Update Dockerfiles

- r-ver: Copy R from rsi image
- rstudio: Copy Git from gsi image
  - Update rstudio install scripts
- verse: Remove packages less and ssh
  - Packages are now part of rstudio image

r-ver/.gitlab-ci.yml

@@ -36,7 +36,7 @@
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: "/certs"
     CRAN: https://cloud.r-project.org
-    R_VERSION_UPDATE: "false"
+    R_VERSION_UPDATE: "true"
   before_script:
     - *before-script-build
 

r-ver/latest.Dockerfile

-FROM debian:bullseye
+ARG IMAGE=debian:bullseye
+ARG R_VERSION=4.1.1
 
-LABEL org.label-schema.license="GPL-2.0" \
-      org.label-schema.vcs-url="https://gitlab.b-data.ch/r/docker-stack" \
-      maintainer="Olivier Benz <olivier.benz@b-data.ch>"
+FROM registry.gitlab.b-data.ch/r/rsi/${R_VERSION}/${IMAGE} as rsi
 
+FROM ${IMAGE}
+
+LABEL org.opencontainers.image.licenses="GPL-2.0" \
+      org.opencontainers.image.source="https://gitlab.b-data.ch/r/docker-stack" \
+      org.opencontainers.image.vendor="b-data GmbH" \
+      org.opencontainers.image.authors="Olivier Benz <olivier.benz@b-data.ch>"
+
+ARG IMAGE=debian:bullseye
 ARG DEBIAN_FRONTEND=noninteractive
 
-ARG R_VERSION
+ARG LAPACK=libopenblas-dev
+ARG R_VERSION=4.1.1
 ARG BUILD_DATE
-ARG CRAN
+ARG CRAN=https://cran.rstudio.com
 ## Setting a BUILD_DATE will set CRAN to the matching MRAN date
 ## No BUILD_DATE means that CRAN will default to latest 
-ENV R_VERSION=${R_VERSION:-4.1.1} \
-    CRAN=${CRAN:-https://cran.rstudio.com} \ 
+ENV BASE_IMAGE=${IMAGE} \
+    R_VERSION=${R_VERSION} \
+    CRAN=${CRAN} \ 
     LC_ALL=en_US.UTF-8 \
     LANG=en_US.UTF-8 \
-    TERM=xterm
+    TERM=xterm \
+    TZ=Etc/UTC
+
+COPY --from=rsi /usr/local /usr/local
 
