Created
March 24, 2020 03:17
-
-
Save akitanaka/e6d8f3550d9179d006e0d787d4a1b3e7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) Jupyter Development Team. | |
| # Distributed under the terms of the Modified BSD License. | |
| # Ubuntu 18.04 (bionic) | |
| # https://hub.docker.com/_/ubuntu/?tab=tags&name=bionic | |
| # OS/ARCH: linux/arm64/v8 | |
| ARG ROOT_CONTAINER=ubuntu:bionic-20200219@sha256:fab7c78ecd4c52e801b8a597846ec5c00ff2e4f4d1d92f6af1c8390eabc1d2d5 | |
| ARG BASE_CONTAINER=$ROOT_CONTAINER | |
| FROM $BASE_CONTAINER | |
| LABEL maintainer="Jupyter Project <[email protected]>" | |
| ARG NB_USER="jovyan" | |
| ARG NB_UID="1000" | |
| ARG NB_GID="100" | |
| USER root | |
| # Install all OS dependencies for notebook server that starts but lacks all | |
| # features (e.g., download as all possible file formats) | |
| ENV DEBIAN_FRONTEND noninteractive | |
| RUN apt-get update \ | |
| && apt-get install -yq --no-install-recommends \ | |
| wget \ | |
| bzip2 \ | |
| ca-certificates \ | |
| sudo \ | |
| locales \ | |
| fonts-liberation \ | |
| run-one \ | |
| && apt-get clean && rm -rf /var/lib/apt/lists/* | |
| RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \ | |
| locale-gen | |
| # Configure environment | |
| ENV CONDA_DIR=/opt/conda \ | |
| SHELL=/bin/bash \ | |
| NB_USER=$NB_USER \ | |
| NB_UID=$NB_UID \ | |
| NB_GID=$NB_GID \ | |
| LC_ALL=en_US.UTF-8 \ | |
| LANG=en_US.UTF-8 \ | |
| LANGUAGE=en_US.UTF-8 | |
| ENV PATH=$CONDA_DIR/bin:$PATH \ | |
| HOME=/home/$NB_USER | |
| # Copy a script that we will use to correct permissions after running certain commands | |
| COPY fix-permissions /usr/local/bin/fix-permissions | |
| RUN chmod a+rx /usr/local/bin/fix-permissions | |
| # Enable prompt color in the skeleton .bashrc before creating the default NB_USER | |
| RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc | |
| # Create NB_USER wtih name jovyan user with UID=1000 and in the 'users' group | |
| # and make sure these dirs are writable by the `users` group. | |
| RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \ | |
| sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \ | |
| sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \ | |
| useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \ | |
| mkdir -p $CONDA_DIR && \ | |
| chown $NB_USER:$NB_GID $CONDA_DIR && \ | |
| chmod g+w /etc/passwd && \ | |
| fix-permissions $HOME && \ | |
| fix-permissions $CONDA_DIR | |
| USER $NB_UID | |
| WORKDIR $HOME | |
| ARG PYTHON_VERSION=default | |
| # Setup work directory for backward-compatibility | |
| RUN mkdir /home/$NB_USER/work && \ | |
| fix-permissions /home/$NB_USER | |
| # Install miniforge as jovyan and check the md5 sum provided on the download site | |
| # https://github.com/conda-forge/miniforge | |
| ENV MINIFORGE_VERSION=4.8.3-0 \ | |
| MINIFORGE_MD5=a670fec046e77c75289d855fcbb201c7 \ | |
| CONDA_VERSION=4.8.3 | |
| RUN cd /tmp && \ | |
| wget --quiet https://github.com/conda-forge/miniforge/releases/download/${MINIFORGE_VERSION}/Miniforge3-Linux-aarch64.sh && \ | |
| echo "${MINIFORGE_MD5} *Miniforge3-Linux-aarch64.sh" | md5sum -c - && \ | |
| /bin/bash Miniforge3-Linux-aarch64.sh -f -b -p $CONDA_DIR && \ | |
| rm Miniforge3-Linux-aarch64.sh && \ | |
| echo "conda ${CONDA_VERSION}" >> $CONDA_DIR/conda-meta/pinned && \ | |
| conda config --system --prepend channels conda-forge && \ | |
| conda config --system --set auto_update_conda false && \ | |
| conda config --system --set show_channel_urls true && \ | |
| conda config --system --set channel_priority strict && \ | |
| if [ ! $PYTHON_VERSION = 'default' ]; then conda install --yes python=$PYTHON_VERSION; fi && \ | |
| conda list python | grep '^python ' | tr -s ' ' | cut -d '.' -f 1,2 | sed 's/$/.*/' >> $CONDA_DIR/conda-meta/pinned && \ | |
| conda install --quiet --yes conda && \ | |
| conda install --quiet --yes pip && \ | |
| conda update --all --quiet --yes && \ | |
| conda clean --all -f -y && \ | |
| rm -rf /home/$NB_USER/.cache/yarn && \ | |
| fix-permissions $CONDA_DIR && \ | |
| fix-permissions /home/$NB_USER | |
| # Install Tini | |
| RUN conda install --quiet --yes 'tini=0.18.0' && \ | |
| conda list tini | grep tini | tr -s ' ' | cut -d ' ' -f 1,2 >> $CONDA_DIR/conda-meta/pinned && \ | |
| conda clean --all -f -y && \ | |
| fix-permissions $CONDA_DIR && \ | |
| fix-permissions /home/$NB_USER | |
| # Install Jupyter Notebook, Lab, and Hub | |
| # Generate a notebook server config | |
| # Cleanup temporary files | |
| # Correct permissions | |
| # Do all this in a single RUN command to avoid duplicating all of the | |
| # files across image layers when the permissions change | |
| RUN conda install --quiet --yes \ | |
| 'notebook=6.0.3' \ | |
| 'jupyterhub=1.1.0' \ | |
| 'jupyterlab=2.0.1' && \ | |
| conda clean --all -f -y && \ | |
| npm cache clean --force && \ | |
| jupyter notebook --generate-config && \ | |
| rm -rf $CONDA_DIR/share/jupyter/lab/staging && \ | |
| rm -rf /home/$NB_USER/.cache/yarn && \ | |
| fix-permissions $CONDA_DIR && \ | |
| fix-permissions /home/$NB_USER | |
| EXPOSE 8888 | |
| # Configure container startup | |
| ENTRYPOINT ["tini", "-g", "--"] | |
| CMD ["start-notebook.sh"] | |
| # Copy local files as late as possible to avoid cache busting | |
| COPY start.sh start-notebook.sh start-singleuser.sh /usr/local/bin/ | |
| COPY jupyter_notebook_config.py /etc/jupyter/ | |
| # Fix permissions on /etc/jupyter as root | |
| USER root | |
| RUN fix-permissions /etc/jupyter/ | |
| # Switch back to jovyan to avoid accidental container runs as root | |
| USER $NB_UID |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment