diff --git a/docker/builder/builder.Dockerfile b/docker/builder/builder.Dockerfile index bdd5cc5dc805f..3b5a0fca2f66e 100644 --- a/docker/builder/builder.Dockerfile +++ b/docker/builder/builder.Dockerfile @@ -4,12 +4,12 @@ FROM rust as rust-base WORKDIR /aptos # Current debian base used in build is bullseye, pin to prevent unexpected changes -RUN echo "deb https://cloudfront.debian.net/debian/ bullseye main contrib" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye + RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ + sed -i 's|http://deb.debian.org/debian|http://cloudfront.debian.net/debian|g' /etc/apt/sources.list && \ apt update && apt-get --no-install-recommends install -y \ cmake \ curl \ diff --git a/docker/builder/debian-base.Dockerfile b/docker/builder/debian-base.Dockerfile index e27cb5c34263d..89d5ad3cdf5df 100644 --- a/docker/builder/debian-base.Dockerfile +++ b/docker/builder/debian-base.Dockerfile @@ -6,6 +6,13 @@ ARG TARGETARCH RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + sed -i 's|http://deb.debian.org/debian|http://cloudfront.debian.net/debian|g' /etc/apt/sources.list && \ + apt-get update && apt-get --no-install-recommends --allow-downgrades -y \ + install \ + ca-certificates + # Add Tini to make sure the binaries receive proper SIGTERM signals when Docker is shut down ADD --chmod=755 https://github.com/krallin/tini/releases/download/v0.19.0/tini-$TARGETARCH /tini -ENTRYPOINT ["/tini", "--"] \ No newline at end of file +ENTRYPOINT ["/tini", "--"] diff --git a/docker/builder/faucet.Dockerfile b/docker/builder/faucet.Dockerfile index ad04a2ad8a76b..5f9738d59f0b9 100644 --- a/docker/builder/faucet.Dockerfile +++ b/docker/builder/faucet.Dockerfile @@ -2,11 +2,11 @@ FROM debian-base AS faucet # Current debian base used in build is bullseye, pin to prevent unexpected changes -RUN echo "deb https://cloudfront.debian.net/debian/ bullseye main contrib" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye + RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ + sed -i 's|http://security.debian.org/debian-security|https://cloudfront.debian.net/debian-security|g' /etc/apt/sources.list && \ apt-get update && apt-get --no-install-recommends install -y \ libssl1.1 \ ca-certificates \ diff --git a/docker/builder/forge.Dockerfile b/docker/builder/forge.Dockerfile index 1e5cdc8c20330..87c82f570a345 100644 --- a/docker/builder/forge.Dockerfile +++ b/docker/builder/forge.Dockerfile @@ -3,11 +3,10 @@ FROM debian-base as forge # Current debian base used in build is bullseye, pin to prevent unexpected changes -RUN echo "deb https://cloudfront.debian.net/debian/ bullseye main contrib" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye + RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install --no-install-recommends -y \ libssl1.1 \ ca-certificates \ diff --git a/docker/builder/indexer-grpc.Dockerfile b/docker/builder/indexer-grpc.Dockerfile index 9b28e869bfd1c..b52b614aec074 100644 --- a/docker/builder/indexer-grpc.Dockerfile +++ b/docker/builder/indexer-grpc.Dockerfile @@ -3,11 +3,10 @@ FROM debian-base AS indexer-grpc # Current debian base used in build is bullseye, pin to prevent unexpected changes -RUN echo "deb https://cloudfront.debian.net/debian/ bullseye main contrib" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye + RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install --no-install-recommends -y \ libssl1.1 \ ca-certificates \ diff --git a/docker/builder/keyless-pepper-service.Dockerfile b/docker/builder/keyless-pepper-service.Dockerfile index fde68bca54f4b..9651af2bdeaec 100644 --- a/docker/builder/keyless-pepper-service.Dockerfile +++ b/docker/builder/keyless-pepper-service.Dockerfile @@ -1,7 +1,7 @@ FROM debian-base AS keyless-pepper-service RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install --no-install-recommends -y \ libssl1.1 \ ca-certificates \ diff --git a/docker/builder/nft-metadata-crawler.Dockerfile b/docker/builder/nft-metadata-crawler.Dockerfile index 1b1d6998740ad..13b88d983bb98 100644 --- a/docker/builder/nft-metadata-crawler.Dockerfile +++ b/docker/builder/nft-metadata-crawler.Dockerfile @@ -5,7 +5,7 @@ FROM indexer-builder FROM debian-base AS nft-metadata-crawler RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install --no-install-recommends -y \ libssl1.1 \ ca-certificates \ diff --git a/docker/builder/node-checker.Dockerfile b/docker/builder/node-checker.Dockerfile index d1743b0145a6e..2854609c7c78c 100644 --- a/docker/builder/node-checker.Dockerfile +++ b/docker/builder/node-checker.Dockerfile @@ -3,11 +3,10 @@ FROM debian-base AS node-checker # Current debian base used in build is bullseye, pin to prevent unexpected changes -RUN echo "deb https://cloudfront.debian.net/debian/ bullseye main contrib" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye + RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install --no-install-recommends -y \ libssl1.1 \ ca-certificates \ diff --git a/docker/builder/telemetry-service.Dockerfile b/docker/builder/telemetry-service.Dockerfile index 5c260d501f347..82dddbe7d0e05 100644 --- a/docker/builder/telemetry-service.Dockerfile +++ b/docker/builder/telemetry-service.Dockerfile @@ -1,11 +1,10 @@ FROM debian-base AS telemetry-service # Current debian base used in build is bullseye, pin to prevent unexpected changes -RUN echo "deb https://cloudfront.debian.net/debian/ bullseye main contrib" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye + RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install --no-install-recommends -y \ libssl1.1 \ ca-certificates \ diff --git a/docker/builder/tools.Dockerfile b/docker/builder/tools.Dockerfile index 382a159516ccd..98ad61c24852f 100644 --- a/docker/builder/tools.Dockerfile +++ b/docker/builder/tools.Dockerfile @@ -1,10 +1,6 @@ ### Tools Image ### FROM debian-base AS tools -# TODO upgrade to bookworm -RUN echo "deb https://cloudfront.debian.net/debian/ bullseye main contrib" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye - RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get --no-install-recommends --allow-downgrades -y \ diff --git a/docker/builder/validator-testing.Dockerfile b/docker/builder/validator-testing.Dockerfile index 8c7099aff557a..d721dc0537285 100644 --- a/docker/builder/validator-testing.Dockerfile +++ b/docker/builder/validator-testing.Dockerfile @@ -3,8 +3,7 @@ FROM debian-base as validator-testing-base # Current debian base used in build is bullseye, pin to prevent unexpected changes -RUN echo "deb https://cloudfront.debian.net/debian/ bullseye main contrib" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye + RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ diff --git a/docker/builder/validator.Dockerfile b/docker/builder/validator.Dockerfile index 61f5249d75310..67176b05e7871 100644 --- a/docker/builder/validator.Dockerfile +++ b/docker/builder/validator.Dockerfile @@ -7,11 +7,10 @@ FROM tools-builder FROM debian-base AS validator # Current debian base used in build is bullseye, pin to prevent unexpected changes -RUN echo "deb https://cloudfront.debian.net/debian/ bullseye main contrib" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye + RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install --no-install-recommends -y \ libssl1.1 \ ca-certificates \