Merge pull request #267 from michael-k/dockerfiles

Follow best practices in Dockerfiles
2017-05-13 21:50:31 +02:00
parent 0a90bdc4df 766a986f27
commit 5e537825e8
7 changed files with 100 additions and 79 deletions
--- a/data/Dockerfiles/clamav/Dockerfile
+++ b/data/Dockerfiles/clamav/Dockerfile
@@ -1,26 +1,34 @@
 FROM debian:stretch-slim
-MAINTAINER https://m-ko.de Markus Kosmal <code@cnfg.io>
+LABEL maintainer "https://m-ko.de Markus Kosmal <code@cnfg.io>"

 # Debian Base to use
 ENV DEBIAN_VERSION stretch
+ARG DEBIAN_FRONTEND=noninteractive

 # initial install of av daemon
 RUN echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION main contrib non-free" > /etc/apt/sources.list && \
 	echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION-updates main contrib non-free" >> /etc/apt/sources.list && \
 	echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib non-free" >> /etc/apt/sources.list && \
-	apt-get update && \
-	DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y -qq \
+	apt-get update && apt-get install -y -qq --no-install-recommends \
 		clamav-daemon \
 		clamav-freshclam \
 		libclamunrar7 \
-		curl && \
-	apt-get clean && \
-	rm -rf /var/lib/apt/lists/*
+	&& rm -rf /var/lib/apt/lists/*

 # initial update of av databases
 COPY dl_files.sh /dl_files.sh
 RUN chmod +x /dl_files.sh
-RUN /dl_files.sh
+
+RUN set -ex; \
+	\
+	fetchDeps=' \
+		curl \
+	'; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends $fetchDeps; \
+	rm -rf /var/lib/apt/lists/*; \
+	/dl_files.sh \
+	apt-get purge -y --auto-remove $fetchDeps

 # permission juggling
 RUN mkdir /var/run/clamav && \
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -1,69 +1,71 @@
 FROM debian:stretch-slim
 #ubuntu:xenial
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
 ENV DOVECOT_VERSION 2.2.29.1
 ENV PIGEONHOLE_VERSION 0.4.18

-RUN apt-get update \
-	&& apt-get -y install libpam-dev \
-	default-libmysqlclient-dev \
-	lzma-dev \
-	liblz-dev \
-	libbz2-dev \
-	liblz4-dev \
-	liblzma-dev \
-	build-essential \
-	autotools-dev \
+RUN apt-get update && apt-get -y install \
 	automake \
-	syslog-ng \
-	syslog-ng-core \
-	syslog-ng-mod-redis \
+	autotools-dev \
+	build-essential \
 	ca-certificates \
-	supervisor \
-	wget \
+	cpanminus \
 	curl \
-	libssl-dev \
+	default-libmysqlclient-dev \
 	libauthen-ntlm-perl \
+	libbz2-dev \
 	libcrypt-ssleay-perl \
+	libdbd-mysql-perl \
+	libdbi-perl \
 	libdigest-hmac-perl \
 	libfile-copy-recursive-perl \
 	libio-compress-perl \
 	libio-socket-inet6-perl \
 	libio-socket-ssl-perl \
 	libio-tee-perl \
+	libipc-run-perl \
+	liblockfile-simple-perl \
+	liblz-dev \
+	liblz4-dev \
+	liblzma-dev \
 	libmodule-scandeps-perl \
 	libnet-ssleay-perl \
+	libpam-dev \
 	libpar-packer-perl \
 	libreadonly-perl \
+	libssl-dev \
 	libterm-readkey-perl \
 	libtest-pod-perl \
 	libtest-simple-perl \
 	libunicode-string-perl \
 	liburi-perl \
-	libdbi-perl \
-	liblockfile-simple-perl \
-	libdbd-mysql-perl \
-	libipc-run-perl \
+	lzma-dev \
 	make \
-	cpanminus
+	supervisor \
+	syslog-ng \
+	syslog-ng-core \
+	syslog-ng-mod-redis \
+	&& rm -rf /var/lib/apt/lists/*


-RUN wget https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz -O - | tar xvz  \
+RUN curl https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz  \
 	&& cd dovecot-$DOVECOT_VERSION \
 	&& ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \
 	&& make -j3 \
 	&& make install \
-	&& make clean
+	&& make clean \
+	&& cd .. && rm -rf dovecot-$DOVECOT_VERSION

-RUN wget https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION.tar.gz -O - | tar xvz  \
+RUN curl https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION.tar.gz | tar xvz  \
 	&& cd dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \
 	&& ./configure \
 	&& make -j3 \
 	&& make install \
-	&& make clean
+	&& make clean \
+	&& cd .. && rm -rf dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION

 RUN cpanm Data::Uniqid Mail::IMAPClient String::Util
 RUN echo '* * * * *   root   /usr/local/bin/imapsync_cron.pl' > /etc/cron.d/imapsync
@@ -100,9 +102,6 @@ EXPOSE 24 10001
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

-RUN apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* \
+RUN rm -rf \
 	/tmp/* \
-	/var/tmp/* \
-	/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \
-	/dovecot-$DOVECOT_VERSION
+	/var/tmp/*
--- a/data/Dockerfiles/php-fpm/Dockerfile
+++ b/data/Dockerfiles/php-fpm/Dockerfile
@@ -1,16 +1,17 @@
 FROM php:7.1-fpm
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive

