From 72cbde7f8fde7c4e8e557e00ac17c16cc8b9c5aa Mon Sep 17 00:00:00 2001 From: maquis196 Date: Mon, 13 Jul 2020 21:33:35 +0100 Subject: [PATCH 1/3] Switch to Debian:Slim from Alpine for the docker image --- docker/Dockerfile | 57 +++++++++++++++++++---------------------------- docker/start.py | 12 +++++----- 2 files changed, 29 insertions(+), 40 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 093e89af6c56..8b3a4246a5fe 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -16,35 +16,31 @@ ARG PYTHON_VERSION=3.7 ### ### Stage 0: builder ### -FROM docker.io/python:${PYTHON_VERSION}-alpine3.11 as builder +FROM docker.io/python:${PYTHON_VERSION}-slim as builder # install the OS build deps -RUN apk add \ - build-base \ - libffi-dev \ - libjpeg-turbo-dev \ - libwebp-dev \ - libressl-dev \ - libxslt-dev \ - linux-headers \ - postgresql-dev \ - zlib-dev -# build things which have slow build steps, before we copy synapse, so that -# the layer can be cached. -# -# (we really just care about caching a wheel here, as the "pip install" below -# will install them again.) +RUN apt-get update && apt-get install -y \ + build-essential \ + libpq-dev \ + && rm -rf /var/lib/apt/lists/* +# Build dependencies that are not available as wheels, to speed up rebuilds RUN pip install --prefix="/install" --no-warn-script-location \ - cryptography \ - msgpack-python \ - pillow \ - pynacl + frozendict \ + jaeger-client \ + opentracing \ + prometheus-client \ + psycopg2 \ + pycparser \ + pyrsistent \ + pyyaml \ + simplejson \ + threadloop \ + thrift # now install synapse and all of the python deps to /install. - COPY synapse /synapse/synapse/ COPY scripts /synapse/scripts/ COPY MANIFEST.in README.rst setup.py synctl /synapse/ @@ -56,20 +52,13 @@ RUN pip install --prefix="/install" --no-warn-script-location \ ### Stage 1: runtime ### -FROM docker.io/python:${PYTHON_VERSION}-alpine3.11 +FROM docker.io/python:${PYTHON_VERSION}-slim -# xmlsec is required for saml support -RUN apk add --no-cache --virtual .runtime_deps \ - libffi \ - libjpeg-turbo \ - libwebp \ - libressl \ - libxslt \ - libpq \ - zlib \ - su-exec \ - tzdata \ - xmlsec +RUN apt-get update && apt-get install -y \ + libpq5 \ + xmlsec1 \ + gosu \ + && rm -rf /var/lib/apt/lists/* COPY --from=builder /install /usr/local COPY ./docker/start.py /start.py diff --git a/docker/start.py b/docker/start.py index 2a25c9380e34..9f081341581b 100755 --- a/docker/start.py +++ b/docker/start.py @@ -120,7 +120,7 @@ def generate_config_from_template(config_dir, config_path, environ, ownership): if ownership is not None: subprocess.check_output(["chown", "-R", ownership, "/data"]) - args = ["su-exec", ownership] + args + args = ["gosu", ownership] + args subprocess.check_output(args) @@ -172,8 +172,8 @@ def run_generate_config(environ, ownership): # make sure that synapse has perms to write to the data dir. subprocess.check_output(["chown", ownership, data_dir]) - args = ["su-exec", ownership] + args - os.execv("/sbin/su-exec", args) + args = ["gosu", ownership] + args + os.execv("/usr/sbin/gosu", args) else: os.execv("/usr/local/bin/python", args) @@ -189,7 +189,7 @@ def main(args, environ): ownership = "{}:{}".format(desired_uid, desired_gid) if ownership is None: - log("Will not perform chmod/su-exec as UserID already matches request") + log("Will not perform chmod/gosu as UserID already matches request") # In generate mode, generate a configuration and missing keys, then exit if mode == "generate": @@ -236,8 +236,8 @@ def main(args, environ): args = ["python", "-m", synapse_worker, "--config-path", config_path] if ownership is not None: - args = ["su-exec", ownership] + args - os.execv("/sbin/su-exec", args) + args = ["gosu", ownership] + args + os.execv("/usr/sbin/gosu", args) else: os.execv("/usr/local/bin/python", args) From c81d9fa1f844add0cbe3559d3d66cfd92051b97f Mon Sep 17 00:00:00 2001 From: maquis196 Date: Mon, 13 Jul 2020 21:51:06 +0100 Subject: [PATCH 2/3] added changelog entry for #7839 Signed-off-by: Christopher May-Townsend --- changelog.d/7839.docker | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelog.d/7839.docker diff --git a/changelog.d/7839.docker b/changelog.d/7839.docker new file mode 100644 index 000000000000..25003749775a --- /dev/null +++ b/changelog.d/7839.docker @@ -0,0 +1,2 @@ +Update base image to be Debian Buster-based rather than Alpine Linux based. + From cb7ce54a96df1b1aec6aa6e284b313e755be0f3d Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Fri, 17 Jul 2020 17:40:25 +0100 Subject: [PATCH 3/3] Update changelog.d/7839.docker --- changelog.d/7839.docker | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/changelog.d/7839.docker b/changelog.d/7839.docker index 25003749775a..cdf3c9631c27 100644 --- a/changelog.d/7839.docker +++ b/changelog.d/7839.docker @@ -1,2 +1 @@ -Update base image to be Debian Buster-based rather than Alpine Linux based. - +Base docker image on Debian Buster rather than Alpine Linux. Contributed by @maquis196.