From f125ad2319d02e7a1478f9b661692f04bf7b7a50 Mon Sep 17 00:00:00 2001 From: Leo Herran Date: Thu, 17 Mar 2022 10:07:53 -0700 Subject: [PATCH] Update Dockerfiles --- al2/x86_64/standard/2.0/Dockerfile | 90 +++++++++++++------------- al2/x86_64/standard/3.0/Dockerfile | 100 +++++++++++++++-------------- ubuntu/standard/3.0/Dockerfile | 74 ++++++++++----------- ubuntu/standard/4.0/Dockerfile | 79 ++++++++++++----------- ubuntu/standard/5.0/Dockerfile | 85 ++++++++++++++---------- 5 files changed, 228 insertions(+), 200 deletions(-) diff --git a/al2/x86_64/standard/2.0/Dockerfile b/al2/x86_64/standard/2.0/Dockerfile index 1b0ae6ea..b7677d64 100644 --- a/al2/x86_64/standard/2.0/Dockerfile +++ b/al2/x86_64/standard/2.0/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2019-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# Copyright 2019-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. # A copy of the License is located at @@ -13,8 +13,10 @@ FROM public.ecr.aws/amazonlinux/amazonlinux:2 AS core # Install git, SSH, and other utilities RUN set -ex \ - && yum install -yq openssh-clients \ + && yum install -y -q openssh-clients \ && mkdir ~/.ssh \ + && mkdir -p /opt/tools \ + && mkdir -p /codebuild/image/config \ && touch ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \ @@ -23,8 +25,8 @@ RUN set -ex \ && rpm --import https://download.mono-project.com/repo/xamarin.gpg \ && curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo \ && amazon-linux-extras enable corretto8 \ - && yum groupinstall -yq "Development tools" \ - && yum install -yq \ + && yum groupinstall -y -q "Development tools" \ + && yum install -y -q \ GeoIP-devel ImageMagick asciidoc bzip2-devel bzr bzrtools cvs cvsps \ docbook-dtds docbook-style-xsl dpkg-dev e2fsprogs expat-devel expect fakeroot \ glib2-devel groff gzip icu iptables jq krb5-server libargon2-devel \ @@ -54,12 +56,12 @@ RUN set -ex \ && cd git-$GIT_VERSION \ && make -j4 prefix=/usr \ && make install prefix=/usr \ - && cd .. ; rm -rf git-$GIT_VERSION \ + && cd .. && rm -rf git-$GIT_VERSION \ && rm -rf $GIT_TAR_FILE /tmp/* # Install Firefox RUN set -ex \ - && yum install -yq gtk3-devel dbus-glib-devel \ + && yum install -y -q gtk3-devel dbus-glib-devel \ && wget -qO ~/FirefoxSetup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64" \ && tar xjf ~/FirefoxSetup.tar.bz2 -C /opt/ \ && ln -s /opt/firefox/firefox /usr/local/bin/firefox \ @@ -77,7 +79,7 @@ RUN set -ex \ # Install Chromium RUN set -ex \ - && yum install -yq chromium + && yum install -y -q chromium # Install ChromeDriver RUN set -ex \ @@ -96,9 +98,7 @@ RUN set -ex \ && STUNNEL_VERSION=5.56 \ && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ && STUNNEL_SHA256="7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22" \ - && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR \ - && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum -c - \ - && tar xfz $STUNNEL_TAR \ + && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ && cd stunnel-$STUNNEL_VERSION \ && ./configure \ && make -j4 \ @@ -106,7 +106,7 @@ RUN set -ex \ && openssl genrsa -out key.pem 2048 \ && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ - && cd .. ; rm -rf stunnel-${STUNNEL_VERSION}* + && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* # AWS Tools # https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html @@ -117,7 +117,7 @@ RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-we # Configure SSM RUN set -ex \ - && yum install -yq https://s3.amazonaws.com/amazon-ssm-us-east-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm + && yum install -y -q https://s3.amazonaws.com/amazon-ssm-us-east-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm # Install env tools for runtimes ## Dotnet @@ -162,7 +162,7 @@ ENV GOPATH="/go" FROM tools AS runtimes_1 #**************** JAVA **************************************************** -COPY tools/android-accept-licenses.sh /opt/tools/android-accept-licenses.sh +RUN cat tools/android-accept-licenses.sh > /opt/tools/android-accept-licenses.sh && chmod 755 /opt/tools/android-accept-licenses.sh ENV JAVA_11_HOME="/opt/jvm/amazon-corretto-11" \ JDK_11_HOME="/opt/jvm/amazon-corretto-11" \ @@ -175,7 +175,7 @@ ENV JAVA_11_HOME="/opt/jvm/amazon-corretto-11" \ MAVEN_VERSION=3.6.3 \ INSTALLED_GRADLE_VERSIONS="4.10.3 5.4.1" \ GRADLE_VERSION=5.4.1 \ - SBT_VERSION=1.2.8 \ + SBT_VERSION=1.6.1 \ JDK_VERSION=11.0.5.10.1 \ ANDROID_HOME="/usr/local/android-sdk-linux" \ GRADLE_PATH="$SRC_DIR/gradle" \ @@ -190,7 +190,8 @@ ENV JAVA_11_HOME="/opt/jvm/amazon-corretto-11" \ MAVEN_DOWNLOAD_SHA512="c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0" \ GRADLE_DOWNLOADS_SHA256="14cd15fc8cc8705bd69dcfa3c8fefb27eb7027f5de4b47a8b279218f76895a91 5.4.1\n336b6898b491f6334502d8074a6b8c2d73ed83b92123106bd4bf837f04111043 4.10.3" \ ANDROID_SDK_MANAGER_SHA256="92ffee5a1d98d856634e8b71132e8a95d96c83a63fde1099be3d86df3106def9" \ - SBT_DOWNLOAD_SHA256="9bb9212541176d6fcce7bd12e4cf8a9c9649f5b63f88b3aff474e0b02c7cfe58" + SBT_DOWNLOAD_SHA256="60286bf1b875b31e2955f8a699888cd2612e9afd94d03cde0a2e71efd7492ffc" \ + LOG4J_UNSAFE_VERSIONS="2.11.1 1.2.8" ARG MAVEN_CONFIG_HOME="/root/.m2" ENV JDK_DOWNLOAD_TAR="amazon-corretto-${JDK_VERSION}-linux-x64.tar.gz" \ @@ -203,7 +204,7 @@ ENV JDK_DOWNLOAD_URL="https://d3pxv6yz143wms.cloudfront.net/${JDK_VERSION}/${JDK RUN set -ex \ # Install Amazon Corretto 8 - && yum install -yq java-1.8.0-amazon-corretto-devel \ + && yum install -y -q java-1.8.0-amazon-corretto-devel \ # Ensure Java cacerts symlink points to valid location && update-ca-trust @@ -275,9 +276,11 @@ RUN set -ex \ && curl -fSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" -o sbt.tgz \ && echo "${SBT_DOWNLOAD_SHA256} *sbt.tgz" | sha256sum -c - \ && tar xzf sbt.tgz -C /usr/local/bin/ \ - && rm sbt.tgz + && rm sbt.tgz \ + && for version in $LOG4J_UNSAFE_VERSIONS; do find / -name log4j*-$version.jar | xargs rm -f; done + ENV PATH "/usr/local/bin/sbt/bin:$PATH" -RUN sbt version +RUN sbt version -Dsbt.rootdir=true # Cleanup RUN rm -fr /tmp/* /var/tmp/* #**************** END JAVA **************************************************** @@ -309,9 +312,10 @@ ENV NODE_10_VERSION="10.19.0" RUN n $NODE_10_VERSION && npm install --save-dev -g -f grunt && npm install --save-dev -g -f grunt-cli && npm install --save-dev -g -f webpack \ && curl -sSL https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo \ && rpm --import https://dl.yarnpkg.com/rpm/pubkey.gpg \ - && yum install -yq yarn \ + && yum install -y https://download-ib01.fedoraproject.org/pub/epel/8/Modular/x86_64/Packages/l/libuv-1.43.0-2.module_el8+13774+f8c1f5a5.x86_64.rpm \ + && yum install -y -q yarn \ && yarn --version \ - && cd / && rm -rf $N_SRC_DIR; rm -rf /tmp/* + && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* #**************** END NODEJS **************************************************** @@ -319,7 +323,7 @@ RUN n $NODE_10_VERSION && npm install --save-dev -g -f grunt && npm install --s ENV RUBY_26_VERSION="2.6.5" -RUN rbenv install $RUBY_26_VERSION; rm -rf /tmp/*; rbenv global $RUBY_26_VERSION;ruby -v +RUN rbenv install $RUBY_26_VERSION && rm -rf /tmp/* && rbenv global $RUBY_26_VERSION && ruby -v #**************** END RUBY ***************************************************** @@ -328,8 +332,8 @@ ENV PYTHON_37_VERSION="3.7.10" ENV PYTHON_PIP_VERSION=21.1.2 ENV PYYAML_VERSION=5.4.1 -COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_37_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_37_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ @@ -341,8 +345,8 @@ RUN set -ex \ #**************** PHP **************************************************** ENV PHP_73_VERSION="7.3.13" -COPY tools/runtime_configs/php/$PHP_73_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION -RUN phpenv install $PHP_73_VERSION; rm -rf /tmp/*; phpenv global $PHP_73_VERSION +RUN cat tools/runtime_configs/php/$PHP_73_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION +RUN phpenv install $PHP_73_VERSION && rm -rf /tmp/* && phpenv global $PHP_73_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_73_VERSION/etc/conf.d/memory.ini" # Install Composer globally @@ -356,10 +360,9 @@ ENV GOLANG_13_VERSION="1.13.15" \ ENV GOENV_DISABLE_GOPATH=1 ENV GOPATH="/go" -RUN goenv install $GOLANG_12_VERSION; rm -rf /tmp/* +RUN goenv install $GOLANG_12_VERSION && rm -rf /tmp/* -RUN goenv install $GOLANG_13_VERSION; rm -rf /tmp/*; \ - goenv global $GOLANG_13_VERSION +RUN goenv install $GOLANG_13_VERSION && rm -rf /tmp/* && goenv global $GOLANG_13_VERSION RUN go get -u github.com/golang/dep/cmd/dep #**************** END GOLANG **************************************************** @@ -367,14 +370,14 @@ RUN go get -u github.com/golang/dep/cmd/dep #=======================End of layer: runtimes_1 ================= FROM runtimes_1 AS runtimes_2 -#Docker 19 +#Docker 20 ENV DOCKER_BUCKET="download.docker.com" \ DOCKER_CHANNEL="stable" \ DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \ DOCKER_COMPOSE_VERSION="1.24.0" -ENV DOCKER_SHA256="caf74e54b58c0b38bb4d96c8f87665f29b684371c9a325562a3904b8c389995e" -ENV DOCKER_VERSION="20.10.9" +ENV DOCKER_SHA256="dd6ff72df1edfd61ae55feaa4aadb88634161f0aa06dbaaf291d1be594099ff3" +ENV DOCKER_VERSION="20.10.11" VOLUME /var/lib/docker @@ -397,8 +400,8 @@ RUN set -ex \ #Python 3.8 ENV PYTHON_38_VERSION="3.8.10" -COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_38_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_38_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ @@ -408,8 +411,8 @@ RUN set -ex \ #Python 3.9 ENV PYTHON_39_VERSION="3.9.5" -COPY tools/runtime_configs/python/$PYTHON_39_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_39_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_39_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ @@ -456,14 +459,15 @@ ENV MAVEN_CONFIG=$MAVEN_CONFIG_HOME ENV DEBIAN_FRONTEND="noninteractive" # Configure SSH -COPY ssh_config /root/.ssh/config -COPY runtimes.yml /codebuild/image/config/runtimes.yml -COPY dockerd-entrypoint.sh /usr/local/bin/ -COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc -COPY legal/bill_of_material.txt /usr/share/doc -COPY amazon-ssm-agent.json /etc/amazon/ssm/ - -ENTRYPOINT ["dockerd-entrypoint.sh"] +RUN cat ssh_config > /root/.ssh/config +RUN cat runtimes.yml > /codebuild/image/config/runtimes.yml +RUN cat dockerd-entrypoint.sh > /usr/local/bin/dockerd-entrypoint.sh +RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh +RUN cat legal/THIRD_PARTY_LICENSES.txt > /usr/share/doc/THIRD_PARTY_LICENSES.txt +RUN cat legal/bill_of_material.txt > /usr/share/doc/bill_of_material.txt +RUN cat amazon-ssm-agent.json > /etc/amazon/ssm/amazon-ssm-agent.json + +ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"] #=======================End of layer: al2_v1 ================= diff --git a/al2/x86_64/standard/3.0/Dockerfile b/al2/x86_64/standard/3.0/Dockerfile index fb9c87a3..5635362b 100644 --- a/al2/x86_64/standard/3.0/Dockerfile +++ b/al2/x86_64/standard/3.0/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# Copyright 2020-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. # A copy of the License is located at @@ -13,8 +13,10 @@ FROM public.ecr.aws/amazonlinux/amazonlinux:2 AS core # Install git, SSH, and other utilities RUN set -ex \ - && yum install -yq openssh-clients \ + && yum install -y -q openssh-clients \ && mkdir ~/.ssh \ + && mkdir -p /opt/tools \ + && mkdir -p /codebuild/image/config \ && touch ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \ @@ -24,8 +26,8 @@ RUN set -ex \ && curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo \ && amazon-linux-extras enable corretto8 \ && amazon-linux-extras enable docker \ - && yum groupinstall -yq "Development tools" \ - && yum install -yq \ + && yum groupinstall -y -q "Development tools" \ + && yum install -y -q \ GeoIP-devel ImageMagick asciidoc bzip2-devel bzr bzrtools cvs cvsps \ docbook-dtds docbook-style-xsl dpkg-dev e2fsprogs expat-devel expect fakeroot \ glib2-devel groff gzip icu iptables jq krb5-server libargon2-devel \ @@ -56,12 +58,12 @@ RUN set -ex \ && cd git-$GIT_VERSION \ && make -j4 prefix=/usr \ && make install prefix=/usr \ - && cd .. ; rm -rf git-$GIT_VERSION \ + && cd .. && rm -rf git-$GIT_VERSION \ && rm -rf $GIT_TAR_FILE /tmp/* # Install Firefox RUN set -ex \ - && yum install -yq gtk3-devel dbus-glib-devel \ + && yum install -y -q gtk3-devel dbus-glib-devel \ && wget -qO ~/FirefoxSetup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64" \ && tar xjf ~/FirefoxSetup.tar.bz2 -C /opt/ \ && ln -s /opt/firefox/firefox /usr/local/bin/firefox \ @@ -79,7 +81,7 @@ RUN set -ex \ # Install Chromium RUN set -ex \ - && yum install -yq chromium + && yum install -y -q chromium # Install ChromeDriver RUN set -ex \ @@ -98,9 +100,7 @@ RUN set -ex \ && STUNNEL_VERSION=5.56 \ && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ && STUNNEL_SHA256="7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22" \ - && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR \ - && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum -c - \ - && tar xfz $STUNNEL_TAR \ + && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ && cd stunnel-$STUNNEL_VERSION \ && ./configure \ && make -j4 \ @@ -108,7 +108,7 @@ RUN set -ex \ && openssl genrsa -out key.pem 2048 \ && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ - && cd .. ; rm -rf stunnel-${STUNNEL_VERSION}* + && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* # AWS Tools # https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html @@ -120,7 +120,7 @@ RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3.us-we # Configure SSM RUN set -ex \ - && yum install -yq https://s3.amazonaws.com/amazon-ssm-us-east-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm + && yum install -y -q https://s3.amazonaws.com/amazon-ssm-us-east-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm # Install env tools for runtimes ## Dotnet @@ -165,7 +165,7 @@ ENV GOPATH="/go" FROM tools AS runtimes_1 #**************** JAVA **************************************************** -COPY tools/android-accept-licenses.sh /opt/tools/android-accept-licenses.sh +RUN cat tools/android-accept-licenses.sh > /opt/tools/android-accept-licenses.sh && chmod 755 /opt/tools/android-accept-licenses.sh ENV JAVA_11_HOME="/usr/lib/jvm/java-11-amazon-corretto.x86_64" \ JDK_11_HOME="/usr/lib/jvm/java-11-amazon-corretto.x86_64" \ @@ -178,7 +178,7 @@ ENV JAVA_11_HOME="/usr/lib/jvm/java-11-amazon-corretto.x86_64" \ MAVEN_VERSION=3.6.3 \ INSTALLED_GRADLE_VERSIONS="4.10.3 5.6.4" \ GRADLE_VERSION=5.6.4 \ - SBT_VERSION=1.2.8 \ + SBT_VERSION=1.6.1 \ ANDROID_HOME="/usr/local/android-sdk-linux" \ GRADLE_PATH="$SRC_DIR/gradle" \ ANDROID_SDK_MANAGER_VER="4333796" \ @@ -191,7 +191,8 @@ ENV JAVA_11_HOME="/usr/lib/jvm/java-11-amazon-corretto.x86_64" \ MAVEN_DOWNLOAD_SHA512="c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0" \ GRADLE_DOWNLOADS_SHA256="abc10bcedb58806e8654210f96031db541bcd2d6fc3161e81cb0572d6a15e821 5.6.4\n336b6898b491f6334502d8074a6b8c2d73ed83b92123106bd4bf837f04111043 4.10.3" \ ANDROID_SDK_MANAGER_SHA256="92ffee5a1d98d856634e8b71132e8a95d96c83a63fde1099be3d86df3106def9" \ - SBT_DOWNLOAD_SHA256="9bb9212541176d6fcce7bd12e4cf8a9c9649f5b63f88b3aff474e0b02c7cfe58" + SBT_DOWNLOAD_SHA256="60286bf1b875b31e2955f8a699888cd2612e9afd94d03cde0a2e71efd7492ffc" \ + LOG4J_UNSAFE_VERSIONS="2.11.1 1.2.8" ARG MAVEN_CONFIG_HOME="/root/.m2" ENV JAVA_HOME="$JAVA_11_HOME" \ @@ -202,7 +203,7 @@ ENV PATH="${PATH}:/opt/tools:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${A RUN set -ex \ # Install Amazon Corretto 8 - && yum install -yq java-1.8.0-amazon-corretto-devel \ + && yum install -y -q java-1.8.0-amazon-corretto-devel \ # Ensure Java cacerts symlink points to valid location && update-ca-trust @@ -225,7 +226,7 @@ RUN set -x\ RUN set -x \ # Install Amazon Corretto 11 # Note: We will use update-alternatives to make sure JDK11 has higher priority for all the tools - && yum install -yq java-11-amazon-corretto \ + && yum install -y -q java-11-amazon-corretto \ && for tool_path in $JAVA_HOME/bin/*; do \ tool=`basename $tool_path`; \ update-alternatives --install /usr/bin/$tool $tool $tool_path 10000; \ @@ -270,9 +271,11 @@ RUN set -ex \ && curl -fSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" -o sbt.tgz \ && echo "${SBT_DOWNLOAD_SHA256} *sbt.tgz" | sha256sum -c - \ && tar xzf sbt.tgz -C /usr/local/bin/ \ - && rm sbt.tgz + && rm sbt.tgz \ + && for version in $LOG4J_UNSAFE_VERSIONS; do find / -name log4j*-$version.jar | xargs rm -f; done + ENV PATH "/usr/local/bin/sbt/bin:$PATH" -RUN sbt version +RUN sbt version -Dsbt.rootdir=true # Cleanup RUN rm -fr /tmp/* /var/tmp/* #**************** END JAVA **************************************************** @@ -304,9 +307,10 @@ ENV NODE_10_VERSION="10.24.1" RUN n $NODE_10_VERSION && npm install --save-dev -g -f grunt && npm install --save-dev -g -f grunt-cli && npm install --save-dev -g -f webpack \ && curl -sSL https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo \ && rpm --import https://dl.yarnpkg.com/rpm/pubkey.gpg \ - && yum install -yq yarn \ + && yum install -y https://download-ib01.fedoraproject.org/pub/epel/8/Modular/x86_64/Packages/l/libuv-1.43.0-2.module_el8+13774+f8c1f5a5.x86_64.rpm \ + && yum install -y -q yarn \ && yarn --version \ - && cd / && rm -rf $N_SRC_DIR; rm -rf /tmp/* + && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* #**************** END NODEJS **************************************************** @@ -314,7 +318,7 @@ RUN n $NODE_10_VERSION && npm install --save-dev -g -f grunt && npm install --s ENV RUBY_26_VERSION="2.6.6" -RUN rbenv install $RUBY_26_VERSION; rm -rf /tmp/*; rbenv global $RUBY_26_VERSION;ruby -v +RUN rbenv install $RUBY_26_VERSION && rm -rf /tmp/* && rbenv global $RUBY_26_VERSION && ruby -v #**************** END RUBY ***************************************************** @@ -323,8 +327,8 @@ ENV PYTHON_37_VERSION="3.7.10" ENV PYTHON_PIP_VERSION=21.1.2 ENV PYYAML_VERSION=5.4.1 -COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_37_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_37_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ @@ -336,8 +340,8 @@ RUN set -ex \ #**************** PHP **************************************************** ENV PHP_73_VERSION="7.3.19" -COPY