-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(Cr-24805 security): updated ubuntu, git-lfs, busybox (#83)
* updated ubuntu, git-lfs, busybox -------- Co-authored-by: Vitalii Chyrka <[email protected]>
- Loading branch information
1 parent
959ccea
commit 7b55244
Showing
3 changed files
with
10 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| .idea/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,35 +1,26 @@ | ||
| #moving to ubuntu instead of debian to solve high vulnerabilities | ||
| FROM ubuntu:jammy-20240212 | ||
| FROM ubuntu:noble-20240605 | ||
|
|
||
| RUN apt-get update && \ | ||
| apt-get install -y curl bash openssl git && \ | ||
| apt-get clean | ||
|
|
||
| # git-lfs v3.4.0 - last available at the 23.10.2023 and it contains bug. Don't update to the version 3.4.0 !!! | ||
| # https://codefresh-io.atlassian.net/browse/CR-20633 | ||
| # Next preferred version must be >=3.4.1 and should be tested | ||
| RUN apt-get install git-lfs=3.0.2-1 && \ | ||
| git lfs install | ||
| RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \ | ||
| apt-get install git-lfs=3.5.1 && \ | ||
| git lfs install | ||
|
|
||
| #installing busybox | ||
| ARG BUSYBOX_VERSION=1.31.0 | ||
| ARG BUSYBOX_VERSION=1:1.36.1-6ubuntu3 | ||
|
|
||
| RUN curl -sL https://busybox.net/downloads/binaries/${BUSYBOX_VERSION}-defconfig-multiarch-musl/busybox-x86_64 -o busybox && \ | ||
| ls -l busybox && \ | ||
| chmod +x busybox && \ | ||
| mv busybox /usr/bin/ && \ | ||
| ls /usr/bin/busybox && \ | ||
| busybox | head -n 1 | ||
|
|
||
|
|
||
| RUN ln -s /bin/busybox /usr/bin/[[ | ||
| RUN apt-get install busybox=${BUSYBOX_VERSION} && \ | ||
| ln -s /bin/busybox /usr/bin/[[ | ||
|
|
||
| COPY ./start.sh /run/start.sh | ||
| RUN chmod +x /run/start.sh | ||
|
|
||
| # USER nodeuser | ||
| RUN addgroup --gid 3000 nodegroup \ | ||
| && adduser --uid 3000 --home /home/nodeuser --ingroup nodegroup --shell /bin/sh --gecos "" --disabled-password nodeuser | ||
| && adduser --uid 3000 --home /home/nodeuser --ingroup nodegroup --shell /bin/sh --gecos "" --disabled-password nodeuser | ||
| USER nodeuser | ||
|
|
||
| CMD ["/run/start.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| version: 10.1.27 | ||
| version: 10.1.28 |