1
0
angie-conv-image/Dockerfile.base

285 lines
6.9 KiB
Docker
Raw Permalink Normal View History

2024-09-17 14:11:00 +03:00
# FROM docker.io/debian:bookworm-slim as base-upstream
ARG PYTHONTAG=3.11.10-slim-bookworm
FROM docker.io/python:${PYTHONTAG} AS base-upstream
FROM base-upstream AS base-intermediate
2024-09-17 14:11:00 +03:00
SHELL [ "/bin/sh", "-ec" ]
COPY /Dockerfile.base /usr/local/share/
COPY /scripts/* /usr/local/sbin/
COPY /extra-scripts/* /usr/local/sbin/
## PATH: remove /sbin and /bin (/usr is merged)
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
TMPDIR=/tmp \
LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
TERM=linux \
TZ=Etc/UTC \
MALLOC_ARENA_MAX=2 \
PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1
## local development
# ENV PIP_INDEX="http://127.0.0.1:8081/repository/proxy_pypi/pypi/" \
# PIP_INDEX_URL="http://127.0.0.1:8081/repository/proxy_pypi/simple/" \
# PIP_TRUSTED_HOST="localhost"
COPY /apt/prefs.backports /etc/apt/preferences.d/backports
COPY /apt/sources.debian /etc/apt/sources.list.d/debian.sources
## prevent services from auto-starting, part 1
RUN s='/usr/sbin/policy-rc.d' ; b='/usr/bin/policy-rc.d' ; \
rm -f "$s" "$b" ; \
echo '#!/bin/sh' > "$b" ; \
echo 'exit 101' >> "$b" ; \
chmod 0755 "$b" ; \
ln -s "$b" "$s"
RUN divert_true() { divert-rm.sh "$1" ; ln -sv /bin/true "$1" ; } ; \
## prevent services from auto-starting, part 2
divert_true /sbin/start-stop-daemon ; \
## always report that we're in chroot
divert_true /usr/bin/ischroot ; \
## hide systemd helpers
divert_true /usr/bin/deb-systemd-helper ; \
divert_true /usr/bin/deb-systemd-invoke
RUN apt-env.sh apt-get update ; \
apt-remove.sh \
ca-certificates \
e2fsprogs \
; \
2024-09-17 14:11:00 +03:00
apt-env.sh apt-get upgrade -y ; \
apt-install.sh \
cron \
jdupes \
logrotate \
netbase \
openssl \
procps \
; \
2024-09-17 14:11:00 +03:00
apt-clean.sh
## perl-base: hardlink->symlink
RUN d=/usr/bin ; \
find "$d/" -wholename "$d/perl5*" -exec ln -fsv perl {} ';' ; \
ls -li "$d/perl"*
## remove unwanted binaries
RUN set -f ; \
for i in \
addgroup \
addpart \
adduser \
apt-ftparchive \
agetty \
badblocks \
blkdiscard \
blkid \
blkzone \
blockdev \
bsd-write \
chage \
chcpu \
chfn \
chgpasswd \
chmem \
chpasswd \
chsh \
cpgr \
cppw \
crontab \
2024-09-17 14:11:00 +03:00
ctrlaltdel \
debugfs \
delgroup \
delpart \
deluser \
dmesg \
dumpe2fs \
e2freefrag \
e2fsck \
e2image \
e2label \
e2mmpstatus \
e2scrub \
'e2scrub*' \
e2undo \
e4crypt \
e4defrag \
expiry \
faillock \
fdformat \
fincore \
findfs \
fsck \
'fsck.*' \
fsfreeze \
fstrim \
getty \
gpasswd \
groupadd \
groupdel \
groupmems \
groupmod \
grpck \
grpconv \
grpunconv \
hwclock \
isosize \
last \
lastb \
ldattach \
losetup \
lsblk \
lsirq \
lslogins \
mcookie \
mesg \
mke2fs \
mkfs \
'mkfs.*' \
mkhomedir_helper \
mklost+found \
mkswap \
mount \
newgrp \
newusers \
pam-auth-update \
pam_getenv \
pam_namespace_helper \
pam_timestamp_check \
partx \
passwd \
pivot_root \
pwck \
pwconv \
pwhistory_helper \
pwunconv \
raw \
readprofile \
resize2fs \
resizepart \
