@@ -34,19 +34,21 @@ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target
3434 && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | \
3535 xargs apt-get install -y --no-install-recommends \
3636 # Include the Cisco Umbrella PKI Root
37- && wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem \
37+ && wget --no-hsts - qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem \
3838 && update-ca-certificates \
39- # Install some tools via pip to get more recent versions
40- && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir --no-compile -r /tmp/requirements.txt
39+ # Install some tools via pip to get more recent versions, clean up afterwards
40+ && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir --no-compile -r /tmp/requirements.txt \
41+ && find / -regex '^.*\( __pycache__\|\. py[co]\) $' -delete \
42+ && rm -rf "$(pip cache dir)"
4143
4244# Install clang toolchain and mull mutation testing framework
4345RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \
4446 --mount=type=cache,target=/var/cache/apt,sharing=locked \
4547 --mount=type=cache,target=/var/lib/apt,sharing=locked \
4648 --mount=type=cache,target=/var/log,sharing=locked \
4749 --mount=type=cache,target=/tmp,sharing=locked,mode=1777 \
48- wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \
49- && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \
50+ wget --no-hsts - qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \
51+ && wget --no-hsts - qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \
5052 && UBUNTU_CODENAME=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2) \
5153 && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot-keyring.gpg] http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main" | tee /etc/apt/sources.list.d/llvm.list > /dev/null \
5254 && echo "deb [signed-by=/usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/mull-project/mull-stable/deb/ubuntu ${UBUNTU_CODENAME} main" | tee /etc/apt/sources.list.d/mull-project-mull-stable.list > /dev/null \
@@ -56,23 +58,23 @@ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,targe
5658
5759# Install arm-gcc toolchain
5860RUN mkdir /opt/gcc-arm-none-eabi \
59- && wget -qO - "https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-$(uname -m)-arm-none-eabi.tar.xz" | tar --exclude='*arm-none-eabi-gdb*' --exclude='share' --strip-components=1 -xJC /opt/gcc-arm-none-eabi
61+ && wget --no-hsts - qO - "https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-$(uname -m)-arm-none-eabi.tar.xz" | tar --exclude='*arm-none-eabi-gdb*' --exclude='share' --strip-components=1 -xJC /opt/gcc-arm-none-eabi
6062
6163# Install bats
6264RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \
63- && wget -qO - https://github.com/bats-core/bats-core/archive/refs/tags/v${BATS_VERSION}.tar.gz | tar xz -C "${batstmp}" \
65+ && wget --no-hsts - qO - https://github.com/bats-core/bats-core/archive/refs/tags/v${BATS_VERSION}.tar.gz | tar xz -C "${batstmp}" \
6466 && bash "${batstmp}/bats-core-${BATS_VERSION}/install.sh" /usr/local \
6567 && rm -rf "${batstmp}" \
6668 && git -C /usr/local clone -b v0.3.0 https://github.com/bats-core/bats-support.git \
6769 && git -C /usr/local clone -b v2.1.0 https://github.com/bats-core/bats-assert.git
6870
6971# Install xwin
70- RUN wget -qO - "https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl.tar.gz" | tar -xzv -C /usr/local/bin --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin"
72+ RUN wget --no-hsts - qO - "https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl.tar.gz" | tar -xzv -C /usr/local/bin --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin"
7173
7274# Compile and install additional clang tools; often necessary as binary arm64 builds are lacking, or packages are out-of-date
7375# Install ccache from source for a recent version
7476RUN --mount=type=cache,target=/cache,sharing=locked \
75- wget -qO - https://github.com/ccache/ccache/archive/refs/tags/v${CCACHE_VERSION}.tar.gz | tar xz -C /tmp \
77+ wget --no-hsts - qO - https://github.com/ccache/ccache/archive/refs/tags/v${CCACHE_VERSION}.tar.gz | tar xz -C /tmp \
7678 && CC=clang CXX=clang++ cmake -DCMAKE_BUILD_TYPE=Release -DENABLE_TESTING=Off -DENABLE_DOCUMENTATION=Off -S /tmp/ccache-${CCACHE_VERSION} -B /tmp/ccache-${CCACHE_VERSION}/build \
7779 && cmake --build /tmp/ccache-${CCACHE_VERSION}/build --target install \
7880 && rm -rf /tmp/ccache-${CCACHE_VERSION}
@@ -83,7 +85,7 @@ RUN --mount=type=cache,target=/cache,sharing=locked \
8385 --mount=type=cache,target=/var/cache/apt,sharing=locked \
8486 --mount=type=cache,target=/var/lib/apt,sharing=locked \
8587 apt-get update && apt-get install -y --no-install-recommends libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev \
86- && wget -qO - https://github.com/include-what-you-use/include-what-you-use/archive/refs/tags/${INCLUDE_WHAT_YOU_USE_VERSION}.tar.gz | tar xz -C /tmp \
88+ && wget --no-hsts - qO - https://github.com/include-what-you-use/include-what-you-use/archive/refs/tags/${INCLUDE_WHAT_YOU_USE_VERSION}.tar.gz | tar xz -C /tmp \
8789 && CC=clang CXX=clang++ cmake -S /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} -B /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build \
8890 && cmake --build /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build --target install \
8991 && rm -rf /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} \
@@ -110,6 +112,6 @@ RUN --mount=type=cache,target=/var/log,sharing=locked \
110112# - Install CPM.cmake to the CMake module path
111113# - Configure a default profile for Conan and set the CMake generator to Ninja
112114RUN --mount=type=cache,target=/cache,sharing=locked \
113- wget -qP /usr/local/lib/python*/dist-packages/cmake/data/share/cmake-*/Modules/ https://github.com/cpm-cmake/CPM.cmake/releases/download/v${CPM_VERSION}/CPM.cmake \
115+ wget --no-hsts - qP /usr/local/lib/python*/dist-packages/cmake/data/share/cmake-*/Modules/ https://github.com/cpm-cmake/CPM.cmake/releases/download/v${CPM_VERSION}/CPM.cmake \
114116 && conan profile detect \
115117 && echo -e "\n [conf]\n tools.cmake.cmaketoolchain:generator=Ninja" >> "$(conan profile path default)"
0 commit comments