From a11da39e1fb9c4d6d336d83aae6a58238d8a4a98 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Thu, 17 Oct 2019 10:26:31 -0400
Subject: [pkg] Fix up multi-stage Dockerfile

. Stop installing geoipupdate in first stage
. Remove apt package lists when finished to reduce size
. Remove bash tricks done for reducing layer sizes, they are removed due to
multi-stage
. Replace RUN mkdir with WORKDIR
. Install ca-certificatges in second stage, as its needed to authenticate the
remote server the geoip database is pulled from
. Switch to RUN cp for the GEOIP.conf.default
. Run geoipupdate in second stage to seed the database, without it, getmyip will
fail to start
---
 Dockerfile | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d60ce64..582b214 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,22 @@
 FROM debian:stable AS build
-RUN echo 'deb http://deb.debian.org/debian buster contrib' > /etc/apt/sources.list.d/contrib.list
-RUN apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends build-essential pkg-config golang-go git ca-certificates geoipupdate
+RUN apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    build-essential pkg-config golang-go git ca-certificates \
+&& rm -rf /var/lib/apt/lists/*
 
+# don't need to do bash tricks to keep the layers small, as this is a multi-stage build
 ENV GOPATH=/go
-RUN mkdir $GOPATH && \
-    go get 0xacab.org/leap/getmyip && \
-    strip $GOPATH/bin/getmyip
+WORKDIR $GOPATH
+RUN go get 0xacab.org/leap/getmyip
+RUN strip $GOPATH/bin/getmyip
 
 FROM debian:stable
 RUN echo 'deb http://deb.debian.org/debian buster contrib' > /etc/apt/sources.list.d/contrib.list
-RUN apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends geoipupdate
-COPY --from=build /usr/share/doc/geoipupdate/examples/GeoIP.conf.default /etc/GeoIP.conf
+RUN apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    geoipupdate ca-certificates \
+&& rm -rf /var/lib/apt/lists/*
+
+RUN cp /usr/share/doc/geoipupdate/examples/GeoIP.conf.default /etc/GeoIP.conf
+RUN /usr/bin/geoipupdate
 COPY --from=build /go/bin/getmyip /usr/local/bin/getmyip
 
 ENTRYPOINT ["/usr/local/bin/getmyip", "-notls"]
-- 
cgit v1.2.3