diff --git a/changelog.d/7839.docker b/changelog.d/7839.docker
new file mode 100644
index 0000000000..cdf3c9631c
--- /dev/null
+++ b/changelog.d/7839.docker
@@ -0,0 +1 @@
+Base docker image on Debian Buster rather than Alpine Linux. Contributed by @maquis196.
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 093e89af6c..8b3a4246a5 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -16,35 +16,31 @@ ARG PYTHON_VERSION=3.7
###
### Stage 0: builder
###
-FROM docker.io/python:${PYTHON_VERSION}-alpine3.11 as builder
+FROM docker.io/python:${PYTHON_VERSION}-slim as builder
# install the OS build deps
-RUN apk add \
- build-base \
- libffi-dev \
- libjpeg-turbo-dev \
- libwebp-dev \
- libressl-dev \
- libxslt-dev \
- linux-headers \
- postgresql-dev \
- zlib-dev
-# build things which have slow build steps, before we copy synapse, so that
-# the layer can be cached.
-#
-# (we really just care about caching a wheel here, as the "pip install" below
-# will install them again.)
+RUN apt-get update && apt-get install -y \
+ build-essential \
+ libpq-dev \
+ && rm -rf /var/lib/apt/lists/*
+# Build dependencies that are not available as wheels, to speed up rebuilds
RUN pip install --prefix="/install" --no-warn-script-location \
- cryptography \
- msgpack-python \
- pillow \
- pynacl
+ frozendict \
+ jaeger-client \
+ opentracing \
+ prometheus-client \
+ psycopg2 \
+ pycparser \
+ pyrsistent \
+ pyyaml \
+ simplejson \
+ threadloop \
+ thrift
# now install synapse and all of the python deps to /install.
-
COPY synapse /synapse/synapse/
COPY scripts /synapse/scripts/
COPY MANIFEST.in README.rst setup.py synctl /synapse/
@@ -56,20 +52,13 @@ RUN pip install --prefix="/install" --no-warn-script-location \
### Stage 1: runtime
###
-FROM docker.io/python:${PYTHON_VERSION}-alpine3.11
+FROM docker.io/python:${PYTHON_VERSION}-slim
-# xmlsec is required for saml support
-RUN apk add --no-cache --virtual .runtime_deps \
- libffi \
- libjpeg-turbo \
- libwebp \
- libressl \
- libxslt \
- libpq \
- zlib \
- su-exec \
- tzdata \
- xmlsec
+RUN apt-get update && apt-get install -y \
+ libpq5 \
+ xmlsec1 \
+ gosu \
+ && rm -rf /var/lib/apt/lists/*
COPY --from=builder /install /usr/local
COPY ./docker/start.py /start.py
diff --git a/docker/start.py b/docker/start.py
index 2a25c9380e..9f08134158 100755
--- a/docker/start.py
+++ b/docker/start.py
@@ -120,7 +120,7 @@ def generate_config_from_template(config_dir, config_path, environ, ownership):
if ownership is not None:
subprocess.check_output(["chown", "-R", ownership, "/data"])
- args = ["su-exec", ownership] + args
+ args = ["gosu", ownership] + args
subprocess.check_output(args)
@@ -172,8 +172,8 @@ def run_generate_config(environ, ownership):
# make sure that synapse has perms to write to the data dir.
subprocess.check_output(["chown", ownership, data_dir])
- args = ["su-exec", ownership] + args
- os.execv("/sbin/su-exec", args)
+ args = ["gosu", ownership] + args
+ os.execv("/usr/sbin/gosu", args)
else:
os.execv("/usr/local/bin/python", args)
@@ -189,7 +189,7 @@ def main(args, environ):
ownership = "{}:{}".format(desired_uid, desired_gid)
if ownership is None:
- log("Will not perform chmod/su-exec as UserID already matches request")
+ log("Will not perform chmod/gosu as UserID already matches request")
# In generate mode, generate a configuration and missing keys, then exit
if mode == "generate":
@@ -236,8 +236,8 @@ running with 'migrate_config'. See the README for more details.
args = ["python", "-m", synapse_worker, "--config-path", config_path]
if ownership is not None:
- args = ["su-exec", ownership] + args
- os.execv("/sbin/su-exec", args)
+ args = ["gosu", ownership] + args
+ os.execv("/usr/sbin/gosu", args)
else:
os.execv("/usr/local/bin/python", args)
|