 RUN apt-get update \
   && apt-get install -y --no-install-recommends \
     bash-completion \
+    build-essential \
     ca-certificates \
+    devscripts \
     file \
     fonts-texgyre \
     g++ \
     gfortran \
     gsfonts \
     libblas-dev \
-    libbz2-1.0 \
-    libcurl4 \
-    libicu67 \
-    libjpeg62-turbo \
-    libopenblas-dev \
-    libpangocairo-1.0-0 \
-    libpcre2-8-0 \
-    libpng16-16 \
-    libreadline8 \
-    libtiff5 \
-    liblzma5 \
+    libbz2-dev \
+    '^libcurl[3|4]$' \
+    libicu-dev \
+    '^libjpeg.*-turbo.*-dev$' \
+    liblzma-dev \
+    ${LAPACK} \
+    libpangocairo-* \
+    libpaper-utils \
+    '^libpcre[2|3]-dev$' \
+    libpng-dev \
+    libreadline-dev \
+    libtiff* \
     locales \
-    make \
+    pkg-config \
     unzip \
     zip \
     zlib1g \
+  ## Update locale
   && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \
   && locale-gen en_US.utf8 \
   && /usr/sbin/update-locale LANG=en_US.UTF-8 \
-  && BUILDDEPS="curl \
-    default-jdk \
-    libbz2-dev \
-    libcairo2-dev \
-    libcurl4-openssl-dev \
-    libpango1.0-dev \
-    libjpeg-dev \
-    libicu-dev \
-    libpcre2-dev \
-    libpng-dev \
-    libreadline-dev \
-    libtiff5-dev \
-    liblzma-dev \
-    libx11-dev \
-    libxt-dev \
-    perl \
-    tcl8.6-dev \
-    tk8.6-dev \
-    texinfo \
-    texlive-extra-utils \
-    texlive-fonts-recommended \
-    texlive-fonts-extra \
-    texlive-latex-recommended \
-    x11proto-core-dev \
-    xauth \
-    xfonts-base \
-    xvfb \
-    zlib1g-dev" \
-  && apt-get install -y --no-install-recommends $BUILDDEPS \
-  && cd tmp/ \
-  ## Download source code
-  && curl -O https://cran.r-project.org/src/base/R-4/R-${R_VERSION}.tar.gz \
-  ## Extract source code
-  && tar -xf R-${R_VERSION}.tar.gz \
-  && cd R-${R_VERSION} \
-  ## Set compiler flags
-  && R_PAPERSIZE=letter \
-    R_BATCHSAVE="--no-save --no-restore" \
-    R_BROWSER=xdg-open \
-    PAGER=/usr/bin/pager \
-    PERL=/usr/bin/perl \
-    R_UNZIPCMD=/usr/bin/unzip \
-    R_ZIPCMD=/usr/bin/zip \
-    R_PRINTCMD=/usr/bin/lpr \
-    LIBnn=lib \
-    AWK=/usr/bin/awk \
-    CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -g" \
-    CXXFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -g" \
-  ## Configure options
-  ./configure --enable-R-shlib \
-               --enable-memory-profiling \
-               --with-readline \
-               --with-blas \
-               --with-tcltk \
-               --disable-nls \
-               --with-recommended-packages \
-  ## Build and install
-  && make \
-  && make install \
   ## Add a library directory (for user-installed packages)
   && mkdir -p /usr/local/lib/R/site-library \
   && chown root:staff /usr/local/lib/R/site-library \
   && chmod g+ws /usr/local/lib/R/site-library \
   ## Fix library path
-  #&& sed -i '/^R_LIBS_USER=.*$/d' /usr/local/lib/R/etc/Renviron \
   && echo "R_LIBS_SITE=\${R_LIBS_SITE-'/usr/local/lib/R/site-library'}" >> /usr/local/lib/R/etc/Renviron \
-  #&& echo "R_LIBS=\${R_LIBS-'/usr/local/lib/R/site-library:/usr/local/lib/R/library:/usr/lib/R/library'}" >> /usr/local/lib/R/etc/Renviron \
   ## Set configured CRAN mirror
   && if [ -z "$BUILD_DATE" ]; then MRAN=$CRAN; \
    else MRAN=https://mran.microsoft.com/snapshot/${BUILD_DATE}; fi \
@@ -123,12 +78,8 @@ RUN apt-get update \
   && ln -s /usr/local/lib/R/site-library/littler/examples/install2.r /usr/local/bin/install2.r \
   && ln -s /usr/local/lib/R/site-library/littler/examples/installGithub.r /usr/local/bin/installGithub.r \
   && ln -s /usr/local/lib/R/site-library/littler/bin/r /usr/local/bin/r \
-  ## Clean up from R source install
-  && cd / \
+  ## Clean up
   && rm -rf /tmp/* \
-  && apt-get remove --purge -y $BUILDDEPS \
-  && apt-get autoremove -y \
-  && apt-get autoclean -y \
   && rm -rf /var/lib/apt/lists/*
 
 CMD ["R"]

rstudio/.gitlab-ci.yml

@@ -5,7 +5,7 @@ services:
 variables:
   DOCKER_DRIVER: overlay2
   DOCKER_TLS_CERTDIR: "/certs"
-  R_VERSION_UPDATE: "false"
+  R_VERSION_UPDATE: "true"
 
 before_script:
   - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

rstudio/add_shiny.sh

@@ -2,10 +2,10 @@
 
 ADD=${ADD:=none}
 
-## A script to add shiny to an rstudio-based rocker image.  
+## A script to add shiny to an rstudio-based rocker image.
 
 if [ "$ADD" == "shiny" ]; then
-  echo "Adding shiny server to container..."	
+  echo "Adding shiny server to container..."
   apt-get update && apt-get -y install \
     gdebi-core \
     libxt-dev && \
@@ -28,5 +28,5 @@ if [ "$ADD" == "shiny" ]; then
 fi
 
 if [ $"$ADD" == "none" ]; then
-       echo "Nothing additional to add"
-fi       
+  echo "Nothing additional to add"
+fi

