From dffdbbc6d5304073308b956927b4842f57a42fd4 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 11 Aug 2021 18:45:56 +0000 Subject: [PATCH 01/12] no gcc --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7f0cc00..7f07e8b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,8 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/py-enable # Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ +#RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip " && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From f27827957ae7a90361ec332365b86167aaf4fa9e Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 11 Aug 2021 21:11:53 +0000 Subject: [PATCH 02/12] yum update first --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7f07e8b..e8a76a9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,6 +30,9 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/generate-container-user && \ chmod a+x /usr/bin/py-enable +# yum Updates +RUN yum update -y + # Install packages #RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip " && \ @@ -39,9 +42,6 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-de rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" -# yum Updates -RUN yum update -y -RUN yum update systemd-239-45.el8_4.2 # - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages # preinstalled in the main Python installation. -- GitLab From f5b79931ec4a2b856294b19640a4770f3453705a Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 11 Aug 2021 23:13:48 +0000 Subject: [PATCH 03/12] with gcc --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e8a76a9..3c5753d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,8 +34,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ RUN yum update -y # Install packages -#RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip " && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From 23bd743ac07267e2fed5b0691844a7fa93dbd7f2 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Fri, 13 Aug 2021 22:36:43 +0000 Subject: [PATCH 04/12] gcc using dnf install --- Dockerfile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3c5753d..eac91a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ RUN yum update -y # Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ @@ -42,6 +42,13 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-de yum -y clean all --enablerepo="*" +RUN dnf upgrade -y --nodocs && \ + dnf install -y --nodocs \ + gcc \ + dnf clean all && \ + rm -rf /var/cache/dnf + + # - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages # preinstalled in the main Python installation. RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable -- GitLab From 80cdaa6695b7678194535e88b414844f9aafac87 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Fri, 13 Aug 2021 22:44:37 +0000 Subject: [PATCH 05/12] Update Dockerfile --- Dockerfile | 73 ++++++++---------------------------------------------- 1 file changed, 11 insertions(+), 62 deletions(-) diff --git a/Dockerfile b/Dockerfile index eac91a4..4fb7907 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,74 +1,23 @@ ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=redhat/ubi/ubi8 +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=8.4 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - -# Set necessary environment variables for python and python development environment -ARG APP_ROOT=/opt/app-root -ENV PYTHON_VERSION=3.8 \ - APP_ROOT=$APP_ROOT \ - USER_NAME=hero \ - HOME=${APP_ROOT} \ - PATH=$HOME/.local/bin/:$APP_ROOT/.local/bin:/opt/app-root/src/bin:/opt/app-root/bin:$PATH: \ - EDITOR=/usr/bin/vim \ - PS1="AAP \W\$ " \ - PYTHONUNBUFFERED=1 \ - PYTHONIOENCODING=UTF-8 \ - PIP_NO_CACHE_DIR=off \ - LANG="en_US.UTF-8" - -# - Enable the virtual python environment and default interactive and non-interactive -# shell environment upon container startup -ENV PROMPT_COMMAND="" - -# Copy extra files to the image. -COPY ./scripts /usr/bin -RUN chmod a+x /usr/bin/container-entrypoint && \ - chmod a+x /usr/bin/fix-permissions && \ - chmod a+x /usr/bin/rpm-file-permissions && \ - chmod a+x /usr/bin/generate-container-user && \ - chmod a+x /usr/bin/py-enable - -# yum Updates -RUN yum update -y - -# Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip" && \ - yum -y update-minimal --setopt=tsflags=nodocs --security && \ - yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ - yum -y remove vim-minimal && \ - rpm -V $INSTALL_PKGS && \ - yum -y clean all --enablerepo="*" - +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as build RUN dnf upgrade -y --nodocs && \ dnf install -y --nodocs \ + bzip2-devel \ + expat-devel \ gcc \ + libffi-devel \ + libuuid-devel \ + make \ + openssl-devel \ + sqlite-devel \ + xz-devel && \ dnf clean all && \ rm -rf /var/cache/dnf - -# - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages -# preinstalled in the main Python installation. -RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable - -# Set up container user and adjust permissions to run in OpenShift environment -WORKDIR ${HOME} -RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ - -c "Default Application User" default && \ - fix-permissions ${APP_ROOT} -P && \ - fix-permissions ${HOME} -P && \ - rpm-file-permissions - -# Remove sticky bit -RUN chmod g-s /usr/libexec/openssh/ssh-keysign - -# set user to ensure image not running as root USER 1001 -ENTRYPOINT ["/usr/bin/container-entrypoint"] - -HEALTHCHECK CMD python --version - - +HEALTHCHECK NONE -- GitLab From 598ba91b54d2c0467054eeefad06430547f945e7 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Fri, 13 Aug 2021 23:55:27 +0000 Subject: [PATCH 06/12] added everything from aap + dnf install gcc --- Dockerfile | 65 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 52 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4fb7907..32e32e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,20 +4,59 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as build -RUN dnf upgrade -y --nodocs && \ - dnf install -y --nodocs \ - bzip2-devel \ - expat-devel \ - gcc \ - libffi-devel \ - libuuid-devel \ - make \ - openssl-devel \ - sqlite-devel \ - xz-devel && \ - dnf clean all && \ - rm -rf /var/cache/dnf +# Set necessary environment variables for python and python development environment +ARG APP_ROOT=/opt/app-root +ENV PYTHON_VERSION=3.8 \ + APP_ROOT=$APP_ROOT \ + USER_NAME=hero \ + HOME=${APP_ROOT} \ + PATH=$HOME/.local/bin/:$APP_ROOT/.local/bin:/opt/app-root/src/bin:/opt/app-root/bin:$PATH: \ + EDITOR=/usr/bin/vim \ + PS1="AAP \W\$ " \ + PYTHONUNBUFFERED=1 \ + PYTHONIOENCODING=UTF-8 \ + PIP_NO_CACHE_DIR=off \ + LANG="en_US.UTF-8" +# - Enable the virtual python environment and default interactive and non-interactive +# shell environment upon container startup +ENV PROMPT_COMMAND="" + +# Copy extra files to the image. +COPY ./scripts /usr/bin +RUN chmod a+x /usr/bin/container-entrypoint && \ + chmod a+x /usr/bin/fix-permissions && \ + chmod a+x /usr/bin/rpm-file-permissions && \ + chmod a+x /usr/bin/generate-container-user && \ + chmod a+x /usr/bin/py-enable + +# yum Updates +RUN yum update -y + +# Install packages +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip" && \ + yum -y update-minimal --setopt=tsflags=nodocs --security && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + yum -y remove vim-minimal && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo="*" + +# - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages +# preinstalled in the main Python installation. +RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable + +# Set up container user and adjust permissions to run in OpenShift environment +WORKDIR ${HOME} +RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ + -c "Default Application User" default && \ + fix-permissions ${APP_ROOT} -P && \ + fix-permissions ${HOME} -P && \ + rpm-file-permissions + +# Remove sticky bit +RUN chmod g-s /usr/libexec/openssh/ssh-keysign + +# set user to ensure image not running as root USER 1001 HEALTHCHECK NONE -- GitLab From fd46b1d7c298d785d88506081c5b0d74b1818f0e Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Mon, 16 Aug 2021 15:44:06 +0000 Subject: [PATCH 07/12] Update Dockerfile --- Dockerfile | 126 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 73 insertions(+), 53 deletions(-) diff --git a/Dockerfile b/Dockerfile index 32e32e1..dfb216c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,59 +4,79 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as build -# Set necessary environment variables for python and python development environment -ARG APP_ROOT=/opt/app-root -ENV PYTHON_VERSION=3.8 \ - APP_ROOT=$APP_ROOT \ - USER_NAME=hero \ - HOME=${APP_ROOT} \ - PATH=$HOME/.local/bin/:$APP_ROOT/.local/bin:/opt/app-root/src/bin:/opt/app-root/bin:$PATH: \ - EDITOR=/usr/bin/vim \ - PS1="AAP \W\$ " \ - PYTHONUNBUFFERED=1 \ - PYTHONIOENCODING=UTF-8 \ - PIP_NO_CACHE_DIR=off \ - LANG="en_US.UTF-8" - -# - Enable the virtual python environment and default interactive and non-interactive -# shell environment upon container startup -ENV PROMPT_COMMAND="" - -# Copy extra files to