diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/config/tini.sha512 b/src/dev/build/tasks/os_packages/docker_generator/resources/config/tini.sha512 new file mode 100644 index 0000000000000..9354eb72a8735 --- /dev/null +++ b/src/dev/build/tasks/os_packages/docker_generator/resources/config/tini.sha512 @@ -0,0 +1 @@ +ffdb31563e34bca91a094f962544b9d31f5d138432f2d639a0856ff605b3a69f47e48191da42d6956ab62a1b24eafca1a95b299901257832225d26770354ce5e /tini \ No newline at end of file diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.js b/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.js index 6ad34c439a233..33d839502f9ad 100755 --- a/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.js +++ b/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.js @@ -67,6 +67,17 @@ function generator({ RUN chmod -R g=u /usr/share/kibana RUN find /usr/share/kibana -type d -exec chmod g+s {} \\; + # "tini" is a tiny but valid init for containers. This is used to cleanly + # control how ES and any child processes are shut down. + # + # The tini GitHub page gives instructions for verifying the binary using + # gpg, but the keyservers are slow to return the key and this can fail the + # build. Instead, we check the binary against a checksum that we have + # computed. + ADD https://github.com/krallin/tini/releases/download/v0.18.0/tini /tini + COPY config/tini.sha512 /tini.sha512 + RUN sha512sum -c /tini.sha512 && chmod +x /tini + ################################################################################ # Build stage 1 # Copy prepared files from the previous stage and complete the image. @@ -74,6 +85,8 @@ function generator({ FROM ${baseOSImage} EXPOSE 5601 + COPY --from=builder /tini /tini + # Add Reporting dependencies. RUN ${packageManager()} update -y && ${packageManager()} install -y fontconfig freetype shadow-utils && ${packageManager()} clean all @@ -120,7 +133,7 @@ function generator({ org.label-schema.build-date="${dockerBuildDate}" \\ license="${license}" - ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] + ENTRYPOINT ["/tini", "--", "/usr/local/bin/dumb-init", "--"] CMD ["/usr/local/bin/kibana-docker"] `);