update base image and fix errors

docker-bits/0_Rocker.Dockerfile

@@ -1,6 +1,6 @@
 # Rocker/geospatial is tagged by R version number.  They are not clear on whether they'll change those tagged
 # images for hotfixes, so always pin tag and digest to prevent unexpected upstream changes
-FROM rocker/geospatial:4.2.1@sha256:5caca36b8962233f8636540b7c349d3f493f09e864b6e278cb46946ccf60d4d2
+FROM rocker/geospatial:dev-osgeo@sha256:17a7181bdfa3cdb291340d4f47469715e5e2c30ba31f35419e8b0676cacd72cd
 
 # For compatibility with docker stacks
 ARG NB_USER="jovyan"

docker-bits/6_remote-desktop.Dockerfile

@@ -11,14 +11,14 @@ RUN chmod +x /usr/bin/clean-layer.sh
 
 ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get -y update \
- && apt-get install -y dbus-x11 \
+    && apt-get install -y dbus-x11 \
     xfce4 \
     xfce4-panel \
     xfce4-session \
     xfce4-settings \
     xorg \
     xubuntu-icon-theme \
- && clean-layer.sh
+    && clean-layer.sh
 
 ENV RESOURCES_PATH="/resources"
 RUN mkdir $RESOURCES_PATH
@@ -67,7 +67,7 @@ RUN \
     # Install nautilus and support for sftp mounting
     apt-get install -y --no-install-recommends nautilus gvfs-backends && \
     # Install gigolo - Access remote systems
-    apt-get install -y --no-install-recommends gigolo gvfs-bin && \
+    apt-get install -y --no-install-recommends gigolo gvfs && \
     # xfce systemload panel plugin - needs to be activated
     apt-get install -y --no-install-recommends xfce4-systemload-plugin && \
     # Leightweight ftp client that supports sftp, http, ...
@@ -83,99 +83,100 @@ RUN \
     apt-get install -y sudo apt-utils && \
     apt-get upgrade -y && \
     apt-get install -y --no-install-recommends \
-        # This is necessary for apt to access HTTPS sources:
-        apt-transport-https \
-        gnupg-agent \
-        gpg-agent \
-        gnupg2 \
-        ca-certificates \
-        build-essential \
-        pkg-config \
-        software-properties-common \
-        lsof \
-        net-tools \
-        libcurl4 \
-        curl \
-        wget \
-        cron \
-        openssl \
-        iproute2 \
-        psmisc \
-        tmux \
-        dpkg-sig \
-        uuid-dev \
-        csh \
-        xclip \
-        clinfo \
-        libgdbm-dev \
-        libncurses5-dev \
-        gawk \
-        # Simplified Wrapper and Interface Generator (5.8MB) - required by lots of py-libs
-        swig \
-        # Graphviz (graph visualization software) (4MB)
-        graphviz libgraphviz-dev \
-        # Terminal multiplexer
-        screen \
-        # Editor
-        nano \
-        # Find files, already have catfish remove?
-        locate \
-        # XML Utils
-        xmlstarlet \
-        #  R*-tree implementation - Required for earthpy, geoviews (3MB)
-        libspatialindex-dev \
-        # Search text and binary files
-        yara \
-        # Minimalistic C client for Redis
-        libhiredis-dev \
-        libleptonica-dev \
-        # GEOS library (3MB)
-        libgeos-dev \
-        # style sheet preprocessor
-        less \
-        # Print dir tree
-        tree \
-        # Bash autocompletion functionality
-        bash-completion \
-        # ping support
-        iputils-ping \
-        # Json Processor
-        jq \
-        rsync \
-        # VCS:
-        subversion \
-        jed \
-        git \
-        git-gui \
-        # odbc drivers
-        unixodbc unixodbc-dev \
-        # Image support
-        libtiff-dev \
