diff --git a/image_builder b/image_builder index fc7234b..8a136d3 100755 --- a/image_builder +++ b/image_builder @@ -2,6 +2,8 @@ set -eu +source recipes + readonly CMD=${1:-help} readonly RELEASE=${2:-stable} readonly DEBIAN_VERSION=${3:-bullseye} @@ -51,8 +53,19 @@ function main() fi } +function _run_function_in_container() +{ + CODE=$(type $1 | sed '1,3d;$d' | sed -e "s/\$RELEASE/$RELEASE/g" -e "s/\$DEBIAN_VERSION/$DEBIAN_VERSION/g" -e "s/\$gitbranch/$gitbranch/g") + cat << EOF | incus exec $CONTAINER +set -eux +$CODE +EOF +} + function _publish_as() { + _run_function_in_container slimify + local shortname="$1" local alias="ynh-$shortname-$DEBIAN_VERSION-$ARCH-$RELEASE-base" @@ -61,7 +74,7 @@ function _publish_as() local should_restart=0 # If the container is running, stop it - if [ "$(incus info $CONTAINER | grep Status | awk '{print tolower($2)}')" = "running" ] + if [ "$(incus info $CONTAINER >/dev/null 2>/dev/null | grep Status | awk '{print tolower($2)}')" = "running" ] then should_restart=1 incus stop "$CONTAINER" @@ -84,228 +97,37 @@ function _publish_as() function rebuild_build_and_lint() { - incus info $CONTAINER >/dev/null && incus delete $CONTAINER --force + incus info $CONTAINER >/dev/null 2>/dev/null && incus delete $CONTAINER --force incus launch images:debian/$DEBIAN_VERSION/$ARCH $CONTAINER sleep 5 $IN_CONTAINER dhclient eth0 - - # Needed to build and access artefacts on core CI ... incus file push ./gitlab-runner-light.deb $CONTAINER/root/ - $IN_CONTAINER /bin/bash -c "apt-get update" - $IN_CONTAINER /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install ca-certificates git curl --no-install-recommends" - $IN_CONTAINER /bin/bash -c "dpkg -i /root/gitlab-runner-light.deb" - $IN_CONTAINER /bin/bash -c "rm /root/gitlab-runner-light.deb" - - # This is for - # a) building .debs - TOOLING_APT_DEPENDENCIES="devscripts build-essential debhelper dpkg-dev dh-python wget hub" - TOOLING_APT_DEPENDENCIES+=" python3 python3-all python3-yaml python3-jinja2 python3-pip python-is-python3" - $IN_CONTAINER /bin/bash -c "apt-get update" - $IN_CONTAINER /bin/bash -c "DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt-get --assume-yes install $TOOLING_APT_DEPENDENCIES --no-install-recommends" - $IN_CONTAINER /bin/bash -c "apt-get clean" - - # b) running tox, black, mypy, flake8, i18n string consistency check, bot sending PRs (actually this one is 'hub' in apt dependency right before) - if [[ $DEBIAN_VERSION == "bullseye" ]] - then - TOOLING_PIP_DEPENDENCIES='pyOpenSSL "tox==4.0.0" ansi2html toml "black>=22.12" jinja2 "packaging<22"' - else - TOOLING_PIP_DEPENDENCIES='pyOpenSSL "tox>=4.17" ansi2html toml "black>=24.4" jinja2 --break-system-packages' - fi - $IN_CONTAINER /bin/bash -c "PIP_NO_CACHE_DIR=1 PIP_PROGRESS_BAR='off' python3 -m pip install -U $TOOLING_PIP_DEPENDENCIES" - - TOOLING_PIP_DEPENDENCIES='types-ipaddress types-enum34 types-cryptography types-toml types-requests types-PyYAML types-pyOpenSSL types-mock' - [[ $DEBIAN_VERSION == "bullseye" ]] || TOOLING_PIP_DEPENDENCIES+=" --break-system-packages" - $IN_CONTAINER /bin/bash -c "PIP_NO_CACHE_DIR=1 PIP_PROGRESS_BAR='off' python3 -m pip install -U $TOOLING_PIP_DEPENDENCIES" - - # Disable mandb because zzzzz: https://stackoverflow.com/questions/69974259/fully-disable-man-db - $IN_CONTAINER /bin/bash -c "mv /usr/bin/mandb /usr/bin/mandb-OFF" - $IN_CONTAINER /bin/bash -c "cp -p /bin/true /usr/bin/mandb" - $IN_CONTAINER /bin/bash -c "rm -r /var/cache/man" - $IN_CONTAINER /bin/bash -c "rm /var/lib/man-db/auto-update" - $IN_CONTAINER /bin/bash -c "apt-mark hold man-db" - - # Other tricks to save up space (at least 100MB or even 200MB wtf?!) - # https://stackoverflow.com/questions/59794891/how-does-debian-differ-from-debian-slim - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/doc" - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/info" - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/i18n" - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/locale" - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/man" - $IN_CONTAINER /bin/bash -c "rm -rf /var/lib/apt/lists/*" - $IN_CONTAINER /bin/bash -c "apt remove vim --purge --autoremove --assume-yes || true" - - # Disable apt annoyances - $IN_CONTAINER systemctl -q disable apt-daily.timer --now - $IN_CONTAINER systemctl -q disable apt-daily-upgrade.timer --now - $IN_CONTAINER systemctl -q disable apt-daily.service --now - $IN_CONTAINER systemctl -q disable apt-daily-upgrade.service --now - $IN_CONTAINER rm -f /etc/cron.daily/apt-compat - $IN_CONTAINER cp /bin/true /usr/lib/apt/apt.systemd.daily ########################################################################### - _publish_as "build-and-lint" + + _run_function_in_container build_and_lint && _publish_as "build-and-lint" + ########################################################################### incus stop $CONTAINER incus delete $CONTAINER } -function _dependencies_to_preinstall() -{ - curl https://raw.githubusercontent.com/YunoHost/yunohost/$gitbranch/debian/control 2> /dev/null | sed -n '/^Depends:/,/^\w/{//!p}' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" | grep -v "moulinette\|ssowat\|yunohost-portal" - curl https://raw.githubusercontent.com/YunoHost/yunohost/$gitbranch/debian/control 2> /dev/null | sed -n '/^Recommends:/,/^\w/{//!p}' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" | grep -v "yunohost-admin" - curl https://raw.githubusercontent.com/YunoHost/moulinette/$gitbranch/debian/control 2> /dev/null | sed -n '/^Depends:/,/^\w/{//!p}' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" - # Same as above, except that all dependencies are in the same line - curl https://raw.githubusercontent.com/YunoHost/ssowat/$gitbranch/debian/control 2> /dev/null | grep '^Depends:' | sed 's/Depends://' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" -} - function rebuild() { - incus info $CONTAINER >/dev/null && incus delete $CONTAINER --force + incus info $CONTAINER >/dev/null 2>/dev/null && incus delete $CONTAINER --force incus launch images:debian/$DEBIAN_VERSION/$ARCH $CONTAINER -c security.privileged=true -c security.nesting=true - sleep 5 $IN_CONTAINER dhclient eth0 - - # Needed to build and access artefacts on core CI ... incus file push ./gitlab-runner-light.deb $CONTAINER/root/ - $IN_CONTAINER /bin/bash -c "apt update" - $IN_CONTAINER /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install ca-certificates git curl" - $IN_CONTAINER /bin/bash -c "dpkg -i /root/gitlab-runner-light.deb" - $IN_CONTAINER /bin/bash -c "rm /root/gitlab-runner-light.deb" - - local INSTALL_SCRIPT="https://raw.githubusercontent.com/YunoHost/install_script/main/$DEBIAN_VERSION" - - # Download the YunoHost install script - $IN_CONTAINER /bin/bash -c "curl $INSTALL_SCRIPT > install.sh" - - # Disable the install of yunohost itself, because we need this for the core CI - $IN_CONTAINER /bin/bash -c "sed -i -E 's/(step\s+install_yunohost_packages)/#\1/' install.sh" - $IN_CONTAINER /bin/bash -c "sed -i -E 's/(^\s+install_yunohost_packages)/#\1/' install.sh" - - # Trick to disable restarting the service during install - $IN_CONTAINER /bin/bash -c "sed -i -E 's/(step\s+restart_services)/echo skip restart service #\1/' install.sh" - $IN_CONTAINER /bin/bash -c "echo exit 101 > /usr/sbin/policy-rc.d" - $IN_CONTAINER /bin/bash -c "chmod +x /usr/sbin/policy-rc.d" - - # Actual install of everything...except yunohost itself - $IN_CONTAINER /bin/bash -c "cat install.sh | bash -s -- -a -d $RELEASE" - - # To extract the dependencies, we want to retrieve the lines between "^Dependencies:" and the new line that doesn't start with