joakimp/opencode-devbox
Public Access
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CVEs: install git-lfs from GitHub (Go 1.25), document Go versions for gosu/fzf
Publish Docker Image / build-and-push (push) Successful in 28m34s
Details

Browse Source
This commit is contained in:
Joakim Persson
2026-04-10 23:30:14 +02:00
parent 9c8a2c0169
commit 973e727acb
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+13 -3
View File
@@ -20,7 +20,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
curl \
wget \
git \
git-lfs \
openssh-client \
gnupg \
jq \
@@ -36,19 +35,30 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
&& ln -s /usr/bin/fdfind /usr/local/bin/fd \
&& rm -rf /var/lib/apt/lists/*
# ── gosu (install from GitHub to avoid CVEs in Debian's old Go-compiled package)
# ── Go-compiled tools (install from GitHub to avoid CVEs in Debian's old Go builds)
# gosu — privilege de-escalation (built with Go 1.24.6)
ARG GOSU_VERSION=1.19
RUN ARCH=$(case "${TARGETARCH}" in amd64) echo "amd64" ;; arm64) echo "arm64" ;; *) echo "amd64" ;; esac) && \
curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${ARCH}" -o /usr/local/bin/gosu && \
chmod +x /usr/local/bin/gosu && \
gosu --version
# ── fzf (install from GitHub to avoid CVEs in Debian's old Go-compiled package)
# fzf — fuzzy finder (built with Go 1.23.12)
ARG FZF_VERSION=0.71.0
RUN ARCH=$(case "${TARGETARCH}" in amd64) echo "amd64" ;; arm64) echo "arm64" ;; *) echo "amd64" ;; esac) && \
curl -fsSL "https://github.com/junegunn/fzf/releases/download/v${FZF_VERSION}/fzf-${FZF_VERSION}-linux_${ARCH}.tar.gz" | tar -xz -C /usr/local/bin fzf && \
fzf --version
# git-lfs — Git Large File Storage (built with Go 1.25)
ARG GIT_LFS_VERSION=3.7.1
RUN ARCH=$(case "${TARGETARCH}" in amd64) echo "amd64" ;; arm64) echo "arm64" ;; *) echo "amd64" ;; esac) && \
curl -fsSL "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-${ARCH}-v${GIT_LFS_VERSION}.tar.gz" | tar -xz -C /tmp && \
install /tmp/git-lfs-${GIT_LFS_VERSION}/git-lfs /usr/local/bin/git-lfs && \
rm -rf /tmp/git-lfs-${GIT_LFS_VERSION} && \
git lfs install --system && \
git-lfs --version
# Set locale
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
ENV LANG=en_US.UTF-8