Update rabbitmq #13728

tianon · 2022-12-13T18:44:54Z

Changes:

docker-library/rabbitmq@878cc31: Update 3.9 to otp 25.2
docker-library/rabbitmq@eb98ea3: Update 3.11 to otp 25.2
docker-library/rabbitmq@3d32bb2: Update 3.10 to otp 25.2
docker-library/rabbitmq@86ae345: Merge pull request Convert to multi-stage builds rabbitmq#589 from lukebakken/lukebakken/multi-stage-2
docker-library/rabbitmq@625a9a2: Update 3.11 to 3.11.5
docker-library/rabbitmq@175c1b8: Update 3.10 to 3.10.13
docker-library/rabbitmq@9afab9b: Update 3.9 to 3.9.27
docker-library/rabbitmq@99d3ad5: Convert to multi-stage builds

Changes: - docker-library/rabbitmq@878cc31: Update 3.9 to otp 25.2 - docker-library/rabbitmq@eb98ea3: Update 3.11 to otp 25.2 - docker-library/rabbitmq@3d32bb2: Update 3.10 to otp 25.2 - docker-library/rabbitmq@86ae345: Merge pull request docker-library/rabbitmq#589 from lukebakken/lukebakken/multi-stage-2 - docker-library/rabbitmq@625a9a2: Update 3.11 to 3.11.5 - docker-library/rabbitmq@175c1b8: Update 3.10 to 3.10.13 - docker-library/rabbitmq@9afab9b: Update 3.9 to 3.9.27 - docker-library/rabbitmq@99d3ad5: Convert to multi-stage builds

github-actions · 2022-12-14T12:34:15Z

Diff for 11c0608:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 977bfec..e82ad1d 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,62 +1,63 @@
 Maintainers: Tianon Gravi <admwiggin@gmail.com> (@tianon), Joseph Ferguson <yosifkit@gmail.com> (@yosifkit)
 GitRepo: https://github.com/docker-library/rabbitmq.git
+Builder: buildkit
 
-Tags: 3.9.26, 3.9
+Tags: 3.9.27, 3.9
 Architectures: amd64, arm32v7, arm64v8, ppc64le, riscv64, s390x
-GitCommit: c9ff662db9bd80e965f821bb3add6fa5f8c84ac7
+GitCommit: 878cc31eaf717b98193d8a45113720ecd667a486
 Directory: 3.9/ubuntu
 
-Tags: 3.9.26-alpine, 3.9-alpine
+Tags: 3.9.27-alpine, 3.9-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: f9d66be3f9ec1fdf46afe8c4a0f256b712502545
+GitCommit: 878cc31eaf717b98193d8a45113720ecd667a486
 Directory: 3.9/alpine
 
-Tags: 3.9.26-management, 3.9-management
+Tags: 3.9.27-management, 3.9-management
 Architectures: amd64, arm32v7, arm64v8, ppc64le, riscv64, s390x
 GitCommit: b07819f873e5a68b2bb54e01f0caa41c26b277f3
 Directory: 3.9/ubuntu/management
 
-Tags: 3.9.26-management-alpine, 3.9-management-alpine
+Tags: 3.9.27-management-alpine, 3.9-management-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
 GitCommit: b07819f873e5a68b2bb54e01f0caa41c26b277f3
 Directory: 3.9/alpine/management
 
-Tags: 3.10.12, 3.10
+Tags: 3.10.13, 3.10
 Architectures: amd64, arm32v7, arm64v8, ppc64le, riscv64, s390x
-GitCommit: 71ae749340242da89429510fb93249f334fd80bc
+GitCommit: 3d32bb21bede6f2f0f6183e36293712eed237176
 Directory: 3.10/ubuntu
 
-Tags: 3.10.12-alpine, 3.10-alpine
+Tags: 3.10.13-alpine, 3.10-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: f9d66be3f9ec1fdf46afe8c4a0f256b712502545
+GitCommit: 3d32bb21bede6f2f0f6183e36293712eed237176
 Directory: 3.10/alpine
 
-Tags: 3.10.12-management, 3.10-management
+Tags: 3.10.13-management, 3.10-management
 Architectures: amd64, arm32v7, arm64v8, ppc64le, riscv64, s390x
 GitCommit: 6e226fe8e99702c8726d5e7d5c5864e69548048d
 Directory: 3.10/ubuntu/management
 
-Tags: 3.10.12-management-alpine, 3.10-management-alpine
+Tags: 3.10.13-management-alpine, 3.10-management-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
 GitCommit: 6e226fe8e99702c8726d5e7d5c5864e69548048d
 Directory: 3.10/alpine/management
 
-Tags: 3.11.4, 3.11, 3, latest
+Tags: 3.11.5, 3.11, 3, latest
 Architectures: amd64, arm32v7, arm64v8, ppc64le, riscv64, s390x
-GitCommit: 3db783ab9350944e83f1b49d34dcf5de81060804
+GitCommit: eb98ea3aee0df586882c4118c74b870f11072bbf
 Directory: 3.11/ubuntu
 
-Tags: 3.11.4-alpine, 3.11-alpine, 3-alpine, alpine
+Tags: 3.11.5-alpine, 3.11-alpine, 3-alpine, alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: f9d66be3f9ec1fdf46afe8c4a0f256b712502545
+GitCommit: eb98ea3aee0df586882c4118c74b870f11072bbf
 Directory: 3.11/alpine
 
-Tags: 3.11.4-management, 3.11-management, 3-management, management
+Tags: 3.11.5-management, 3.11-management, 3-management, management
 Architectures: amd64, arm32v7, arm64v8, ppc64le, riscv64, s390x
 GitCommit: 65eb19295b7975c4614d6071fb3fc6a1b86282a1
 Directory: 3.11/ubuntu/management
 
