From d65efba7c4c74cc7d6ca22a6fb21365ba9af2c33 Mon Sep 17 00:00:00 2001
From: Rory de Zoete <rdezoete@RorysMacStudio.fritz.box>
Date: Tue, 23 Aug 2022 10:40:30 +0200
Subject: [PATCH] Update dockerfile

---
 Dockerfile.compute-node | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/Dockerfile.compute-node b/Dockerfile.compute-node
index f1d9f8d0ec..ff9fa68ec8 100644
--- a/Dockerfile.compute-node
+++ b/Dockerfile.compute-node
@@ -52,19 +52,18 @@ RUN wget https://github.com/plv8/plv8/archive/refs/tags/v3.1.3.tar.gz && \
     tar xvzf v3.1.3.tar.gz && \
     cd plv8-3.1.3 && \
     export PATH="/usr/local/pgsql/bin:$PATH" && \
-    make
+    make && \
+    make install
 
 # Compile and run the Neon-specific `compute_ctl` binary
 FROM 369495373322.dkr.ecr.eu-central-1.amazonaws.com/rust:$COMPUTE_TOOLS_TAG AS compute-tools
-COPY compute_tools compute_tools
-COPY workspace_hack workspace_hack
+USER nonroot
+COPY --chown=nonroot compute_tools compute_tools
+COPY --chown=nonroot workspace_hack workspace_hack
 RUN cd compute_tools && cargo build --release
 
 # Put it all together into the final image
 FROM debian:bullseye-slim
-RUN apt update &&  \
-    apt install -y libreadline-dev libossp-uuid-dev gdal-bin libgdal-dev libprotobuf-c-dev
-
 # Add user postgres
 RUN mkdir /var/db && useradd -m -d /var/db/postgres postgres && \
     echo "postgres:test_console_pass" | chpasswd && \
@@ -73,12 +72,19 @@ RUN mkdir /var/db && useradd -m -d /var/db/postgres postgres && \
     chmod 0750 /var/db/postgres/compute && \
     echo '/usr/local/lib' >> /etc/ld.so.conf && /sbin/ldconfig
 
+COPY --from=pg-build --chown=postgres /usr/local/pgsql /usr/local/pgsql
+COPY --from=compute-tools --chown=postgres /home/nonroot/compute_tools/target/release/compute_ctl /usr/local/bin/compute_ctl
+
+RUN apt update &&  \
+    apt install -y libreadline-dev libossp-uuid-dev gdal-bin libgdal-dev libprotobuf-c-dev
+
+# Debian bullseye provides GLIBC 2.31 when 2.34 is necessary as we compiled plv8 with that version
+RUN echo "deb http://ftp.debian.org/debian testing main" >> /etc/apt/sources.list && \
+    echo "APT::Default-Release \"stable\";" > /etc/apt/apt.conf.d/default-release && \
+    apt update && \
+    apt install -y --no-install-recommends -t testing binutils && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
 ENV PATH=/usr/local/pgsql/bin:$PATH
-#COPY --from=pg-build /usr/local/pgsql /usr/local/pgsq
-# TODO: Implement better approach to only copy the added files for each extension
-COPY --from=plv8-build /usr/local/pgsql /usr/local/pgsql
-COPY --from=compute-tools /home/nonroot/compute_tools/target/release/compute_ctl /usr/local/bin/compute_ctl
-
 USER postgres
-
 ENTRYPOINT ["/usr/local/bin/compute_ctl"]
\ No newline at end of file