Skip to content

Commit fb2c7ce

Browse files
CloudCraygustavosbarreto
CloudCray
authored and
gustavosbarreto
committed
fix: ensure nsenter and setpriv match the target architecture
1 parent 70bd6ab commit fb2c7ce

File tree

1 file changed

+19
-12
lines changed

1 file changed

+19
-12
lines changed

agent/Dockerfile

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,8 @@ ARG GOPROXY
1212
ARG TARGETARCH
1313
ARG TARGETOS=linux
1414

15-
RUN apk add --no-cache ca-certificates util-linux setpriv
15+
# Install Go BUILD architecture dependencies
16+
RUN apk add --no-cache ca-certificates
1617

1718
WORKDIR $GOPATH/src/github.com/shellhub-io/shellhub
1819

@@ -44,13 +45,19 @@ WORKDIR $GOPATH/src/github.com/shellhub-io/shellhub/agent
4445
# Cross-compile for target architecture
4546
RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -tags docker -ldflags "-s -w -X main.AgentVersion=${SHELLHUB_VERSION}" -o agent
4647

48+
# Runtime utilities stage - CRITICAL: must use target platform
49+
FROM --platform=$TARGETPLATFORM alpine:${ALPINE_VERSION:-3.22} AS runtime-utils
50+
51+
# Install runtime binaries for the TARGET architecture
52+
RUN apk add --no-cache util-linux setpriv ca-certificates
53+
4754
# development stage
4855
FROM base AS development
4956

5057
ARG GOPROXY
5158
ENV GOPROXY ${GOPROXY}
5259

53-
RUN apk add --update openssl openssh-client
60+
RUN apk add --update openssl openssh-client util-linux setpriv
5461
RUN go install github.com/air-verse/air@v1.62 && \
5562
go install github.com/go-delve/delve/cmd/dlv@v1.25 && \
5663
go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.6
@@ -72,20 +79,20 @@ FROM scratch
7279

7380
ARG TARGETARCH
7481

75-
# Copy CA certificates
76-
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
82+
# Copy CA certificates from runtime-utils
83+
COPY --from=runtime-utils /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
7784

78-
# Copy required utilities
79-
COPY --from=builder /usr/bin/nsenter /usr/bin/
80-
COPY --from=builder /bin/setpriv /bin/
85+
# Copy required utilities from runtime-utils - NOT from builder
86+
COPY --from=runtime-utils /usr/bin/nsenter /usr/bin/
87+
COPY --from=runtime-utils /bin/setpriv /bin/
8188

82-
# Copy shared libraries
83-
COPY --from=builder /usr/lib/libcap-ng.so.* /usr/lib/
89+
# Copy shared libraries from runtime-utils
90+
COPY --from=runtime-utils /usr/lib/libcap-ng.so.* /usr/lib/
8491

85-
# Copy musl loader (automatically matches target architecture)
86-
COPY --from=builder /lib/ld-musl-*.so.1 /lib/
92+
# Copy musl loader from runtime-utils
93+
COPY --from=runtime-utils /lib/ld-musl-*.so.1 /lib/
8794

8895
# Copy the agent binary
8996
COPY --from=builder /go/src/github.com/shellhub-io/shellhub/agent/agent /bin/agent
9097

91-
ENTRYPOINT ["/bin/agent"]
98+
ENTRYPOINT ["/bin/agent"]

0 commit comments

Comments
 (0)