Docker fixes

[buchdag]

Thanks for the fixes !

I only have two remarks:

• is it really necessary to run apk upgrade ? Alpine are upgrading the base image quite often and we're following certbot versions as closely as we can which mean a new image will be built at least once a month.
• I would personally prefer not removing bash. I agree with the logic behind that and why it's not included in alpine but I think it's far too standard and useful to justify dumping it when it accounts for less than 1% (0.7 MB) of the final image size. But sure, the image can work without it.

[zenhack]

Re: bash, @buchdag, do you typically actually launch a shell in the container as part of your usual workflow?

My own inclination would be to leave bash out, but given the size difference I don't care too much one way or another.

[buchdag]

@zenhack in normal, everyday use of a container: no.

But as soon as you have to troubleshoot something inside the container you have to launch a shell, so my first reflex in that case is to do docker run --rm -it somecontainer bash or something similar.

It might be more obviously useful for containers that provide a continuously running service rather than a one shot command like this one.

That's really just a matter of personal preference anyway, I'd prefer having it but I'm perfectly fine with removing it too.

I'm more skeptical about the need to do an apk upgrade.

[zenhack]

Yeah, if it were a long running think I might feel differently.

[faircopy]

Regarding bash, these are the features of an interactive shell that I use for troubleshooting, the default shell included in Alpine (ash) has them:

• type commands
• see the output
• tab completion
• default prompt displaying the working directory

See: docker run --rm -it zenhack/simp_le sh

---

As for apk upgrade, even though the official alpine:3.6 image on Docker Hub was updated 2 weeks ago, its source repository on GitHub was last updated 3 months ago. By upgrading we apply the following changes at the moment:

• musl 1.1.16-r10 → r11 → r12 → r13
• busybox 1.26.2-r5 → r6 → r7
• libressl 2.5.4-r0 → 2.5.5-r0

That's a lot of musl patches. I don't understand the security implications of those, so I personally tend to choose upgrading even though doing so comes with a 2.9 MB increase in image size. I can't tell whether the maintainers of the alpine image are being lazy with the updates or are purposefully delaying it because there are no security issues. I removed this commit from the pull request, because this is really an upstream issue (or more probably non-issue).

[buchdag]

@faircopy agreed, bash isn't required and I'm being a bit lazy wanting to use it instead of sh.

[zenhack]

Ok, I'm going to go ahead and merge this.

FWIW: it seems odd to me to go to the trouble of backporting a patch if it's not actually important enough to update the image. But then, I'm an Arch user, Arch has a fairly clear policy of expecting upstream to deal with its own bugs.

[buchdag]

@zenhack seems like dockerhub isn't building zenhack/simp_le on new commits yet (ie automated build isn't working), the registry says the image was last pushed a month ago and the Dockerfile does not have @faircopy fixes.

Do you need help with dockerhub config ?

[zenhack]

Hm, odd. The settings look like they're pretty clearly set to build on push. I just triggered the build manually.