From ec45cd2793290799a8a2c806d8301e2fe6e625ec Mon Sep 17 00:00:00 2001 From: Orgad Shaneh Date: Thu, 10 Jul 2025 21:55:56 +0300 Subject: [PATCH 1/2] Remove stray * for linux*-s390x in slim images Discovered by Copilot. --- 20/bookworm-slim/Dockerfile | 2 +- 20/bullseye-slim/Dockerfile | 2 +- 22/bookworm-slim/Dockerfile | 2 +- 22/bullseye-slim/Dockerfile | 2 +- 24/bookworm-slim/Dockerfile | 2 +- 24/bullseye-slim/Dockerfile | 2 +- Dockerfile-slim.template | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/20/bookworm-slim/Dockerfile b/20/bookworm-slim/Dockerfile index 22cdcb6a0..2183e4f47 100644 --- a/20/bookworm-slim/Dockerfile +++ b/20/bookworm-slim/Dockerfile @@ -9,7 +9,7 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ - s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ diff --git a/20/bullseye-slim/Dockerfile b/20/bullseye-slim/Dockerfile index 4aa7f399e..720615388 100644 --- a/20/bullseye-slim/Dockerfile +++ b/20/bullseye-slim/Dockerfile @@ -9,7 +9,7 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ - s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ diff --git a/22/bookworm-slim/Dockerfile b/22/bookworm-slim/Dockerfile index c47139784..09f52f023 100644 --- a/22/bookworm-slim/Dockerfile +++ b/22/bookworm-slim/Dockerfile @@ -9,7 +9,7 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ - s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ diff --git a/22/bullseye-slim/Dockerfile b/22/bullseye-slim/Dockerfile index c85d50956..02d8b7019 100644 --- a/22/bullseye-slim/Dockerfile +++ b/22/bullseye-slim/Dockerfile @@ -9,7 +9,7 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ - s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ diff --git a/24/bookworm-slim/Dockerfile b/24/bookworm-slim/Dockerfile index 5d98191cb..d8df53681 100644 --- a/24/bookworm-slim/Dockerfile +++ b/24/bookworm-slim/Dockerfile @@ -9,7 +9,7 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ - s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ diff --git a/24/bullseye-slim/Dockerfile b/24/bullseye-slim/Dockerfile index 24f8dae97..f954869e8 100644 --- a/24/bullseye-slim/Dockerfile +++ b/24/bullseye-slim/Dockerfile @@ -9,7 +9,7 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ - s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template index 0fe02e764..42ccb759d 100644 --- a/Dockerfile-slim.template +++ b/Dockerfile-slim.template @@ -9,7 +9,7 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ - s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ From eb07c4841aa2aadd73e47bf54731cf8d77f6d0b0 Mon Sep 17 00:00:00 2001 From: Orgad Shaneh Date: Tue, 8 Jul 2025 09:40:01 +0300 Subject: [PATCH 2/2] Add images for debian trixie It is currently in hard freeze, and is expected to be released this summer. https://wiki.debian.org/DebianTrixie --- 20/trixie-slim/Dockerfile | 104 ++++++++++++++++++++++++++++ 20/trixie-slim/docker-entrypoint.sh | 11 +++ 20/trixie/Dockerfile | 77 ++++++++++++++++++++ 20/trixie/docker-entrypoint.sh | 11 +++ 22/trixie-slim/Dockerfile | 104 ++++++++++++++++++++++++++++ 22/trixie-slim/docker-entrypoint.sh | 11 +++ 22/trixie/Dockerfile | 77 ++++++++++++++++++++ 22/trixie/docker-entrypoint.sh | 11 +++ 24/trixie-slim/Dockerfile | 104 ++++++++++++++++++++++++++++ 24/trixie-slim/docker-entrypoint.sh | 11 +++ 24/trixie/Dockerfile | 77 ++++++++++++++++++++ 24/trixie/docker-entrypoint.sh | 11 +++ README.md | 7 ++ SECURITY.md | 2 +- architectures | 10 +-- config | 4 +- versions.json | 36 ++++++++++ 17 files changed, 660 insertions(+), 8 deletions(-) create mode 100644 20/trixie-slim/Dockerfile create mode 100755 20/trixie-slim/docker-entrypoint.sh create mode 100644 20/trixie/Dockerfile create mode 100755 20/trixie/docker-entrypoint.sh create mode 100644 22/trixie-slim/Dockerfile create mode 100755 22/trixie-slim/docker-entrypoint.sh create mode 100644 22/trixie/Dockerfile create mode 100755 22/trixie/docker-entrypoint.sh create mode 100644 24/trixie-slim/Dockerfile create mode 100755 24/trixie-slim/docker-entrypoint.sh create mode 100644 24/trixie/Dockerfile create mode 100755 24/trixie/docker-entrypoint.sh diff --git a/20/trixie-slim/Dockerfile b/20/trixie-slim/Dockerfile new file mode 100644 index 000000000..b3084ce45 --- /dev/null +++ b/20/trixie-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 20.19.3 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/20/trixie-slim/docker-entrypoint.sh b/20/trixie-slim/docker-entrypoint.sh new file mode 100755 index 000000000..1b3116e53 --- /dev/null +++ b/20/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/20/trixie/Dockerfile b/20/trixie/Dockerfile new file mode 100644 index 000000000..597977c08 --- /dev/null +++ b/20/trixie/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:trixie + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 20.19.3 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/20/trixie/docker-entrypoint.sh b/20/trixie/docker-entrypoint.sh new file mode 100755 index 000000000..1b3116e53 --- /dev/null +++ b/20/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/trixie-slim/Dockerfile b/22/trixie-slim/Dockerfile new file mode 100644 index 000000000..8bd55f4dc --- /dev/null +++ b/22/trixie-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 22.17.