228 lines
5.1 KiB
Docker
228 lines
5.1 KiB
Docker
|
# FROM docker.io/debian:bookworm-slim as base-upstream
|
||
|
ARG PYTHONTAG=3.11.9-slim-bookworm
|
||
|
FROM docker.io/python:${PYTHONTAG} as base-upstream
|
||
|
|
||
|
FROM base-upstream as base
|
||
|
SHELL [ "/bin/sh", "-ec" ]
|
||
|
|
||
|
COPY /Dockerfile.base /usr/local/share/
|
||
|
|
||
|
COPY /scripts/* /usr/local/sbin/
|
||
|
COPY /extra-scripts/* /usr/local/sbin/
|
||
|
|
||
|
## PATH: remove /sbin and /bin (/usr is merged)
|
||
|
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
|
||
|
TMPDIR=/tmp \
|
||
|
LANG=C.UTF-8 \
|
||
|
LC_ALL=C.UTF-8 \
|
||
|
TERM=linux \
|
||
|
TZ=Etc/UTC \
|
||
|
MALLOC_ARENA_MAX=2 \
|
||
|
PYTHONUNBUFFERED=1 \
|
||
|
PYTHONDONTWRITEBYTECODE=1
|
||
|
|
||
|
## local development
|
||
|
# ENV PIP_INDEX="http://127.0.0.1:8081/repository/proxy_pypi/pypi/" \
|
||
|
# PIP_INDEX_URL="http://127.0.0.1:8081/repository/proxy_pypi/simple/" \
|
||
|
# PIP_TRUSTED_HOST="localhost"
|
||
|
|
||
|
COPY /apt/prefs.backports /etc/apt/preferences.d/backports
|
||
|
COPY /apt/sources.debian /etc/apt/sources.list.d/debian.sources
|
||
|
|
||
|
## prevent services from auto-starting, part 1
|
||
|
RUN s='/usr/sbin/policy-rc.d' ; b='/usr/bin/policy-rc.d' ; \
|
||
|
rm -f "$s" "$b" ; \
|
||
|
echo '#!/bin/sh' > "$b" ; \
|
||
|
echo 'exit 101' >> "$b" ; \
|
||
|
chmod 0755 "$b" ; \
|
||
|
ln -s "$b" "$s"
|
||
|
|
||
|
RUN divert_true() { divert-rm.sh "$1" ; ln -sv /bin/true "$1" ; } ; \
|
||
|
## prevent services from auto-starting, part 2
|
||
|
divert_true /sbin/start-stop-daemon ; \
|
||
|
## always report that we're in chroot
|
||
|
divert_true /usr/bin/ischroot ; \
|
||
|
## hide systemd helpers
|
||
|
divert_true /usr/bin/deb-systemd-helper ; \
|
||
|
divert_true /usr/bin/deb-systemd-invoke
|
||
|
|
||
|
RUN apt-env.sh apt-get update ; \
|
||
|
apt-env.sh apt-get upgrade -y ; \
|
||
|
apt-clean.sh
|
||
|
|
||
|
## perl-base: hardlink->symlink
|
||
|
RUN d=/usr/bin ; \
|
||
|
find $d/ -wholename "$d/perl5*" -exec ln -fsv perl {} ';' ; \
|
||
|
ls -li $d/perl*
|
||
|
|
||
|
## remove unwanted binaries
|
||
|
RUN set -f ; \
|
||
|
for i in \
|
||
|
addgroup \
|
||
|
addpart \
|
||
|
adduser \
|
||
|
apt-ftparchive \
|
||
|
agetty \
|
||
|
badblocks \
|
||
|
blkdiscard \
|
||
|
blkid \
|
||
|
blkzone \
|
||
|
blockdev \
|
||
|
bsd-write \
|
||
|
chage \
|
||
|
chcpu \
|
||
|
chfn \
|
||
|
chgpasswd \
|
||
|
chmem \
|
||
|
chpasswd \
|
||
|
chsh \
|
||
|
cpgr \
|
||
|
cppw \
|
||
|
ctrlaltdel \
|
||
|
debugfs \
|
||
|
delgroup \
|
||
|
delpart \
|
||
|
deluser \
|
||
|
dmesg \
|
||
|
dumpe2fs \
|
||
|
e2freefrag \
|
||
|
e2fsck \
|
||
|
e2image \
|
||
|
e2label \
|
||
|
e2mmpstatus \
|
||
|
e2scrub \
|
||
|
'e2scrub*' \
|
||
|
e2undo \
|
||
|
e4crypt \
|
||
|
e4defrag \
|
||
|
expiry \
|
||
|
faillock \
|
||
|
fdformat \
|
||
|
fincore \
