Reliable way of installing dumb-init in a container
samrocketman opened this issue · 3 comments
Most of the dumb-init examples I see on the internet make a poor assumption that downloads do not corrupt. Here's a simple example I use in my Alpine Linux containers.
# container init
RUN wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 && \
echo "057ecd4ac1d3c3be31f82fc0848bf77b1326a975b4f8423fe31607205a0fe945 /usr/local/bin/dumb-init" | sha256sum -c - && \
chmod 755 /usr/local/bin/dumb-init
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]If the download corrupts then the sha256sum will fail which would fail a docker image build (properly).
The above example works on the base 2MB alpine:latest image. It is fairly portable to nearly any Linux distribution regardless of its package manager.
I chose /bin rather than /sbin because I don't assume the container entrypoint will run as root user.
This can be closed after the mods read it.
Out of curiosity, have you been seeing corrupt downloads? I'd sort of expect HTTPS to reliably protect against most kinds of transit errors, so I'm kind of surprised if there's lots of corruption happening during the download -- would be interesting to figure out where it comes from (error from the CDN? memory or disk error locally? both seem like they should be pretty rare).
I've not experienced corrupt downloads in general. But there's never any guarantee. Even something as simple as disk corruption can corrupt a download so I tend to checksum in general; especially systems meant to be running software in production.