Update Docker base images (#168)

Update Docker base images to debian bookworm. Reduce size of Debian image (remove apt cache) by 10MB And also minor Markdown lint of INSTALL.md --------- Co-authored-by: lwthiker <lwt@lwthiker.com>
2025-08-11 03:09:25 +00:00 · 2023-09-16 10:16:41 +02:00
parent 1e8b50f2ce
commit 172f5185cc
7 changed files with 113 additions and 47 deletions
--- a/Dockerfile.template
+++ b/Dockerfile.template
@@ -1,6 +1,6 @@
 #
 # NOTE: THIS DOCKERFILE IS GENERATED FROM "Dockerfile.template" VIA
-# "generate-dockerfiles.sh".
+# `./generate_dockerfiles.sh`
 #
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
@@ -8,10 +8,10 @@
 {{#debian}}
 # Python is needed for building libnss.
 # Use it as a common base.
-FROM python:3.10.1-slim-bullseye as builder
+FROM python:3.11-slim-bookworm as builder
 {{/debian}}
 {{#alpine}}
-FROM alpine:3.15.0 as builder
+FROM alpine:3.18 as builder
 {{/alpine}}

 WORKDIR /build
@@ -22,7 +22,7 @@ RUN apt-get update && \
    apt-get install -y git ninja-build cmake curl zlib1g-dev
 {{/debian}}
 {{#alpine}}
-RUN apk add git build-base make cmake ninja curl zlib-dev patch linux-headers python3 python3-dev
+RUN apk add git bash build-base make cmake ninja curl zlib-dev patch linux-headers python3 python3-dev
 {{/alpine}}

 # The following are needed because we are going to change some autoconf scripts,
@@ -34,6 +34,16 @@ RUN apt-get install -y autoconf automake autotools-dev pkg-config libtool
 RUN apk add autoconf automake pkgconfig libtool
 {{/alpine}}

+{{#debian}}
+# Dependencies for downloading and building nghttp2
+RUN apt-get install -y bzip2
+{{/debian}}
+
+{{#debian}}
+# Dependencies for downloading and building curl
+RUN apt-get install -y xz-utils
+{{/debian}}
+
 {{#firefox}}
 # Dependencies for building libnss
 # See https://firefox-source-docs.mozilla.org/security/nss/build.html#mozilla-projects-nss-building
@@ -98,7 +108,9 @@ COPY patches/boringssl-*.patch boringssl/
 RUN cd boringssl && \
    for p in $(ls boringssl-*.patch); do patch -p1 < $p; done && \
    mkdir build && cd build && \
-    cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_POSITION_INDEPENDENT_CODE=on -GNinja .. && \
+    cmake \
+        -DCMAKE_C_FLAGS="-Wno-error=array-bounds -Wno-error=stringop-overflow" \
+        -DCMAKE_BUILD_TYPE=Release -DCMAKE_POSITION_INDEPENDENT_CODE=on -GNinja .. && \
    ninja

 # Fix the directory structure so that curl can compile against it.
@@ -229,7 +241,7 @@ RUN chmod +x out/curl_*
 # Create a final, minimal image with the compiled binaries
 # only.
 {{#alpine}}
-FROM alpine:3.15.0
+FROM alpine:3.18
 {{#firefox}}
 # curl tries to load the CA certificates for libnss.
 # It loads them from /usr/lib/libnssckbi.so,
@@ -238,14 +250,15 @@ RUN apk add --no-cache nss
 {{/firefox}}
 {{/alpine}}
 {{#debian}}
-FROM debian:bullseye-slim
-RUN apt-get update && apt-get install -y ca-certificates
+FROM debian:bookworm-slim
+RUN apt-get update && apt-get install -y ca-certificates \
 {{#firefox}}
 # curl tries to load the CA certificates for libnss.
 # It loads them from /usr/lib/libnssckbi.so and /usr/lib/libnsspem.so,
 # which are supplied by 'libnss3' and 'nss-plugin-pem' on debian.
-RUN apt-get install -y libnss3 nss-plugin-pem
+    libnss3 nss-plugin-pem \
 {{/firefox}}
+    && rm -rf /var/lib/apt/lists/*
 {{/debian}}
 # Copy curl-impersonate from the builder image
 COPY --from=builder /build/install /usr/local