[CI] Rewrite ubuntu22.04.dockerfile for consistency

Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
gramineproject · May 10, 2024 · 0c230af · 0c230af
1 parent 3f70bf5
commit 0c230af
Showing 1 changed file with 51 additions and 84 deletions.
diff --git a/.ci/ubuntu22.04.dockerfile b/.ci/ubuntu22.04.dockerfile
@@ -1,96 +1,63 @@
 FROM ubuntu:22.04
 
-RUN apt-get update && env DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    autoconf \
-    bc \
-    bison \
-    build-essential \
-    cargo \
-    clang \
-    curl \
-    flex \
-    gawk \
-    gdb \
-    gettext \
-    git \
-    jq \
-    libapr1-dev \
-    libaprutil1-dev \
-    libcjson-dev \
-    libelf-dev \
-    libevent-dev \
-    libexpat1 \
-    libexpat1-dev \
-    libmemcached-tools \
-    libnss-mdns \
-    libnuma1 \
-    libomp-dev \
-    libpcre2-dev \
-    libpcre3-dev \
-    libprotobuf-c-dev \
-    libssl-dev \
-    libunwind8 \
-    libxfixes3 \
-    libxi6 \
-    libxml2-dev \
-    libxrender1 \
-    libxxf86vm1 \
-    linux-headers-generic \
-    musl \
-    musl-tools \
-    nasm \
-    net-tools \
-    netcat-openbsd \
-    nginx \
-    ninja-build \
-    pkg-config \
-    protobuf-c-compiler \
-    protobuf-compiler \
-    python3 \
-    python3-apport \
-    python3-apt \
-    python3-breathe \
-    python3-click \
-    python3-cryptography \
-    python3-jinja2 \
-    python3-lxml \
-    python3-numpy \
-    python3-pip \
-    python3-pkg-resources \
-    python3-protobuf \
-    python3-pyelftools \
-    python3-pytest \
-    python3-pytest-xdist \
-    python3-scipy \
-    python3-sphinx-rtd-theme \
-    python3-voluptuous \
-    shellcheck \
-    sphinx-doc \
-    sqlite3 \
-    texinfo \
-    uthash-dev \
-    wget \
-    zlib1g \
-    zlib1g-dev
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y ca-certificates
+
+# Intel's RSA-2048 key signing the intel-sgx/sgx_repo repository. Expires 2027-03-20.
+# https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
+# TODO after Intel releases for noble: fix mantic to noble
+COPY .ci/intel-sgx-deb.key /etc/apt/keyrings/intel-sgx-deb.asc
+RUN echo deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu mantic main > /etc/apt/sources.list.d/intel-sgx.list
 
-# NOTE about meson version: we support "0.56 or newer", so in CI we pin to latest patch version of
-# the earliest supported minor version (pip implicitly installs latest version satisfying the
-# specification)
-RUN python3 -m pip install -U \
-    'tomli>=1.1.0' \
-    'tomli-w>=0.4.0' \
-    'meson>=0.56,<0.57' \
-    'recommonmark>=0.5.0,<=0.7.1' \
-    'docutils>=0.17,<0.18'
+# Dependencies for actual build.
+# NOTE: COPY invalidates docker cache when source file changes,
+# so `apt-get build-dep` will rerun if dependencies change, despite no change
+# in dockerfile.
+RUN mkdir /debian
+COPY debian/control /debian
+RUN apt-get update && apt-get -y build-dep --no-install-recommends --no-install-suggests /
+RUN rm -rf /debian
 
-# Dependencies required for building kernel modules and running VMs
-RUN apt-get update && env DEBIAN_FRONTEND=noninteractive apt-get install -y \
+# runtime dependencies of Gramine, for running tests
+# keep this synced with debian/control
+RUN apt-get update && apt-get satisfy -y \
+    'libcurl4 (>= 7.58)' \
+    'libprotobuf-c1' \
+    'python3' \
+    'python3 (>= 3.10) | python3-pkg-resources' \
+    'python3-click (>= 6.7)' \
+    'python3-cryptography' \
+    'python3-jinja2' \
+    'python3-pyelftools' \
+    'python3-tomli (>= 1.1.0)' \
+    'python3-tomli-w (>= 0.4.0)' \
+    'python3-voluptuous'
+
+# dependencies for various tests, CI-Examples, etc.
+# git: scripts/gitignore-test (among others)
+# libunwind8: libos/test/regression/bootstrap_cpp.manifest.template
+# nginx: CI-Examples/ra-tls-nginx
+# shellcheck: .ci/run-shellcheck
+# cargo: CI-Examples/rust
+# clang: FIXME
+# jq: used in jenkinsfiles
+# cpio dwarves gcc/g++-12 kmod qemu-kvm: for building kernel modules and running VMs
+RUN apt-get update && apt-get install -y \
+    cargo \
+    clang \
     cpio \
     dwarves \
     g++-12 \
     gcc-12 \
+    git \
+    jq \
     kmod \
-    qemu-kvm
+    libunwind8 \
+    nginx \
+    python3-pytest \
+    qemu-kvm \
+    shellcheck
 
 # Kernel on the host machine is built with GCC-12, so we need to set it as default in Docker
 RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 10 && \