tools/runtime_configs/php/$PHP_73_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION -RUN phpenv install $PHP_73_VERSION; rm -rf /tmp/*; phpenv global $PHP_73_VERSION +RUN cat tools/runtime_configs/php/$PHP_73_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION +RUN phpenv install $PHP_73_VERSION && rm -rf /tmp/* && phpenv global $PHP_73_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_73_VERSION/etc/conf.d/memory.ini" # Install Composer globally @@ -351,10 +355,9 @@ ENV GOLANG_13_VERSION="1.13.15" \ ENV GOENV_DISABLE_GOPATH=1 ENV GOPATH="/go" -RUN goenv install $GOLANG_12_VERSION; rm -rf /tmp/* +RUN goenv install $GOLANG_12_VERSION && rm -rf /tmp/* -RUN goenv install $GOLANG_13_VERSION; rm -rf /tmp/*; \ - goenv global $GOLANG_13_VERSION +RUN goenv install $GOLANG_13_VERSION && rm -rf /tmp/* && goenv global $GOLANG_13_VERSION RUN go get -u github.com/golang/dep/cmd/dep #**************** END GOLANG **************************************************** @@ -368,8 +371,8 @@ ENV DOCKER_BUCKET="download.docker.com" \ DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \ DOCKER_COMPOSE_VERSION="1.26.0" -ENV DOCKER_SHA256="caf74e54b58c0b38bb4d96c8f87665f29b684371c9a325562a3904b8c389995e" -ENV DOCKER_VERSION="20.10.9" +ENV DOCKER_SHA256="dd6ff72df1edfd61ae55feaa4aadb88634161f0aa06dbaaf291d1be594099ff3" +ENV DOCKER_VERSION="20.10.11" VOLUME /var/lib/docker @@ -392,8 +395,8 @@ RUN set -ex \ #Python 3.8 ENV PYTHON_38_VERSION="3.8.10" -COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_38_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_38_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ @@ -403,15 +406,14 @@ RUN set -ex \ #Python 3.9 ENV PYTHON_39_VERSION="3.9.5" -COPY tools/runtime_configs/python/$PYTHON_39_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_39_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_39_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install --no-cache-dir --upgrade "PyYAML==$PYYAML_VERSION" \ && pip3 install --no-cache-dir --upgrade 'setuptools==57.4.0' wheel aws-sam-cli awscli boto3 pipenv virtualenv --use-feature=2020-resolver - # Node 12 ENV NODE_12_VERSION="12.22.2" @@ -447,17 +449,16 @@ RUN set -ex \ #Ruby 2.7 ENV RUBY_27_VERSION="2.7.2" -RUN rbenv install $RUBY_27_VERSION; rm -rf /tmp/*; rbenv global $RUBY_27_VERSION;ruby -v +RUN rbenv install $RUBY_27_VERSION && rm -rf /tmp/* && rbenv global $RUBY_27_VERSION && ruby -v #Golang 14 ENV GOLANG_14_VERSION="1.14.12" -RUN goenv install $GOLANG_14_VERSION; rm -rf /tmp/*; \ - goenv global $GOLANG_14_VERSION +RUN goenv install $GOLANG_14_VERSION && rm -rf /tmp/* && goenv global $GOLANG_14_VERSION #Php 7.4 ENV PHP_74_VERSION="7.4.7" -COPY tools/runtime_configs/php/$PHP_74_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_74_VERSION -RUN phpenv install $PHP_74_VERSION; rm -rf /tmp/*; phpenv global $PHP_74_VERSION +RUN cat tools/runtime_configs/php/$PHP_74_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_74_VERSION +RUN phpenv install $PHP_74_VERSION && rm -rf /tmp/* && phpenv global $PHP_74_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_74_VERSION/etc/conf.d/memory.ini" # Install Composer globally @@ -468,13 +469,14 @@ RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin - FROM runtimes_3 AS al2_v3 # Configure SSH -COPY ssh_config /root/.ssh/config -COPY runtimes.yml /codebuild/image/config/runtimes.yml -COPY dockerd-entrypoint.sh /usr/local/bin/ -COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc -COPY legal/bill_of_material.txt /usr/share/doc -COPY amazon-ssm-agent.json /etc/amazon/ssm/ - -ENTRYPOINT ["dockerd-entrypoint.sh"] +RUN cat ssh_config > /root/.ssh/config +RUN cat runtimes.yml > /codebuild/image/config/runtimes.yml +RUN cat dockerd-entrypoint.sh > /usr/local/bin/dockerd-entrypoint.sh +RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh +RUN cat legal/THIRD_PARTY_LICENSES.txt > /usr/share/doc/THIRD_PARTY_LICENSES.txt +RUN cat legal/bill_of_material.txt > /usr/share/doc/bill_of_material.txt +RUN cat amazon-ssm-agent.json > /etc/amazon/ssm/amazon-ssm-agent.json + +ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"] #=======================End of layer: al2_v3 ================= diff --git a/ubuntu/standard/3.0/Dockerfile b/ubuntu/standard/3.0/Dockerfile index f2bb43d1..97857e36 100644 --- a/ubuntu/standard/3.0/Dockerfile +++ b/ubuntu/standard/3.0/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2019-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# Copyright 2019-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. # A copy of the License is located at @@ -27,6 +27,8 @@ RUN set -ex \ && git version \ && apt-get install -y -qq --no-install-recommends openssh-client \ && mkdir ~/.ssh \ + && mkdir -p /opt/tools \ + && mkdir -p /codebuild/image/config \ && touch ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \ @@ -104,9 +106,7 @@ RUN set -ex \ && STUNNEL_VERSION=5.56 \ && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ && STUNNEL_SHA256="7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22" \ - && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR \ - && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum -c - \ - && tar xfz $STUNNEL_TAR \ + && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ && cd stunnel-$STUNNEL_VERSION \ && ./configure \ && make -j4 \ @@ -114,7 +114,7 @@ RUN set -ex \ && openssl genrsa -out key.pem 2048 \ && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ - && cd .. ; rm -rf stunnel-${STUNNEL_VERSION}* + && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* # AWS Tools # https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html @@ -218,7 +218,7 @@ RUN n $NODE_10_VERSION && npm install --save-dev -g -f grunt && npm install && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \ && apt-get update && apt-get install -y -qq --no-install-recommends yarn \ && yarn --version \ - && cd / && rm -rf $N_SRC_DIR;rm -rf /tmp/* + && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* #**************** END NODEJS **************************************************** @@ -227,8 +227,8 @@ RUN n $NODE_10_VERSION && npm install --save-dev -g -f grunt && npm install ENV RUBY_26_VERSION="2.6.5" \ RUBY_27_VERSION="2.7.0" -RUN rbenv install $RUBY_26_VERSION; rm -rf /tmp/* -RUN rbenv install $RUBY_27_VERSION; rm -rf /tmp/*; rbenv global $RUBY_27_VERSION;ruby -v +RUN rbenv install $RUBY_26_VERSION && rm -rf /tmp/* +RUN rbenv install $RUBY_27_VERSION && rm -rf /tmp/* && rbenv global $RUBY_27_VERSION && ruby -v #**************** END RUBY ***************************************************** @@ -240,24 +240,24 @@ ENV PYTHON_39_VERSION="3.9.5" \ ENV PYTHON_PIP_VERSION=21.1.2 ENV PYYAML_VERSION=5.4.1 -COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_37_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_37_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install --no-cache-dir --upgrade "PyYAML==$PYYAML_VERSION" \ && pip3 install --no-cache-dir --upgrade 'setuptools==57.4.0' wheel aws-sam-cli awscli boto3 pipenv virtualenv -COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_38_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_38_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install --no-cache-dir --upgrade "PyYAML==$PYYAML_VERSION" \ && pip3 install --no-cache-dir --upgrade 'setuptools==57.4.0' wheel aws-sam-cli awscli boto3 pipenv virtualenv -COPY tools/runtime_configs/python/$PYTHON_39_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_39_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_39_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ @@ -272,13 +272,12 @@ ENV PHP_74_VERSION="7.4.1" \ RUN curl -L https://raw.githubusercontent.com/phpenv/phpenv-installer/master/bin/phpenv-installer | bash ENV PATH="/root/.phpenv/shims:/root/.phpenv/bin:$PATH" -COPY tools/runtime_configs/php/$PHP_73_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION -RUN phpenv install $PHP_73_VERSION; rm -rf /tmp/*; phpenv global $PHP_73_VERSION +RUN cat tools/runtime_configs/php/$PHP_73_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION +RUN phpenv install $PHP_73_VERSION && rm -rf /tmp/* && phpenv global $PHP_73_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_73_VERSION/etc/conf.d/memory.ini" - -COPY tools/runtime_configs/php/$PHP_74_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_74_VERSION -RUN phpenv install $PHP_74_VERSION; rm -rf /tmp/*; phpenv global $PHP_74_VERSION +RUN cat tools/runtime_configs/php/$PHP_74_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_74_VERSION +RUN phpenv install $PHP_74_VERSION && rm -rf /tmp/* && phpenv global $PHP_74_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_74_VERSION/etc/conf.d/memory.ini" # Install Composer globally @@ -289,10 +288,9 @@ RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin - ENV GOLANG_13_VERSION="1.13.15" \ GOLANG_12_VERSION="1.12.17" -RUN goenv install $GOLANG_12_VERSION; rm -rf /tmp/* +RUN goenv install $GOLANG_12_VERSION && rm -rf /tmp/* -RUN goenv install $GOLANG_13_VERSION; rm -rf /tmp/*; \ - goenv global $GOLANG_13_VERSION +RUN goenv install $GOLANG_13_VERSION && rm -rf /tmp/* && goenv global $GOLANG_13_VERSION RUN go get -u github.com/golang/dep/cmd/dep #**************** END GOLANG ******************************* @@ -302,7 +300,7 @@ RUN go get -u github.com/golang/dep/cmd/dep FROM runtimes AS runtimes_n_openjdk #**************** JAVA **************************************************** -COPY tools/android-accept-licenses.sh /opt/tools/android-accept-licenses.sh +RUN cat tools/android-accept-licenses.sh > /opt/tools/android-accept-licenses.sh && chmod 755 /opt/tools/android-accept-licenses.sh ENV JAVA_11_HOME="/opt/jvm/openjdk-11" \ JDK_11_HOME="/opt/jvm/openjdk-11" \ @@ -316,7 +314,7 @@ ENV JAVA_11_HOME="/opt/jvm/openjdk-11" \ MAVEN_CONFIG="/root/.m2" \ INSTALLED_GRADLE_VERSIONS="4.10.3 5.4.1" \ GRADLE_VERSION=5.4.1 \ - SBT_VERSION=1.2.8 \ + SBT_VERSION=1.6.1 \ JDK_VERSION=11.0.2 \ JDK_VERSION_TAG=9 \ ANDROID_HOME="/usr/local/android-sdk-linux" \ @@ -332,7 +330,8 @@ ENV JAVA_11_HOME="/opt/jvm/openjdk-11" \ MAVEN_DOWNLOAD_SHA512="c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0" \ GRADLE_DOWNLOADS_SHA256="14cd15fc8cc8705bd69dcfa3c8fefb27eb7027f5de4b47a8b279218f76895a91 5.4.1\n336b6898b491f6334502d8074a6b8c2d73ed83b92123106bd4bf837f04111043 4.10.3" \ ANDROID_SDK_MANAGER_SHA256="92ffee5a1d98d856634e8b71132e8a95d96c83a63fde1099be3d86df3106def9" \ - SBT_DOWNLOAD_SHA256="9bb9212541176d6fcce7bd12e4cf8a9c9649f5b63f88b3aff474e0b02c7cfe58" + SBT_DOWNLOAD_SHA256="60286bf1b875b31e2955f8a699888cd2612e9afd94d03cde0a2e71efd7492ffc" \ + LOG4J_UNSAFE_VERSIONS="2.11.1 1.2.8" ENV JDK_DOWNLOAD_TAR="openjdk-${JDK_VERSION}_linux-x64_bin.tar.gz" \ JAVA_HOME="$JAVA_11_HOME" \ @@ -424,9 +423,11 @@ RUN set -ex \ && curl -fSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" -o sbt.tgz \ && echo "${SBT_DOWNLOAD_SHA256} *sbt.tgz" | sha256sum -c - \ && tar xzf sbt.tgz -C /usr/local/bin/ \ - && rm sbt.tgz + && rm sbt.tgz \ + && for version in $LOG4J_UNSAFE_VERSIONS; do find / -name log4j*-$version.jar | xargs rm -f; done + ENV PATH "/usr/local/bin/sbt/bin:$PATH" -RUN sbt version +RUN sbt version -Dsbt.rootdir=true # Cleanup RUN rm -fr /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && apt-get clean @@ -442,15 +443,15 @@ RUN phpenv uninstall -f $PHP_74_VERSION RUN pyenv uninstall -f $PYTHON_37_VERSION RUN rbenv uninstall -f $RUBY_27_VERSION -#Docker 19 +#Docker 20 ENV DOCKER_BUCKET="download.docker.com" \ DOCKER_CHANNEL="stable" \ DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \ DOCKER_COMPOSE_VERSION="1.24.0" \ SRC_DIR="/usr/src" -ENV DOCKER_SHA256="caf74e54b58c0b38bb4d96c8f87665f29b684371c9a325562a3904b8c389995e" -ENV DOCKER_VERSION="20.10.9" +ENV DOCKER_SHA256="dd6ff72df1edfd61ae55feaa4aadb88634161f0aa06dbaaf291d1be594099ff3" +ENV DOCKER_VERSION="20.10.11" RUN set -ex \ && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ @@ -503,12 +504,13 @@ RUN rbenv global $RUBY_26_VERSION RUN goenv global $GOLANG_13_VERSION # Configure SSH -COPY ssh_config /root/.ssh/config -COPY runtimes.yml /codebuild/image/config/runtimes.yml -COPY dockerd-entrypoint.sh /usr/local/bin/ -COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc -COPY