Fix CVEs: install gosu from GitHub release instead of Debian package (Go 1.19.8 → current)
Publish Docker Image / build-and-push (push) Successful in 28m38s
Publish Docker Image / build-and-push (push) Successful in 28m38s
This commit is contained in:
+7
-1
@@ -31,13 +31,19 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
|||||||
less \
|
less \
|
||||||
vim-tiny \
|
vim-tiny \
|
||||||
sudo \
|
sudo \
|
||||||
gosu \
|
|
||||||
locales \
|
locales \
|
||||||
procps \
|
procps \
|
||||||
unzip \
|
unzip \
|
||||||
&& ln -s /usr/bin/fdfind /usr/local/bin/fd \
|
&& ln -s /usr/bin/fdfind /usr/local/bin/fd \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# ── gosu (install from GitHub for current Go version, avoids CVEs in Debian package)
|
||||||
|
ARG GOSU_VERSION=1.17
|
||||||
|
RUN ARCH=$(case "${TARGETARCH}" in amd64) echo "amd64" ;; arm64) echo "arm64" ;; *) echo "amd64" ;; esac) && \
|
||||||
|
curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${ARCH}" -o /usr/local/bin/gosu && \
|
||||||
|
chmod +x /usr/local/bin/gosu && \
|
||||||
|
gosu --version
|
||||||
|
|
||||||
# Set locale
|
# Set locale
|
||||||
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
|
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
|
||||||
ENV LANG=en_US.UTF-8
|
ENV LANG=en_US.UTF-8
|
||||||
|
|||||||
Reference in New Issue
Block a user