digimach · komailo · Feb 27, 2022 · Feb 28, 2022 · Feb 28, 2022 · Feb 28, 2022
diff --git a/alpinelinux/Dockerfile b/alpinelinux/Dockerfile
@@ -3,13 +3,14 @@ FROM alpine:latest as acmesh_artifacts
 # os related operations below:
 RUN apk -U --no-cache upgrade
 
-RUN apk add --no-cache curl gzip tar 
+RUN apk add --no-cache curl gzip tar util-linux xz
 
 # Set ARGS
 ARG acmesh_version=master
 ARG acmesh_link="https://github.com/acmesh-official/acme.sh/archive/${acmesh_version}.tar.gz"
 ARG acmesh_artifacts_dir=/opt/acmesh
-ARG s6_overlay_version=2.2.0.3
+ARG s6_artifacts_dir=/opt/s6
+ARG s6_overlay_version=3.0.0.2-2
 
 # Download and place acme.sh inside the container
 RUN mkdir -p "${acmesh_artifacts_dir}" \
@@ -18,18 +19,36 @@ RUN mkdir -p "${acmesh_artifacts_dir}" \
     && rm -rf "/tmp/acmesh-${acmesh_version}.tar.gz" \
     && "${acmesh_artifacts_dir}"/acme.sh --help
 
-# Download and install s6-overlay-builder
-ADD https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-amd64-installer /tmp/
-RUN chmod +x /tmp/s6-overlay-amd64-installer
+# Download s6-overlay artifacts and checksum files
+RUN mkdir -p ${s6_artifacts_dir} \
+    && CPU_ARCH=$(lscpu | grep Architecture | cut -f2 -d":" | xargs) \
+    && echo "CPU ARCH is: ${CPU_ARCH}" \
+    && curl --fail --location --remote-header-name --output "/tmp/s6-overlay-noarch.tar.xz" \
+        https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-noarch-${s6_overlay_version}.tar.xz \
+    && curl --fail --location --remote-header-name --output "/tmp/s6-overlay-noarch.tar.xz.sha256" \
+        https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-noarch-${s6_overlay_version}.tar.xz.sha256 \
+    && curl --fail --location --remote-header-name --output "/tmp/s6-overlay.tar.xz" \
+        https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-${CPU_ARCH}-${s6_overlay_version}.tar.xz \
+    && curl --fail --location --remote-header-name --output "/tmp/s6-overlay.tar.xz.sha256" \
+        https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-${CPU_ARCH}-${s6_overlay_version}.tar.xz.sha256
+
+# Perform checksum on s6-overlay artifacts
+RUN echo "$(cat /tmp/s6-overlay-noarch.tar.xz.sha256 | cut -f1 -d" ")  /tmp/s6-overlay-noarch.tar.xz" | sha256sum -cs 
+RUN echo "$(cat /tmp/s6-overlay.tar.xz.sha256 | cut -f1 -d" ")  /tmp/s6-overlay.tar.xz" | sha256sum -cs 
+
+# Extract s6-overlay artifacts
+RUN tar -C ${s6_artifacts_dir} --xz --extract --preserve-permissions --file /tmp/s6-overlay-noarch.tar.xz \
+    && tar -C ${s6_artifacts_dir} --xz --extract --preserve-permissions --file /tmp/s6-overlay.tar.xz
 
 FROM alpine:latest
 
 ARG acmesh_artifacts_dir=/opt/acmesh
 ARG auto_upgrade=0
 ARG acme_working_dir=/usr/lib/acmesh
+ARG s6_artifacts_dir=/opt/s6
 
 COPY --from=acmesh_artifacts "$acmesh_artifacts_dir" "$acmesh_artifacts_dir"
-COPY --from=acmesh_artifacts "/tmp/s6-overlay-amd64-installer" "/tmp/s6-overlay-amd64-installer"
+COPY --from=acmesh_artifacts "$s6_artifacts_dir" "/"
 
