Skip to content

Commit 93c1436

Browse files
JayH5JayH5
committed
alpine: Don't install ca-certificates on Alpine 3.7+
* CA certs come bundled on Alpine 3.7+ * On Alpine 3.6, rather install libressl which also include CA certs, allows us to use wget, and doesn't increase the size over ca-certificates
1 parent 1565b7e commit 93c1436

File tree

15 files changed

+34
-127
lines changed

15 files changed

+34
-127
lines changed

2.7/alpine3.6/Dockerfile

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -15,17 +15,15 @@ ENV LANG C.UTF-8
1515
# https://github.com/docker-library/python/issues/147
1616
ENV PYTHONIOENCODING UTF-8
1717

18-
# install ca-certificates so that HTTPS works consistently
19-
# the other runtime dependencies for Python are installed later
20-
RUN apk add --no-cache ca-certificates
18+
# install libressl so that HTTPS works on Alpine <3.7
19+
RUN apk add --no-cache libressl
2120

2221
ENV GPG_KEY C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF
2322
ENV PYTHON_VERSION 2.7.15
2423

2524
RUN set -ex \
2625
&& apk add --no-cache --virtual .fetch-deps \
2726
gnupg \
28-
libressl \
2927
tar \
3028
xz \
3129
\
@@ -48,7 +46,6 @@ RUN set -ex \
4846
gcc \
4947
gdbm-dev \
5048
libc-dev \
51-
libressl \
5249
libressl-dev \
5350
linux-headers \
5451
make \
@@ -96,13 +93,9 @@ RUN set -ex \
9693
ENV PYTHON_PIP_VERSION 18.0
9794

9895
RUN set -ex; \
99-
\
100-
apk add --no-cache --virtual .fetch-deps libressl; \
10196
\
10297
wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
10398
\
104-
apk del .fetch-deps; \
105-
\
10699
python get-pip.py \
107100
--disable-pip-version-check \
108101
--no-cache-dir \

2.7/alpine3.7/Dockerfile

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -15,17 +15,15 @@ ENV LANG C.UTF-8
1515
# https://github.com/docker-library/python/issues/147
1616
ENV PYTHONIOENCODING UTF-8
1717

18-
# install ca-certificates so that HTTPS works consistently
19-
# the other runtime dependencies for Python are installed later
20-
RUN apk add --no-cache ca-certificates
18+
# install libressl so that HTTPS works on Alpine <3.7
19+
# RUN apk add --no-cache libressl
2120

2221
ENV GPG_KEY C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF
2322
ENV PYTHON_VERSION 2.7.15
2423

2524
RUN set -ex \
2625
&& apk add --no-cache --virtual .fetch-deps \
2726
gnupg \
28-
libressl \
2927
tar \
3028
xz \
3129
\
@@ -49,7 +47,6 @@ RUN set -ex \
4947
gdbm-dev \
5048
libc-dev \
5149
libnsl-dev \
52-
libressl \
5350
libressl-dev \
5451
libtirpc-dev \
5552
linux-headers \
@@ -98,13 +95,9 @@ RUN set -ex \
9895
ENV PYTHON_PIP_VERSION 18.0
9996

10097
RUN set -ex; \
101-
\
102-
apk add --no-cache --virtual .fetch-deps libressl; \
10398
\
10499
wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
105100
\
106-
apk del .fetch-deps; \
107-
\
108101
python get-pip.py \
109102
--disable-pip-version-check \
110103
--no-cache-dir \

2.7/alpine3.8/Dockerfile

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -15,17 +15,15 @@ ENV LANG C.UTF-8
1515
# https://github.com/docker-library/python/issues/147
1616
ENV PYTHONIOENCODING UTF-8
1717

18-
# install ca-certificates so that HTTPS works consistently
19-
# the other runtime dependencies for Python are installed later
20-
RUN apk add --no-cache ca-certificates
18+
# install libressl so that HTTPS works on Alpine <3.7
19+
# RUN apk add --no-cache libressl
2120

2221
ENV GPG_KEY C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF
2322
ENV PYTHON_VERSION 2.7.15
2423

2524
RUN set -ex \
2625
&& apk add --no-cache --virtual .fetch-deps \
2726
gnupg \
28-
libressl \
2927
tar \
3028
xz \
3129
\
@@ -49,7 +47,6 @@ RUN set -ex \
4947
gdbm-dev \
5048
libc-dev \
5149
libnsl-dev \
52-
libressl \
5350
libressl-dev \
5451
libtirpc-dev \
5552
linux-headers \
@@ -98,13 +95,9 @@ RUN set -ex \
9895
ENV PYTHON_PIP_VERSION 18.0
9996

