alpine linux as base image

2025-04-21 20:36:58 +00:00 · 2025-03-12 00:49:19 +07:00 · 2025-03-12 00:49:19 +07:00 · e4e88fd644
commit e4e88fd644
parent f71a71c01d
4 changed files with 71 additions and 20 deletions
--- a/33
+++ b/33
@ -1,18 +1,25 @@
 ## builder
-FROM debian:12 as builder
+FROM alpine:3.21 as builder
 LABEL image="ripe-atlas-builder"
 ARG DEBIAN_FRONTEND=noninteractive
 ARG GIT_URL=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git
-WORKDIR /tmp
+COPY alpinelinux-fix-sys-reboot.patch /tmp/alpinelinux-fix-sys-reboot.patch
-RUN apt-get update -y && \
+WORKDIR /
-        apt-get install -y git build-essential debhelper libssl-dev autotools-dev psmisc net-tools
+
 RUN apk update && \
 		apk upgrade && \
        apk add git alpine-sdk openssl-dev autoconf automake libtool linux-headers musl-dev psmisc net-tools
 RUN git clone --recursive "$GIT_URL" /tmp/ripe-atlas-software-probe
 WORKDIR /tmp/ripe-atlas-software-probe
 # version 5100
 RUN git checkout 5100
 # APPLY Alpine Linux specific patch
 RUN git apply /tmp/alpinelinux-fix-sys-reboot.patch
 RUN autoreconf -iv
 RUN ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib64 --runstatedir=/run --with-user=ripe-atlas --with-group=ripe-atlas --with-measurement-user=ripe-atlas --disable-systemd --enable-chown --enable-setcap-install
 RUN make
@ -24,21 +31,20 @@ LABEL image="ripe-atlas-artifacts"
 COPY --from=builder /tmp/ripe-atlas-software-probe /
 ## the actual image
-FROM debian:12
+FROM alpine:3.21
 LABEL maintainer="dockerhub@public.swineson.me"
 LABEL image="ripe-atlas"
 COPY --from=builder /tmp/ripe-atlas-software-probe /tmp/ripe-atlas-software-probe
 ARG ATLAS_UID=101
-ARG ATLAS_MEAS_UID=102
+ARG ATLAS_GID=656
 ARG ATLAS_GID=999
 RUN ln -s /bin/true /bin/systemctl \
 	&& adduser --system --uid $ATLAS_UID ripe-atlas \
-	&& groupadd --force --system --gid $ATLAS_GID ripe-atlas \
+	&& addgroup --system --gid $ATLAS_GID ripe-atlas \
-	&& apt-get update -y \
+	&& apk update \
-	&& apt-get install -y libcap2-bin iproute2 openssh-client procps net-tools tini debhelper libssl-dev autotools-dev psmisc opensysusers
+	&& apk upgrade \
-
+	&& apk add libcap iproute2 openssh-client procps net-tools tini openssl-dev autoconf automake psmisc alpine-sdk libtool linux-headers bash setpriv
 WORKDIR /tmp/ripe-atlas-software-probe
 RUN make install
@ -46,11 +52,8 @@ RUN make install
 COPY entrypoint.sh /usr/local/bin
 RUN chmod +x /usr/local/bin/* \
 	&& rm -rf /var/lib/apt/lists/* \
 	&& rm -rf /tmp/ripe-atlas-software-probe \
-	&& mkdir -p /opt/ripe-atlas \
+	&& apk del autoconf automake psmisc alpine-sdk libtool linux-headers
 	&& chown -R ripe-atlas:ripe-atlas /opt/ripe-atlas \
 	&& chmod 777 /opt/ripe-atlas
 WORKDIR /
 VOLUME [ "/etc/ripe-atlas", "/run/ripe-atlas/status", "/var/spool/ripe-atlas" ]
--- a/alpinelinux-fix-sys-reboot.patch
+++ b/alpinelinux-fix-sys-reboot.patch
@ -0,0 +1,16 @@
 This patch is intended to fix reboot.h implict declaration issue when compile on Alpine Linux
 Based on : https://github.com/RIPE-NCC/ripe-atlas-software-probe/pull/118
 diff --git a/probe-busybox/networking/telnetd.c b/probe-busybox/networking/telnetd.c
 index 543de5a..8a67651 100644
 --- a/probe-busybox/networking/telnetd.c
 +++ b/probe-busybox/networking/telnetd.c
@@ -134,6 +134,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <linux/reboot.h>
 +#include <sys/reboot.h>
 #define LOGIN_PREFIX	"Atlas probe, see http://atlas.ripe.net/\r\n\r\n"
 #define LOGIN_PROMPT	" login: "
--- a/docker-compose-ipv6.yaml
+++ b/docker-compose-ipv6.yaml
@ -0,0 +1,35 @@
 services:
  ripe-atlas:
    image: ghcr.io/minoplhy/docker-ripe-atlas:latest
    restart: always
    environment:
      RXTXRPT: "yes"
    volumes:
      - "./etc:/etc/ripe-atlas"
      - "./run:/run/ripe-atlas/status"
      - ./spool:/var/spool/ripe-atlas
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETUID
      - SETGID
      - DAC_OVERRIDE
      - NET_RAW
    networks:
      - atlas-network
    mem_limit: "64000000000"
    mem_reservation: 64m
    labels:
      - "traefik.enable=false"
      - "com.centurylinklabs.watchtower.enable=true"
    logging:
      driver: json-file
      options:
         max-size: 10m
    # network_mode: "host" # if possible, avoid double NAT
    # security_opt:
    #   - seccomp:unconfined
 networks:
  atlas-network:
    enable_ipv6: true
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -7,10 +7,7 @@ if ! sleep 0 >/dev/null 2>&1; then
 fi
 export ATLAS_UID="${ATLAS_UID:-101}"
-export ATLAS_GID="${ATLAS_GID:-999}"
+export ATLAS_GID="${ATLAS_GID:-656}"
 usermod -u $ATLAS_UID ripe-atlas
 groupmod -g $ATLAS_GID ripe-atlas
 # create essential files and fix permission
 mkdir -p /var/spool/ripe-atlas
@ -27,4 +24,4 @@ chown -R ripe-atlas:ripe-atlas /etc/ripe-atlas || true
 # (init) set atlas mode to prod
 echo "prod" > /etc/ripe-atlas/mode || true
-exec setpriv --reuid=$ATLAS_UID --regid=$ATLAS_GID --init-groups "$@"
+exec setpriv --reuid $ATLAS_UID --regid $ATLAS_GID --init-groups "$@"