From a85421e3e9f6ad29983cc4b2183b2944b1903d2b Mon Sep 17 00:00:00 2001 From: anthis Date: Mon, 13 May 2024 23:34:41 +0900 Subject: [PATCH] dockerfiles: reducing debug information from the production container image. follow-up for https://github.com/fluent/fluent-bit/discussions/8807 By reducing debug information from the production container image, we aim to achieve a lightweight container image and enhance security. The debug image still includes the debug information file, allowing for easy debugging with tools like gdb. Signed-off-by: anthisfan --- dockerfiles/Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dockerfiles/Dockerfile b/dockerfiles/Dockerfile index b1d505a1574..0992828ebe9 100644 --- a/dockerfiles/Dockerfile +++ b/dockerfiles/Dockerfile @@ -29,6 +29,7 @@ ARG FLB_CHUNK_TRACE=On ENV FLB_CHUNK_TRACE=${FLB_CHUNK_TRACE} RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log +RUN mkdir -p /usr/lib/debug/fluent-bit/bin ENV DEBIAN_FRONTEND noninteractive @@ -81,6 +82,10 @@ RUN cmake -DFLB_RELEASE=On \ RUN make -j "$(getconf _NPROCESSORS_ONLN)" RUN install bin/fluent-bit /fluent-bit/bin/ +RUN objcopy --only-keep-debug /fluent-bit/bin/fluent-bit /usr/lib/debug/fluent-bit/bin/fluent-bit.debug +RUN objcopy --strip-debug /fluent-bit/bin/fluent-bit +RUN objcopy --add-gnu-debuglink=/usr/lib/debug/fluent-bit/bin/fluent-bit.debug /fluent-bit/bin/fluent-bit + # Configuration files COPY conf/fluent-bit.conf \ conf/parsers.conf \ @@ -231,6 +236,7 @@ RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/ RUN rm -f /usr/bin/qemu-*-static COPY --from=builder /fluent-bit /fluent-bit +COPY --from=builder /usr/lib/debug/fluent-bit /usr/lib/debug/fluent-bit EXPOSE 2020