the image. -COPY ./scripts /usr/bin -RUN chmod a+x /usr/bin/container-entrypoint && \ - chmod a+x /usr/bin/fix-permissions && \ - chmod a+x /usr/bin/rpm-file-permissions && \ - chmod a+x /usr/bin/generate-container-user && \ - chmod a+x /usr/bin/py-enable - -# yum Updates -RUN yum update -y - -# Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip" && \ - yum -y update-minimal --setopt=tsflags=nodocs --security && \ - yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ - yum -y remove vim-minimal && \ - rpm -V $INSTALL_PKGS && \ - yum -y clean all --enablerepo="*" - -# - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages -# preinstalled in the main Python installation. -RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable - -# Set up container user and adjust permissions to run in OpenShift environment -WORKDIR ${HOME} -RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ - -c "Default Application User" default && \ - fix-permissions ${APP_ROOT} -P && \ - fix-permissions ${HOME} -P && \ - rpm-file-permissions - -# Remove sticky bit -RUN chmod g-s /usr/libexec/openssh/ssh-keysign - -# set user to ensure image not running as root +RUN dnf upgrade -y --nodocs && \ + dnf install -y --nodocs \ + bzip2-devel \ + expat-devel \ + gcc \ + libffi-devel \ + libuuid-devel \ + make \ + openssl-devel \ + sqlite-devel \ + xz-devel && \ + dnf clean all && \ + rm -rf /var/cache/dnf + +COPY python.tar.gz / + +RUN mkdir -p /usr/local/src/python && \ + tar -zxf python.tar.gz -C /usr/local/src/python --strip-components=1 && \ + cd /usr/local/src/python && \ + ./configure \ + --enable-loadable-sqlite-extensions \ + --enable-optimizations \ + --enable-option-checking=fatal \ + --enable-shared \ + --with-system-expat \ + --with-ensurepip && \ + make && \ + make altinstall + +RUN find /usr/local -depth \ + \( \ + \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ + -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) \) \ + \) -exec rm -rf '{}' + && \ + echo '/usr/local/lib' >> /etc/ld.so.conf && \ + ldconfig + +RUN pip3.8 install --no-index --upgrade --find-links=/wheel/ pip setuptools wheel + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +RUN dnf update -y --nodocs && \ + dnf clean all && \ + rm -rf /var/cache/dnf + +ENV PATH /usr/local/bin:$PATH + + +RUN cd /usr/local/bin && \ + ln -s idle3.8 idle3 && \ + ln -s idle3 idle && \ + ln -s pydoc3.8 pydoc3 && \ + ln -s pydoc3 pydoc && \ + ln -s python3.8 python3 && \ + ln -s python3 python && \ + ln -s python3.8-config python3-config && \ + ln -s python3-config python-config && \ + ln -s easy_install-3.8 easy_install-3 && \ + ln -s easy_install-3 easy_install && \ + ln -s 2to3-3.8 2to3-3 && \ + ln -s 2to3-3 2to3 && \ + ln -s pip3.8 pip3 || true && \ + ln -s pip3 pip || true && \ + echo '/usr/local/lib' >> /etc/ld.so.conf && \ + ldconfig + +RUN groupadd -g 1001 python && \ + useradd -r -u 1001 -m -s /sbin/nologin -g python python + +RUN chmod o-w /etc/pki/ca-trust/source/anchors/Certificates_PKCS7_v5.7_DoD.pem + USER 1001 +CMD ["python3"] + HEALTHCHECK NONE -- GitLab From f9b332b64663062bf43f06712f59c35f9fe73d21 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Mon, 16 Aug 2021 15:49:10 +0000 Subject: [PATCH 08/12] Update Dockerfile --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index dfb216c..4611f7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,8 +18,6 @@ RUN dnf upgrade -y --nodocs && \ dnf clean all && \ rm -rf /var/cache/dnf -COPY python.tar.gz / - RUN mkdir -p /usr/local/src/python && \ tar -zxf python.tar.gz -C /usr/local/src/python --strip-components=1 && \ cd /usr/local/src/python && \ -- GitLab From 3f217d399085981a366a262dac208c62c46024bd Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Mon, 16 Aug 2021 15:57:31 +0000 Subject: [PATCH 09/12] Update Dockerfile --- Dockerfile | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4611f7d..21a889d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,30 +18,6 @@ RUN dnf upgrade -y --nodocs && \ dnf clean all && \ rm -rf /var/cache/dnf -RUN mkdir -p /usr/local/src/python && \ - tar -zxf python.tar.gz -C /usr/local/src/python --strip-components=1 && \ - cd /usr/local/src/python && \ - ./configure \ - --enable-loadable-sqlite-extensions \ - --enable-optimizations \ - --enable-option-checking=fatal \ - --enable-shared \ - --with-system-expat \ - --with-ensurepip && \ - make && \ - make altinstall - -RUN find /usr/local -depth \ - \( \ - \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ - -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) \) \ - \) -exec rm -rf '{}' + && \ - echo '/usr/local/lib' >> /etc/ld.so.conf && \ - ldconfig - -RUN pip3.8 install --no-index --upgrade --find-links=/wheel/ pip setuptools wheel - -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} RUN dnf update -y --nodocs && \ dnf clean all && \ @@ -50,28 +26,6 @@ RUN dnf update -y --nodocs && \ ENV PATH /usr/local/bin:$PATH -RUN cd /usr/local/bin && \ - ln -s idle3.8 idle3 && \ - ln -s idle3 idle && \ - ln -s pydoc3.8 pydoc3 && \ - ln -s pydoc3 pydoc && \ - ln -s python3.8 python3 && \ - ln -s python3 python && \ - ln -s python3.8-config python3-config && \ - ln -s python3-config python-config && \ - ln -s easy_install-3.8 easy_install-3 && \ - ln -s easy_install-3 easy_install && \ - ln -s 2to3-3.8 2to3-3 && \ - ln -s 2to3-3 2to3 && \ - ln -s pip3.8 pip3 || true && \ - ln -s pip3 pip || true && \ - echo '/usr/local/lib' >> /etc/ld.so.conf && \ - ldconfig - -RUN groupadd -g 1001 python && \ - useradd -r -u 1001 -m -s /sbin/nologin -g python python - -RUN chmod o-w /etc/pki/ca-trust/source/anchors/Certificates_PKCS7_v5.7_DoD.pem USER 1001 -- GitLab From 44d20c76ac954c45feaf8af741f8bc94bf1b0441 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Mon, 16 Aug 2021 16:50:35 +0000 Subject: [PATCH 10/12] Original from aap --- Dockerfile | 78 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 53 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index 21a889d..32e32e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,31 +4,59 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as build -RUN dnf upgrade -y --nodocs && \ - dnf install -y --nodocs \ - bzip2-devel \ - expat-devel \ - gcc \ - libffi-devel \ - libuuid-devel \ - make \ - openssl-devel \ - sqlite-devel \ - xz-devel && \ - dnf clean all && \ - rm -rf /var/cache/dnf - - -RUN dnf update -y --nodocs && \ - dnf clean all && \ - rm -rf /var/cache/dnf - -ENV PATH /usr/local/bin:$PATH - - - +# Set necessary environment variables for python and python development environment +ARG APP_ROOT=/opt/app-root +ENV PYTHON_VERSION=3.8 \ + APP_ROOT=$APP_ROOT \ + USER_NAME=hero \ + HOME=${APP_ROOT} \ + PATH=$HOME/.local/bin/:$APP_ROOT/.local/bin:/opt/app-root/src/bin:/opt/app-root/bin:$PATH: \ + EDITOR=/usr/bin/vim \ + PS1="AAP \W\$ " \ + PYTHONUNBUFFERED=1 \ + PYTHONIOENCODING=UTF-8 \ + PIP_NO_CACHE_DIR=off \ + LANG="en_US.UTF-8" + +# - Enable the virtual python environment and default interactive and non-interactive +# shell environment upon container startup +ENV PROMPT_COMMAND="" + +# Copy extra files to the image. +COPY ./scripts /usr/bin +RUN chmod a+x /usr/bin/container-entrypoint && \ + chmod a+x /usr/bin/fix-permissions && \ + chmod a+x /usr/bin/rpm-file-permissions && \ + chmod a+x /usr/bin/generate-container-user && \ + chmod a+x /usr/bin/py-enable + +# yum Updates +RUN yum update -y + +# Install packages +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip" && \ + yum -y update-minimal --setopt=tsflags=nodocs --security && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + yum -y remove vim-minimal && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo="*" + +# - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages +# preinstalled in the main Python installation. +RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable + +# Set up container user and adjust permissions to run in OpenShift environment +WORKDIR ${HOME} +RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ + -c "Default Application User" default && \ + fix-permissions ${APP_ROOT} -P && \ + fix-permissions ${HOME} -P && \ + rpm-file-permissions + +# Remove sticky bit +RUN chmod g-s /usr/libexec/openssh/ssh-keysign + +# set user to ensure image not running as root USER 1001 -CMD ["python3"] - HEALTHCHECK NONE -- GitLab From d1cb875ccb5de87f49ded84f2d948d9d0030b7e8 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 17 Aug 2021 15:14:00 +0000 Subject: [PATCH 11/12] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 32e32e1..e4b7a5e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ RUN yum update -y # Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip" && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From 91f64604ac1d3cddb6cadddf9762fad2162b806d Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 17 Aug 2021 15:21:01 +0000 Subject: [PATCH 12/12] Removed gcc --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e4b7a5e..32e32e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ RUN yum update -y # Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab