feat: add TurboOCR

builds/cube-sandbox/Dockerfile

@@ -0,0 +1,134 @@
+# CubeSandbox in a privileged systemd+DinD container.
+#
+# CubeSandbox's official install.sh is designed for bare metal / VMs and
+# requires a running systemd (it registers all services as systemd units).
+# This image therefore runs systemd as PID 1 rather than tini.
+#
+# UBUNTU_IMAGE may be overridden to use a regional mirror, e.g.:
+#   docker.m.daocloud.io/library/ubuntu:22.04   (China DaoCloud mirror)
+#   ccr.ccs.tencentyun.com/library/ubuntu:22.04 (Tencent Cloud mirror)
+ARG UBUNTU_IMAGE=ubuntu:22.04
+FROM ${UBUNTU_IMAGE}
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8
+
+# Core system deps + systemd as the container init system.
+# deploy/one-click/install.sh requires: tar, rg (ripgrep), ss (iproute2),
+# bash, curl, sed, pgrep (procps), date, docker, python3, ip (iproute2), awk (gawk).
+# Plus DinD prerequisites: iptables, ca-certificates, gnupg.
+# Plus xfsprogs for the XFS-backed /data/cubelet (install.sh hard requirement).
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        systemd \
+        systemd-sysv \
+        dbus \
+        ca-certificates \
+        curl \
+        gnupg \
+        lsb-release \
+        bash \
+        tar \
+        ripgrep \
+        iproute2 \
+        procps \
+        gawk \
+        sed \
+        python3 \
+        python3-pip \
+        iptables \
+        kmod \
+        xfsprogs \
+        e2fsprogs \
+        util-linux \
+        file \
+        less \
+    && rm -rf /var/lib/apt/lists/*
+
+# Mask systemd units that are irrelevant or will fail in a container context.
+RUN for unit in \
+        getty@tty1.service \
+        apt-daily.service \
+        apt-daily-upgrade.service \
+        apt-daily.timer \
+        apt-daily-upgrade.timer \
+        motd-news.service \
+        motd-news.timer \
+        systemd-networkd.service \
+        systemd-networkd-wait-online.service \
+        systemd-udevd.service \
+        systemd-udevd-control.socket \
+        systemd-udevd-kernel.socket \
+        systemd-logind.service \
+        e2scrub_reap.service \
+        apparmor.service; do \
+    ln -sf /dev/null "/etc/systemd/system/${unit}"; \
+    done
+
+# Install Docker CE + Compose plugin from the official Docker apt repository.
+RUN install -m 0755 -d /etc/apt/keyrings \
+    && curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
+       | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
+    && chmod a+r /etc/apt/keyrings/docker.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
+       https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo $VERSION_CODENAME) stable" \
+       > /etc/apt/sources.list.d/docker.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends \
+        docker-ce \
+        docker-ce-cli \
+        containerd.io \
+        docker-buildx-plugin \
+        docker-compose-plugin \
+    && rm -rf /var/lib/apt/lists/*
+
+# Configure Docker daemon defaults.
+RUN mkdir -p /etc/docker && printf '%s\n' \
+    '{' \
+    '  "log-driver": "json-file",' \
+    '  "log-opts": { "max-size": "50m", "max-file": "3" },' \
+    '  "storage-driver": "overlay2"' \
+    '}' > /etc/docker/daemon.json
+
+# Install E2B Python SDK so smoke tests can run from inside the container
+# without polluting the WSL2 host with pip packages.
+RUN pip3 install --no-cache-dir --break-system-packages \
+        e2b-code-interpreter==1.0.* \
+        requests \
+    || pip3 install --no-cache-dir \
+        e2b-code-interpreter==1.0.* \
+        requests
+
+# Persistent locations the installer writes to.
+VOLUME ["/var/lib/docker", "/data", "/usr/local/services/cubetoolbox"]
+
+# Helper scripts for the bootstrap flow.
+COPY cube-init.sh       /usr/local/bin/cube-init.sh
+COPY cube-xfs-setup.sh  /usr/local/bin/cube-xfs-setup.sh
+COPY cube-install.sh    /usr/local/bin/cube-install.sh
+RUN chmod +x \
+        /usr/local/bin/cube-init.sh \
+        /usr/local/bin/cube-xfs-setup.sh \
+        /usr/local/bin/cube-install.sh
+
+# Systemd service units for the CubeSandbox bootstrap sequence.
+COPY cube-xfs-mount.service /etc/systemd/system/cube-xfs-mount.service
+COPY cube-install.service   /etc/systemd/system/cube-install.service
+
+# Enable services by creating the wanted-by symlinks that systemctl enable
+# would create (systemctl cannot run during a Docker image build).
+RUN mkdir -p /etc/systemd/system/multi-user.target.wants \
+    && ln -sf /etc/systemd/system/cube-xfs-mount.service \
+              /etc/systemd/system/multi-user.target.wants/cube-xfs-mount.service \
+    && ln -sf /etc/systemd/system/cube-install.service \
+              /etc/systemd/system/multi-user.target.wants/cube-install.service \
+    && ln -sf /lib/systemd/system/docker.service \
+              /etc/systemd/system/multi-user.target.wants/docker.service \
+    && ln -sf /lib/systemd/system/containerd.service \
+              /etc/systemd/system/multi-user.target.wants/containerd.service
+
+# cube-init.sh captures CUBE_* and TZ env vars from the container runtime
+# into /etc/cube-sandbox.env (readable by systemd EnvironmentFile=), then
+# execs /lib/systemd/systemd as PID 1.
+ENTRYPOINT ["/usr/local/bin/cube-init.sh"]
+CMD ["/lib/systemd/systemd"]