Fix CVEs: install gosu from GitHub release instead of Debian package (Go 1.19.8 → current)
Publish Docker Image / build-and-push (push) Successful in 28m38s
Publish Docker Image / build-and-push (push) Successful in 28m38s
This commit is contained in:
+7
-1
@@ -31,13 +31,19 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
less \
|
||||
vim-tiny \
|
||||
sudo \
|
||||
gosu \
|
||||
locales \
|
||||
procps \
|
||||
unzip \
|
||||
&& ln -s /usr/bin/fdfind /usr/local/bin/fd \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# ── gosu (install from GitHub for current Go version, avoids CVEs in Debian package)
|
||||
ARG GOSU_VERSION=1.17
|
||||
RUN ARCH=$(case "${TARGETARCH}" in amd64) echo "amd64" ;; arm64) echo "arm64" ;; *) echo "amd64" ;; esac) && \
|
||||
curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${ARCH}" -o /usr/local/bin/gosu && \
|
||||
chmod +x /usr/local/bin/gosu && \
|
||||
gosu --version
|
||||
|
||||
# Set locale
|
||||
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
|
||||
ENV LANG=en_US.UTF-8
|
||||
|
||||
Reference in New Issue
Block a user