a space (exclusively) . Then, we remove ",", then we remove the version specifiers "(>= X.Y)", then we add simple quotes to packages when there is a pipe (or) 'php-mysql|php-mysqlnd'. - $IN_CONTAINER /bin/bash -c "apt update" - $IN_CONTAINER /bin/bash -c "DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt-get --assume-yes install python3-all $(_dependencies_to_preinstall | tr '\n' ' ')" - $IN_CONTAINER /bin/bash -c "apt clean" - - $IN_CONTAINER /bin/bash -c "rm /usr/sbin/policy-rc.d" - - $IN_CONTAINER systemctl -q disable apt-daily.timer --now - $IN_CONTAINER systemctl -q disable apt-daily-upgrade.timer --now - $IN_CONTAINER systemctl -q disable apt-daily.service --now - $IN_CONTAINER systemctl -q disable apt-daily-upgrade.service --now - $IN_CONTAINER rm -f /etc/cron.daily/apt-compat - $IN_CONTAINER cp /bin/true /usr/lib/apt/apt.systemd.daily - - # Disable mandb because zzzzz: https://stackoverflow.com/questions/69974259/fully-disable-man-db - $IN_CONTAINER /bin/bash -c "mv /usr/bin/mandb /usr/bin/mandb-OFF" - $IN_CONTAINER /bin/bash -c "cp -p /bin/true /usr/bin/mandb" - $IN_CONTAINER /bin/bash -c "rm -r /var/cache/man" - $IN_CONTAINER /bin/bash -c "rm /var/lib/man-db/auto-update" - $IN_CONTAINER /bin/bash -c "apt-mark hold man-db" - - # Other tricks to save up space (at least 100MB or even 200MB wtf?!) - # https://stackoverflow.com/questions/59794891/how-does-debian-differ-from-debian-slim - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/doc" - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/info" - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/i18n" - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/locale" - $IN_CONTAINER /bin/bash -c "rm -rf /usr/share/man" - $IN_CONTAINER /bin/bash -c "rm -rf /var/lib/apt/lists/*" - $IN_CONTAINER /bin/bash -c "apt remove vim --purge --autoremove --assume-yes || true" - - # Disable services that are useless in the vast majority of cases to try to improve perfs - $IN_CONTAINER systemctl -q disable rspamd --now || true - $IN_CONTAINER systemctl -q disable dovecot --now || true - $IN_CONTAINER systemctl -q disable postsrsd --now || true - $IN_CONTAINER systemctl -q disable metronome --now || true - $IN_CONTAINER systemctl -q disable fake-hwclock.service --now || true - $IN_CONTAINER systemctl -q disable haveged.service --now || true - $IN_CONTAINER systemctl -q disable unattended-upgrades.service --now || true - $IN_CONTAINER systemctl -q disable e2scrub_all.timer --now || true - $IN_CONTAINER systemctl -q disable logrotate.timer --now || true - $IN_CONTAINER systemctl -q disable phpsessionclean.timer --now || true - $IN_CONTAINER systemctl -q disable systemd-tmpfiles-clean.timer --now || true - - # FIXME: where does this comes from x_x / why - $IN_CONTAINER sed -i 's/worker_processes.*;/worker_processes 4;/g' /etc/nginx/nginx.conf - - $IN_CONTAINER reboot 0 - sleep 5 - ########################################################################### - _publish_as "before-install" ########################################################################### - # Publish ynh-dev image - YUNOHOST_PACKAGES="yunohost yunohost-admin" - if [[ $DEBIAN_VERSION == "bookworm" ]]; then - YUNOHOST_PACKAGES+=" yunohost-portal" - fi - # Do not install vim (in recommends), just to save up space... - YUNOHOST_PACKAGES+=" vim-" - $IN_CONTAINER /bin/bash -c "apt update" - $IN_CONTAINER /bin/bash -c "DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt-get --assume-yes install $YUNOHOST_PACKAGES" - $IN_CONTAINER /bin/bash -c "apt clean" - $IN_CONTAINER systemctl -q disable yunohost-api --now - $IN_CONTAINER systemctl -q disable yunoprompt --now - $IN_CONTAINER /bin/bash -c "rm -rf /var/lib/apt/lists/*" + _run_function_in_container before_install && _publish_as "before-install" + _run_function_in_container dev && _publish_as "dev" + _run_function_in_container appci && _publish_as "appci" + _run_function_in_container core_tests && _publish_as "core-tests" - ########################################################################### - _publish_as "dev" - ########################################################################### - - local YUNO_PWD="SomeSuperStrongPassword" - local DOMAIN="domain.tld" - local SUBDOMAIN="sub.