uc-cdis · paulineribeyre · Jan 31, 2025 · Feb 5, 2025 · Feb 5, 2025 · Feb 5, 2025
diff --git a/docker/orthanc/AmazonLinux2Dockerfile b/docker/orthanc/AmazonLinux2Dockerfile
@@ -1,92 +1,55 @@
-# ===> https://github.com/orthanc-server/orthanc-builder/blob/11d6930/docker/orthanc/Dockerfile.runner-base
-
-########################## orthanc-runner-base
+##################
+# The dockerfile below is copied+adapted from docker/orthanc/Dockerfile.runner-base
+##################
 
 # base image to build and execute orthanc.
 # This image should contain only the packages that are common to both !
 # The purpose of this intermediate image is to benefit from Docker cache.
-ARG BASE_DEBIAN_IMAGE=bookworm-20250113-slim
-FROM debian:$BASE_DEBIAN_IMAGE AS orthanc-runner-base
-
-# we had some issues with one of the mirror -> force it to the Belgian mirror
-# RUN rm /etc/apt/sources.list.d/debian.sources
-# RUN echo "deb http://ftp.be.debian.org/debian/ bookworm main" | tee /etc/apt/sources.list.d/belgium.mirror.list
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-  apt-get --assume-yes update && \
-  apt-get --assume-yes install python3 && \
-  apt-get --assume-yes install python3-pip && \
-  apt-get --assume-yes install ca-certificates && \
-  apt-get --assume-yes install tzdata && \
-  apt-get --assume-yes install locales && \
-  apt-get --assume-yes install libcurl4 && \
-  apt-get --assume-yes install libdcmtk17 && \
-  apt-get --assume-yes install libboost-log1.74.0 libboost-filesystem1.74.0 libboost-locale1.74.0 libboost-regex1.74.0 libboost-system1.74.0 libboost-thread1.74.0 libboost-iostreams1.74.0 && \
-  apt-get --assume-yes install libjpeg62-turbo && \
-  apt-get --assume-yes install libjsoncpp25 && \
-  apt-get --assume-yes install liblua5.4 && \
-  apt-get --assume-yes install libpng16-16 && \
-  apt-get --assume-yes install libpugixml1v5 && \
-  apt-get --assume-yes install libsqlite3-0 && \
-  apt-get --assume-yes install libssl3 && \
-  apt-get --assume-yes install libuuid1 && \
-  apt-get --assume-yes install lsb-base && \
-  apt-get --assume-yes install zlib1g && \
-  apt-get --assume-yes install libpq5 && \
-  apt-get --assume-yes install libmariadb3 && \
-  apt-get --assume-yes install unixodbc && \
-  apt-get --assume-yes install libopenslide0 && \
-  apt-get --assume-yes install libcrypto++ && \
-  apt-get --assume-yes install libcpprest && \
-  apt-get --assume-yes install libprotobuf32 && \
-  apt-get --assume-yes clean && \
-  rm --recursive --force /var/lib/apt/lists/*
+FROM 707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/amazonlinux-base:master AS orthanc-runner-base
+
+RUN dnf -y update && \
+    dnf -y install python3.11-devel \
+    ca-certificates tzdata \
+    libcurl-devel boost-devel libjpeg-turbo-devel \
+    jsoncpp-devel lua-devel libpng-devel sqlite-devel \
+    openssl-devel libuuid-devel unixODBC-devel \
+    protobuf-devel && \
+    dnf clean all
 
 # Make sure the en_US locale has been generated (required for
 # case-insensitive comparison of strings with accents)
-RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
-RUN locale-gen
+# (pauline 02/2025) The lines below don't work, but everything seems to work fine without this
+# RUN dnf -y install glibc-locale-source glibc-langpack-en
+# RUN localedef -i en_US -f UTF-8 en_US.UTF-8
 
-# ===> https://github.com/orthanc-server/orthanc-builder/blob/11d6930/docker/orthanc/Dockerfile.builder-base
+##################
+# The dockerfile below is copied+adapted from docker/orthanc/Dockerfile.builder-base
+##################
 
-########################## Orthanc builder base
 # image to compile Orthanc and its plugins dynamically
 FROM orthanc-runner-base AS orthanc-builder-base
 
