From 11883989ec3124a2e88c74bf45d668a8b4d7229d Mon Sep 17 00:00:00 2001
From: Blaine Gardner <blaine.gardner@suse.com>
Date: Wed, 25 Apr 2018 09:19:07 -0600
Subject: [PATCH] Dockerfiles: Move package verification after clean

It is most safe to check that no packages have been cleaned after the
cleaning process is over, as a flavor may remove packages at any point
during cleaning.

Add a __DOCKERFILE_VERIFY_PACKAGES__ step to the daemon and base
Dockerfiles after the cleaning step has finished to accomplish this.
Move all flavor verification steps to a corresponding
__DOCKERFILE_VERIFY_PACKAGES__ variable file.

Signed-off-by: Blaine Gardner <blaine.gardner@suse.com>
---
 .../centos-arm64/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__  | 1 +
 .../ALL/centos-arm64/daemon/__DOCKERFILE_VERIFY_PACKAGES__   | 1 +
 .../ALL/centos/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__    | 1 +
 .../ALL/centos/daemon/__DOCKERFILE_POSTINSTALL_CLEANUP__     | 3 +--
 .../ALL/centos/daemon/__DOCKERFILE_VERIFY_PACKAGES__         | 1 +
 .../ALL/opensuse/__DOCKERFILE_POSTINSTALL_CLEANUP__          | 3 +--
 ceph-releases/ALL/opensuse/__DOCKERFILE_VERIFY_PACKAGES__    | 1 +
 .../ALL/rhel7/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__     | 1 +
 .../ALL/rhel7/daemon/__DOCKERFILE_VERIFY_PACKAGES__          | 1 +
 .../ALL/ubuntu/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__    | 1 +
 .../ALL/ubuntu/daemon-base/__EXTRA_POSTINSTALL_CLEANUP__     | 2 +-
 .../ALL/ubuntu/daemon/__DOCKERFILE_VERIFY_PACKAGES__         | 1 +
 .../ALL/ubuntu/daemon/__EXTRA_POSTINSTALL_CLEANUP__          | 3 +--
 src/daemon-base/Dockerfile                                   | 5 ++++-
 src/daemon/Dockerfile                                        | 5 ++++-
 15 files changed, 21 insertions(+), 9 deletions(-)
 create mode 120000 ceph-releases/ALL/centos-arm64/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
 create mode 120000 ceph-releases/ALL/centos-arm64/daemon/__DOCKERFILE_VERIFY_PACKAGES__
 create mode 100644 ceph-releases/ALL/centos/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
 create mode 100644 ceph-releases/ALL/centos/daemon/__DOCKERFILE_VERIFY_PACKAGES__
 create mode 100644 ceph-releases/ALL/opensuse/__DOCKERFILE_VERIFY_PACKAGES__
 create mode 100644 ceph-releases/ALL/rhel7/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
 create mode 100644 ceph-releases/ALL/rhel7/daemon/__DOCKERFILE_VERIFY_PACKAGES__
 create mode 100644 ceph-releases/ALL/ubuntu/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
 create mode 100644 ceph-releases/ALL/ubuntu/daemon/__DOCKERFILE_VERIFY_PACKAGES__