legal/bill_of_material.txt /usr/share/doc -COPY amazon-ssm-agent.json /etc/amazon/ssm/ +RUN cat ssh_config > /root/.ssh/config +RUN cat runtimes.yml > /codebuild/image/config/runtimes.yml +RUN cat dockerd-entrypoint.sh > /usr/local/bin/dockerd-entrypoint.sh +RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh +RUN cat legal/THIRD_PARTY_LICENSES.txt > /usr/share/doc/THIRD_PARTY_LICENSES.txt +RUN cat legal/bill_of_material.txt > /usr/share/doc/bill_of_material.txt +RUN cat amazon-ssm-agent.json > /etc/amazon/ssm/amazon-ssm-agent.json ENTRYPOINT ["dockerd-entrypoint.sh"] diff --git a/ubuntu/standard/4.0/Dockerfile b/ubuntu/standard/4.0/Dockerfile index 9ad7074b..96272e4f 100644 --- a/ubuntu/standard/4.0/Dockerfile +++ b/ubuntu/standard/4.0/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2019-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# Copyright 2019-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. # A copy of the License is located at @@ -27,6 +27,8 @@ RUN set -ex \ && git version \ && apt-get install -y -qq --no-install-recommends openssh-client \ && mkdir ~/.ssh \ + && mkdir -p /opt/tools \ + && mkdir -p /codebuild/image/config \ && touch ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \ @@ -104,9 +106,7 @@ RUN set -ex \ && STUNNEL_VERSION=5.56 \ && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ && STUNNEL_SHA256="7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22" \ - && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR \ - && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum -c - \ - && tar xfz $STUNNEL_TAR \ + && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ && cd stunnel-$STUNNEL_VERSION \ && ./configure \ && make -j4 \ @@ -114,7 +114,7 @@ RUN set -ex \ && openssl genrsa -out key.pem 2048 \ && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ - && cd .. ; rm -rf stunnel-${STUNNEL_VERSION}* + && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* # AWS Tools # https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html @@ -226,7 +226,7 @@ RUN n $NODE_10_VERSION && npm install --save-dev -g -f grunt && npm install && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \ && apt-get update && apt-get install -y -qq --no-install-recommends yarn \ && yarn --version \ - && cd / && rm -rf $N_SRC_DIR;rm -rf /tmp/* + && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* #**************** END NODEJS **************************************************** @@ -235,8 +235,8 @@ RUN n $NODE_10_VERSION && npm install --save-dev -g -f grunt && npm install ENV RUBY_26_VERSION="2.6.6" \ RUBY_27_VERSION="2.7.2" -RUN rbenv install $RUBY_26_VERSION; rm -rf /tmp/* -RUN rbenv install $RUBY_27_VERSION; rm -rf /tmp/*; rbenv global $RUBY_27_VERSION;ruby -v +RUN rbenv install $RUBY_26_VERSION && rm -rf /tmp/* +RUN rbenv install $RUBY_27_VERSION && rm -rf /tmp/* && rbenv global $RUBY_27_VERSION && ruby -v #**************** END RUBY ***************************************************** @@ -248,24 +248,24 @@ ENV PYTHON_39_VERSION="3.9.5" \ ENV PYTHON_PIP_VERSION=21.1.2 ENV PYYAML_VERSION=5.4.1 -COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_37_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_37_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install --no-cache-dir --upgrade "PyYAML==$PYYAML_VERSION" \ && pip3 install --no-cache-dir --upgrade 'setuptools==57.4.0' wheel aws-sam-cli awscli boto3 pipenv virtualenv --use-feature=2020-resolver -COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_38_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_38_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install --no-cache-dir --upgrade "PyYAML==$PYYAML_VERSION" \ && pip3 install --no-cache-dir --upgrade 'setuptools==57.4.0' wheel aws-sam-cli awscli boto3 pipenv virtualenv --use-feature=2020-resolver -COPY tools/runtime_configs/python/$PYTHON_39_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_39_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_39_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ @@ -280,13 +280,12 @@ ENV PHP_74_VERSION="7.4.7" \ RUN curl -L https://raw.githubusercontent.com/phpenv/phpenv-installer/master/bin/phpenv-installer | bash ENV PATH="/root/.phpenv/shims:/root/.phpenv/bin:$PATH" -COPY tools/runtime_configs/php/$PHP_73_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION -RUN phpenv install $PHP_73_VERSION; rm -rf /tmp/*; phpenv global $PHP_73_VERSION +RUN cat tools/runtime_configs/php/$PHP_73_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION +RUN phpenv install $PHP_73_VERSION && rm -rf /tmp/* && phpenv global $PHP_73_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_73_VERSION/etc/conf.d/memory.ini" - -COPY tools/runtime_configs/php/$PHP_74_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_74_VERSION -RUN phpenv install $PHP_74_VERSION; rm -rf /tmp/*; phpenv global $PHP_74_VERSION +RUN cat tools/runtime_configs/php/$PHP_74_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_74_VERSION +RUN phpenv install $PHP_74_VERSION && rm -rf /tmp/* && phpenv global $PHP_74_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_74_VERSION/etc/conf.d/memory.ini" # Install Composer globally @@ -297,10 +296,9 @@ RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin - ENV GOLANG_13_VERSION="1.13.15" \ GOLANG_12_VERSION="1.12.17" -RUN goenv install $GOLANG_12_VERSION; rm -rf /tmp/* +RUN goenv install $GOLANG_12_VERSION && rm -rf /tmp/* -RUN goenv install $GOLANG_13_VERSION; rm -rf /tmp/*; \ - goenv global $GOLANG_13_VERSION +RUN goenv install $GOLANG_13_VERSION && rm -rf /tmp/* && goenv global $GOLANG_13_VERSION RUN go get -u github.com/golang/dep/cmd/dep #**************** END GOLANG ******************************* @@ -310,7 +308,7 @@ RUN go get -u github.com/golang/dep/cmd/dep FROM runtimes AS runtimes_n_corretto #**************** JAVA **************************************************** -COPY tools/android-accept-licenses.sh /opt/tools/android-accept-licenses.sh +RUN cat tools/android-accept-licenses.sh > /opt/tools/android-accept-licenses.sh && chmod 755 /opt/tools/android-accept-licenses.sh ENV