rstudio/disable_auth_rserver.conf

@@ -2,4 +2,3 @@
 
 rsession-which-r=/usr/local/bin/R
 auth-none=1
-

rstudio/latest.Dockerfile

+ARG BASE_IMAGE=debian:bullseye
+ARG GIT_VERSION=2.32.0
+
+FROM registry.gitlab.b-data.ch/git/gsi/${GIT_VERSION}/${BASE_IMAGE} as gsi
+
 FROM registry.gitlab.b-data.ch/r/r-ver:4.1.1
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-ARG RSTUDIO_VERSION
-#ENV RSTUDIO_VERSION=${RSTUDIO_VERSION:-1.4.1717}
-ARG S6_VERSION
-ARG PANDOC_TEMPLATES_VERSION
-ENV S6_VERSION=${S6_VERSION:-v1.21.7.0}
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
+ARG RSTUDIO_VERSION=1.4.1717
+ARG S6_VERSION=v1.21.7.0
+ARG GIT_VERSION=2.32.0
+ARG PANDOC_TEMPLATES_VERSION=2.14.2
+
+ENV RSTUDIO_VERSION=${RSTUDIO_VERSION}
 ENV PATH=/usr/lib/rstudio-server/bin:$PATH
-ENV PANDOC_TEMPLATES_VERSION=${PANDOC_TEMPLATES_VERSION:-2.14.2}
+ENV S6_VERSION=${S6_VERSION}
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
+ENV GIT_VERSION=${GIT_VERSION}
+ENV PANDOC_TEMPLATES_VERSION=${PANDOC_TEMPLATES_VERSION}
+
+COPY --from=gsi /usr/local /usr/local
 
 ## Download and install RStudio server & dependencies
 ## Attempts to get detect latest version, otherwise falls back to version given in $VER
@@ -18,7 +28,6 @@ RUN apt-get update \
   && apt-get install -y --no-install-recommends \
     curl \
     file \
-    git \
     libapparmor1 \
     libclang-dev \
     libcurl4-openssl-dev \
@@ -32,32 +41,33 @@ RUN apt-get update \
     python-setuptools \
     sudo \
     wget \
+    ## Additional git runtime dependencies
+    libcurl3-gnutls \
+    liberror-perl \
+    ## Additional git runtime recommendations
+    less \
+    ssh-client \
   && if [ -z "$RSTUDIO_VERSION" ]; \
     then RSTUDIO_URL="https://www.rstudio.org/download/latest/stable/server/bionic/rstudio-server-latest-amd64.deb"; \
     else RSTUDIO_URL="http://download2.rstudio.org/server/bionic/amd64/rstudio-server-${RSTUDIO_VERSION}-amd64.deb"; fi \
   && wget -q $RSTUDIO_URL \
   && dpkg -i rstudio-server-*-amd64.deb \
   && rm rstudio-server-*-amd64.deb \
+  ## https://github.com/rocker-org/rocker-versioned2/issues/137
+  rm -f /var/lib/rstudio-server/secure-cookie-key \
   ## Symlink pandoc & standard pandoc templates for use system-wide
   && ln -s /usr/lib/rstudio-server/bin/pandoc/pandoc /usr/local/bin \
   && ln -s /usr/lib/rstudio-server/bin/pandoc/pandoc-citeproc /usr/local/bin \
   && git clone --recursive --branch ${PANDOC_TEMPLATES_VERSION} https://github.com/jgm/pandoc-templates \
+  && rm -rf /opt/pandoc/templates \
   && mkdir -p /opt/pandoc/templates \
   && cp -r pandoc-templates*/* /opt/pandoc/templates && rm -rf pandoc-templates* \
+  && rm -rf /root/.pandoc \
   && mkdir /root/.pandoc && ln -s /opt/pandoc/templates /root/.pandoc/templates \
   && apt-get clean \
-  && rm -rf /var/lib/apt/lists/ \
+  && rm -rf /var/lib/apt/lists/* \
   ## RStudio wants an /etc/R, will populate from $R_HOME/etc
   && mkdir -p /etc/R \
-  ## Write config files in $R_HOME/etc
-  && echo '\n\
-    \n# Configure httr to perform out-of-band authentication if HTTR_LOCALHOST \
-    \n# is not set since a redirect to localhost may not work depending upon \
-    \n# where this Docker container is running. \
-    \nif(is.na(Sys.getenv("HTTR_LOCALHOST", unset=NA))) { \
-    \n  options(httr_oob_default = TRUE) \
-    \n}' >> /usr/local/lib/R/etc/Rprofile.site \
-  && echo "PATH=${PATH}" >> /usr/local/lib/R/etc/Renviron \
   ## Need to configure non-root user for RStudio
   && useradd rstudio \
   && echo "rstudio:rstudio" | chpasswd \
@@ -65,7 +75,7 @@ RUN apt-get update \
 	&& chown rstudio:rstudio /home/rstudio \
 	&& addgroup rstudio staff \
   ## Prevent rstudio from deciding to use /usr/bin/R if a user apt-get installs a package
-  &&  echo 'rsession-which-r=/usr/local/bin/R' >> /etc/rstudio/rserver.conf \
+  && echo 'rsession-which-r=/usr/local/bin/R' >> /etc/rstudio/rserver.conf \
   ## use more robust file locking to avoid errors when using shared volumes:
   && echo 'lock-type=advisory' >> /etc/rstudio/file-locks \
   ## Set default branch name to main
@@ -82,12 +92,16 @@ RUN apt-get update \
   && mkdir -p /etc/services.d/rstudio \
   && echo '#!/usr/bin/with-contenv bash \
           \n## load /etc/environment vars first: \
-  		  \n for line in $( cat /etc/environment ) ; do export $line ; done \
-          \n exec /usr/lib/rstudio-server/bin/rserver --server-daemonize 0' \
+  		    \nfor line in $( cat /etc/environment ) ; do export $line > /dev/null; done \
+          \nexec /usr/lib/rstudio-server/bin/rserver --server-daemonize 0' \
           > /etc/services.d/rstudio/run \
   && echo '#!/bin/bash \
-          \n rstudio-server stop' \
+          \nrstudio-server stop' \
           > /etc/services.d/rstudio/finish \
+  && echo '[*] \
+          \nlog-level=warn \
+          \nlogger-type=stderr' \
+          > /etc/rstudio/logging.conf \
   && mkdir -p /home/rstudio/.rstudio/monitored/user-settings \
   && echo 'alwaysSaveHistory="0" \
           \nloadRData="0" \

