From 8805320ba971024fdc4fc8ad23252b1497716ec6 Mon Sep 17 00:00:00 2001
From: Evgeny <liquid.dream@gmail.com>
Date: Fri, 5 Feb 2016 15:32:42 +0000
Subject: [PATCH 1/2] Puts image on a diet

1. Switched to Alpine linux and reduced image size by x1.7
2. Switched to Java8
---
 Dockerfile | 43 ++++++++++++++++++++++++++-----------------
 LICENSE    |  2 +-
 README.md  |  3 +++
 3 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6d74498..d97b8d5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,37 +1,46 @@
-FROM debian:7.8
+FROM alpine:3.3
 MAINTAINER Mike Babineau michael.babineau@gmail.com
 
 ENV \
+    MAVEN_HOME="/usr/share/maven" \
+    JAVA_HOME="/usr/lib/jvm/default-jvm" \
     ZK_RELEASE="http://www.apache.org/dist/zookeeper/zookeeper-3.4.6/zookeeper-3.4.6.tar.gz" \
     EXHIBITOR_POM="https://raw.githubusercontent.com/Netflix/exhibitor/d911a16d704bbe790d84bbacc655ef050c1f5806/exhibitor-standalone/src/main/resources/buildscripts/standalone/maven/pom.xml" \
-    # Append "+" to ensure the package doesn't get purged
-    BUILD_DEPS="curl maven openjdk-7-jdk+" \
-    DEBIAN_FRONTEND="noninteractive"
+    BUILD_DEPS="curl openjdk8 bash tar"
+
+ENV PATH=${JAVA_HOME}/bin:${PATH}
 
-# Use one step so we can remove intermediate dependencies and minimize size
 RUN \
-    # Install dependencies
-    apt-get update \
-    && apt-get install -y --allow-unauthenticated --no-install-recommends $BUILD_DEPS \
+    # Install Java8
+    apk add --update ${BUILD_DEPS} \
+
+    # Default DNS cache TTL is -1. DNS records, like, change, man
+    && grep '^networkaddress.cache.ttl=' ${JAVA_HOME}/jre/lib/security/java.security || echo 'networkaddress.cache.ttl=60' >> ${JAVA_HOME}/jre/lib/security/java.security \
+
+    # Cleanup
+    && rm -rf -- /var/cache/apk/* \
 
-    # Default DNS cache TTL is -1. DNS records, like, change, man.
-    && grep '^networkaddress.cache.ttl=' /etc/java-7-openjdk/security/java.security || echo 'networkaddress.cache.ttl=60' >> /etc/java-7-openjdk/security/java.security \
+    # Install Maven
+    && MAVEN_VERSION=3.3.3 \
+    && cd /usr/share \
+    && wget -q http://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz -O - | tar xzf - \
+    && mv /usr/share/apache-maven-$MAVEN_VERSION /usr/share/maven \
+    && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+
+RUN \
+    mkdir -p /opt \
 
     # Install ZK
     && curl -Lo /tmp/zookeeper.tgz $ZK_RELEASE \
     && mkdir -p /opt/zookeeper/transactions /opt/zookeeper/snapshots \
-    && tar -xzf /tmp/zookeeper.tgz -C /opt/zookeeper --strip=1 \
+    && tar -xzf /tmp/zookeeper.tgz -C /opt/zookeeper --strip-components=1 \
     && rm /tmp/zookeeper.tgz \
 
     # Install Exhibitor
     && mkdir -p /opt/exhibitor \
     && curl -Lo /opt/exhibitor/pom.xml $EXHIBITOR_POM \
     && mvn -f /opt/exhibitor/pom.xml package \
-    && ln -s /opt/exhibitor/target/exhibitor*jar /opt/exhibitor/exhibitor.jar \
-
-    # Remove build-time dependencies
-    && apt-get purge -y --auto-remove $BUILD_DEPS \
-    && rm -rf /var/lib/apt/lists/*
+    && ln -s /opt/exhibitor/target/exhibitor*jar /opt/exhibitor/exhibitor.jar
 
 # Add the wrapper script to setup configs and exec exhibitor
 ADD include/wrapper.sh /opt/exhibitor/wrapper.sh
@@ -43,4 +52,4 @@ USER root
 WORKDIR /opt/exhibitor
 EXPOSE 2181 2888 3888 8181
 
