Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker image improvements #8

Merged
merged 13 commits into from
Mar 19, 2020
Merged

Docker image improvements #8

merged 13 commits into from
Mar 19, 2020

Conversation

seriema
Copy link
Owner

@seriema seriema commented Mar 18, 2020
edited
Loading

Docker Hub takes 3 hours for a build so there are multiple slightly related changes in this one PR to consolidate the testing.

  • Improve how the user pi is created. It differed from a real RetroPie installation on a Raspberry Pi 3 and using adduser as the RPi docs show made it more similar. Included bash templates from a real RPi to make it even more similar, such as enabling color in the terminal.
    • See comment below about a known issue with the bash template files when building on Windows.
  • Reorganize the Dockerfile to minimize cache layers before the RetroPie-Setup step.
    • Do cleanup at the end, and add some more cleanup to minimize the image.
  • Remove pre-installed pre-requisites such as sshfs. It was speeding up the test runs as intended, but was hiding the fact that raspberry-pi/mount-vm-share.sh had a user prompt that would cause the setup to hang in CI or a RPi, and the rest of the flow doesn't require the user to accept apt-get installs.
  • Change per-requisite packages for RetroPie as per their documentation on Ubuntu/Debian, which the image is started from.

This PR is just for convenience in the future to see what had to change in the scripts to support the merged feature.

seriema added 13 commits March 18, 2020 15:35
@seriema
docker: Clean up unnecessary files at the end
ae9efb6 
Clean up the files at the end to shorten build time as package sources
don't have to be repopulated, and the final image is truly cleaned.

Also clean some more based on some references. It's less than 50MB,
which is nothing compared to a 1.27GB image, but it's a good practice.
@seriema
docker: Install optional packages after RetroPie-Setup
363d37d 
RetroPie-Setup take 1-2 hours. Minimize what is done before it by
moving every non-essential package install to after.
@seriema
docker: Only install packages found on a rpi
10619cc 
Pre-installing packages installed by retro-cloud might speed up the
testing, but makes it less reliable.
@seriema
docker: Move workdir changes together
6da4224 
They're only there for RetroPie-Setup.
@seriema
Merge branch 'docker-minimize-cache-invalidation' into docker-improve…
4f3da7b 
…ments
@seriema
docker: Set pi-user default login shell to bash
eadb94a 
Mimicks the "pi" user on a RPi.
@seriema
docker: Create pi-user with adduser instead of useradd
67a9067 
`useradd` is generally recommended for scripted used creation, but
despite the effort of multiple calls to get the correct access rights
etc, the user still didn't belong to the right group id etc. Using
`adduser` as recommended by Raspberry Pi docs and RetroPie-Setup author
worked on the first attempt.
@seriema
docker: Make the pi-user bash config more realistic
92f5129 
Basic bash configs taken from a RetroPie 4.5.1 on a RaspberryPi 3. They
are copied over when creating a new user. See:
https://www.raspberrypi.org/documentation/linux/usage/users.md
@seriema
Merge branch 'docker-improve-user-creation' into docker-improvements
5d7729a
@seriema
docker: Remove packages installed by RetroPie-Setup
4dbe652
@seriema
docker: Use Ubuntu pre-requisite packages for RetroPie-Setup
6451a6f 
Was installing the Raspbian packages according to:
https://retropie.org.uk/docs/Manual-Installation/

But this image is actually Debian, built on Windows/Linux.
@seriema
docker: Remove second apt-get upgrade
81e6bbf 
It's called in the beginning when pulling in the base image. It only
saves a couple of seconds but should keep cache layers before
RetroPie-Setup minimal.
@seriema
rpi: Auto-accept apt-get install of sshfs
9133c25 
This wasn't noticed before because the Docker image had it pre-installed
to speed up the testing.
seriema
seriema commented Mar 19, 2020
View reviewed changes
Dockerfile
# These files were copied from a RetroPie 4.5.1 on a RaspberryPi 3 and
# are included to make the image more realistic. One difference from
# base docker image is that .bashrc has colors enabled.
COPY docker/rpi/etc/skel /etc/skel
Copy link
Owner Author

@seriema seriema Mar 19, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Known issue on Windows: When building a Linux image on Windows the container will always start with:

bash: $'\r': command not found
bash: /home/pi/.bashrc: line 6: syntax error near unexpected token `$'in\r''
'ash: /home/pi/.bashrc: line 6: `case $- in

The images built by Docker Hub work fine, so the issues below will be addressed when adding support for building on multiple architectures.

