viddya673 commented on code in PR #12337: URL: https://github.com/apache/cloudstack/pull/12337#discussion_r2706961223
########## tools/docker/Dockerfile.s390x: ########## @@ -0,0 +1,90 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# CloudStack-simulator build + +FROM ubuntu:22.04 + +LABEL Vendor="Apache.org" License="ApacheV2" Version="4.23.0.0-SNAPSHOT" Author="Apache CloudStack <[email protected]>" + +ARG DEBIAN_FRONTEND=noninteractive + +RUN apt-get -y update && apt-get install -y \ + genisoimage \ + libffi-dev \ + libssl-dev \ + curl \ + gcc-10 \ + git \ + sudo \ + ipmitool \ + iproute2 \ + maven \ + openjdk-11-jdk \ + python3-dev \ + python-is-python3 \ + python3-setuptools \ + python3-pip \ + python3-mysql.connector \ + python3-bcrypt \ + python3-cryptography \ + python3-cffi \ + supervisor + +RUN apt-get install -qqy mysql-server && \ + apt-get clean all && \ + mkdir -p /var/run/mysqld; \ + chown mysql /var/run/mysqld + +RUN echo '''sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION"''' >> /etc/mysql/mysql.conf.d/mysqld.cnf + +COPY tools/docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf +COPY . ./root +WORKDIR /root + +RUN mvn -Pdeveloper -Dsimulator -DskipTests clean install + +RUN find /var/lib/mysql -type f -exec touch {} \; && \ + (/usr/bin/mysqld_safe &) && \ + sleep 5; \ + mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by ''" --connect-expired-password; \ + mvn -Pdeveloper -pl developer -Ddeploydb; \ + mvn -Pdeveloper -pl developer -Ddeploydb-simulator; \ + MARVIN_FILE=`find /root/tools/marvin/dist/ -name "Marvin*.tar.gz"`; \ + rm -rf /usr/bin/s390x-linux-gnu-gcc && \ + ln -s /usr/bin/gcc-10 /usr/bin/s390x-linux-gnu-gcc; \ + pip3 install $MARVIN_FILE + +RUN apt-get install -y nodejs npm build-essential python3 g++ make && \ + bash + +RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.4/install.sh | bash && \ Review Comment: On s390x, installing Node.js via NVM remains the most reliable and supported option due to limited availability of distribution packages and inconsistent prebuilt Node.js binaries for this architecture. The installer is fetched from a pinned, immutable release tag (v0.39.4) over HTTPS from a widely used and publicly audited open‑source repository. The script executes only at image build time, introduces no runtime network dependency, and is not retained in the final image. Alternatives such as compiling Node.js or Python from source or maintaining custom vendor binaries would significantly increase image size, build time, and maintenance complexity, and would negatively impact reproducibility on s390x. Given these platform constraints and the controlled nature of the build process, retaining this installation method represents a measured and proportionate risk. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
