# # this was going down a rabbit-hole # # particularly with Apple M1 & aarch64 & QEMU # FROM alpine:latest # https://github.com/pytorch/serve #FROM pytorch/pytorch # pinned to 2.3.1, # also see 'assets/bootstrap' FROM pytorch/pytorch:2.3.1-cuda11.8-cudnn8-runtime RUN apt update && apt-get clean RUN set -ex && \ apt install -y sudo && \ apt-get clean COPY --chmod=0440 assets/linux/sudoers-sleepbotzz /etc/sudoers.d/sleepbotzz # User constraints # https://huggingface.co/docs/hub/spaces-sdks-docker#permissions RUN useradd -m -u 1000 -s /bin/bash sleepbotzz # secrets # https://huggingface.co/docs/hub/spaces-sdks-docker # https://docs.docker.com/build/building/secrets/ # https://docs.docker.com/reference/cli/docker/buildx/build/#secret # must be provided in `docker buildx` -- "ERROR: secret BUILD_USER_PASSWORD: not found" # precedent = ARG, secret # password # https://askubuntu.com/questions/752500/how-do-i-encrypt-a-new-users-password-using-the-useradd-command # received as clear text from HF secrets # encrypted with $6 (SHA-512) # direct use of `python` is to avoid escaping the '$'s ARG BUILD_USER_PASSWORD RUN --mount=type=secret,id=BUILD_USER_PASSWORD,mode=0444,required=true \ export BUILD_USER_PASSWORD="${BUILD_USER_PASSWORD:-$(cat /run/secrets/BUILD_USER_PASSWORD)}" ; \ usermod --password \ $(python -c "import crypt; import os; print(crypt.crypt(os.getenv('BUILD_USER_PASSWORD'), \"\$6\$$(