diff --git a/Dockerfile b/Dockerfile index 2093688cd..73597b3cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-bookworm AS builder +FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19 AS builder -ARG TARGETPLATFORM TARGETOS TARGETARCH +ARG TARGETOS TARGETARCH ENV SRC_DIR /kubo @@ -19,12 +19,12 @@ ARG IPFS_PLUGINS # Also: fix getting HEAD commit hash via git rev-parse. RUN cd $SRC_DIR \ && mkdir -p .git/objects \ - && GOOS=$TARGETOS GOARCH=$TARGETARCH GOFLAGS=-buildvcs=false make build GOTAGS=openssl IPFS_PLUGINS=$IPFS_PLUGINS + && GOOS=$TARGETOS GOARCH=$TARGETARCH GOFLAGS=-buildvcs=false make build IPFS_PLUGINS=$IPFS_PLUGINS # Using Debian Buster because the version of busybox we're using is based on it # and we want to make sure the libraries we're using are compatible. That's also # why we're running this for the target platform. -FROM debian:bookworm-slim AS utilities +FROM debian:stable-slim AS utilities RUN set -eux; \ apt-get update; \ apt-get install -y \ @@ -37,14 +37,11 @@ RUN set -eux; \ # This installs fusermount which we later copy over to the target image. fuse \ ca-certificates \ - # This installs libssl.so and libcrypto.so which we later copy over to the - # target image. We need these to be able to use the OpenSSL plugin. - libssl-dev \ ; \ rm -rf /var/lib/apt/lists/* # Now comes the actual target image, which aims to be as small as possible. -FROM busybox:1.36.1-glibc +FROM busybox:stable-glibc # Get the ipfs binary, entrypoint script, and TLS CAs from the build container. ENV SRC_DIR /kubo @@ -62,13 +59,6 @@ RUN chmod 4755 /usr/local/bin/fusermount # Fix permissions on start_ipfs (ignore the build machine's permissions) RUN chmod 0755 /usr/local/bin/start_ipfs -# This shared lib (part of glibc) doesn't seem to be included with busybox. -COPY --from=utilities /lib/*-linux-gnu*/libdl.so.2 /lib/ - -# Copy over SSL libraries. -COPY --from=utilities /usr/lib/*-linux-gnu*/libssl.so* /usr/lib/ -COPY --from=utilities /usr/lib/*-linux-gnu*/libcrypto.so* /usr/lib/ - # Swarm TCP; should be exposed to the public EXPOSE 4001 # Swarm UDP; should be exposed to the public