-        libjpeg-dev \
-        libpng-dev \
-        # protobuffer support
-        protobuf-compiler \
-        libprotobuf-dev \
-        libprotoc-dev \
-        autoconf \
-        automake \
-        libtool \
-        cmake  \
-        fonts-liberation \
-        google-perftools \
-        # Compression Libs
-        zip \
-        gzip \
-        unzip \
-        bzip2 \
-        lzop \
-        libarchive-tools \
-        zlibc \
-        # unpack (almost) everything with one command
-        unp \
-        libbz2-dev \
-        liblzma-dev \
-        zlib1g-dev && \
+    # This is necessary for apt to access HTTPS sources:
+    apt-transport-https \
+    gnupg-agent \
+    gpg-agent \
+    gnupg2 \
+    ca-certificates \
+    build-essential \
+    pkg-config \
+    software-properties-common \
+    lsof \
+    net-tools \
+    libcurl4 \
+    curl \
+    wget \
+    cron \
+    openssl \
+    iproute2 \
+    psmisc \
+    tmux \
+    dpkg-sig \
+    uuid-dev \
+    csh \
+    xclip \
+    clinfo \
+    libgdbm-dev \
+    libncurses5-dev \
+    gawk \
+    # Simplified Wrapper and Interface Generator (5.8MB) - required by lots of py-libs
+    swig \
+    # Graphviz (graph visualization software) (4MB)
+    graphviz libgraphviz-dev \
+    # Terminal multiplexer
+    screen \
+    # Editor
+    nano \
+    # Find files, already have catfish remove?
+    locate \
+    # XML Utils
+    xmlstarlet \
+    #  R*-tree implementation - Required for earthpy, geoviews (3MB)
+    libspatialindex-dev \
+    # Search text and binary files
+    yara \
+    # Minimalistic C client for Redis
+    libhiredis-dev \
+    libleptonica-dev \
+    # GEOS library (3MB)
+    libgeos-dev \
+    # style sheet preprocessor
+    less \
+    # Print dir tree
+    tree \
+    # Bash autocompletion functionality
+    bash-completion \
+    # ping support
+    iputils-ping \
+    # Json Processor
+    jq \
+    rsync \
+    # VCS:
+    subversion \
+    jed \
+    git \
+    git-gui \
+    # odbc drivers
+    unixodbc unixodbc-dev \
+    # Image support
+    libtiff-dev \
+    libjpeg-dev \
+    libpng-dev \
+    # protobuffer support
+    protobuf-compiler \
+    libprotobuf-dev \
+    libprotoc-dev \
+    autoconf \
+    automake \
+    libtool \
+    cmake  \
+    fonts-liberation \
+    google-perftools \
+    # Compression Libs
+    zip \
+    gzip \
+    unzip \
+    bzip2 \
+    lzop \
+    libarchive-tools \
+    zlib1g \
+    zlib1g-dev \
+    # unpack (almost) everything with one command
+    unp \
+    libbz2-dev \
+    liblzma-dev \
+    zlib1g-dev && \
     # configure dynamic linker run-time bindings
     ldconfig && \
     # Fix permissions
@@ -255,8 +256,8 @@ RUN /bin/bash $RESOURCES_PATH/qgis.sh \
 
 #R-Studio
 RUN /bin/bash $RESOURCES_PATH/r-studio-desktop.sh && \
-     apt-get clean && \
-     rm -rf /var/lib/apt/lists
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists
 
 #Libre office
 RUN add-apt-repository ppa:libreoffice/ppa && \
@@ -265,11 +266,12 @@ RUN add-apt-repository ppa:libreoffice/ppa && \
     apt-get install -y libreoffice-help-fr libreoffice-l10n-fr && \ 
     clean-layer.sh
 
-#Install PSPP
-RUN /bin/bash $RESOURCES_PATH/pspp.sh \
+# Install PSPP
+RUN apt-get update -y \
+    && apt-get install -y pspp \
     && clean-layer.sh
 
-#Install Minio
+# Install Minio
 COPY minio-icon.png $RESOURCES_PATH/minio-icon.png
 COPY remote-desktop/minio-launch.py /usr/bin/minio-launch.py
 