JAVA_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ JDK_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ @@ -323,7 +321,7 @@ ENV JAVA_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ MAVEN_VERSION=3.6.3 \ INSTALLED_GRADLE_VERSIONS="4.10.3 5.6.4" \ GRADLE_VERSION=5.6.4 \ - SBT_VERSION=1.2.8 \ + SBT_VERSION=1.6.1 \ ANDROID_HOME="/usr/local/android-sdk-linux" \ GRADLE_PATH="$SRC_DIR/gradle" \ ANDROID_SDK_MANAGER_VER="4333796" \ @@ -336,7 +334,8 @@ ENV JAVA_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ MAVEN_DOWNLOAD_SHA512="c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0" \ GRADLE_DOWNLOADS_SHA256="abc10bcedb58806e8654210f96031db541bcd2d6fc3161e81cb0572d6a15e821 5.6.4\n336b6898b491f6334502d8074a6b8c2d73ed83b92123106bd4bf837f04111043 4.10.3" \ ANDROID_SDK_MANAGER_SHA256="92ffee5a1d98d856634e8b71132e8a95d96c83a63fde1099be3d86df3106def9" \ - SBT_DOWNLOAD_SHA256="9bb9212541176d6fcce7bd12e4cf8a9c9649f5b63f88b3aff474e0b02c7cfe58" + SBT_DOWNLOAD_SHA256="60286bf1b875b31e2955f8a699888cd2612e9afd94d03cde0a2e71efd7492ffc" \ + LOG4J_UNSAFE_VERSIONS="2.11.1 1.2.8" ARG MAVEN_CONFIG_HOME="/root/.m2" @@ -426,9 +425,11 @@ RUN set -ex \ && curl -fSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" -o sbt.tgz \ && echo "${SBT_DOWNLOAD_SHA256} *sbt.tgz" | sha256sum -c - \ && tar xzf sbt.tgz -C /usr/local/bin/ \ - && rm sbt.tgz + && rm sbt.tgz \ + && for version in $LOG4J_UNSAFE_VERSIONS; do find / -name log4j*-$version.jar | xargs rm -f; done + ENV PATH "/usr/local/bin/sbt/bin:$PATH" -RUN sbt version +RUN sbt version -Dsbt.rootdir=true # Cleanup RUN rm -fr /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && apt-get clean @@ -441,8 +442,8 @@ ENV DOCKER_BUCKET="download.docker.com" \ DOCKER_COMPOSE_VERSION="1.26.0" \ SRC_DIR="/usr/src" -ENV DOCKER_SHA256="caf74e54b58c0b38bb4d96c8f87665f29b684371c9a325562a3904b8c389995e" -ENV DOCKER_VERSION="20.10.9" +ENV DOCKER_SHA256="dd6ff72df1edfd61ae55feaa4aadb88634161f0aa06dbaaf291d1be594099ff3" +ENV DOCKER_VERSION="20.10.11" # Install Docker RUN set -ex \ @@ -470,8 +471,7 @@ FROM runtimes_n_corretto AS std_v4 # GoLang 14 ENV GOLANG_14_VERSION="1.14.12" -RUN goenv install $GOLANG_14_VERSION; rm -rf /tmp/*; \ - goenv global $GOLANG_14_VERSION +RUN goenv install $GOLANG_14_VERSION && rm -rf /tmp/* && goenv global $GOLANG_14_VERSION # Activate runtime versions specific to image version. RUN n $NODE_12_VERSION @@ -480,13 +480,14 @@ RUN phpenv global $PHP_74_VERSION RUN rbenv global $RUBY_27_VERSION # Configure SSH -COPY ssh_config /root/.ssh/config -COPY runtimes.yml /codebuild/image/config/runtimes.yml -COPY dockerd-entrypoint.sh /usr/local/bin/ -COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc -COPY legal/bill_of_material.txt /usr/share/doc -COPY amazon-ssm-agent.json /etc/amazon/ssm/ - -ENTRYPOINT ["dockerd-entrypoint.sh"] +RUN cat ssh_config > /root/.ssh/config +RUN cat runtimes.yml > /codebuild/image/config/runtimes.yml +RUN cat dockerd-entrypoint.sh > /usr/local/bin/dockerd-entrypoint.sh +RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh +RUN cat legal/THIRD_PARTY_LICENSES.txt > /usr/share/doc/THIRD_PARTY_LICENSES.txt +RUN cat legal/bill_of_material.txt > /usr/share/doc/bill_of_material.txt +RUN cat amazon-ssm-agent.json > /etc/amazon/ssm/amazon-ssm-agent.json + +ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"] #=======================END of STD:4.0 ================= diff --git a/ubuntu/standard/5.0/Dockerfile b/ubuntu/standard/5.0/Dockerfile index eef4a90e..a78620cb 100644 --- a/ubuntu/standard/5.0/Dockerfile +++ b/ubuntu/standard/5.0/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# Copyright 2020-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. # A copy of the License is located at @@ -26,6 +26,7 @@ RUN set -ex \ && git version \ && apt-get install -y -qq --no-install-recommends openssh-client \ && mkdir ~/.ssh \ + && mkdir -p /codebuild/image/config \ && touch ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \ @@ -46,7 +47,7 @@ RUN set -ex \ libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \ libyaml-dev libyaml-perl llvm locales make mlocate \ netbase openssl patch pkg-config procps python3-configobj \ - python-openssl rsync sgml-base sgml-data stunnel \ + python-openssl rsync sgml-base sgml-data \ tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \ libzip5 libzip-dev vim xvfb xz-utils zip zlib1g-dev \ && rm -rf /var/lib/apt/lists/* @@ -91,6 +92,21 @@ RUN set -ex \ && ln -s /opt/chromedriver-$CHROME_DRIVER_VERSION /usr/bin/chromedriver \ && chromedriver --version +# Install stunnel +RUN set -ex \ + && STUNNEL_VERSION=5.56 \ + && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ + && STUNNEL_SHA256="7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22" \ + && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ + && cd stunnel-$STUNNEL_VERSION \ + && ./configure \ + && make -j4 \ + && make install \ + && openssl genrsa -out key.pem 2048 \ + && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ + && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ + && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* + # AWS Tools # https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/aws-iam-authenticator \ @@ -110,7 +126,7 @@ RUN set -ex \ # https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip \ && unzip -q /tmp/awscliv2.zip -d /opt \ - && /opt/aws/install -i /usr/local/aws-cli -b /usr/local/bin \ + && /opt/aws/install --update -i /usr/local/aws-cli -b /usr/local/bin \ && rm /tmp/awscliv2.zip \ && rm -rf /opt/aws \ && aws --version @@ -210,7 +226,7 @@ RUN n $NODE_14_VERSION && npm install --save-dev -g -f grunt && npm install && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \ && apt-get update && apt-get install -y -qq --no-install-recommends yarn \ && yarn --version \ - && cd / && rm -rf $N_SRC_DIR;rm -rf /tmp/* + && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* #**************** END NODEJS **************************************************** @@ -219,8 +235,8 @@ RUN n $NODE_14_VERSION && npm install --save-dev -g -f grunt && npm install ENV RUBY_26_VERSION="2.6.6" ENV RUBY_27_VERSION="2.7.2" -RUN