Skip to content

Commit 37c17a5

Browse files
drwetterdrwetter
authored
Merge pull request #2344 from polarathene/refactor/dockerfile-to-opensuse
refactor(dockerfile): Change base Alpine (3.17) => openSUSE Leap (15.4)
2 parents cb45177 + 6af0a80 commit 37c17a5

1 file changed

Lines changed: 32 additions & 11 deletions

File tree

Dockerfile

Lines changed: 32 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,39 @@
1-
FROM alpine:3.17
1+
# syntax=docker.io/docker/dockerfile:1
22

3-
RUN apk update && \
4-
apk upgrade && \
5-
apk add bash procps drill git coreutils libidn curl socat openssl xxd && \
6-
rm -rf /var/cache/apk/* && \
7-
adduser -D -s /bin/bash testssl && \
8-
ln -s /home/testssl/testssl.sh /usr/local/bin/
3+
ARG LEAP_VERSION=15.4
4+
ARG INSTALL_ROOT=/rootfs
95

10-
USER testssl
11-
WORKDIR /home/testssl/
6+
FROM opensuse/leap:${LEAP_VERSION} as builder
7+
ARG CACHE_ZYPPER=/tmp/cache/zypper
8+
ARG INSTALL_ROOT
9+
# /etc/os-release provides $VERSION_ID
10+
RUN source /etc/os-release \
11+
&& export ZYPPER_OPTIONS=( --releasever "${VERSION_ID}" --installroot "${INSTALL_ROOT}" --cache-dir "${CACHE_ZYPPER}" ) \
12+
&& zypper "${ZYPPER_OPTIONS[@]}" --gpg-auto-import-keys refresh \
13+
&& zypper "${ZYPPER_OPTIONS[@]}" --non-interactive install --download-in-advance --no-recommends \
14+
bash procps grep gawk sed coreutils busybox-util-linux busybox-vi ldns libidn2-0 socat openssl curl \
15+
&& zypper "${ZYPPER_OPTIONS[@]}" clean --all
16+
## Cleanup (reclaim approx 13 MiB):
17+
# None of this content should be relevant to the container:
18+
RUN rm -r "${INSTALL_ROOT}/usr/share/"{licenses,man,locale,doc,help,info}
19+
# Functionality that the container doesn't need:
20+
RUN rm "${INSTALL_ROOT}/usr/share/misc/termcap" \
21+
&& rm -r "${INSTALL_ROOT}/usr/lib/sysimage/rpm"
22+
23+
24+
# Create a new image with the contents of $INSTALL_ROOT
25+
FROM scratch
26+
ARG INSTALL_ROOT
27+
COPY --link --from=builder ${INSTALL_ROOT} /
28+
# Create user + (home with SGID set):
29+
RUN echo 'testssl:x:1000:1000::/home/testssl:/bin/bash' >> /etc/passwd \
30+
&& echo 'testssl:x:1000:' >> /etc/group \
31+
&& echo 'testssl:!::0:::::' >> /etc/shadow \
32+
&& install --mode 2755 --owner testssl --group testssl --directory /home/testssl \
33+
&& ln -s /home/testssl/testssl.sh /usr/local/bin/
1234

1335
# Copy over build context (after filtered by .dockerignore): bin/ etc/ testssl.sh
1436
COPY --chown=testssl:testssl . /home/testssl/
15-
37+
USER testssl
1638
ENTRYPOINT ["testssl.sh"]
17-
1839
CMD ["--help"]

0 commit comments

Comments
 (0)