mirror of
https://github.com/mikenye/docker-picard.git
synced 2026-04-19 12:54:12 +02:00
179 lines
7.6 KiB
Docker
179 lines
7.6 KiB
Docker
FROM golang:1 AS trivy_builder
|
|
|
|
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
|
|
|
RUN set -x && \
|
|
git clone --depth=1 https://github.com/aquasecurity/trivy /src/trivy && \
|
|
pushd /src/trivy/cmd/trivy && \
|
|
go build
|
|
|
|
FROM jlesage/baseimage-gui:ubuntu-18.04
|
|
|
|
ENV URL_PICARD_REPO="https://github.com/metabrainz/picard.git" \
|
|
URL_CHROMAPRINT_REPO="https://github.com/acoustid/chromaprint.git" \
|
|
URL_GOOGLETEST_REPO="https://github.com/google/googletest.git"
|
|
|
|
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
|
|
|
COPY rootfs/ /
|
|
COPY --from=trivy_builder /src/trivy/cmd/trivy/trivy /src/trivy
|
|
|
|
RUN set -x && \
|
|
# Define package arrays
|
|
# TEMP_PACKAGES are packages that will only be present in the image during container build
|
|
# KEPT_PACKAGES will remain in the image
|
|
TEMP_PACKAGES=() && \
|
|
KEPT_PACKAGES=() && \
|
|
# Install software-properties-common so we can use add-apt-repository
|
|
TEMP_PACKAGES+=(software-properties-common) && \
|
|
apt-get update && \
|
|
apt-get install -y --no-install-recommends \
|
|
${KEPT_PACKAGES[@]} \
|
|
${TEMP_PACKAGES[@]} \
|
|
&& \
|
|
# Install pip to allow install of Picard dependencies
|
|
TEMP_PACKAGES+=(python3-pip) && \
|
|
TEMP_PACKAGES+=(python3-setuptools) && \
|
|
TEMP_PACKAGES+=(python3-wheel) && \
|
|
# Install git to allow clones of git repos
|
|
TEMP_PACKAGES+=(git) && \
|
|
# Install build tools to allow building
|
|
TEMP_PACKAGES+=(build-essential) && \
|
|
TEMP_PACKAGES+=(cmake) && \
|
|
# Install Chromaprint dependencies
|
|
KEPT_PACKAGES+=(ffmpeg) && \
|
|
TEMP_PACKAGES+=(libswresample-dev) && \
|
|
KEPT_PACKAGES+=(libswresample2) && \
|
|
TEMP_PACKAGES+=(libfftw3-dev) && \
|
|
KEPT_PACKAGES+=(libfftw3-3) && \
|
|
TEMP_PACKAGES+=(libavcodec-dev) && \
|
|
KEPT_PACKAGES+=(libavcodec57) && \
|
|
TEMP_PACKAGES+=(libavformat-dev) && \
|
|
KEPT_PACKAGES+=(libavformat57) && \
|
|
# Install Picard dependencies
|
|
TEMP_PACKAGES+=(python3-dev) && \
|
|
TEMP_PACKAGES+=(libdiscid-dev) && \
|
|
KEPT_PACKAGES+=(libdiscid0) && \
|
|
KEPT_PACKAGES+=(libxcb-icccm4) && \
|
|
KEPT_PACKAGES+=(libxcb-keysyms1) && \
|
|
KEPT_PACKAGES+=(libxcb-randr0) && \
|
|
KEPT_PACKAGES+=(libxcb-render-util0) && \
|
|
KEPT_PACKAGES+=(libxcb-xinerama0) && \
|
|
KEPT_PACKAGES+=(libxcb-image0) && \
|
|
KEPT_PACKAGES+=(libxcb-xkb1) && \
|
|
KEPT_PACKAGES+=(libxkbcommon-x11-0) && \
|
|
KEPT_PACKAGES+=(gettext) && \
|
|
KEPT_PACKAGES+=(locales) && \
|
|
KEPT_PACKAGES+=(chromium-browser) && \
|
|