10097
RUN set -ex; \
101-
\
102-
apk add --no-cache --virtual .fetch-deps libressl; \
10398
\
10499
wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
105100
\
106-
apk del .fetch-deps; \
107-
\
108101
python get-pip.py \
109102
--disable-pip-version-check \
110103
--no-cache-dir \

3.4/alpine3.7/Dockerfile

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
1313
# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
1414
ENV LANG C.UTF-8
1515

16-
# install ca-certificates so that HTTPS works consistently
17-
# the other runtime dependencies for Python are installed later
18-
RUN apk add --no-cache ca-certificates
16+
# install libressl so that HTTPS works on Alpine <3.7
17+
# RUN apk add --no-cache libressl
1918

2019
ENV GPG_KEY 97FC712E4C024BBEA48A61ED3A5CA953F73C700D
2120
ENV PYTHON_VERSION 3.4.8
2221

2322
RUN set -ex \
2423
&& apk add --no-cache --virtual .fetch-deps \
2524
gnupg \
26-
libressl \
2725
tar \
2826
xz \
2927
\
@@ -48,7 +46,6 @@ RUN set -ex \
4846
gdbm-dev \
4947
libc-dev \
5048
libffi-dev \
51-
libressl \
5249
libressl-dev \
5350
linux-headers \
5451
make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
107104
ENV PYTHON_PIP_VERSION 18.0
108105

109106
RUN set -ex; \
110-
\
111-
apk add --no-cache --virtual .fetch-deps libressl; \
112107
\
113108
wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
114109
\
115-
apk del .fetch-deps; \
116-
\
117110
python get-pip.py \
118111
--disable-pip-version-check \
119112
--no-cache-dir \

3.4/alpine3.8/Dockerfile

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
1313
# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
1414
ENV LANG C.UTF-8
1515

16-
# install ca-certificates so that HTTPS works consistently
17-
# the other runtime dependencies for Python are installed later
18-
RUN apk add --no-cache ca-certificates
16+
# install libressl so that HTTPS works on Alpine <3.7
17+
# RUN apk add --no-cache libressl
1918

2019
ENV GPG_KEY 97FC712E4C024BBEA48A61ED3A5CA953F73C700D
2120
ENV PYTHON_VERSION 3.4.8
2221

2322
RUN set -ex \
2423
&& apk add --no-cache --virtual .fetch-deps \
2524
gnupg \
26-
libressl \
2725
tar \
2826
xz \
2927
\
@@ -48,7 +46,6 @@ RUN set -ex \
4846
gdbm-dev \
4947
libc-dev \
5048
libffi-dev \
51-
libressl \
5249
libressl-dev \
5350
linux-headers \
5451
make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
107104
ENV PYTHON_PIP_VERSION 18.0
108105

109106
RUN set -ex; \
110-
\
111-
apk add --no-cache --virtual .fetch-deps libressl; \
112107
\
113108
wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
114109
\
115-
apk del .fetch-deps; \
116-
\
117110
python get-pip.py \
118111
--disable-pip-version-check \
119112
--no-cache-dir \

3.5/alpine3.7/Dockerfile

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
1313
# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
1414
ENV LANG C.UTF-8
1515

16-
# install ca-certificates so that HTTPS works consistently
17-
# the other runtime dependencies for Python are installed later
18-
RUN apk add --no-cache ca-certificates
16+
# install libressl so that HTTPS works on Alpine <3.7
17+
# RUN apk add --no-cache libressl
1918

2019
ENV GPG_KEY 97FC712E4C024BBEA48A61ED3A5CA953F73C700D
2120
ENV PYTHON_VERSION 3.5.5
2221

2322
RUN set -ex \
2423
&& apk add --no-cache --virtual .fetch-deps \
2524
gnupg \
26-
libressl \
2725
tar \
2826
xz \
2927
\
@@ -48,7 +46,6 @@ RUN set -ex \
4846
gdbm-dev \
4947
libc-dev \
5048
libffi-dev \
51-
libressl \
5249
libressl-dev \
5350
linux-headers \
5451
make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
107104
ENV PYTHON_PIP_VERSION 18.0
108105

