From 509c796f945f5f4339a6e7a9e8ffccecac5477f8 Mon Sep 17 00:00:00 2001
From: Florent Gluck <florent.gluck@hesge.ch>
Date: Fri, 23 Aug 2024 17:37:28 +0200
Subject: [PATCH] Simplified build process of live exam iso image

---
 live_exam_os/Dockerfile                       | 87 ++++++++++++-------
 live_exam_os/build_live_exam_iso              | 44 ++++++----
 live_exam_os/config/config                    |  6 +-
 live_exam_os/nexus_exam_builder/Dockerfile    | 12 ---
 .../nexus_exam_builder/build_nexus_exam       | 46 ----------
 5 files changed, 85 insertions(+), 110 deletions(-)
 delete mode 100644 live_exam_os/nexus_exam_builder/Dockerfile
 delete mode 100755 live_exam_os/nexus_exam_builder/build_nexus_exam

diff --git a/live_exam_os/Dockerfile b/live_exam_os/Dockerfile
index dbdbaf0e..4c9756fa 100644
--- a/live_exam_os/Dockerfile
+++ b/live_exam_os/Dockerfile
@@ -1,74 +1,97 @@
+#--------------------------------------------------------------------------------------------------------------------
+# Builder stage that generates nexus-exam
+
+FROM ubuntu:22.04 as nexus-exam-builder
+
+ARG base_dir
+ARG server_ip
+ARG server_port
+ARG cert
+ARG exam_user
+ARG exam_pwd
+
+WORKDIR /nexus
+COPY ${base_dir} .
+RUN apt-get update && apt-get install -y golang-go make ca-certificates libglfw3-dev libxcursor-dev libxinerama-dev libxi-dev libxxf86vm-dev upx-ucl
+RUN make build_nexus-exam SERVER=${server_ip}:${server_port} CERT=${cert} EXAM_USER=${exam_user} EXAM_PWD=${exam_pwd}
+
+#--------------------------------------------------------------------------------------------------------------------
+# Final builder stage that generates the live nexus-exam ISO image
+
 FROM debian:stable-slim
 
+ARG server_ip
+ARG server_port
+ARG cert
+ARG exam_user
+ARG exam_pwd
+
+COPY --from=nexus-exam-builder /nexus/build/nexus-exam config/
+
 RUN apt-get update && apt-get install -y \
       live-build \
       live-config \
   && rm -rf /var/lib/apt/lists/*
 
-ARG server_ip
-ARG server_port
-ARG config_dir
-#ARG nexus_cert
-
 WORKDIR /live-default
 
 ## Add live-cd additionnal packages
-ADD ${config_dir}/packages.list.chroot config/package-lists/
+ADD config/packages.list.chroot config/package-lists/
 
 ## Packages to be removed
-ADD ${config_dir}/9999-removepkg.hook.chroot config/hooks/live/
+ADD config/9999-removepkg.hook.chroot config/hooks/live/
 
 ## Add swiss-french keyboard config
-ADD ${config_dir}/keyboard/keyboard config/includes.chroot/etc/default/
+ADD config/keyboard/keyboard config/includes.chroot/etc/default/
 
 ## Run "nexus-exam" as soon as user logs in
-ADD ${config_dir}/nexus-exam config/includes.chroot/usr/local/bin/
-ADD ${config_dir}/nexus-exam.desktop config/includes.chroot/etc/xdg/autostart/
+ADD config/nexus-exam config/includes.chroot/usr/local/bin/
+ADD config/nexus-exam.desktop config/includes.chroot/etc/xdg/autostart/
 
 ## Run various X11 settings as soon as user logs in
-ADD ${config_dir}/x11/x11_settings.sh config/includes.chroot/usr/local/bin/
-ADD ${config_dir}/x11/x11_settings.desktop config/includes.chroot/etc/xdg/autostart/
+ADD config/x11/x11_settings.sh config/includes.chroot/usr/local/bin/
+ADD config/x11/x11_settings.desktop config/includes.chroot/etc/xdg/autostart/
 
