0

I'm creating a Docker image where I use sed to modify two parameters, but when i create the images and check the file I want to modify it remains the same.

If i run the very sed command interactively, it works. Why? Could somebody help me make my image work without having to modify every container?

Before I was pointed a mistake in this point because i was using exit in before another command in the RUN command, now sed is an independent command and still doesn't work.

Dockerfile

FROM python:slim-buster

WORKDIR /home/scr_dca

COPY . . 

ENV FLASK_APP Screenly.py

RUN su && \
apt-get update && \
apt install curl gnupg -y && \
curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - && \
curl https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list && \
apt-get update && ACCEPT_EULA=Y apt-get install msodbcsql17 unixodbc-dev -y && \
apt-get install libgssapi-krb5-2 && \
exit && \
pip3 install -r requirements.txt --trusted-host pypi.python.org && \
sed -i "s/\(MinProtocol *= *\).*/\1TLSv1.0 /" "/etc/ssl/openssl.cnf" && \
sed -i "s/\(CipherString *= *\).*/\1DEFAULT@SECLEVEL=1 /" "/etc/ssl/openssl.cnf"

CMD ["gunicorn", "-b", ":8000", "scr_dca:app"]

I'm doing:

  • docker run --name screenly_dca3 -d -p 5050:8000 src_dca_v1.0
  • docker container exec -it screenly_dca3 bash
  • then in bash: cat /etc/ssl/openssl.cnf

I checked sed has not worked yet during the image creation and I ran the following commands:

sed -i "s/\(MinProtocol *= *\).*/\1TLSv1.0 /" "/etc/ssl/openssl.cnf"
sed -i "s/\(CipherString *= *\).*/\1DEFAULT@SECLEVEL=1 /" "/etc/ssl/openssl.cnf"

original part of the file I want to modify:

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = @SECLEVEL=1

sed expected result 

[system_default_sect]
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=1
J. Scott Elblein
  • 4,013
  • 15
  • 58
  • 94
altdave
  • 108
  • 1
  • 10
  • 1
    `exit &&` ?? The rest of the command won't be executed, right? – choroba Jan 09 '20 at 13:51
  • Yes, i was trying to exit root user, but now I realized there is no other user right? – altdave Jan 09 '20 at 13:57
  • But also the python modules were installed in the line inmediatly after exit: pip3 install -r requirements.txt --trusted-host pypi.python.org – altdave Jan 09 '20 at 13:59
  • Are you sure they were not present from a previous run? – choroba Jan 09 '20 at 14:31
  • Update I removed the exit and still doesnt work :( – altdave Jan 09 '20 at 14:45
  • Yes they were presnte form a previous run @choroba but now I got a better dockerfile and still not working – altdave Jan 09 '20 at 14:46
  • When you run it and you say it works, are you running it in the container? eg, is the container using the same `sed`? – William Pursell Jan 09 '20 at 14:57
  • I'm doing docker run --name screenly_dca3 -p 5050:8000 src_dca_v1.0 then docker container exec -it screenly_dca3 bash ant then in the bas i run sed -i "s/\(MinProtocol *= *\).*/\1TLSv1.0 /" "/etc/ssl/openssl.cnf" sed -i "s/\(CipherString *= *\).*/\1DEFAULT@SECLEVEL=1 /" "/etc/ssl/openssl.cnf" – altdave Jan 09 '20 at 14:59
  • For what it's worth, those two scripts should be combined to a single script. Trivially, `sed X && sed Y` is equivalent to `sed -e X -e Y` (unless there are nontrivial interactions between X and Y; but that is certainly not the case here). – tripleee Jan 09 '20 at 15:08
  • You have now updated your question in a way that the existing answer doesn't make sense any longer. You should ask a new question instead, and when you update an existing question (while not changing it fundamentally), there is no need to mark it as "[updated]" or similar. – Benjamin W. Jan 09 '20 at 15:28
  • Sorry, i didnt know, I will set the question back to original and make a I new one. – altdave Jan 09 '20 at 15:38

1 Answers1

0

This line

exit && \

causes the rest of the commands being ignored.

choroba
  • 231,213
  • 25
  • 204
  • 289