From ab2082e0f40fa0e498b094babf2411d6b0d4876b Mon Sep 17 00:00:00 2001
From: "P." <d.ol.rod@tutanota.com>
Date: Fri, 22 Aug 2025 07:12:58 -0600
Subject: [PATCH 1/3] simplerisk-minimal: adapt mysql repo to bookworm

no release for trixie at the moment
---
 simplerisk-minimal/Dockerfile             | 3 ++-
 simplerisk-minimal/generate_dockerfile.sh | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/simplerisk-minimal/Dockerfile b/simplerisk-minimal/Dockerfile
index cd99412..0648451 100644
--- a/simplerisk-minimal/Dockerfile
+++ b/simplerisk-minimal/Dockerfile
@@ -23,7 +23,8 @@ RUN mkdir -p /etc/apt/keyrings && \
     apt-get update && \
     apt-get install -y --no-install-recommends gnupg2 wget lsb-release && \
     wget -qO - https://repo.mysql.com/RPM-GPG-KEY-mysql-2023 | gpg --dearmor -o /etc/apt/keyrings/mysql.gpg && \
-    echo "deb [signed-by=/etc/apt/keyrings/mysql.gpg] http://repo.mysql.com/apt/debian/ $(lsb_release -cs) mysql-8.0" | tee /etc/apt/sources.list.d/mysql.list && \
+    # FIXME: use $(lsb_release -cs) when trixie becomes available on MySQL repos
+    echo "deb [signed-by=/etc/apt/keyrings/mysql.gpg] http://repo.mysql.com/apt/debian/ bookworm mysql-8.0" | tee /etc/apt/sources.list.d/mysql.list && \
     apt-get update && \
     apt-get -y install --no-install-recommends libldap2-dev \
                                                libicu-dev \
diff --git a/simplerisk-minimal/generate_dockerfile.sh b/simplerisk-minimal/generate_dockerfile.sh
index 089b935..448e8f0 100755
--- a/simplerisk-minimal/generate_dockerfile.sh
+++ b/simplerisk-minimal/generate_dockerfile.sh
@@ -46,7 +46,8 @@ RUN mkdir -p /etc/apt/keyrings && \\
     apt-get update && \\
     apt-get install -y --no-install-recommends gnupg2 wget lsb-release && \\
     wget -qO - $MYSQL_KEY_URL | gpg --dearmor -o /etc/apt/keyrings/mysql.gpg && \\
-    echo "deb [signed-by=/etc/apt/keyrings/mysql.gpg] http://repo.mysql.com/apt/debian/ \$(lsb_release -cs) mysql-8.0" | tee /etc/apt/sources.list.d/mysql.list && \\
+    # FIXME: use \$(lsb_release -cs) when trixie becomes available on MySQL repos
+    echo "deb [signed-by=/etc/apt/keyrings/mysql.gpg] http://repo.mysql.com/apt/debian/ bookworm mysql-8.0" | tee /etc/apt/sources.list.d/mysql.list && \\
     apt-get update && \\
     apt-get -y install --no-install-recommends libldap2-dev \\
                                                libicu-dev \\

From 80b970ca9394447c62bbb2eca145c6c6f827c98f Mon Sep 17 00:00:00 2001
From: "P." <d.ol.rod@tutanota.com>
Date: Fri, 22 Aug 2025 07:30:44 -0600
Subject: [PATCH 2/3] .dockleignore: add

---
 .dockleignore | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .dockleignore

diff --git a/.dockleignore b/.dockleignore
new file mode 100644
index 0000000..4cbb1bc
--- /dev/null
+++ b/.dockleignore
@@ -0,0 +1,2 @@
+# This is being done, yet it is still being detected
+DKL-DI-0005

From 1da9b5c4353dbebdcef93e054a2962757802fe40 Mon Sep 17 00:00:00 2001
From: "P." <d.ol.rod@tutanota.com>
Date: Fri, 22 Aug 2025 07:44:22 -0600
Subject: [PATCH 3/3] .grype.yaml: add

---
 .grype.yaml | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .grype.yaml

diff --git a/.grype.yaml b/.grype.yaml
new file mode 100644
index 0000000..1131684
--- /dev/null
+++ b/.grype.yaml
@@ -0,0 +1,2 @@
+ignore:
+  - vulnerability: CVE-2025-27558 # Not able to fix it at the moment