 ## Systemd service to set various X11 settings (does not work - not sure why)
-# ADD ${config_dir}/systemd/x11_settings.sh config/includes.chroot/usr/local/bin/
+# ADD config/systemd/x11_settings.sh config/includes.chroot/usr/local/bin/
 # RUN chmod +x config/includes.chroot/usr/local/bin/x11_settings.sh
-# ADD ${config_dir}/systemd/x11_settings.service config/includes.chroot/etc/systemd/system/
+# ADD config/systemd/x11_settings.service config/includes.chroot/etc/systemd/system/
 
 # RUN mkdir config/includes.chroot/etc/skel/
 # RUN echo "export NEXUS_SERVER=${server_ip}\nexport NEXUS_CERT=/etc/ssl/certs/nexus-server.pem\n" >> config/includes.chroot/etc/skel/.xsessionrc
 
 ## Customize xfce4 desktop
-ADD ${config_dir}/xubuntu-development.png config/includes.chroot/usr/share/xfce4/backdrops/xubuntu-development.png
-ADD ${config_dir}/xfce/xfce4-desktop.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
-ADD ${config_dir}/xfce/xfce4-panel.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
-ADD ${config_dir}/xfce/xfce4-settings-manager.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
-ADD ${config_dir}/xfce/xfce4-power-manager.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
-ADD ${config_dir}/xfce/xfwm4.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xubuntu-development.png config/includes.chroot/usr/share/xfce4/backdrops/xubuntu-development.png
+ADD config/xfce/xfce4-desktop.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xfce/xfce4-panel.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xfce/xfce4-settings-manager.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xfce/xfce4-power-manager.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
+ADD config/xfce/xfwm4.xml config/includes.chroot/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
 
 ## Install i3 theme for xfwm4
-ADD ${config_dir}/themes config/includes.chroot/usr/share/themes/
+ADD config/themes config/includes.chroot/usr/share/themes/
 
 # Install syslinux (bios) cfg
-ADD ${config_dir}/bootloader/isolinux.cfg config/includes.binary/isolinux/isolinux.cfg
-ADD ${config_dir}/bootloader/isolinux_splash.png config/includes.binary/isolinux/splash.png
+ADD config/bootloader/isolinux.cfg config/includes.binary/isolinux/isolinux.cfg
+ADD config/bootloader/isolinux_splash.png config/includes.binary/isolinux/splash.png
 # Install grub (uefi) cfg
-ADD ${config_dir}/bootloader/grub_splash.png config/includes.binary/boot/grub/splash.png
-ADD ${config_dir}/bootloader/grub_config.cfg config/includes.binary/boot/grub/config.cfg
-ADD ${config_dir}/bootloader/isolinux_menu.cfg config/includes.binary/isolinux/menu.cfg
-ADD ${config_dir}/bootloader/isolinux_stdmenu.cfg config/includes.binary/isolinux/stdmenu.cfg
+ADD config/bootloader/grub_splash.png config/includes.binary/boot/grub/splash.png
+ADD config/bootloader/grub_config.cfg config/includes.binary/boot/grub/config.cfg
+ADD config/bootloader/isolinux_menu.cfg config/includes.binary/isolinux/menu.cfg
+ADD config/bootloader/isolinux_stdmenu.cfg config/includes.binary/isolinux/stdmenu.cfg
 
 # Install nexus server pub cert system wide
-#ADD ${config_dir}/${nexus_cert} config/includes.chroot/usr/share/ca-certificates/nexus-server/nexus-server.crt
+#ADD config/${nexus_cert} config/includes.chroot/usr/share/ca-certificates/nexus-server/nexus-server.crt
 
 # NTP server configuration
-ADD ${config_dir}/ntp/timesyncd.conf config/includes.chroot/etc/systemd/
+ADD config/ntp/timesyncd.conf config/includes.chroot/etc/systemd/
 
 # Firewall hook ran at boot time
-ADD ${config_dir}/boot_hooks/firewall config/includes.chroot/lib/live/config/9999-firewall
+ADD config/boot_hooks/firewall config/includes.chroot/lib/live/config/9999-firewall
 RUN echo "firewall ${server_ip} ${server_port}\n" >> config/includes.chroot/lib/live/config/9999-firewall
 