-Tags: 3.11.4-management-alpine, 3.11-management-alpine, 3-management-alpine, management-alpine
+Tags: 3.11.5-management-alpine, 3.11-management-alpine, 3-management-alpine, management-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
 GitCommit: 65eb19295b7975c4614d6071fb3fc6a1b86282a1
 Directory: 3.11/alpine/management
diff --git a/_bashbrew-list b/_bashbrew-list
index 3e6fbae..67214ee 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -6,26 +6,26 @@ rabbitmq:3.9
 rabbitmq:3.9-alpine
 rabbitmq:3.9-management
 rabbitmq:3.9-management-alpine
-rabbitmq:3.9.26
-rabbitmq:3.9.26-alpine
-rabbitmq:3.9.26-management
-rabbitmq:3.9.26-management-alpine
+rabbitmq:3.9.27
+rabbitmq:3.9.27-alpine
+rabbitmq:3.9.27-management
+rabbitmq:3.9.27-management-alpine
 rabbitmq:3.10
 rabbitmq:3.10-alpine
 rabbitmq:3.10-management
 rabbitmq:3.10-management-alpine
-rabbitmq:3.10.12
-rabbitmq:3.10.12-alpine
-rabbitmq:3.10.12-management
-rabbitmq:3.10.12-management-alpine
+rabbitmq:3.10.13
+rabbitmq:3.10.13-alpine
+rabbitmq:3.10.13-management
+rabbitmq:3.10.13-management-alpine
 rabbitmq:3.11
 rabbitmq:3.11-alpine
 rabbitmq:3.11-management
 rabbitmq:3.11-management-alpine
-rabbitmq:3.11.4
-rabbitmq:3.11.4-alpine
-rabbitmq:3.11.4-management
-rabbitmq:3.11.4-management-alpine
+rabbitmq:3.11.5
+rabbitmq:3.11.5-alpine
+rabbitmq:3.11.5-management
+rabbitmq:3.11.5-management-alpine
 rabbitmq:alpine
 rabbitmq:latest
 rabbitmq:management
diff --git a/rabbitmq_3.10-alpine/Dockerfile b/rabbitmq_3.10-alpine/Dockerfile
index 77f8314..64344ac 100644
--- a/rabbitmq_3.10-alpine/Dockerfile
+++ b/rabbitmq_3.10-alpine/Dockerfile
@@ -5,17 +5,18 @@
 #
 
 # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
-FROM alpine:3.17
+FROM alpine:3.17 as build-base
 
 RUN apk add --no-cache \
-# grab su-exec for easy step-down from root
-		'su-exec>=0.2' \
-# bash for docker-entrypoint.sh
-		bash \
-# "ps" for "rabbitmqctl wait" (https://github.com/docker-library/rabbitmq/issues/162)
-		procps \
-# Bring in tzdata so users could set the timezones through the environment
-		tzdata
+	build-base \
+	dpkg-dev \
+	dpkg \
+	gnupg \
+	libc-dev \
+	linux-headers \
+	ncurses-dev
+
+FROM build-base as openssl-builder
 
 # Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
 ARG PGP_KEYSERVER=keyserver.ubuntu.com
@@ -28,10 +29,10 @@ ENV OPENSSL_SOURCE_SHA256="c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18
 # https://www.openssl.org/community/otc.html
 ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
 
-ENV OTP_VERSION 25.1.2
+ENV OTP_VERSION 25.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
 # https://erlang.org/pipermail/erlang-questions/2019-January/097067.html
-ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1cc95cca5"
+ENV OTP_SOURCE_SHA256="aee1ef294ee048c976d6a126a430367076354f484f557eacaf08bf086cb1314d"
 
 # Install dependencies required to build Erlang/OTP from source
 # https://erlang.org/doc/installation_guide/INSTALL.html
@@ -40,26 +41,13 @@ ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1c
 # gnupg: Required to verify OpenSSL artefacts
 # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli
 RUN set -eux; \
-	\
-	apk add --no-cache --virtual .build-deps \
-		autoconf \
-		dpkg-dev dpkg \
-		g++ \
-		gcc \
-		gnupg \
-		libc-dev \
-		linux-headers \
-		make \
-		ncurses-dev \
-	; \
+# /usr/local/src doesn't exist in Alpine by default
+	mkdir -p /usr/local/src; \
 	\
 	OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
 	OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
 	OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \
 	\
-# /usr/local/src doesn't exist in Alpine by default
-	mkdir /usr/local/src; \
-	\
 # Required by the crypto & ssl Erlang/OTP applications
 	wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
 	wget --output-document "$OPENSSL_PATH.tar.gz" "$OPENSSL_SOURCE_URL"; \
@@ -89,13 +77,18 @@ RUN set -eux; \
 # Compile, install OpenSSL, verify that the command-line works & development headers are present
 	make -j "$(getconf _NPROCESSORS_ONLN)"; \
 	make install_sw install_ssldirs; \
-	cd ..; \
-	rm -rf "$OPENSSL_PATH"*; \
 # use Alpine's CA certificates
 	rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \
-	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \
+	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
+
 # smoke test
-	openssl version; \
+RUN openssl version
+
+FROM openssl-builder as erlang-builder
+
+RUN set -eux; \
+# /usr/local/src doesn't exist in Alpine by default
+	mkdir -p /usr/local/src; \
 	\
 	OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \
 	OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \
@@ -111,7 +104,6 @@ RUN set -eux; \
 # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation
 	cd "$OTP_PATH"; \
 	export ERL_TOP="$OTP_PATH"; \
-	./otp_build autoconf; \
 	export CFLAGS='-g -O2'; \
 # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure /usr/local/lib is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
 	export CFLAGS="$CFLAGS -Wl,-rpath=/usr/local/lib"; \
@@ -160,39 +152,62 @@ RUN set -eux; \
 # Compile & install Erlang/OTP
 	make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \
 	make install; \
-	cd ..; \
-	rm -rf \
-		"$OTP_PATH"* \
-		/usr/local/lib/erlang/lib/*/examples \
-		/usr/local/lib/erlang/lib/*/src \
-	; \
 	\
+# Remove unnecessary files
+	find /usr/local/lib/erlang -type d -name examples -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name src -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name include -exec rm -rf '{}' +
+
+# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
+RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
+
+FROM alpine:3.17
+
+COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/
+COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/
+COPY --from=erlang-builder /usr/local/lib/ /usr/local/lib/
+
+ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
+
+RUN set -eux; \
+# Configure OpenSSL to use system certs
+	ln -vsf /etc/ssl/certs /etc/ssl/private /usr/local/etc/ssl; \
+	\
+# Ensure run-time dependencies are installed
 	runDeps="$( \
 		scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
 			| tr ',' '\n' \
 			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+			| awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \
 	)"; \
 	apk add --no-cache --virtual .otp-run-deps $runDeps; \
-	apk del --no-network .build-deps; \
 	\
-# Check that OpenSSL still works after purging build dependencies
+# Check that OpenSSL still works after copying from previous builder
 	openssl version; \
+	\
 # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
-	erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
-
-ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
+	erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'; \
+	\
 # Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
-RUN set -eux; \
 	addgroup -g 101 -S rabbitmq; \
 	adduser -u 100 -S -h "$RABBITMQ_DATA_DIR" -G rabbitmq rabbitmq; \
 	mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
 	chown -fR rabbitmq:rabbitmq "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
 	chmod 777 "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
-	ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
+	ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie; \
+	\
+	apk add --no-cache \
+# grab su-exec for easy step-down from root
+		'su-exec>=0.2' \
+# bash for docker-entrypoint.sh
+		bash \
+# "ps" for "rabbitmqctl wait" (https://github.com/docker-library/rabbitmq/issues/162)
+		procps \
+# Bring in tzdata so users could set the timezones through the environment
+		tzdata
 
 # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
-ENV RABBITMQ_VERSION 3.10.12
+ENV RABBITMQ_VERSION 3.10.13
 # https://www.rabbitmq.com/signatures.html#importing-gpg
 ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
 ENV RABBITMQ_HOME=/opt/rabbitmq
@@ -202,6 +217,8 @@ ENV PATH=$RABBITMQ_HOME/sbin:$PATH
 
 # Install RabbitMQ
 RUN set -eux; \
+# /usr/local/src doesn't exist in Alpine by default
+	mkdir -p /usr/local/src; \
 	\
 	apk add --no-cache --virtual .build-deps \
 		gnupg \
@@ -229,7 +246,7 @@ RUN set -eux; \
 	grep -qE '^SYS_PREFIX=$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
 	chown -R rabbitmq:rabbitmq "$RABBITMQ_HOME"; \
 	\
-	apk del .build-deps; \
+	apk del --no-network .build-deps; \
 	\
 # verify assumption of no stale cookies
 	[ ! -e "$RABBITMQ_DATA_DIR/.erlang.cookie" ]; \
diff --git a/rabbitmq_3.10/Dockerfile b/rabbitmq_3.10/Dockerfile
index 5df4c1e..89a2dcb 100644
--- a/rabbitmq_3.10/Dockerfile
+++ b/rabbitmq_3.10/Dockerfile
@@ -6,19 +6,18 @@
 
 # The official Canonical Ubuntu Focal image is ideal from a security perspective,
 # especially for the enterprises that we, the RabbitMQ team, have to deal with
-FROM ubuntu:20.04
+FROM ubuntu:20.04 as build-base
 
 RUN set -eux; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
-# grab gosu for easy step-down from root
-		gosu \
-# Bring in tzdata so users could set the timezones through the environment
-		tzdata \
-	; \
-	rm -rf /var/lib/apt/lists/*; \
-# verify that the "gosu" binary works
-	gosu nobody true
+		build-essential \
+		ca-certificates \
+		gnupg \
+		libncurses5-dev \
+		wget
+
+FROM build-base as openssl-builder
 
 # Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
 ARG PGP_KEYSERVER=keyserver.ubuntu.com
@@ -31,10 +30,10 @@ ENV OPENSSL_SOURCE_SHA256="c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18
 # https://www.openssl.org/community/otc.html
 ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
 
-ENV OTP_VERSION 25.1.2
+ENV OTP_VERSION 25.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
 # https://erlang.org/pipermail/erlang-questions/2019-January/097067.html
-ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1cc95cca5"
+ENV OTP_SOURCE_SHA256="aee1ef294ee048c976d6a126a430367076354f484f557eacaf08bf086cb1314d"
 
 # Install dependencies required to build Erlang/OTP from source
 # https://erlang.org/doc/installation_guide/INSTALL.html
@@ -43,22 +42,6 @@ ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1c
 # gnupg: Required to verify OpenSSL artefacts
 # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli
 RUN set -eux; \
-	\
-	savedAptMark="$(apt-mark showmanual)"; \
-	apt-get update; \
-	apt-get install --yes --no-install-recommends \
-		autoconf \
-		ca-certificates \
-		dpkg-dev \
-		gcc \
-		g++ \
-		gnupg \
-		libncurses5-dev \
-		make \
-		wget \
-	; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 	OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
 	OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
 	OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \
@@ -95,15 +78,17 @@ RUN set -eux; \
 # Compile, install OpenSSL, verify that the command-line works & development headers are present
 	make -j "$(getconf _NPROCESSORS_ONLN)"; \
 	make install_sw install_ssldirs; \
-	cd ..; \
-	rm -rf "$OPENSSL_PATH"*; \
 	ldconfig; \
 # use Debian's CA certificates
 	rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \
-	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \
+	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
+
 # smoke test
-	openssl version; \
-	\
+RUN openssl version
+
+FROM openssl-builder as erlang-builder
+
+RUN set -eux; \
 	OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \
 	OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \
 	\
@@ -118,7 +103,6 @@ RUN set -eux; \
 # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation
 	cd "$OTP_PATH"; \
 	export ERL_TOP="$OTP_PATH"; \
-	./otp_build autoconf; \
 	CFLAGS="$(dpkg-buildflags --get CFLAGS)"; export CFLAGS; \
 # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure /usr/local/lib is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
 	export CFLAGS="$CFLAGS -Wl,-rpath=/usr/local/lib"; \
@@ -164,37 +148,39 @@ RUN set -eux; \
 		--without-wx \
 		$jitFlag \
 	; \
+	\
 # Compile & install Erlang/OTP
 	make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \
 	make install; \
-	cd ..; \
-	rm -rf \
-		"$OTP_PATH"* \
-		/usr/local/lib/erlang/lib/*/examples \
-		/usr/local/lib/erlang/lib/*/src \
-	; \
-	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	find /usr/local -type f -executable -exec ldd '{}' ';' \
-		| awk '/=>/ { print $(NF-1) }' \
-		| sort -u \
-		| xargs -r dpkg-query --search \
-		| cut -d: -f1 \
-		| sort -u \
-		| xargs -r apt-mark manual \
-	; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
 	\
-# Check that OpenSSL still works after purging build dependencies
-	openssl version; \
+# Remove unnecessary files
+	find /usr/local/lib/erlang -type d -name examples -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name src -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name include -exec rm -rf '{}' +
+
 # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
-	erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
+RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
+
+FROM ubuntu:20.04
+
+COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/
+COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/
+COPY --from=erlang-builder /usr/local/lib/ /usr/local/lib/
 
 ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
-# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
+
 RUN set -eux; \
+# Configure OpenSSL to use system certs
+	ln -vsf /etc/ssl/certs /etc/ssl/private /usr/local/etc/ssl; \
+	\
+# Check that OpenSSL still works after copying from previous builder
+	ldconfig; \
+	openssl version; \
+	\
+# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
+	erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'; \
+	\
+# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
 	groupadd --gid 999 --system rabbitmq; \
 	useradd --uid 999 --system --home-dir "$RABBITMQ_DATA_DIR" --gid rabbitmq rabbitmq; \
 	mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
@@ -203,7 +189,7 @@ RUN set -eux; \
 	ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
 
 # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
-ENV RABBITMQ_VERSION 3.10.12
+ENV RABBITMQ_VERSION 3.10.13
 # https://www.rabbitmq.com/signatures.html#importing-gpg
 ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
 ENV RABBITMQ_HOME=/opt/rabbitmq
@@ -213,11 +199,20 @@ ENV PATH=$RABBITMQ_HOME/sbin:$PATH
 
 # Install RabbitMQ
 RUN set -eux; \
-	\
-	savedAptMark="$(apt-mark showmanual)"; \
+	export DEBIAN_FRONTEND=noninteractive; \
 	apt-get update; \
 	apt-get install --yes --no-install-recommends \
 		ca-certificates \
+# grab gosu for easy step-down from root
+		gosu \
+# Bring in tzdata so users could set the timezones through the environment
+		tzdata \
+	; \
+# verify that the "gosu" binary works
+	gosu nobody true; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get install --yes --no-install-recommends \
 		gnupg \
 		wget \
 		xz-utils \
diff --git a/rabbitmq_3.9-alpine/Dockerfile b/rabbitmq_3.9-alpine/Dockerfile
index e166839..4ade9e5 100644
--- a/rabbitmq_3.9-alpine/Dockerfile
+++ b/rabbitmq_3.9-alpine/Dockerfile
@@ -5,17 +5,18 @@
 #
 
 # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
-FROM alpine:3.17
+FROM alpine:3.17 as build-base
 
 RUN apk add --no-cache \
-# grab su-exec for easy step-down from root
-		'su-exec>=0.2' \
-# bash for docker-entrypoint.sh
-		bash \
-# "ps" for "rabbitmqctl wait" (https://github.com/docker-library/rabbitmq/issues/162)
-		procps \
-# Bring in tzdata so users could set the timezones through the environment
-		tzdata
+	build-base \
+	dpkg-dev \
+	dpkg \
+	gnupg \
+	libc-dev \
+	linux-headers \
+	ncurses-dev
+
+FROM build-base as openssl-builder
 
 # Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
 ARG PGP_KEYSERVER=keyserver.ubuntu.com
@@ -28,10 +29,10 @@ ENV OPENSSL_SOURCE_SHA256="c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18
 # https://www.openssl.org/community/otc.html
 ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
 
-ENV OTP_VERSION 25.1.2
+ENV OTP_VERSION 25.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
 # https://erlang.org/pipermail/erlang-questions/2019-January/097067.html
-ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1cc95cca5"
+ENV OTP_SOURCE_SHA256="aee1ef294ee048c976d6a126a430367076354f484f557eacaf08bf086cb1314d"
 