109106
RUN set -ex; \
110-
\
111-
apk add --no-cache --virtual .fetch-deps libressl; \
112107
\
113108
wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
114109
\
115-
apk del .fetch-deps; \
116-
\
117110
python get-pip.py \
118111
--disable-pip-version-check \
119112
--no-cache-dir \

3.5/alpine3.8/Dockerfile

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
1313
# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
1414
ENV LANG C.UTF-8
1515

16-
# install ca-certificates so that HTTPS works consistently
17-
# the other runtime dependencies for Python are installed later
18-
RUN apk add --no-cache ca-certificates
16+
# install libressl so that HTTPS works on Alpine <3.7
17+
# RUN apk add --no-cache libressl
1918

2019
ENV GPG_KEY 97FC712E4C024BBEA48A61ED3A5CA953F73C700D
2120
ENV PYTHON_VERSION 3.5.5
2221

2322
RUN set -ex \
2423
&& apk add --no-cache --virtual .fetch-deps \
2524
gnupg \
26-
openssl \
2725
tar \
2826
xz \
2927
\
@@ -48,7 +46,6 @@ RUN set -ex \
4846
gdbm-dev \
4947
libc-dev \
5048
libffi-dev \
51-
openssl \
5249
openssl-dev \
5350
linux-headers \
5451
make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
107104
ENV PYTHON_PIP_VERSION 18.0
108105

109106
RUN set -ex; \
110-
\
111-
apk add --no-cache --virtual .fetch-deps openssl; \
112107
\
113108
wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
114109
\
115-
apk del .fetch-deps; \
116-
\
117110
python get-pip.py \
118111
--disable-pip-version-check \
119112
--no-cache-dir \

3.6/alpine3.6/Dockerfile

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
1313
# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
1414
ENV LANG C.UTF-8
1515

16-
# install ca-certificates so that HTTPS works consistently
17-
# the other runtime dependencies for Python are installed later
18-
RUN apk add --no-cache ca-certificates
16+
# install libressl so that HTTPS works on Alpine <3.7
17+
RUN apk add --no-cache libressl
1918

2019
ENV GPG_KEY 0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
2120
ENV PYTHON_VERSION 3.6.6
2221

2322
RUN set -ex \
2423
&& apk add --no-cache --virtual .fetch-deps \
2524
gnupg \
26-
libressl \
2725
tar \
2826
xz \
2927
\
@@ -48,7 +46,6 @@ RUN set -ex \
4846
gdbm-dev \
4947
libc-dev \
5048
libffi-dev \
51-
libressl \
5249
libressl-dev \
5350
linux-headers \
5451
make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
107104
ENV PYTHON_PIP_VERSION 18.0
108105

109106
RUN set -ex; \
110-
\
111-
apk add --no-cache --virtual .fetch-deps libressl; \
112107
\
113108
wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
114109
\
115-
apk del .fetch-deps; \
116-
\
117110
python get-pip.py \
118111
--disable-pip-version-check \
119112
--no-cache-dir \

3.6/alpine3.7/Dockerfile

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
1313
# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
1414
ENV LANG C.UTF-8
1515

16-
# install ca-certificates so that HTTPS works consistently
17-
# the other runtime dependencies for Python are installed later
18-
RUN apk add --no-cache ca-certificates
16+
# install libressl so that HTTPS works on Alpine <3.7
17+
# RUN apk add --no-cache libressl
1918

2019
ENV GPG_KEY 0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
2120
ENV PYTHON_VERSION 3.6.6
2221

2322
RUN set -ex \
2423
&& apk add --no-cache --virtual .fetch-deps \
2524
gnupg \
26-
libressl \
2725
tar \
2826
xz \
2927
\
@@ -49,7 +47,6 @@ RUN set -ex \
4947
libc-dev \
5048
libffi-dev \
5149
libnsl-dev \
52-
libressl \
5350
libressl-dev \
5451
libtirpc-dev \
5552
linux-headers \
@@ -109,13 +106,9 @@ RUN cd /usr/local/bin \
109106
ENV PYTHON_PIP_VERSION 18.0
110107

111108
RUN set -ex; \
112-
\
113-
apk add --no-cache --virtual .fetch-deps libressl; \
114109
\
115110
wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
116111
\
117-
apk del .fetch-deps; \
118-
\
119112
python get-pip.py \
120113
--disable-pip-version-check \
121114
--no-cache-dir \

0 commit comments

Comments
 (0)