diff options
| author | Austin S. Hemmelgarn <austin@netdata.cloud> | 2020-05-19 15:11:13 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-19 15:11:13 -0400 |
| commit | 9511af410de5e47f9e1fd7a0718dd98d82d6edb4 (patch) | |
| tree | ff341a2a198ab58d3034dd2a59cd65cb48eb2826 /packaging | |
| parent | a35a951e39346cc4f1b07091895bf5b58bdd3196 (diff) | |
Removeed Polyverse Polymorphic Linux from Docker builds. (#8802)
* Removeed Polyverse Polymorphic Linux from Docker images.
It ends up using roughly 140MB of extra space, only works for 64-bit x86,
and the benefits for a majority of our users range from questionale to
completely non-existent.
* Update docs and add runtime support for Polyverse.
Diffstat (limited to 'packaging')
| -rw-r--r-- | packaging/docker/Dockerfile | 11 | ||||
| -rw-r--r-- | packaging/docker/README.md | 7 | ||||
| -rwxr-xr-x | packaging/docker/run.sh | 11 |
3 files changed, 12 insertions, 17 deletions
diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile index a9a101aac9..0940cf7fc3 100644 --- a/packaging/docker/Dockerfile +++ b/packaging/docker/Dockerfile @@ -57,17 +57,6 @@ ARG ARCH # This image contains preinstalled dependecies FROM netdata/base:${ARCH} -# Conditional subscription to Polyverse's Polymorphic Linux repositories -RUN if [ "$(uname -m)" == "x86_64" ]; then \ - apk update && apk upgrade; \ - curl https://sh.polyverse.io | sh -s install gcxce5byVQbtRz0iwfGkozZwy support+netdata@polyverse.io; \ - if [ $? -eq 0 ]; then \ - apk update && \ - apk upgrade --available --no-cache && \ - sed -in 's/^#//g' /etc/apk/repositories; \ - fi \ - fi - # Copy files over RUN mkdir -p /opt/src COPY --from=builder /app / diff --git a/packaging/docker/README.md b/packaging/docker/README.md index 64c2c6a226..f58bafeccb 100644 --- a/packaging/docker/README.md +++ b/packaging/docker/README.md @@ -36,9 +36,10 @@ documentation](https://docs.docker.com/engine/reference/builder/#understand-how- ### Package scrambling in runtime (x86_64 only) -Our x86_64 Docker images use [Polymorphic Polyverse Linux package scrambling](https://polyverse.io/how-it-works/). For -increased security, you can enable rescrambling of Netdata packages during runtime by setting the environment variable -`RESCRAMBLE=true` while starting Netdata with a Docker container. +Our x86_64 Docker images provide support for using [Polymorphic Polyverse +Linux package scrambling](https://polyverse.io/how-it-works/) to protect +against buffer overflow errors. To activate this, set the environemnt +variable `RESCRAMBLE=true` while starting Netdata with a Docker container. ## Run the Agent with the Docker command diff --git a/packaging/docker/run.sh b/packaging/docker/run.sh index 1d886f01ac..ab4381b9bf 100755 --- a/packaging/docker/run.sh +++ b/packaging/docker/run.sh @@ -12,9 +12,14 @@ if [ ! "${DO_NOT_TRACK:-0}" -eq 0 ] || [ -n "$DO_NOT_TRACK" ]; then fi echo "Netdata entrypoint script starting" -if [ ${RESCRAMBLE+x} ]; then - echo "Reinstalling all packages to get the latest Polymorphic Linux scramble" - apk upgrade --update-cache --available +if [ ${RESCRAMBLE+x} ] && [ "$(uname -m)" == "x86_64" ]; then + echo "Injecting packages from Polymorphic Linux" + apk update && apk upgrade + curl https://sh.polyverse.io | sh -s install gcxce5byVQbtRz0iwfGkozZwy support+netdata@polyverse.io + # shellcheck disable=SC2181 + if [ $? -eq 0 ]; then + apk update && apk upgrade --available --no-cache && sed -in 's/^#//g' /etc/apk/repositories + fi fi if [ -n "${PGID}" ]; then |