 # Install dependencies required to build Erlang/OTP from source
 # https://erlang.org/doc/installation_guide/INSTALL.html
@@ -40,26 +41,13 @@ ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1c
 # gnupg: Required to verify OpenSSL artefacts
 # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli
 RUN set -eux; \
-	\
-	apk add --no-cache --virtual .build-deps \
-		autoconf \
-		dpkg-dev dpkg \
-		g++ \
-		gcc \
-		gnupg \
-		libc-dev \
-		linux-headers \
-		make \
-		ncurses-dev \
-	; \
+# /usr/local/src doesn't exist in Alpine by default
+	mkdir -p /usr/local/src; \
 	\
 	OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
 	OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
 	OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \
 	\
-# /usr/local/src doesn't exist in Alpine by default
-	mkdir /usr/local/src; \
-	\
 # Required by the crypto & ssl Erlang/OTP applications
 	wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
 	wget --output-document "$OPENSSL_PATH.tar.gz" "$OPENSSL_SOURCE_URL"; \
@@ -89,13 +77,18 @@ RUN set -eux; \
 # Compile, install OpenSSL, verify that the command-line works & development headers are present
 	make -j "$(getconf _NPROCESSORS_ONLN)"; \
 	make install_sw install_ssldirs; \
-	cd ..; \
-	rm -rf "$OPENSSL_PATH"*; \
 # use Alpine's CA certificates
 	rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \
-	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \
+	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
+
 # smoke test
-	openssl version; \
+RUN openssl version
+
+FROM openssl-builder as erlang-builder
+
+RUN set -eux; \
+# /usr/local/src doesn't exist in Alpine by default
+	mkdir -p /usr/local/src; \
 	\
 	OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \
 	OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \
@@ -111,7 +104,6 @@ RUN set -eux; \
 # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation
 	cd "$OTP_PATH"; \
 	export ERL_TOP="$OTP_PATH"; \
-	./otp_build autoconf; \
 	export CFLAGS='-g -O2'; \
 # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure /usr/local/lib is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
 	export CFLAGS="$CFLAGS -Wl,-rpath=/usr/local/lib"; \
@@ -160,39 +152,62 @@ RUN set -eux; \
 # Compile & install Erlang/OTP
 	make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \
 	make install; \
-	cd ..; \
-	rm -rf \
-		"$OTP_PATH"* \
-		/usr/local/lib/erlang/lib/*/examples \
-		/usr/local/lib/erlang/lib/*/src \
-	; \
 	\
+# Remove unnecessary files
+	find /usr/local/lib/erlang -type d -name examples -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name src -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name include -exec rm -rf '{}' +
+
+# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
+RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
+
+FROM alpine:3.17
+
+COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/
+COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/
+COPY --from=erlang-builder /usr/local/lib/ /usr/local/lib/
+
+ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
+
+RUN set -eux; \
+# Configure OpenSSL to use system certs
+	ln -vsf /etc/ssl/certs /etc/ssl/private /usr/local/etc/ssl; \
+	\
+# Ensure run-time dependencies are installed
 	runDeps="$( \
 		scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
 			| tr ',' '\n' \
 			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+			| awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \
 	)"; \
 	apk add --no-cache --virtual .otp-run-deps $runDeps; \
-	apk del --no-network .build-deps; \
 	\
-# Check that OpenSSL still works after purging build dependencies
+# Check that OpenSSL still works after copying from previous builder
 	openssl version; \
+	\
 # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
-	erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
-
-ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
+	erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'; \
+	\
 # Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
-RUN set -eux; \
 	addgroup -g 101 -S rabbitmq; \
 	adduser -u 100 -S -h "$RABBITMQ_DATA_DIR" -G rabbitmq rabbitmq; \
 	mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
 	chown -fR rabbitmq:rabbitmq "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
 	chmod 777 "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
-	ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
+	ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie; \
+	\
+	apk add --no-cache \
+# grab su-exec for easy step-down from root
+		'su-exec>=0.2' \
+# bash for docker-entrypoint.sh
+		bash \
+# "ps" for "rabbitmqctl wait" (https://github.com/docker-library/rabbitmq/issues/162)
+		procps \
+# Bring in tzdata so users could set the timezones through the environment
+		tzdata
 
 # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
-ENV RABBITMQ_VERSION 3.9.26
+ENV RABBITMQ_VERSION 3.9.27
 # https://www.rabbitmq.com/signatures.html#importing-gpg
 ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
 ENV RABBITMQ_HOME=/opt/rabbitmq
@@ -202,6 +217,8 @@ ENV PATH=$RABBITMQ_HOME/sbin:$PATH
 
 # Install RabbitMQ
 RUN set -eux; \
+# /usr/local/src doesn't exist in Alpine by default
+	mkdir -p /usr/local/src; \
 	\
 	apk add --no-cache --virtual .build-deps \
 		gnupg \
@@ -229,7 +246,7 @@ RUN set -eux; \
 	grep -qE '^SYS_PREFIX=$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
 	chown -R rabbitmq:rabbitmq "$RABBITMQ_HOME"; \
 	\
-	apk del .build-deps; \
+	apk del --no-network .build-deps; \
 	\
 # verify assumption of no stale cookies
 	[ ! -e "$RABBITMQ_DATA_DIR/.erlang.cookie" ]; \
diff --git a/rabbitmq_3.9/Dockerfile b/rabbitmq_3.9/Dockerfile
index b7b38a6..bf6779c 100644
--- a/rabbitmq_3.9/Dockerfile
+++ b/rabbitmq_3.9/Dockerfile
@@ -6,19 +6,18 @@
 
 # The official Canonical Ubuntu Focal image is ideal from a security perspective,
 # especially for the enterprises that we, the RabbitMQ team, have to deal with
-FROM ubuntu:20.04
+FROM ubuntu:20.04 as build-base
 
 RUN set -eux; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
-# grab gosu for easy step-down from root
-		gosu \
-# Bring in tzdata so users could set the timezones through the environment
-		tzdata \
-	; \
-	rm -rf /var/lib/apt/lists/*; \
-# verify that the "gosu" binary works
-	gosu nobody true
+		build-essential \
+		ca-certificates \
+		gnupg \
+		libncurses5-dev \
+		wget
+
+FROM build-base as openssl-builder
 
 # Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
 ARG PGP_KEYSERVER=keyserver.ubuntu.com
@@ -31,10 +30,10 @@ ENV OPENSSL_SOURCE_SHA256="c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18
 # https://www.openssl.org/community/otc.html
 ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
 
-ENV OTP_VERSION 25.1.2
+ENV OTP_VERSION 25.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
 # https://erlang.org/pipermail/erlang-questions/2019-January/097067.html
-ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1cc95cca5"
+ENV OTP_SOURCE_SHA256="aee1ef294ee048c976d6a126a430367076354f484f557eacaf08bf086cb1314d"
 
