From 587d8439f23781a9e788739d6bcf65b8c3348eee Mon Sep 17 00:00:00 2001
From: "Sergey A. Osokin" <osa@FreeBSD.org.ru>
Date: Thu, 3 Dec 2020 13:07:37 -0500
Subject: [PATCH] Call setcap(8) one time only.

The setcap(8) utility supports multiple arguments, so it's possible
to manage more than one permission for more than one file at the
same time.
---
 build/Dockerfile                                             | 2 +-
 build/DockerfileForAlpine                                    | 2 +-
 build/DockerfileForPlus                                      | 2 +-
 build/DockerfileWithOpentracing                              | 2 +-
 build/DockerfileWithOpentracingForPlus                       | 2 +-
 build/appprotect/DockerfileWithAppProtectForPlus             | 2 +-
 build/appprotect/DockerfileWithAppProtectForPlusForOpenShift | 2 +-
 build/openshift/Dockerfile                                   | 2 +-
 build/openshift/DockerfileForPlus                            | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 5fe5881969..a9f55e60a0 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -14,7 +14,7 @@ RUN mkdir -p /var/lib/nginx \
 	&& apt-get update \
 	&& apt-get install -y libcap2-bin \
 	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	          'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
 	&& chown -R nginx:0 /etc/nginx \
 	&& chown -R nginx:0 /var/cache/nginx \
 	&& chown -R nginx:0 /var/lib/nginx \
diff --git a/build/DockerfileForAlpine b/build/DockerfileForAlpine
index 029e7018c7..21f4af1a61 100644
--- a/build/DockerfileForAlpine
+++ b/build/DockerfileForAlpine
@@ -13,7 +13,7 @@ RUN mkdir -p /etc/nginx/secrets \
 	&& mkdir -p /var/lib/nginx \
 	&& apk add --no-cache libcap \
 	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	          'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
 	&& chown -R nginx:0 /etc/nginx \
 	&& chown -R nginx:0 /var/cache/nginx \
 	&& chown -R nginx:0 /var/lib/nginx \
diff --git a/build/DockerfileForPlus b/build/DockerfileForPlus
index 066e8139f9..ebe1a32f89 100644
--- a/build/DockerfileForPlus
+++ b/build/DockerfileForPlus
@@ -38,7 +38,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
 	&& printf "deb https://plus-pkgs.nginx.com/debian buster nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \
 	&& apt-get update && apt-get install -y nginx-plus=${NGINX_PLUS_VERSION} \
 	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	          'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
 	&& apt-get remove --purge --auto-remove -y gnupg1 \
 	&& rm -rf /var/lib/apt/lists/* \
 	&& rm -rf /etc/ssl/nginx \
diff --git a/build/DockerfileWithOpentracing b/build/DockerfileWithOpentracing
index dc61747a2f..19a89e3a6b 100644
--- a/build/DockerfileWithOpentracing
+++ b/build/DockerfileWithOpentracing
@@ -80,7 +80,7 @@ RUN mkdir -p /var/lib/nginx \
 	&& apt-get update \
 	&& apt-get install -y libcap2-bin \
 	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	          'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
 	&& chown -R nginx:0 /etc/nginx \
 	&& chown -R nginx:0 /var/cache/nginx \
 	&& chown -R nginx:0 /var/lib/nginx \
diff --git a/build/DockerfileWithOpentracingForPlus b/build/DockerfileWithOpentracingForPlus
index c552e7b79b..99d178d082 100644
--- a/build/DockerfileWithOpentracingForPlus
+++ b/build/DockerfileWithOpentracingForPlus
@@ -51,7 +51,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
 	# Install OpenTracing module
 	nginx-plus-module-opentracing=${NGINX_OPENTRACING_MODULE_VERSION} \
 	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	          'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
 	&& apt-get remove --purge --auto-remove -y gnupg1 \
 	&& rm -rf /var/lib/apt/lists/* \
 	&& rm -rf /etc/ssl/nginx \
diff --git a/build/appprotect/DockerfileWithAppProtectForPlus b/build/appprotect/DockerfileWithAppProtectForPlus
index 4318978cc8..2ccbf5d87e 100644
--- a/build/appprotect/DockerfileWithAppProtectForPlus
+++ b/build/appprotect/DockerfileWithAppProtectForPlus
@@ -58,7 +58,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
 	&& apt-get install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+=$APPPROTECT_SIG_VERSION} \
 	&& apt-get install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+=$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
 	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	          'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
 	&& apt-get remove --purge --auto-remove -y gnupg1 wget\
 	&& rm -rf /var/lib/apt/lists/* \
 	&& rm -rf /etc/ssl/nginx \
diff --git a/build/appprotect/DockerfileWithAppProtectForPlusForOpenShift b/build/appprotect/DockerfileWithAppProtectForPlusForOpenShift
index ed4a95115f..cb36dc6521 100644
--- a/build/appprotect/DockerfileWithAppProtectForPlusForOpenShift
+++ b/build/appprotect/DockerfileWithAppProtectForPlusForOpenShift
@@ -61,7 +61,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
 	&& yum install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+-$APPPROTECT_SIG_VERSION} \
 	&& yum install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+-$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
 	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	          'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
 	&& yum remove -y wget \
 	&& rm -rf /etc/ssl/nginx \
 	&& rm /etc/yum.repos.d/nginx-plus-7.repo \
diff --git a/build/openshift/Dockerfile b/build/openshift/Dockerfile
index 49971da4a4..67714aa8ff 100644
--- a/build/openshift/Dockerfile
+++ b/build/openshift/Dockerfile
@@ -25,7 +25,7 @@ RUN set -x \
 	&& mkdir -p /etc/nginx/secrets \
 	&& mkdir -p /etc/nginx/stream-conf.d \
 	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	          'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
 	&& chown -R nginx:0 /etc/nginx \
 	&& chown -R nginx:0 /var/cache/nginx \
 	&& chown -R nginx:0 /var/lib/nginx \
diff --git a/build/openshift/DockerfileForPlus b/build/openshift/DockerfileForPlus
index ece754e402..78a093b98b 100644
--- a/build/openshift/DockerfileForPlus
+++ b/build/openshift/DockerfileForPlus
@@ -45,7 +45,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
 	&& echo "enabled=1" >> /etc/yum.repos.d/nginx-plus-8.repo \
 	&& yum install -y nginx-plus-${NGINX_PLUS_VERSION} \
 	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	          'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
 	&& yum remove -y wget \
 	&& rm -rf /etc/ssl/nginx \
 	&& rm /etc/yum.repos.d/nginx-plus-8.repo \