Switch redis:alpine over to su-exec #54
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
After ncopa/su-exec@f85e5bd (`su-exec` 0.2+), `su-exec` now has parity with `gosu` (as verified by `gosu`'s new test suite) such that it's acceptable to use as a `gosu` replacement in our Alpine-based variant for the size consideration.
|
Updated diffs: diff --git a/3.0/Dockerfile b/3.0/alpine/Dockerfile
index f06713e..2ffcf68 100644
--- a/3.0/Dockerfile
+++ b/3.0/alpine/Dockerfile
@@ -1,43 +1,32 @@
-FROM debian:jessie
+FROM alpine:3.3
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r redis && useradd -r -g redis redis
+RUN addgroup -S redis && adduser -S -G redis redis
-RUN apt-get update && apt-get install -y --no-install-recommends \
- ca-certificates \
- wget \
- && rm -rf /var/lib/apt/lists/*
-
-# grab gosu for easy step-down from root
-ENV GOSU_VERSION 1.7
-RUN set -x \
- && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
- && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
- && export GNUPGHOME="$(mktemp -d)" \
- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
- && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
- && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
- && chmod +x /usr/local/bin/gosu \
- && gosu nobody true
+# grab su-exec for easy step-down from root
+RUN apk add --no-cache 'su-exec>=0.2'
ENV REDIS_VERSION 3.0.7
ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-3.0.7.tar.gz
ENV REDIS_DOWNLOAD_SHA1 e56b4b7e033ae8dbf311f9191cf6fdf3ae974d1c
# for redis-sentinel see: http://redis.io/topics/sentinel
-RUN buildDeps='gcc libc6-dev make' \
- && set -x \
- && apt-get update && apt-get install -y $buildDeps --no-install-recommends \
- && rm -rf /var/lib/apt/lists/* \
+RUN set -x \
+ && apk add --no-cache --virtual .build-deps \
+ gcc \
+ linux-headers \
+ make \
+ musl-dev \
&& wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL" \
&& echo "$REDIS_DOWNLOAD_SHA1 *redis.tar.gz" | sha1sum -c - \
- && mkdir -p /usr/src/redis \
- && tar -xzf redis.tar.gz -C /usr/src/redis --strip-components=1 \
+ && mkdir -p /usr/src \
+ && tar -xzf redis.tar.gz -C /usr/src \
+ && mv "/usr/src/redis-$REDIS_VERSION" /usr/src/redis \
&& rm redis.tar.gz \
&& make -C /usr/src/redis \
&& make -C /usr/src/redis install \
&& rm -r /usr/src/redis \
- && apt-get purge -y --auto-remove $buildDeps
+ && apk del .build-deps
RUN mkdir /data && chown redis:redis /data
VOLUME /datadiff --git a/3.0/docker-entrypoint.sh b/3.0/alpine/docker-entrypoint.sh
index 983b629..2462ffd 100755
--- a/3.0/docker-entrypoint.sh
+++ b/3.0/alpine/docker-entrypoint.sh
@@ -1,10 +1,10 @@
-#!/bin/bash
+#!/bin/sh
set -e
# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
chown -R redis .
