SYS-622 alpine:20 image updates

.image-gitlab-ci.yml

@@ -58,11 +58,6 @@ security_scan_trivy:
       --exit-code 0 --format table --output medium-vulns.txt
   - cat medium-vulns.txt
   - echo CVE-2023-2253 > .trivyignore
-  - echo TODO remove these exceptions when alpine:3.20 arrives
-  - echo CVE-2024-2398 >> .trivyignore
-  - echo CVE-2024-24806 >> .trivyignore
-  - echo CVE-2024-25062 >> .trivyignore
-  - echo CVE-2024-28085 >> .trivyignore
   - trivy image "${REGISTRY}/${IMAGE}:${TAG}" || echo Vulnerabilities Found
   cache:
     paths: [ .trivycache ]

ansible/roles/docker_node/tasks/repos.yml

@@ -5,6 +5,14 @@
     filename: ubuntu
   with_items: "{{ ubuntu_repos }}"
 
+
+# TODO remove this at next k8s and ubuntu update (24.04)
+- name: Remove stale k8s repo
+  apt_repository:
+    filename: k8s
+    repo: "{{ k8s.apt_repo.repo }}"
+    state: absent
+
 - name: Docker repo key
   get_url:
     url: "{{ docker.apt_repo.url }}"

ansible/roles/kubernetes/tasks/main.yml

@@ -8,6 +8,8 @@
   apt_repository:
     filename: k8s
     repo: "{{ k8s.apt_repo.repo }}"
+    # TODO restore this at next k8s and ubuntu update (24.04)
+    state: absent
 
 - name: Install system packages
   apt:

images/data-sync/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -16,9 +16,9 @@ ENV PEERNAME= \
     SSHKEY1=data-sync-sshkey1 \
     SSHKEY2=data-sync-sshkey2
 
-ARG UNISON_VERSION=2.53.3
-ARG OCAML_VERSION=4.14.1-r3
-ARG UNISON_SHA=aaea04fc5bc76dcfe8627683c9659ee4c194d4f992cc8aaa15bbb2820fc8de46
+ARG UNISON_VERSION=2.53.5
+ARG OCAML_VERSION=4.14.2-r1
+ARG UNISON_SHA=330418ad130d93d0e13da7e7e30f9b829bd7c0e859355114bd4644c35fe08d23
 ARG RRSYNC_SHA=b745a37909fc10087cc9c901ad7dfda8ad8b6b493097b156b68ba33db4a5a52f
 
 COPY src/ /root/src/

images/data-sync/helm/Chart.yaml

@@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools
 sources:
 - https://github.com/instantlinux/docker-tools
 type: application
-version: 0.1.12
-appVersion: "2.53.3-4.14.1-r3"
+version: 0.1.13
+appVersion: "2.53.5-4.14.2-r1"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/git-dump/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -20,7 +20,7 @@ ENV API_TOKEN_SECRET= \
     USERNAME=git-dump \
     TZ=UTC
 
-ARG GIT_VERSION=2.43.4-r0
+ARG GIT_VERSION=2.45.2-r0
 ARG GROUP=care
 ARG GID=505
 ARG UID=212

images/git-dump/helm/Chart.yaml

@@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools
 sources:
 - https://github.com/instantlinux/docker-tools
 type: application
-version: 0.1.13
-appVersion: "2.43.4-r0"
+version: 0.1.14
+appVersion: "2.45.2-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/git-pull/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun <[email protected]>
 ARG BUILD_DATE
 ARG VCS_REF
@@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG GIT_VERSION=2.43.4-r0
+ARG GIT_VERSION=2.52.2-r0
 ENV DEST=. \
     GIT_COMMIT=master \
     GIT_HOST=github.com \

images/git-pull/helm/Chart.yaml

@@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools
 sources:
 - https://github.com/instantlinux/docker-tools
 type: application
-version: 0.1.11
-appVersion: "2.43.4-r0"
+version: 0.1.12
+appVersion: "2.45.2-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/mysqldump/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -18,7 +18,7 @@ ENV HOUR=3 MINUTE=30 \
     TZ=UTC
 ARG UID=210
 ARG BACKUP_GID=34
-ARG CLIENT_VERSION=10.11.6-r0
+ARG CLIENT_VERSION=10.11.8-r0
 
 RUN RMGROUP=$(grep :$BACKUP_GID: /etc/group | cut -d: -f 1) && \
     [ -z "$RMGROUP" ] || delgroup $RMGROUP && \

images/mysqldump/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/mariadb/server/tree/10.5/client
 type: application
-version: 0.1.9
-appVersion: "10.11.6-r0"
+version: 0.1.10
+appVersion: "10.11.8-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/nagios/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG NAGIOS_VERSION=4.5.1-r0
+ARG NAGIOS_VERSION=4.5.2-r0
 ARG NAGIOS_GID=1000
 ARG NAGIOS_UID=999
 ARG PLUGINS_VERSION=2.4.5-r1

images/nut-upsd/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF

images/openldap/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG OPENLDAP_VERSION=2.6.6-r1
+ARG OPENLDAP_VERSION=2.6.7-r0
 ENV SLAPD_DN_ATTR=uid \
     SLAPD_FQDN=example.com \
     SLAPD_LOG_LEVEL=Config,Stats \

images/openldap/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://git.openldap.org/openldap/openldap
 type: application
-version: 0.1.5
-appVersion: "2.6.6-r1"
+version: 0.1.6
+appVersion: "2.6.7-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/postfix-python/Dockerfile