 # Install dependencies required to build Erlang/OTP from source
 # https://erlang.org/doc/installation_guide/INSTALL.html
@@ -43,22 +42,6 @@ ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1c
 # gnupg: Required to verify OpenSSL artefacts
 # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli
 RUN set -eux; \
-	\
-	savedAptMark="$(apt-mark showmanual)"; \
-	apt-get update; \
-	apt-get install --yes --no-install-recommends \
-		autoconf \
-		ca-certificates \
-		dpkg-dev \
-		gcc \
-		g++ \
-		gnupg \
-		libncurses5-dev \
-		make \
-		wget \
-	; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 	OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
 	OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
 	OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \
@@ -95,15 +78,17 @@ RUN set -eux; \
 # Compile, install OpenSSL, verify that the command-line works & development headers are present
 	make -j "$(getconf _NPROCESSORS_ONLN)"; \
 	make install_sw install_ssldirs; \
-	cd ..; \
-	rm -rf "$OPENSSL_PATH"*; \
 	ldconfig; \
 # use Debian's CA certificates
 	rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \
-	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \
+	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
+
 # smoke test
-	openssl version; \
-	\
+RUN openssl version
+
+FROM openssl-builder as erlang-builder
+
+RUN set -eux; \
 	OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \
 	OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \
 	\
@@ -118,7 +103,6 @@ RUN set -eux; \
 # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation
 	cd "$OTP_PATH"; \
 	export ERL_TOP="$OTP_PATH"; \
-	./otp_build autoconf; \
 	CFLAGS="$(dpkg-buildflags --get CFLAGS)"; export CFLAGS; \
 # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure /usr/local/lib is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
 	export CFLAGS="$CFLAGS -Wl,-rpath=/usr/local/lib"; \
@@ -164,37 +148,39 @@ RUN set -eux; \
 		--without-wx \
 		$jitFlag \
 	; \
+	\
 # Compile & install Erlang/OTP
 	make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \
 	make install; \
-	cd ..; \
-	rm -rf \
-		"$OTP_PATH"* \
-		/usr/local/lib/erlang/lib/*/examples \
-		/usr/local/lib/erlang/lib/*/src \
-	; \
-	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	find /usr/local -type f -executable -exec ldd '{}' ';' \
-		| awk '/=>/ { print $(NF-1) }' \
-		| sort -u \
-		| xargs -r dpkg-query --search \
-		| cut -d: -f1 \
-		| sort -u \
-		| xargs -r apt-mark manual \
-	; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
 	\
-# Check that OpenSSL still works after purging build dependencies
-	openssl version; \
+# Remove unnecessary files
+	find /usr/local/lib/erlang -type d -name examples -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name src -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name include -exec rm -rf '{}' +
+
 # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
-	erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
+RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
+
+FROM ubuntu:20.04
+
+COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/
+COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/
+COPY --from=erlang-builder /usr/local/lib/ /usr/local/lib/
 
 ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
-# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
+
 RUN set -eux; \
+# Configure OpenSSL to use system certs
+	ln -vsf /etc/ssl/certs /etc/ssl/private /usr/local/etc/ssl; \
+	\
+# Check that OpenSSL still works after copying from previous builder
+	ldconfig; \
+	openssl version; \
+	\
+# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
+	erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'; \
+	\
+# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
 	groupadd --gid 999 --system rabbitmq; \
 	useradd --uid 999 --system --home-dir "$RABBITMQ_DATA_DIR" --gid rabbitmq rabbitmq; \
 	mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
@@ -203,7 +189,7 @@ RUN set -eux; \
 	ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
 
 # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
-ENV RABBITMQ_VERSION 3.9.26
+ENV RABBITMQ_VERSION 3.9.27
 # https://www.rabbitmq.com/signatures.html#importing-gpg
 ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
 ENV RABBITMQ_HOME=/opt/rabbitmq
@@ -213,11 +199,20 @@ ENV PATH=$RABBITMQ_HOME/sbin:$PATH
 
 # Install RabbitMQ
 RUN set -eux; \
-	\
-	savedAptMark="$(apt-mark showmanual)"; \
+	export DEBIAN_FRONTEND=noninteractive; \
 	apt-get update; \
 	apt-get install --yes --no-install-recommends \
 		ca-certificates \
+# grab gosu for easy step-down from root
+		gosu \
+# Bring in tzdata so users could set the timezones through the environment
+		tzdata \
+	; \
+# verify that the "gosu" binary works
+	gosu nobody true; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get install --yes --no-install-recommends \
 		gnupg \
 		wget \
 		xz-utils \
diff --git a/rabbitmq_alpine/Dockerfile b/rabbitmq_alpine/Dockerfile
index 76c47ae..35a8456 100644
--- a/rabbitmq_alpine/Dockerfile
+++ b/rabbitmq_alpine/Dockerfile
@@ -5,17 +5,18 @@
 #
 
 # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
-FROM alpine:3.17
+FROM alpine:3.17 as build-base
 
 RUN apk add --no-cache \
-# grab su-exec for easy step-down from root
-		'su-exec>=0.2' \
-# bash for docker-entrypoint.sh
-		bash \
-# "ps" for "rabbitmqctl wait" (https://github.com/docker-library/rabbitmq/issues/162)
-		procps \
-# Bring in tzdata so users could set the timezones through the environment
-		tzdata
+	build-base \
+	dpkg-dev \
+	dpkg \
+	gnupg \
+	libc-dev \
+	linux-headers \
+	ncurses-dev
+
+FROM build-base as openssl-builder
 
 # Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
 ARG PGP_KEYSERVER=keyserver.ubuntu.com
@@ -28,10 +29,10 @@ ENV OPENSSL_SOURCE_SHA256="c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18
 # https://www.openssl.org/community/otc.html
 ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
 
-ENV OTP_VERSION 25.1.2
+ENV OTP_VERSION 25.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
 # https://erlang.org/pipermail/erlang-questions/2019-January/097067.html
-ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1cc95cca5"
+ENV OTP_SOURCE_SHA256="aee1ef294ee048c976d6a126a430367076354f484f557eacaf08bf086cb1314d"
 