# Package below fixes: issue #42
|
|
KEPT_PACKAGES+=(libgtk-3-0) && \
|
|
KEPT_PACKAGES+=(fonts-takao) && \
|
|
KEPT_PACKAGES+=(fonts-takao-mincho) && \
|
|
KEPT_PACKAGES+=(wget) && \
|
|
KEPT_PACKAGES+=(ca-certificates) && \
|
|
# Install Picard optical drive dependencies
|
|
KEPT_PACKAGES+=(lsscsi) && \
|
|
# Install Picard Media Player dependencies
|
|
KEPT_PACKAGES+=(gstreamer1.0-plugins-good) && \
|
|
KEPT_PACKAGES+=(gstreamer1.0-libav) && \
|
|
KEPT_PACKAGES+=(libpulse-mainloop-glib0) && \
|
|
KEPT_PACKAGES+=(libqt5multimedia5-plugins) && \
|
|
KEPT_PACKATES+=(libavcodec57) && \
|
|
# Install Chrome dependencies
|
|
KEPT_PACKAGES+=(dbus-x11) && \
|
|
KEPT_PACKAGES+=(uuid-runtime) && \
|
|
# Install Picard plugin dependencies
|
|
KEPT_PACKAGES+=(python3-aubio) && \
|
|
KEPT_PACKAGES+=(python-aubio) && \
|
|
KEPT_PACKAGES+=(aubio-tools) && \
|
|
KEPT_PACKAGES+=(flac) && \
|
|
KEPT_PACKAGES+=(vorbisgain) && \
|
|
KEPT_PACKAGES+=(wavpack) && \
|
|
add-apt-repository -y ppa:flexiondotorg/audio && \
|
|
KEPT_PACKAGES+=(mp3gain) && \
|
|
# Security updates / fix for issue #37 (https://github.com/mikenye/docker-picard/issues/37)
|
|
TEMP_PACKAGES+=(jq) && \
|
|
# Install packages
|
|
apt-get update && \
|
|
apt-get install -y --no-install-recommends \
|
|
${KEPT_PACKAGES[@]} \
|
|
${TEMP_PACKAGES[@]} \
|
|
&& \
|
|
git config --global advice.detachedHead false && \
|
|
# Clone googletest (required for build of Chromaprint)
|
|
git clone "$URL_GOOGLETEST_REPO" /src/googletest && \
|
|
pushd /src/googletest && \
|
|
BRANCH_GOOGLETEST=$(git tag --sort="-creatordate" | grep 'release-' | head -1) && \
|
|
git checkout "tags/${BRANCH_GOOGLETEST}" && \
|
|
echo "$BRANCH_GOOGLETEST" >> /VERSIONS && \
|
|
popd && \
|
|
# Clone Chromaprint repo & checkout latest version
|
|
git clone "$URL_CHROMAPRINT_REPO" /src/chromaprint && \
|
|
pushd /src/chromaprint && \
|
|
BRANCH_CHROMAPRINT=$(git tag --sort="-creatordate" | head -1) && \
|
|
git checkout "tags/${BRANCH_CHROMAPRINT}" && \
|
|
cmake \
|
|
-DCMAKE_BUILD_TYPE=Release \
|
|
-DBUILD_TOOLS=ON \
|
|
-DBUILD_TESTS=ON \
|
|
-DGTEST_SOURCE_DIR=/src/googletest/googletest \
|
|
-DGTEST_INCLUDE_DIR=/src/googletest/googletest/include . \
|
|
&& \
|
|
make && \
|
|
make check && \
|
|
make install && \
|
|
echo "$BRANCH_CHROMAPRINT" >> /VERSIONS && \
|
|
popd && \
|
|
# Clone Picard repo & checkout latest version
|
|
git clone "$URL_PICARD_REPO" /src/picard && \
|
|
pushd /src/picard && \
|
|
BRANCH_PICARD=$(git tag --sort="-creatordate" | head -1) && \
|
|
git checkout "tags/${BRANCH_PICARD}" && \
|
|
# Fix for: https://stackoverflow.com/questions/59768179/pip-raise-filenotfounderror-errno-2-no-such-file-or-directory-tmp-pip-inst?noredirect=1&lq=1
|
