f875c7a73f
Debian has decided to be a bit too aggressive in their openssl defaults. Vendor in a copy of openssl.cnf with the changes in https://salsa.debian.org/debian/openssl/-/blob/debian/unstable/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch reverted. DEFAULT@SECLEVEL=2 breaks API interactions with Rackspace, but it's not just them. https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html indicates that 1 is defaut and setting higher is problematic. Change-Id: Ida7e9a557b873c14c0bf474450508f42fe7a5ad2
32 lines
1.0 KiB
Docker
32 lines
1.0 KiB
Docker
# Copyright (c) 2019 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
FROM docker.io/library/python:3.7-slim
|
|
|
|
RUN apt-get update \
|
|
&& apt-get install -y dumb-init libjemalloc2 \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Upgrade pip to fix wheel cache for locally built wheels
|
|
# See https://github.com/pypa/pip/issues/6852
|
|
RUN pip install -U pip
|
|
|
|
# Undo debian changes to openssl.cnf that are too aggressive
|
|
COPY openssl.cnf /etc/ssl/openssl.cnf
|
|
|
|
ENV LD_PRELOAD /usr/lib/x86_64-linux-gnu/libjemalloc.so.2
|
|
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|