Simplified build process of live exam iso image

509c796f · Florent Gluck · dea56616 · 509c796f · 509c796f · 509c796f
Commit 509c796f authored 8 months ago by Florent Gluck
--- a/live_exam_os/Dockerfile
+++ b/live_exam_os/Dockerfile
+#--------------------------------------------------------------------------------------------------------------------
+# Builder stage that generates nexus-exam
+FROM ubuntu:22.04 as nexus-exam-builder
+ARG base_dir
+ARG server_ip
+ARG server_port
+ARG cert
+ARG exam_user
+ARG exam_pwd
+WORKDIR /nexus
+COPY ${base_dir} .
+RUN apt-get update && apt-get install -y golang-go make ca-certificates libglfw3-dev libxcursor-dev libxinerama-dev libxi-dev libxxf86vm-dev upx-ucl
+RUN make build_nexus-exam SERVER=${server_ip}:${server_port} CERT=${cert} EXAM_USER=${exam_user} EXAM_PWD=${exam_pwd}
+#--------------------------------------------------------------------------------------------------------------------
+# Final builder stage that generates the live nexus-exam ISO image
 FROM debian:stable-slim
+ARG server_ip
+ARG server_port
+ARG cert
+ARG exam_user
+ARG exam_pwd
+COPY --from=nexus-exam-builder /nexus/build/nexus-exam config/
 RUN apt-get update && apt-get install -y \
      live-build \
      live-config \
  && rm -rf /var/lib/apt/lists/*
-ARG server_ip
-ARG server_port
-ARG config_dir
-#ARG nexus_cert
 WORKDIR /live-default
 ## Add live-cd additionnal packages
-ADD ${config_dir}/packages.list.chroot config/package-lists/
+ADD config/packages.list.chroot config/package-lists/
 ## Packages to be removed
-ADD ${config_dir}/9999-removepkg.hook.chroot config/hooks/live/
+ADD config/9999-removepkg.hook.chroot config/hooks/live/
 ## Add swiss-french keyboard config
-ADD ${config_dir}/keyboard/keyboard config/includes.chroot/etc/default/
+ADD config/keyboard/keyboard config/includes.chroot/etc/default/
 ## Run "nexus-exam" as soon as user logs in
-ADD ${config_dir}/nexus-exam config/includes.chroot/usr/local/bin/
+ADD config/nexus-exam config/includes.chroot/usr/local/bin/
-ADD ${config_dir}/nexus-exam.desktop config/includes.chroot/etc/xdg/autostart/
+ADD config/nexus-exam.desktop config/includes.chroot/etc/xdg/autostart/
 ## Run various X11 settings as soon as user logs in
-ADD ${config_dir}/x11/x11_settings.sh config/includes.chroot/usr/local/bin/
+ADD config/x11/x11_settings.sh config/includes.chroot/usr/local/bin/
-ADD ${config_dir}/x11/x11_settings.desktop config/includes.chroot/etc/xdg/autostart/
+ADD config/x11/x11_settings.desktop config/includes.chroot/etc/xdg/autostart/
 ## Systemd service to set various X11 settings (does not work - not sure why)
-# ADD ${config_dir}/systemd/x11_settings.sh config/includes.chroot/usr/local/bin/
+# ADD config/systemd/x11_settings.sh config/includes.chroot/usr/local/bin/
 # RUN chmod +x config/includes.chroot/usr/local/bin/x11_settings.sh
-# ADD ${config_dir}/systemd/x11_settings.service config/includes.chroot/etc/systemd/system/
+# ADD config/systemd/x11_settings.service config/includes.chroot/etc/systemd/system/
 # RUN mkdir config/includes.chroot/etc/skel/
 # RUN echo "export NEXUS_SERVER=${server_ip}\nexport NEXUS_CERT=/etc/ssl/certs/nexus-server.pem\n" >> config/includes.chroot/etc/skel/.xsessionrc
 ## Customize xfce4 desktop
-ADD ${config_dir}/xubuntu-development.png config/includes.chroot/usr/share/xfce4/backdrops/xubuntu-development.png
+ADD config/xubuntu-development.png config/includes.chroot/usr/share/xfce4/backdrops/xubuntu-development.png
-ADD ${config_dir}/xfce/xfce4-desktop.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xfce/xfce4-desktop.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
-ADD ${config_dir}/xfce/xfce4-panel.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xfce/xfce4-panel.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
-ADD ${config_dir}/xfce/xfce4-settings-manager.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xfce/xfce4-settings-manager.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
-ADD ${config_dir}/xfce/xfce4-power-manager.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xfce/xfce4-power-manager.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
