From b8115af595a09c78326a4e1b13066eb359a30f64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Such=C3=A1nek?= Date: Mon, 8 Jan 2024 09:17:12 +0100 Subject: [PATCH] WIP: Fix security audit --- 3.11-basic/Dockerfile | 8 ++------ 3.11-docworker/Dockerfile | 12 ++---------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/3.11-basic/Dockerfile b/3.11-basic/Dockerfile index 433717f..7ba5217 100644 --- a/3.11-basic/Dockerfile +++ b/3.11-basic/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18.5 +FROM alpine:3.19.0 ARG TARGETARCH @@ -17,11 +17,7 @@ ENV PIP_NO_COMPILE=1 \ RUN chmod +x /bin/clean \ && mkdir "$PIP_CACHE_DIR" && chmod a+rwx "$PIP_CACHE_DIR" \ - && apk add python3 python3-dev libffi-dev libpq-dev openssl-dev \ - && apk add sqlite-libs --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ - && ln -s /usr/bin/pip3 /usr/bin/pip \ - && python3 -m ensurepip --upgrade \ - && pip install -U pip setuptools wheel \ + && apk add python3 python3-dev py3-wheel py3-setuptools py3-pip libffi-dev libpq-dev openssl-dev \ && addgroup -g 10001 user \ && adduser -u 10000 -S -s /bin/sh -G user user \ && echo "user:password" | chpasswd 2>/dev/null \ diff --git a/3.11-docworker/Dockerfile b/3.11-docworker/Dockerfile index 93e0ed7..c45311b 100644 --- a/3.11-docworker/Dockerfile +++ b/3.11-docworker/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18.5 +FROM alpine:3.19.0 ARG TARGETARCH @@ -16,8 +16,7 @@ ENV PIP_NO_COMPILE=1 \ RUN chmod +x /bin/clean \ && mkdir "$PIP_CACHE_DIR" && chmod a+rwx "$PIP_CACHE_DIR" \ - && apk add sqlite-libs --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ - && apk add -u python3 python3-dev libpq-dev libffi-dev openssl-dev gettext \ + && apk add -u python3 python3-dev py3-wheel py3-setuptools py3-pip libpq-dev libffi-dev openssl-dev gettext \ && apk add -u cairo cairo-gobject pango gdk-pixbuf py3-brotli py3-lxml py3-cffi py3-pillow msttcorefonts-installer fontconfig zopfli \ && apk add -u lua lua-dev lua-penlight zip \ && apk add -u libstdc++ libx11 libxrender libxext libssl1.1 ca-certificates dbus fontconfig freetype ttf-dejavu ttf-droid ttf-freefont ttf-liberation font-noto-emoji \ @@ -26,9 +25,6 @@ RUN chmod +x /bin/clean \ && wget -O /bin/wait-for https://raw.githubusercontent.com/eficode/wait-for/v2.2.3/wait-for && chmod a+x /bin/wait-for \ && update-ms-fonts \ && fc-cache -f \ - && ln -s /usr/bin/pip3 /usr/bin/pip \ - && python3 -m ensurepip --upgrade \ - && pip install -U pip setuptools wheel \ && addgroup -g 10001 user \ && adduser -u 10000 -S -s /bin/sh -G user user \ && echo "user:password" | chpasswd 2>/dev/null \ @@ -65,7 +61,3 @@ RUN mkdir -p /pandoc/filters \ && wget -O /pandoc/filters/logging.lua https://raw.githubusercontent.com/wlupton/pandoc-lua-logging/main/logging.lua \ && chown -R user:user /pandoc \ && clean - -# WeasyPrint -RUN pip install weasyprint==60.1 \ - && clean