From 596203f474a7b90f6f34752fdd74c625d51d0da9 Mon Sep 17 00:00:00 2001 From: Simon Gamma Date: Tue, 23 Apr 2019 08:24:02 +0200 Subject: [PATCH 1/3] correctly quote statements containing path variables otherwise the path variable is expanded at docker build time instead of at runtime when running the container. Changelog: Expand existing environment '$PATH' variable instead of replacing it Signed-off-by: Simon Gamma --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ab0b39f..a7678cf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,7 +40,7 @@ RUN echo "mtools_skip_check=1" >> $HOME/.mtoolsrc RUN wget -nc -q https://toolchains.bootlin.com/downloads/releases/toolchains/armv6-eabihf/tarballs/armv6-eabihf--glibc--stable-2018.11-1.tar.bz2 \ && tar -xjf armv6-eabihf--glibc--stable-2018.11-1.tar.bz2 \ && rm armv6-eabihf--glibc--stable-2018.11-1.tar.bz2 \ - && echo export PATH=$PATH:/armv6-eabihf--glibc--stable-2018.11-1/bin >> /root/.bashrc + && echo 'export PATH=$PATH:/armv6-eabihf--glibc--stable-2018.11-1/bin' >> /root/.bashrc RUN wget -q -O /usr/bin/mender-artifact https://d1b0l86ne08fsf.cloudfront.net/mender-artifact/$MENDER_ARTIFACT_VERSION/mender-artifact \ && chmod +x /usr/bin/mender-artifact @@ -48,7 +48,7 @@ RUN wget -q -O /usr/bin/mender-artifact https://d1b0l86ne08fsf.cloudfront.net/me # Golang environment, for cross-compiling the Mender client RUN wget https://dl.google.com/go/go$GOLANG_VERSION.linux-amd64.tar.gz \ && tar -C /usr/local -xzf go$GOLANG_VERSION.linux-amd64.tar.gz \ - && echo export PATH=$PATH:/usr/local/go/bin >> /root/.bashrc + && echo 'export PATH=$PATH:/usr/local/go/bin' >> /root/.bashrc ENV PATH "$PATH:/usr/local/go/bin:/armv6-eabihf--glibc--stable-2018.11-1/bin" ENV GOPATH "/root/go" From d202b218c4f20045e4195edb4e06b82b685076a6 Mon Sep 17 00:00:00 2001 From: Simon Gamma Date: Tue, 23 Apr 2019 08:24:24 +0200 Subject: [PATCH 2/3] apply path also when sudoing otherwise the "secure-path" will override our carefully created path-variable Changelog: Use same environment '$PATH' variable when using sudo Signed-off-by: Simon Gamma --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index a7678cf..a8c9321 100644 --- a/Dockerfile +++ b/Dockerfile @@ -81,6 +81,10 @@ RUN env CGO_ENABLED=1 \ GOOS=linux \ GOARM=6 GOARCH=arm make build +# allow us to keep original PATH variables when sudoing +RUN echo "Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:$PATH\"" > /etc/sudoers.d/secure_path_override +RUN chmod 0440 /etc/sudoers.d/secure_path_override + WORKDIR / COPY docker-entrypoint.sh /usr/local/bin/ From 23a5226a442e4bf9db120f400146c64e8a70a0d2 Mon Sep 17 00:00:00 2001 From: Simon Gamma Date: Tue, 23 Apr 2019 08:24:40 +0200 Subject: [PATCH 3/3] fail the docker build if mandatory arg is not set -> fail fast, fail hard Changelog: Fail the docker build when mandatory build-arg 'mender_client_version' is not set. Signed-off-by: Simon Gamma --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index a8c9321..a94508f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,6 +55,7 @@ ENV GOPATH "/root/go" # Download Mender client ARG mender_client_version +RUN test -n "$mender_client_version" || (echo "Argument 'mender_client_version' is mandatory." && exit 1) ENV MENDER_CLIENT_VERSION=$mender_client_version RUN go get -d github.com/mendersoftware/mender