-ADD ${config_dir}/xfce/xfwm4.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xfce/xfwm4.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
 ## Install i3 theme for xfwm4
-ADD ${config_dir}/themes config/includes.chroot/usr/share/themes/
+ADD config/themes config/includes.chroot/usr/share/themes/
 # Install syslinux (bios) cfg
-ADD ${config_dir}/bootloader/isolinux.cfg config/includes.binary/isolinux/isolinux.cfg
+ADD config/bootloader/isolinux.cfg config/includes.binary/isolinux/isolinux.cfg
-ADD ${config_dir}/bootloader/isolinux_splash.png config/includes.binary/isolinux/splash.png
+ADD config/bootloader/isolinux_splash.png config/includes.binary/isolinux/splash.png
 # Install grub (uefi) cfg
-ADD ${config_dir}/bootloader/grub_splash.png config/includes.binary/boot/grub/splash.png
+ADD config/bootloader/grub_splash.png config/includes.binary/boot/grub/splash.png
-ADD ${config_dir}/bootloader/grub_config.cfg config/includes.binary/boot/grub/config.cfg
+ADD config/bootloader/grub_config.cfg config/includes.binary/boot/grub/config.cfg
-ADD ${config_dir}/bootloader/isolinux_menu.cfg config/includes.binary/isolinux/menu.cfg
+ADD config/bootloader/isolinux_menu.cfg config/includes.binary/isolinux/menu.cfg
-ADD ${config_dir}/bootloader/isolinux_stdmenu.cfg config/includes.binary/isolinux/stdmenu.cfg
+ADD config/bootloader/isolinux_stdmenu.cfg config/includes.binary/isolinux/stdmenu.cfg
 # Install nexus server pub cert system wide
-#ADD ${config_dir}/${nexus_cert} config/includes.chroot/usr/share/ca-certificates/nexus-server/nexus-server.crt
+#ADD config/${nexus_cert} config/includes.chroot/usr/share/ca-certificates/nexus-server/nexus-server.crt
 # NTP server configuration
-ADD ${config_dir}/ntp/timesyncd.conf config/includes.chroot/etc/systemd/
+ADD config/ntp/timesyncd.conf config/includes.chroot/etc/systemd/
 # Firewall hook ran at boot time
-ADD ${config_dir}/boot_hooks/firewall config/includes.chroot/lib/live/config/9999-firewall
+ADD config/boot_hooks/firewall config/includes.chroot/lib/live/config/9999-firewall
 RUN echo "firewall ${server_ip} ${server_port}\n" >> config/includes.chroot/lib/live/config/9999-firewall
 # Install wifi connection
-ADD ${config_dir}/wifi/wifi.nmconnection config/includes.chroot/etc/NetworkManager/system-connections/
+ADD config/wifi/wifi.nmconnection config/includes.chroot/etc/NetworkManager/system-connections/
 RUN chmod 0600 config/includes.chroot/etc/NetworkManager/system-connections/wifi.nmconnection
 # script hook to set password for nexus user (pwd is "pipo")
@@ -83,7 +106,7 @@ RUN echo -n "#!/bin/sh\npasswd -d nexus\n" > config/includes.chroot/lib/live/con
    chmod 0750 config/includes.chroot/lib/live/config/0500-user-password.hook.chroot
 ## Add config directory
-ADD ${config_dir}/config auto/
+ADD config/config auto/
 RUN lb config

--- a/live_exam_os/build_live_exam_iso
+++ b/live_exam_os/build_live_exam_iso
 #!/bin/bash
-CONFIG_DIR=config
 TMP_CONTAINER_NAME=`echo $RANDOM | md5sum | head -c 20; echo;`
 IMG_SUFFIX=`echo $RANDOM | md5sum | head -c 8; echo;`
 DOCKER_IMG="nexus-live-exam-os_"$IMG_SUFFIX
+abort () {
+    echo "ABORT."
+    exit 1
+}
 usage () {
    app=`basename $0`
    echo "USAGE: $app -s IP -p PORT -c CERT -u USER -w PWD -o ISO" >&2
@@ -19,11 +23,28 @@ usage () {
 }
 build_docker_image () {
-    if docker buildx build . -t "$DOCKER_IMG" --build-arg config_dir=$CONFIG_DIR --build-arg server_ip=$SERVER_IP --build-arg server_port=$SERVER_PORT ; then
+    # Create temp directory where nexus-exam will be compiled
-        echo "Docker image \"$DOCKER_IMG\" sucessfully built"
+    dir=tmp.dir.$$
-    else
+    mkdir $dir || abort
-        echo "FAILED building docker image!" && abort
+    # Copy pub certificate
+    cp $CERT $dir || abort
+    # Copy Makefile and sources files
+    cp ../Makefile $dir || abort
+    cp -r ../src $dir || abort
+    cert_file=`basename $CERT`
+    # build context is ".." since we need access to the ../src directory in order to build nexus-exam
+    docker buildx build . -f Dockerfile -t "$DOCKER_IMG" --build-arg base_dir=$dir --build-arg server_ip=$SERVER_IP --build-arg server_port=$SERVER_PORT --build-arg cert=$cert_file --build-arg exam_user=$EXAM_USER --build-arg exam_pwd=$EXAM_PWD
+    build_status=$?
