On the first issue, re-did the image completely based on an upstream openjdk image (MUCH easier build process with grsec), and did some re-engineering to try and make the image smaller (like grab upstream release package instead of compiling from source). I also tweaked the build entrypoint script so the image can be run as logstash user (🎉 without root ✨ ).
So I also made some possible controversial changes to the build scripts. @conorsch need a ping here. FYI i've already built and pushed image quay.io/freedomofpress/logstash-verifier:6.1.2 up and recorded that digest hash into the logstash-filters repo.
So this PR does two things:
On the first issue, re-did the image completely based on an upstream openjdk image (MUCH easier build process with grsec), and did some re-engineering to try and make the image smaller (like grab upstream release package instead of compiling from source). I also tweaked the build entrypoint script so the image can be run as
logstashuser (🎉 withoutroot✨ ).So I also made some possible controversial changes to the build scripts. @conorsch need a ping here. FYI i've already built and pushed image
quay.io/freedomofpress/logstash-verifier:6.1.2up and recorded that digest hash into the logstash-filters repo.