Issue 1

The line endings are \r\n on Windows, which gets copied into the image. There's a proposal from Nov '17 to give COPY/ADD better line ending support: docker/for-win#1340

Possible solutions now are:

  • installing dos2unix on the image and converting files during build
  • changing git autocrlf for these files
    • I have already done this for *.sh files so I'll likely do this

Issue 2

File permissions change with COPY/ADD to include executable on Windows, as noted by the warning below. There's a proposal from Sep '17 to give COPY/ADD a chmod like flag: moby/moby#34819 (and a PR from Jul '19 moby/buildkit#1080)

SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.

Expected permissions on a RPi:

$ ls -la /etc/skel
-rw-r--r--  1 root root  220 May 15  2017 .bash_logout
-rw-r--r--  1 root root 3523 Apr  8  2019 .bashrc
-rw-r--r--  1 root root  675 May 15  2017 .profile

Actual permissions on the Windows built image:

$ ls -la /etc/skel
-rwxr-xr-x 1 root root  220 Mar 19 07:07 .bash_logout
-rwxr-xr-x 1 root root 3523 Mar 19 07:07 .bashrc
-rwxr-xr-x 1 root root  675 Mar 19 07:08 .profile

It's wrong but I couldn't see any issue when running the container.

@seriema seriema merged commit 81e4db6 into develop Mar 19, 2020
@seriema seriema deleted the docker-improvements branch March 19, 2020 09:19
seriema added a commit that referenced this pull request Mar 26, 2020
@seriema
docker: Fix error "fuse: failed to open /dev/fuse: Permission denied"
35d0f8b 
Happens when mounting the VM share in mount-vm-share.sh.

The issue has two parts:
1. "pi" does not have write access to `/dev/fuse`, not even with sudo,
   so mount-vm-share.sh fails to mount the drive.
2. `/dev/fuse` does not exist until runtime so it's not accessible when
   building the Docker image.

The easiset solution is to give back root-membership to "pi". It was
removed in the switch from `useradd` to `adduser` in PR #8 (67a9067).

Not the same, but there might be something to learn from Docker's
requirement on root access for mounting volumes:
moby/moby#2259

Note: The "pi" user on a real RetroPie installation on a RPi is _not_
member of root. So this solution should be removed one day.

Cleaned up Dockerfile. The instructions will be added to Readme.
@seriema seriema mentioned this pull request Mar 28, 2020
Merged
seriema added a commit that referenced this pull request Mar 29, 2020
@seriema
Merge pull request #12 from seriema/docker-remove-copy-step
3132ccf 
Revert "realistic bash user" (remove COPY layer in Dockerfile)

`COPY` is used for "realistic bash user" (92f5129), but `COPY` comes with two main issues that made me decide to revert its use: Cache invalidation, and Windows issues. The former being the deciding factor, as the later is fixed. The long build times are not worth it.

Since this `COPY` is for the user creation it's very early in the Dockerfile, and even with a fat cache layer before it (experimental in `docker-multiarch`) it still adds a 20min rebuild **locally** way too often.

**Note:** This will revert the "realistic bash user" improvements introduced in PR #8, e.g. colored prompt, etc, that are found on a real RPi with RetroPie. It might still be achievable with RetroPie packages such as `bashwelcometweak`, and there are ways to make `COPY` more stable. So I might revisit "realistic bash user" at a later point.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@seriema