From 7632c850f980c1235ae8493072a5bc0d1a9af34a Mon Sep 17 00:00:00 2001
From: Phileas Lebada <phileas.lebada+gitlab@bluereport.net>
Date: Mon, 22 Feb 2021 13:33:34 +0100
Subject: [PATCH 1/3] Fix attempting to set /usr/local packages as manual

---
 Dockerfile-debian.template | 1 +
 Dockerfile-slim.template   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template
index 6df3acde71..da30469e85 100644
--- a/Dockerfile-debian.template
+++ b/Dockerfile-debian.template
@@ -61,6 +61,7 @@ RUN set -eux; \
 	find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
 		| awk '/=>/ { print $(NF-1) }' \
 		| sort -u \
+		| grep -vF '/usr/local/lib' \
 		| xargs -r dpkg-query --search \
 		| cut -d: -f1 \
 		| sort -u \
diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template
index 4ba64e7eaa..f8ce23b57e 100644
--- a/Dockerfile-slim.template
+++ b/Dockerfile-slim.template
@@ -87,6 +87,7 @@ RUN set -eux; \
 	find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
 		| awk '/=>/ { print $(NF-1) }' \
 		| sort -u \
+		| grep -vF '/usr/local/lib' \
 		| xargs -r dpkg-query --search \
 		| cut -d: -f1 \
 		| sort -u \

From d6b03c9e35f41224dfac14688809e9363ea0c34c Mon Sep 17 00:00:00 2001
From: Phileas Lebada <phileas.lebada+gitlab@bluereport.net>
Date: Mon, 22 Feb 2021 13:48:27 +0100
Subject: [PATCH 2/3] Use Dockernative shell-argument options

---
 Dockerfile-alpine.template | 11 ++++++-----
 Dockerfile-debian.template | 14 +++++++-------
 Dockerfile-slim.template   | 17 ++++++++---------
 3 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index 71bff794d5..7063fdacd4 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -1,5 +1,7 @@
 FROM alpine:%%PLACEHOLDER%%
 
+SHELL ["/usr/bin/env", "sh", "-eux", "-c"]
+
 RUN apk add --no-cache \
 		gmp-dev
 
@@ -20,9 +22,7 @@ ENV RUBYGEMS_VERSION %%RUBYGEMS%%
 # some of ruby's build scripts are written in ruby
 #   we purge system ruby later to make sure our final image uses what we just built
 # readline-dev vs libedit-dev: https://bugs.ruby-lang.org/issues/11869 and https://github.com/docker-library/ruby/issues/75
-RUN set -eux; \
-	\
-	apk add --no-cache --virtual .ruby-builddeps \
+RUN apk add --no-cache --virtual .ruby-builddeps \
 		autoconf \
 		bison \
 		bzip2 \
@@ -111,7 +111,8 @@ RUN set -eux; \
 	rm -r /usr/src/ruby; \
 # make sure bundled "rubygems" is older than RUBYGEMS_VERSION (https://github.com/docker-library/ruby/issues/246)
 	ruby -e 'exit(Gem::Version.create(ENV["RUBYGEMS_VERSION"]) > Gem::Version.create(Gem::VERSION))'; \
-	gem update --system "$RUBYGEMS_VERSION" && rm -r /root/.gem/; \
+	gem update --system "$RUBYGEMS_VERSION"; \
+	rm -fr /root/.gem/; \
 # verify we have no "ruby" packages installed
 	! apk --no-network list --installed \
 		| grep -v '^[.]ruby-rundeps' \
@@ -129,6 +130,6 @@ ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
 	BUNDLE_APP_CONFIG="$GEM_HOME"
 ENV PATH $GEM_HOME/bin:$PATH
 # adjust permissions of a few directories for running "gem install" as an arbitrary user
-RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"
+RUN mkdir -p "$GEM_HOME"; chmod 777 "$GEM_HOME"
 
 CMD [ "irb" ]
diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template
index da30469e85..fb2184bf1e 100644
--- a/Dockerfile-debian.template
+++ b/Dockerfile-debian.template
@@ -1,8 +1,9 @@
 FROM buildpack-deps:%%PLACEHOLDER%%
 
+SHELL ["/bin/bash", "-eux", "-c"]
+
 # skip installing gem documentation
-RUN set -eux; \
-	mkdir -p /usr/local/etc; \
+RUN mkdir -p /usr/local/etc; \
 	{ \
 		echo 'install: --no-document'; \
 		echo 'update: --no-document'; \
@@ -16,9 +17,7 @@ ENV RUBYGEMS_VERSION %%RUBYGEMS%%
 
 # some of ruby's build scripts are written in ruby
 #   we purge system ruby later to make sure our final image uses what we just built
-RUN set -eux; \
-	\
-	savedAptMark="$(apt-mark showmanual)"; \
+RUN savedAptMark="$(apt-mark showmanual)"; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
 		bison \
@@ -73,7 +72,8 @@ RUN set -eux; \
 	rm -r /usr/src/ruby; \
 # make sure bundled "rubygems" is older than RUBYGEMS_VERSION (https://github.com/docker-library/ruby/issues/246)
 	ruby -e 'exit(Gem::Version.create(ENV["RUBYGEMS_VERSION"]) > Gem::Version.create(Gem::VERSION))'; \
-	gem update --system "$RUBYGEMS_VERSION" && rm -r /root/.gem/; \
+	gem update --system "$RUBYGEMS_VERSION"; \
+	rm -fr /root/.gem/; \
 # verify we have no "ruby" packages installed
 	! dpkg -l | grep -i ruby; \
 	[ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \
@@ -88,6 +88,6 @@ ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
 	BUNDLE_APP_CONFIG="$GEM_HOME"
 ENV PATH $GEM_HOME/bin:$PATH
 # adjust permissions of a few directories for running "gem install" as an arbitrary user
-RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"
+RUN mkdir -p "$GEM_HOME"; chmod 777 "$GEM_HOME"
 