|
||
|
findfs \
|
||
|
fsck \
|
||
|
'fsck.*' \
|
||
|
fsfreeze \
|
||
|
fstrim \
|
||
|
getty \
|
||
|
gpasswd \
|
||
|
groupadd \
|
||
|
groupdel \
|
||
|
groupmems \
|
||
|
groupmod \
|
||
|
grpck \
|
||
|
grpconv \
|
||
|
grpunconv \
|
||
|
hwclock \
|
||
|
isosize \
|
||
|
last \
|
||
|
lastb \
|
||
|
ldattach \
|
||
|
losetup \
|
||
|
lsblk \
|
||
|
lsirq \
|
||
|
lslogins \
|
||
|
mcookie \
|
||
|
mesg \
|
||
|
mke2fs \
|
||
|
mkfs \
|
||
|
'mkfs.*' \
|
||
|
mkhomedir_helper \
|
||
|
mklost+found \
|
||
|
mkswap \
|
||
|
mount \
|
||
|
newgrp \
|
||
|
newusers \
|
||
|
pam-auth-update \
|
||
|
pam_getenv \
|
||
|
pam_namespace_helper \
|
||
|
pam_timestamp_check \
|
||
|
partx \
|
||
|
passwd \
|
||
|
pivot_root \
|
||
|
pwck \
|
||
|
pwconv \
|
||
|
pwhistory_helper \
|
||
|
pwunconv \
|
||
|
raw \
|
||
|
readprofile \
|
||
|
resize2fs \
|
||
|
resizepart \
|
||
|
rtcwake \
|
||
|
sg \
|
||
|
shadowconfig \
|
||
|
su \
|
||
|
sulogin \
|
||
|
swaplabel \
|
||
|
swapoff \
|
||
|
swapon \
|
||
|
switch_root \
|
||
|
tune2fs \
|
||
|
umount \
|
||
|
unix_chkpwd \
|
||
|
unix_update \
|
||
|
update-passwd \
|
||
|
useradd \
|
||
|
userdel \
|
||
|
usermod \
|
||
|
utmpdump \
|
||
|
vigr \
|
||
|
vipw \
|
||
|
wall \
|
||
|
wdctl \
|
||
|
wipefs \
|
||
|
write \
|
||
|
'write.*' \
|
||
|
zramctl \
|
||
|
; do \
|
||
|
for d in /usr/sbin /usr/bin /sbin /bin ; do \
|
||
|
find "$d/" ! -type d -wholename "$d/$i" \
|
||
|
| while read -r p ; do \
|
||
|
[ -n "$p" ] || continue ; \
|
||
|
[ -e "$p" ] || continue ; \
|
||
|
dpkg -S "$p" >/dev/null 2>&1 || continue ; \
|
||
|
divert-rm.sh "$p" ; \
|
||
|
done ; \
|
||
|
done ; \
|
||
|
for d in /usr/sbin /usr/bin /sbin /bin ; do \
|
||
|
find "$d/" ! -type d -wholename "$d/$i" \
|
||
|
| while read -r p ; do \
|
||
|
[ -n "$p" ] || continue ; \
|
||
|
[ -e "$p" ] || continue ; \
|
||
|
rm -fv "$p" ; \
|
||
|
done ; \
|
||
|
done ; \
|
||
|
done
|
||
|
|
||
|
RUN apt-remove.sh \
|
||
|
ca-certificates \
|
||
|
e2fsprogs \
|
||
|
; \
|
||
|
apt-clean.sh
|
||
|
|
||
|
## "docker.io/python"-specific cleanup
|
||
|
RUN rm -f /root/.wget-hsts
|
||
|
|
||
|
RUN pip-env.sh pip list --format freeze \
|
||
|
| grep -F '==' | awk -F= '{print $1}' \
|
||
|
| xargs -r pip-env.sh pip install -U ; \
|
||
|
python-rm-cache.sh "${PYTHON_SITE_PACKAGES}"
|
||
|
|
||
|
RUN libpython="${PYTHON_SITE_PACKAGES%/*}" ; \
|
||
|
rm -rfv \
|
||
|
/usr/local/bin/idle* \
|
||
|
"${libpython}/ensurepip/_bundled" \
|
||
|
"${libpython}/idlelib" \
|
||
|
"${libpython}/tkinter" \
|
||
|
"${libpython}/turtle.py" \
|
||
|
"${libpython}/turtledemo" \
|
||
|
; \
|
||
|
python-rm-cache.sh /usr/local
|
||
|
|
||
|
RUN find /usr/local/sbin/ ! -type d -ls -delete ; \
|
||
|
find /run/ -mindepth 1 -ls -delete || : ; \
|
||
|
install -d -m 01777 /run/lock
|
||
|
|
||
|
ENTRYPOINT [ ]
|
||
|
CMD [ "bash" ]
|