From ca151e86ac2b40b34abdd601ac47eff0d4b8043e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Mar 2025 18:27:44 +0100 Subject: [PATCH 1/3] watchtower: install from github repo to fix some security issues Signed-off-by: Simon L. --- Containers/watchtower/Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 8bd5da34..a6940d40 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,14 +1,18 @@ # syntax=docker/dockerfile:latest -# From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained -FROM containrrr/watchtower:1.7.1 AS watchtower +FROM golang:1.24.1-alpine3.21 AS go + +RUN set -ex; \ + apk add --no-cache \ + build-base; \ + go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b; FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache bash + apk add --no-cache bash ca-certificates tzdata -COPY --from=watchtower /watchtower /watchtower +COPY --from=go /go/bin/watchtower /usr/local/bin/watchtower COPY --chmod=775 start.sh /start.sh From c5a9da8bb37c131cbbd2d71529345c7fc3123663 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Mar 2025 18:39:32 +0100 Subject: [PATCH 2/3] run apk upgrade everywhere Signed-off-by: Simon L. --- Containers/imaginary/Dockerfile | 3 ++- Containers/talk/Dockerfile | 1 + Containers/watchtower/Dockerfile | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 9d2fd11d..cb6dbbe5 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,9 +1,10 @@ # syntax=docker/dockerfile:latest FROM golang:1.24.1-alpine3.21 AS go -ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 +ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 RUN set -ex; \ + apk upgrade --no-cache -a; \ apk add --no-cache \ vips-dev \ vips-magick \ diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 915b4789..00d2153f 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -7,6 +7,7 @@ FROM alpine:3.21.3 AS janus ARG JANUS_VERSION=v1.3.1 WORKDIR /src RUN set -ex; \ + apk upgrade --no-cache -a; \ apk add --no-cache \ ca-certificates \ git \ diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index a6940d40..aad4f935 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -2,6 +2,7 @@ FROM golang:1.24.1-alpine3.21 AS go RUN set -ex; \ + apk upgrade --no-cache -a; \ apk add --no-cache \ build-base; \ go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b; From 631253ef71c7353586f79378b1fd116f0f4b1e68 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 11:03:43 +0200 Subject: [PATCH 3/3] fix detail Signed-off-by: Simon L. --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index aad4f935..1b83fe17 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -13,7 +13,7 @@ RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache bash ca-certificates tzdata -COPY --from=go /go/bin/watchtower /usr/local/bin/watchtower +COPY --from=go /go/bin/watchtower /watchtower COPY --chmod=775 start.sh /start.sh