From a09e29fd59457ab9c4807e7689c43a5887222bb5 Mon Sep 17 00:00:00 2001 From: Sergiy Markin Date: Thu, 24 Apr 2025 18:29:21 +0000 Subject: [PATCH] Libyaml install from apt This PS is to install libyaml from apt instead of building it from source. Also we upgrade the Helm version to 3.17.3 because of CVE. In order to decrease the image size *-dev libs are installed only when needed to build/install Python packages. Change-Id: I933e3cb639b80efe6f64fc279998f45369826d4c --- bindep.txt | 1 + images/drydock/Dockerfile.ubuntu_jammy | 72 +++++++++++++------------- tools/helm_install.sh | 2 +- 3 files changed, 38 insertions(+), 37 deletions(-) diff --git a/bindep.txt b/bindep.txt index 85c6a48c..92de6ed6 100644 --- a/bindep.txt +++ b/bindep.txt @@ -10,6 +10,7 @@ libpq-dev libre2-dev libsasl2-dev libssl-dev +libyaml-dev libvirt-dev libzmq3-dev netbase diff --git a/images/drydock/Dockerfile.ubuntu_jammy b/images/drydock/Dockerfile.ubuntu_jammy index b9b50f01..1e0bdfb1 100644 --- a/images/drydock/Dockerfile.ubuntu_jammy +++ b/images/drydock/Dockerfile.ubuntu_jammy @@ -20,7 +20,7 @@ # You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit ARG FROM=quay.io/airshipit/ubuntu:jammy -FROM quay.io/airshipit/golang:1.23.1-bullseye as baclient_builder +FROM quay.io/airshipit/golang:1.23.8-bullseye as baclient_builder COPY ./tools/baclient_build.sh /tmp/drydock/ COPY ./go /tmp/drydock/go @@ -28,25 +28,6 @@ COPY ./go /tmp/drydock/go WORKDIR /tmp/drydock RUN PATH=$PATH:/usr/local/go/bin ./baclient_build.sh /tmp/drydock/go /tmp/drydock/baclient -FROM ${FROM} AS libyaml_builder - -# Build LibYAML -ARG LIBYAML_VERSION=0.2.5 -RUN set -ex \ - && apt-get update && apt-get upgrade -y \ - && apt install -y git automake make libtool \ - && git clone https://github.com/yaml/libyaml.git \ - && cd libyaml \ - && git checkout $LIBYAML_VERSION \ - && ./bootstrap \ - && ./configure \ - && make \ - && make install \ - && cd .. \ - && rm -fr libyaml - -RUN rm -r /var/lib/apt/lists/* - FROM ${FROM} @@ -73,34 +54,53 @@ ENV LANG C.UTF-8 WORKDIR /tmp/drydock RUN DEBIAN_FRONTEND=noninteractive \ apt update \ + && DEBIAN_FRONTEND=noninteractive \ + apt-get upgrade -y \ && DEBIAN_FRONTEND=noninteractive \ apt install -y \ --allow-downgrades \ --no-install-recommends \ + ca-certificates \ python3-dev \ - python3-pip \ python3-setuptools \ - pkg-config \ - libvirt-dev \ - libssl-dev \ - libpq-dev \ - gcc \ openssh-client\ curl \ netbase \ + libvirt0 \ && rm -r /var/lib/apt/lists/* -# Install LibYAML -ENV LD_LIBRARY_PATH=/usr/local/lib -COPY --from=libyaml_builder /usr/local/lib /usr/local/lib -COPY --from=libyaml_builder /usr/local/include/yaml.h /usr/local/include/yaml.h - COPY ./python/requirements-frozen.txt /tmp/drydock/ -RUN \ - pip3 install --upgrade pip \ - && pip3 install \ - --no-cache-dir \ - -r /tmp/drydock/requirements-frozen.txt + +RUN set -ex \ + && buildDeps=' \ + automake \ + gcc \ + libffi-dev \ + libpq-dev \ + libssl-dev \ + libtool \ + libyaml-dev \ + libvirt-dev \ + make \ + python3-pip \ + pkg-config \ + ' \ + && apt-get -qq update \ + # Keep git separate so it's not removed below + && apt-get install -y $buildDeps git --no-install-recommends \ + && python3 -m pip install -U pip \ + && pip3 install -r /tmp/drydock/requirements-frozen.txt --no-cache-dir \ + && apt-get purge -y --auto-remove $buildDeps \ + && apt-get autoremove -yqq --purge \ + && apt-get clean \ + && rm -rf \ + /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* \ + /usr/share/man \ + /usr/share/doc \ + /usr/share/doc-base + COPY ./python /tmp/drydock/python WORKDIR /tmp/drydock/python diff --git a/tools/helm_install.sh b/tools/helm_install.sh index 18587d0f..491889b9 100755 --- a/tools/helm_install.sh +++ b/tools/helm_install.sh @@ -17,7 +17,7 @@ set -x HELM=$1 -HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz"} +HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz"} function install_helm_binary {