From 1343a923cea0a7fba10294bcf46e750cec13aafe Mon Sep 17 00:00:00 2001 From: Patrick Stephens Date: Wed, 5 Jun 2024 16:13:47 +0100 Subject: [PATCH 1/5] dockerfile: update to bookworm base image Signed-off-by: Patrick Stephens --- dockerfiles/Dockerfile | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/dockerfiles/Dockerfile b/dockerfiles/Dockerfile index 367b460fbf5..0e011580a27 100644 --- a/dockerfiles/Dockerfile +++ b/dockerfiles/Dockerfile @@ -17,7 +17,7 @@ ARG RELEASE_VERSION=3.0.7 FROM multiarch/qemu-user-static:x86_64-arm as qemu-arm32 FROM multiarch/qemu-user-static:x86_64-aarch64 as qemu-arm64 -FROM debian:bullseye-slim as builder-base +FROM debian:bookworm-slim as builder-base COPY --from=qemu-arm32 /usr/bin/qemu-arm-static /usr/bin/ COPY --from=qemu-arm64 /usr/bin/qemu-aarch64-static /usr/bin/ @@ -33,7 +33,7 @@ RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log ENV DEBIAN_FRONTEND noninteractive # hadolint ignore=DL3008 -RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list && \ +RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/sources.list && \ apt-get update && \ apt-get install -y --no-install-recommends \ build-essential \ @@ -46,7 +46,7 @@ RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/ libssl-dev \ libsasl2-dev \ pkg-config \ - libsystemd-dev/bullseye-backports \ + libsystemd-dev/bookworm-backports \ zlib1g-dev \ libpq-dev \ postgresql-server-dev-all \ @@ -97,7 +97,7 @@ RUN /fluent-bit/bin/fluent-bit -J > /fluent-bit/etc/schema.json # Simple example of how to properly extract packages for reuse in distroless # Taken from: https://github.com/GoogleContainerTools/distroless/issues/863 -FROM debian:bullseye-slim as deb-extractor +FROM debian:bookworm-slim as deb-extractor COPY --from=qemu-arm32 /usr/bin/qemu-arm-static /usr/bin/ COPY --from=qemu-arm64 /usr/bin/qemu-aarch64-static /usr/bin/ @@ -105,14 +105,14 @@ COPY --from=qemu-arm64 /usr/bin/qemu-aarch64-static /usr/bin/ # We also include some extra handling for the status files that some tooling uses for scanning, etc. WORKDIR /tmp SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list && \ +RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/sources.list && \ apt-get update && \ apt-get download \ libssl1.1 \ libsasl2-2 \ pkg-config \ libpq5 \ - libsystemd0/bullseye-backports \ + libsystemd0/bookworm-backports \ zlib1g \ ca-certificates \ libatomic1 \ @@ -152,7 +152,7 @@ RUN find /dpkg/ -type d -empty -delete && \ # We want latest at time of build # hadolint ignore=DL3006 -FROM gcr.io/distroless/cc-debian11 as production +FROM gcr.io/distroless/cc-debian12 as production ARG RELEASE_VERSION ENV FLUENT_BIT_VERSION=${RELEASE_VERSION} LABEL description="Fluent Bit multi-architecture container image" \ @@ -183,7 +183,7 @@ EXPOSE 2020 ENTRYPOINT [ "/fluent-bit/bin/fluent-bit" ] CMD ["/fluent-bit/bin/fluent-bit", "-c", "/fluent-bit/etc/fluent-bit.conf"] -FROM debian:bullseye-slim as debug +FROM debian:bookworm-slim as debug ARG RELEASE_VERSION ENV FLUENT_BIT_VERSION=${RELEASE_VERSION} LABEL description="Fluent Bit multi-architecture debug container image" \ @@ -204,14 +204,14 @@ COPY --from=qemu-arm64 /usr/bin/qemu-aarch64-static /usr/bin/ ENV DEBIAN_FRONTEND noninteractive # hadolint ignore=DL3008 -RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list && \ +RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/sources.list && \ apt-get update && \ apt-get install -y --no-install-recommends \ libssl1.1 \ libsasl2-2 \ pkg-config \ libpq5 \ - libsystemd0/bullseye-backports \ + libsystemd0/bookworm-backports \ zlib1g \ ca-certificates \ libatomic1 \ @@ -225,7 +225,7 @@ RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/ openssl \ htop atop strace iotop sysstat ncdu logrotate hdparm pciutils psmisc tree pv \ cmake make tar flex bison \ - libssl-dev libsasl2-dev libsystemd-dev/bullseye-backports zlib1g-dev libpq-dev libyaml-dev postgresql-server-dev-all \ + libssl-dev libsasl2-dev libsystemd-dev/bookworm-backports zlib1g-dev libpq-dev libyaml-dev postgresql-server-dev-all \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* From 58e65060aced680ed2a7bc23f2de0023dbab4dd9 Mon Sep 17 00:00:00 2001 From: Patrick Stephens Date: Wed, 5 Jun 2024 16:17:05 +0100 Subject: [PATCH 2/5] dockerfile: switch to libssl3 Signed-off-by: Patrick Stephens --- dockerfiles/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dockerfiles/Dockerfile b/dockerfiles/Dockerfile index 0e011580a27..a1dfab612db 100644 --- a/dockerfiles/Dockerfile +++ b/dockerfiles/Dockerfile @@ -108,7 +108,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/sources.list && \ apt-get update && \ apt-get download \ - libssl1.1 \ + libssl3 \ libsasl2-2 \ pkg-config \ libpq5 \ @@ -207,7 +207,7 @@ ENV DEBIAN_FRONTEND noninteractive RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/sources.list && \ apt-get update && \ apt-get install -y --no-install-recommends \ - libssl1.1 \ + libssl3 \ libsasl2-2 \ pkg-config \ libpq5 \ From 3291fc77c255f90a8b5d5c64a5389236aec5d614 Mon Sep 17 00:00:00 2001 From: Patrick Stephens Date: Wed, 5 Jun 2024 16:20:45 +0100 Subject: [PATCH 3/5] dockerfile: switch to libffi8 Signed-off-by: Patrick Stephens --- dockerfiles/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dockerfiles/Dockerfile b/dockerfiles/Dockerfile index a1dfab612db..b38d28326ae 100644 --- a/dockerfiles/Dockerfile +++ b/dockerfiles/Dockerfile @@ -120,7 +120,7 @@ RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/ libzstd1 \ liblz4-1 \ libgssapi-krb5-2 \ - libldap-2.4-2 \ + libldap-2.4 \ libgpg-error0 \ libkrb5-3 \ libk5crypto3 \ @@ -135,7 +135,7 @@ RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/ libnettle8 \ libhogweed6 \ libgmp10 \ - libffi7 \ + libffi8 \ liblzma5 \ libyaml-0-2 && \ mkdir -p /dpkg/var/lib/dpkg/status.d/ && \ From 3fec01181ac4e1423e7ef25c3804b324e9e9e46d Mon Sep 17 00:00:00 2001 From: Patrick Stephens Date: Wed, 5 Jun 2024 16:27:25 +0100 Subject: [PATCH 4/5] dockerfile: add libcap2 Signed-off-by: Patrick Stephens --- dockerfiles/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dockerfiles/Dockerfile b/dockerfiles/Dockerfile index b38d28326ae..649f7b84a44 100644 --- a/dockerfiles/Dockerfile +++ b/dockerfiles/Dockerfile @@ -137,7 +137,9 @@ RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/ libgmp10 \ libffi8 \ liblzma5 \ - libyaml-0-2 && \ + libyaml-0-2 \ + libcap2 \ + && \ mkdir -p /dpkg/var/lib/dpkg/status.d/ && \ for deb in *.deb; do \ package_name=$(dpkg-deb -I "${deb}" | awk '/^ Package: .*$/ {print $2}'); \ From d578e90df69c211a506baeda135cc4b52a985cb5 Mon Sep 17 00:00:00 2001 From: Patrick Stephens Date: Wed, 5 Jun 2024 16:32:31 +0100 Subject: [PATCH 5/5] dockerfile: switch to libldap-2.5 Signed-off-by: Patrick Stephens --- dockerfiles/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerfiles/Dockerfile b/dockerfiles/Dockerfile index 649f7b84a44..4ec8cacf784 100644 --- a/dockerfiles/Dockerfile +++ b/dockerfiles/Dockerfile @@ -120,7 +120,7 @@ RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/ libzstd1 \ liblz4-1 \ libgssapi-krb5-2 \ - libldap-2.4 \ + libldap-2.5 \ libgpg-error0 \ libkrb5-3 \ libk5crypto3 \