mirror of
https://github.com/jessfraz/dockerfiles.git
synced 2024-11-27 04:16:45 +01:00
Bring Chromium container in line with Chrome (#240)
* No need for testing repo on Stretch * Run as unprivileged user * Bring documentation in line with Chrome container * Tweak Chrome docs (-O defines output file, -o is for logging) * Point to seccomp profile where the wget command suggests we download it * Fix CI build failure on Chromium
This commit is contained in:
parent
7585d176e9
commit
7e3eee7125
|
@ -8,14 +8,14 @@
|
||||||
# -e DISPLAY=unix$DISPLAY \
|
# -e DISPLAY=unix$DISPLAY \
|
||||||
# -v $HOME/Downloads:/home/chrome/Downloads \
|
# -v $HOME/Downloads:/home/chrome/Downloads \
|
||||||
# -v $HOME/.config/google-chrome/:/data \ # if you want to save state
|
# -v $HOME/.config/google-chrome/:/data \ # if you want to save state
|
||||||
# --security-opt seccomp=/etc/docker/seccomp/chrome.json
|
# --security-opt seccomp=$HOME/chrome.json \
|
||||||
# --device /dev/snd \ # so we have sound
|
# --device /dev/snd \ # so we have sound
|
||||||
# -v /dev/shm:/dev/shm \
|
# -v /dev/shm:/dev/shm \
|
||||||
# --name chrome \
|
# --name chrome \
|
||||||
# jess/chrome:beta
|
# jess/chrome:beta
|
||||||
#
|
#
|
||||||
# You will want the custom seccomp profile:
|
# You will want the custom seccomp profile:
|
||||||
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -o ~/chrome.json
|
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json
|
||||||
|
|
||||||
# Base docker image
|
# Base docker image
|
||||||
FROM debian:sid
|
FROM debian:sid
|
||||||
|
|
|
@ -8,14 +8,14 @@
|
||||||
# -e DISPLAY=unix$DISPLAY \
|
# -e DISPLAY=unix$DISPLAY \
|
||||||
# -v $HOME/Downloads:/home/chrome/Downloads \
|
# -v $HOME/Downloads:/home/chrome/Downloads \
|
||||||
# -v $HOME/.config/google-chrome/:/data \ # if you want to save state
|
# -v $HOME/.config/google-chrome/:/data \ # if you want to save state
|
||||||
# --security-opt seccomp=/etc/docker/seccomp/chrome.json
|
# --security-opt seccomp=$HOME/chrome.json \
|
||||||
# --device /dev/snd \ # so we have sound
|
# --device /dev/snd \ # so we have sound
|
||||||
# -v /dev/shm:/dev/shm \
|
# -v /dev/shm:/dev/shm \
|
||||||
# --name chrome \
|
# --name chrome \
|
||||||
# jess/chrome
|
# jess/chrome
|
||||||
#
|
#
|
||||||
# You will want the custom seccomp profile:
|
# You will want the custom seccomp profile:
|
||||||
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -o ~/chrome.json
|
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json
|
||||||
|
|
||||||
# Base docker image
|
# Base docker image
|
||||||
FROM debian:sid
|
FROM debian:sid
|
||||||
|
|
|
@ -1,23 +1,21 @@
|
||||||
# DESCRIPTION: Create chromium container with its dependencies
|
# Run Chromium in a container
|
||||||
# AUTHOR: Jessie Frazelle <jess@linux.com>
|
|
||||||
# COMMENTS:
|
|
||||||
# This file describes how to build a Chromium container with all
|
|
||||||
# dependencies installed. It uses native X11 unix socket.
|
|
||||||
# Tested on Debian Jessie
|
|
||||||
# USAGE:
|
|
||||||
# # Download Chromium Dockerfile
|
|
||||||
# wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/chromium/Dockerfile
|
|
||||||
#
|
#
|
||||||
# # Build chromium image
|
# docker run -it \
|
||||||
# docker build -t chromium .
|
# --net host \ # may as well YOLO
|
||||||
|
# --cpuset-cpus 0 \ # control the cpu
|
||||||
|
# --memory 512mb \ # max memory it can use
|
||||||
|
# -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket
|
