common.*: Optimize image size introducing "install-gosu-binary.sh" script

Script was copied from https://github.com/dockbuild/dockbuild
2024-12-22 16:24:27 +01:00 · 2018-06-05 01:01:18 -04:00 · 2018-06-05 01:01:18 -04:00 · 4dce58cfec
commit 4dce58cfec
parent bd811da018
4 changed files with 52 additions and 26 deletions
--- a/common.debian
+++ b/common.debian
@ -1,6 +1,8 @@
 RUN REPO=http://cdn-fastly.deb.debian.org && \
  echo "deb $REPO/debian jessie main\ndeb $REPO/debian jessie-updates main\ndeb $REPO/debian-security jessie/updates main" > /etc/apt/sources.list

+COPY imagefiles/install-gosu-binary.sh /dockcross/
+
 ARG DEBIAN_FRONTEND=noninteractive

 RUN \
@ -36,17 +38,7 @@ RUN \
    xz-utils \
    zlib1g-dev \
  && \
-  apt-get clean --yes
+  apt-get clean --yes && \
+  /dockcross/install-gosu-binary.sh && \
+  rm /dockcross/install-gosu-binary.sh

-ENV GOSU_VERSION 1.10
-RUN set -x \
-        && apt-get update && rm -rf /var/lib/apt/lists/* \
-        && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
-        && curl -# -o /usr/local/bin/gosu -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
-        && curl -# -o /usr/local/bin/gosu.asc -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
-        && export GNUPGHOME="$(mktemp -d)" \
-        && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
-        && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
-        && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
-        && chmod +x /usr/local/bin/gosu \
-        && gosu nobody true
--- a/common.docker
+++ b/common.docker
@ -38,7 +38,6 @@ RUN \

 COPY imagefiles/cmake.sh /usr/local/bin/cmake
 COPY imagefiles/ccmake.sh /usr/local/bin/ccmake
-# /opt/rh/devtoolset-2/root/usr/bin/sudo expects sudo at this location
 COPY imagefiles/sudo.sh /usr/bin/sudo

 COPY imagefiles/build-and-install-ninja.sh /dockcross/
--- a/common.manylinux
+++ b/common.manylinux
@ -1,4 +1,5 @@
-ENV GOSU_VERSION 1.10
+COPY imagefiles/install-gosu-binary.sh /dockcross/
+
 RUN \
  set -x \
  && yum -y install \
@ -6,17 +7,12 @@ RUN \
    gpg \
    zlib-devel \
    gettext \
-  && dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi) \
-  && curl -o /usr/bin/gosu -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
-  && curl -o /tmp/gosu.asc -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
-  && export GNUPGHOME="$(mktemp -d)" \
-  && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
-  && gpg --batch --verify /tmp/gosu.asc /usr/bin/gosu \
-  && rm -r "$GNUPGHOME" /tmp/gosu.asc \
-  && chmod +x /usr/bin/gosu \
-  && gosu nobody true \
-  && yum clean all
-RUN rm /opt/rh/devtoolset-2/root/usr/bin/sudo
+	&& yum clean all
+	&& /dockcross/install-gosu-binary.sh \
+  && rm /dockcross/install-gosu-binary.sh \
+  # Remove sudo provided by "devtoolset-2" since it doesn't work with
+  # our sudo wrapper calling gosu.
+  && rm /opt/rh/devtoolset-2/root/usr/bin/sudo

 COPY manylinux-common/install-python-packages.sh /usr/local/bin
 RUN /usr/local/bin/install-python-packages.sh
--- a/imagefiles/install-gosu-binary.sh
+++ b/imagefiles/install-gosu-binary.sh
@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -ex
+
+if ! command -v curl &> /dev/null; then
+	echo >&2 'error: "curl" not found!'
+	exit 1
+fi
+
+if ! command -v gpg &> /dev/null; then
+	echo >&2 'error: "gpg" not found!'
+	exit 1
+fi
+
+GOSU_VERSION=1.10
+dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi)
+url="https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}"
+url_key="https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}.asc"
+
+# download and verify the signature
+export GNUPGHOME="$(mktemp -d)"
+
+gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
+
+echo "Downloading $url"
+curl -o /usr/local/bin/gosu -# -SL $url
+
+echo "Downloading $url_key"
+curl -o /usr/local/bin/gosu.asc -# -SL $url_key
+
+gpg --verify /usr/local/bin/gosu.asc
+
+# cleanup
+rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc
+
+chmod +x /usr/local/bin/gosu
+
+# verify that the binary works
+gosu nobody true