There were some discussions in #2420 whether the zypper install
commend worked as intended. While there's liitle doubt that those
packages weren't installed this PR makes really sure that this is the case.
Also it does an update via ``zypper up`` as the image provided from
dockerhub seemed to be somewhat behind.
These have been available via opt-in prior to v23 of Docker Engine with `DOCKER_BUILDKIT=1` ENV as a prefix to running `docker build`, however it's been requested to avoid the syntax.
No HereDoc (multi-line RUN with EOF marker) or `RUN --mount` available. This makes the `busybox` approach a hassle, so I've brought back the explicit creation of user and home dir.
Without the cache mounts, bring back `zypper clean`. It's not doing much as the `--cache-dir` is still set, but should reduce disk space for the `builder` layer. Local builds will be slower as a result when this layer is invalidated.
AFAIK, this also makes it tricky to use the `ZYPPER_OPTIONS`? So no longer DRY.
- Removing bulk of the noise from inline documentation.
- Packages bundled into single line like previous the Alpine version had.
- `CACHE_ZYPPER` is only used as an `ARG` in the `builder` stage.
- `zypper clean` wasn't able to clear anything from the install root, other than the `CACHE_ZYPPER` mount.
The additions from `adduser` reading `/etc` does not appear to apply if the directory already exists, and permissions (including SGID) are adjusted properly for the home dir.
This mean the excess backup copies in `/etc` are introduced again however.
BusyBox `adduser` was reading config from `/etc` that unnecessarily populates the home folder with various dot files.
Alternative approach is to create the user and home folder manually. This avoids some extra files like the `-` suffixed backup copies from `adduser`.
Create `testssl` user (_and group_) with no password (`-D`) and default their shell to bash (`-s`):
- A group will implicitly be created with the same value as the user. `addgroup testssl` and `-G testssl` are not needed.
- Gecos data (`-g "testssl user"`) doesn't appear relevant to the project to be required? The default gecos value (`Linux User,,,`) should be fine.
xxd is not a strict requirement and a fallback logic exists to handle its absence. However it is in general more performant and helpful in debugging as well which is desirable in many situations like ci/cd pipelines. See commit 3756cdc for details
This is a small cleanup of find_openssl_binary(). It tries also
to find a newer openssl version which we could need for any
new features. As stated in the comment at some point we should
decide whether we stick with our old version or rather supply
a new one. (xmpp-server is also not builtin for our 1.0.2) or
maybe find a good way (code) how to use both.
Also it looks for socat and if found it populates the according
global var.
It does a minor resort of global vars in the beginning.
.. see also #1559.
It "mkdirs" the needed etc and bin directories first, then copies
stuff over. It also reduces a few layers.
Also it corrects a mistake in the Readme.md (docker exec --> run)
Thanks for the discussion @Alex131089
Dirk Wetter
Brennan Kinney
a1346054
vin01
Vitalii Tverdokhlib
Christian Dresen