rstudio/pam-helper.sh

-#!/usr/bin/env sh
+#!/bin/bash
+
+set -o nounset
 
 ## Enforces the custom password specified in the PASSWORD environment variable
 ## The accepted RStudio username is the same as the USER environment variable (i.e., local user name).
 
-set -o nounset
-
 IFS='' read -r password
 
 [ "${USER}" = "${1}" ] && [ "${PASSWORD}" = "${password}" ]

rstudio/userconf.sh

@@ -8,21 +8,15 @@ GROUPID=${GROUPID:=1000}
 ROOT=${ROOT:=FALSE}
 UMASK=${UMASK:=022}
 
-## Make sure RStudio inherits the full path
-echo "PATH=${PATH}" >> /usr/local/lib/R/etc/Renviron
-
 bold=$(tput bold)
 normal=$(tput sgr0)
 
-
 if [[ ${DISABLE_AUTH,,} == "true" ]]
 then
 	mv /etc/rstudio/disable_auth_rserver.conf /etc/rstudio/rserver.conf
 	echo "USER=$USER" >> /etc/environment
 fi
 
-
-
 if grep --quiet "auth-none=1" /etc/rstudio/rserver.conf
 then
 	echo "Skipping authentication as requested"
@@ -98,6 +92,27 @@ if [ "$UMASK" -ne 022 ]
     echo "Sys.umask(mode=$UMASK)" >> /home/$USER/.Rprofile
 fi
 
-## add these to the global environment so they are avialable to the RStudio user
-echo "HTTR_LOCALHOST=$HTTR_LOCALHOST" >> /etc/R/Renviron.site
-echo "HTTR_PORT=$HTTR_PORT" >> /etc/R/Renviron.site
+## Next one for timezone setup
+if [ "$TZ" !=  "Etc/UTC" ]
+  then
+    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+fi
+
+## Set our dynamic variables in Renviron.site to be reflected by RStudio
+exclude_vars="HOME PASSWORD"
+for file in /var/run/s6/container_environment/*
+do
+  sed -i "/^${file##*/}=/d" /usr/local/lib/R/etc/Renviron.site
+  regex="(^| )${file##*/}($| )"
+  [[ ! $exclude_vars =~ $regex ]] && echo "${file##*/}=$(cat $file)" >> /usr/local/lib/R/etc/Renviron.site || echo "skipping $file"
+done
+
+## Update Locale if needed
+if [ "$LANG" !=  "en_US.UTF-8" ]
+  then
+    /usr/sbin/locale-gen --lang $LANG
+    /usr/sbin/update-locale --reset LANG=$LANG
+fi
+
+## only file-owner (root) should read container_environment files:
+chmod 600 /var/run/s6/container_environment/*

verse/.gitlab-ci.yml

@@ -5,7 +5,7 @@ services:
 variables:
   DOCKER_DRIVER: overlay2
   DOCKER_TLS_CERTDIR: "/certs"
-  R_VERSION_UPDATE: "false"
+  R_VERSION_UPDATE: "true"
 
 before_script:
   - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

verse/latest.Dockerfile

@@ -19,7 +19,6 @@ RUN wget "https://travis-bin.yihui.name/texlive-local.deb" \
     fonts-roboto \
     ghostscript \
     lbzip2 \
-    less \
     libbz2-dev \
     libgl1-mesa-dev \
     libglu1-mesa-dev \
@@ -35,7 +34,6 @@ RUN wget "https://travis-bin.yihui.name/texlive-local.deb" \
     libnode-dev \
     libzmq3-dev \
     qpdf \
-    ssh \
     texinfo \
     vim \
   ## Install R package redland