From ddbb78bcf9b8d9aeee9e3d15c367d7f296695e8f Mon Sep 17 00:00:00 2001 From: VeronikaSolovei9 Date: Wed, 19 Mar 2025 22:04:35 -0700 Subject: [PATCH 1/3] Vulnerabilities fixes --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index c448185b..a458eada 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:20.04 AS build RUN apt-get update && \ apt-get -y upgrade && \ - apt-get install -y wget + apt-get install -y --no-install-recommends wget ca-certificates ENV GO_INSTALLER=go1.19.5.linux-amd64.tar.gz WORKDIR /tmp RUN wget https://dl.google.com/go/$GO_INSTALLER && \ @@ -12,7 +12,7 @@ ENV GOROOT=/usr/local/go ENV PATH=$GOROOT/bin:$PATH ENV GOPROXY="https://proxy.golang.org" RUN apt-get update && \ - apt-get install -y git && \ + apt-get install -y --no-install-recommends git && \ apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ENV CGO_ENABLED 0 COPY ./ ./ @@ -26,15 +26,15 @@ FROM ubuntu:20.04 AS release LABEL maintainer="hans.hjort@xandr.com" RUN apt-get update && \ apt-get install --assume-yes apt-utils && \ - apt-get install -y ca-certificates && \ + apt-get install -y --no-install-recommends ca-certificates && \ apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* WORKDIR /usr/local/bin/ COPY --from=build /app/prebid-cache/prebid-cache . RUN chmod a+xr prebid-cache COPY --from=build /app/prebid-cache/config.yaml . RUN chmod a+r config.yaml -RUN adduser prebid_user -USER prebid_user +RUN addgroup --system --gid 2001 prebidgroup && adduser --system --uid 1001 --ingroup prebidgroup prebid +USER prebid EXPOSE 2424 EXPOSE 2525 ENTRYPOINT ["/usr/local/bin/prebid-cache"] From f98fc2b02b1207e9fa45cb711aa6be963960fdfd Mon Sep 17 00:00:00 2001 From: VeronikaSolovei9 Date: Tue, 25 Mar 2025 13:35:14 -0700 Subject: [PATCH 2/3] Vulnerabilities fixes --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a458eada..96972810 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,7 +25,6 @@ RUN go build -mod=vendor -ldflags "-X github.com/prebid/prebid-cache/version.Ver FROM ubuntu:20.04 AS release LABEL maintainer="hans.hjort@xandr.com" RUN apt-get update && \ - apt-get install --assume-yes apt-utils && \ apt-get install -y --no-install-recommends ca-certificates && \ apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* WORKDIR /usr/local/bin/ From fe7cf500315fe7d784f03484926476941952d547 Mon Sep 17 00:00:00 2001 From: VeronikaSolovei9 Date: Wed, 26 Mar 2025 14:27:08 -0700 Subject: [PATCH 3/3] Updated Ubuntu to 22.04 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 96972810..192acfc0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:20.04 AS build +FROM ubuntu:22.04 AS build RUN apt-get update && \ apt-get -y upgrade && \ apt-get install -y --no-install-recommends wget ca-certificates @@ -22,7 +22,7 @@ ARG TEST="true" RUN if [ "$TEST" != "false" ]; then ./validate.sh ; fi RUN go build -mod=vendor -ldflags "-X github.com/prebid/prebid-cache/version.Ver=`git describe --tags` -X github.com/prebid/prebid-cache/version.Rev=`git rev-parse HEAD`" . -FROM ubuntu:20.04 AS release +FROM ubuntu:22.04 AS release LABEL maintainer="hans.hjort@xandr.com" RUN apt-get update && \ apt-get install -y --no-install-recommends ca-certificates && \