-RUN apt-get update \
-	&& apt-get install -y zlib1g-dev \
-	libicu-dev \
+RUN apt-get update && apt-get install -y \
 	g++ \
+	libicu-dev \
 	libidn11-dev \
 	libxml2-dev \
+	mysql-client \
 	redis-tools \
-	mysql-client
+	zlib1g-dev \
+	&& rm -rf /var/lib/apt/lists/*

 RUN docker-php-ext-configure intl
 RUN docker-php-ext-install intl pdo pdo_mysql xmlrpc
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -1,7 +1,7 @@
 FROM debian:stretch-slim
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C

 RUN dpkg-divert --local --rename --add /sbin/initctl \
@@ -9,23 +9,24 @@ RUN dpkg-divert --local --rename --add /sbin/initctl \
 	&& dpkg-divert --local --rename --add /usr/bin/ischroot \
 	&& ln -sf /bin/true /usr/bin/ischroot

-RUN apt-get update
-RUN apt-get install -y --no-install-recommends supervisor \
-	postfix \
-	sasl2-bin \
+RUN apt-get update && apt-get install -y --no-install-recommends \
+	ca-certificates \
+	curl \
+	dirmngr \
+	gnupg \
 	libsasl2-modules \
 	postfix \
+	postfix \
 	postfix-mysql \
 	postfix-pcre \
+	python-gpgme \
+	sasl2-bin \
+	sudo \
+	supervisor \
 	syslog-ng \
 	syslog-ng-core \
 	syslog-ng-mod-redis \
-	ca-certificates \
-	gnupg \
-	python-gpgme \
-	sudo \
-	curl \
-	dirmngr
+	&& rm -rf /var/lib/apt/lists/*

 RUN addgroup --system --gid 600 zeyple
 RUN adduser --system --home /var/lib/zeyple --no-create-home --uid 600 --gid 600 --disabled-login zeyple
@@ -44,4 +45,4 @@ EXPOSE 588

 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN rm -rf /tmp/* /var/tmp/*
--- a/data/Dockerfiles/rmilter/Dockerfile
+++ b/data/Dockerfiles/rmilter/Dockerfile
@@ -1,13 +1,18 @@
 FROM debian:jessie-slim
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C

 RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
 	&& echo "deb http://rspamd.com/apt-stable/ jessie main" > /etc/apt/sources.list.d/rspamd.list \
-	&& apt-get update \
-	&& apt-get --no-install-recommends -y --force-yes install rmilter cron syslog-ng syslog-ng-core supervisor
+	&& apt-get update && apt-get install -y --force-yes --no-install-recommends \
+		cron \
+		rmilter \
+		supervisor \
+		syslog-ng \
+		syslog-ng-core \
+	&& rm -rf /var/lib/apt/lists/*

 COPY supervisord.conf /etc/supervisor/supervisord.conf

@@ -18,4 +23,4 @@ RUN touch /var/log/mail.log && chmod 640 /var/log/mail.log && chown root:adm /va

 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN rm -rf /tmp/* /var/tmp/*
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -1,13 +1,16 @@
 FROM debian:jessie-slim
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C

 RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
 	&& echo "deb http://rspamd.com/apt-stable/ jessie main" > /etc/apt/sources.list.d/rspamd.list \
-	&& apt-get update \
-	&& apt-get -y install rspamd ca-certificates python-pip
+	&& apt-get update && apt-get install -y \
+		ca-certificates \
+		python-pip \
+		rspamd \
+	&& rm -rf /var/lib/apt/lists/*

 RUN echo '.include $LOCAL_CONFDIR/local.d/rspamd.conf.local' > /etc/rspamd/rspamd.conf.local

@@ -18,7 +21,7 @@ RUN pip install -U oletools

 CMD /usr/bin/rspamd -f -u _rspamd -g _rspamd

-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN rm -rf /tmp/* /var/tmp/*

 USER _rspamd

--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -1,19 +1,21 @@
 FROM debian:jessie-slim
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
 ENV GOSU_VERSION 1.9

-RUN apt-get update \
-	&& apt-get install -y --no-install-recommends apt-transport-https gnupg \
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		apt-transport-https \
 		ca-certificates \
-		wget \
+		cron \
+		gnupg \
+		mysql-client \
+		supervisor \
 		syslog-ng \
 		syslog-ng-core \
-		supervisor \
-		mysql-client \
-		cron \
+		wget \
+	&& rm -rf /var/lib/apt/lists/* \
 	&& dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
 	&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
 	&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
@@ -29,8 +31,10 @@ RUN touch /usr/share/doc/sogo/empty.sh

 RUN apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 \
 	&& echo "deb http://packages.inverse.ca/SOGo/nightly/3/debian/ jessie jessie" > /etc/apt/sources.list.d/sogo.list \
-	&& apt-get update \
-	&& apt-get -y --force-yes install sogo sogo-activesync 
+	&& apt-get update && apt-get install -y --force-yes \
+		sogo \
+		sogo-activesync \
+	&& rm -rf /var/lib/apt/lists/*

 RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
 RUN echo '* * * * *   sogo   /usr/sbin/sogo-ealarms-notify' > /etc/cron.d/sogo
@@ -42,4 +46,4 @@ COPY supervisord.conf /etc/supervisor/supervisord.conf

 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN rm -rf /tmp/* /var/tmp/*