 # Install wifi connection
-ADD ${config_dir}/wifi/wifi.nmconnection config/includes.chroot/etc/NetworkManager/system-connections/
+ADD config/wifi/wifi.nmconnection config/includes.chroot/etc/NetworkManager/system-connections/
 RUN chmod 0600 config/includes.chroot/etc/NetworkManager/system-connections/wifi.nmconnection
 
 # script hook to set password for nexus user (pwd is "pipo")
@@ -83,7 +106,7 @@ RUN echo -n "#!/bin/sh\npasswd -d nexus\n" > config/includes.chroot/lib/live/con
     chmod 0750 config/includes.chroot/lib/live/config/0500-user-password.hook.chroot
 
 ## Add config directory
-ADD ${config_dir}/config auto/
+ADD config/config auto/
 
 RUN lb config
 
diff --git a/live_exam_os/build_live_exam_iso b/live_exam_os/build_live_exam_iso
index 35f3bcda..e36e73fc 100755
--- a/live_exam_os/build_live_exam_iso
+++ b/live_exam_os/build_live_exam_iso
@@ -1,10 +1,14 @@
 #!/bin/bash
 
-CONFIG_DIR=config
 TMP_CONTAINER_NAME=`echo $RANDOM | md5sum | head -c 20; echo;`
 IMG_SUFFIX=`echo $RANDOM | md5sum | head -c 8; echo;`
 DOCKER_IMG="nexus-live-exam-os_"$IMG_SUFFIX
 
+abort () {
+    echo "ABORT."
+    exit 1
+}
+
 usage () {
     app=`basename $0`
     echo "USAGE: $app -s IP -p PORT -c CERT -u USER -w PWD -o ISO" >&2
@@ -19,11 +23,28 @@ usage () {
 }
 
 build_docker_image () {
-    if docker buildx build . -t "$DOCKER_IMG" --build-arg config_dir=$CONFIG_DIR --build-arg server_ip=$SERVER_IP --build-arg server_port=$SERVER_PORT ; then
-        echo "Docker image \"$DOCKER_IMG\" sucessfully built"
-    else
-        echo "FAILED building docker image!" && abort
+    # Create temp directory where nexus-exam will be compiled
+    dir=tmp.dir.$$
+    mkdir $dir || abort
+    # Copy pub certificate
+    cp $CERT $dir || abort
+    # Copy Makefile and sources files
+    cp ../Makefile $dir || abort
+    cp -r ../src $dir || abort
+    cert_file=`basename $CERT`
+
+    # build context is ".." since we need access to the ../src directory in order to build nexus-exam
+    docker buildx build . -f Dockerfile -t "$DOCKER_IMG" --build-arg base_dir=$dir --build-arg server_ip=$SERVER_IP --build-arg server_port=$SERVER_PORT --build-arg cert=$cert_file --build-arg exam_user=$EXAM_USER --build-arg exam_pwd=$EXAM_PWD
+    build_status=$?
+
+    rm -rf $dir
+
+    if [ $build_status -ne 0 ] ; then
+        echo "FAILED building docker image!"
+        abort
     fi
+
+    echo "Docker image \"$DOCKER_IMG\" sucessfully built"
 }
 
 remove_image_and_tmp_container () {
@@ -38,11 +59,6 @@ remove_image_and_tmp_container () {
     docker rmi $DOCKER_IMG
 }
 
-abort () {
-    echo "ABORT."
-    exit 1
-}
-
 if [ $# -ne 12 ] ; then usage ; fi
 
 while getopts 's:p:c:u:w:o:' OPTION; do
@@ -59,12 +75,6 @@ done
 
 error=0
 
-echo "Building nexus-exam ..."
-
-# This script compiles and copies nexus-exam into the current dir
-nexus_exam_builder/build_nexus_exam $SERVER_IP:$SERVER_PORT $CERT $EXAM_USER $EXAM_PWD || abort
-mv nexus-exam $CONFIG_DIR || abort
-
 echo "Building nexus live exam OS image \"$ISO\" ..."
 echo "Using nexus-server @ $SERVER_IP:$SERVER_PORT"
 