||||||
|
# -e DISPLAY=unix$DISPLAY \
|
||||||
|
# -v $HOME/Downloads:/home/chromium/Downloads \
|
||||||
|
# -v $HOME/.config/chromium/:/data \ # if you want to save state
|
||||||
|
# --security-opt seccomp=$HOME/chrome.json \
|
||||||
|
# --device /dev/snd \ # so we have sound
|
||||||
|
# -v /dev/shm:/dev/shm \
|
||||||
|
# --name chromium \
|
||||||
|
# jess/chromium
|
||||||
#
|
#
|
||||||
# # Run stateful data-on-host chromium. For ephemeral, remove -v /data/chromium:/data
|
# You will want the custom seccomp profile:
|
||||||
# docker run -v /data/chromium:/data -v /tmp/.X11-unix:/tmp/.X11-unix \
|
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json
|
||||||
# -e DISPLAY=unix$DISPLAY chromium
|
|
||||||
|
|
||||||
# # To run stateful dockerized data containers
|
|
||||||
# docker run --volumes-from chromium-data -v /tmp/.X11-unix:/tmp/.X11-unix \
|
|
||||||
# -e DISPLAY=unix$DISPLAY chromium
|
|
||||||
|
|
||||||
# Base docker image
|
# Base docker image
|
||||||
FROM debian:stretch
|
FROM debian:stretch
|
||||||
|
@ -26,8 +24,7 @@ MAINTAINER Jessie Frazelle <jess@linux.com>
|
||||||
ADD https://dl.google.com/linux/direct/google-talkplugin_current_amd64.deb /src/google-talkplugin_current_amd64.deb
|
ADD https://dl.google.com/linux/direct/google-talkplugin_current_amd64.deb /src/google-talkplugin_current_amd64.deb
|
||||||
|
|
||||||
# Install Chromium
|
# Install Chromium
|
||||||
RUN echo 'deb http://httpredir.debian.org/debian testing main' >> /etc/apt/sources.list && \
|
RUN apt-get update && apt-get install -y \
|
||||||
apt-get update && apt-get install -y \
|
|
||||||
chromium \
|
chromium \
|
||||||
chromium-l10n \
|
chromium-l10n \
|
||||||
fonts-liberation \
|
fonts-liberation \
|
||||||
|
@ -39,7 +36,6 @@ RUN echo 'deb http://httpredir.debian.org/debian testing main' >> /etc/apt/sourc
|
||||||
libgl1-mesa-glx \
|
libgl1-mesa-glx \
|
||||||
libpango1.0-0 \
|
libpango1.0-0 \
|
||||||
libv4l-0 \
|
libv4l-0 \
|
||||||
-t testing \
|
|
||||||
fonts-symbola \
|
fonts-symbola \
|
||||||
--no-install-recommends \
|
--no-install-recommends \
|
||||||
&& rm -rf /var/lib/apt/lists/* \
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
|
@ -47,5 +43,12 @@ RUN echo 'deb http://httpredir.debian.org/debian testing main' >> /etc/apt/sourc
|
||||||
&& /bin/echo -e 'export GOOGLE_API_KEY="AIzaSyCkfPOPZXDKNn8hhgu3JrA62wIgC93d44k"\nexport GOOGLE_DEFAULT_CLIENT_ID="811574891467.apps.googleusercontent.com"\nexport GOOGLE_DEFAULT_CLIENT_SECRET="kdloedMFGdGla2P1zacGjAQh"' > /etc/chromium.d/googleapikeys \
|
&& /bin/echo -e 'export GOOGLE_API_KEY="AIzaSyCkfPOPZXDKNn8hhgu3JrA62wIgC93d44k"\nexport GOOGLE_DEFAULT_CLIENT_ID="811574891467.apps.googleusercontent.com"\nexport GOOGLE_DEFAULT_CLIENT_SECRET="kdloedMFGdGla2P1zacGjAQh"' > /etc/chromium.d/googleapikeys \
|
||||||
&& dpkg -i '/src/google-talkplugin_current_amd64.deb'
|
&& dpkg -i '/src/google-talkplugin_current_amd64.deb'
|
||||||
|
|
||||||
|
# Add chromium user
|
||||||
|
RUN groupadd -r chromium && useradd -r -g chromium -G audio,video chromium \
|
||||||
|
&& mkdir -p /home/chromium/Downloads && chown -R chromium:chromium /home/chromium
|
||||||
|
|
||||||
|
# Run as non privileged user
|
||||||
|
USER chromium
|
||||||
|
|
||||||
ENTRYPOINT [ "/usr/bin/chromium" ]
|
ENTRYPOINT [ "/usr/bin/chromium" ]
|
||||||
CMD [ "--user-data-dir=/data" ]
|
CMD [ "--user-data-dir=/data" ]
|
||||||
|
|
Loading…
Reference in New Issue
Block a user