Merge pull request #2347 from drwetter/suse_docker

drwetter · web-flow · commit 82fbd8076e7f · 2023-03-24T09:23:26.000+01:00
Switching from Alpine Image to multistaged opensuse/leap
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -31,6 +31,8 @@
 * Client simulation runs in wide mode which is even better readable
 * Added --reqheader to support custom headers in HTTP requests
 * Test for support for RFC 8879 certificate compression
+* Doesn't hang anymore when there's no local resolver
+* Dockerfiles refactored to be multistaged: performance gain+address bugs/inconsistencies
 
 ### Features implemented / improvements in 3.0
 
diff --git a/CREDITS.md b/CREDITS.md
@@ -84,6 +84,9 @@ Full contribution, see git log.
 * Hubert Kario
   - helped with avoiding accidental TCP fragmentation
 
+* Brennan Kinney
+  - refactored multistage Dockerfiles: performance gain+address bugs/inconsistencies
+
 * Magnus Larsen
   - SSL Labs Rating
 
@@ -173,6 +176,9 @@ Full contribution, see git log.
 * @nvsofts (NV)
   - LibreSSL patch for GOST
 
+* @w4ntun
+  - fixed DNS via proxy
+
 Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.
 
 
diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,39 @@
-FROM alpine:3.17
+# syntax=docker.io/docker/dockerfile:1
 
-RUN apk update && \
-    apk upgrade && \
-    apk add bash procps drill git coreutils libidn curl socat openssl xxd && \
-    rm -rf /var/cache/apk/* && \
-    adduser -D -s /bin/bash testssl && \
-    ln -s /home/testssl/testssl.sh /usr/local/bin/ 
+ARG LEAP_VERSION=15.4
+ARG INSTALL_ROOT=/rootfs
 
-USER testssl
-WORKDIR /home/testssl/
+FROM opensuse/leap:${LEAP_VERSION} as builder
+ARG CACHE_ZYPPER=/tmp/cache/zypper
+ARG INSTALL_ROOT
+# /etc/os-release provides $VERSION_ID
+RUN source /etc/os-release \
+  && export ZYPPER_OPTIONS=( --releasever "${VERSION_ID}" --installroot "${INSTALL_ROOT}" --cache-dir "${CACHE_ZYPPER}" ) \
+  && zypper "${ZYPPER_OPTIONS[@]}" --gpg-auto-import-keys refresh \
+  && zypper "${ZYPPER_OPTIONS[@]}" --non-interactive install --download-in-advance --no-recommends \
+       bash procps grep gawk sed coreutils busybox-util-linux busybox-vi ldns libidn2-0 socat openssl curl \
+  && zypper "${ZYPPER_OPTIONS[@]}" clean --all
+## Cleanup (reclaim approx 13 MiB):
+# None of this content should be relevant to the container:
+RUN  rm -r "${INSTALL_ROOT}/usr/share/"{licenses,man,locale,doc,help,info}
+# Functionality that the container doesn't need:
+RUN  rm    "${INSTALL_ROOT}/usr/share/misc/termcap" \
+  && rm -r "${INSTALL_ROOT}/usr/lib/sysimage/rpm"
+
+
+# Create a new image with the contents of $INSTALL_ROOT
+FROM scratch
+ARG INSTALL_ROOT
+COPY --link --from=builder ${INSTALL_ROOT} /
+# Create user + (home with SGID set):
+RUN  echo 'testssl:x:1000:1000::/home/testssl:/bin/bash' >> /etc/passwd \
+  && echo 'testssl:x:1000:' >> /etc/group \
+  && echo 'testssl:!::0:::::' >> /etc/shadow \
+  && install --mode 2755 --owner testssl --group testssl --directory /home/testssl \
+  && ln -s /home/testssl/testssl.sh /usr/local/bin/
 
 # Copy over build context (after filtered by .dockerignore): bin/ etc/ testssl.sh
 COPY --chown=testssl:testssl . /home/testssl/
-
+USER testssl
 ENTRYPOINT ["testssl.sh"]
-
 CMD ["--help"]