-ENTRYPOINT ["bash", "-ex", "/opt/exhibitor/wrapper.sh"]
\ No newline at end of file
+ENTRYPOINT ["bash", "-ex", "/opt/exhibitor/wrapper.sh"]
diff --git a/LICENSE b/LICENSE
index 28efaad..ffced3f 100644
--- a/LICENSE
+++ b/LICENSE
@@ -19,4 +19,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
\ No newline at end of file
+THE SOFTWARE.
diff --git a/README.md b/README.md
index a6a0c75..b7bf7e4 100644
--- a/README.md
+++ b/README.md
@@ -4,9 +4,12 @@ Available on the Docker Index as [mbabineau/zookeeper-exhibitor](https://index.d
 
     docker pull mbabineau/zookeeper-exhibitor
 
+The image is based on Alpine Linux and is ~272MB.
+
 ### Versions
 * Exhibitor 1.5.5
 * ZooKeeper 3.4.6
+* Java 1.8
 
 ### Usage
 The container expects the following environment variables to be passed in:

From 291b57551c23fc9fc1c5b24ed54c5b19877fba6d Mon Sep 17 00:00:00 2001
From: Evgeny <liquid.dream@gmail.com>
Date: Fri, 5 Feb 2016 21:54:53 +0000
Subject: [PATCH 2/2] Improves image security

By running processes as `nobody`
---
 Dockerfile | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d97b8d5..1f50be6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,6 +4,9 @@ MAINTAINER Mike Babineau michael.babineau@gmail.com
 ENV \
     MAVEN_HOME="/usr/share/maven" \
     JAVA_HOME="/usr/lib/jvm/default-jvm" \
+    JAVA_PREFS="/.java/.userPrefs" \
+    ZK_HOME="/opt/zookeeper" \
+    EXBT_HOME="/opt/exhibitor" \
     ZK_RELEASE="http://www.apache.org/dist/zookeeper/zookeeper-3.4.6/zookeeper-3.4.6.tar.gz" \
     EXHIBITOR_POM="https://raw.githubusercontent.com/Netflix/exhibitor/d911a16d704bbe790d84bbacc655ef050c1f5806/exhibitor-standalone/src/main/resources/buildscripts/standalone/maven/pom.xml" \
     BUILD_DEPS="curl openjdk8 bash tar"
@@ -23,32 +26,37 @@ RUN \
     # Install Maven
     && MAVEN_VERSION=3.3.3 \
     && cd /usr/share \
-    && wget -q http://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz -O - | tar xzf - \
-    && mv /usr/share/apache-maven-$MAVEN_VERSION /usr/share/maven \
+    && wget -q http://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz -O - | tar xzf - \
+    && mv /usr/share/apache-maven-${MAVEN_VERSION} /usr/share/maven \
     && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
 
 RUN \
     mkdir -p /opt \
 
     # Install ZK
-    && curl -Lo /tmp/zookeeper.tgz $ZK_RELEASE \
-    && mkdir -p /opt/zookeeper/transactions /opt/zookeeper/snapshots \
-    && tar -xzf /tmp/zookeeper.tgz -C /opt/zookeeper --strip-components=1 \
+    && curl -Lo /tmp/zookeeper.tgz ${ZK_RELEASE} \
+    && mkdir -p ${ZK_HOME}/transactions ${ZK_HOME}/snapshots \
+    && tar -xzf /tmp/zookeeper.tgz -C ${ZK_HOME} --strip-components=1 \
     && rm /tmp/zookeeper.tgz \
 
     # Install Exhibitor
-    && mkdir -p /opt/exhibitor \
-    && curl -Lo /opt/exhibitor/pom.xml $EXHIBITOR_POM \
-    && mvn -f /opt/exhibitor/pom.xml package \
-    && ln -s /opt/exhibitor/target/exhibitor*jar /opt/exhibitor/exhibitor.jar
+    && mkdir -p ${EXBT_HOME} \
+    && curl -Lo ${EXBT_HOME}/pom.xml ${EXHIBITOR_POM} \
+    && mvn -f ${EXBT_HOME}/pom.xml package \
+    && ln -s ${EXBT_HOME}/target/exhibitor*jar ${EXBT_HOME}/exhibitor.jar \
+    && chown -R nobody.nobody ${ZK_HOME} ${EXBT_HOME}
 
 # Add the wrapper script to setup configs and exec exhibitor
-ADD include/wrapper.sh /opt/exhibitor/wrapper.sh
+ADD include/wrapper.sh ${EXBT_HOME}/wrapper.sh
 
 # Add the optional web.xml for authentication
-ADD include/web.xml /opt/exhibitor/web.xml
+ADD include/web.xml ${EXBT_HOME}/web.xml
 
-USER root
+# To store Java preferences
+RUN mkdir -p ${JAVA_PREFS}
+RUN chown -R nobody.nobody ${JAVA_PREFS}
+
+USER nobody
 WORKDIR /opt/exhibitor
 EXPOSE 2181 2888 3888 8181