$DOMAIN" - local TEST_USER="package_checker" - local TEST_USER_DISPLAY=${TEST_USER//"_"/""} - - $IN_CONTAINER yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --username $TEST_USER --fullname "$TEST_USER_DISPLAY" - - # Disable password strength check for convenience on the app CI - $IN_CONTAINER /bin/bash -c "echo 'admin_strength: -1' >> /etc/yunohost/settings.yml" - $IN_CONTAINER /bin/bash -c "echo 'user_strength: -1' >> /etc/yunohost/settings.yml" - - $IN_CONTAINER yunohost domain add $SUBDOMAIN - - $IN_CONTAINER /bin/bash -c "rm -rf /var/lib/apt/lists/*" - - ########################################################################### - _publish_as "appci" - ########################################################################### - - # Reneable default password strength check - $IN_CONTAINER /bin/bash -c "sed -i '/admin_strength/d' /etc/yunohost/settings.yml" - $IN_CONTAINER /bin/bash -c "sed -i '/user_strength/d' /etc/yunohost/settings.yml" - - CORE_TESTS_APT_DEPENDENCIES="python3-pip" - CORE_TESTS_PIP_DEPENCENDIES='mock pip pyOpenSSL pytest pytest-cov pytest-mock pytest-sugar requests-mock "packaging<22"' - - if [[ "$DEBIAN_VERSION" == "bookworm" ]] - then - # We add php8.2-cli, mariadb-client and mariadb-server to the dependencies for test_app_resources - CORE_TESTS_APT_DEPENDENCIES+=" php8.2-cli mariadb-client mariadb-server" - CORE_TESTS_PIP_DEPENCENDIES+=" --break-system-packages" - fi - - $IN_CONTAINER /bin/bash -c "apt-get update" - $IN_CONTAINER /bin/bash -c "DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt-get --assume-yes install --no-install-recommends $CORE_TESTS_APT_DEPENDENCIES" - $IN_CONTAINER /bin/bash -c "apt-get clean" - $IN_CONTAINER /bin/bash -c "PIP_NO_CACHE_DIR=1 PIP_PROGRESS_BAR='off' python3 -m pip install -U $CORE_TESTS_PIP_DEPENCENDIES" - - $IN_CONTAINER /bin/bash -c "rm -rf /var/lib/apt/lists/*" - - ########################################################################### - _publish_as "core-tests" ########################################################################### incus stop $CONTAINER @@ -317,36 +139,12 @@ function update_appci() local BASE="ynh-dev-$DEBIAN_VERSION-$ARCH-$RELEASE-base" incus launch $BASE $CONTAINER -c security.privileged=true -c security.nesting=true - sleep 3 - - echo "nameserver 8.8.8.8" | $IN_CONTAINER tee /etc/resolv.conf - - sleep 3 - - $IN_CONTAINER ping -c3 deb.debian.org || exit 1 - - $IN_CONTAINER apt-get update - $IN_CONTAINER apt-get dist-upgrade -y - - local YUNO_PWD="SomeSuperStrongPassword" - local DOMAIN="domain.tld" - local SUBDOMAIN="sub.$DOMAIN" - local TEST_USER="package_checker" - local TEST_USER_DISPLAY=${TEST_USER//"_"/""} - - # Disable password strength check - $IN_CONTAINER yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --username $TEST_USER --fullname "$TEST_USER_DISPLAY" - - $IN_CONTAINER /bin/bash -c "echo 'admin_strength: -1' >> /etc/yunohost/settings.yml" - $IN_CONTAINER /bin/bash -c "echo 'user_strength: -1' >> /etc/yunohost/settings.yml" - - $IN_CONTAINER yunohost domain add $SUBDOMAIN - - $IN_CONTAINER yunohost --version + $IN_CONTAINER apt update + $IN_CONTAINER apt full-upgrade --assume-yes + _run_function_in_container appci && _publish_as appci incus stop $CONTAINER - _publish_as "appci" incus delete $CONTAINER } diff --git a/recipes b/recipes new file mode 100755 index 0000000..17d41c5 --- /dev/null +++ b/recipes @@ -0,0 +1,171 @@ +#!