@@ -80,7 +90,7 @@ else
 fi
 
 # Retrieve live-image from temporary container
-if docker cp $TMP_CONTAINER_NAME:/live-default/live-image-amd64.hybrid.iso $ISO ; then 
+if docker cp $TMP_CONTAINER_NAME:/live-default/live-image-amd64.iso $ISO ; then
     echo "Successfully extracted $ISO from $TMP_CONTAINER_NAME container"
 else
     error=1
diff --git a/live_exam_os/config/config b/live_exam_os/config/config
index a466f4c7..6f4de49d 100755
--- a/live_exam_os/config/config
+++ b/live_exam_os/config/config
@@ -1,14 +1,14 @@
 #!/bin/sh
 # https://live-team.pages.debian.net/live-manual/
 lb config noauto \
+     --system live \
      --architectures amd64 \
      --mode debian \
+     --bootloaders grub-efi \
      --parent-distribution bookworm \
      --distribution bookworm \
-     -b iso-hybrid \
-     --bootloaders grub-efi \
+     --binary-images iso \
      --color \
-     --uefi-secure-boot enable \
      --iso-application "HEPIA-ISC" \
      --iso-volume "nexus-live-exam" \
      --iso-publisher "HEPIA-ISC" \
diff --git a/live_exam_os/nexus_exam_builder/Dockerfile b/live_exam_os/nexus_exam_builder/Dockerfile
deleted file mode 100644
index cfb4ab5a..00000000
--- a/live_exam_os/nexus_exam_builder/Dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM ubuntu:22.04
-ARG server
-ARG exam_user
-ARG exam_pwd
-COPY . /nexus/
-WORKDIR /nexus
-RUN apt-get update && apt-get install -y golang-go make ca-certificates libglfw3-dev libxcursor-dev libxinerama-dev libxi-dev libxxf86vm-dev upx-ucl
-RUN echo $server > /server
-RUN echo $exam_user > /exam_user
-RUN echo $exam_pwd > /exam_pwd
-RUN make build_nexus-exam SERVER=$server CERT=/nexus/ca-cert.pem EXAM_USER=$exam_user EXAM_PWD=$exam_pwd
-RUN ["sh"]
diff --git a/live_exam_os/nexus_exam_builder/build_nexus_exam b/live_exam_os/nexus_exam_builder/build_nexus_exam
deleted file mode 100755
index ef098e30..00000000
--- a/live_exam_os/nexus_exam_builder/build_nexus_exam
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/bash
-
-# Compiles nexus-exam in a container and copies it into the current directory.
-
-appname=`basename $0`
-prefix=`dirname $0`
-dir=tmp.dir.$$
-
-abort() {
-    cd ..
-    if [ -d $dir ]; then
-        rm -rf $dir
-    fi
-    echo "Aborted." >&2
-    exit 1
-}
-
-if [ $# -ne 4 ]; then
-    echo "Build nexus-exam" >&2
-    echo "Usage: $appname SERVER CERTFILE EXAM_USER EXAM_PWD" >&2
-    echo "Example:" >&2
-    echo "$appname 127.0.0.1:1077 \$HOME/nexus-server/certs/ca-cert.pem exam@nexus.org '12345678'" >&2
-    exit 1
-fi
-
-SERVER=$1
-CERT=$2
-EXAM_USER=$3
-EXAM_PWD=$4
-
-pushd .
-
-mkdir $prefix/$dir || abort
-cd $prefix/$dir || abort
-cp $CERT . || abort
-cp ../../../Makefile . || abort
-cp -r ../../../src . || abort
-docker buildx build -f ../Dockerfile . -t nexus-exam --build-arg server=$SERVER --build-arg exam_user=$EXAM_USER --build-arg exam_pwd=$EXAM_PWD || abort
-docker run --name nexus-exam nexus-exam
-
-popd
-rm -rf $prefix/$dir
-
-docker cp nexus-exam:/nexus/build/nexus-exam .
-docker rm nexus-exam
-docker rmi nexus-exam
-- 
GitLab