-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch redis:alpine over to su-exec #54
Conversation
After ncopa/su-exec@f85e5bd (`su-exec` 0.2+), `su-exec` now has parity with `gosu` (as verified by `gosu`'s new test suite) such that it's acceptable to use as a `gosu` replacement in our Alpine-based variant for the size consideration.
Updated diffs: diff --git a/3.0/Dockerfile b/3.0/alpine/Dockerfile
index f06713e..2ffcf68 100644
--- a/3.0/Dockerfile
+++ b/3.0/alpine/Dockerfile
@@ -1,43 +1,32 @@
-FROM debian:jessie
+FROM alpine:3.3
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r redis && useradd -r -g redis redis
+RUN addgroup -S redis && adduser -S -G redis redis
-RUN apt-get update && apt-get install -y --no-install-recommends \
- ca-certificates \
- wget \
- && rm -rf /var/lib/apt/lists/*
-
-# grab gosu for easy step-down from root
-ENV GOSU_VERSION 1.7
-RUN set -x \
- && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
- && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
- && export GNUPGHOME="$(mktemp -d)" \
- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
- && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
- && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
- && chmod +x /usr/local/bin/gosu \
- && gosu nobody true
+# grab su-exec for easy step-down from root
+RUN apk add --no-cache 'su-exec>=0.2'
ENV REDIS_VERSION 3.0.7
ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-3.0.7.tar.gz
ENV REDIS_DOWNLOAD_SHA1 e56b4b7e033ae8dbf311f9191cf6fdf3ae974d1c
# for redis-sentinel see: http://redis.io/topics/sentinel
-RUN buildDeps='gcc libc6-dev make' \
- && set -x \
- && apt-get update && apt-get install -y $buildDeps --no-install-recommends \
- && rm -rf /var/lib/apt/lists/* \
+RUN set -x \
+ && apk add --no-cache --virtual .build-deps \
+ gcc \
+ linux-headers \
+ make \
+ musl-dev \
&& wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL" \
&& echo "$REDIS_DOWNLOAD_SHA1 *redis.tar.gz" | sha1sum -c - \
- && mkdir -p /usr/src/redis \
- && tar -xzf redis.tar.gz -C /usr/src/redis --strip-components=1 \
+ && mkdir -p /usr/src \
+ && tar -xzf redis.tar.gz -C /usr/src \
+ && mv "/usr/src/redis-$REDIS_VERSION" /usr/src/redis \
&& rm redis.tar.gz \
&& make -C /usr/src/redis \
&& make -C /usr/src/redis install \
&& rm -r /usr/src/redis \
- && apt-get purge -y --auto-remove $buildDeps
+ && apk del .build-deps
RUN mkdir /data && chown redis:redis /data
VOLUME /data diff --git a/3.0/docker-entrypoint.sh b/3.0/alpine/docker-entrypoint.sh
index 983b629..2462ffd 100755
--- a/3.0/docker-entrypoint.sh
+++ b/3.0/alpine/docker-entrypoint.sh
@@ -1,10 +1,10 @@
-#!/bin/bash
+#!/bin/sh
set -e
# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
chown -R redis .
- exec gosu redis "$BASH_SOURCE" "$@"
+ exec su-exec redis "$0" "$@"
fi
exec "$@" |
Updated again, even slightly smaller diff now: diff --git a/3.0/Dockerfile b/3.0/alpine/Dockerfile
index f06713e..643caa7 100644
--- a/3.0/Dockerfile
+++ b/3.0/alpine/Dockerfile
@@ -1,34 +1,23 @@
-FROM debian:jessie
+FROM alpine:3.3
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r redis && useradd -r -g redis redis
+RUN addgroup -S redis && adduser -S -G redis redis
-RUN apt-get update && apt-get install -y --no-install-recommends \
- ca-certificates \
- wget \
- && rm -rf /var/lib/apt/lists/*
-
-# grab gosu for easy step-down from root
-ENV GOSU_VERSION 1.7
-RUN set -x \
- && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
- && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
- && export GNUPGHOME="$(mktemp -d)" \
- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
- && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
- && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
- && chmod +x /usr/local/bin/gosu \
- && gosu nobody true
+# grab su-exec for easy step-down from root
+RUN apk add --no-cache 'su-exec>=0.2'
ENV REDIS_VERSION 3.0.7
ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-3.0.7.tar.gz
ENV REDIS_DOWNLOAD_SHA1 e56b4b7e033ae8dbf311f9191cf6fdf3ae974d1c
# for redis-sentinel see: http://redis.io/topics/sentinel
-RUN buildDeps='gcc libc6-dev make' \
- && set -x \
- && apt-get update && apt-get install -y $buildDeps --no-install-recommends \
- && rm -rf /var/lib/apt/lists/* \
+RUN set -x \
+ && apk add --no-cache --virtual .build-deps \
+ gcc \
+ linux-headers \
+ make \
+ musl-dev \
+ tar \
&& wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL" \
&& echo "$REDIS_DOWNLOAD_SHA1 *redis.tar.gz" | sha1sum -c - \
&& mkdir -p /usr/src/redis \
@@ -37,7 +26,7 @@ RUN buildDeps='gcc libc6-dev make' \
&& make -C /usr/src/redis \
&& make -C /usr/src/redis install \
&& rm -r /usr/src/redis \
- && apt-get purge -y --auto-remove $buildDeps
+ && apk del .build-deps
RUN mkdir /data && chown redis:redis /data
VOLUME /data diff --git a/3.0/docker-entrypoint.sh b/3.0/alpine/docker-entrypoint.sh
index b1a9084..2462ffd 100755
--- a/3.0/docker-entrypoint.sh
+++ b/3.0/alpine/docker-entrypoint.sh
@@ -4,7 +4,7 @@ set -e
# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
chown -R redis .
- exec gosu redis "$BASH_SOURCE" "$@"
+ exec su-exec redis "$0" "$@"
fi
exec "$@" |
Image size comparison: before ~15.95 MB, after ~13.92 MB |
Just for completeness, just updating the the new So in conclusion: 👍 |
In other words, we're saving roughly 💾 💾 |
@@ -1,4 +1,4 @@ | |||
#!/bin/bash | |||
#!/bin/sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Um, $BASH_SOURCE
won't work in this file now 😉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed! 😵
ENTRYPOINT ["/entrypoint.sh"] | ||
COPY docker-entrypoint.sh /usr/local/bin/ | ||
RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat | ||
ENTRYPOINT ["docker-entrypoint.sh"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about 2.8?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LESIGH, fixed ❤️
LGTM |
- `drupal`: 8.1 GA - `mariadb`: add xtrabackup for Galera (MariaDB/mariadb-docker#47) - `pypy`: 5.1.0 - `python`: empty `~/.cache` (docker-library/python#103) - `redis`: use `su-exec` in Alpine variants (redis/docker-library-redis#54) - `rocket.chat`: 0.27.0
- `drupal`: 8.1 GA - `mariadb`: add xtrabackup for Galera (MariaDB/mariadb-docker#47) - `pypy`: 5.1.0 - `python`: empty `~/.cache` (docker-library/python#103) - `redis`: use `su-exec` in Alpine variants (redis/docker-library-redis#54) - `rocket.chat`: 0.27.0
After ncopa/su-exec@f85e5bd (
su-exec
0.2+),su-exec
now has parity withgosu
(as verified bygosu
's new test suite) such that it's acceptable to use as agosu
replacement in our Alpine-based variant for the size consideration.