+    rm -rf $dir
+    if [ $build_status -ne 0 ] ; then
+        echo "FAILED building docker image!"
+        abort
    fi
+    echo "Docker image \"$DOCKER_IMG\" sucessfully built"
 }
 remove_image_and_tmp_container () {
@@ -38,11 +59,6 @@ remove_image_and_tmp_container () {
    docker rmi $DOCKER_IMG
 }
-abort () {
-    echo "ABORT."
-    exit 1
-}
 if [ $# -ne 12 ] ; then usage ; fi
 while getopts 's:p:c:u:w:o:' OPTION; do
@@ -59,12 +75,6 @@ done
 error=0
-echo "Building nexus-exam ..."
-# This script compiles and copies nexus-exam into the current dir
-nexus_exam_builder/build_nexus_exam $SERVER_IP:$SERVER_PORT $CERT $EXAM_USER $EXAM_PWD || abort
-mv nexus-exam $CONFIG_DIR || abort
 echo "Building nexus live exam OS image \"$ISO\" ..."
 echo "Using nexus-server @ $SERVER_IP:$SERVER_PORT"
@@ -80,7 +90,7 @@ else
 fi
 # Retrieve live-image from temporary container
-if docker cp $TMP_CONTAINER_NAME:/live-default/live-image-amd64.hybrid.iso $ISO ; then 
+if docker cp $TMP_CONTAINER_NAME:/live-default/live-image-amd64.iso $ISO ; then
    echo "Successfully extracted $ISO from $TMP_CONTAINER_NAME container"
 else
    error=1

--- a/live_exam_os/config/config
+++ b/live_exam_os/config/config
 #!/bin/sh
 # https://live-team.pages.debian.net/live-manual/
 lb config noauto \
+     --system live \
     --architectures amd64 \
     --mode debian \
+     --bootloaders grub-efi \
     --parent-distribution bookworm \
     --distribution bookworm \
-     -b iso-hybrid \
+     --binary-images iso \
-     --bootloaders grub-efi \
     --color \
-     --uefi-secure-boot enable \
     --iso-application "HEPIA-ISC" \
     --iso-volume "nexus-live-exam" \
     --iso-publisher "HEPIA-ISC" \

--- a/live_exam_os/nexus_exam_builder/Dockerfile
+++ b/live_exam_os/nexus_exam_builder/Dockerfile
-FROM ubuntu:22.04
-ARG server
-ARG exam_user
-ARG exam_pwd
-COPY . /nexus/
-WORKDIR /nexus
-RUN apt-get update && apt-get install -y golang-go make ca-certificates libglfw3-dev libxcursor-dev libxinerama-dev libxi-dev libxxf86vm-dev upx-ucl
-RUN echo $server > /server
-RUN echo $exam_user > /exam_user
-RUN echo $exam_pwd > /exam_pwd
-RUN make build_nexus-exam SERVER=$server CERT=/nexus/ca-cert.pem EXAM_USER=$exam_user EXAM_PWD=$exam_pwd
-RUN ["sh"]
--- a/live_exam_os/nexus_exam_builder/build_nexus_exam
+++ b/live_exam_os/nexus_exam_builder/build_nexus_exam
-#!/bin/bash
-# Compiles nexus-exam in a container and copies it into the current directory.
-appname=`basename $0`
-prefix=`dirname $0`
-dir=tmp.dir.$$
-abort() {
-    cd ..
-    if [ -d $dir ]; then
-        rm -rf $dir
-    fi
-    echo "Aborted." >&2
-    exit 1
-}
-if [ $# -ne 4 ]; then
-    echo "Build nexus-exam" >&2
-    echo "Usage: $appname SERVER CERTFILE EXAM_USER EXAM_PWD" >&2
-    echo "Example:" >&2
-    echo "$appname 127.0.0.1:1077 \$HOME/nexus-server/certs/ca-cert.pem exam@nexus.org '12345678'" >&2
-    exit 1
-fi
-SERVER=$1
-CERT=$2
-EXAM_USER=$3
-EXAM_PWD=$4
-pushd .
-mkdir $prefix/$dir || abort
-cd $prefix/$dir || abort
-cp $CERT . || abort
-cp ../../../Makefile . || abort
-cp -r ../../../src . || abort
-docker buildx build -f ../Dockerfile . -t nexus-exam --build-arg server=$SERVER --build-arg exam_user=$EXAM_USER --build-arg exam_pwd=$EXAM_PWD || abort
-docker run --name nexus-exam nexus-exam
-popd
-rm -rf $prefix/$dir
-docker cp nexus-exam:/nexus/build/nexus-exam .
-docker rm nexus-exam
-docker rmi nexus-exam