rtcwake \
sg \
shadowconfig \
su \
sulogin \
swaplabel \
swapoff \
swapon \
switch_root \
tune2fs \
umount \
unix_chkpwd \
unix_update \
update-passwd \
useradd \
userdel \
usermod \
utmpdump \
vigr \
vipw \
wall \
wdctl \
wipefs \
write \
'write.*' \
zramctl \
; do \
for d in /usr/sbin /usr/bin /sbin /bin ; do \
find "$d/" ! -type d -wholename "$d/$i" \
| while read -r p ; do \
[ -n "$p" ] || continue ; \
[ -e "$p" ] || continue ; \
dpkg -S "$p" >/dev/null 2>&1 || continue ; \
divert-rm.sh "$p" ; \
done ; \
done ; \
for d in /usr/sbin /usr/bin /sbin /bin ; do \
find "$d/" ! -type d -wholename "$d/$i" \
| while read -r p ; do \
[ -n "$p" ] || continue ; \
[ -e "$p" ] || continue ; \
rm -fv "$p" ; \
done ; \
done ; \
done
## "docker.io/python"-specific cleanup
RUN rm -f /root/.wget-hsts
RUN pip-env.sh pip list --format freeze \
| grep -F '==' | awk -F= '{print $1}' \
| xargs -r pip-env.sh pip install -U ; \
python-rm-cache.sh "${PYTHON_SITE_PACKAGES}"
RUN libpython="${PYTHON_SITE_PACKAGES%/*}" ; \
rm -rfv \
/usr/local/bin/idle* \
/usr/local/bin/pydoc* \
2024-09-17 14:11:00 +03:00
"${libpython}/ensurepip/_bundled" \
"${libpython}/idlelib" \
"${libpython}/pydoc.py" \
"${libpython}/pydoc_data" \
2024-09-17 14:11:00 +03:00
"${libpython}/tkinter" \
"${libpython}/turtle.py" \
"${libpython}/turtledemo" \
; \
rm -rfv \
"${PYTHON_SITE_PACKAGES}/pkg_resources/tests" \
"${PYTHON_SITE_PACKAGES}/setuptools/tests" \
"${PYTHON_SITE_PACKAGES}/setuptools/_distutils/tests" \
"${PYTHON_SITE_PACKAGES}/setuptools/_vendor/importlib_resources/tests" \
; \
find "${PYTHON_SITE_PACKAGES}/" -iname '*.exe' -ls -delete ; \
2024-09-17 14:11:00 +03:00
python-rm-cache.sh /usr/local
## adjust pip/certifi
RUN certifi_pem="${PYTHON_SITE_PACKAGES}/pip/_vendor/certifi/cacert.pem" ; \
rm -f "${certifi_pem}" ; \
ln -s /etc/ssl/certs/ca-certificates.crt "${certifi_pem}"
2024-09-17 14:11:00 +03:00
RUN find /usr/local/sbin/ ! -type d -ls -delete ; \
find /run/ -mindepth 1 -ls -delete || : ; \
install -d -m 01777 /run/lock ; \
jdupes -1LSpr /usr/
2024-09-17 14:11:00 +03:00
## ---
FROM base-intermediate AS certs
SHELL [ "/bin/sh", "-ec" ]
COPY /scripts/* /usr/local/sbin/
COPY /extra-scripts/* /usr/local/sbin/
## "2024.08.30"
ENV CERTIFI_COMMIT=325c2fde4f8eec10d682b09f3b0414dc05e69a81
# 'https://raw.githubusercontent.com/certifi/python-certifi'
ARG CERTIFI_BASE_URI='https://github.com/certifi/python-certifi/raw'
ARG CERTIFI_URI="${CERTIFI_BASE_URI}/${CERTIFI_COMMIT}/certifi/cacert.pem"
ADD "${CERTIFI_URI}" /tmp/certifi.crt
RUN apt-install.sh ca-certificates ; \
apt-clean.sh ; \
ca_file='/etc/ssl/certs/ca-certificates.crt' ; \
ls -l "${ca_file}" ; \
## process certifi
certifi-extras.sh /tmp/certifi.crt ; \
openssl-cert-auto-pem.sh "${ca_file}" "${ca_file}.new" "${ca_file}.fp" ; \
mv -f "${ca_file}.new" "${ca_file}" ; \
chmod 0444 "${ca_file}" "${ca_file}.fp" ; \
ls -l "${ca_file}" "${ca_file}.fp"
## ---
FROM base-intermediate AS base
COPY --from=certs /etc/ssl/certs/ca-certificates.* /etc/ssl/certs/
2024-09-17 14:11:00 +03:00
ENTRYPOINT [ ]
CMD [ "bash" ]