-
Notifications
You must be signed in to change notification settings - Fork 28
Expand file tree
/
Copy pathContainerfile.supervisor
More file actions
67 lines (57 loc) · 1.99 KB
/
Containerfile.supervisor
File metadata and controls
67 lines (57 loc) · 1.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
FROM quay.io/centos/centos:stream10
RUN dnf -y install epel-release \
&& dnf config-manager --set-enabled crb \
&& dnf -y update
# Install RH IT Root CAs for access to internal services
COPY files/Current-IT-Root-CAs.pem /etc/pki/ca-trust/source/anchors/
RUN update-ca-trust
RUN dnf -y install --allowerasing \
# Run time dependencies
krb5-workstation \
python3 \
python3-backoff \
python3-beautifulsoup4 \
python3-pip \
python3-nitrate \
python3-requests-gssapi \
python3-rpm \
python3-tomli-w \
python3-typer \
python3-koji \
# Build dependencies
gcc \
gcc-c++ \
python3-devel \
&& pip3 install -v --no-cache-dir \
"litellm!=1.82.7,!=1.82.8" \
beeai-framework[vertexai,mcp,duckduckgo]==0.1.79 \
google-cloud-aiplatform \
openinference-instrumentation-beeai \
arize-phoenix-otel \
redis \
specfile \
&& dnf -y remove gcc gcc-c++ python3-devel \
&& dnf clean all
# Verify no malicious litellm_init.pth was introduced by compromised litellm packages (e.g. 1.82.7, 1.82.8)
RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
if [ -n "$MALICIOUS" ]; then \
echo "SECURITY ALERT: malicious litellm_init.pth detected: $MALICIOUS"; \
exit 1; \
fi
# Create user
RUN useradd -m -G wheel beeai
# Copy required directories
# Individual directories are mounted as volumes in development
COPY ymir/agents/ /home/beeai/ymir/agents/
COPY ymir/tools/ /home/beeai/ymir/tools/
COPY ymir/common/ /home/beeai/ymir/common/
COPY ymir/supervisor/ /home/beeai/ymir/supervisor/
RUN chgrp -R root /home/beeai && chmod -R g+rX /home/beeai
COPY files/nitrate.conf /etc/nitrate.conf
RUN sed -i 's/^username[[:space:]]*=.*/username=anon/; s/^password[[:space:]]*=.*/password=whatever/' /etc/nitrate.conf
USER beeai
ENV HOME=/home/beeai
WORKDIR $HOME
# Set PYTHONPATH so ymir namespace package can be imported
ENV PYTHONPATH=$HOME:$PYTHONPATH
CMD ["/bin/bash"]