Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update Dockerfiles to use new base images and remove CVE references

Browse source
This commit is contained in:
Théophile Diot 2025-01-10 11:41:08 +01:00
parent 30a0efb7f9
commit 43b905fee2
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
4 changed files with 12 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/autoconf/Dockerfile
View file

@ -1,4 +1,4 @@
FROM python:3.13-alpine@sha256:657dbdb20479a6523b46c06114c8fec7db448232f956a429d3cc0606d30c1b59 AS builder
FROM python:3.13-alpine@sha256:b6f01a01e34091438a29b6dda4664199e34731fb2581ebb6fe255a2ebf441099 AS builder
# Export var for specific actions on linux/arm/v7
ARG TARGETPLATFORM
@ -33,7 +33,7 @@ COPY src/common/utils utils
COPY src/autoconf autoconf
COPY src/VERSION VERSION
FROM python:3.13-alpine@sha256:657dbdb20479a6523b46c06114c8fec7db448232f956a429d3cc0606d30c1b59
FROM python:3.13-alpine@sha256:b6f01a01e34091438a29b6dda4664199e34731fb2581ebb6fe255a2ebf441099
# Set default umask to prevent huge recursive chmod increasing the final image size
RUN umask 027
@ -44,7 +44,7 @@ RUN apk add --no-cache bash tzdata && \
adduser -h /var/cache/autoconf -g autoconf -s /bin/sh -G autoconf -D -H -u 101 autoconf
# Fix CVEs
RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" # CVE-2024-9143
# There are no CVEs for the following packages
# Copy dependencies
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb

6
src/bw/Dockerfile
View file

@ -1,4 +1,4 @@
FROM nginx:1.26.2-alpine-slim@sha256:6a3378d408c49073bdbb0243219db1072f338b979b58660577a744044515f9f7 AS builder
FROM nginx:1.26.2-alpine-slim@sha256:1d541dc68a99c4da7923e88b8e184f85034804a1ff59ee838a81d83c319267d8 AS builder
# Install temporary requirements for the dependencies
RUN apk add --no-cache bash autoconf libtool automake geoip-dev g++ gcc curl-dev libxml2-dev pcre-dev make linux-headers musl-dev gd-dev gnupg brotli-dev openssl-dev patch readline-dev yajl yajl-dev yajl-tools py3-pip
@ -42,7 +42,7 @@ COPY src/common/utils utils
COPY src/VERSION VERSION
COPY misc/*.ascii misc/
FROM nginx:1.26.2-alpine-slim@sha256:6a3378d408c49073bdbb0243219db1072f338b979b58660577a744044515f9f7
FROM nginx:1.26.2-alpine-slim@sha256:1d541dc68a99c4da7923e88b8e184f85034804a1ff59ee838a81d83c319267d8
# Set default umask to prevent huge recursive chmod increasing the final image size
RUN umask 027
@ -51,7 +51,7 @@ RUN umask 027
RUN apk add --no-cache openssl pcre bash python3 yajl geoip libxml2 libgd curl tzdata
# Fix CVEs
RUN apk add --no-cache "curl>=8.11.0-r0" "libcurl>=8.11.0-r0" # CVE-2024-9681
# There are no CVEs for the following packages
# Copy dependencies
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb

6
src/scheduler/Dockerfile
View file

@ -1,4 +1,4 @@
FROM python:3.13-alpine@sha256:657dbdb20479a6523b46c06114c8fec7db448232f956a429d3cc0606d30c1b59 AS builder
FROM python:3.13-alpine@sha256:b6f01a01e34091438a29b6dda4664199e34731fb2581ebb6fe255a2ebf441099 AS builder
# Export var for specific actions on linux/arm/v7
ARG TARGETPLATFORM
@ -35,7 +35,7 @@ COPY src/common/utils utils
COPY src/scheduler scheduler
COPY src/VERSION VERSION
FROM python:3.13-alpine@sha256:657dbdb20479a6523b46c06114c8fec7db448232f956a429d3cc0606d30c1b59
FROM python:3.13-alpine@sha256:b6f01a01e34091438a29b6dda4664199e34731fb2581ebb6fe255a2ebf441099
# Set default umask to prevent huge recursive chmod increasing the final image size
RUN umask 027
@ -46,7 +46,7 @@ RUN apk add --no-cache bash unzip libgcc libstdc++ libpq openssl libmagic mariad
adduser -h /var/cache/nginx -g scheduler -s /bin/sh -G scheduler -D -H -u 101 scheduler
# Fix CVEs
RUN apk add --no-cache "libpq>=16.5-r0" "postgresql16-client>=16.5-r0" # CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979
# There are no CVEs for the following packages
# Cleanup
RUN rm -rf /var/cache/apk/*

7
src/ui/Dockerfile
View file

@ -1,4 +1,4 @@
FROM python:3.13-alpine@sha256:657dbdb20479a6523b46c06114c8fec7db448232f956a429d3cc0606d30c1b59 AS builder
FROM python:3.13-alpine@sha256:b6f01a01e34091438a29b6dda4664199e34731fb2581ebb6fe255a2ebf441099 AS builder
# Export var for specific actions on linux/arm/v7
ARG TARGETPLATFORM
@ -35,7 +35,7 @@ COPY src/common/helpers helpers
COPY src/VERSION VERSION
COPY src/ui ui
FROM python:3.13-alpine@sha256:657dbdb20479a6523b46c06114c8fec7db448232f956a429d3cc0606d30c1b59
FROM python:3.13-alpine@sha256:b6f01a01e34091438a29b6dda4664199e34731fb2581ebb6fe255a2ebf441099
# Set default umask to prevent huge recursive chmod increasing the final image size
RUN umask 027
@ -52,8 +52,7 @@ RUN apk add --no-cache bash unzip libmagic mariadb-connector-c mariadb-client po
adduser -h /var/cache/nginx -g ui -s /bin/bash -G ui -D -H -u 101 ui
# Fix CVEs
RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" # CVE-2024-9143
RUN apk add --no-cache "libpq>=16.5-r0" "postgresql16-client>=16.5-r0" # CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979
# There are no CVEs for the following packages
# Copy dependencies
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb