From 269120208205f73822296986d303ed4288165313 Mon Sep 17 00:00:00 2001
From: ithcy <glomad@gmail.com>
Date: Sat, 13 Jul 2024 02:10:01 -0400
Subject: [PATCH] Apt upgrade, chain and sort - Chains apt commands so changes
 persist across layers - Upgrades installed packages to mitigate a couple CVEs
 - Sorts multi-line package list per Docker best practices

---
 Dockerfile | 37 ++++++++++++++++++-------------------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0976eaf..89fe9cf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,25 +27,24 @@ ENV UMASK=0022
 ENV ALLOW_DIRECT_VNC=false
 
 # Prepare installation
-RUN apt-get -q update
-RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive ${PKG} lsb-release
-
-# Install all the stuff
-RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive ${PKG} \
-    gosu \
-    locales \
-    openbox \
-    supervisor \
-    tigervnc-common \
-    $(lsb_release -sc | grep -q bookworm && echo tigervnc-tools) \
-    tigervnc-standalone-server \
-    tint2 \
-    python3-pip \
-    python3-venv \
-    nginx-light
-
-# Cleanup
-RUN apt-get clean && \
+# Then install all the stuff
+# Then clean up
+RUN apt-get -q update && \
+    apt-get -q upgrade && \
+    LC_ALL=C DEBIAN_FRONTEND=noninteractive ${PKG} lsb-release && \
+    LC_ALL=C DEBIAN_FRONTEND=noninteractive ${PKG} \
+        gosu \
+        locales \
+        nginx-light \
+        openbox \
+        python3-pip \
+        python3-venv \
+        supervisor \
+        tigervnc-common \
+        tigervnc-standalone-server \
+        $(lsb_release -sc | grep -q bookworm && echo tigervnc-tools) \
+        tint2 && \
+    apt-get clean && \
     apt-get autoremove && \
     rm -rf /var/lib/apt/lists/* && \
     rm -rf /var/cache/fontconfig/*