diff --git a/.image-gitlab-ci.yml b/.image-gitlab-ci.yml index e63c0a7..4123d9e 100644 --- a/.image-gitlab-ci.yml +++ b/.image-gitlab-ci.yml @@ -59,7 +59,7 @@ security_scan_trivy: --exit-code 0 --format table --output medium-vulns.txt - cat medium-vulns.txt - echo CVE-2023-2253 > .trivyignore - - trivy image "${REGISTRY}/${IMAGE}:${TAG}" || echo Vulnerabilities Found + - trivy image "${REGISTRY}/${IMAGE}:${TAG}" cache: paths: [ .trivycache ] interruptible: true diff --git a/images/haproxy-keepalived/Dockerfile b/images/haproxy-keepalived/Dockerfile index 0106c89..686c8a1 100644 --- a/images/haproxy-keepalived/Dockerfile +++ b/images/haproxy-keepalived/Dockerfile @@ -1,4 +1,4 @@ -FROM haproxy:2.8.3-alpine +FROM haproxy:3.0.2-alpine MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF diff --git a/images/haproxy-keepalived/helm/Chart.yaml b/images/haproxy-keepalived/helm/Chart.yaml index 079c281..92a1e6a 100644 --- a/images/haproxy-keepalived/helm/Chart.yaml +++ b/images/haproxy-keepalived/helm/Chart.yaml @@ -7,8 +7,8 @@ sources: - https://github.com/haproxy/haproxy - https://github.com/acassen/keepalived type: application -version: 0.1.14 -appVersion: "2.8.3-alpine-2.2.8-r0" +version: 0.1.15 +appVersion: "3.0.2-alpine-2.2.8-r0" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/postfix-python/Dockerfile b/images/postfix-python/Dockerfile index 41ae94f..d5ebe7f 100644 --- a/images/postfix-python/Dockerfile +++ b/images/postfix-python/Dockerfile @@ -19,9 +19,9 @@ ENV BLACKLIST_USER_SECRET=mysql-blacklist-user \ INBOUND_RELAY="by mail.mydomain.com" \ SPAMLIMIT=12 \ SPAMC_HOST=spamassassin -ARG GETPIP_SHA=311afebb7cdd310eb3a3a6bb6fffef53d84493db98c7cebf4008a18d3418c8be -ARG GETPIP_URI=https://bootstrap.pypa.io/pip/3.5/get-pip.py -ARG PYTHON_PIP_VERSION=24.1.1 +ARG GETPIP_SHA=55e89e425e98f7c7fdb68174852cc1302cfc16a3b9f1a105b14621711c5b6e64 +ARG GETPIP_URI=https://bootstrap.pypa.io/pip/3.7/get-pip.py +ARG PYTHON_PIP_VERSION=24.0 COPY requirements.txt /root/ COPY src/ /usr/local/bin/ @@ -32,7 +32,7 @@ RUN apk add --no-cache --update \ wget -q -O get-pip.py $GETPIP_URI && \ echo "$GETPIP_SHA get-pip.py" | sha256sum -c && \ python3 get-pip.py --disable-pip-version-check --no-cache-dir \ - pip==$PYTHON_PIP_VERSION && \ + pip==$PYTHON_PIP_VERSION --break-system-packages && \ apk add --no-cache --virtual .fetch-deps \ gcc git freetype-dev jpeg-dev musl-dev zlib-dev && \ pip install -r /root/requirements.txt --break-system-packages && \ diff --git a/images/samba-dc/Dockerfile b/images/samba-dc/Dockerfile index 654afdc..3f9ed51 100644 --- a/images/samba-dc/Dockerfile +++ b/images/samba-dc/Dockerfile @@ -30,7 +30,7 @@ COPY *.conf.j2 /root/ COPY entrypoint.sh /usr/local/bin/ RUN apk add --update --no-cache krb5 ldb-tools samba-dc=$SAMBA_VERSION samba-winbind-clients=$SAMBA_VERSION tdb \ bind bind-libs bind-tools libcrypto3 libxml2 tzdata py3-setuptools py3-pip && \ - pip install j2cli --break-system-packages && \ + pip install jinjanator --break-system-packages && \ apk del py3-pip && \ chmod 0755 /usr/local/bin/entrypoint.sh diff --git a/images/samba-dc/entrypoint.sh b/images/samba-dc/entrypoint.sh index ff394b0..c771c99 100755 --- a/images/samba-dc/entrypoint.sh +++ b/images/samba-dc/entrypoint.sh @@ -45,7 +45,7 @@ fi mkdir -p -m 700 /etc/samba/conf.d for file in /etc/samba/smb.conf /etc/samba/conf.d/netlogon.conf \ /etc/samba/conf.d/sysvol.conf; do - j2 /root/$(basename $file).j2 -o $file + jinjanate /root/$(basename $file).j2 -o $file done for file in $(ls -A /etc/samba/conf.d/*.conf); do echo "include = $file" >> /etc/samba/smb.conf