From bc30a1a335bb4d5d2a24d1a7abeb420af9bb3388 Mon Sep 17 00:00:00 2001
From: Calle Svensson <calle.svensson@zeta-two.com>
Date: Sat, 2 Nov 2024 00:48:34 +0100
Subject: [PATCH] Modernize Dockerfile

Updates Dockerfile to use a more recent base image.
Uses a slim Debian image and uses build stages.
This results in 80% size reduction of the final image while still having a somewhat reasonable environment.
---
 Dockerfile | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ce5c64fc..c2e4ffdf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,16 @@
-FROM ubuntu:18.04
+FROM debian:bookworm-slim AS base
 
+# Install run-time dependencies in base image
 RUN apt-get -y update && apt-get install -y \
+    libc6 \
+    libstdc++6 \
+    libprotobuf32 \
+    libnl-route-3-200
+
+FROM base AS build
+
+# Install build dependencies only in builder image
+RUN apt-get install -y \
     autoconf \
     bison \
     flex \
@@ -12,9 +22,14 @@ RUN apt-get -y update && apt-get install -y \
     libtool \
     make \
     pkg-config \
-    protobuf-compiler \
-    && rm -rf /var/lib/apt/lists/*
+    protobuf-compiler
 
 COPY . /nsjail
 
-RUN cd /nsjail && make && mv /nsjail/nsjail /bin && rm -rf -- /nsjail
+RUN cd /nsjail && make clean && make
+
+FROM base AS run
+
+# Copy over build result and trim image
+RUN rm -rf /var/lib/apt/lists/*
+COPY --from=build /nsjail/nsjail /bin