docker: update the docker image

* Explicitly switch to buster.
* Explicitly set the golang version (and use the latest patch release).
* Explicitly set the busybox version.
* Update the maintainer

Dockerfile

@@ -1,11 +1,5 @@
-FROM golang:1.14.4-buster
-LABEL maintainer="Steven Allen <steven@stebalien.com>"
-
-# Install deps
-RUN apt-get update && apt-get install -y \
-  libssl-dev \
-  ca-certificates \
-  fuse
+FROM golang:1.12.9-buster
+MAINTAINER Steven Allen <steven@stebalien.com>
 
 ENV SRC_DIR /go-ipfs
 
@@ -16,38 +10,35 @@ RUN cd $SRC_DIR \
 
 COPY . $SRC_DIR
 
-# Preload an in-tree but disabled-by-default plugin by adding it to the IPFS_PLUGINS variable
-# e.g. docker build --build-arg IPFS_PLUGINS="foo bar baz"
-ARG IPFS_PLUGINS
-
 # Build the thing.
 # Also: fix getting HEAD commit hash via git rev-parse.
 RUN cd $SRC_DIR \
   && mkdir .git/objects \
-  && make build GOTAGS=openssl IPFS_PLUGINS=$IPFS_PLUGINS
+  && make build
 
 # Get su-exec, a very minimal tool for dropping privileges,
 # and tini, a very minimal init daemon for containers
 ENV SUEXEC_VERSION v0.2
-ENV TINI_VERSION v0.19.0
-RUN set -eux; \
-    dpkgArch="$(dpkg --print-architecture)"; \
-    case "${dpkgArch##*-}" in \
-        "amd64" | "armhf" | "arm64") tiniArch="tini-$dpkgArch" ;;\
-        *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \
-    esac; \
-  cd /tmp \
+ENV TINI_VERSION v0.16.1
+RUN set -x \
+  && cd /tmp \
   && git clone https://github.com/ncopa/su-exec.git \
   && cd su-exec \
   && git checkout -q $SUEXEC_VERSION \
   && make \
   && cd /tmp \
-  && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/$tiniArch \
+  && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini \
   && chmod +x tini
 
+# Get the TLS CA certificates, they're not provided by busybox.
+RUN apt-get update && apt-get install -y ca-certificates
+
+# Install FUSE
+RUN apt-get update && apt-get install -y fuse
+
 # Now comes the actual target image, which aims to be as small as possible.
-FROM busybox:1.31.1-glibc
-LABEL maintainer="Steven Allen <steven@stebalien.com>"
+FROM busybox:1.31.0-glibc
+MAINTAINER Steven Allen <stven@stebalien.com>
 
 # Get the ipfs binary, entrypoint script, and TLS CAs from the build container.
 ENV SRC_DIR /go-ipfs
@@ -61,20 +52,11 @@ COPY --from=0 /etc/ssl/certs /etc/ssl/certs
 # Add suid bit on fusermount so it will run properly
 RUN chmod 4755 /usr/local/bin/fusermount
 
-# Fix permissions on start_ipfs (ignore the build machine's permissions)
-RUN chmod 0755 /usr/local/bin/start_ipfs
-
 # This shared lib (part of glibc) doesn't seem to be included with busybox.
-COPY --from=0 /lib/*-linux-gnu*/libdl.so.2 /lib/
-
-# Copy over SSL libraries.
-COPY --from=0 /usr/lib/*-linux-gnu*/libssl.so* /usr/lib/
-COPY --from=0 /usr/lib/*-linux-gnu*/libcrypto.so* /usr/lib/
+COPY --from=0 /lib/x86_64-linux-gnu/libdl-2.24.so /lib/libdl.so.2
 
 # Swarm TCP; should be exposed to the public
 EXPOSE 4001
-# Swarm UDP; should be exposed to the public
-EXPOSE 4001/udp
 # Daemon API; must not be exposed publicly but to client services under you control
 EXPOSE 5001
 # Web Gateway; can be exposed publicly with a proxy, e.g. as https://ipfs.example.org
@@ -94,7 +76,7 @@ RUN mkdir /ipfs /ipns \
 
 # Expose the fs-repo as a volume.
 # start_ipfs initializes an fs-repo if none is mounted.
-# Important this happens after the USER directive so permissions are correct.
+# Important this happens after the USER directive so permission are correct.
 VOLUME $IPFS_PATH
 
 # The default logging level