From 9ab9d7624074b5567c4510e647b68a86eb71311b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20K=C3=A4ufl?= Date: Sat, 13 May 2017 15:52:16 +0200 Subject: [PATCH] [Dockerfiles] Used best practices for apt-get See https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#apt-get - Replaced `-y install` with `install -y` (unification) - Put every package on its own line - Moved `rm -rf /var/lib/apt/lists/*` in the same `RUN` statement as `apt-get` - Removed unnecessary `apt-get clean` See https://github.com/moby/moby/blob/03e2923e42446dbb830c654d0eec323a0b4ef02a/contrib/mkimage/debootstrap#L82-L105 --- data/Dockerfiles/clamav/Dockerfile | 8 +++----- data/Dockerfiles/dovecot/Dockerfile | 10 +++++----- data/Dockerfiles/php-fpm/Dockerfile | 7 ++++--- data/Dockerfiles/postfix/Dockerfile | 9 +++++---- data/Dockerfiles/rmilter/Dockerfile | 11 ++++++++--- data/Dockerfiles/rspamd/Dockerfile | 9 ++++++--- data/Dockerfiles/sogo/Dockerfile | 14 +++++++++----- 7 files changed, 40 insertions(+), 28 deletions(-) diff --git a/data/Dockerfiles/clamav/Dockerfile b/data/Dockerfiles/clamav/Dockerfile index 5ecde1c9..b57fb143 100755 --- a/data/Dockerfiles/clamav/Dockerfile +++ b/data/Dockerfiles/clamav/Dockerfile @@ -8,14 +8,12 @@ ENV DEBIAN_VERSION stretch RUN echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION main contrib non-free" > /etc/apt/sources.list && \ echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION-updates main contrib non-free" >> /etc/apt/sources.list && \ echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib non-free" >> /etc/apt/sources.list && \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y -qq \ + apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends \ clamav-daemon \ clamav-freshclam \ libclamunrar7 \ - curl && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* + curl \ + && rm -rf /var/lib/apt/lists/* # initial update of av databases COPY dl_files.sh /dl_files.sh diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile index a28b6628..375852f2 100644 --- a/data/Dockerfiles/dovecot/Dockerfile +++ b/data/Dockerfiles/dovecot/Dockerfile @@ -7,8 +7,8 @@ ENV LC_ALL C ENV DOVECOT_VERSION 2.2.29.1 ENV PIGEONHOLE_VERSION 0.4.18 -RUN apt-get update \ - && apt-get -y install libpam-dev \ +RUN apt-get update && apt-get -y install \ + libpam-dev \ default-libmysqlclient-dev \ lzma-dev \ liblz-dev \ @@ -48,7 +48,8 @@ RUN apt-get update \ libdbd-mysql-perl \ libipc-run-perl \ make \ - cpanminus + cpanminus \ + && rm -rf /var/lib/apt/lists/* RUN wget https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz -O - | tar xvz \ @@ -100,8 +101,7 @@ EXPOSE 24 10001 ENTRYPOINT ["/docker-entrypoint.sh"] CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf -RUN apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ +RUN rm -rf \ /tmp/* \ /var/tmp/* \ /dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \ diff --git a/data/Dockerfiles/php-fpm/Dockerfile b/data/Dockerfiles/php-fpm/Dockerfile index 0cee7e80..cfcfebb7 100644 --- a/data/Dockerfiles/php-fpm/Dockerfile +++ b/data/Dockerfiles/php-fpm/Dockerfile @@ -3,14 +3,15 @@ LABEL maintainer "Andre Peters " ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update \ - && apt-get install -y zlib1g-dev \ +RUN apt-get update && apt-get install -y \ + zlib1g-dev \ libicu-dev \ g++ \ libidn11-dev \ libxml2-dev \ redis-tools \ - mysql-client + mysql-client \ + && rm -rf /var/lib/apt/lists/* RUN docker-php-ext-configure intl RUN docker-php-ext-install intl pdo pdo_mysql xmlrpc diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile index fbf8f10a..ace78f7a 100644 --- a/data/Dockerfiles/postfix/Dockerfile +++ b/data/Dockerfiles/postfix/Dockerfile @@ -9,8 +9,8 @@ RUN dpkg-divert --local --rename --add /sbin/initctl \ && dpkg-divert --local --rename --add /usr/bin/ischroot \ && ln -sf /bin/true /usr/bin/ischroot -RUN apt-get update -RUN apt-get install -y --no-install-recommends supervisor \ +RUN apt-get update && apt-get install -y --no-install-recommends \ + supervisor \ postfix \ sasl2-bin \ libsasl2-modules \ @@ -25,7 +25,8 @@ RUN apt-get install -y --no-install-recommends supervisor \ python-gpgme \ sudo \ curl \ - dirmngr + dirmngr \ + && rm -rf /var/lib/apt/lists/* RUN addgroup --system --gid 600 zeyple RUN adduser --system --home /var/lib/zeyple --no-create-home --uid 600 --gid 600 --disabled-login zeyple @@ -44,4 +45,4 @@ EXPOSE 588 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +RUN rm -rf /tmp/* /var/tmp/* diff --git a/data/Dockerfiles/rmilter/Dockerfile b/data/Dockerfiles/rmilter/Dockerfile index 366f675d..725a2596 100644 --- a/data/Dockerfiles/rmilter/Dockerfile +++ b/data/Dockerfiles/rmilter/Dockerfile @@ -6,8 +6,13 @@ ENV LC_ALL C RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \ && echo "deb http://rspamd.com/apt-stable/ jessie main" > /etc/apt/sources.list.d/rspamd.list \ - && apt-get update \ - && apt-get --no-install-recommends -y --force-yes install rmilter cron syslog-ng syslog-ng-core supervisor + && apt-get update && apt-get install -y --force-yes --no-install-recommends \ + rmilter \ + cron \ + syslog-ng \ + syslog-ng-core \ + supervisor \ + && rm -rf /var/lib/apt/lists/* COPY supervisord.conf /etc/supervisor/supervisord.conf @@ -18,4 +23,4 @@ RUN touch /var/log/mail.log && chmod 640 /var/log/mail.log && chown root:adm /va CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +RUN rm -rf /tmp/* /var/tmp/* diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile index 4d14c6f9..bc0ecceb 100644 --- a/data/Dockerfiles/rspamd/Dockerfile +++ b/data/Dockerfiles/rspamd/Dockerfile @@ -6,8 +6,11 @@ ENV LC_ALL C RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \ && echo "deb http://rspamd.com/apt-stable/ jessie main" > /etc/apt/sources.list.d/rspamd.list \ - && apt-get update \ - && apt-get -y install rspamd ca-certificates python-pip + && apt-get update && apt-get install -y \ + rspamd \ + ca-certificates \ + python-pip \ + && rm -rf /var/lib/apt/lists/* RUN echo '.include $LOCAL_CONFDIR/local.d/rspamd.conf.local' > /etc/rspamd/rspamd.conf.local @@ -18,7 +21,7 @@ RUN pip install -U oletools CMD /usr/bin/rspamd -f -u _rspamd -g _rspamd -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +RUN rm -rf /tmp/* /var/tmp/* USER _rspamd diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile index 8210ab82..56dc1e75 100644 --- a/data/Dockerfiles/sogo/Dockerfile +++ b/data/Dockerfiles/sogo/Dockerfile @@ -5,8 +5,9 @@ ENV DEBIAN_FRONTEND noninteractive ENV LC_ALL C ENV GOSU_VERSION 1.9 -RUN apt-get update \ - && apt-get install -y --no-install-recommends apt-transport-https gnupg \ +RUN apt-get update && apt-get install -y --no-install-recommends \ + apt-transport-https \ + gnupg \ ca-certificates \ wget \ syslog-ng \ @@ -14,6 +15,7 @@ RUN apt-get update \ supervisor \ mysql-client \ cron \ + && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \ @@ -29,8 +31,10 @@ RUN touch /usr/share/doc/sogo/empty.sh RUN apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 \ && echo "deb http://packages.inverse.ca/SOGo/nightly/3/debian/ jessie jessie" > /etc/apt/sources.list.d/sogo.list \ - && apt-get update \ - && apt-get -y --force-yes install sogo sogo-activesync + && apt-get update && apt-get install -y --force-yes \ + sogo \ + sogo-activesync \ + && rm -rf /var/lib/apt/lists/* RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf RUN echo '* * * * * sogo /usr/sbin/sogo-ealarms-notify' > /etc/cron.d/sogo @@ -42,4 +46,4 @@ COPY supervisord.conf /etc/supervisor/supervisord.conf CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +RUN rm -rf /tmp/* /var/tmp/*