diff --git a/ceph-releases/ALL/centos-arm64/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__ b/ceph-releases/ALL/centos-arm64/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
new file mode 120000
index 000000000..41b83a63a
--- /dev/null
+++ b/ceph-releases/ALL/centos-arm64/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
@@ -0,0 +1 @@
+../../centos/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
\ No newline at end of file
diff --git a/ceph-releases/ALL/centos-arm64/daemon/__DOCKERFILE_VERIFY_PACKAGES__ b/ceph-releases/ALL/centos-arm64/daemon/__DOCKERFILE_VERIFY_PACKAGES__
new file mode 120000
index 000000000..10b68e0fb
--- /dev/null
+++ b/ceph-releases/ALL/centos-arm64/daemon/__DOCKERFILE_VERIFY_PACKAGES__
@@ -0,0 +1 @@
+../../centos/daemon/__DOCKERFILE_VERIFY_PACKAGES__
\ No newline at end of file
diff --git a/ceph-releases/ALL/centos/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__ b/ceph-releases/ALL/centos/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
new file mode 100644
index 000000000..0fea829cc
--- /dev/null
+++ b/ceph-releases/ALL/centos/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
@@ -0,0 +1 @@
+rpm -q __CEPH_BASE_PACKAGES__
diff --git a/ceph-releases/ALL/centos/daemon/__DOCKERFILE_POSTINSTALL_CLEANUP__ b/ceph-releases/ALL/centos/daemon/__DOCKERFILE_POSTINSTALL_CLEANUP__
index f46d38105..2e27f39de 100644
--- a/ceph-releases/ALL/centos/daemon/__DOCKERFILE_POSTINSTALL_CLEANUP__
+++ b/ceph-releases/ALL/centos/daemon/__DOCKERFILE_POSTINSTALL_CLEANUP__
@@ -1,2 +1 @@
-yum clean all && \
-rpm -q __DAEMON_PACKAGES__
+yum clean all
diff --git a/ceph-releases/ALL/centos/daemon/__DOCKERFILE_VERIFY_PACKAGES__ b/ceph-releases/ALL/centos/daemon/__DOCKERFILE_VERIFY_PACKAGES__
new file mode 100644
index 000000000..d35355ee0
--- /dev/null
+++ b/ceph-releases/ALL/centos/daemon/__DOCKERFILE_VERIFY_PACKAGES__
@@ -0,0 +1 @@
+rpm -q __DAEMON_PACKAGES__
diff --git a/ceph-releases/ALL/opensuse/__DOCKERFILE_POSTINSTALL_CLEANUP__ b/ceph-releases/ALL/opensuse/__DOCKERFILE_POSTINSTALL_CLEANUP__
index a490f74f4..704794485 100644
--- a/ceph-releases/ALL/opensuse/__DOCKERFILE_POSTINSTALL_CLEANUP__
+++ b/ceph-releases/ALL/opensuse/__DOCKERFILE_POSTINSTALL_CLEANUP__
@@ -1,2 +1 @@
-__ZYPPER__ info __PACKAGES__ && \
-    rm -f /var/log/zypper.log
+rm -f /var/log/zypper.log
diff --git a/ceph-releases/ALL/opensuse/__DOCKERFILE_VERIFY_PACKAGES__ b/ceph-releases/ALL/opensuse/__DOCKERFILE_VERIFY_PACKAGES__
new file mode 100644
index 000000000..a96290e7b
--- /dev/null
+++ b/ceph-releases/ALL/opensuse/__DOCKERFILE_VERIFY_PACKAGES__
@@ -0,0 +1 @@
+rpm --query __PACKAGES__
diff --git a/ceph-releases/ALL/rhel7/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__ b/ceph-releases/ALL/rhel7/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
new file mode 100644
index 000000000..0fea829cc
--- /dev/null
+++ b/ceph-releases/ALL/rhel7/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
@@ -0,0 +1 @@
+rpm -q __CEPH_BASE_PACKAGES__
diff --git a/ceph-releases/ALL/rhel7/daemon/__DOCKERFILE_VERIFY_PACKAGES__ b/ceph-releases/ALL/rhel7/daemon/__DOCKERFILE_VERIFY_PACKAGES__
new file mode 100644
index 000000000..d35355ee0
