-
Notifications
You must be signed in to change notification settings - Fork 381
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added Docker multi-stage scratch build to slim down container size fr…
…om 743MB to about 4MB.
- Loading branch information
Showing
1 changed file
with
26 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,31 @@ | ||
FROM alpine:latest | ||
FROM alpine:latest as builder | ||
|
||
RUN apk update | ||
RUN apk add gcc make ca-certificates git libc-dev linux-headers openssl perl zlib-dev | ||
# Ensure no packages are cached before we try to do an update. | ||
RUN apk cache clean 2> /dev/null || exit 0 | ||
|
||
RUN apk update && apk add gcc make ca-certificates git libc-dev linux-headers openssl perl zlib-dev | ||
RUN update-ca-certificates | ||
|
||
ADD . builddir | ||
RUN cd builddir; make static; cp /builddir/sslscan /usr/local/bin | ||
|
||
ENTRYPOINT ["sslscan"] | ||
# Make a static build of sslscan, then strip it of debugging symbols. | ||
RUN cd builddir && make static | ||
RUN strip --strip-all /builddir/sslscan | ||
|
||
# Print the output of ldd so we can see what dynamic libraries that sslscan is still dependent upon. | ||
RUN echo "ldd output:" && ldd /builddir/sslscan | ||
RUN echo "ls -al output:" && ls -al /builddir/sslscan | ||
|
||
|
||
# Start with an empty container for our final build. | ||
FROM scratch | ||
|
||
# Copy over the sslscan executable from the intermediate build container, along with the dynamic libraries it is dependent upon (see output of ldd, above). | ||
COPY --from=builder /builddir/sslscan /sslscan | ||
COPY --from=builder /lib/libz.so.1 /lib/libz.so.1 | ||
COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1 | ||
|
||
# Drop root privileges. | ||
USER 65535:65535 | ||
|
||
ENTRYPOINT ["/sslscan"] |