Update container definitions

* Update outdated dependencies
* Split installation into multiple steps to aid debugging
* Remove replace ';' with '&&' to fail properly when anything fails

Author: j-kali

client/container_preparation/Dockerfile

@@ -2,11 +2,6 @@
 ARG  BUILDPLATFORM=linux/amd64
 FROM --platform=$BUILDPLATFORM python:3.9-alpine
 
-
-
-# Add rust binaries to PATH
-ENV PATH="$PATH:/root/.cargo/bin"
-
 # Create code directory, output directory
 RUN mkdir /container_preparation /output
 
@@ -19,22 +14,29 @@ COPY ./utils /container_preparation/utils
 # Set workdir
 WORKDIR /container_preparation
 
-# Install necessary packages, spire-agent and rust
+# Install necessary packages
 RUN apk add --no-cache \
-    git=2.43.0-r0 \
-    curl=8.5.0-r0 \
+    git=2.45.2-r0 \
+    curl=8.11.0-r2 \
     jq=1.7.1-r0 \
     build-base=0.5-r3 \
-    libffi-dev=3.4.4-r3 && \
-curl -LsSf -o spire-1.9.0-linux-amd64-musl.tar.gz https://github.com/spiffe/spire/releases/download/v1.9.0/spire-1.9.0-linux-amd64-musl.tar.gz && \
-tar xvf spire-1.9.0-linux-amd64-musl.tar.gz ; mv spire-1.9.0 /opt ; mv /opt/spire-1.9.0 /opt/spire && \
-ln -s /opt/spire/bin/spire-agent /usr/bin/spire-agent && \
-ln -s /opt/spire/bin/spire-server /usr/bin/spire-server && \
-rm -rf spire-1.9.0-linux-amd64-musl.tar.gz && \
-curl https://sh.rustup.rs -sSf -o rustup.sh ; chmod +x rustup.sh ; ./rustup.sh -y ; export PATH="$PATH":/root/.cargo/bin && \
-pip install --no-cache-dir -r ./requirements.txt && \
-pip install --no-cache-dir git+https://github.com/HewlettPackard/py-spiffe.git@3640af9d6629c05e027f99010abc934cb74122a8 && \
-rm -r /root/.cargo /root/.rustup
+    libffi-dev=3.4.6-r0
+# Install spire-agent
+RUN curl -LsSf -o spire-1.9.0-linux-amd64-musl.tar.gz https://github.com/spiffe/spire/releases/download/v1.9.0/spire-1.9.0-linux-amd64-musl.tar.gz && \
+    tar xvf spire-1.9.0-linux-amd64-musl.tar.gz && \
+    mv spire-1.9.0 /opt && \
+    mv /opt/spire-1.9.0 /opt/spire && \
+    ln -s /opt/spire/bin/spire-agent /usr/bin/spire-agent && \
+    ln -s /opt/spire/bin/spire-server /usr/bin/spire-server && \
+    rm -rf spire-1.9.0-linux-amd64-musl.tar.gz
+# Install python things (and rust temporarily)
+RUN curl https://sh.rustup.rs -sSf -o rustup.sh && \
+    chmod +x rustup.sh && \
+    ./rustup.sh -y && \
+    export PATH="$PATH:/root/.cargo/bin" && \
+    pip install --no-cache-dir -r ./requirements.txt && \
+    pip install --no-cache-dir git+https://github.com/HewlettPackard/py-spiffe.git@3640af9d6629c05e027f99010abc934cb74122a8 && \
+    rm -r /root/.cargo /root/.rustup
 
 # Set entrypoint
 ENTRYPOINT [ "./entrypoint.sh" ]

client/data_preparation/Dockerfile

@@ -14,22 +14,29 @@ COPY ./utils /data_preparation/utils
 # Set workdir
 WORKDIR /data_preparation
 
