switch to distroless static

tnqn · Feb 8, 2022 · ca68f7d · ca68f7d
1 parent 53d0fd7
commit ca68f7d
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 9 deletions.
diff --git a/images/haproxy/Dockerfile b/images/haproxy/Dockerfile
@@ -54,7 +54,7 @@ RUN mkdir -p "${STAGE_DIR}" && \
 # See: https://github.com/GoogleContainerTools/distroless/tree/main/base
 # See: https://github.com/GoogleContainerTools/distroless/tree/main/cc
 # This has /etc/passwd, tzdata, cacerts, glibc, libssl, openssl, and libgcc1
-FROM "gcr.io/distroless/cc-debian11"
+FROM "gcr.io/distroless/static-debian11"
 
 ARG STAGE_DIR="/opt/stage"
 

diff --git a/images/haproxy/stage-binary-and-deps.sh b/images/haproxy/stage-binary-and-deps.sh
@@ -86,14 +86,6 @@ main(){
 
     # stage the dependencies of the binary
     while IFS= read -r c_dep; do
-        # skip libc, libgcc1 we already have this in the distroless images
-        # NOTE: debian10 -> libggc1, debian11 -> libgcc-s1
-        # https://github.com/GoogleContainerTools/distroless/blob/47cf1c0554fdfc71604af0b8f6e19072f62e4f93/cc/BUILD#L10-L14
-        pkg="$(file_to_package "${c_dep}")"
-        if [[ "${pkg}" == "libc6" || "${pkg}" == "libgcc1" || "${pkg}" == "libgcc-s1" ]]; then
-            continue
-        fi
-        # otherwise stage dependency
         stage_file "${c_dep}" "${STAGE_DIR}"
     done < <(binary_to_libraries "${binary_path}")
 }