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/trixie-slim/docker-entrypoint.sh b/22/trixie-slim/docker-entrypoint.sh new file mode 100755 index 000000000..1b3116e53 --- /dev/null +++ b/22/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/trixie/Dockerfile b/22/trixie/Dockerfile new file mode 100644 index 000000000..344b8b6eb --- /dev/null +++ b/22/trixie/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:trixie + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 22.17.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/trixie/docker-entrypoint.sh b/22/trixie/docker-entrypoint.sh new file mode 100755 index 000000000..1b3116e53 --- /dev/null +++ b/22/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/trixie-slim/Dockerfile b/24/trixie-slim/Dockerfile new file mode 100644 index 000000000..21e4febfe --- /dev/null +++ b/24/trixie-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 24.4.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/trixie-slim/docker-entrypoint.sh b/24/trixie-slim/docker-entrypoint.sh new file mode 100755 index 000000000..1b3116e53 --- /dev/null +++ b/24/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/trixie/Dockerfile b/24/trixie/Dockerfile new file mode 100644 index 000000000..9b45e2469 --- /dev/null +++ b/24/trixie/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:trixie + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 24.4.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/trixie/docker-entrypoint.sh b/24/trixie/docker-entrypoint.sh new file mode 100755 index 000000000..1b3116e53 --- /dev/null +++ b/24/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/README.md b/README.md index fc778a31e..6020a8dd4 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ The official Node.js docker image, made with love by the node community. - [`node:alpine`](#nodealpine) - [`node:bullseye`](#nodebullseye) - [`node:bookworm`](#nodebookworm) + - [`node:trixie`](#nodetrixie) - [`node:slim`](#nodeslim) - [License](#license) - [Supported Docker versions](#supported-docker-versions) @@ -216,6 +217,12 @@ This image is based on version 12 of [Debian](http://debian.org), available in [the `debian` official image](https://hub.docker.com/_/debian). +### `node:trixie` + +This image is based on version 13 of +[Debian](http://debian.org), available in +[the `debian` official image](https://hub.docker.com/_/debian). + ### `node:slim` This image does not contain the common packages contained in the default tag and diff --git a/SECURITY.md b/SECURITY.md index a820a3f55..9c1e22e46 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,6 +7,6 @@ Security issues relating to Node.js project should follow the process documented CVEs for the base image packages should be reported to those repositories. Nothing to address those CVEs is in the hands of this repos. - [Alpine](https://github.com/alpinelinux/docker-alpine) -- [Debian (bullseye, bookworm)](https://github.com/debuerreotype/docker-debian-artifacts) +- [Debian (bullseye, bookworm, trixie)](https://github.com/debuerreotype/docker-debian-artifacts) When base images are patched, the images are rebuilt and rolled out to the Docker hub without intervention by this repo. This process is explained in . diff --git a/architectures b/architectures index 1ed4ae899..7e0d968a7 100644 --- a/architectures +++ b/architectures @@ -1,8 +1,8 @@ bashbrew-arch variants -amd64 alpine3.21,alpine3.22,bookworm,bookworm-slim,bullseye,bullseye-slim +amd64 alpine3.21,alpine3.22,bookworm,bookworm-slim,bullseye,bullseye-slim,trixie,trixie-slim arm32v6 alpine3.21,alpine3.22 -arm32v7 alpine3.21,alpine3.22,bookworm,bookworm-slim,bullseye,bullseye-slim -arm64v8 alpine3.21,alpine3.22,bookworm,bookworm-slim,bullseye,bullseye-slim +arm32v7 alpine3.21,alpine3.22,bookworm,bookworm-slim,bullseye,bullseye-slim,trixie,trixie-slim +arm64v8 alpine3.21,alpine3.22,bookworm,bookworm-slim,bullseye,bullseye-slim,trixie,trixie-slim i386 alpine3.21,alpine3.22 -ppc64le alpine3.21,alpine3.22,bookworm,bookworm-slim -s390x alpine3.21,alpine3.22,bookworm,bookworm-slim +ppc64le alpine3.21,alpine3.22,bookworm,bookworm-slim,trixie,trixie-slim +s390x alpine3.21,alpine3.22,bookworm,bookworm-slim,trixie,trixie-slim diff --git a/config b/config index bb8d85f91..d5dea81f2 100644 --- a/config +++ b/config @@ -1,4 +1,4 @@ baseuri https://nodejs.org/dist default_variant bookworm -alpine_version 3.19 -debian_versions bookworm bullseye +alpine_version 3.22 +debian_versions bookworm bullseye trixie diff --git a/versions.json b/versions.json index cf9699e20..f9bbddc22 100644 --- a/versions.json +++ b/versions.json @@ -37,6 +37,18 @@ "bullseye-slim": [ "amd64", "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" ] } }, @@ -86,6 +98,18 @@ "amd64", "arm32v7", "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" ] } }, @@ -137,6 +161,18 @@ "amd64", "arm32v7", "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" ] } }