 # Set runtime variables
 ENV LE_WORKING_DIR="$acme_working_dir"
@@ -49,10 +68,7 @@ RUN apk add --no-cache bash wget curl git openssl shadow socat \
     && apk -U --no-cache upgrade \
     && cd "$acmesh_artifacts_dir" || exit \
     && ./acme.sh --install --no-cron --no-profile --auto-upgrade 0 \
-    && chmod -R +x "$LE_WORKING_DIR" \
-    # install s6-overlay
-    && /tmp/s6-overlay-amd64-installer / \
-    && rm -rf /tmp/s6-overlay-amd64-installer
+    && chmod -R +x "$LE_WORKING_DIR"
 
 COPY root/ /
 

diff --git a/alpinelinux/root/etc/cont-init.d/01-adduser.sh b/alpinelinux/root/etc/cont-init.d/01-adduser.sh
@@ -1,6 +1,7 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
 
+export PATH=$PATH:/usr/sbin/ # s6 3.0.0.2 doesn't set PATH properly
 set -eu
 
 if [[ $EUID -ne 0 ]]; then

diff --git a/alpinelinux/root/etc/cont-init.d/10-create-dirs.sh b/alpinelinux/root/etc/cont-init.d/10-create-dirs.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
 
 # This cont-init script is responsible for creating the directory structure required

diff --git a/alpinelinux/root/etc/cont-init.d/20-set-logging.sh b/alpinelinux/root/etc/cont-init.d/20-set-logging.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
 
 # This cont-init will only be applied if ACMESH_DAEMON is set to "1" which implies
@@ -11,7 +11,7 @@ if [ -v ACMESH_DAEMON ] && [[ $ACMESH_DAEMON == "1" ]]; then
     echo "** Setting up logging for daemon"
 
     if ! [ -v S6_LOGGING_SCRIPT ]; then
-        printf "n30 s10000000 S15000000 T !'gzip -nq9'" >/var/run/s6/container_environment/S6_LOGGING_SCRIPT
+        printf 'n30 s10000000 S15000000 T !"gzip -nq9"' >/var/run/s6/container_environment/S6_LOGGING_SCRIPT
     fi
 
     mkdir -p "$LE_LOG_DIR"

diff --git a/alpinelinux/root/etc/cont-init.d/98-set-permissions.sh b/alpinelinux/root/etc/cont-init.d/98-set-permissions.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
 
 # This cont-init script is responsible for setting the correct permissions on files

diff --git a/alpinelinux/root/etc/cont-init.d/99-set-services.sh b/alpinelinux/root/etc/cont-init.d/99-set-services.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
 
 # This cont-init script will remove the service directory if the daemon is not being

diff --git a/alpinelinux/root/etc/services.d/acmesh-renewal/log/run b/alpinelinux/root/etc/services.d/acmesh-renewal/log/run
@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
 
 # This service script sets up logging service to capture stdin logs

diff --git a/alpinelinux/root/etc/services.d/acmesh-renewal/run b/alpinelinux/root/etc/services.d/acmesh-renewal/run
@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
 
 set -eu

diff --git a/alpinelinux/root/usr/local/bin/acme.sh → alpinelinux/root/usr/bin/acme.sh b/alpinelinux/root/usr/local/bin/acme.sh → alpinelinux/root/usr/bin/acme.sh
@@ -1,4 +1,4 @@
-#!/bin/bash -ue
+#!/command/with-contenv bash
 
 LOCKFILE="$LE_CONFIG_HOME/run.lock"
 

diff --git a/...inux/root/usr/local/bin/acmesh-renewal.sh → alpinelinux/root/usr/bin/acmesh-renewal.sh b/...inux/root/usr/local/bin/acmesh-renewal.sh → alpinelinux/root/usr/bin/acmesh-renewal.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
 
 # This service script is the acme.sh renewal daemon that performs the renewal check