/bin/bash + +function build_and_lint() +{ + APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install --no-install-recommends" + + # Needed to build and access artefacts on core CI ... + $APT_INSTALL ca-certificates git curl + dpkg -i /root/gitlab-runner-light.deb + rm /root/gitlab-runner-light.deb + + # This is for + # a) building .debs + TOOLING_APT_DEPENDENCIES="devscripts build-essential debhelper dpkg-dev dh-python wget hub" + TOOLING_APT_DEPENDENCIES+=" python3 python3-all python3-yaml python3-jinja2 python3-pip python-is-python3" + $APT_INSTALL $TOOLING_APT_DEPENDENCIES + + # b) running tox, black, mypy, flake8, i18n string consistency check, bot sending PRs (actually this one is 'hub' in apt dependency right before) + if [[ $DEBIAN_VERSION == "bullseye" ]] + then + TOOLING_PIP_DEPENDENCIES='pyOpenSSL "tox==4.0.0" ansi2html toml "black>=22.12" jinja2 "packaging<22"' + else + TOOLING_PIP_DEPENDENCIES='pyOpenSSL "tox>=4.17" ansi2html toml "black>=24.4" jinja2 --break-system-packages' + fi + PIP_NO_CACHE_DIR=1 PIP_PROGRESS_BAR='off' python3 -m pip install -U $TOOLING_PIP_DEPENDENCIES + + TOOLING_PIP_DEPENDENCIES='types-ipaddress types-enum34 types-cryptography types-toml types-requests types-PyYAML types-pyOpenSSL types-mock' + [[ $DEBIAN_VERSION == "bullseye" ]] || TOOLING_PIP_DEPENDENCIES+=" --break-system-packages" + PIP_NO_CACHE_DIR=1 PIP_PROGRESS_BAR='off' python3 -m pip install -U $TOOLING_PIP_DEPENDENCIES +} + +function before_install() +{ + APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install --no-install-recommends" + + # Needed to build and access artefacts on core CI ... + $APT_INSTALL ca-certificates git curl + dpkg -i /root/gitlab-runner-light.deb + rm /root/gitlab-runner-light.deb + + # Download the YunoHost install script + INSTALL_SCRIPT="https://raw.githubusercontent.com/YunoHost/install_script/main/$DEBIAN_VERSION" + curl $INSTALL_SCRIPT > install.sh + + # Disable the install of yunohost itself, because we need this for the core CI + sed -i -E 's/(step\s+install_yunohost_packages)/#\1/' install.sh + sed -i -E 's/(^\s+install_yunohost_packages)/#\1/' install.sh + + # Trick to disable restarting the service during install + sed -i -E 's/(step\s+restart_services)/echo skip restart service #\1/' install.sh + echo exit 101 > /usr/sbin/policy-rc.d + chmod +x /usr/sbin/policy-rc.d + + # Actual install of everything...except yunohost itself + cat install.sh | bash -s -- -a -d $RELEASE + + DEPENDENCIES_TO_PREINSTALL=$( + curl https://raw.githubusercontent.com/YunoHost/yunohost/$gitbranch/debian/control 2> /dev/null | sed -n '/^Depends:/,/^\w/{//!p}' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" | grep -v "moulinette\|ssowat\|yunohost-portal"; + curl https://raw.githubusercontent.com/YunoHost/yunohost/$gitbranch/debian/control 2> /dev/null | sed -n '/^Recommends:/,/^\w/{//!p}' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" | grep -v "yunohost-admin"; + curl https://raw.githubusercontent.com/YunoHost/moulinette/$gitbranch/debian/control 2> /dev/null | sed -n '/^Depends:/,/^\w/{//!p}' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g"; + # Same as above, except that all dependencies are in the same line + curl https://raw.githubusercontent.com/YunoHost/ssowat/$gitbranch/debian/control 2> /dev/null | grep '^Depends:' | sed 's/Depends://' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g"; + ) + + # To extract the dependencies, we want to retrieve the lines between "^Dependencies:" and the new line that doesn't start with a space (exclusively) . Then, we remove ",", then we remove the version specifiers "(>= X.Y)", then we add simple quotes to packages when there is a pipe (or) 'php-mysql|php-mysqlnd'. + APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install" + export SUDO_FORCE_REMOVE=yes + $APT_INSTALL python3-all $(echo $DEPENDENCIES_TO_PREINSTALL | tr '\n' ' ') + + rm /usr/sbin/policy-rc.d + + # FIXME: where does this comes from x_x / why + sed -i 's/worker_processes.