 # Install dependencies required to build Erlang/OTP from source
 # https://erlang.org/doc/installation_guide/INSTALL.html
@@ -40,26 +41,13 @@ ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1c
 # gnupg: Required to verify OpenSSL artefacts
 # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli
 RUN set -eux; \
-	\
-	apk add --no-cache --virtual .build-deps \
-		autoconf \
-		dpkg-dev dpkg \
-		g++ \
-		gcc \
-		gnupg \
-		libc-dev \
-		linux-headers \
-		make \
-		ncurses-dev \
-	; \
+# /usr/local/src doesn't exist in Alpine by default
+	mkdir -p /usr/local/src; \
 	\
 	OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
 	OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
 	OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \
 	\
-# /usr/local/src doesn't exist in Alpine by default
-	mkdir /usr/local/src; \
-	\
 # Required by the crypto & ssl Erlang/OTP applications
 	wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
 	wget --output-document "$OPENSSL_PATH.tar.gz" "$OPENSSL_SOURCE_URL"; \
@@ -89,13 +77,18 @@ RUN set -eux; \
 # Compile, install OpenSSL, verify that the command-line works & development headers are present
 	make -j "$(getconf _NPROCESSORS_ONLN)"; \
 	make install_sw install_ssldirs; \
-	cd ..; \
-	rm -rf "$OPENSSL_PATH"*; \
 # use Alpine's CA certificates
 	rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \
-	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \
+	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
+
 # smoke test
-	openssl version; \
+RUN openssl version
+
+FROM openssl-builder as erlang-builder
+
+RUN set -eux; \
+# /usr/local/src doesn't exist in Alpine by default
+	mkdir -p /usr/local/src; \
 	\
 	OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \
 	OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \
@@ -111,7 +104,6 @@ RUN set -eux; \
 # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation
 	cd "$OTP_PATH"; \
 	export ERL_TOP="$OTP_PATH"; \
-	./otp_build autoconf; \
 	export CFLAGS='-g -O2'; \
 # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure /usr/local/lib is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
 	export CFLAGS="$CFLAGS -Wl,-rpath=/usr/local/lib"; \
@@ -160,39 +152,62 @@ RUN set -eux; \
 # Compile & install Erlang/OTP
 	make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \
 	make install; \
-	cd ..; \
-	rm -rf \
-		"$OTP_PATH"* \
-		/usr/local/lib/erlang/lib/*/examples \
-		/usr/local/lib/erlang/lib/*/src \
-	; \
 	\
+# Remove unnecessary files
+	find /usr/local/lib/erlang -type d -name examples -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name src -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name include -exec rm -rf '{}' +
+
+# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
+RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
+
+FROM alpine:3.17
+
+COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/
+COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/
+COPY --from=erlang-builder /usr/local/lib/ /usr/local/lib/
+
+ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
+
+RUN set -eux; \
+# Configure OpenSSL to use system certs
+	ln -vsf /etc/ssl/certs /etc/ssl/private /usr/local/etc/ssl; \
+	\
+# Ensure run-time dependencies are installed
 	runDeps="$( \
 		scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
 			| tr ',' '\n' \
 			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+			| awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \
 	)"; \
 	apk add --no-cache --virtual .otp-run-deps $runDeps; \
-	apk del --no-network .build-deps; \
 	\
-# Check that OpenSSL still works after purging build dependencies
+# Check that OpenSSL still works after copying from previous builder
 	openssl version; \
+	\
 # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
-	erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
-
-ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
+	erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'; \
+	\
 # Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
-RUN set -eux; \
 	addgroup -g 101 -S rabbitmq; \
 	adduser -u 100 -S -h "$RABBITMQ_DATA_DIR" -G rabbitmq rabbitmq; \
 	mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
 	chown -fR rabbitmq:rabbitmq "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
 	chmod 777 "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
-	ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
+	ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie; \
+	\
+	apk add --no-cache \
+# grab su-exec for easy step-down from root
+		'su-exec>=0.2' \
+# bash for docker-entrypoint.sh
+		bash \
+# "ps" for "rabbitmqctl wait" (https://github.com/docker-library/rabbitmq/issues/162)
+		procps \
+# Bring in tzdata so users could set the timezones through the environment
+		tzdata
 
 # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
-ENV RABBITMQ_VERSION 3.11.4
+ENV RABBITMQ_VERSION 3.11.5
 # https://www.rabbitmq.com/signatures.html#importing-gpg
 ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
 ENV RABBITMQ_HOME=/opt/rabbitmq
@@ -202,6 +217,8 @@ ENV PATH=$RABBITMQ_HOME/sbin:$PATH
 
 # Install RabbitMQ
 RUN set -eux; \
+# /usr/local/src doesn't exist in Alpine by default
+	mkdir -p /usr/local/src; \
 	\
 	apk add --no-cache --virtual .build-deps \
 		gnupg \
@@ -229,7 +246,7 @@ RUN set -eux; \
 	grep -qE '^SYS_PREFIX=$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
 	chown -R rabbitmq:rabbitmq "$RABBITMQ_HOME"; \
 	\
-	apk del .build-deps; \
+	apk del --no-network .build-deps; \
 	\
 # verify assumption of no stale cookies
 	[ ! -e "$RABBITMQ_DATA_DIR/.erlang.cookie" ]; \
diff --git a/rabbitmq_latest/Dockerfile b/rabbitmq_latest/Dockerfile
index 181c80d..c97902a 100644
--- a/rabbitmq_latest/Dockerfile
+++ b/rabbitmq_latest/Dockerfile
@@ -6,19 +6,18 @@
 
 # The official Canonical Ubuntu Focal image is ideal from a security perspective,
 # especially for the enterprises that we, the RabbitMQ team, have to deal with
-FROM ubuntu:20.04
+FROM ubuntu:20.04 as build-base
 
 RUN set -eux; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
-# grab gosu for easy step-down from root
-		gosu \
-# Bring in tzdata so users could set the timezones through the environment
-		tzdata \
-	; \
-	rm -rf /var/lib/apt/lists/*; \
-# verify that the "gosu" binary works
-	gosu nobody true
+		build-essential \
+		ca-certificates \
+		gnupg \
+		libncurses5-dev \
+		wget
+
+FROM build-base as openssl-builder
 
 # Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
 ARG PGP_KEYSERVER=keyserver.ubuntu.com
@@ -31,10 +30,10 @@ ENV OPENSSL_SOURCE_SHA256="c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18
 # https://www.openssl.org/community/otc.html
 ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
 