@@ -322,55 +324,29 @@ COPY French/mo-files/ /usr/share/locale/fr/LC_MESSAGES
 # COPY ./desktop-files/.config/xfce4/xfce4-panel.xml /home/jovyan/.config/xfce4/xfconf/xfce-perchannel-xml/
 
 #Removal area
-#Extra Icons
-RUN rm /usr/share/applications/exo-mail-reader.desktop
 #Prevent screen from locking
 RUN apt-get remove -y -q light-locker
 
-
 # apt-get may result in root-owned directories/files under $HOME
 RUN usermod -l $NB_USER rstudio && \
     chown -R $NB_UID:$NB_GID $HOME
 
 ENV NB_USER=$NB_USER
 ENV NB_NAMESPACE=$NB_NAMESPACE
-# https://github.com/novnc/websockify/issues/413#issuecomment-664026092
 RUN apt-get update && apt-get install --yes websockify \
-    && cp /usr/lib/websockify/rebind.cpython-38-x86_64-linux-gnu.so /usr/lib/websockify/rebind.so \
     && clean-layer.sh
 
 # Install AMD AOCC
 ARG AOCC_VERSION=4.0.0
 ARG AOCC_SHA256=2729ec524cbc927618e479994330eeb72df5947e90cfcc49434009eee29bf7d4
 RUN cd ${RESOURCES_PATH} && \
-   wget --quiet https://download.amd.com/developer/eula/aocc-compiler/aocc-compiler-${AOCC_VERSION}.tar -O /tmp/aocc-compiler-${AOCC_VERSION}.tar && \
-   echo "${AOCC_SHA256} /tmp/aocc-compiler-${AOCC_VERSION}.tar" | sha256sum -c - && \
-   tar xf /tmp/aocc-compiler-${AOCC_VERSION}.tar -C ./ && \
-   cd ./aocc-compiler-${AOCC_VERSION} && \
-   /bin/bash ./install.sh && \
-   rm /tmp/aocc-compiler-${AOCC_VERSION}.tar && \
-   clean-layer.sh
-
-#Install Miniconda
-#Has to be appended, else messes with qgis
-ENV PATH $PATH:/opt/conda/bin
-
-ARG CONDA_VERSION=py38_4.10.3
-ARG CONDA_MD5=14da4a9a44b337f7ccb8363537f65b9c
-
-RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-${CONDA_VERSION}-Linux-x86_64.sh -O miniconda.sh && \
-    echo "${CONDA_MD5}  miniconda.sh" > miniconda.md5 && \
-    if ! md5sum --status -c miniconda.md5; then exit 1; fi && \
-    mkdir -p /opt && \
-    sh miniconda.sh -b -p /opt/conda && \
-    rm miniconda.sh miniconda.md5 && \
-    ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \
-    echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \
-    echo "conda activate base" >> ~/.bashrc && \
-    find /opt/conda/ -follow -type f -name '*.a' -delete && \
-    find /opt/conda/ -follow -type f -name '*.js.map' -delete && \
-    /opt/conda/bin/conda clean -afy && \
-    chown -R $NB_UID:$NB_GID /opt/conda
+    wget --quiet https://download.amd.com/developer/eula/aocc-compiler/aocc-compiler-${AOCC_VERSION}.tar -O /tmp/aocc-compiler-${AOCC_VERSION}.tar && \
+    echo "${AOCC_SHA256} /tmp/aocc-compiler-${AOCC_VERSION}.tar" | sha256sum -c - && \
+    tar xf /tmp/aocc-compiler-${AOCC_VERSION}.tar -C ./ && \
+    cd ./aocc-compiler-${AOCC_VERSION} && \
+    /bin/bash ./install.sh && \
+    rm /tmp/aocc-compiler-${AOCC_VERSION}.tar && \
+    clean-layer.sh
 
 #Set Defaults
 ENV HOME=/home/$NB_USER
@@ -400,9 +376,3 @@ RUN chown -R $NB_USER /home/$NB_USER
 USER $NB_USER
 COPY --chown=$NB_USER:100 nginx.conf /etc/nginx/nginx.conf
 
-#updates package to fix CVE-2023-0286 https://github.com/StatCan/aaw-private/issues/57
-#TODO: Evaluate if this is still necessary when updating the base image
-#Has to install as user $NB_USER for the remote desktop image
-RUN conda install --yes --quiet --force-reinstall -c conda-forge cryptography==39.0.1
-USER root
-

docker-bits/6_rstudio.Dockerfile

@@ -27,7 +27,7 @@ ENV PATH=$PATH:/usr/lib/rstudio-server/bin
 # Install some default R packages
 RUN conda install --quiet --yes \
       'r-rodbc==1.3_20' \
-      'r-tidymodels==1.0.0' \
+      'r-tidymodels==1.1.0' \
       'r-tidyverse==1.3.2' \
       'r-arrow==12.0.0' \
       'r-aws.s3==0.3.22' \

docker-bits/∞_CMD.Dockerfile

@@ -12,18 +12,39 @@ COPY pip.conf /tmp/pip.conf
 RUN cat /tmp/pip.conf >> /etc/pip.conf && rm /tmp/pip.conf \
     && pip config set global.timeout 300
 
-# Point R to Artifactory repository
-COPY Rprofile.site /tmp/Rprofile.site
-RUN cat /tmp/Rprofile.site >> /opt/conda/lib/R/etc/Rprofile.site && rm /tmp/Rprofile.site
-
 # Add .Rprofile to /tmp so we can install it in start-custom.sh
 COPY .Rprofile /tmp/.Rprofile
 
+# Install Miniconda
+RUN rm -rf /opt/conda && mkdir -p /opt/conda
+# Has to be appended, else messes with qgis
+ENV PATH $PATH:/opt/conda/bin
+
+ARG CONDA_VERSION=py39_23.5.2-0
+ARG CONDA_SHA256=9829d95f639bd0053b2ed06d1204e60644617bf37dd5cc57523732e0e8d64516
+
+RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-${CONDA_VERSION}-Linux-x86_64.sh -O miniconda.sh && \
+    echo "${CONDA_SHA256}  miniconda.sh" > miniconda.sha256 && \
+    if ! sha256sum --status -c miniconda.sha256; then exit 1; fi && \
+    mkdir -p /opt && \
+    sh miniconda.sh -u -b -p /opt/conda && \
+    rm miniconda.sh miniconda.sha256 && \
+    ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \
+    echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \
+    echo "conda activate base" >> ~/.bashrc && \
+    find /opt/conda/ -follow -type f -name '*.a' -delete && \
+    find /opt/conda/ -follow -type f -name '*.js.map' -delete && \
+    /opt/conda/bin/conda clean -afy && \
+    chown -R $NB_UID:$NB_GID /opt/conda
+
+# Point R to Artifactory repository
+COPY Rprofile.site /tmp/Rprofile.site
+RUN mkdir -p /opt/conda/lib/R/etc/ && \
+    cat /tmp/Rprofile.site >> /opt/conda/lib/R/etc/Rprofile.site && rm /tmp/Rprofile.site
+
 # Point conda to Artifactory repository
-RUN conda config --add channels http://jfrog-platform-artifactory.jfrog-system:8081/artifactory/api/conda/conda-forge-remote --system && \
-    conda config --remove channels conda-forge --system && \
-    conda config --add channels http://jfrog-platform-artifactory.jfrog-system:8081/artifactory/api/conda/conda-forge-nvidia --system && \
-    conda config --add channels http://jfrog-platform-artifactory.jfrog-system:8081/artifactory/api/conda/conda-pytorch-remote --system
+COPY .condarc /tmp/.condarc
+RUN cat /tmp/.condarc > /opt/conda/.condarc && rm /tmp/.condarc
 
 USER $NB_USER
 ENTRYPOINT ["tini", "--"]