 CMD [ "irb" ]
diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template
index f8ce23b57e..1ece6d5a4e 100644
--- a/Dockerfile-slim.template
+++ b/Dockerfile-slim.template
@@ -1,7 +1,8 @@
 FROM debian:%%PLACEHOLDER%%
 
-RUN set -eux; \
-	apt-get update; \
+SHELL ["/bin/bash", "-eux", "-c"]
+
+RUN apt-get update; \
 	apt-get install -y --no-install-recommends \
 		bzip2 \
 		ca-certificates \
@@ -15,8 +16,7 @@ RUN set -eux; \
 	rm -rf /var/lib/apt/lists/*
 
 # skip installing gem documentation
-RUN set -eux; \
-	mkdir -p /usr/local/etc; \
+RUN mkdir -p /usr/local/etc; \
 	{ \
 		echo 'install: --no-document'; \
 		echo 'update: --no-document'; \
@@ -30,9 +30,7 @@ ENV RUBYGEMS_VERSION %%RUBYGEMS%%
 
 # some of ruby's build scripts are written in ruby
 #   we purge system ruby later to make sure our final image uses what we just built
-RUN set -eux; \
-	\
-	savedAptMark="$(apt-mark showmanual)"; \
+RUN savedAptMark="$(apt-mark showmanual)"; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
 		autoconf \
@@ -99,7 +97,8 @@ RUN set -eux; \
 	rm -r /usr/src/ruby; \
 # make sure bundled "rubygems" is older than RUBYGEMS_VERSION (https://github.com/docker-library/ruby/issues/246)
 	ruby -e 'exit(Gem::Version.create(ENV["RUBYGEMS_VERSION"]) > Gem::Version.create(Gem::VERSION))'; \
-	gem update --system "$RUBYGEMS_VERSION" && rm -r /root/.gem/; \
+	gem update --system "$RUBYGEMS_VERSION"; \
+	rm -r /root/.gem/; \
 # verify we have no "ruby" packages installed
 	! dpkg -l | grep -i ruby; \
 	[ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \
@@ -114,6 +113,6 @@ ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
 	BUNDLE_APP_CONFIG="$GEM_HOME"
 ENV PATH $GEM_HOME/bin:$PATH
 # adjust permissions of a few directories for running "gem install" as an arbitrary user
-RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"
+RUN mkdir -p "$GEM_HOME"; chmod 777 "$GEM_HOME"
 
 CMD [ "irb" ]

From 265702ff9744d20c84fbbb77affaead6abc2718e Mon Sep 17 00:00:00 2001
From: Phileas Lebada <phileas.lebada+gitlab@bluereport.net>
Date: Mon, 22 Feb 2021 13:49:43 +0100
Subject: [PATCH 3/3] Fix verification no system-ruby deps installed

---
 Dockerfile-alpine.template | 4 ++--
 Dockerfile-debian.template | 2 +-
 Dockerfile-slim.template   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index 7063fdacd4..54f011fb16 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -114,10 +114,10 @@ RUN apk add --no-cache --virtual .ruby-builddeps \
 	gem update --system "$RUBYGEMS_VERSION"; \
 	rm -fr /root/.gem/; \
 # verify we have no "ruby" packages installed
-	! apk --no-network list --installed \
+	if apk --no-network list --installed \
 		| grep -v '^[.]ruby-rundeps' \
 		| grep -i ruby \
-	; \
+	; then false; fi; \
 	[ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \
 # rough smoke test
 	ruby --version; \
diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template
index fb2184bf1e..df106cb5ba 100644
--- a/Dockerfile-debian.template
+++ b/Dockerfile-debian.template
@@ -75,7 +75,7 @@ RUN savedAptMark="$(apt-mark showmanual)"; \
 	gem update --system "$RUBYGEMS_VERSION"; \
 	rm -fr /root/.gem/; \
 # verify we have no "ruby" packages installed
-	! dpkg -l | grep -i ruby; \
+	if dpkg -l | grep -i 'ruby'; then false; fi; \
 	[ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \
 # rough smoke test
 	ruby --version; \
diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template
index 1ece6d5a4e..734cace3c9 100644
--- a/Dockerfile-slim.template
+++ b/Dockerfile-slim.template
@@ -100,7 +100,7 @@ RUN savedAptMark="$(apt-mark showmanual)"; \
 	gem update --system "$RUBYGEMS_VERSION"; \
 	rm -r /root/.gem/; \
 # verify we have no "ruby" packages installed
-	! dpkg -l | grep -i ruby; \
+	if dpkg -l | grep -i 'ruby'; then false; fi; \
 	[ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \
 # rough smoke test
 	ruby --version; \