Openvpn needs to be installed in the final stage

b917c805 · micah · eb010629 · b917c805
Unverified Commit b917c805 authored 3 years ago by micah
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:buster-backports AS build
 RUN apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
 build-essential pkg-config git ca-certificates \
 && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-t buster-backports golang-go openvpn \
+-t buster-backports golang-go \
 && rm -rf /var/lib/apt/lists/*
 # don't need to do bash tricks to keep the layers small, as this is a multi-stage build
@@ -14,16 +14,15 @@ RUN go get -u github.com/kumina/openvpn_exporter
 RUN strip $GOPATH/bin/openvpn_exporter
 FROM registry.git.autistici.org/ai3/docker/chaperone-base:buster
 COPY --from=build /shapeshifter-dispatcher/shapeshifter-dispatcher /usr/local/bin/shapeshifter-dispatcher
-COPY --from=build /usr/sbin/openvpn /usr/sbin/openvpn
 COPY --from=build /go/bin/openvpn_exporter /usr/local/bin/openvpn_exporter
 COPY chaperone.d/ /etc/chaperone.d
 RUN echo "deb http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-latest/Debian_9.0/ /" > /etc/apt/sources.list.d/knot.list
 COPY cznic-obs.gpg /etc/apt/trusted.gpg.d
 RUN apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-libcap2-bin netcat-openbsd iptables iproute2 knot-resolver \
+libcap2-bin netcat-openbsd iptables iproute2 knot-resolver knot-resolver-module-http \
-knot-resolver-module-http \
+&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+-t buster-backports openvpn \
 && rm -rf /var/lib/apt/lists/*
 RUN setcap cap_net_admin,cap_net_bind_service+ep /usr/sbin/openvpn
 RUN setcap cap_net_admin+ep /bin/ip