From 3df642ae30a574d3cbd783dbaffe845e60c1f8f6 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Wed, 3 Jul 2024 15:12:36 -0700 Subject: [PATCH] SYS-622 image tweaks and updates - haproxy-keepalived, postfix-python, samba-dc (#162) --- .image-gitlab-ci.yml | 2 +- images/haproxy-keepalived/Dockerfile | 2 +- images/haproxy-keepalived/helm/Chart.yaml | 4 ++-- images/postfix-python/Dockerfile | 8 ++++---- images/samba-dc/Dockerfile | 2 +- images/samba-dc/entrypoint.sh | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.image-gitlab-ci.yml b/.image-gitlab-ci.yml index e63c0a70..4123d9e0 100644 --- a/.image-gitlab-ci.yml +++ b/.image-gitlab-ci.yml @@ -59,7 +59,7 @@ security_scan_trivy: --exit-code 0 --format table --output medium-vulns.txt - cat medium-vulns.txt - echo CVE-2023-2253 > .trivyignore - - trivy image "${REGISTRY}/${IMAGE}:${TAG}" || echo Vulnerabilities Found + - trivy image "${REGISTRY}/${IMAGE}:${TAG}" cache: paths: [ .trivycache ] interruptible: true diff --git a/images/haproxy-keepalived/Dockerfile b/images/haproxy-keepalived/Dockerfile index 0106c898..686c8a12 100644 --- a/images/haproxy-keepalived/Dockerfile +++ b/images/haproxy-keepalived/Dockerfile @@ -1,4 +1,4 @@ -FROM haproxy:2.8.3-alpine +FROM haproxy:3.0.2-alpine MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF diff --git a/images/haproxy-keepalived/helm/Chart.yaml b/images/haproxy-keepalived/helm/Chart.yaml index 079c2819..92a1e6ac 100644 --- a/images/haproxy-keepalived/helm/Chart.yaml +++ b/images/haproxy-keepalived/helm/Chart.yaml @@ -7,8 +7,8 @@ sources: - https://github.com/haproxy/haproxy - https://github.com/acassen/keepalived type: application -version: 0.1.14 -appVersion: "2.8.3-alpine-2.2.8-r0" +version: 0.1.15 +appVersion: "3.0.2-alpine-2.2.8-r0" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/postfix-python/Dockerfile b/images/postfix-python/Dockerfile index 41ae94ff..d5ebe7f7 100644 --- a/images/postfix-python/Dockerfile +++ b/images/postfix-python/Dockerfile @@ -19,9 +19,9 @@ ENV BLACKLIST_USER_SECRET=mysql-blacklist-user \ INBOUND_RELAY="by mail.mydomain.com" \ SPAMLIMIT=12 \ SPAMC_HOST=spamassassin -ARG GETPIP_SHA=311afebb7cdd310eb3a3a6bb6fffef53d84493db98c7cebf4008a18d3418c8be -ARG GETPIP_URI=https://bootstrap.pypa.io/pip/3.5/get-pip.py -ARG PYTHON_PIP_VERSION=24.1.1 +ARG GETPIP_SHA=55e89e425e98f7c7fdb68174852cc1302cfc16a3b9f1a105b14621711c5b6e64 +ARG GETPIP_URI=https://bootstrap.pypa.io/pip/3.7/get-pip.py +ARG PYTHON_PIP_VERSION=24.0 COPY requirements.txt /root/ COPY src/ /usr/local/bin/ @@ -32,7 +32,7 @@ RUN apk add --no-cache --update \ wget -q -O get-pip.py $GETPIP_URI && \ echo "$GETPIP_SHA get-pip.py" | sha256sum -c && \ python3 get-pip.py --disable-pip-version-check --no-cache-dir \ - pip==$PYTHON_PIP_VERSION && \ + pip==$PYTHON_PIP_VERSION --break-system-packages && \ apk add --no-cache --virtual .fetch-deps \ gcc git freetype-dev jpeg-dev musl-dev zlib-dev && \ pip install -r /root/requirements.txt --break-system-packages && \ diff --git a/images/samba-dc/Dockerfile b/images/samba-dc/Dockerfile index 654afdc2..3f9ed515 100644 --- a/images/samba-dc/Dockerfile +++ b/images/samba-dc/Dockerfile @@ -30,7 +30,7 @@ COPY *.conf.j2 /root/ COPY entrypoint.sh /usr/local/bin/ RUN apk add --update --no-cache krb5 ldb-tools samba-dc=$SAMBA_VERSION samba-winbind-clients=$SAMBA_VERSION tdb \ bind bind-libs bind-tools libcrypto3 libxml2 tzdata py3-setuptools py3-pip && \ - pip install j2cli --break-system-packages && \ + pip install jinjanator --break-system-packages && \ apk del py3-pip && \ chmod 0755 /usr/local/bin/entrypoint.sh diff --git a/images/samba-dc/entrypoint.sh b/images/samba-dc/entrypoint.sh index ff394b0f..c771c99b 100755 --- a/images/samba-dc/entrypoint.sh +++ b/images/samba-dc/entrypoint.sh @@ -45,7 +45,7 @@ fi mkdir -p -m 700 /etc/samba/conf.d for file in /etc/samba/smb.conf /etc/samba/conf.d/netlogon.conf \ /etc/samba/conf.d/sysvol.conf; do - j2 /root/$(basename $file).j2 -o $file + jinjanate /root/$(basename $file).j2 -o $file done for file in $(ls -A /etc/samba/conf.d/*.conf); do echo "include = $file" >> /etc/samba/smb.conf