- exec gosu redis "$BASH_SOURCE" "$@"
+ exec su-exec redis "$0" "$@"
fi
exec "$@" |
|
Updated again, even slightly smaller diff now: diff --git a/3.0/Dockerfile b/3.0/alpine/Dockerfile
index f06713e..643caa7 100644
--- a/3.0/Dockerfile
+++ b/3.0/alpine/Dockerfile
@@ -1,34 +1,23 @@
-FROM debian:jessie
+FROM alpine:3.3
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r redis && useradd -r -g redis redis
+RUN addgroup -S redis && adduser -S -G redis redis
-RUN apt-get update && apt-get install -y --no-install-recommends \
- ca-certificates \
- wget \
- && rm -rf /var/lib/apt/lists/*
-
-# grab gosu for easy step-down from root
-ENV GOSU_VERSION 1.7
-RUN set -x \
- && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
- && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
- && export GNUPGHOME="$(mktemp -d)" \
- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
- && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
- && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
- && chmod +x /usr/local/bin/gosu \
- && gosu nobody true
+# grab su-exec for easy step-down from root
+RUN apk add --no-cache 'su-exec>=0.2'
ENV REDIS_VERSION 3.0.7
ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-3.0.7.tar.gz
ENV REDIS_DOWNLOAD_SHA1 e56b4b7e033ae8dbf311f9191cf6fdf3ae974d1c
# for redis-sentinel see: http://redis.io/topics/sentinel
-RUN buildDeps='gcc libc6-dev make' \
- && set -x \
- && apt-get update && apt-get install -y $buildDeps --no-install-recommends \
- && rm -rf /var/lib/apt/lists/* \
+RUN set -x \
+ && apk add --no-cache --virtual .build-deps \
+ gcc \
+ linux-headers \
+ make \
+ musl-dev \
+ tar \
&& wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL" \
&& echo "$REDIS_DOWNLOAD_SHA1 *redis.tar.gz" | sha1sum -c - \
&& mkdir -p /usr/src/redis \
@@ -37,7 +26,7 @@ RUN buildDeps='gcc libc6-dev make' \
&& make -C /usr/src/redis \
&& make -C /usr/src/redis install \
&& rm -r /usr/src/redis \
- && apt-get purge -y --auto-remove $buildDeps
+ && apk del .build-deps
RUN mkdir /data && chown redis:redis /data
VOLUME /datadiff --git a/3.0/docker-entrypoint.sh b/3.0/alpine/docker-entrypoint.sh
index b1a9084..2462ffd 100755
--- a/3.0/docker-entrypoint.sh
+++ b/3.0/alpine/docker-entrypoint.sh
@@ -4,7 +4,7 @@ set -e
# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
chown -R redis .
- exec gosu redis "$BASH_SOURCE" "$@"
+ exec su-exec redis "$0" "$@"
fi
exec "$@" |
|
Image size comparison: before ~15.95 MB, after ~13.92 MB |
|
Just for completeness, just updating the the new So in conclusion: 👍 |
|
In other words, we're saving roughly 💾 💾 |
| @@ -1,4 +1,4 @@ | |||
| #!/bin/bash | |||
| #!/bin/sh | |||
There was a problem hiding this comment.
Um, $BASH_SOURCE won't work in this file now 😉
| ENTRYPOINT ["/entrypoint.sh"] | ||
| COPY docker-entrypoint.sh /usr/local/bin/ | ||
| RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat | ||
| ENTRYPOINT ["docker-entrypoint.sh"] |
|
LGTM |
tianon
added a commit
to infosiftr/stackbrew
that referenced
this pull request
Apr 20, 2016
- `drupal`: 8.1 GA - `mariadb`: add xtrabackup for Galera (MariaDB/mariadb-docker#47) - `pypy`: 5.1.0 - `python`: empty `~/.cache` (docker-library/python#103) - `redis`: use `su-exec` in Alpine variants (redis/docker-library-redis#54) - `rocket.chat`: 0.27.0
RichardScothern
pushed a commit
to RichardScothern/official-images
that referenced
this pull request
Jun 14, 2016
- `drupal`: 8.1 GA - `mariadb`: add xtrabackup for Galera (MariaDB/mariadb-docker#47) - `pypy`: 5.1.0 - `python`: empty `~/.cache` (docker-library/python#103) - `redis`: use `su-exec` in Alpine variants (redis/docker-library-redis#54) - `rocket.chat`: 0.27.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After ncopa/su-exec@f85e5bd (
su-exec0.2+),su-execnow has parity withgosu(as verified bygosu's new test suite) such that it's acceptable to use as agosureplacement in our Alpine-based variant for the size consideration.