|
sed -i 's/PyQt5>=5.7.1/PyQt5>=5.11/g' ./requirements.txt && \
|
|
# Install Picard requirements
|
|
python3 -m pip install --no-cache-dir --upgrade pip && \
|
|
python3 -m pip install --no-cache-dir -r requirements.txt && \
|
|
python3 -m pip install --no-cache-dir discid python-libdiscid && \
|
|
locale-gen en_US.UTF-8 && \
|
|
export LC_ALL=C.UTF-8 && \
|
|
# Build & install Picard
|
|
python3 setup.py build && \
|
|
python3 setup.py build_ext -i && \
|
|
python3 setup.py build_locales -i && \
|
|
python3 setup.py test && \
|
|
python3 setup.py install && \
|
|
mkdir -p /tmp/run/user/app && \
|
|
chmod 0700 /tmp/run/user/app && \
|
|
if picard -v 2>&1 | grep -c error; then exit 1; fi && \
|
|
picard -v | cut -d ' ' -f 2- >> /VERSIONS && \
|
|
popd && \
|
|
# Update OpenBox config
|
|
sed -i 's/<application type="normal">/<application type="normal" title="MusicBrainz Picard">/' /etc/xdg/openbox/rc.xml && \
|
|
sed -i '/<decor>no<\/decor>/d' /etc/xdg/openbox/rc.xml && \
|
|
# Update chromium-browser config
|
|
sed -i 's/Exec=chromium-browser/Exec=chromium-browser --no-sandbox --disable-dev-shm-usage --disable-gpu --disable-software-rasterizer --log-level=3/g' /usr/share/applications/chromium-browser.desktop && \
|
|
# Symlink for fpcalc (issue #32)
|
|
ln -s /usr/local/bin/fpcalc /usr/bin/fpcalc && \
|
|
# Add optical drive script from jlesage/docker-handbrake
|
|
git clone https://github.com/jlesage/docker-handbrake.git /src/docker-handbrake && \
|
|
cp -v /src/docker-handbrake/rootfs/etc/cont-init.d/95-check-optical-drive.sh /etc/cont-init.d/95-check-optical-drive.sh && \
|
|
# Security updates / fix for issue #37 (https://github.com/mikenye/docker-picard/issues/37)
|
|
/src/trivy --cache-dir /tmp/trivy fs --vuln-type os -f json --ignore-unfixed --no-progress -o /tmp/trivy.out / && \
|
|
apt-get install -y --no-install-recommends $(jq .[].Vulnerabilities < /tmp/trivy.out | grep '"PkgName":' | tr -s ' ' | cut -d ':' -f 2 | tr -d ' ",' | uniq) && \
|
|
# Clean-up
|
|
apt-get remove -y ${TEMP_PACKAGES[@]} && \
|
|
apt-get autoremove -y && \
|
|
rm -rf /src/* /tmp/* /var/lib/apt/lists/* && \
|
|
find /var/log -type f -exec truncate --size=0 {} \; && \
|
|
# Install Chinese Fonts
|
|
wget https://github.com/micmro/Stylify-Me/blob/master/.fonts/SimSun.ttf?raw=true -O /usr/share/fonts/SimSun.ttf && \
|
|
fc-cache && \
|
|
# Capture picard version
|
|
picard -V | grep Picard | cut -d ',' -f 1 | cut -d ' ' -f 2 | tr -d ' ' > /CONTAINER_VERSION
|
|
|
|
ENV APP_NAME="MusicBrainz Picard" \
|
|
LC_ALL="en_US.UTF-8" \
|
|
LANG="en_US.UTF-8" \
|
|
LANGUAGE="en_US.UTF-8"
|