From 7ea1ccc9d90706d80f6ec57fbc3ce00ff1661aad Mon Sep 17 00:00:00 2001 From: Johann Hoffmann Date: Thu, 18 Aug 2022 18:14:38 +0200 Subject: [PATCH] Switch to Debian-slim base images Signed-off-by: Johann Hoffmann --- Dockerfile | 23 +++++++++++------------ docker-entrypoint.sh | 4 ++-- helm/values.yaml | 2 +- wait-for-postgres.sh | 4 ++-- 4 files changed, 16 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 48f111e..afc7947 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,17 @@ -ARG ALPINE_VERSION=3.16.2 +ARG DEBIAN_VERSION=11.4-slim ARG POCO_VERSION=poco-tip-v1 ARG FMTLIB_VERSION=9.0.0 ARG CPPKAFKA_VERSION=tip-v1 ARG JSON_VALIDATOR_VERSION=2.1.0 ARG AWS_SDK_VERSION=1.9.315 -FROM alpine:$ALPINE_VERSION AS build-base +FROM debian:$DEBIAN_VERSION AS build-base -RUN apk add --update --no-cache \ +RUN apt-get update && apt-get install --no-install-recommends -y \ make cmake g++ git \ - unixodbc-dev postgresql-dev mariadb-dev \ - librdkafka-dev boost-dev openssl-dev \ - zlib-dev nlohmann-json \ - curl-dev + unixodbc-dev libpq-dev libmariadb-dev libmariadbclient-dev-compat \ + librdkafka-dev libboost-all-dev libssl-dev \ + zlib1g-dev nlohmann-json3-dev ca-certificates libcurl4-openssl-dev FROM build-base AS poco-build @@ -114,21 +113,21 @@ RUN cmake .. \ -DBUILD_SHARED_LIBS=ON RUN cmake --build . --config Release -j8 -FROM alpine:$ALPINE_VERSION +FROM debian:$DEBIAN_VERSION ENV OWSEC_USER=owsec \ OWSEC_ROOT=/owsec-data \ OWSEC_CONFIG=/owsec-data -RUN addgroup -S "$OWSEC_USER" && \ - adduser -S -G "$OWSEC_USER" "$OWSEC_USER" +RUN useradd "$OWSEC_USER" RUN mkdir /openwifi RUN mkdir -p "$OWSEC_ROOT" "$OWSEC_CONFIG" && \ chown "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG" -RUN apk add --update --no-cache librdkafka su-exec gettext ca-certificates bash jq curl \ - mariadb-connector-c libpq unixodbc postgresql-client +RUN apt-get update && apt-get install --no-install-recommends -y \ + librdkafka++1 gosu gettext ca-certificates bash jq curl wget \ + libmariadb-dev-compat libpq5 unixodbc COPY readiness_check /readiness_check COPY test_scripts/curl/cli /cli diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0d4df29..90c8651 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -e if [ "$SELFSIGNED_CERTS" = 'true' ]; then @@ -84,7 +84,7 @@ if [ "$1" = '/openwifi/owsec' -a "$(id -u)" = '0' ]; then if [ "$RUN_CHOWN" = 'true' ]; then chown -R "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG" fi - exec su-exec "$OWSEC_USER" "$@" + exec gosu "$OWSEC_USER" "$@" fi exec "$@" diff --git a/helm/values.yaml b/helm/values.yaml index e98461d..deafaa5 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -92,7 +92,7 @@ resources: {} # memory: 128Mi securityContext: - fsGroup: 101 + fsGroup: 1000 nodeSelector: {} diff --git a/wait-for-postgres.sh b/wait-for-postgres.sh index 9957852..e60b37a 100755 --- a/wait-for-postgres.sh +++ b/wait-for-postgres.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # wait-for-postgres.sh set -e @@ -20,7 +20,7 @@ if [ "$1" = '/openwifi/owsec' -a "$(id -u)" = '0' ]; then if [ "$RUN_CHOWN" = 'true' ]; then chown -R "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG" fi - exec su-exec "$OWSEC_USER" "$@" + exec gosu "$OWSEC_USER" "$@" fi exec "$@"