@@ -1,4 +1,4 @@
-ARG POSTFIX_VERSION=3.8.6-r0
+ARG POSTFIX_VERSION=3.9.0-r1
 
 FROM instantlinux/postfix:$POSTFIX_VERSION
 MAINTAINER Rich Braun "[email protected]"
@@ -21,7 +21,7 @@ ENV BLACKLIST_USER_SECRET=mysql-blacklist-user \
     SPAMC_HOST=spamassassin
 ARG GETPIP_SHA=311afebb7cdd310eb3a3a6bb6fffef53d84493db98c7cebf4008a18d3418c8be
 ARG GETPIP_URI=https://bootstrap.pypa.io/pip/3.5/get-pip.py
-ARG PYTHON_PIP_VERSION=23.3.2
+ARG PYTHON_PIP_VERSION=24.1.1
 
 COPY requirements.txt /root/
 COPY src/ /usr/local/bin/

images/postfix-python/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/vdukhovni/postfix
 type: application
-version: 0.1.13
-appVersion: "3.8.6-r0"
+version: 0.1.14
+appVersion: "3.9.0-r1"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/postfix/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -7,7 +7,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.name=postfix \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
-ARG POSTFIX_VERSION=3.8.6-r0
+ARG POSTFIX_VERSION=3.9.0-r1
 ENV SASL_PASSWD_SECRET=postfix-sasl-passwd \
     TZ=UTC
 

images/proftpd/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG PROFTPD_VERSION=1.3.8b-r1
+ARG PROFTPD_VERSION=1.3.8b-r2
 
 ENV ALLOW_OVERWRITE=on \
     ANONYMOUS_DISABLE=off \

images/proftpd/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/proftpd/proftpd
 type: application
-version: 0.1.8
-appVersion: "1.3.8b-r1"
+version: 0.1.9
+appVersion: "1.3.8b-r2"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/rsyslogd/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG RSYSLOG_VERSION=8.2310.0-r0
+ARG RSYSLOG_VERSION=8.2404.0-r0
 ENV TZ=UTC
 RUN apk add --update gzip logrotate rsyslog=$RSYSLOG_VERSION \
       rsyslog-mysql=$RSYSLOG_VERSION tar xz && \

images/rsyslogd/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/rsyslog/rsyslog
 type: application
-version: 0.1.10
-appVersion: "8.2310.0-r0"
+version: 0.1.11
+appVersion: "8.2404.0-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/samba-dc/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -24,7 +24,7 @@ ENV ADMIN_PASSWORD_SECRET=samba-admin-password \
     WINBIND_USE_DEFAULT_DOMAIN=yes \
     WORKGROUP=AD
 
-ARG SAMBA_VERSION=4.18.9-r0
+ARG SAMBA_VERSION=4.19.6-r0
 
 COPY *.conf.j2 /root/
 COPY entrypoint.sh /usr/local/bin/

images/samba-dc/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - ttps://gitlab.com/samba-team/samba
 type: application
-version: 0.1.12
-appVersion: "4.18.9-r0"
+version: 0.1.13
+appVersion: "4.19.6-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/samba/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG SAMBA_VERSION=4.18.9-r0
+ARG SAMBA_VERSION=4.19.6-r0
 ENV LOGON_DRIVE=H \
     NETBIOS_NAME=samba \
     SERVER_STRING="Samba Server" \

images/samba/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://gitlab.com/samba-team/samba
 type: application
-version: 0.1.12
-appVersion: "4.18.9-r0"
+version: 0.1.13
+appVersion: "4.19.6-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

k8s/helm/authelia/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/authelia/authelia
 type: application
-version: 0.1.5
-appVersion: "4.37.5"
+version: 0.1.6
+appVersion: "4.38.9"
 dependencies:
 - name: chartlib
   version: 0.1.8

k8s/helm/gitea/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/go-gitea/gitea
 type: application
-version: 0.1.0
-appVersion: 1.21.7-rootless
+version: 0.1.1
+appVersion: 1.22.0-rootless
 dependencies:
 - name: chartlib
   version: 0.1.8

k8s/helm/nexus/Chart.yaml

@@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools
 sources:
 - https://github.com/instantlinux/docker-tools
 type: application
-version: 0.1.9
-appVersion: "3.63.0"
+version: 0.1.10
+appVersion: "3.69.0"
 dependencies:
 - name: chartlib
   version: 0.1.8

k8s/helm/restic/Chart.yaml

@@ -6,10 +6,10 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/restic/restic
 type: application
-version: 0.1.8
+version: 0.1.10
 # Remember to update restic==<ver> in values.yaml as releases are published;
 #  the values.yaml file is not able to reference .Chart.appVersion
-appVersion: "0.16.2-r1"
+appVersion: "0.16.4-r4"
 dependencies:
 - name: chartlib
   version: 0.1.8