From 1bd8eb68ff6f62f36dfccc4defd76b64deb98655 Mon Sep 17 00:00:00 2001
From: Ruslan Mstoi <ruslan.mstoi@intel.com>
Date: Fri, 19 May 2023 18:16:20 +0300
Subject: [PATCH] Dockerfile: fix hadolint warnings

Fix these warnings:
SC2086 info: Double quote to prevent globbing and word splitting.
DL3047 info: Avoid use of wget without progress bar. Use `wget --progress=dot:giga <url>`. Or consider using `-q` or `-nv` (shorthands for `--quiet` or `--no-verbose`).
SC2006 style: Use $(...) notation instead of legacy backticks `...`.

Ignore these warning cause they break the build or they do not apply:
DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
DL3003 warning: Use WORKDIR to switch to a directory
SC2016 info: Expressions don't expand in single quotes, use double quotes for that.
SC2046 warning: Quote this to prevent word splitting.
DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
SC2155 warning: Declare and assign separately to avoid masking return values.

Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
---
 resources/Dockerfile | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/resources/Dockerfile b/resources/Dockerfile
index 2e1ef8907..da085b7ce 100644
--- a/resources/Dockerfile
+++ b/resources/Dockerfile
@@ -64,6 +64,7 @@ RUN apt-get update \
 
 RUN update-alternatives --set ovs-vswitchd /usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk
 
+# hadolint ignore=DL3008
 RUN if [ "$TARGETARCH" = "amd64" ]; then \
         apt-get update \
         && apt-get -yq upgrade \
@@ -74,6 +75,7 @@ RUN if [ "$TARGETARCH" = "amd64" ]; then \
         && apt-get clean \
         && rm -rf /var/lib/apt/lists/* /var/log/*log  /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old; fi
 
+# hadolint ignore=DL3008
 RUN if [ "$TARGETARCH" = "arm64" ]; then \
         # On AArch64, `setcap` binary should be installed via `libcap2-bin`.
         # The `setcap` binary is used in integration tests.
@@ -94,8 +96,9 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then \
         && rm -rf /var/lib/apt/lists/* /var/log/*log  /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old; fi
 
 # Fix the libssl-dev install
+# hadolint ignore=SC2155
 RUN export ARCH="$(uname -m)" \
-    && cp /usr/include/$ARCH-linux-gnu/openssl/opensslconf.h /usr/include/openssl/
+    && cp /usr/include/"$ARCH"-linux-gnu/openssl/opensslconf.h /usr/include/openssl/
 ENV X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu/
 ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu/
 ENV AARCH64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR=/usr/lib/aarch64-linux-gnu/
@@ -103,9 +106,10 @@ ENV AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_LIB_DIR=/usr/lib/aarch64-linux-gnu/
 ENV OPENSSL_INCLUDE_DIR=/usr/include/
 
 # Install the rust toolchain
+# hadolint ignore=DL4006,SC2155
 RUN export ARCH="$(uname -m)" \
     && nohup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain "$RUST_TOOLCHAIN" \
-    && rustup target add $ARCH-unknown-linux-musl --toolchain "$RUST_TOOLCHAIN" \
+    && rustup target add "$ARCH"-unknown-linux-musl --toolchain "$RUST_TOOLCHAIN" \
     && if [ "$TARGETARCH" = "amd64" ]; then rustup toolchain add --profile minimal $RUST_TOOLCHAIN-x86_64-unknown-linux-musl; fi \
     && if [ "$TARGETARCH" = "amd64" ]; then rustup component add rustfmt; fi \
     && if [ "$TARGETARCH" = "amd64" ]; then rustup component add clippy; fi \
@@ -115,12 +119,14 @@ RUN export ARCH="$(uname -m)" \
     && ln -s "$CARGO_GIT_REGISTRY_DIR" "$CARGO_HOME/git"
 
 # Set the rust environment
-RUN echo 'source $CARGO_HOME/env' >> $HOME/.bashrc \
-    && mkdir $HOME/.cargo \
-    && ln -s $CARGO_HOME/env $HOME/.cargo/env
+# hadolint ignore=SC2016
+RUN echo 'source $CARGO_HOME/env' >> "$HOME"/.bashrc \
+    && mkdir "$HOME"/.cargo \
+    && ln -s $CARGO_HOME/env "$HOME"/.cargo/env
 
 # install SPDK NVMe
 # only for 'x86_64' platform images as 'docker buildx' can't build 'spdk'
+# hadolint ignore=DL3003,SC2046
 RUN if [ "$TARGETARCH" = "amd64" ]; then \
        git clone https://github.com/spdk/spdk \
        && cd spdk \
@@ -130,7 +136,7 @@ RUN if [ "$TARGETARCH" = "amd64" ]; then \
        && ./scripts/pkgdep.sh \
        && apt-get clean \
        && ./configure --with-vfio-user \
-       && make -j `nproc` \
+       && make -j $(nproc) \
        && mkdir /usr/local/bin/spdk-nvme \
        && cp ./build/bin/nvmf_tgt /usr/local/bin/spdk-nvme \
        && cp ./scripts/rpc.py /usr/local/bin/spdk-nvme \
@@ -138,6 +144,7 @@ RUN if [ "$TARGETARCH" = "amd64" ]; then \
        && cd .. && rm -rf spdk; fi
 
 # install swtpm only for x86_64 arch
+# hadolint ignore=DL3003
 RUN if [ "$TARGETARCH" = "amd64" ]; then \
     git clone https://github.com/stefanberger/libtpms libtpms_build \
     && cd libtpms_build \
@@ -158,7 +165,7 @@ RUN if [ "$TARGETARCH" = "amd64" ]; then \
 
 # install ethr tool for performance tests
 RUN if [ "$TARGETARCH" = "amd64" ]; then \
-    wget https://github.com/microsoft/ethr/releases/latest/download/ethr_linux.zip \
+    wget -nv https://github.com/microsoft/ethr/releases/latest/download/ethr_linux.zip \
     && unzip ethr_linux.zip \
     && cp ethr /usr/local/bin \
     && rm ethr_linux.zip; fi