-# Install necessary packages, spire-agent and rust
+# Install necessary packages
 RUN apk add --no-cache \
-    git=2.43.0-r0 \
-    curl=8.5.0-r0 \
+    git=2.45.2-r0 \
+    curl=8.11.0-r2 \
     jq=1.7.1-r0 \
     build-base=0.5-r3 \
-    libffi-dev=3.4.4-r3 && \
-curl -LsSf -o spire-1.9.0-linux-amd64-musl.tar.gz https://github.com/spiffe/spire/releases/download/v1.9.0/spire-1.9.0-linux-amd64-musl.tar.gz && \
-tar xvf spire-1.9.0-linux-amd64-musl.tar.gz ; mv spire-1.9.0 /opt ; mv /opt/spire-1.9.0 /opt/spire && \
-ln -s /opt/spire/bin/spire-agent /usr/bin/spire-agent && \
-ln -s /opt/spire/bin/spire-server /usr/bin/spire-server && \
-rm -rf spire-1.9.0-linux-amd64-musl.tar.gz && \
-curl https://sh.rustup.rs -sSf -o rustup.sh ; chmod +x rustup.sh ; ./rustup.sh -y ; export PATH="$PATH":/root/.cargo/bin && \
-pip install --no-cache-dir -r ./requirements.txt && \
-pip install --no-cache-dir git+https://github.com/HewlettPackard/py-spiffe.git@3640af9d6629c05e027f99010abc934cb74122a8 && \
-rm -r /root/.cargo /root/.rustup
+    libffi-dev=3.4.6-r0
+# Install spire-agent
+RUN curl -LsSf -o spire-1.9.0-linux-amd64-musl.tar.gz https://github.com/spiffe/spire/releases/download/v1.9.0/spire-1.9.0-linux-amd64-musl.tar.gz && \
+    tar xvf spire-1.9.0-linux-amd64-musl.tar.gz && \
+    mv spire-1.9.0 /opt && \
+    mv /opt/spire-1.9.0 /opt/spire && \
+    ln -s /opt/spire/bin/spire-agent /usr/bin/spire-agent && \
+    ln -s /opt/spire/bin/spire-server /usr/bin/spire-server && \
+    rm -rf spire-1.9.0-linux-amd64-musl.tar.gz
+# Install python things (and rust temporarily)
+RUN curl https://sh.rustup.rs -sSf -o rustup.sh && \
+    chmod +x rustup.sh && \
+    ./rustup.sh -y && \
+    export PATH="$PATH:/root/.cargo/bin" && \
+    pip install --no-cache-dir -r ./requirements.txt && \
+    pip install --no-cache-dir git+https://github.com/HewlettPackard/py-spiffe.git@3640af9d6629c05e027f99010abc934cb74122a8 && \
+    rm -r /root/.cargo /root/.rustup
 
 # Set entrypoint
 ENTRYPOINT [ "./entrypoint.sh" ]

client/job_preparation/Dockerfile

@@ -11,14 +11,20 @@ WORKDIR /job_preparation
 # Copy utils for SPIFFEID creation ...
 COPY ./utils /job_preparation/utils
 
-# Install necessary packages and rust
+# Install necessary packages
 RUN apk add --no-cache \
-    curl=8.5.0-r0 \
+    git=2.45.2-r0 \
+    curl=8.11.0-r2 \
+    jq=1.7.1-r0 \
     build-base=0.5-r3 \
-    libffi-dev=3.4.4-r3 && \
-curl https://sh.rustup.rs -sSf -o rustup.sh ; chmod +x rustup.sh ; ./rustup.sh -y ; export PATH="$PATH":/root/.cargo/bin && \
-pip install --no-cache-dir -r ./requirements.txt && \
-rm -r /root/.cargo /root/.rustup
+    libffi-dev=3.4.6-r0
+# Install python things (and rust temporarily)
+RUN curl https://sh.rustup.rs -sSf -o rustup.sh && \
+    chmod +x rustup.sh && \
+    ./rustup.sh -y && \
+    export PATH="$PATH:/root/.cargo/bin" && \
+    pip install --no-cache-dir -r ./requirements.txt && \
+    rm -r /root/.cargo /root/.rustup
 
 # Set entrypoint
 ENTRYPOINT [ "python3", "./prepare_job.py" ]

server/Dockerfile

@@ -4,14 +4,18 @@ FROM --platform=$BUILDPLATFORM python:3.9-alpine
 
 # Install necessary packages and spire-agent
 RUN apk add --no-cache \
-    git=2.43.0-r0 \
+    git=2.45.2-r0 \
+    curl=8.11.0-r2 \
     build-base=0.5-r3 \
-    openssl=3.1.4-r5 && \
-wget -q https://github.com/spiffe/spire/releases/download/v1.9.0/spire-1.9.0-linux-amd64-musl.tar.gz && \
-tar xvf spire-1.9.0-linux-amd64-musl.tar.gz ; mv spire-1.9.0 /opt ; mv /opt/spire-1.9.0 /opt/spire && \
-ln -s /opt/spire/bin/spire-agent /usr/bin/spire-agent && \
-ln -s /opt/spire/bin/spire-server /usr/bin/spire-server && \
-rm -rf spire-1.9.0-linux-amd64-musl.tar.gz
+    openssl=3.3.2-r1
+# Install spire-agent
+RUN curl -LsSf -o spire-1.9.0-linux-amd64-musl.tar.gz https://github.com/spiffe/spire/releases/download/v1.9.0/spire-1.9.0-linux-amd64-musl.tar.gz && \
+    tar xvf spire-1.9.0-linux-amd64-musl.tar.gz && \
+    mv spire-1.9.0 /opt && \
+    mv /opt/spire-1.9.0 /opt/spire && \
+    ln -s /opt/spire/bin/spire-agent /usr/bin/spire-agent && \
+    ln -s /opt/spire/bin/spire-server /usr/bin/spire-server && \
+    rm -rf spire-1.9.0-linux-amd64-musl.tar.gz
 
 # Copy server
 COPY ./server /server
@@ -21,7 +25,7 @@ WORKDIR /server
 
 # Install dependencies
 RUN pip install --no-cache-dir -r ./requirements.txt && \
-pip install --no-cache-dir git+https://github.com/HewlettPackard/py-spiffe.git@3640af9d6629c05e027f99010abc934cb74122a8
+    pip install --no-cache-dir git+https://github.com/HewlettPackard/py-spiffe.git@3640af9d6629c05e027f99010abc934cb74122a8
 
 # Copy utils
 COPY ./utils /server/utils