# Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. # Ubuntu 20.04 (focal) # https://hub.docker.com/_/ubuntu/?tab=tags&name=focal # OS/ARCH: linux/amd64 ARG ROOT_CONTAINER=ubuntu:focal-20201008@sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956 ARG BASE_CONTAINER=$ROOT_CONTAINER FROM $BASE_CONTAINER LABEL maintainer="Jupyter Project " ARG NB_USER="jovyan" ARG NB_UID="1000" ARG NB_GID="100" # Fix DL4006 SHELL ["/bin/bash", "-o", "pipefail", "-c"] USER root # Miniforge installation # Default values can be overridden at build time # (ARGS are in lower case to distinguish them from ENV) # Check https://github.com/conda-forge/miniforge/releases # Conda version ARG conda_version="4.9.0" # Miniforge archive to install ARG miniforge_version="${conda_version}-3" # Miniforge installer and its checksum ARG miniforge_installer="Miniforge3-${miniforge_version}-Linux-x86_64.sh" ARG miniforge_checksum="29f0eb17dd02aceb0dfd4dad2654e974b1699baed06ee6d350b0ab4a2ccf3d02" # Install all OS dependencies for notebook server that starts but lacks all # features (e.g., download as all possible file formats) ENV DEBIAN_FRONTEND noninteractive RUN apt-get update \ && apt-get install -yq --no-install-recommends \ wget \ bzip2 \ ca-certificates \ sudo \ locales \ fonts-liberation \ run-one \ && apt-get clean && rm -rf /var/lib/apt/lists/* RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \ locale-gen # Configure environment ENV CONDA_DIR=/opt/conda \ SHELL=/bin/bash \ NB_USER=$NB_USER \ NB_UID=$NB_UID \ NB_GID=$NB_GID \ LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 ENV PATH=$CONDA_DIR/bin:$PATH \ HOME=/home/$NB_USER \ CONDA_VERSION="${conda_version}" # Copy a script that we will use to correct permissions after running certain commands COPY fix-permissions /usr/local/bin/fix-permissions RUN chmod a+rx /usr/local/bin/fix-permissions # Enable prompt color in the skeleton .bashrc before creating the default NB_USER # hadolint ignore=SC2016 RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc && \ # Add call to conda init script see https://stackoverflow.com/a/58081608/4413446 echo 'eval "$(command conda shell.bash hook 2> /dev/null)"' >> /etc/skel/.bashrc # Create NB_USER with name jovyan user with UID=1000 and in the 'users' group # and make sure these dirs are writable by the `users` group. RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \ sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \ sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \ useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \ mkdir -p $CONDA_DIR && \ chown $NB_USER:$NB_GID $CONDA_DIR && \ chmod g+w /etc/passwd && \ fix-permissions $HOME && \ fix-permissions $CONDA_DIR USER $NB_UID ARG PYTHON_VERSION=default # Setup work directory for backward-compatibility RUN mkdir "/home/$NB_USER/work" && \ fix-permissions "/home/$NB_USER" # Install conda as jovyan and check the sha256 sum provided on the download site WORKDIR /tmp RUN wget --quiet "https://github.com/conda-forge/miniforge/releases/download/${miniforge_version}/${miniforge_installer}" && \ echo "${miniforge_checksum} *${miniforge_installer}" | sha256sum --check && \ /bin/bash "${miniforge_installer}" -f -b -p $CONDA_DIR && \ rm "${miniforge_installer}" && \ # Conda configuration see https://conda.io/projects/conda/en/latest/configuration.html echo "conda ${CONDA_VERSION}" >> $CONDA_DIR/conda-meta/pinned && \ conda config --system --set auto_update_conda false && \ conda config --system --set show_channel_urls true && \ conda config --system --set channel_priority strict && \ if [ ! $PYTHON_VERSION = 'default' ]; then conda install --yes python=$PYTHON_VERSION; fi && \ conda list python | grep '^python ' | tr -s ' ' | cut -d '.' -f 1,2 | sed 's/$/.*/' >> $CONDA_DIR/conda-meta/pinned && \ conda install --quiet --yes "conda=${CONDA_VERSION}" && \ conda install --quiet --yes pip && \ conda update --all --quiet --yes && \ conda clean --all -f -y && \ rm -rf /home/$NB_USER/.cache/yarn && \ fix-permissions $CONDA_DIR && \ fix-permissions /home/$NB_USER # Install Tini RUN conda install --quiet --yes 'tini=0.18.0' && \ conda list tini | grep tini | tr -s ' ' | cut -d ' ' -f 1,2 >> $CONDA_DIR/conda-meta/pinned && \ conda clean --all -f -y && \ fix-permissions $CONDA_DIR && \ fix-permissions /home/$NB_USER # Install Jupyter Notebook, Lab, and Hub # Generate a notebook server config # Cleanup temporary files # Correct permissions # Do all this in a single RUN command to avoid duplicating all of the # files across image layers when the permissions change RUN conda install --quiet --yes \ 'notebook=6.1.4' \ 'jupyterhub=1.2.1' \ 'jupyterlab=2.2.9' && \ conda clean --all -f -y && \ npm cache clean --force && \ jupyter notebook --generate-config && \ rm -rf $CONDA_DIR/share/jupyter/lab/staging && \ rm -rf /home/$NB_USER/.cache/yarn && \ fix-permissions $CONDA_DIR && \ fix-permissions /home/$NB_USER EXPOSE 8888 # Configure container startup ENTRYPOINT ["tini", "-g", "--"] CMD ["start-notebook.sh"] # Copy local files as late as possible to avoid cache busting COPY start.sh start-notebook.sh start-singleuser.sh /usr/local/bin/ COPY jupyter_notebook_config.py /etc/jupyter/ # Fix permissions on /etc/jupyter as root USER root RUN fix-permissions /etc/jupyter/ # Switch back to jovyan to avoid accidental container runs as root USER $NB_UID WORKDIR $HOME