Mirrors
/
synapse
mirror of https://github.com/element-hq/synapse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Switch to Debian:Slim from Alpine for the docker image (#7839) 

As mentioned in #7397, switching to a debian base should help with multi-arch work to save time on compiling. This is unashamedly based on #6373, but without the extra functionality. Switch python version back to generic 3.7 to always pull the latest. Essentially, keeping this as small as possible. The image is bigger though unfortunately.
This commit is contained in:
Christopher May-Townsend 2020-07-17 17:40:53 +01:00 committed by GitHub
parent 2d2acc1cf2
commit a5545cf86d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/7839.docker Normal file
View File

@ -0,0 +1 @@
Base docker image on Debian Buster rather than Alpine Linux. Contributed by @maquis196.

57
docker/Dockerfile
View File

@ -16,35 +16,31 @@ ARG PYTHON_VERSION=3.7
### ###
### Stage 0: builder ### Stage 0: builder
### ###
FROM docker.io/python:${PYTHON_VERSION}-alpine3.11 as builder FROM docker.io/python:${PYTHON_VERSION}-slim as builder
# install the OS build deps # install the OS build deps
RUN apk add \
build-base \
libffi-dev \
libjpeg-turbo-dev \
libwebp-dev \
libressl-dev \
libxslt-dev \
linux-headers \
postgresql-dev \
zlib-dev
# build things which have slow build steps, before we copy synapse, so that RUN apt-get update && apt-get install -y \
# the layer can be cached. build-essential \
# libpq-dev \
# (we really just care about caching a wheel here, as the "pip install" below && rm -rf /var/lib/apt/lists/*
# will install them again.)
# Build dependencies that are not available as wheels, to speed up rebuilds
RUN pip install --prefix="/install" --no-warn-script-location \ RUN pip install --prefix="/install" --no-warn-script-location \
cryptography \ frozendict \
msgpack-python \ jaeger-client \
pillow \ opentracing \
pynacl prometheus-client \
psycopg2 \
pycparser \
pyrsistent \
pyyaml \
simplejson \
threadloop \
thrift
# now install synapse and all of the python deps to /install. # now install synapse and all of the python deps to /install.
COPY synapse /synapse/synapse/ COPY synapse /synapse/synapse/
COPY scripts /synapse/scripts/ COPY scripts /synapse/scripts/
COPY MANIFEST.in README.rst setup.py synctl /synapse/ COPY MANIFEST.in README.rst setup.py synctl /synapse/
@ -56,20 +52,13 @@ RUN pip install --prefix="/install" --no-warn-script-location \
### Stage 1: runtime ### Stage 1: runtime
### ###
FROM docker.io/python:${PYTHON_VERSION}-alpine3.11 FROM docker.io/python:${PYTHON_VERSION}-slim
# xmlsec is required for saml support RUN apt-get update && apt-get install -y \
RUN apk add --no-cache --virtual .runtime_deps \ libpq5 \
libffi \ xmlsec1 \
libjpeg-turbo \ gosu \
libwebp \ && rm -rf /var/lib/apt/lists/*
libressl \
libxslt \
libpq \
zlib \
su-exec \
tzdata \
xmlsec
COPY --from=builder /install /usr/local COPY --from=builder /install /usr/local
COPY ./docker/start.py /start.py COPY ./docker/start.py /start.py

12
docker/start.py
View File

@ -120,7 +120,7 @@ def generate_config_from_template(config_dir, config_path, environ, ownership):
if ownership is not None: if ownership is not None:
subprocess.check_output(["chown", "-R", ownership, "/data"]) subprocess.check_output(["chown", "-R", ownership, "/data"])
args = ["su-exec", ownership] + args args = ["gosu", ownership] + args
subprocess.check_output(args) subprocess.check_output(args)
@ -172,8 +172,8 @@ def run_generate_config(environ, ownership):
# make sure that synapse has perms to write to the data dir. # make sure that synapse has perms to write to the data dir.
subprocess.check_output(["chown", ownership, data_dir]) subprocess.check_output(["chown", ownership, data_dir])
args = ["su-exec", ownership] + args args = ["gosu", ownership] + args
os.execv("/sbin/su-exec", args) os.execv("/usr/sbin/gosu", args)
else: else:
os.execv("/usr/local/bin/python", args) os.execv("/usr/local/bin/python", args)
@ -189,7 +189,7 @@ def main(args, environ):
ownership = "{}:{}".format(desired_uid, desired_gid) ownership = "{}:{}".format(desired_uid, desired_gid)
if ownership is None: if ownership is None:
log("Will not perform chmod/su-exec as UserID already matches request") log("Will not perform chmod/gosu as UserID already matches request")
# In generate mode, generate a configuration and missing keys, then exit # In generate mode, generate a configuration and missing keys, then exit
if mode == "generate": if mode == "generate":
@ -236,8 +236,8 @@ running with 'migrate_config'. See the README for more details.
args = ["python", "-m", synapse_worker, "--config-path", config_path] args = ["python", "-m", synapse_worker, "--config-path", config_path]
if ownership is not None: if ownership is not None:
args = ["su-exec", ownership] + args args = ["gosu", ownership] + args
os.execv("/sbin/su-exec", args) os.execv("/usr/sbin/gosu", args)
else: else:
os.execv("/usr/local/bin/python", args) os.execv("/usr/local/bin/python", args)