Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node:lts-slim does not include OpenSSL as it is now based on bookworm because of upstream change in debian:bookworm-slim image #1919

Open
Jolg42 opened this issue Jun 15, 2023 · 0 comments
Open

node:lts-slim does not include OpenSSL as it is now based on bookworm because of upstream change in debian:bookworm-slim image #1919

Jolg42 opened this issue Jun 15, 2023 · 0 comments

Comments

@Jolg42
Copy link

Jolg42 commented Jun 15, 2023
edited

Environment

  • Image Tag: node:lts-bookworm-slim (alias of node:lts-slim)

Expected Behavior

node:lts-bookworm-slim/node:lts-slim has OpenSSL v3 included

Current Behavior

node:lts-bookworm-slim/node:lts-slim does not include any version of OpenSSL

Possible Solution

I'm not sure if this was intentional or expected, I could not find any communication about this.
A solution would be to include OpenSSL v3 in the image (RUN apt-get install -y openssl).

Steps to Reproduce

ldconfig -p | grep ssl
// does not return any match

Additional Information

For people that are using node:lts-slim (and its variants) and depended on OpenSSL to be present, this is an unexpected change. (I guess that most people, like Prisma users, also probably didn't know that they depended on OpenSSL until now, as it was working before, because it was included)

node:lts-bookworm-slim Dockerfile base image is FROM debian:bookworm-slim
https://github.com/nodejs/docker-node/blob/main/18/bookworm-slim/Dockerfile

The official docker image for Debian is where the change comes from

Same findings on debuerreotype/docker-debian-artifacts repository

The node:lts-bookworm (alias of node:lts) does not have this issue since it is based on FROM buildpack-deps:bookworm
https://github.com/nodejs/docker-node/blob/main/18/bookworm/Dockerfile

Related issues:
#1915
#1916
prisma/prisma#19729
BorePlusPlus added a commit to kozjansko-geekalisce/stemplaj-se that referenced this issue Jul 2, 2023
@BorePlusPlus
Slim down produced docker image
03850f7 
Save the bytes! Also make builds without cached layers faster. And
images lighter to move around.

Basic stuff like:
  - using slim image
  - adding node_modules to .dockerignore

Some aditional changes due to:
  - New slim debian image (bookworm) no longer bundles libssl, so it has
    to be install explicitly as prisma depends on it. See: nodejs/docker-node#1919
  - Bookworm uses different version of libssl 3.0.x rather than 1.1.x
    which necesatates update to prisma schema.
  - Prisma client itself has to be updated to support libssl 3.0.x.

Question: Should we pin the OS version to avoid such surprises in the
future?
PRO: Consistent OS experience.
CON: OS version has to be bumped manually on new release.

Resources

- Some recommendations regarding images: https://snyk.io/blog/choosing-the-best-node-js-docker-image/
- Why dockerignore: https://codefresh.io/blog/not-ignore-dockerignore-2/

New image size: 648MB
Original image size: 1.62GB
@BorePlusPlus BorePlusPlus mentioned this issue Jul 2, 2023
Merged
BorePlusPlus added a commit to kozjansko-geekalisce/stemplaj-se that referenced this issue Jul 5, 2023
@BorePlusPlus
Slim down produced docker image
a586350 
Save the bytes! Also make builds without cached layers faster. And
images lighter to move around.

Basic stuff like:
  - using slim image
  - adding node_modules to .dockerignore

Some aditional changes due to:
  - New slim debian image (bookworm) no longer bundles libssl, so it has
    to be install explicitly as prisma depends on it. See: nodejs/docker-node#1919
  - Bookworm uses different version of libssl 3.0.x rather than 1.1.x
    which necesatates update to prisma schema.
  - Prisma client itself has to be updated to support libssl 3.0.x.

Question: Should we pin the OS version to avoid such surprises in the
future?
PRO: Consistent OS experience.
CON: OS version has to be bumped manually on new release.

Resources

- Some recommendations regarding images: https://snyk.io/blog/choosing-the-best-node-js-docker-image/
- Why dockerignore: https://codefresh.io/blog/not-ignore-dockerignore-2/

New image size: 648MB
Original image size: 1.62GB
@owlas owlas mentioned this issue Jan 18, 2024
Merged
2 tasks
@Jolg42 Jolg42 mentioned this issue Jan 22, 2024
Open
@aekasitt aekasitt mentioned this issue Feb 28, 2024
Merged
samhwang added a commit to viet-aus-it/vait-discord-bot that referenced this issue Mar 7, 2024
@samhwang
build: install openssl in node-slim image
b637451 
This is a known issue in Docker Node image nodejs/docker-node#1919.
samhwang added a commit to viet-aus-it/vait-discord-bot that referenced this issue Mar 7, 2024
@samhwang
build: install openssl in node-slim image
cb40683 
This is a known issue in Docker Node image nodejs/docker-node#1919.
samhwang added a commit to viet-aus-it/vait-discord-bot that referenced this issue Mar 7, 2024
@samhwang
build/update dockerfile (#206)
12343f4 
* build: update node version and unpin debian version

* build: install openssl in node-slim image

This is a known issue in Docker Node image nodejs/docker-node#1919.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Jolg42