From be612bc91d82fb98fb800631fa04d3177a66552f Mon Sep 17 00:00:00 2001 From: Hector Sanjuan Date: Thu, 10 Aug 2023 21:53:29 +0200 Subject: [PATCH] Docker: use more recent versions Use gosu and tini from debian packages for the main container. --- Dockerfile | 27 +++++---------------------- Dockerfile-bundle | 2 +- Dockerfile-test | 2 +- docker/entrypoint.sh | 2 +- 4 files changed, 8 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index 141d28e8..396f4610 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.20-buster AS builder +FROM golang:1.20-bullseye AS builder MAINTAINER Hector Sanjuan # This dockerfile builds and runs ipfs-cluster-service. @@ -8,25 +8,8 @@ ENV SRC_PATH $GOPATH/src/github.com/ipfs-cluster/ipfs-cluster ENV GO111MODULE on ENV GOPROXY https://proxy.golang.org -ENV SUEXEC_VERSION v0.2 -ENV TINI_VERSION v0.19.0 -RUN set -eux; \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "${dpkgArch##*-}" in \ - "amd64" | "armhf" | "arm64") tiniArch="tini-static-$dpkgArch" ;;\ - *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \ - esac; \ - cd /tmp \ - && git clone https://github.com/ncopa/su-exec.git \ - && cd su-exec \ - && git checkout -q $SUEXEC_VERSION \ - && make su-exec-static \ - && cd /tmp \ - && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/$tiniArch \ - && chmod +x tini - # Get the TLS CA certificates, they're not provided by busybox. -RUN apt-get update && apt-get install -y ca-certificates +RUN apt-get update && apt-get install -y ca-certificates tini gosu COPY --chown=1000:users go.* $SRC_PATH/ WORKDIR $SRC_PATH @@ -55,8 +38,8 @@ COPY --from=builder $GOPATH/bin/ipfs-cluster-service /usr/local/bin/ipfs-cluster COPY --from=builder $GOPATH/bin/ipfs-cluster-ctl /usr/local/bin/ipfs-cluster-ctl COPY --from=builder $GOPATH/bin/ipfs-cluster-follow /usr/local/bin/ipfs-cluster-follow COPY --from=builder $SRC_PATH/docker/entrypoint.sh /usr/local/bin/entrypoint.sh -COPY --from=builder /tmp/su-exec/su-exec-static /sbin/su-exec -COPY --from=builder /tmp/tini /sbin/tini +COPY --from=builder /usr/bin/tini /usr/bin/tini +COPY --from=builder /usr/sbin/gosu /usr/sbin/gosu COPY --from=builder /etc/ssl/certs /etc/ssl/certs RUN mkdir -p $IPFS_CLUSTER_PATH && \ @@ -64,7 +47,7 @@ RUN mkdir -p $IPFS_CLUSTER_PATH && \ chown ipfs:users $IPFS_CLUSTER_PATH VOLUME $IPFS_CLUSTER_PATH -ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"] +ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/entrypoint.sh"] # Defaults for ipfs-cluster-service go here CMD ["daemon"] diff --git a/Dockerfile-bundle b/Dockerfile-bundle index dd02078d..9224fdee 100644 --- a/Dockerfile-bundle +++ b/Dockerfile-bundle @@ -1,4 +1,4 @@ -FROM golang:1.20-buster AS builder +FROM golang:1.20-bullseye AS builder MAINTAINER Hector Sanjuan # This dockerfile builds cluster and runs it along with kubo. diff --git a/Dockerfile-test b/Dockerfile-test index 78ca9d03..43df644d 100644 --- a/Dockerfile-test +++ b/Dockerfile-test @@ -1,4 +1,4 @@ -FROM golang:1.20-buster AS builder +FROM golang:1.20-bullseye AS builder MAINTAINER Hector Sanjuan # This build state just builds the cluster binaries diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 56903b79..d893106f 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -11,7 +11,7 @@ if [ `id -u` -eq 0 ]; then echo "Changing user to $user" # ensure directories are writable su-exec "$user" test -w "${IPFS_CLUSTER_PATH}" || chown -R -- "$user" "${IPFS_CLUSTER_PATH}" - exec su-exec "$user" "$0" $@ + exec gosu "$user" "$0" $@ fi # Only ipfs user can get here