \ desktop-file-utils \ xdg-user-dirs \ xclip \ x11-apps \ libimlib2t64 \ libglib2.0-bin \ && apt-get clean && rm -rf /var/lib/apt/lists/* RUN apt-get update && \ apt-get install -y --no-install-recommends \ dbus-x11 \ systemsettings \ qml-module-org-kde-kcm \ x11-utils \ xdg-utils \ kwin-x11 && \ apt-get clean && rm -rf /var/lib/apt/lists/* #RUN apt-get update && \ # apt-get install -y --no-install-recommends \ # task-french-kde-desktop \ # task-romanian-kde-desktop \ # task-german-kde-desktop && \ # apt-get clean && rm -rf /var/lib/apt/lists/* # RUN apt-get update && \ # apt-get install -y --no-install-recommends \ # openbox \ # obconf \ # lxappearance \ # lxappearance-obconf && \ # apt-get clean && rm -rf /var/lib/apt/lists/* # install composer COPY --from=ubuntu_node_modules_builder /composer /composer RUN apt-get update && \ apt-get install -y --no-install-recommends \ plasma-desktop \ plasma-workspace \ plasma-workspace-data \ libplasma-geolocation-interface5 \ libkfontinst5 \ libnotificationmanager1 \ qml-module-org-kde-kwindowsystem && \ if [ "$TARGET_MODE" = "hardening" ] ; then dpkg -L libkf5su5 | /composer/rmfol.sh; fi && \ if [ "$TARGET_MODE" = "hardening" ] ; then dpkg -L sudo | /composer/rmfol.sh; fi && \ apt-get clean && rm -rf /var/lib/apt/lists/* RUN apt-get update && \ apt-get install -y --no-install-recommends \ x11-utils \ libnotify-bin \ libnotify4 \ qml-module-org-kde-kcm && \ apt-get clean && rm -rf /var/lib/apt/lists/* # RUN apt-get update && \ # apt-get install -y --no-install-recommends \ # plasma-desktop \ # libnotify-bin \ # libnotify4 \ # qml-module-org-kde-kcm && \ # apt-get clean && rm -rf /var/lib/apt/lists/* # RUN apt-get update && \ # apt-get install -y x11-utils && \ # apt-get install -y --no-install-recommends \ # plasma-workspace \ # plasma-systemmonitor \ # plasma-mobile \ # libnotify-bin \ # libnotify4 && \ # apt-get clean && rm -rf /var/lib/apt/lists/* ## install MS fonts #RUN apt-get update && \ # echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | sudo debconf-set-selections # apt-get install -y --no-install-recommends fontconfig ttf-mscorefonts-installer && \ # apt-get clean && rm -rf /var/lib/apt/lists/* # install Selawik fonts # comment for licencing # ADD fonts/SegoeUI.tar /usr/share/fonts/Microsoft/TrueType/SegoeUI/ # fc-cache -f /usr/share/fonts/Microsoft/TrueType/SegoeUI/ && \ ADD fonts/Selawik.tar /usr/share/fonts/Microsoft/TrueType/Selawik/ RUN apt-get update && \ apt-get install -y --no-install-recommends fontconfig fonts-noto xfonts-base && \ fc-cache -f /usr/share/fonts/Microsoft/TrueType/Selawik/ && \ apt-get clean && rm -rf /var/lib/apt/lists/* # Add usr/share/themes/Windows-10 themes COPY usr/share/themes/Windows-10 /usr/share/themes/Windows-10 # install Win11-icon theme and Win11OS-kde theme RUN apt-get update && \ apt-get install -y --no-install-recommends git && \ git clone https://github.com/abcdesktopio/Win11-icon-theme && \ cd Win11-icon-theme && ./install.sh > /composer/Win11-icon-theme.install && cd .. && \ rm -rf Win11-icon-theme && \ git clone https://github.com/abcdesktopio/Win11OS-kde && \ cd