-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDevEnv.Dockerfile
executable file
·109 lines (87 loc) · 5.78 KB
/
DevEnv.Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
FROM ubuntu:18.04
# Avoid warnings by switching to noninteractive
ENV DEBIAN_FRONTEND=noninteractive
RUN echo "Updating package manager and add basic commands" \
&& apt-get update \
&& apt-get -y install --no-install-recommends apt-utils dialog \
&& apt-get -y install iproute2 procps lsb-release wget curl git vim
RUN echo "Add default locale en_*" \
&& apt-get -y install language-pack-en
RUN echo "Acquiring Menlo Certificate" \
# Setup a directory for ssl certs to be added. The directory name matters - ubuntu tools will copy out of this location to install the certs into the environment
&& mkdir -p /usr/local/share/ca-certificates \
# Get a copy of the menlo certificate
&& wget --no-check-certificate https://certrequest.chicagotrading.com/pkidata/menlo.cer \
# Convert the Base-64 encoded certificate into a certificate that openssl can read directly
&& openssl x509 -inform PEM -in menlo.cer -out menlo.crt \
# Copy the converted certificate over to the pickup directory
&& cp menlo.crt /usr/local/share/ca-certificates/ \
# Clean up the certificate crumbs in your local directory
&& rm menlo.cer menlo.crt
RUN echo "Acquiring CTC Root Certificates" \
# Get the 3 CTC certificate that make up the certificate chain for whitelisted sites that don't go through menlo
&& wget --no-check-certificate https://certrequest.chicagotrading.com/pkidata/CTC%20Innovations%20LLC%20-%20Issuing%20CA%201.crt -O /usr/local/share/ca-certificates/CTCInnovationsLLCIssuingCA1.crt \
&& wget --no-check-certificate https://certrequest.chicagotrading.com/pkidata/CTC%20Innovations%20LLC%20-%20Issuing%20CA%202.crt -O /usr/local/share/ca-certificates/CTCInnovationsLLCIssuingCA2.crt \
&& wget --no-check-certificate https://certrequest.chicagotrading.com/pkidata/CTC%20Innovations%20LLC%20-%20Root%20CA.crt -O /usr/local/share/ca-certificates/CTCInnovationsLLCRootCA.crt
RUN echo "Adding Menlo and CTC Root Certificates to OS trust" \
# Get ubuntu to recognize the certificates when reaching out to internet properties
&& update-ca-certificates
RUN echo "Get Menlo HTTP Proxy Information" \
# Get menlo proxy information so that we can tell commandline tools to use the proxy
&& `curl -s https://pac.menlosecurity.com/chicagotrading-e63f7c11c375/ssl-wpad.dat | awk '/PROXY .*; PROXY/{print "export https_proxy=http://"$3"/"}' | sed 's/;//' | head -1` \
# Add the proxy to your bash script and to npm
&& echo "export https_proxy=$https_proxy" >> ~/.bashrc \
&& ln -s ~/.bashrc ~/.bash_profile \
&& echo "https-proxy=$https_proxy" >> ~/.npmrc
RUN echo "Disable apt secure certificate checks" \
# If you run into issues with apt-secure, there doesn't seem to be a reasonable workaround so you will have to disable SSL (which really sucks)
&& echo 'Acquire::https::Verify-Peer "false";' > 80ssl-exceptions \
&& echo 'Acquire::https::Verify-Host "false";' >> 80ssl-exceptions \
&& cp 80ssl-exceptions /etc/apt/apt.conf.d/ \
&& rm 80ssl-exceptions
RUN echo "Create a cert chain for pip with CTC and Menlo certificates" \
# If you run into issues with pip installing for python, fix it this way:
&& mkdir -p /usr/share/ca-certificates/extra \
&& openssl x509 -inform DES -in /usr/local/share/ca-certificates/CTCInnovationsLLCRootCA.crt -outform PEM -out /usr/share/ca-certificates/extra/CTCInnovationsLLCRootCA.pem \
&& openssl x509 -inform DES -in /usr/local/share/ca-certificates/CTCInnovationsLLCIssuingCA1.crt -outform PEM -out /usr/share/ca-certificates/extra/CTCInnovationsLLCIssuingCA1.pem \
&& openssl x509 -inform DES -in /usr/local/share/ca-certificates/CTCInnovationsLLCIssuingCA2.crt -outform PEM -out /usr/share/ca-certificates/extra/CTCInnovationsLLCIssuingCA2.pem \
&& openssl x509 -in /usr/local/share/ca-certificates/menlo.crt -outform PEM -out /usr/share/ca-certificates/extra/menlo.pem \
&& cat /usr/share/ca-certificates/extra/*.pem > ctc_chain.pem \
&& cp ctc_chain.pem /usr/share/ca-certificates/extra/ \
&& rm ctc_chain.pem \
# If you already have pip installed:
# pip config set global.cert /usr/share/ca-certificates/extra/ctc_chain.pem
&& mkdir ~/.pip \
&& echo "[global]" > ~/.pip/pip.conf \
&& echo "cert=/usr/share/ca-certificates/extra/ctc_chain.pem" >> ~/.pip/pip.conf
RUN echo "Getting miniconda" \
&& wget --no-check-certificate --quiet https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O miniconda.sh
RUN echo "Installing miniconda" \
&& bash miniconda.sh -b -p /opt/conda \
&& rm miniconda.sh \
&& echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc
ENV PATH /opt/conda/bin:$PATH
RUN echo "Disable ssl_verify for Conda" \
&& conda config --set ssl_verify False \
&& conda install --name base pylint --yes
RUN echo "Allow docker in docker build commands to run" \
&& apt-get install -y docker.io
COPY requirements.txt .
RUN echo "Add additional project specific packages" \
&& apt-get install -y gcc unzip
RUN echo "Installing terraform cli" \
&& wget --no-check-certificate --quiet https://releases.hashicorp.com/terraform/0.12.20/terraform_0.12.20_linux_amd64.zip -O terraform.zip \
&& unzip terraform.zip \
&& mv terraform /usr/local/bin/ \
&& rm terraform.zip
RUN echo "Install python packages" \
&& pip install -r requirements.txt
RUN echo "Helpful for interactive container shells" \
&& echo "set -o vi" >> ~/.bashrc \
&& echo "export EDITOR=vi" >> ~/.bashrc
RUN echo "Avoid filemode issues with devcontainers" \
&& git config --global core.filemode false
RUN echo "Additional certificate changes for azure commandline" \
&& echo "export REQUESTS_CA_BUNDLE=/usr/share/ca-certificates/extra/ctc_chain.pem" >> ~/.bashrc
# Switch back to dialog for any ad-hoc use of apt-get
ENV DEBIAN_FRONTEND=dialog