From 2fae40053bf4ba56cfa9c653778746008e5f04e9 Mon Sep 17 00:00:00 2001 From: anthony sottile Date: Thu, 2 May 2024 13:02:42 -0400 Subject: [PATCH] ref: fix install of gosu / tini --- Dockerfile | 67 +++++++++++++++--------------------------------------- 1 file changed, 18 insertions(+), 49 deletions(-) diff --git a/Dockerfile b/Dockerfile index 845875c..87fb604 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,57 +2,26 @@ FROM python:3.7-slim AS application RUN groupadd -r cdc && useradd -r -g cdc cdc -# grab gosu for easy step-down from root -RUN set -x \ - && export GOSU_VERSION=1.11 \ - && fetchDeps=" \ - dirmngr \ - gnupg \ - wget \ - " \ - && apt-get update && apt-get install -y --no-install-recommends $fetchDeps && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && for key in \ - B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && gpgconf --kill all \ - && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove $fetchDeps +ARG GOSU_VERSION=1.17 +ARG GOSU_SHA256=bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3 +ARG TINI_VERSION=0.19.0 +ARG TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c -# grab tini for signal processing and zombie killing RUN set -x \ - && export TINI_VERSION=0.18.0 \ - && fetchDeps=" \ - dirmngr \ - gnupg \ - wget \ - " \ - && apt-get update && apt-get install -y --no-install-recommends $fetchDeps && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && for key in \ - 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ - && gpgconf --kill all \ - && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini \ - && tini -h \ - && apt-get purge -y --auto-remove $fetchDeps + && buildDeps=" \ + wget \ + " \ + && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ + && rm -rf /var/lib/apt/lists/* \ + # grab gosu for easy step-down from root + && wget --quiet -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \ + && echo "$GOSU_SHA256 /usr/local/bin/gosu" | sha256sum --check --status \ + && chmod +x /usr/local/bin/gosu \ + # grab tini for signal processing and zombie killing + && wget --quiet -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ + && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ + && chmod +x /usr/local/bin/tini \ + && apt-get purge -y --auto-remove $buildDeps RUN mkdir -p /usr/src/app WORKDIR /usr/src/app