Win11OS-kde && ./install.sh > /composer/Win11OS-kde.install && cd .. && \ rm -rf Win11OS-kde && \ apt-get remove -y git git-man liberror-perl && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* RUN apt-get update && \ apt-get install -y --no-install-recommends gtk-update-icon-cache && \ gtk-update-icon-cache && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* # install nodejs RUN mkdir -p /etc/apt/keyrings && \ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ apt-get update && \ apt-get install -y --no-install-recommends nodejs && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* # add sound files from ubuntu alsa package alsa-utils ADD usr/share/sounds/alsa /usr/share/sounds/alsa # RUN chmod -R 755 /usr/share/plasma/desktoptheme/Win11OS-light/* # LOG AND PID SECTION RUN mkdir -p /var/log/desktop /var/run/desktop && \ chmod 777 /var/log/desktop /var/run/desktop # remove /etc/supervisor/conf.d/xterm.conf in hardening RUN if [ "$TARGET_MODE" = "hardening" ] ; then \ rm -f /etc/supervisor/conf.d/xterm.conf; \ echo "supervisor xterm.conf has been removed"; \ fi # change passwd shadow group gshadow # create a symlink for each files # target are provisioned in a dedicated volume # to support ReadOnly, we can't update files /etc/passwd /etc/group /etc/shadow /etc/gshadow RUN mkdir -p ${ABCDESKTOP_LOCALACCOUNT_DIR} ${ABCDESKTOP_LOCALACCOUNT_DIR}.shadow && \ for f in passwd group ; do \ cp /etc/${f} ${ABCDESKTOP_LOCALACCOUNT_DIR} ; \ rm -f /etc/${f}; \ ln -s ${ABCDESKTOP_LOCALACCOUNT_DIR}/${f} /etc/${f}; \ done && \ for f in shadow gshadow ; do \ cp /etc/${f} ${ABCDESKTOP_LOCALACCOUNT_DIR}.shadow ; \ rm -f /etc/${f}; \ ln -s ${ABCDESKTOP_LOCALACCOUNT_DIR}.shadow/${f} /etc/${f}; \ done # set build date RUN date > /etc/build.date # install qterminal xfonts-base RUN if [ "${TARGET_MODE}" != "hardening" ]; then \ apt-get update && \ apt-get install -y --no-install-recommends qterminal vim && \ rm -rf /usr/share/applications/qterminal-drop.desktop && \ apt-get clean && rm -rf /var/lib/apt/lists/*; \ fi # remove bad cache mime entries RUN rm -f /usr/share/applications/mimeinfo.cache # fun but not a good idea # RUN if [ "$TARGET_MODE" = "hardening" ] ; then \ # apt-get remove -y --allow-remove-essential apt && \ # rm -rf /var/lib/dpkg /bin/dpkg* /sbin/dpkg-* /var/log/apt /var/log/*.log /etc/apt ; \ # fi # Make all NVIDIA GPUs visible by default ENV NVIDIA_VISIBLE_DEVICES=all # All NVIDIA driver capabilities should preferably be used, check `NVIDIA_DRIVER_CAPABILITIES` inside the container if things do not work ENV NVIDIA_DRIVER_CAPABILITIES=all # set command CMD [ "/composer/docker-entrypoint.sh" ] #################################################### # SERVICE # TCP PORT # #################################################### # XTERM_TCP_PORT 29781 # BROADCAST_SERVICE_TCP_PORT 29784 # SPAWNER_SERVICE_TCP_PORT 29786 # WS_TCP_BRIDGE_SERVICE_TCP_PORT 6081 # DBUS_SESSION_TCP_PORT 55556 # DBUS_SYSTEM_TCP_PORT 55557 #################################################### ## RESERVED TCP PORT 29782 for pulseaudio ## RESERVED TCP PORT 29785 for cupsd EXPOSE 6081 29781 29784 29786