bump to curl 7.83.0, bump to alpine 3.15.4, simplified scanning, expl…

…icit headers
curl · Apr 27, 2022 · 3be22d4 · 3be22d4
1 parent 69f87d7
commit 3be22d4
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 50 deletions.
diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 # set options
 #***************************************************************************
 
-export LATEST_RELEASE_VERSION=7_82_0
+export LATEST_RELEASE_VERSION=7_83_0
 export LATEST_RELEASE_TAG=curl-${LATEST_RELEASE_VERSION}
 export DOCKER_CLI_EXPERIMENTAL=enabled
 

diff --git a/alpine/latest/Dockerfile b/alpine/latest/Dockerfile
@@ -4,9 +4,9 @@
 #
 # SPDX-License-Identifier: MIT
 #
-# pinning builder image to Alpine 3.15.2
+# pinning builder image to Alpine 3.15.4
 ###############################################################
-FROM registry.hub.docker.com/library/alpine:3.15.2 AS builder
+FROM registry.hub.docker.com/library/alpine:3.15.4 AS builder
 
 ###############################################################
 # set build args
@@ -22,6 +22,8 @@ ARG LABEL_DESC=curl
 # build curl
 ###############################################################
 # install deps and use latest curl release source
+RUN apk update
+RUN apk upgrade
 RUN apk add libssh2 libssh2-dev libssh2-static \
         autoconf automake build-base                    \
         groff openssl curl-dev                          \
@@ -49,9 +51,9 @@ RUN ./buildconf && \
     make DESTDIR="/alpine/" install  -j$(nproc)
 
 ###############################################################
-# pinning image to Alpine 3.15.2
+# pinning image to Alpine 3.15.4
 ###############################################################
-FROM registry.hub.docker.com/library/alpine:3.15.2
+FROM registry.hub.docker.com/library/alpine:3.15.4
 
 ARG CURL_RELEASE_TAG=latest
 ARG CURL_RELEASE_VERSION
@@ -67,11 +69,13 @@ ENV CURL_GIT_REPO ${CURL_GIT_REPO}
 LABEL Maintainer="James Fuller <[email protected]>"
 LABEL Name="curl"
 LABEL Version="${LABEL_VERSION}"
-LABEL docker.cmd="docker run -it curl/curl:7.82.0 -s -L http://curl.se"
+LABEL docker.cmd="docker run -it curl/curl:7.83.0 -s -L http://curl.se"
 
 ###############################################################
 # dependencies
 ###############################################################
+RUN apk update
+RUN apk upgrade
 RUN apk add --no-cache brotli brotli-dev libssh2 nghttp2-dev && \
     rm -fr /var/cache/apk/*
 
@@ -89,11 +93,12 @@ ENV CURL_CA_BUNDLE="/cacert.pem"
 ###############################################################
 # install curl built from builder
 ###############################################################
-COPY --from=builder "/alpine/usr/local/lib/libcurl.so.4.7.0" "/usr/lib/"
+COPY --from=builder "/alpine/usr/local/lib/libcurl.so.4.8.0" "/usr/lib/"
 COPY --from=builder "/alpine/usr/local/bin/curl" "/usr/bin/curl"
+COPY --from=builder "/alpine/usr/local/include/curl" "/usr/include/curl"
 
 # explicitly set symlinks
-RUN ln -s /usr/lib/libcurl.so.4.7.0 /usr/lib/libcurl.so.4
+RUN ln -s /usr/lib/libcurl.so.4.8.0 /usr/lib/libcurl.so.4
 RUN ln -s /usr/lib/libcurl.so.4 /usr/lib/libcurl.so
 
 ###############################################################

diff --git a/alpine/latest/Makefile b/alpine/latest/Makefile
@@ -1,12 +1,9 @@
 build:
 	docker build ${DOCKER_BUILD_OPTS} ${DOCKER_BUILD_ARGS} -t "curl/curl:${LATEST_RELEASE_VERSION}" -f Dockerfile .
 
-buildtest:
-	docker build ${DOCKER_BUILD_OPTS} ${DOCKER_BUILD_ARGS} -t "curl/curl:scan-test" -f scanDockerfile .
-
 multibuild:
-	docker buildx build ${DOCKER_BUILD_OPTS} ${DOCKER_BUILD_ARGS} -t "curlimages/curl:7.82.0" --platform=${DOCKER_MULTI_ARCH} -f Dockerfile . --push
-	docker buildx imagetools create docker.io/curlimages/curl:7.82.0 --tag curlimages/curl:latest
+	docker buildx build ${DOCKER_BUILD_OPTS} ${DOCKER_BUILD_ARGS} -t "curlimages/curl:7.83.0" --platform=${DOCKER_MULTI_ARCH} -f Dockerfile . --push
+	docker buildx imagetools create docker.io/curlimages/curl:7.83.0 --tag curlimages/curl:latest
 
 lint:
 	docker run --rm --privileged -v ${PWD}:/root/ projectatomic/dockerfile-lint dockerfile_lint -p -f Dockerfile
@@ -16,15 +13,12 @@ test:
 	docker run --rm curl/curl:${LATEST_RELEASE_VERSION} -S http://httpbin.org/get
 
 push-registry:
-	docker tag curl/curl:${LATEST_RELEASE_VERSION} curlimages/curl:7.82.0
-	docker push curlimages/curl:7.82.0
+	docker tag curl/curl:${LATEST_RELEASE_VERSION} curlimages/curl:7.83.0
+	docker push curlimages/curl:7.83.0
 	docker tag curl/curl:${LATEST_RELEASE_VERSION} curlimages/curl:latest
 	docker push curlimages/curl:latest
 
 scan: buildtest
-	docker run --rm -it curl/curl:scan-test rkhunter --update -c -sk || true
-	docker run --rm -it curl/curl:scan-test clamscan -r -i --exclude-dir=^/sys || true
-	docker run --rm -it curl/curl:scan-test lynis audit system
 	docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/root/.cache/ aquasec/trivy curl/curl:${LATEST_RELEASE_VERSION}
 	curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin && grype curl/curl:${LATEST_RELEASE_VERSION}
 

diff --git a/alpine/latest/scanDockerfile b/alpine/latest/scanDockerfile
diff --git a/alpine/latest/test-container.yml b/alpine/latest/test-container.yml
@@ -20,7 +20,7 @@ fileExistenceTests:
   shouldExist: true
   isExecutableBy: 'owner'
 - name: 'built_curl_library'
-  path: '/usr/lib/libcurl.so.4.7.0'
+  path: '/usr/lib/libcurl.so.4.8.0'
   shouldExist: true
 - name: 'built_curl_library_ls1'
   path: '/usr/lib/libcurl.so.4'