From 4dce58cfec21c3d7f559089837a52b360f214feb Mon Sep 17 00:00:00 2001
From: Jean-Christophe Fillion-Robin <jchris.fillionr@kitware.com>
Date: Tue, 5 Jun 2018 01:01:18 -0400
Subject: [PATCH] common.*: Optimize image size introducing
 "install-gosu-binary.sh" script

Script was copied from https://github.com/dockbuild/dockbuild
---
 common.debian                     | 18 ++++----------
 common.docker                     |  1 -
 common.manylinux                  | 20 +++++++---------
 imagefiles/install-gosu-binary.sh | 39 +++++++++++++++++++++++++++++++
 4 files changed, 52 insertions(+), 26 deletions(-)
 create mode 100755 imagefiles/install-gosu-binary.sh

diff --git a/common.debian b/common.debian
index 000ad86..e5ef789 100644
--- a/common.debian
+++ b/common.debian
@@ -1,6 +1,8 @@
 RUN REPO=http://cdn-fastly.deb.debian.org && \
   echo "deb $REPO/debian jessie main\ndeb $REPO/debian jessie-updates main\ndeb $REPO/debian-security jessie/updates main" > /etc/apt/sources.list
 
+COPY imagefiles/install-gosu-binary.sh /dockcross/
+
 ARG DEBIAN_FRONTEND=noninteractive
 
 RUN \
@@ -36,17 +38,7 @@ RUN \
     xz-utils \
     zlib1g-dev \
   && \
-  apt-get clean --yes
+  apt-get clean --yes && \
+  /dockcross/install-gosu-binary.sh && \
+  rm /dockcross/install-gosu-binary.sh
 
-ENV GOSU_VERSION 1.10
-RUN set -x \
-        && apt-get update && rm -rf /var/lib/apt/lists/* \
-        && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
-        && curl -# -o /usr/local/bin/gosu -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
-        && curl -# -o /usr/local/bin/gosu.asc -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
-        && export GNUPGHOME="$(mktemp -d)" \
-        && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
-        && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
-        && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
-        && chmod +x /usr/local/bin/gosu \
-        && gosu nobody true
diff --git a/common.docker b/common.docker
index 42bd5e6..0cbd718 100644
--- a/common.docker
+++ b/common.docker
@@ -38,7 +38,6 @@ RUN \
 
 COPY imagefiles/cmake.sh /usr/local/bin/cmake
 COPY imagefiles/ccmake.sh /usr/local/bin/ccmake
-# /opt/rh/devtoolset-2/root/usr/bin/sudo expects sudo at this location
 COPY imagefiles/sudo.sh /usr/bin/sudo
 
 COPY imagefiles/build-and-install-ninja.sh /dockcross/
diff --git a/common.manylinux b/common.manylinux
index 1f14232..8eca98c 100644
--- a/common.manylinux
+++ b/common.manylinux
@@ -1,4 +1,5 @@
-ENV GOSU_VERSION 1.10
+COPY imagefiles/install-gosu-binary.sh /dockcross/
+
 RUN \
   set -x \
   && yum -y install \
@@ -6,17 +7,12 @@ RUN \
     gpg \
     zlib-devel \
     gettext \
-  && dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi) \
-  && curl -o /usr/bin/gosu -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
-  && curl -o /tmp/gosu.asc -LO "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
-  && export GNUPGHOME="$(mktemp -d)" \
-  && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
-  && gpg --batch --verify /tmp/gosu.asc /usr/bin/gosu \
-  && rm -r "$GNUPGHOME" /tmp/gosu.asc \
-  && chmod +x /usr/bin/gosu \
-  && gosu nobody true \
-  && yum clean all
-RUN rm /opt/rh/devtoolset-2/root/usr/bin/sudo
+	&& yum clean all
+	&& /dockcross/install-gosu-binary.sh \
+  && rm /dockcross/install-gosu-binary.sh \
+  # Remove sudo provided by "devtoolset-2" since it doesn't work with
+  # our sudo wrapper calling gosu.
+  && rm /opt/rh/devtoolset-2/root/usr/bin/sudo
 
 COPY manylinux-common/install-python-packages.sh /usr/local/bin
 RUN /usr/local/bin/install-python-packages.sh
diff --git a/imagefiles/install-gosu-binary.sh b/imagefiles/install-gosu-binary.sh
new file mode 100755
index 0000000..26cde35
--- /dev/null
+++ b/imagefiles/install-gosu-binary.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -ex
+
+if ! command -v curl &> /dev/null; then
+	echo >&2 'error: "curl" not found!'
+	exit 1
+fi
+
+if ! command -v gpg &> /dev/null; then
+	echo >&2 'error: "gpg" not found!'
+	exit 1
+fi
+
+GOSU_VERSION=1.10
+dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi)
+url="https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}"
+url_key="https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}.asc"
+
+# download and verify the signature
+export GNUPGHOME="$(mktemp -d)"
+
+gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
+
+echo "Downloading $url"
+curl -o /usr/local/bin/gosu -# -SL $url
+
+echo "Downloading $url_key"
+curl -o /usr/local/bin/gosu.asc -# -SL $url_key
+
+gpg --verify /usr/local/bin/gosu.asc
+
+# cleanup
+rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc
+
+chmod +x /usr/local/bin/gosu
+
+# verify that the binary works
+gosu nobody true