-ENV OTP_VERSION 25.1.2
+ENV OTP_VERSION 25.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
 # https://erlang.org/pipermail/erlang-questions/2019-January/097067.html
-ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1cc95cca5"
+ENV OTP_SOURCE_SHA256="aee1ef294ee048c976d6a126a430367076354f484f557eacaf08bf086cb1314d"
 
 # Install dependencies required to build Erlang/OTP from source
 # https://erlang.org/doc/installation_guide/INSTALL.html
@@ -43,22 +42,6 @@ ENV OTP_SOURCE_SHA256="5442dea694e7555d479d80bc81f1428020639c258f8e40b2052732d1c
 # gnupg: Required to verify OpenSSL artefacts
 # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli
 RUN set -eux; \
-	\
-	savedAptMark="$(apt-mark showmanual)"; \
-	apt-get update; \
-	apt-get install --yes --no-install-recommends \
-		autoconf \
-		ca-certificates \
-		dpkg-dev \
-		gcc \
-		g++ \
-		gnupg \
-		libncurses5-dev \
-		make \
-		wget \
-	; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 	OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
 	OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
 	OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \
@@ -95,15 +78,17 @@ RUN set -eux; \
 # Compile, install OpenSSL, verify that the command-line works & development headers are present
 	make -j "$(getconf _NPROCESSORS_ONLN)"; \
 	make install_sw install_ssldirs; \
-	cd ..; \
-	rm -rf "$OPENSSL_PATH"*; \
 	ldconfig; \
 # use Debian's CA certificates
 	rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \
-	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \
+	ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
+
 # smoke test
-	openssl version; \
-	\
+RUN openssl version
+
+FROM openssl-builder as erlang-builder
+
+RUN set -eux; \
 	OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \
 	OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \
 	\
@@ -118,7 +103,6 @@ RUN set -eux; \
 # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation
 	cd "$OTP_PATH"; \
 	export ERL_TOP="$OTP_PATH"; \
-	./otp_build autoconf; \
 	CFLAGS="$(dpkg-buildflags --get CFLAGS)"; export CFLAGS; \
 # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure /usr/local/lib is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
 	export CFLAGS="$CFLAGS -Wl,-rpath=/usr/local/lib"; \
@@ -164,37 +148,39 @@ RUN set -eux; \
 		--without-wx \
 		$jitFlag \
 	; \
+	\
 # Compile & install Erlang/OTP
 	make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \
 	make install; \
-	cd ..; \
-	rm -rf \
-		"$OTP_PATH"* \
-		/usr/local/lib/erlang/lib/*/examples \
-		/usr/local/lib/erlang/lib/*/src \
-	; \
-	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	find /usr/local -type f -executable -exec ldd '{}' ';' \
-		| awk '/=>/ { print $(NF-1) }' \
-		| sort -u \
-		| xargs -r dpkg-query --search \
-		| cut -d: -f1 \
-		| sort -u \
-		| xargs -r apt-mark manual \
-	; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
 	\
-# Check that OpenSSL still works after purging build dependencies
-	openssl version; \
+# Remove unnecessary files
+	find /usr/local/lib/erlang -type d -name examples -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name src -exec rm -rf '{}' +; \
+	find /usr/local/lib/erlang -type d -name include -exec rm -rf '{}' +
+
 # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
-	erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
+RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
+
+FROM ubuntu:20.04
+
+COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/
+COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/
+COPY --from=erlang-builder /usr/local/lib/ /usr/local/lib/
 
 ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
-# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
+
 RUN set -eux; \
+# Configure OpenSSL to use system certs
+	ln -vsf /etc/ssl/certs /etc/ssl/private /usr/local/etc/ssl; \
+	\
+# Check that OpenSSL still works after copying from previous builder
+	ldconfig; \
+	openssl version; \
+	\
+# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
+	erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'; \
+	\
+# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
 	groupadd --gid 999 --system rabbitmq; \
 	useradd --uid 999 --system --home-dir "$RABBITMQ_DATA_DIR" --gid rabbitmq rabbitmq; \
 	mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \
@@ -203,7 +189,7 @@ RUN set -eux; \
 	ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
 
 # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
-ENV RABBITMQ_VERSION 3.11.4
+ENV RABBITMQ_VERSION 3.11.5
 # https://www.rabbitmq.com/signatures.html#importing-gpg
 ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
 ENV RABBITMQ_HOME=/opt/rabbitmq
@@ -213,11 +199,20 @@ ENV PATH=$RABBITMQ_HOME/sbin:$PATH
 
 # Install RabbitMQ
 RUN set -eux; \
-	\
-	savedAptMark="$(apt-mark showmanual)"; \
+	export DEBIAN_FRONTEND=noninteractive; \
 	apt-get update; \
 	apt-get install --yes --no-install-recommends \
 		ca-certificates \
+# grab gosu for easy step-down from root
+		gosu \
+# Bring in tzdata so users could set the timezones through the environment
+		tzdata \
+	; \
+# verify that the "gosu" binary works
+	gosu nobody true; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get install --yes --no-install-recommends \
 		gnupg \
 		wget \
 		xz-utils \

Relevant Maintainers:

rabbitmq: @tianon @yosifkit

github-actions bot added the library/rabbitmq label Dec 13, 2022

docker-library-bot force-pushed the rabbitmq branch 3 times, most recently from 1bc534d to 10cdf0d Compare December 14, 2022 06:05

docker-library-bot force-pushed the rabbitmq branch from 10cdf0d to 11c0608 Compare December 14, 2022 12:32

yosifkit merged commit 7fe7565 into docker-library:master Dec 15, 2022

yosifkit deleted the rabbitmq branch December 15, 2022 00:20

yosifkit mentioned this pull request Dec 22, 2022

composer 2.5.0 #13773

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update rabbitmq #13728

Update rabbitmq #13728

tianon commented Dec 13, 2022 •

edited

Loading

github-actions bot commented Dec 14, 2022

Update rabbitmq #13728

Update rabbitmq #13728

Conversation

tianon commented Dec 13, 2022 • edited Loading

github-actions bot commented Dec 14, 2022

tianon commented Dec 13, 2022 •

edited

Loading