-RUN export DEBIAN_FRONTEND=noninteractive
-RUN apt-get --assume-yes update
-RUN apt-get --assume-yes install wget
-RUN apt-get --assume-yes install build-essential
-RUN apt-get --assume-yes install unzip
-RUN apt-get --assume-yes install uuid-dev
-RUN apt-get --assume-yes install apt-utils
-RUN apt-get --assume-yes install libcurl4-openssl-dev
-RUN apt-get --assume-yes install curl
-RUN apt-get --assume-yes install apt-transport-https
-RUN apt-get --assume-yes install liblua5.4-dev
-RUN apt-get --assume-yes install libgtest-dev
-RUN apt-get --assume-yes install libpng-dev
-RUN apt-get --assume-yes install libsqlite3-dev
-RUN apt-get --assume-yes install libjpeg-dev zlib1g-dev libdcmtk-dev libboost-all-dev libwrap0-dev libcharls-dev libjsoncpp-dev libpugixml-dev
-RUN apt-get --assume-yes install git
-RUN apt-get --assume-yes install mercurial
-RUN apt-get --assume-yes install zip
-RUN apt-get --assume-yes install libpq-dev postgresql-server-dev-all
-RUN apt-get --assume-yes install python3-dev
-RUN apt-get --assume-yes install unixodbc-dev
-RUN apt-get --assume-yes install libgmock-dev
-RUN apt-get --assume-yes install protobuf-compiler
-# on recent Debian, the libmysql-dev package is not available anymore
-# and the MariaDbConfiguration.cmake does not handle it correctly -> use the downloaded mariadb_client
-RUN apt-get --assume-yes install default-libmysqlclient-dev
-# RUN apt-get --assume-yes install libmariadb-dev
-
-RUN apt-get --assume-yes install cmake
-RUN apt-get --assume-yes install awscli
-# for orthanc-stl plugin:
-RUN apt-get --assume-yes install libgl1-mesa-dev libxt-dev
-
-RUN apt-get --assume-yes install default-jdk
+RUN dnf -y update && \
+    dnf -y install wget unzip gcc gcc-c++ make cmake libuuid-devel \
+    ca-certificates tzdata libcurl-devel boost-devel \
+    libjpeg-turbo-devel zlib-devel git mercurial zip \
+    libpq libpq-devel postgresql-libs postgresql-devel \
+    protobuf-compiler aws-cli libpng-devel sqlite-devel \
+    lua-devel \
+    unixODBC-devel \
+    tar python-pip \
+    readline-devel libicu-devel openssl-devel \
+    java-11-amazon-corretto \
+    patch gtest gtest-devel && \
+    dnf clean all
+
+RUN wget https://ftp.postgresql.org/pub/source/v16.5/postgresql-16.5.tar.gz && tar -zxvf postgresql-16.5.tar.gz && cd postgresql-16.5 && ./configure --bindir=/usr/bin --with-openssl && make -C src/bin install && make -C src/include install &&  make -C src/interfaces install
+
+# install googletest, pugixml and cryptopp from source because the packages are not available
+# in this amazon linux 2 base image
+RUN git clone https://github.com/google/googletest.git && cd googletest && mkdir build && cd build && cmake .. && make && make install
+RUN git clone https://github.com/zeux/pugixml.git && cd pugixml && mkdir build && cd build && cmake .. && make && make install
+RUN git clone https://github.com/weidai11/cryptopp.git && cd cryptopp && make && make install
 
 # # install a recent cmake version (required later by recent vcpkg versions that we don't use now !)
 # WORKDIR /tmp
@@ -153,7 +116,9 @@ COPY build-or-download.sh /scripts
 
 # ARG STONE_INTERMEDIATE_TARGET=build-stone-viewer-amd64
 
-# ===> https://github.com/orthanc-server/orthanc-builder/blob/11d6930/docker/orthanc/Dockerfile
+##################
+# The dockerfile below is copied+adapted from docker/orthanc/Dockerfile
+##################
 
 # FROM orthanc-builder-base
 ARG ARG_AWS_ACCESS_KEY_ID
@@ -201,8 +166,6 @@ RUN /scripts/build-or-download.sh version=$STABLE_OR_UNSTABLE target=orthanc-gdc
 FROM orthanc-builder-base AS build-plugin-pg
 
 ARG ORTHANC_PG_COMMIT_ID
-# RUN echo debughere
-# RUN hg --debug clone "https://bitbucket.org/sjodogne/orthanc"
 RUN /scripts/build-or-download.sh version=$STABLE_OR_UNSTABLE target=orthanc-pg commitId=$ORTHANC_PG_COMMIT_ID baseImage=$PLATFORM/$BASE_IMAGE_TAG preferDownloads=$PREFER_DOWNLOADS enableUploads=$ENABLE_UPLOAD
 
 ########################## Orthanc MySQL
@@ -470,7 +433,10 @@ RUN if [[ ! -z "$TARGETPLATFORM" ]] && [[ "$TARGETPLATFORM" != "linux/amd64" ]];
 RUN chmod +x /usr/share/orthanc/plugins-available/*
 RUN chmod +x /usr/local/bin/*
 
-RUN pip install envsubst==0.1.5 --break-system-packages
+RUN dnf -y update && \
+    dnf -y install python-pip vim git libpq && \
+    dnf clean all
+RUN pip install envsubst==0.1.5
 