*;/worker_processes 4;/g' /etc/nginx/nginx.conf +} + +function dev() +{ + YUNOHOST_PACKAGES="yunohost yunohost-admin" + if [[ $DEBIAN_VERSION == "bookworm" ]]; then + YUNOHOST_PACKAGES+=" yunohost-portal" + fi + # Do not install vim (in recommends), just to save up space... + YUNOHOST_PACKAGES+=" vim-" + export SUDO_FORCE_REMOVE=yes + APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install" + $APT_INSTALL $YUNOHOST_PACKAGES +} + +function appci() +{ + YUNO_PWD="SomeSuperStrongPassword" + DOMAIN="domain.tld" + SUBDOMAIN="sub.$DOMAIN" + TEST_USER="package_checker" + TEST_USER_DISPLAY=${TEST_USER//"_"/""} + + yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --username $TEST_USER --fullname "$TEST_USER_DISPLAY" + + # Disable password strength check for convenience on the app CI + echo 'admin_strength: -1' >> /etc/yunohost/settings.yml + echo 'user_strength: -1' >> /etc/yunohost/settings.yml + + yunohost domain add $SUBDOMAIN +} + +function core_tests() +{ + # Reneable default password strength check + sed -i '/admin_strength/d' /etc/yunohost/settings.yml + sed -i '/user_strength/d' /etc/yunohost/settings.yml + + CORE_TESTS_APT_DEPENDENCIES="python3-pip" + CORE_TESTS_PIP_DEPENCENDIES='mock pip pyOpenSSL pytest pytest-cov pytest-mock pytest-sugar requests-mock "packaging<22"' + + if [[ "$DEBIAN_VERSION" == "bookworm" ]] + then + # We add php8.2-cli, mariadb-client and mariadb-server to the dependencies for test_app_resources + CORE_TESTS_APT_DEPENDENCIES+=" php8.2-cli mariadb-client mariadb-server" + CORE_TESTS_PIP_DEPENCENDIES+=" --break-system-packages" + fi + + APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install --no-install-recommends" + $APT_INSTALL $CORE_TESTS_APT_DEPENDENCIES + PIP_NO_CACHE_DIR=1 PIP_PROGRESS_BAR='off' python3 -m pip install -U $CORE_TESTS_PIP_DEPENCENDIES +} + +function slimify() +{ + apt clean + + # Disable mandb because zzzzz: https://stackoverflow.com/questions/69974259/fully-disable-man-db + mv /usr/bin/mandb /usr/bin/mandb-OFF + cp -p /bin/true /usr/bin/mandb + rm -r /var/cache/man + rm /var/lib/man-db/auto-update + apt-mark hold man-db + + # Other tricks to save up space (at least 100MB or even 200MB wtf?!) + # https://stackoverflow.com/questions/59794891/how-does-debian-differ-from-debian-slim + rm -rf /usr/share/doc + rm -rf /usr/share/info + rm -rf /usr/share/i18n + rm -rf /usr/share/locale + rm -rf /usr/share/man + rm -rf /var/lib/apt/lists/* + apt remove vim --purge --autoremove --assume-yes || true + + # Disable apt annoyances + systemctl -q disable apt-daily.timer --now + systemctl -q disable apt-daily-upgrade.timer --now + systemctl -q disable apt-daily.service --now + systemctl -q disable apt-daily-upgrade.service --now + rm -f /etc/cron.daily/apt-compat + cp /bin/true /usr/lib/apt/apt.systemd.daily + + # Disable services that are useless in the vast majority of cases to try to improve perfs + systemctl -q disable rspamd --now || true + systemctl -q disable dovecot --now || true + systemctl -q disable postsrsd --now || true + systemctl -q disable metronome --now || true + systemctl -q disable opendkim --now || true + systemctl -q disable fake-hwclock.service --now || true + systemctl -q disable haveged.service --now || true + systemctl -q disable unattended-upgrades.service --now || true + systemctl -q disable e2scrub_all.timer --now || true + systemctl -q disable logrotate.timer --now || true + systemctl -q disable phpsessionclean.timer --now || true + systemctl -q disable systemd-tmpfiles-clean.timer --now || true + systemctl -q disable yunohost-api --now || true + systemctl -q disable yunoprompt --now || true +}