nyyu/distroless
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
distroless/Dockerfile_base
nyyu f84c93e78f feat: add ca-certificates
2025-03-31 08:55:13 +02:00

58 lines
2.3 KiB
Text
Raw Permalink Blame History

# Stage 1: Build the base system
FROM busybox:1.37.0 AS builder
# Set working directory
WORKDIR /build
# Define build arguments
ARG BASE_FILES_VERSION=13.7
ARG CACERTIFICATES_VERSION=20241223
ARG LIBGCC_VERSION=14.2.0-19
ARG GLIBC_VERSION=2.41-6
ARG TZDATA_VERSION=2025b-1
# Download required Debian packages
RUN wget -q \
https://ftp.debian.org/debian/pool/main/b/base-files/base-files_${BASE_FILES_VERSION}_amd64.deb \
https://ftp.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_${CACERTIFICATES_VERSION}_all.deb \
https://ftp.debian.org/debian/pool/main/g/gcc-14/libgcc-s1_${LIBGCC_VERSION}_amd64.deb \
https://ftp.debian.org/debian/pool/main/g/glibc/libc6_${GLIBC_VERSION}_amd64.deb \
https://ftp.debian.org/debian/pool/main/g/glibc/libc-bin_${GLIBC_VERSION}_amd64.deb \
https://ftp.debian.org/debian/pool/main/t/tzdata/tzdata_${TZDATA_VERSION}_all.deb
# Extract and clean up the downloaded packages
RUN mkdir -p var/lib/dpkg && \
for deb in *.deb; do \
echo "Processing $deb" && \
ar x $deb control.tar.xz data.tar.xz && \
tar xf data.tar.xz && tar xf control.tar.xz ./control && \
(cat control; echo) >> var/lib/dpkg/status && \
rm -f $deb control.tar.xz data.tar.xz control; \
done && \
# Generate certificates file and links
find usr/share/ca-certificates -type f -name '*.crt' -exec sh -c 'ln -sf /$1 etc/ssl/certs/$(basename $1) && cat "$1" >> etc/ssl/certs/ca-certificates' sh {} \; && \
# Create a non-root user directory
mkdir -p /home/nonroot && \
chown 65532:65532 /home/nonroot && \
# Copy nsswitch.conf for proper name resolution
cp usr/share/libc-bin/nsswitch.conf etc/nsswitch.conf && \
# Remove unnecessary files to reduce image size
rm -rf usr/bin usr/sbin usr/share/base-files usr/share/common-licenses usr/share/doc \
usr/share/libc-bin usr/share/lintian usr/share/man usr/lib/x86_64-linux-gnu/gconv && \
find usr/share/zoneinfo ! -name "Paris" ! -name "UTC" ! -name "New_York" -delete
# Stage 2: Temporary scratch image
FROM scratch AS tmp
# Copy root directory and extracted files from the builder stage
COPY rootdir/ /
COPY --from=builder /build/ /
# Stage 3: Final minimal image
FROM scratch
# Set environment variables
ENV LANG=C.utf8
# Copy everything from the temporary stage
COPY --from=tmp / /
Reference in a new issue View git blame Copy permalink