 # configure SSL for azure rest sdk (azure object storage plugin)
 ENV SSL_CERT_DIR=/etc/ssl/certs
@@ -489,16 +455,12 @@ COPY *.lua /lua-scripts/
 COPY test-aliveness.py /probes/
 
 
-# cleanup unnecessary packages that can trigger errors during security scan
-RUN apt purge --assume-yes build-essential perl bzip2 gnupg xdg-user-dirs && apt --assume-yes autoremove
-
-
-# always create an 'orthanc' group (gid=999) and an orthanc user (uid=999)
+# always create an 'orthanc' group (gid=1000) and an orthanc user (uid=1000)
 # and grants him all permissions on files that can be modified by the docker-entrypoint.sh
 # The default root users can still access these files too.
 # for the /etc/hostid -> we must make sure the file exists to grant the permission
-RUN groupadd --system orthanc --gid=999; \
-    useradd --system --gid=orthanc --uid=999 --home-dir=/var/lib/orthanc --shell=/bin/false orthanc; \
+RUN groupadd --system orthanc --gid=1000; \
+    useradd --system --gid=orthanc --uid=1000 --home-dir=/var/lib/orthanc --shell=/bin/false orthanc; \
     mkdir -p /var/lib/orthanc; \
     chown -R orthanc:orthanc /var/lib/orthanc; \
     chown -R orthanc:orthanc /tmp; \

diff --git a/docker/orthanc/build-or-download.sh b/docker/orthanc/build-or-download.sh
@@ -95,9 +95,12 @@ if [[ $target == "orthanc" ]]; then
 
         # note: building with static DCMTK while waiting for Debian bullseye to update to latest DCMTK issues (we need DCMTK 3.6.7: https://www.hipaajournal.com/warning-issued-about-3-high-severity-vulnerabilities-in-offis-dicom-software/)
         # also force latest OpenSSL (and therefore, we need to force static libcurl)
-        cmake -DALLOW_DOWNLOADS=ON -DCMAKE_BUILD_TYPE:STRING=Release -DSTANDALONE_BUILD=ON -DUSE_GOOGLE_TEST_DEBIAN_PACKAGE=ON -DUSE_SYSTEM_CIVETWEB=OFF -DUSE_SYSTEM_DCMTK=OFF -DUSE_SYSTEM_OPENSSL=OFF -DUSE_SYSTEM_CURL=OFF $sourcesRootPath/OrthancServer
+        # (pauline 02/2025) Setting `DUSE_GOOGLE_TEST_DEBIAN_PACKAGE` to `OFF` to fix error when
+        # the CI runs the tests: `Please install the libgtest-dev package`
+        cmake -DALLOW_DOWNLOADS=ON -DCMAKE_BUILD_TYPE:STRING=Release -DSTANDALONE_BUILD=ON -DUSE_GOOGLE_TEST_DEBIAN_PACKAGE=OFF -DUSE_SYSTEM_CIVETWEB=OFF -DUSE_SYSTEM_DCMTK=OFF -DUSE_SYSTEM_OPENSSL=OFF -DUSE_SYSTEM_CURL=OFF $sourcesRootPath/OrthancServer
         make -j 4
-        # HttpClient.Ssl and HttpClient.SslNoVerification are failing
+        # (pauline 02/2025) Commenting out unit tests to fix error when the CI runs the tests:
+        # `HttpClient.Ssl and HttpClient.SslNoVerification are failing`
         # $buildRootPath/UnitTests
 
         upload Orthanc
@@ -165,7 +168,10 @@ elif [[ $target == "orthanc-pg" ]]; then
 
         hg clone https://orthanc.uclouvain.be/hg/orthanc-databases/ -r $commitId $sourcesRootPath
         pushd $buildRootPath
-        cmake -DALLOW_DOWNLOADS=ON -DCMAKE_BUILD_TYPE:STRING=Release -DUSE_SYSTEM_GOOGLE_TEST=ON -DUSE_SYSTEM_ORTHANC_SDK=OFF  $sourcesRootPath/PostgreSQL
+        # (pauline 02/2025) Adding "-D PostgreSQL_TYPE_INCLUDE_DIR=`pg_config --includedir-server`"
+        # to fix error: `CMake Error: The following variables are used in this project, but they
+        # are set to NOTFOUND. PostgreSQL_TYPE_INCLUDE_DIR`
+        cmake -DALLOW_DOWNLOADS=ON -DCMAKE_BUILD_TYPE:STRING=Release -DUSE_SYSTEM_GOOGLE_TEST=ON -DUSE_SYSTEM_ORTHANC_SDK=OFF -D PostgreSQL_TYPE_INCLUDE_DIR=`pg_config --includedir-server` $sourcesRootPath/PostgreSQL
         make -j 4
 
         upload libOrthancPostgreSQLIndex.so