major upgrade

except citus - no packages for Debian 13 yet
2025-08-15 17:02:15 +03:00
parent af04718692
commit c8b15861d9
14 changed files with 48 additions and 68 deletions
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -1,11 +1,9 @@
-ARG PYTHONTAG=3.12.10-slim-bookworm
+ARG PYTHONTAG=3.12.11-slim-trixie
 FROM docker.io/python:${PYTHONTAG} AS base-upstream

 FROM base-upstream AS base-intermediate
 SHELL [ "/bin/sh", "-ec" ]

-COPY /Dockerfile.base  /usr/local/share/
-
 COPY /scripts/*        /usr/local/sbin/
 COPY /extra-scripts/*  /usr/local/sbin/

@@ -20,8 +18,7 @@ ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
    PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1

-COPY /apt/preferences.backports  /etc/apt/preferences.d/backports
-COPY /apt/sources.debian         /etc/apt/sources.list.d/debian.sources
+COPY /apt/sources.debian  /etc/apt/sources.list.d/debian.sources

 ## prevent services from auto-starting, part 1
 RUN s='/usr/sbin/policy-rc.d' ; b='/usr/bin/policy-rc.d' ; \
@@ -60,7 +57,6 @@ RUN apt-env.sh apt-get update ; \
      jq \
      less \
      libcap2-bin \
-      libjemalloc2 \
      libnss-wrapper \
      logrotate \
      lsof \
@@ -70,13 +66,16 @@ RUN apt-env.sh apt-get update ; \
      openssl \
      procps \
      psmisc \
+      systemd-standalone-sysusers \
      tzdata \
      vim \
      xxd \
      xz-utils \
      zstd \
    ; \
-    apt-clean.sh
+    apt-clean.sh ; \
+    ## remove broken symlinks
+    find /etc/ -xdev -follow -type l -ls -delete

 ## perl-base: hardlink->symlink
 RUN set +e ; \
@@ -228,12 +227,8 @@ RUN set -f ; \
            rm -fv "$p" ; \
        done ; \
    done ; \
-    ## fixup
-    rm -f \
-      /bin/lastb \
-      /bin/sg \
-      /sbin/getty \
-    ; :
+    ## remove broken symlinks
+    find /bin/ /sbin/ -xdev -follow -type l -ls -delete

 ## remove excessive privileges from binaries: setuid/setgid
 RUN find / -xdev -type f -perm /7000 \
@@ -279,14 +274,14 @@ SHELL [ "/bin/sh", "-ec" ]
 COPY /scripts/*        /usr/local/sbin/
 COPY /extra-scripts/*  /usr/local/sbin/

-## "2025.01.31"
-ENV CERTIFI_COMMIT=088f93122ea7c91cfdaeea7fa76ab2f850b8064d
+## "2025.08.03"
+ENV CERTIFI_COMMIT=a97d9ad8f87c382378dddc0b0b33b9770932404e

 # 'https://raw.githubusercontent.com/certifi/python-certifi'
 ARG CERTIFI_BASE_URI='https://github.com/certifi/python-certifi/raw'

 ARG CERTIFI_URI="${CERTIFI_BASE_URI}/${CERTIFI_COMMIT}/certifi/cacert.pem"
-ADD "${CERTIFI_URI}" /tmp/certifi.crt
+ADD "${CERTIFI_URI}"  /tmp/certifi.crt

 RUN apt-install.sh ca-certificates ; \
    apt-clean.sh ; \
@@ -320,7 +315,8 @@ RUN pkg='gnupg' ; \
    apt-remove.sh ${pkg}

 COPY /apt/sources.pgdg   /etc/apt/sources.list.d/pgdg.sources
-COPY /apt/sources.citus  /etc/apt/sources.list.d/citus.sources
+## TODO: disabled until citus packages are ready for Debian 13
+# COPY /apt/sources.citus  /etc/apt/sources.list.d/citus.sources

 ## verify sources!
 RUN apt-env.sh apt-get update ; \
@@ -329,6 +325,9 @@ RUN apt-env.sh apt-get update ; \
 ## ---

 FROM base-intermediate AS base
+SHELL [ "/bin/sh", "-ec" ]
+
+COPY /Dockerfile.base  /usr/local/share/

 COPY --from=certs    /etc/ssl/certs/ca-certificates.*  /etc/ssl/certs/
 COPY --from=apt-gpg  /etc/apt/keyrings/                /etc/apt/keyrings/
@@ -365,7 +364,6 @@ RUN apt-clean.sh
 RUN find /usr/local/sbin/ ! -type d -ls -delete ; \
    find /run/ -mindepth 1 -ls -delete || : ; \
    install -d -m 01777 /run/lock ; \
-    jdupes -1LSpr /usr/local/ ; \
    jdupes -1LSpr /usr/

 ENTRYPOINT [ ]