From 4dce58cfec21c3d7f559089837a52b360f214feb Mon Sep 17 00:00:00 2001 From: Jean-Christophe Fillion-Robin Date: Tue, 5 Jun 2018 01:01:18 -0400 Subject: [PATCH] common.*: Optimize image size introducing "install-gosu-binary.sh" script Script was copied from https://github.com/dockbuild/dockbuild --- common.debian | 18 ++++---------- common.docker | 1 - common.manylinux | 20 +++++++--------- imagefiles/install-gosu-binary.sh | 39 +++++++++++++++++++++++++++++++ 4 files changed, 52 insertions(+), 26 deletions(-) create mode 100755 imagefiles/install-gosu-binary.sh diff --git a/common.debian b/common.debian index 000ad86..e5ef789 100644 --- a/common.debian +++ b/common.debian @@ -1,6 +1,8 @@ RUN REPO=http://cdn-fastly.deb.debian.org && \ echo "deb $REPO/debian jessie main\ndeb $REPO/debian jessie-updates main\ndeb $REPO/debian-security jessie/updates main" > /etc/apt/sources.list +COPY imagefiles/install-gosu-binary.sh /dockcross/ + ARG DEBIAN_FRONTEND=noninteractive RUN \ @@ -36,17 +38,7 @@ RUN \ xz-utils \ zlib1g-dev \ && \ - apt-get clean --yes + apt-get clean --yes && \ + /dockcross/install-gosu-binary.sh && \ + rm /dockcross/install-gosu-binary.sh -ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \ - && curl -# -o /usr/local/bin/gosu -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \ - && curl -# -o /usr/local/bin/gosu.asc -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true diff --git a/common.docker b/common.docker index 42bd5e6..0cbd718 100644 --- a/common.docker +++ b/common.docker @@ -38,7 +38,6 @@ RUN \ COPY imagefiles/cmake.sh /usr/local/bin/cmake COPY imagefiles/ccmake.sh /usr/local/bin/ccmake -# /opt/rh/devtoolset-2/root/usr/bin/sudo expects sudo at this location COPY imagefiles/sudo.sh /usr/bin/sudo COPY imagefiles/build-and-install-ninja.sh /dockcross/ diff --git a/common.manylinux b/common.manylinux index 1f14232..8eca98c 100644 --- a/common.manylinux +++ b/common.manylinux @@ -1,4 +1,5 @@ -ENV GOSU_VERSION 1.10 +COPY imagefiles/install-gosu-binary.sh /dockcross/ + RUN \ set -x \ && yum -y install \ @@ -6,17 +7,12 @@ RUN \ gpg \ zlib-devel \ gettext \ - && dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi) \ - && curl -o /usr/bin/gosu -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \ - && curl -o /tmp/gosu.asc -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /tmp/gosu.asc /usr/bin/gosu \ - && rm -r "$GNUPGHOME" /tmp/gosu.asc \ - && chmod +x /usr/bin/gosu \ - && gosu nobody true \ - && yum clean all -RUN rm /opt/rh/devtoolset-2/root/usr/bin/sudo + && yum clean all + && /dockcross/install-gosu-binary.sh \ + && rm /dockcross/install-gosu-binary.sh \ + # Remove sudo provided by "devtoolset-2" since it doesn't work with + # our sudo wrapper calling gosu. + && rm /opt/rh/devtoolset-2/root/usr/bin/sudo COPY manylinux-common/install-python-packages.sh /usr/local/bin RUN /usr/local/bin/install-python-packages.sh diff --git a/imagefiles/install-gosu-binary.sh b/imagefiles/install-gosu-binary.sh new file mode 100755 index 0000000..26cde35 --- /dev/null +++ b/imagefiles/install-gosu-binary.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +set -ex + +if ! command -v curl &> /dev/null; then + echo >&2 'error: "curl" not found!' + exit 1 +fi + +if ! command -v gpg &> /dev/null; then + echo >&2 'error: "gpg" not found!' + exit 1 +fi + +GOSU_VERSION=1.10 +dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi) +url="https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}" +url_key="https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}.asc" + +# download and verify the signature +export GNUPGHOME="$(mktemp -d)" + +gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 + +echo "Downloading $url" +curl -o /usr/local/bin/gosu -# -SL $url + +echo "Downloading $url_key" +curl -o /usr/local/bin/gosu.asc -# -SL $url_key + +gpg --verify /usr/local/bin/gosu.asc + +# cleanup +rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc + +chmod +x /usr/local/bin/gosu + +# verify that the binary works +gosu nobody true