diff --git a/docker/Dockerfile b/docker/Dockerfile index 5ca36d1c13..f076173519 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -6,38 +6,47 @@ ARG BASEIMGTYPE=docker # https://github.com/hassio-addons/addon-debian-base/releases -FROM ghcr.io/hassio-addons/debian-base:6.2.3 AS base-hassio -# https://hub.docker.com/_/debian?tab=tags&page=1&name=bullseye -FROM debian:bullseye-20230208-slim AS base-docker +FROM ghcr.io/hassio-addons/debian-base:7.2.0 AS base-hassio +# https://hub.docker.com/_/debian?tab=tags&page=1&name=bookworm +FROM debian:12.2-slim AS base-docker FROM base-${BASEIMGTYPE} AS base ARG TARGETARCH ARG TARGETVARIANT +# Note that --break-system-packages is used below because +# https://peps.python.org/pep-0668/ added a safety check that prevents +# installing packages with the same name as a system package. This is +# not a problem for us because we are not concerned about overwriting +# system packages because we are running in an isolated container. + RUN \ apt-get update \ # Use pinned versions so that we get updates with build caching && apt-get install -y --no-install-recommends \ - python3=3.9.2-3 \ - python3-pip=20.3.4-4+deb11u1 \ - python3-setuptools=52.0.0-4 \ - python3-cryptography=3.3.2-1 \ - python3-venv=3.9.2-3 \ - iputils-ping=3:20210202-1 \ - git=1:2.30.2-1+deb11u2 \ - curl=7.74.0-1.3+deb11u10 \ - openssh-client=1:8.4p1-5+deb11u2 \ - python3-cffi=1.14.5-1 \ - libcairo2=1.16.0-5 \ + python3-pip=23.0.1+dfsg-1 \ + python3-setuptools=66.1.1-1 \ + python3-venv=3.11.2-1+b1 \ + python3-wheel=0.38.4-2 \ + iputils-ping=3:20221126-1 \ + git=1:2.39.2-1.1 \ + curl=7.88.1-10+deb12u4 \ + openssh-client=1:9.2p1-2+deb12u1 \ + python3-cffi=1.15.1-5 \ + libcairo2=1.16.0-7 \ patch=2.7.6-7; \ if [ "$TARGETARCH$TARGETVARIANT" = "armv7" ]; then \ apt-get install -y --no-install-recommends \ build-essential=12.9 \ - python3-dev=3.9.2-3 \ - zlib1g-dev=1:1.2.11.dfsg-2+deb11u2 \ - libjpeg-dev=1:2.0.6-4 \ - libfreetype-dev=2.10.4+dfsg-1+deb11u1; \ + python3-dev=3.11.2-1+b1 \ + zlib1g-dev=1:1.2.13.dfsg-1 \ + libjpeg-dev=1:2.1.5-2 \ + libfreetype-dev=2.12.1+dfsg-5 \ + libssl-dev=3.0.11-1~deb12u1 \ + libffi-dev=3.4.4-1 \ + cargo=0.66.0+ds1-1 \ + pkg-config=1.8.1-1; \ fi; \ rm -rf \ /tmp/* \ @@ -50,6 +59,7 @@ ENV \ # Store globally installed pio libs in /piolibs PLATFORMIO_GLOBALLIB_DIR=/piolibs + # Support legacy binaries on Debian multiarch system. There is no "correct" way # to do this, other than using properly built toolchains... # See: https://unix.stackexchange.com/questions/553743/correct-way-to-add-lib-ld-linux-so-3-in-debian @@ -60,8 +70,7 @@ RUN \ RUN \ # Ubuntu python3-pip is missing wheel - pip3 install --no-cache-dir \ - wheel==0.37.1 \ + pip3 install --break-system-packages --no-cache-dir \ platformio==6.1.11 \ # Change some platformio settings && platformio settings set enable_telemetry No \ @@ -70,9 +79,11 @@ RUN \ # First install requirements to leverage caching when requirements don't change +# tmpfs is for https://github.com/rust-lang/cargo/issues/8719 + COPY requirements.txt requirements_optional.txt script/platformio_install_deps.py platformio.ini / -RUN \ - pip3 install --no-cache-dir -r /requirements.txt -r /requirements_optional.txt \ +RUN --mount=type=tmpfs,target=/root/.cargo CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse CARGO_HOME=/root/.cargo \ + pip3 install --break-system-packages --no-cache-dir -r /requirements.txt -r /requirements_optional.txt \ && /platformio_install_deps.py /platformio.ini --libraries @@ -81,7 +92,7 @@ FROM base AS docker # Copy esphome and install COPY . /esphome -RUN pip3 install --no-cache-dir --no-use-pep517 -e /esphome +RUN pip3 install --break-system-packages --no-cache-dir --no-use-pep517 -e /esphome # Settings for dashboard ENV USERNAME="" PASSWORD="" @@ -110,7 +121,7 @@ RUN \ apt-get update \ # Use pinned versions so that we get updates with build caching && apt-get install -y --no-install-recommends \ - nginx-light=1.18.0-6.1+deb11u3 \ + nginx-light=1.22.1-9 \ && rm -rf \ /tmp/* \ /var/{cache,log}/* \ @@ -123,7 +134,7 @@ COPY docker/ha-addon-rootfs/ / # Copy esphome and install COPY . /esphome -RUN pip3 install --no-cache-dir --no-use-pep517 -e /esphome +RUN pip3 install --break-system-packages --no-cache-dir --no-use-pep517 -e /esphome # Labels LABEL \ @@ -146,20 +157,20 @@ RUN \ apt-get update \ # Use pinned versions so that we get updates with build caching && apt-get install -y --no-install-recommends \ - clang-format-13=1:13.0.1-6~deb11u1 \ - clang-tidy-11=1:11.0.1-2 \ + clang-format-13=1:13.0.1-11+b2 \ + clang-tidy-14=1:14.0.6-12 \ patch=2.7.6-7 \ - software-properties-common=0.96.20.2-2.1 \ - nano=5.4-2+deb11u2 \ + software-properties-common=0.99.30-4 \ + nano=7.2-1 \ build-essential=12.9 \ - python3-dev=3.9.2-3 \ + python3-dev=3.11.2-1+b1 \ && rm -rf \ /tmp/* \ /var/{cache,log}/* \ /var/lib/apt/lists/* COPY requirements_test.txt / -RUN pip3 install --no-cache-dir -r /requirements_test.txt +RUN pip3 install --break-system-packages --no-cache-dir -r /requirements_test.txt VOLUME ["/esphome"] WORKDIR /esphome diff --git a/requirements_optional.txt b/requirements_optional.txt index 236f5e3f13..40c27f8547 100644 --- a/requirements_optional.txt +++ b/requirements_optional.txt @@ -1,3 +1,3 @@ pillow==10.0.1 -cairosvg>=2.2.0 -cryptography>=2.0.0,<4 +cairosvg==2.7.1 +cryptography==41.0.4