From 5197338ba74d67895895ea0ae67cbc40eff9085f Mon Sep 17 00:00:00 2001 From: Rodrigo Garcia Date: Fri, 7 Jun 2024 10:27:13 -0700 Subject: [PATCH 1/3] fix alpine image tag in Dockerfile to address security vulnerabilities --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ef87ba34..36a66adf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" -o bsp-agent ./cmd/bsp RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" -o bsp-extractor ./scripts/extractor.go RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" -o bsp-extractor-2 ./scripts/replica/extractor2.go # Runtime/test - second phase. -FROM alpine:3.15.7 +FROM alpine:3.20 RUN mkdir /app WORKDIR /app RUN apk update && apk add --no-cache bash=5.1.16-r0 From 873e8a2d4533a43699e52c428952c70f7502cf64 Mon Sep 17 00:00:00 2001 From: Rodrigo Garcia Date: Fri, 7 Jun 2024 10:41:33 -0700 Subject: [PATCH 2/3] use default bash version for each stable alpine tag --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 36a66adf..8860e65c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" -o bsp-extractor-2 ./s FROM alpine:3.20 RUN mkdir /app WORKDIR /app -RUN apk update && apk add --no-cache bash=5.1.16-r0 +RUN apk update && apk add --no-cache bash RUN mkdir -p bin/block-ethereum bin/block-elrond COPY --from=builder /build/bsp-agent /app COPY --from=builder /build/entry.sh /app From 61cd818c43979add09879a38ff2a2ecb5ff6ba22 Mon Sep 17 00:00:00 2001 From: Rodrigo Garcia Date: Fri, 7 Jun 2024 10:47:43 -0700 Subject: [PATCH 3/3] using alpine:3.19 instead because there is an new CVE for openssl on 3.20 without a fix --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8860e65c..aa8fe3a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" -o bsp-agent ./cmd/bsp RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" -o bsp-extractor ./scripts/extractor.go RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" -o bsp-extractor-2 ./scripts/replica/extractor2.go # Runtime/test - second phase. -FROM alpine:3.20 +FROM alpine:3.19 RUN mkdir /app WORKDIR /app RUN apk update && apk add --no-cache bash