rbenv install $RUBY_26_VERSION; rm -rf /tmp/* -RUN rbenv install $RUBY_27_VERSION; rm -rf /tmp/*; rbenv global $RUBY_27_VERSION;ruby -v +RUN rbenv install $RUBY_26_VERSION && rm -rf /tmp/* +RUN rbenv install $RUBY_27_VERSION && rm -rf /tmp/* && rbenv global $RUBY_27_VERSION && ruby -v #**************** END RUBY ***************************************************** @@ -232,24 +248,24 @@ ENV PYTHON_39_VERSION="3.9.5" ARG PYTHON_PIP_VERSION=21.1.2 ENV PYYAML_VERSION=5.4.1 -COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_37_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_37_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install --no-cache-dir --upgrade "PyYAML==$PYYAML_VERSION" \ && pip3 install --no-cache-dir --upgrade 'setuptools==57.4.0' wheel aws-sam-cli boto3 pipenv virtualenv --use-feature=2020-resolver -COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_38_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_38_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install --no-cache-dir --upgrade "PyYAML==$PYYAML_VERSION" \ && pip3 install --no-cache-dir --upgrade 'setuptools==57.4.0' wheel aws-sam-cli boto3 pipenv virtualenv --use-feature=2020-resolver -COPY tools/runtime_configs/python/$PYTHON_39_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION; rm -rf /tmp/* +RUN cat tools/runtime_configs/python/$PYTHON_39_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_39_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ @@ -265,17 +281,16 @@ ENV PHP_80_VERSION="8.0.0" RUN curl -L https://raw.githubusercontent.com/phpenv/phpenv-installer/master/bin/phpenv-installer | bash ENV PATH="/root/.phpenv/shims:/root/.phpenv/bin:$PATH" -COPY tools/runtime_configs/php/$PHP_73_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION -RUN phpenv install $PHP_73_VERSION; rm -rf /tmp/*; phpenv global $PHP_73_VERSION +RUN cat tools/runtime_configs/php/$PHP_73_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION +RUN phpenv install $PHP_73_VERSION && rm -rf /tmp/* && phpenv global $PHP_73_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_73_VERSION/etc/conf.d/memory.ini" - -COPY tools/runtime_configs/php/$PHP_74_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_74_VERSION -RUN phpenv install $PHP_74_VERSION; rm -rf /tmp/*; phpenv global $PHP_74_VERSION +RUN cat tools/runtime_configs/php/$PHP_74_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_74_VERSION +RUN phpenv install $PHP_74_VERSION && rm -rf /tmp/* && phpenv global $PHP_74_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_74_VERSION/etc/conf.d/memory.ini" -COPY tools/runtime_configs/php/$PHP_80_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_80_VERSION -RUN phpenv install $PHP_80_VERSION; rm -rf /tmp/*; phpenv global $PHP_80_VERSION +RUN cat tools/runtime_configs/php/$PHP_80_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_80_VERSION +RUN phpenv install $PHP_80_VERSION && rm -rf /tmp/* && phpenv global $PHP_80_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_80_VERSION/etc/conf.d/memory.ini" # Install Composer globally @@ -286,8 +301,8 @@ RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin - ENV GOLANG_15_VERSION="1.15.12" ENV GOLANG_16_VERSION="1.16.4" -RUN goenv install $GOLANG_15_VERSION; rm -rf /tmp/*; \ - goenv install $GOLANG_16_VERSION; rm -rf /tmp/*; \ +RUN goenv install $GOLANG_15_VERSION && rm -rf /tmp/* && \ + goenv install $GOLANG_16_VERSION && rm -rf /tmp/* && \ goenv global $GOLANG_15_VERSION RUN go get -u github.com/golang/dep/cmd/dep @@ -309,12 +324,13 @@ ARG MAVEN_HOME="/opt/maven" ARG MAVEN_VERSION=3.6.3 ARG INSTALLED_GRADLE_VERSIONS="5.6.4 6.7" ARG GRADLE_VERSION=5.6.4 -ARG SBT_VERSION=1.4.1 +ARG SBT_VERSION=1.6.1 ARG GRADLE_PATH="$SRC_DIR/gradle" ARG ANT_DOWNLOAD_SHA512="ed73febff2803079d13117e18a22697eecdac64c9c52fc5259ac880d7b07f527d8ce3779851af0cda5798a368ebc979d43dd7085a0a62af57df23ff3d105dd6f" ARG MAVEN_DOWNLOAD_SHA512="c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0" ARG GRADLE_DOWNLOADS_SHA256="abc10bcedb58806e8654210f96031db541bcd2d6fc3161e81cb0572d6a15e821 5.6.4\n0080de8491f0918e4f529a6db6820fa0b9e818ee2386117f4394f95feb1d5583 6.7" -ARG SBT_DOWNLOAD_SHA256="5cf648f18ee9573cd26970999ae4e76ac034721a671bb45e7311c6d1375f9d33" +ARG SBT_DOWNLOAD_SHA256="60286bf1b875b31e2955f8a699888cd2612e9afd94d03cde0a2e71efd7492ffc" \ +ENV LOG4J_UNSAFE_VERSIONS="2.11.1 1.2.8" ARG MAVEN_CONFIG_HOME="/root/.m2" @@ -389,7 +405,9 @@ RUN set -ex \ && curl -fSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" -o sbt.tgz \ && echo "${SBT_DOWNLOAD_SHA256} *sbt.tgz" | sha256sum -c - \ && tar xzf sbt.tgz -C /usr/local/bin/ \ - && rm sbt.tgz + && rm sbt.tgz \ + && for version in $LOG4J_UNSAFE_VERSIONS; do find / -name log4j*-$version.jar | xargs rm -f; done + ENV PATH "/usr/local/bin/sbt/bin:$PATH" RUN sbt version -Dsbt.rootdir=true # Cleanup @@ -404,8 +422,8 @@ ARG DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" ARG DOCKER_COMPOSE_VERSION="1.27.4" ARG SRC_DIR="/usr/src" -ARG DOCKER_SHA256="caf74e54b58c0b38bb4d96c8f87665f29b684371c9a325562a3904b8c389995e" -ARG DOCKER_VERSION="20.10.9" +ARG DOCKER_SHA256="dd6ff72df1edfd61ae55feaa4aadb88634161f0aa06dbaaf291d1be594099ff3" +ARG DOCKER_VERSION="20.10.11" # Install Docker RUN set -ex \ @@ -439,12 +457,13 @@ RUN rbenv global $RUBY_27_VERSION RUN goenv global $GOLANG_15_VERSION # Configure SSH -COPY ssh_config /root/.ssh/config -COPY runtimes.yml /codebuild/image/config/runtimes.yml -COPY dockerd-entrypoint.sh /usr/local/bin/ -COPY legal/bill_of_material.txt /usr/share/doc -COPY amazon-ssm-agent.json /etc/amazon/ssm/ - -ENTRYPOINT ["dockerd-entrypoint.sh"] +RUN cat ssh_config > /root/.ssh/config +RUN cat runtimes.yml > /codebuild/image/config/runtimes.yml +RUN cat dockerd-entrypoint.sh > /usr/local/bin/dockerd-entrypoint.sh +RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh +RUN cat legal/bill_of_material.txt > /usr/share/doc/bill_of_material.txt +RUN cat amazon-ssm-agent.json > /etc/amazon/ssm/amazon-ssm-agent.json + +ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"] #=======================END of STD:5.0 =================