mirror of
https://github.com/jessfraz/dockerfiles.git
synced 2024-11-27 04:16:45 +01:00
Bring Chromium container in line with Chrome (#240)
* No need for testing repo on Stretch * Run as unprivileged user * Bring documentation in line with Chrome container * Tweak Chrome docs (-O defines output file, -o is for logging) * Point to seccomp profile where the wget command suggests we download it * Fix CI build failure on Chromium
This commit is contained in:
parent
7585d176e9
commit
7e3eee7125
|
@ -8,14 +8,14 @@
|
|||
# -e DISPLAY=unix$DISPLAY \
|
||||
# -v $HOME/Downloads:/home/chrome/Downloads \
|
||||
# -v $HOME/.config/google-chrome/:/data \ # if you want to save state
|
||||
# --security-opt seccomp=/etc/docker/seccomp/chrome.json
|
||||
# --security-opt seccomp=$HOME/chrome.json \
|
||||
# --device /dev/snd \ # so we have sound
|
||||
# -v /dev/shm:/dev/shm \
|
||||
# --name chrome \
|
||||
# jess/chrome:beta
|
||||
#
|
||||
# You will want the custom seccomp profile:
|
||||
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -o ~/chrome.json
|
||||
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json
|
||||
|
||||
# Base docker image
|
||||
FROM debian:sid
|
||||
|
|
|
@ -8,14 +8,14 @@
|
|||
# -e DISPLAY=unix$DISPLAY \
|
||||
# -v $HOME/Downloads:/home/chrome/Downloads \
|
||||
# -v $HOME/.config/google-chrome/:/data \ # if you want to save state
|
||||
# --security-opt seccomp=/etc/docker/seccomp/chrome.json
|
||||
# --security-opt seccomp=$HOME/chrome.json \
|
||||
# --device /dev/snd \ # so we have sound
|
||||
# -v /dev/shm:/dev/shm \
|
||||
# --name chrome \
|
||||
# jess/chrome
|
||||
#
|
||||
# You will want the custom seccomp profile:
|
||||
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -o ~/chrome.json
|
||||
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json
|
||||
|
||||
# Base docker image
|
||||
FROM debian:sid
|
||||
|
|
|
@ -1,23 +1,21 @@
|
|||
# DESCRIPTION: Create chromium container with its dependencies
|
||||
# AUTHOR: Jessie Frazelle <jess@linux.com>
|
||||
# COMMENTS:
|
||||
# This file describes how to build a Chromium container with all
|
||||
# dependencies installed. It uses native X11 unix socket.
|
||||
# Tested on Debian Jessie
|
||||
# USAGE:
|
||||
# # Download Chromium Dockerfile
|
||||
# wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/chromium/Dockerfile
|
||||
# Run Chromium in a container
|
||||
#
|
||||
# # Build chromium image
|
||||
# docker build -t chromium .
|
||||
# docker run -it \
|
||||
# --net host \ # may as well YOLO
|
||||
# --cpuset-cpus 0 \ # control the cpu
|
||||
# --memory 512mb \ # max memory it can use
|
||||
# -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket
|
||||
# -e DISPLAY=unix$DISPLAY \
|
||||
# -v $HOME/Downloads:/home/chromium/Downloads \
|
||||
# -v $HOME/.config/chromium/:/data \ # if you want to save state
|
||||
# --security-opt seccomp=$HOME/chrome.json \
|
||||
# --device /dev/snd \ # so we have sound
|
||||
# -v /dev/shm:/dev/shm \
|
||||
# --name chromium \
|
||||
# jess/chromium
|
||||
#
|
||||
# # Run stateful data-on-host chromium. For ephemeral, remove -v /data/chromium:/data
|
||||
# docker run -v /data/chromium:/data -v /tmp/.X11-unix:/tmp/.X11-unix \
|
||||
# -e DISPLAY=unix$DISPLAY chromium
|
||||
|
||||
# # To run stateful dockerized data containers
|
||||
# docker run --volumes-from chromium-data -v /tmp/.X11-unix:/tmp/.X11-unix \
|
||||
# -e DISPLAY=unix$DISPLAY chromium
|
||||
# You will want the custom seccomp profile:
|
||||
# wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json
|
||||
|
||||
# Base docker image
|
||||
FROM debian:stretch
|
||||
|
@ -26,26 +24,31 @@ MAINTAINER Jessie Frazelle <jess@linux.com>
|
|||
ADD https://dl.google.com/linux/direct/google-talkplugin_current_amd64.deb /src/google-talkplugin_current_amd64.deb
|
||||
|
||||
# Install Chromium
|
||||
RUN echo 'deb http://httpredir.debian.org/debian testing main' >> /etc/apt/sources.list && \
|
||||
apt-get update && apt-get install -y \
|
||||
chromium \
|
||||
chromium-l10n \
|
||||
fonts-liberation \
|
||||
fonts-roboto \
|
||||
hicolor-icon-theme \
|
||||
libcanberra-gtk-module \
|
||||
libexif-dev \
|
||||
libgl1-mesa-dri \
|
||||
libgl1-mesa-glx \
|
||||
libpango1.0-0 \
|
||||
libv4l-0 \
|
||||
-t testing \
|
||||
fonts-symbola \
|
||||
--no-install-recommends \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& mkdir -p /etc/chromium.d/ \
|
||||
&& /bin/echo -e 'export GOOGLE_API_KEY="AIzaSyCkfPOPZXDKNn8hhgu3JrA62wIgC93d44k"\nexport GOOGLE_DEFAULT_CLIENT_ID="811574891467.apps.googleusercontent.com"\nexport GOOGLE_DEFAULT_CLIENT_SECRET="kdloedMFGdGla2P1zacGjAQh"' > /etc/chromium.d/googleapikeys \
|
||||
&& dpkg -i '/src/google-talkplugin_current_amd64.deb'
|
||||
RUN apt-get update && apt-get install -y \
|
||||
chromium \
|
||||
chromium-l10n \
|
||||
fonts-liberation \
|
||||
fonts-roboto \
|
||||
hicolor-icon-theme \
|
||||
libcanberra-gtk-module \
|
||||
libexif-dev \
|
||||
libgl1-mesa-dri \
|
||||
libgl1-mesa-glx \
|
||||
libpango1.0-0 \
|
||||
libv4l-0 \
|
||||
fonts-symbola \
|
||||
--no-install-recommends \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& mkdir -p /etc/chromium.d/ \
|
||||
&& /bin/echo -e 'export GOOGLE_API_KEY="AIzaSyCkfPOPZXDKNn8hhgu3JrA62wIgC93d44k"\nexport GOOGLE_DEFAULT_CLIENT_ID="811574891467.apps.googleusercontent.com"\nexport GOOGLE_DEFAULT_CLIENT_SECRET="kdloedMFGdGla2P1zacGjAQh"' > /etc/chromium.d/googleapikeys \
|
||||
&& dpkg -i '/src/google-talkplugin_current_amd64.deb'
|
||||
|
||||
# Add chromium user
|
||||
RUN groupadd -r chromium && useradd -r -g chromium -G audio,video chromium \
|
||||
&& mkdir -p /home/chromium/Downloads && chown -R chromium:chromium /home/chromium
|
||||
|
||||
# Run as non privileged user
|
||||
USER chromium
|
||||
|
||||
ENTRYPOINT [ "/usr/bin/chromium" ]
|
||||
CMD [ "--user-data-dir=/data" ]
|
||||
|
|
Loading…
Reference in New Issue
Block a user