--- /dev/null
+++ b/ceph-releases/ALL/rhel7/daemon/__DOCKERFILE_VERIFY_PACKAGES__
@@ -0,0 +1 @@
+rpm -q __DAEMON_PACKAGES__
diff --git a/ceph-releases/ALL/ubuntu/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__ b/ceph-releases/ALL/ubuntu/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
new file mode 100644
index 000000000..371c6ba5c
--- /dev/null
+++ b/ceph-releases/ALL/ubuntu/daemon-base/__DOCKERFILE_VERIFY_PACKAGES__
@@ -0,0 +1 @@
+apt-cache show __CEPH_BASE_PACKAGES__
diff --git a/ceph-releases/ALL/ubuntu/daemon-base/__EXTRA_POSTINSTALL_CLEANUP__ b/ceph-releases/ALL/ubuntu/daemon-base/__EXTRA_POSTINSTALL_CLEANUP__
index 371c6ba5c..836b5e7b2 100644
--- a/ceph-releases/ALL/ubuntu/daemon-base/__EXTRA_POSTINSTALL_CLEANUP__
+++ b/ceph-releases/ALL/ubuntu/daemon-base/__EXTRA_POSTINSTALL_CLEANUP__
@@ -1 +1 @@
-apt-cache show __CEPH_BASE_PACKAGES__
+/bin/true
diff --git a/ceph-releases/ALL/ubuntu/daemon/__DOCKERFILE_VERIFY_PACKAGES__ b/ceph-releases/ALL/ubuntu/daemon/__DOCKERFILE_VERIFY_PACKAGES__
new file mode 100644
index 000000000..43eae9ded
--- /dev/null
+++ b/ceph-releases/ALL/ubuntu/daemon/__DOCKERFILE_VERIFY_PACKAGES__
@@ -0,0 +1 @@
+apt-cache show __DAEMON_PACKAGES__
diff --git a/ceph-releases/ALL/ubuntu/daemon/__EXTRA_POSTINSTALL_CLEANUP__ b/ceph-releases/ALL/ubuntu/daemon/__EXTRA_POSTINSTALL_CLEANUP__
index b1ae86193..5b6c49898 100644
--- a/ceph-releases/ALL/ubuntu/daemon/__EXTRA_POSTINSTALL_CLEANUP__
+++ b/ceph-releases/ALL/ubuntu/daemon/__EXTRA_POSTINSTALL_CLEANUP__
@@ -14,5 +14,4 @@ echo "purge unneeded packages" && \
       rm -rf /var/lib/apt/lists/* \
              /var/cache/debconf/* \
              /var/log/apt/ \
-             /var/log/dpkg.log &&\
-    apt-cache show __DAEMON_PACKAGES__
+             /var/log/dpkg.log
diff --git a/src/daemon-base/Dockerfile b/src/daemon-base/Dockerfile
index cb0d6f3a1..2e496ed42 100644
--- a/src/daemon-base/Dockerfile
+++ b/src/daemon-base/Dockerfile
@@ -37,4 +37,7 @@ RUN \
     FINAL_SIZE="$(bash -c 'sz="$(du -sm --exclude=/proc /)" ; echo "${sz%*/}"')" && \
     REMOVED_SIZE=$((INITIAL_SIZE - FINAL_SIZE)) && \
     echo "Cleaning process removed ${REMOVED_SIZE}MB" && \
-    echo "Dropped container size from ${INITIAL_SIZE}MB to ${FINAL_SIZE}MB"
+    echo "Dropped container size from ${INITIAL_SIZE}MB to ${FINAL_SIZE}MB" && \
+    #
+    # Verify that the packages installed haven't been accidentally cleaned
+    __DOCKERFILE_VERIFY_PACKAGES__
diff --git a/src/daemon/Dockerfile b/src/daemon/Dockerfile
index 523e2b631..5b1adab89 100644
--- a/src/daemon/Dockerfile
+++ b/src/daemon/Dockerfile
@@ -32,7 +32,10 @@ RUN \
     FINAL_SIZE="$(bash -c 'sz="$(du -sm --exclude=/proc /)" ; echo "${sz%*/}"')" && \
     REMOVED_SIZE=$((INITIAL_SIZE - FINAL_SIZE)) && \
     echo "Cleaning process removed ${REMOVED_SIZE}MB" && \
-    echo "Dropped container size from ${INITIAL_SIZE}MB to ${FINAL_SIZE}MB"
+    echo "Dropped container size from ${INITIAL_SIZE}MB to ${FINAL_SIZE}MB" && \
+    #
+    # Verify that the packages installed haven't been accidentally cleaned
+    __DOCKERFILE_VERIFY_PACKAGES__
 
 #======================================================
 # Add ceph-container files