>

Docker 01

ChainGuard images were not loading Microsoft fonts but were loading in Alpine:

Alpine Dockerfile

FROM alpine:latest
USER root
RUN apk add tzdata
RUN apk --update add fontconfig msttcorefonts-installer
RUN apk add fontconfig
RUN update-ms-fonts
RUN fc-cache -f
RUN fc-list | wc -l

Build command

docker build -t alpine_fonts_test .

Output

Results from alpine_fonts_test build, with 55 fonts installed.

Step 8/8 : RUN fc-list | wc -l
 ---> Running in 2b84ca81068c
55

55 fonts are installed.

Chainguard Dockerfile

FROM alpine:latest
USER root
RUN apk add tzdata
RUN apk --update add fontconfig msttcorefonts-installer
RUN apk add fontconfig
RUN update-ms-fonts
RUN fc-cache -f
RUN fc-list | wc -l

Build command

docker build -t chainguard_fonts_test .

Output

Results from chainguard_fonts_test build, with 0 fonts installed.

Step 8/8 : RUN fc-list | wc -l
 ---> Running in a8013bd322c1
0

Identifying differences:

Locate the docker image

$ docker image ls | grep chainguard_fonts_test

chainguard_fonts_test latest 010b22e0d8cc 6 minutes ago 169MB

Start and drop into a shell:

$ docker run -it --entrypoint=/bin/bash --user 0:0 010b22e0d8cc

With this image now running as a container, you can extract files from the filesystem but you need to identify the running container id:

$ docker container ls | grep 010b22e0d8cc | awk '{ print $1}'

a5f5de6033fa

Copy the file off of the image:

docker cp a5f5de6033fa:/usr/bin/update-ms-fonts ./Chain_guard_script

Successfully copied 10.2kB to /folder/youre/in/Chain_guard_script

Start the alpine image you created earlier as a container:

docker run -it --entrypoint=/bin/sh 1b45d6d559e0

Identify the container id:

$ docker container ls | grep 1b45d6d559e0 | awk '{ print $1}'

Copy the file from Alpine image to your local system:

docker cp 210ab15be542:/usr/bin/update-ms-fonts ./Alpine_script`

Successfully copied 10.2kB to /folder/youre/in/Alpine_script

Diff the files:

➜  diff Chain_guard_script Alpine_script
193a194
>             mv $ttf $FONTDIR/$longname

1 additional line in script on the Alpine image.

Add the line into the Chainguard script and test:

update-ms-fonts
fc-list | wc -l
55

Joshua Cooper

DevOps engineer with an emphasis on cybersecurity

2024-08-06