Skip to content

Commit 9f51159

Browse files
maltesandermaltesander
committed
improve chmod/chown to reduce image size
1 parent be2eacf commit 9f51159

File tree

1 file changed

+13
-13
lines changed

1 file changed

+13
-13
lines changed

trino/Dockerfile

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -54,13 +54,16 @@ rm -r /stackable/trino-server-${PRODUCT}-src/plugin/*/target /stackable/trino-se
5454
# while the raw output folder does not
5555
tar -xzf /stackable/trino-server-${PRODUCT}-src/core/trino-server/target/trino-server-${PRODUCT}.tar.gz -C /stackable
5656
mv /stackable/trino-server-${PRODUCT}-src/core/trino-server/target/bom.json /stackable/trino-server-${PRODUCT}/trino-server-${PRODUCT}.cdx.json
57-
chown --recursive ${STACKABLE_USER_UID}:0 /stackable/trino-server-${PRODUCT}
5857

5958
# Delete all intermediate build products to free some more space
6059
rm -r /stackable/trino-server-${PRODUCT}-src
60+
61+
# We need to change group and not in the final image (file changes bloat images)
62+
chmod -R g=u /stackable
6163
EOF
6264

6365
COPY --from=trino-storage-connector-image /stackable/trino-storage-${PRODUCT}-src/target/trino-storage-${PRODUCT} /stackable/trino-server-${PRODUCT}/plugin/trino-storage-${PRODUCT}
66+
RUN chmod -R g=u /stackable/trino-server-${PRODUCT}/plugin/trino-storage-${PRODUCT}
6467
# For earlier versions this script removes the .class file that contains the
6568
# vulnerable code.
6669
# TODO: This can be restricted to target only versions which do not honor the environment
@@ -86,12 +89,12 @@ ARG RELEASE
8689
ARG STACKABLE_USER_UID
8790

8891
LABEL name="Trino" \
89-
maintainer="[email protected]" \
90-
vendor="Stackable GmbH" \
91-
version="${PRODUCT}" \
92-
release="${RELEASE}" \
93-
summary="The Stackable image for Trino." \
94-
description="This image is deployed by the Stackable Operator for Trino."
92+
maintainer="[email protected]" \
93+
vendor="Stackable GmbH" \
94+
version="${PRODUCT}" \
95+
release="${RELEASE}" \
96+
summary="The Stackable image for Trino." \
97+
description="This image is deployed by the Stackable Operator for Trino."
9598

9699
RUN microdnf update && \
97100
microdnf install \
@@ -108,19 +111,16 @@ WORKDIR /stackable
108111
COPY --chown=${STACKABLE_USER_UID}:0 trino/stackable /stackable
109112
COPY --chown=${STACKABLE_USER_UID}:0 trino/licenses /licenses
110113

111-
COPY --from=trino-builder /stackable/trino-server-${PRODUCT} /stackable/trino-server-${PRODUCT}
114+
COPY --from=trino-builder --chown=${STACKABLE_USER_UID}:0 /stackable/trino-server-${PRODUCT} /stackable/trino-server-${PRODUCT}
112115

113116
RUN <<EOF
114117
ln -s /stackable/trino-server-${PRODUCT} /stackable/trino-server
115118

116119
curl --fail https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar -o /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar
117120
chmod +x /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar
121+
chmod g=u /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar
122+
chown ${STACKABLE_USER_UID}:0 /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar
118123
ln -s /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar /stackable/jmx/jmx_prometheus_javaagent.jar
119-
120-
# All files and folders owned by root group to support running as arbitrary users.
121-
# This is best practice as all container users will belong to the root group (0).
122-
chown -R ${STACKABLE_USER_UID}:0 /stackable
123-
chmod -R g=u /stackable
124124
EOF
125125

126126
# ----------------------------------------

0 commit comments

Comments
 (0)